Spam bill authors: Beating the hard core spammers

COMMENTARY--Congress has finally taken an important step forward in the battle againstunwanted and offensive e-mail by passing the Can-Spam Act of 2003.

As co-authors of this legislation and as two of the Senate's leading technologylegislators, we do not claim that the Can-Spam Act, which passed into law Tuesday, offers a silver bullet thatwill stop all unwanted e-mail. However, we do believe that the law will offerimportant new tools in the fight against spam and that some of the criticisms ofthe legislation are misguided.

Experts say most spam comes from a relatively small number of hard-corespammers (perhaps as few as 200) who send out millions of messages per day. Under the Can-Spam bill, these big-time spammers--who currently perceive littlerisk--will suddenly be risking criminal prosecution, Federal Trade Commission enforcement and million-dollar lawsuits by state attorneys general and Internet serviceproviders (ISPs).

Big-time spammers will inevitably violate the Can-Spam Act because it strikes at the heart of how their sleazy businesses work.

Big-time spammers will inevitably violate the Can-Spam Act because it strikes atthe heart of how their sleazy businesses work. The bill prohibits senders ofcommercial e-mail from hiding or disguising their identities or from usingmisleading subject lines. Spammers must use these deceptive tactics to avoidnow-common spam filters and ply their trade. If they continue to do so, theywill run afoul of the law.

Some critics, including ZDNet writer David Berlind,have correctly noted that enforcing the new law will be a key challenge. In ourview, it will be important for enforcement authorities to bring a fewhigh-profile cases shortly after the bill is enacted. That will send a clearmessage to the kingpin spammers that the game has changed. However, we disagreewith critics who claim that the bill cannot be effectively enforced.

Berlind suggests that an "opt out" approach is hard to enforce, because opt-outmechanisms do not always work and lack a standard protocol. It is important tonote that many legitimate businesses currently use opt-out mechanisms that workthe vast majority of the time. If a mechanism repeatedly fails to work, itwould be clear that a spammer is violating the law. Even if a violation of theopt-out provisions were somehow too difficult to prove in a particular case, aspammer could still be prosecuted or sued for falsifying header information orsubject lines, which, as noted above, are the essential tools of the spammers'trade.

Second, some critics argue that there is little support for the bill among those charged with enforcing it. It is true that state attorneys general areuncomfortable with federal legislation that preempts state laws. But otherparties charged with enforcing the bill have been far more positive. Inparticular, ISPs--whose networks are burdened by spam and who have been on thefront lines in the spam battles to date--have expressed strong support for thebill. The FTC has also said the bill should be helpful.

Third, critics point out that some spammers live abroad and hence are outsideU.S. jurisdiction. But the fact is that many big-time spammers do reside in theUnited States. Moreover, the bill cannot be evaded by hiring an offshorespammer. A person in the U.S. who hires an offshore spammer to send unlawfule-mails would be fully liable under the bill.

In the end, fighting spam is going to require a multipronged approach.

Finally, some say that the bill's large potential damages are irrelevant, becausemany spammers have limited resources. But the bill applies both to spammers andto those who hire spammers. One of those parties, if not both, is likely tohave some real resources. Moreover, big-time spamming involves a businesscalculation. Right now, the costs of spamming are near zero, making any revenuepure profit. With the possibility of large money judgments, the potential costof spamming rises, and the business calculation could change.

In the end, fighting spam is going to require a multipronged approach. It willrequire improved technology, which is why we welcome the recent announcementthat Yahoo is working on technology to authenticate the source of e-mails. Greater cross-border cooperation is needed, which is why we joined three U.K. Parliament members to urge our respective governments to engage in bilateralcooperation on spam enforcement. Of course, kingpin spammers must also facetough criminal and civil penalties, which is why we proudly co-authored the Can-Spam Act.

We firmly believe that the Can-Spam Act is an important piece of the antispampuzzle. With proper enforcement, it will be an effective tool in the war onspam.

biography
U.S. Senators Ron Wyden (D-Ore.) and Conrad Burns (R-Mont.) co-authored the Can-Spam Act of 2003.

COMMENTARY--Congress has finally taken an important step forward in the battle againstunwanted and offensive e-mail by passing the Can-Spam Act of 2003.

As co-authors of this legislation and as two of the Senate's leading technologylegislators, we do not claim that the Can-Spam Act, which passed into law Tuesday, offers a silver bullet thatwill stop all unwanted e-mail. However, we do believe that the law will offerimportant new tools in the fight against spam and that some of the criticisms ofthe legislation are misguided.

Experts say most spam comes from a relatively small number of hard-corespammers (perhaps as few as 200) who send out millions of messages per day. Under the Can-Spam bill, these big-time spammers--who currently perceive littlerisk--will suddenly be risking criminal prosecution, Federal Trade Commission enforcement and million-dollar lawsuits by state attorneys general and Internet serviceproviders (ISPs).

Big-time spammers will inevitably violate the Can-Spam Act because it strikes at the heart of how their sleazy businesses work.

Big-time spammers will inevitably violate the Can-Spam Act because it strikes atthe heart of how their sleazy businesses work. The bill prohibits senders ofcommercial e-mail from hiding or disguising their identities or from usingmisleading subject lines. Spammers must use these deceptive tactics to avoidnow-common spam filters and ply their trade. If they continue to do so, theywill run afoul of the law.

Some critics, including ZDNet writer David Berlind,have correctly noted that enforcing the new law will be a key challenge. In ourview, it will be important for enforcement authorities to bring a fewhigh-profile cases shortly after the bill is enacted. That will send a clearmessage to the kingpin spammers that the game has changed. However, we disagreewith critics who claim that the bill cannot be effectively enforced.

Berlind suggests that an "opt out" approach is hard to enforce, because opt-outmechanisms do not always work and lack a standard protocol. It is important tonote that many legitimate businesses currently use opt-out mechanisms that workthe vast majority of the time. If a mechanism repeatedly fails to work, itwould be clear that a spammer is violating the law. Even if a violation of theopt-out provisions were somehow too difficult to prove in a particular case, aspammer could still be prosecuted or sued for falsifying header information orsubject lines, which, as noted above, are the essential tools of the spammers'trade.

Second, some critics argue that there is little support for the bill among those charged with enforcing it. It is true that state attorneys general areuncomfortable with federal legislation that preempts state laws. But otherparties charged with enforcing the bill have been far more positive. Inparticular, ISPs--whose networks are burdened by spam and who have been on thefront lines in the spam battles to date--have expressed strong support for thebill. The FTC has also said the bill should be helpful.

Third, critics point out that some spammers live abroad and hence are outsideU.S. jurisdiction. But the fact is that many big-time spammers do reside in theUnited States. Moreover, the bill cannot be evaded by hiring an offshorespammer. A person in the U.S. who hires an offshore spammer to send unlawfule-mails would be fully liable under the bill.

In the end, fighting spam is going to require a multipronged approach.

Finally, some say that the bill's large potential damages are irrelevant, becausemany spammers have limited resources. But the bill applies both to spammers andto those who hire spammers. One of those parties, if not both, is likely tohave some real resources. Moreover, big-time spamming involves a businesscalculation. Right now, the costs of spamming are near zero, making any revenuepure profit. With the possibility of large money judgments, the potential costof spamming rises, and the business calculation could change.

In the end, fighting spam is going to require a multipronged approach. It willrequire improved technology, which is why we welcome the recent announcementthat Yahoo is working on technology to authenticate the source of e-mails. Greater cross-border cooperation is needed, which is why we joined three U.K. Parliament members to urge our respective governments to engage in bilateralcooperation on spam enforcement. Of course, kingpin spammers must also facetough criminal and civil penalties, which is why we proudly co-authored the Can-Spam Act.

We firmly believe that the Can-Spam Act is an important piece of the antispampuzzle. With proper enforcement, it will be an effective tool in the war onspam.

biography
U.S. Senators Ron Wyden (D-Ore.) and Conrad Burns (R-Mont.) co-authored the Can-Spam Act of 2003.