No-Spam Registry Faces Numerous Hurdles

Print Thread

Rate Thread

No-Spam Registry Faces Numerous Hurdles #38797 04/16/04 08:07 PM
Joined: Apr 2004 Posts: 298 Houston, TX Phatal OP UGN News Staff
OP Phatal UGN News Staff Joined: Apr 2004 Posts: 298 Houston, TX	Creating a national "do-not-spam" registry is technologically feasible, but a weak federal anti-spam law, privacy concerns and tepid support from some of the nation's largest e-mail providers could weaken any efforts to create such a database. The gloomy assessment by anti-spam advocates and commercial e-mailers comes less than a week before the Federal Trade Commission (FTC) winds up a month of gathering public comments on whether it should create a national no-spam registry akin to the "do-not-call" list the agency launched last fall. The "Can-Spam" Act, signed by President Bush late last year, required the commission to study the possibility of creating such a list, with a report due to Congress by June 16. So far, the FTC has not made any official statement on whether it supports the idea, but Chairman Timothy Muris has said several times that a do-not-spam list probably would not be an effective tool against spammers. Massive Popular Support Judging by the success of the national do-not-call list, a no-spam registry probably would gain massive popular support from people tired of cleansing their in-boxes of scores of unsolicited messages proffering hardcore pornography solicitations, mortgage offers and debt consolidation services. But experts said that the problem now is the same one that has dogged the Can-Spam law since it took effect -- individual e-mail users are not empowered to sue spammers. "Yes, [a do-not-spam list] can be done technically, yes it can be done philosophically, yes it can be done legally, but it's not likely to work unless it carries behind it a very big legal stick," said Rodney Joffe, the president of Centergate Research Group, a Tempe, Ariz.-based technology development firm. Joffe started a no-spam list in 1998, but e-mail marketers paid very little attention, he said, because there was no punishment awaiting them if they failed to respect it. 'Complete Waste of Time' John Levine, co-chairman of the Anti-Spam Research Group, called the do-not-spam list "a complete waste of time" as long as people cannot sue junk mail marketers. Several states, including California and Washington, passed tough state laws last year that allowed people to sue senders of unsolicited e-mail messages, but those laws were preempted when the federal Can-Spam Act took effect in January. The national law threatens spammers with $6 million fines and up to six months in jail, but Levine said the average spammer has little to fear from a law that does not allow individuals to sue. The 1991 law against sending junk faxes works, Levine said, because it empowered hundreds of people to sue unscrupulous faxers. "The really, really bad faxers get hit with million dollar enforcement actions from the FTC; the medium-bad junk faxers get hit by their state attorney generals; and the small junk faxers get nibbled to death by individual lawsuits," he said. The FTC's national do-not-call list also has proven successful, partly because telemarketers who call someone on the list can be easily identified and fined. Most spammers, by contrast, conceal their tracks by using fake return e-mail addresses, hijacking other computers to send messages or operate from other countries where U.S. law can't reach them. Little Reason To Expect Respect And there is little reason to expect spammers to respect a do-not-spam list when many of them already do not bother to obey the Can-Spam Act and a host of federal and state anti-fraud and consumer protection laws. "The people who send me spam are people who are selling me v.i.a.g.r.a, and then there's this girl Veronica who's out to get me, then there's the legion of Nigerian widows ... those folks have never asked me for permission to send me an e-mail [and] they won't acknowledge my request to be removed from their list," said Louis Mastria, a spokesman for the Direct Marketing Association (DMA). The DMA opposes the creation of a do-not-spam list, but Mastria said its members would abide by one if it were created. The association estimates that its members could lose billions of dollars in business if the list is implemented and they are forced to scale back their e-mail campaigns. Several businesses said they believe a do-not-spam list would make it more difficult for them to communicate with their customers. In more than 30 written comments that the FTC released earlier this week, groups such as the Newspaper Association of America (whose members include The Washington Post), the Email Service Provider Coalition, Visa U.S.A. Inc., and the American Society of Association Executives all said the list could block legitimate e-mail and jeopardize people's privacy. Deterring Companies from Sending Russell W. Schrader, a senior vice president and general counsel at Visa, suggested that the registry could have the unintended effect of deterring companies from sending e-mail that their customers asked to receive before they signed up for the list, because companies would be worried that they could be cited for a violation. Schrader added that the FTC would have to establish exemptions for these situations. Other critics have voiced concerns about the security of a no-spam registry, arguing that if the list fell into the wrong hands, it would provide spammers with a master list of millions of e-mail addresses. George Webb, business manager of Microsoft's Anti-Spam Technology and Strategy Group, stressed this concern, saying a do-not-spam list "would be a prime target for spammers, who by and large do not heed the laws made to prevent their actions." Even Sen. Conrad Burns (R-Mont.), who sponsored the Can-Spam Act, said he would be "hesitant" to start a list that could make victims of the very people who sign up for it. Hashing To Hide Addresses One way to keep spammers from abusing the list, according to several computer scientists contacted for this story, is to use "hashing" to hide e-mail addresses. Hashing is a mathematical process that converts text -- like an e-mail address -- into a fixed numerical code. There is no way, however, to convert the hashed address back into words. By keeping a list of hashes on file, people who operate the list can compare hashes instead of vulnerable e-mail addresses. To further protect the names, some proposals would prevent mass-mailers from seeing the registry, requiring them to submit their mailing lists to the government for review. The lists would come back "scrubbed" of e-mail addresses included in the do-not-spam list. In spite of the list's prospects, its original champion, Sen. Charles Schumer (D-N.Y.), said he has high hopes. "Americans want a do-not-spam list. The technology is there. The only question is whether the administration has the will to make this happen," Schumer said. A list will not solve the spam problem, but it is a powerful weapon that the government should approve, said Matthew Prince, the chief executive of Chicago-based Unspam, one of 13 companies that submitted responses to the FTC's request for information about how to create the list. "If we were called upon by the FTC, we could create a registry. This is not rocket science." The deadline for submitting public comments to the FTC is April 20. The commission said it will make comments public by April 27. You can view the original article here... http://www.technewsworld.com/perl/story/33461.html

UGN Security Forums UGN Security: UGN Archives Tech News No-Spam Registry Faces Numerous Hurdles