On 10:36 AM 5/18/02, John R Levine wrote:
>> Laws will fail even more clearly than technical means, unless someone
>> thinks that we are ready to wage thermonuclear war over MAK3 M0NEY FA5T.
>> Most of the spam we receive today comes from countries that are neither
>> subject to US/Canadian/UK law, nor remotely interested in pretending to be.
>Ah, yes, this old wheeze.
>Most of the spam still promotes stuff sold in the US. Laws follow the
>spammer, regardless of what offshore servers they bounce it off, and US
>spammers are subject to US law, or at least would be if there were some.
>The model is the junk fax law, which has keep junk faxes down to a trickle
>compared to what they were in 1990.
>Yes, there's a certain amount of spam coming from China and Korea, but
>it's far less than the US stuff and a lot easier to block without
>noticable collateral damage.
The problem with trying to repurpose another law (like the junk fax law) to
cover spam is that because spam has such a low cost to the sender, it would
be possible, and fruitful, to send spam implicating someone else to get
them in trouble. The spammers would have a field day with a law like that,
sending spam implicating all the spam-fighting individuals and groups and
causing them to have to defend themselves against poorly thought-out laws.
In order for a law like the junk fax law to be repuposed to effectively
cover spam, you have to have *some way* of proving the spammer and the
supposed beneficiary are the same (or that the beneficiary hired the
spammer). One way to do that is with modest investigation techniques, like
contacting the supposed beneficiary and saying "I received the email you
sent" and seeing if they admit to sending it. If they do, you have them,
AND present laws probably already cover the action as illegal (theft of
services, trespass to chattel, etc.). The big problem is that this takes
too much time and effort, and the payoff is too low (because most of the
spammers don't have much in the way of assets to seize if you get a big
What I'd love to see is a US-wide law that enables US located/hosted
ISPs/businesses/domains to individually set *legally enforceable* spam
policies and clean up rates by simply posting their policy and rates on the
domain's website. Then once you can prove (via investigation as above) the
beneficiary sent or hired someone to send the spam (to or thru an ISP that
posts a policy that prohibits it), they must pay the posted cleanup rates,
or else JAIL time would apply. Put a few of these spammers in jail, and I
bet the US spam problem would dry up fast. Then, once we have our own
house in order, we can put real pressure on Korea, China, Argentina,
Brazil, etc., to clean up their spammer problem.
jc (Preaching to the choir, I know)