So, what have we learned?
And what should we do?
For the internet at large, spam already represents more than half of
all email traffic.
Obviously for me the proportion is much higher.
My friends who run medium-large ISPs tell me their spam problem
is similarly huge.
And it's still growing.
If I only needed to run my web site and deal with legitimate email, I could get by with hardware from a couple of years back, which would be basically free. Instead I have to buy nearly cutting-edge hardware, spending thousands of dollars. Then there is the value of the time I have to spend fixing email. And also, the extra money I have to spend for internet bandwidth.
Now multiply this by the many thousands of sites out there as large or
larger than my own, and we're talking billions of dollars per year.
Looking at the stats graphs, we can see lots of sudden jumps and sudden
declines in the spam rate.
Seems to me, this means there aren't that many different entities
(persons, groups, botnets) sending it out.
I think that is very encouraging because finding and stopping even
one spam source can have a large benefit to the health of the net.
And it may actually be feasible to put every single spammer in jail.
It used to be that commercial or political spam was sent out by one
type of miscreant, while worms and viruses were created and propagated
by another type.
These days, the two have merged.
This is because spammers are using viruses to take control of
thousands of people's computers, which the spammers then use to
send out their crap.
A recent example of this was the Sober.P virus, which propagated itself
for a few weeks, went silent for a week, and then re-emerged as Sober.Q
sending out masses of right-wing hate-spam in German.
Who is to blame for this mess? I see four groups who share responsibility.
Spam is illegal in many different ways.
Spammers are using botnets of thousands of other people's machines
to send out their spam - that is theft of service on a massive scale.
Spammers send out mail with fake "From:" lines - that is fraud,
billions and billions of counts of it.
Surely we can get the law to do something about this.
Don't you think some DA somewhere would like to prosecute for a billion
counts of fraud?
And get to put "longest sentence ever" on his or her resumé?
Spam is a nation-wide, even world-wide problem, so it would seem
logical that federal law enforcement would want to get involved
in fighting it.
There's a problem, though.
Federal laws are weird, and often very specific to offenses against
the federal government itself.
For instance, there is no general anti-fraud law at the federal level.
There are specific laws against fraud aimed at agents of the
federal government.
There's also the Computer Fraud and Abuse Act, 18 USC 1030, which
bars some specific types of unauthorized access to some computers but has
nothing to do with fraud in general.
And then there's the CAN-SPAM Act of 2003, which is worse than useless.
It actually legalized some spam, and does nothing to help catch spammers.
Currently there has been exactly one (1) prosecution under CAN-SPAM.
So, laws at the federal level, not so useful.
Although I do sometimes fantasize about Microsoft getting charged
under the RICO Act (18 USC 1961-1968) for conspiring with unnamed
spammers John Doe One through One Thousand.
I think all states have laws against fraud, which is basically lying for
commercial gain.
Every time a spammer sends out a message with a fake "From:" line
trying to sell you something, that is a count of fraud.
If a spammer sends out a million of these messages per day, that
is a million counts of fraud.
Furthermore, the spammer and the recipient don't have to be in the
same state.
Using what are called "longarm" statutes, a state can prosecute
a spammer living elsewhere for even a single criminal act directed
into the state.
The problem, though, is investigating and identifying
the spammers, which is even harder when they are out of state.
Here is where some federal help could make a difference.
Sue a spammer?
Some people have tried it.
Again the problem is tracking them down, and then if you win
a judgement you have the added problem of collecting.
The Federal Trade Commission has some jurisdiction over this area.
They run the Do Not Call list, so they are helping fight phone spam.
They recently started a campaign to advise ISPs on how to deal
with spam zombies
Quoting from their web site, "While the FTC does not resolve individual
consumer problems, your complaint helps us investigate fraud, and can
lead to law enforcement action."
They have an
online Consumer Complaint Form
which you can fill out.
It's not worth anyone's time to fill this out for every spam you get.
However, it seems to me that everyone who gets a virus on their PC ought
to fill out this form complaining that Microsoft sold them defective
software.
Maybe after a few million similar complaints, someone will sit up and
take notice.
I don't think any new laws are needed; as I said above, spam is already
very illegal.
However Congress could do some good by appropriating money for a
federal investigative task force.
I'm thinking of something that would act as a clearinghouse, coordinating
investigations and prosecutions among multiple state and local jurisdictions.
Note that this is what the FBI is supposed to do, but they are not doing it.
Allocating money for the task would either get it done directly or get
the FBI interested in doing their job, to snag the funding; either way
works for me.
Neither party has done anything significant about spam.
However, one of the first things that Bush's Justice Department did
was to settle the case against Microsoft.
Remember, Microsoft had already been convicted and was about
to be broken up.
The Republicans stopped that from happening.
On that basis, they are on the wrong side of the spam war.
If anyone wants to volunteer to pie Bill Gates again,
I'll contribute to the defense fund.
Or if you prefer, you could just kick him in the nuts.
Criminal Charges, Federal
Criminal Charges, State
Civil Action
Regulatory Action
Legislative Action
Political Action
Direct Action
<<< [Hall of Shame] <<< | >>> [Links] >>> |