Politics and the pursuit of spammers
We who have lived on the Net over the last half dozen years have
watched junk email -- spam -- grow from an annoyance into a plague.
Now that more than half of the American populace has joined us
online, politicians are beginning to pay more serious heed to the
voices of spam's victims.
Not that politicians have been completely deaf to our cries. It's
just that much early anti-spam legislation, enacted at the state
level, was either ill-informed, or influenced more by direct
marketers than by their victims, or both. The education of the
political class about spam has come slowly, but now they are online
in good numbers themselves. We can assume they are enjoying the
spammers' tender ministrations alongside the rest of us. (On how
many bulk-email CD-ROMs do you suppose "firstname.lastname@example.org" appears?)
Massachusetts not among them, now have laws on
their books intended in some way to mitigate spam. They have done
very little good. The
earliest laws, such as that of Nevada,
unfortunately set the pattern for other states to emulate. Nevada's
law is widely considered to convey a right to spam. Later efforts --
Washington's in particular -- at least
properly sort the victims from the perpetrators.
law, enacted just last week, falls somewhere in the middle. It
allows recipients and ISPs to sue to recover costs, at $10 per
message, from spammers who forge IP addresses, obfuscate routing,
lie about their email addresses, or refuse to honor "remove"
State laws all suffer from the inherent problem of geography vs.
the placelessness of cyberspace. In addition, they need to tread
carefully to avoid crossing the US constitution's commerce clause.
Under its language, states are not forbidden to regulate commerce,
but in doing so they must not impose too great a burden on
Last week an appeals court
down Washington's anti-spam law, considered the most
netizen-friendly of them all. That pesky commerce clause.
Washington's law requires spammers to check a database, run by ISPs
and the attorney general, to make sure that no Washington residents
inscribed therein appear on the spammer's lists. The spammer must
first register with the A-G and then check their lists' email
addresses, one by one, by hand at
this Web site. For obvious
reasons the state does not make the database available for bulk
checking. The appeals court found this procedure too burdensome on
interstate commerce, and even a spam-hater such as I is forced to
This defeat for spam-fighters was the fourth state law intended to
regulate some facet of Internet commerce to have been overturned on
constitutional grounds. The previous three -- in
(note: PDF file), and
Mexico -- tried to limit Net pornography delivered into those states.
A federal anti-spam law could overcome the constitutional issues.
Congress so far has not passed any such legislation, and for that we
may be grateful. What has come out of committee in the past has
surely disturbed the sleep of the principals of the
Coalition Against Unsolicited Commercial
The best hope yet for a consumer-friendly anti-spam law emerged last
week from the House Commerce Committee's Telecommunications, Trade,
and Consumer Protection subcommittee. It is on a fast track to
passage by the House, according to the
Democracy and Technology. It's House bill
(here's a draft of the
introduced last fall by Heather Wilson (R-NM). The subcommittee
replaced the entire text of Rep. Wilson's original bill with one
quite amenable to the thinking of the anti-spam forces. It makes the
Direct Marketing Association grind their teeth. Here is a quick
summary of the bill's language by CAUCE founder Ray
HR 3113 criminalizes all of the bad acts outlined above for New
Mexico's law. In addition it validates the right of ISPs to craft an
anti-spam policy, and gives clear guidelines to which such a policy
must adhere. Most significantly, it requires an ISP to announce and
link the policy and in its SMTP headers -- or, in the language of
...in the initial banner message that is automatically transmitted
upon the establishment of a connection to any standard port for
accepting electronic mail... a textual message reading "NO UCE".
Anyone sending spam to an ISP who declares a policy of NO UCE -- or
any spammer who forges headers, omits or fudges a return email
address, or ignores a consumer's out-out request -- would be liable
for penalties of $500 per message, $50,000 maximum, or actual
damages. In certain circumstances these penalties could be tripled.
The law would require spammers to include a text marker in the
subject of all spam messages (such as "ADV"; text to be determined
by the FTC). The law would protect ISPs who take reasonable precautions
from being sued as a consequence of delivering spam.
The only provision I could imagine adding is a prohibition against
spammers reselling any email address received in an opt-out request.
The bill explicitly does not supersede state laws, but offers an
additional avenue of redress for spam victims. Enforcement would be
by the FTC and the Justice Department.
Let's gaze into the rosiest imaginable crystal ball and posit that
this bill, in its current form, becomes law this year. I believe it
would cut the flow of spam to a small fraction of the present volume. Of
course it would do nothing about spam sent to US residents from
outside of this country. Currently the US represents under 50% of
the world's Internet population (judging by this
stat of WWW users that puts US plus Canada at 49%). The US
percentage is dropping, slowly, as the connectedness of other parts
of the world grows faster than ours. So within two or three years we
may see spam on the rise again -- except this time most of it will
be in languages we can't understand.