There ought to be a law. E-mail users, besieged by a vast array of fraudulent and/or obscene junk messages, often wonder why our lawmakers can't put a stop to it. It's not that there are no laws against spam. Some states have had statutes on the books for several years that attempt to control UCE (unsolicited commercial e-mail), and in recent months, many more states added legislation. But the state laws vary widely in their approach and have resulted in only a handful of successful actions against spammers.
Many of these laws are flawed in various ways; some have been challenged on free-speech grounds, some don't allow for private action by recipients or ISPs, and some offer the spammer more protection than the spam recipient. Therefore, pressure has been mounting on the U.S. Congress to enact an anti-spam law that will serve as a national standard.
A number of different bills have recently been introduced in Congress. Most share a common starting point: They require UCE senders to put an advertisement label in the subject line and to provide recipients with a mechanism for opting out of receiving additional messages. Most bills also ban the use of forged header information and the sending of UCE to e-mail addresses harvested from the Web.
Two of the bills getting the most attention in Congress -- the Can-Spam Act (S. 877) in the Senate and the Rid Spam Act (H.R. 2214) in the House of Representatives -- take this approach. Enforcement is left primarily to the Federal Trade Commission and state law enforcement officials, with ISPs having the right to bring civil actions against violators.
But anti-spam activists have been particularly critical of these bills, even deriding them as being more pro-spam than anti-spam. By forcing recipients to read through the UCE message to find opt-out instructions, critics argue that such bills essentially endorse spammers' activities.
"Any law that defines acceptable criteria for sending unsolicited bulk commercial e-mail will amount to little more than establishing the conditions for a federal license to spam," a coalition of anti-spam groups said in an open letter to Congress in May. "By establishing an 'opt-out' legal regime, Congress would undercut those businesses (that) respect consumer preferences and give legal protection to those who do not."
Regardless of the type of anti-spam bill, the biggest hurdle remains consistent enforcement. Critics of S. 877 and H.R. 2214 fear that spammers will easily avoid any consequences of violating the provisions of such laws, as the enforcement agencies and ISPs are already overwhelmed by the sheer number of spammers. One attempt to address this enforcement issue is the Reduce Spam Act (H.R. 1933), which would allow individuals who finger violators of the law to earn a 20 percent "bounty" on fines collected from the spammers by the FTC.
Taking a slightly different tack to ease enforcement, other bills, including the Spam Act of 2003 (S. 1231), would have the FTC set up a national "no-spam" registry similar to the newly inaugurated "do not call" federal registry for telemarketing phone calls. There are also bills that attempt to criminalize spamming by making header forgery a violation of fraud and/or anti-racketeering laws.
Each of these approaches has its own loopholes, and anti-spam activists worry that any strong measures will be watered down by lobbyists for the Direct Marketing Association (DMA) and the large ISPs. As the anti-spam coalition pointed out in its letter, a weak federal law could be worse than no federal law at all, particularly if it pre-empts stronger state anti-spam laws.
At this point, the growing consensus on all sides is that no single law will provide the magic bullet that kills spam. S. 877 and H.R. 2214 may have the best chance of passing, thanks to powerful supporters and DMA lobbyists. Nevertheless, solid technology, user awareness, and balanced legal codes will all be necessary -- and will all have to work together -- to put handcuffs on spam. -- InfoWorld (US)
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.