FTC mulls bounty system to combat spammers
Plan would pay citizen detectives at least 20 percent of civil penalty
By Mike Brunker
Reporter
MSNBC
With no indication that a six-month-old federal spam law is lowering the tide of unwanted commercial e-mail, the Federal Trade Commission is considering a new approach that would put spammers in the same category as coyotes, rats and nutria by putting a bounty on their heads.
The prize for a spammer's virtual pelt? A hefty percentage of whatever civil penalty the FTC is eventually able to collect based on the information. And with the agency likely to seek multimillion-dollar penalties against egregious violators, such as those who "hijack" other people's computers and use them to distribute spam, that's not chump change.
While CAN-Spam, which took effect on Jan. 1, doesn't bar unsolicited e-mail, it does require e-mail marketers to use accurate headers and subject lines, label adult content and provide consumers with the ability to "opt out" of future mailings.
As outlined in CAN-Spam, the bounty system would offer a person who first identifies someone violating the law's provisions a reward of ?not less than 20 percent of the total civil penalty collected? by the FTC.
The FTC is compiling and reviewing expert testimony on the bounty plan and will report back to Congress by September on whether the idea is viable. The study was mandated by a little-noticed 11th-hour addition to the law by Sen. Jon Corzine, D-N.J., and Rep. Zoe Lofgren, D-Calif.
Approval far from certain
The idea of a bounty system was popularized by Stanford Law School professor and Internet visionary Lawrence Lessig as a way of harnessing the vast volunteer anti-spam community that already exists online.
?If the vigilantes who are working so hard to keep lists of offending e-mail servers were to turn their energy to identifying and tracking down spammers, then this passion to rid the world of spam might actually begin to pay off -- both for the public and for the bounty hunters,? Lessig wrote in a Sept. 16, 2002 column.
But the plan has come under criticism from both sides of the spam spectrum, and it is unclear whether the FTC staff will recommend that it should be implemented. Last month, the commission staff said another plan aimed at strengthening CAN-Spam -- creation of a do-not-spam registry similar to the do-not-call list for telemarketers ?- would fail without a system in place to authenticate the origin of e-mail messages and could even result in an increase in the amount of spam received by consumers.
Critics of the bounty plan say they hope it meets a similar fate.
?It?s a terrible idea,? said Steve Linford, the founder of Spamhaus.org and keeper of the ROKSO registry of notorious spammers. ?It would be great if nobody knew who the spammers were, but the FTC already has so much information on their identities that to get anymore would be useless.?
Nor does the idea of a rewarding anti-spam activists sit well with those on the other side of the philosophical fence.
?It would promote vigilantism on the Net and it probably would not catch any bad guys,? said Louis Mastria, spokesman for the Direct Mail Association, a trade association that represents nearly 500 direct mailers and marketers. ?If spammers are difficult for the FTC, the FBI, the state attorneys general and even ISPs to track down, it?s difficult to imagine that I can sit at home one day and say ?I?m going to hunt me down a spammer.??
Mastria also said he feared that frustrated spammer hunters would instead engage in ?finger pointing? at law-abiding e-mailers.
?They?ll say that instead of tracking down the person who?s hurting the system, I?ll go after the person I can find,? he said. ?That makes for a bad system.?
No sign spam growth is slowing
Meanwhile, the larger debate as to whether CAN-Spam has had any effect on reducing overall unwanted e-mail rages on.
?CAN-Spam has been a completely predictable failure,? said Jason Catlett, president of Junkbusters, an anti-spam advocacy group. ?The marketers who wrote the law and the lobbyists from Microsoft, Yahoo and AOL assured that the world would be safe for junk e-mailers. It?s a great tragedy.? (MSNBC is a joint venture of Microsoft and NBC News).
Catlett and others spam opponents point to statistics such as the May report from anti-spam technology vendor Brightmail showing that spam accounted for 64 percent of all e-mail for the month, unchanged from the previous month but well above the 49 percent figure of a year ago.
Other e-mail security firms say the picture is even darker, with MessageLabs recording a ?global spam ratio? of 76 percent in May, and Postini Inc. President and CEO Shinya Akamine testified before a Senate committee last month that spam now accounts for as much as 83 percent of all e-mail on some days.
Tom Gillis, senior vice president of marketing for the e-mail security firm IronPort Systems, said outlaw spammers also are increasing their use of compromised ?zombie? computers to send their junk e-mail to make it harder for authorities to track them.
?A year ago 33 percent of all spam was coming from zombies. The latest number I saw was 66 percent,? he said.
Supporters see quiet progress
But supporters of CAN-Spam, as well as the authors of the bill, Sens. Conrad Burns, R-Mont., and Ron Wyden, D-Ore., argue that the legislation was not intended to be a ?silver bullet? solution to spam and is quietly doing its part to turn the tide.
?It?s one weapon in the arsenal,? said Carol Guthrie, a spokeswoman for Wyden. ?Senator Wyden and Senator Burns have always said that CAN-Spam was only one component in the fight against spam, along with technology advances and international cooperation to deal with offshore spamming.?
CAN-Spam advocates also say that lawsuits filed by major ISPs in March and complaints lodged by the FTC in April are sending the message that e-mailers who don?t comply with the law are risking serious financial repercussions.
Only one of those cases has been resolved so far: Yahoo announced on June 10 that it had settled a lawsuit against Eric Head, a 25-year-old bulk e-mailer from Kitchener, Ontario, who was accused of sending as many as 94 million e-mails in a single month to Yahoo e-mail users. Head agreed to shut down his Gold Disk Canada and pay Yahoo ?a sum in the six-figure range,? according to a company statement.
The stakes for outlaw spammers are likely to go up in coming months.
Jana Monroe, of the FBI?s Cyber Division, testified last month before Congress that the bureau is ?actively pursuing criminal and in some cases joint civil proceedings? against 50 spammers -- including three groups that may constitute organized criminal enterprises ?- and is likely to act before the end of the year.
Plan would pay citizen detectives at least 20 percent of civil penalty
By Mike Brunker
Reporter
MSNBC
With no indication that a six-month-old federal spam law is lowering the tide of unwanted commercial e-mail, the Federal Trade Commission is considering a new approach that would put spammers in the same category as coyotes, rats and nutria by putting a bounty on their heads.
The prize for a spammer's virtual pelt? A hefty percentage of whatever civil penalty the FTC is eventually able to collect based on the information. And with the agency likely to seek multimillion-dollar penalties against egregious violators, such as those who "hijack" other people's computers and use them to distribute spam, that's not chump change.
While CAN-Spam, which took effect on Jan. 1, doesn't bar unsolicited e-mail, it does require e-mail marketers to use accurate headers and subject lines, label adult content and provide consumers with the ability to "opt out" of future mailings.
As outlined in CAN-Spam, the bounty system would offer a person who first identifies someone violating the law's provisions a reward of ?not less than 20 percent of the total civil penalty collected? by the FTC.
The FTC is compiling and reviewing expert testimony on the bounty plan and will report back to Congress by September on whether the idea is viable. The study was mandated by a little-noticed 11th-hour addition to the law by Sen. Jon Corzine, D-N.J., and Rep. Zoe Lofgren, D-Calif.
Approval far from certain
The idea of a bounty system was popularized by Stanford Law School professor and Internet visionary Lawrence Lessig as a way of harnessing the vast volunteer anti-spam community that already exists online.
?If the vigilantes who are working so hard to keep lists of offending e-mail servers were to turn their energy to identifying and tracking down spammers, then this passion to rid the world of spam might actually begin to pay off -- both for the public and for the bounty hunters,? Lessig wrote in a Sept. 16, 2002 column.
But the plan has come under criticism from both sides of the spam spectrum, and it is unclear whether the FTC staff will recommend that it should be implemented. Last month, the commission staff said another plan aimed at strengthening CAN-Spam -- creation of a do-not-spam registry similar to the do-not-call list for telemarketers ?- would fail without a system in place to authenticate the origin of e-mail messages and could even result in an increase in the amount of spam received by consumers.
Critics of the bounty plan say they hope it meets a similar fate.
?It?s a terrible idea,? said Steve Linford, the founder of Spamhaus.org and keeper of the ROKSO registry of notorious spammers. ?It would be great if nobody knew who the spammers were, but the FTC already has so much information on their identities that to get anymore would be useless.?
Nor does the idea of a rewarding anti-spam activists sit well with those on the other side of the philosophical fence.
?It would promote vigilantism on the Net and it probably would not catch any bad guys,? said Louis Mastria, spokesman for the Direct Mail Association, a trade association that represents nearly 500 direct mailers and marketers. ?If spammers are difficult for the FTC, the FBI, the state attorneys general and even ISPs to track down, it?s difficult to imagine that I can sit at home one day and say ?I?m going to hunt me down a spammer.??
Mastria also said he feared that frustrated spammer hunters would instead engage in ?finger pointing? at law-abiding e-mailers.
?They?ll say that instead of tracking down the person who?s hurting the system, I?ll go after the person I can find,? he said. ?That makes for a bad system.?
No sign spam growth is slowing
Meanwhile, the larger debate as to whether CAN-Spam has had any effect on reducing overall unwanted e-mail rages on.
?CAN-Spam has been a completely predictable failure,? said Jason Catlett, president of Junkbusters, an anti-spam advocacy group. ?The marketers who wrote the law and the lobbyists from Microsoft, Yahoo and AOL assured that the world would be safe for junk e-mailers. It?s a great tragedy.? (MSNBC is a joint venture of Microsoft and NBC News).
Catlett and others spam opponents point to statistics such as the May report from anti-spam technology vendor Brightmail showing that spam accounted for 64 percent of all e-mail for the month, unchanged from the previous month but well above the 49 percent figure of a year ago.
Other e-mail security firms say the picture is even darker, with MessageLabs recording a ?global spam ratio? of 76 percent in May, and Postini Inc. President and CEO Shinya Akamine testified before a Senate committee last month that spam now accounts for as much as 83 percent of all e-mail on some days.
Tom Gillis, senior vice president of marketing for the e-mail security firm IronPort Systems, said outlaw spammers also are increasing their use of compromised ?zombie? computers to send their junk e-mail to make it harder for authorities to track them.
?A year ago 33 percent of all spam was coming from zombies. The latest number I saw was 66 percent,? he said.
Supporters see quiet progress
But supporters of CAN-Spam, as well as the authors of the bill, Sens. Conrad Burns, R-Mont., and Ron Wyden, D-Ore., argue that the legislation was not intended to be a ?silver bullet? solution to spam and is quietly doing its part to turn the tide.
?It?s one weapon in the arsenal,? said Carol Guthrie, a spokeswoman for Wyden. ?Senator Wyden and Senator Burns have always said that CAN-Spam was only one component in the fight against spam, along with technology advances and international cooperation to deal with offshore spamming.?
CAN-Spam advocates also say that lawsuits filed by major ISPs in March and complaints lodged by the FTC in April are sending the message that e-mailers who don?t comply with the law are risking serious financial repercussions.
Only one of those cases has been resolved so far: Yahoo announced on June 10 that it had settled a lawsuit against Eric Head, a 25-year-old bulk e-mailer from Kitchener, Ontario, who was accused of sending as many as 94 million e-mails in a single month to Yahoo e-mail users. Head agreed to shut down his Gold Disk Canada and pay Yahoo ?a sum in the six-figure range,? according to a company statement.
The stakes for outlaw spammers are likely to go up in coming months.
Jana Monroe, of the FBI?s Cyber Division, testified last month before Congress that the bureau is ?actively pursuing criminal and in some cases joint civil proceedings? against 50 spammers -- including three groups that may constitute organized criminal enterprises ?- and is likely to act before the end of the year.
Comment