Thursday, Jul 24, 2008
Will anti-spam legislation have an impact?
Nielsen: I'm in favor of a law against spam, but spammers can set up business overseas. Unless we're going to send in the Marines anytime there is a spammer in another country, we just can't pass a law that's going to work.
Templeton: Legal solutions can have a place. There are some spammers in the U.S. who could be deterred by the laws, no question.
But the most common spam I get is telling me about $42 million in a locked box in Nigeria. That's a confidence trick. It's fraud. You don't need a stronger law against that; you already have a fraud law: the strongest law you're ever going to get.
Most of the laws are bad, and certainly none of them effective. It's worse than useless, actually. It creates debates about how you're going to regulate speech on the Internet.
Farber: The Massachusetts law says you can sue the spammer.
Happy day! How is Jane Housewife or Joe Househusband going to go sue somebody? Unlikely. The problem is tracking down people who are out of the country -- even within the country. It allows me to sue a spammer. That doesn't work. First of all, you have to find them. Then, there are all these questions about jurisdiction. E-mail is a national facility. It's not a state facility. So, I think it's going to take a federal law.
Crocker: Overall the state laws aren't very effective. They're a research activity for a future federal law. Anybody who understands the range of venues realizes that the enforcement scope that a state can work from is too small. The real problem is that so is a country.
Farber: You need somebody out there with the bank account, like the Federal Trade Commission or the Federal Communications Commission. The FCC did a good job with fax spam.
A federal law would not stop the little guy around the corner. What it would stop is the big companies. It would make them behave. It's the same as phone spam. What did we finally do? We passed federal-level law, do-not-call, because the state laws were not working.
Again, it's not a magic cure. It has to be done right. It's too easy to pass laws that don't do anything, laws that don't work.
What about technical solutions?
Farber: Authentication of addresses would help an awful lot. A lot of the spam is forged, and we've know for 30 years that e-mail has this problem, and nobody seems to want to invest in fixing it.
You need to encourage and maybe fund technology that lets a user authenticate that mail comes from who they chose it to come from -- personal "whitelisting." Some of the spam filters do that -- anybody in your address book bypasses your spam filters.
Templeton: Some people wish that e-mail had authentication in it. The U.S. post office -- snail mail -- doesn't have authentication, and you can send something in that that will kill you, which is a lot worse than any spam that I have ever gotten. We survived the Unabomber and anthrax.
Blacklists don't have any accountability, any checks and balances. I've been on them. It's like punish the innocent in order to get at the guilty. Spam has led people to endorse [blacklists]. [People] are very afraid of it, and they do rightfully say that it's damaging e-mail, and you have to find ways to deal with it.
Filtering on the content is generally a bad idea. If you're actually going to really mail someone about Viagra, I don't know how you'd get that through. I'm sure the Nigerians are facing the same problems. The telephone do-not-call list was struck down last week, because it tried to filter by content.
Crocker: Spam is fundamentally a human and social problem. It's not a case of breaking the technology; it's a case of using it in a way that we do not approve of.
We need small, incremental changes. I'm not saying that they have to be done slowly. They should be done carefully but quickly. I think that we need useful but not onerous ways of finding spammers. I think that we need useful but not onerous ways of vetting legit senders.
There's been authentication technology for 10 years, and penetration into the user market is minuscule. So we shouldn't expect that any next technique for authentication is going to take over instantly. When you have half a billion users, when you have many, many thousands of service providers, any change takes a long time.
I think that some spam-control proposals are being overly reactive, rather than trying to go to actual causes of spam, and ignoring the question of balancing the controls against the negative effects. The approach that says you have to show your passport for every interaction obviously is excessive.
My personal favorite for proactive approaches to spam is to increase the accountability. That's not the same as authentication. It says, if I need to find the author of the message, there is a path to them. It does not automatically require that they sign the message but provides a reliable way to link a message back to the originator.
Nielsen: I think basically e-mail does not work anymore, which means that we have to tear it apart.
The combination of spam and viruses makes e-mail a polluted, dirty, unsafe environment. And we can all make jokes about the porn, but at the same time it is also kind of grubby and dirty and unpleasant.
All the spam actually does degrade the environment, and then the viruses are of course the ones that are actually hurtful.
So, for any individual spam, you can just say, "Get a grip and just delete it." But with 100 or 200 or 500 per day, after a while, enough offensive little jabs, and enough five-second productivity losses by scanning the micro-content of subject lines and deleting it, add it up and you can talk an hour a day that's just being stolen from you. In the aggregate, spam is actually incredibly hurtful.
It's not a matter of a little quick fix, like getting a better spam filter. All these spam filters that have been suggested have huge downsides, interfering with legit communication, and the average person doesn't understand how to use it.
Basically start over again from a clean slate. And that's not a popular message.
It would really mean to stop accepting e-mail according to all the existing protocols. I think that the only way to do that is if you know enough important people that you want to talk to who stop using it.
My thought for how to implement this: a number of sufficiently big organizations -- AOL, Microsoft, the federal government -- would have to announce that two years from now no more e-mail will be accepted.
All the companies around the world would have to upgrade.
The reason it's impossible to really upgrade e-mail is that everybody has to upgrade at the same time. The beauty of e-mail -- and it has worked fairly well for a long time -- is that it's fairly ubiquitous.
I think that it would have to be a system that has built-in security and authentication that you can always track down. You know where it's coming from, and it's always encrypted and always secure.
Why do we have to suffer from spam?
Farber: The more people who get on the Net, the more it resembles society -- and society, especially U.S. society, is a commercial world. And you have people who see the opportunities to make a few pennies, and if they're good enough at it they even get to be in the New York Times, with their picture, and they go and do it.
Whether it's ethically right or wrong, until it becomes legally right or wrong, they will do it.
Crocker: Pretty much any institution that grows powerful then attracts people who want to abuse it.
Spam is a syndrome, not a disease. It's multiple diseases, not a single disease. I think that spam is a permanent condition. And so we need to look for multiple ways to control it, just as we need multiple ways to control cockroaches. We need good infrastructure, proper hygiene and good chemicals to deal with infestations.
I have a concern that people continue to look for the magic bullet, and there won't be one.
Get Salon in your mailbox!