Search Entire Site
Twitter: BIOS_Mods

Posts Tagged ‘SPAM’

Can or Can’t Spam: Technology & The Law

 By:  Derek J. Gordon.

Introduction

            Computer networks are inundated with unwanted email messages (emails) on a daily basis.  These unwarranted messages are called SPAM, or unsolicited bulk, email.  A majority of these messages are for illegal activities.  However, some emails are legitimate messages from businesses to a consumer.  While one email is minuscule, the number sent to an individual email address each day number in the thousands.  In fact, a personal mail server typically processes three thousand emails per day that have no legitimate purpose or mail box for delivery.  Corporate mail servers can process over a million SPAM emails per day.  Larger internet service providers may process tens of millions of SPAM emails each day.

Originally, SPAM email came from legitimate business enterprises which could be tracked.  Case law dealt with these companies and injunctions were granted to require that the companies stop their activities.  Case law suggested that a SPAM company must stop their transmissions when an internet provider notified them that their messages were no longer welcome.  This attitude held for a few months; however, much of the SPAM today is part of an underground activity outside the realm of legitimate business activities.

The first SPAM email was sent in 1978 by Gary Thuerk advertising a product; the email was sent to 600 recipients and just half of those users received the incoming message due to ARPANET limitations.[1] In 2000, the submission of SPAM emails averaged 2.1 billion emails a day.  This number has grown dramatically to the submission of 200 billion SPAM emails per day last year (2010).  The rate of growth over the past decade has been phenomenal.  Assuming that these figures do not taper off, email servers around the world will be handling over a trillion SPAM emails per day by the 2016.  [2]

The standard thinking is that if the mail couriers can handle an exorbitant amount of junk mail, the world’s best technology can easily do just as well.  But, the average residential physical mailbox doesn’t receive 100 junk mail pieces per day.  Further, the amount of transfer required can clog network transmission lines if their bandwidth capabilities are limited.  Emails reaching the derekgordon.com server cluster have an average file size of 348KB.  Taken individually, this number is low.   However, the current daily transfer consumed by SPAM email in 2010 was 663,758GB with a future projection of 331,878,662GB per day in 2016 (figures assume the average file size is equal for all SPAM email sent daily).[3]

There wouldn’t be as large of a problem with creating a legal solution if SPAM email was sent only by malicious people.  Laws and technology could work together to eradicate the threat.  But, businesses utilize the internet much like businesses used the United States Postal Service prior to the new digital medium.  Some organizations submit articles about societal concerns to the nation’s citizens by email.  Others send mass-emails by request of the receiving person such as advertisements, weekend shopping deals, and other economic incentives to frequent their favorite enterprises.  Eradicating all mass emails would risk infringing on the Constitutional rights of citizens as the 1st Amendment has been interpreted.

The Issue:  In a Nutshell

            The United States has long favored self-service options for fighting spam, leaving the individual to determine if and how to combat the onslaught of unwanted email.  Specifically, the lack of government involvement has protected against infringing upon First Amendment speech rights.  This writing will lay out a foundation to remove the traditional concerns for free speech and will provide an avenue to use a modern approach, the opt-in regime, favored by many other nation-states including all of the European Union and South Korea.

Counter Arguments:  Stay Where We Are Now

            Many scholars and legislators desire the current “SPAM” standard to stay in place.  The familiar attitude seems to provide more security than the turmoil related to change.  Their basic premise relies on court decisions prior to the technological advances.  Those decisions, while important, might cause reason for concern.

In an effort to provide commercial speech with Constitutional protections, the Supreme Court took up a case in the 1980.  This decision came well before the rise of the internet and the importance of email communications.  In fact, Central Hudson[4] was decided nearly three decades before the current standards for email were even contemplated.

The Court’s decision provided a four-prong analysis.  Those together are answered by the following questions:  protection by the 1st Amendment, substantial governmental interest, direct advancement of governmental interests, and only as extensive as necessary to serve that interest.  Those prongs led to intermediate scrutiny which ensured that most commercial speech would be afforded the same protection that the average citizen could expect.

The Central HudsonHundson test delivers an opportunity for opponents to suggest stronger government regulations would be contradictory.  Their argument says that, because of Central Hudson, a government regulation creating an opt-in policy will assuredly be more extensive than necessary.   Any changes to the current structure would inhibit legitimate messages from reaching the intended recipients.

Such an argument is a just one.  The 1st Amendment protects commercial speech and would permit the commercial communications to be submitted just as companies send what is considered “junk mail” physically to our residences.[5]  To be effective, email must be analogous to standard mail.  Ergo if it’s permissible for unwanted junk mail to be delivered to your residences mailbox, it’s permissible for the bulk e-mail to be delivered to your electronic mailbox as well.

Another more specific question the other side poses asks whether it’s permissible for e-mail to be filtered prior to delivery to the recipient as a reasonable means to the legitimate end.  It is suggested that filtering out of all messages, no matter its legitimacy or not, would not be a reasonable means because the legitimate messages could be barred from delivery.  Such holds up until there is a request to stop transmission.  Contrarily, this argument fails to hold weight against the Federal Communication Commission’s Do-Not-Call list which allows an opt-out from any telemarketer phone calls.  This operates as a quasi-median between the two poles.

A number of those against changing the current legal climate continue to ignore the threat that SPAM transmission poses.  Criminals are turning to the internet to steal from American citizens.  Monthly, there are cyber thefts of personal information from databases.  Daily, SPAM email disguises itself to trick the end-user into transmitting personal information (names, addresses, phone numbers, social security numbers, etc.) to the sender.  Such instances of fraud have not been controlled by the current legal structures against SPAM operations and will not be prevented en masse until stronger legal and technical institutions are put into action.

Current Technology

            At this time, there are numerous options available for systems administrators to utilize in combating SPAM.  A typical Linux server will precompile SpamAssassin into the mail server.  The more effective of the numerous SPAM fighting options include: black-holes, grey-listing, filtering, authentication, spam-trapping, and tarpitting.[6]  General success can be achieved with any one of these methods.  Total annihilation of SPAM can be won by utilizing a specific combination of the above measures.[7]

SpamAssassin is an open-source application that monitors incoming email to determine if it’s SPAM.[8]  Its central premise is to check the header and body of an email to determine the likelihood of it being spam.  Each email will have a number assigned to it and that number reflects a position on the SpamAssassin scale (SA scale).  Typically, the lowest number will be -20 (negative twenty) and the highest will be +12 (positive twelve).  The more negative the number, the less likely the message contains SPAM.  The higher the number, the more likely the email is SPAM.  A filter is setup so that emails above a specified number (to the tenth) will automatically be moved to a “Junk E-mail” folder.

SpamAssassin is a good starting point.  The software has the potential of filtering out half of the incoming SPAM messages when tweaked properly.  There is a major downfall, though.  Spammers are getting intelligent.  Many will try to send their emails locally to see how SpamAssassin reacts and tweak their message accordingly.  This allows them the opportunity to bypass the filter and is becoming more common to see.  Many SPAM messages are being marked as low as -3 on the SA scale.

Spam-traps are a new trick that smaller organizations are implementing.  The premise consists of a fake email address receiving messages.  The fake address is embedded in HTML and other files that spammers scour to obtain new email addresses to send their messages to.  When a message is delivered to that fake address and to other email addresses on the same mail server, the software automatically establishes a temporary block against any mail coming from that sender to legitimate email addresses.  This is a decent fix for emails being ripped from a sales team’s web-page and flooded with spam.  However, it doesn’t work well on its own en masse.  A mixture of other options must be used alongside the spam-traps to make a noticeable dent in the flow of spam emails to the end-user.

Grey-listing is an intermediate point.  Generally, we know of blacklists (banned) and whitelists (permanently permitted) for numerous uses.  The grey-list holds the incoming email addresses for at least two minutes.  The software responds with a temporary delivery error to the sending mail server.  It’s a protocol requirement that mail servers respond to errors.  Therefore, a legitimate mail server will respond to the error by resending the original email.  False mail servers don’t respond.  Once the second email has been received, the sender’s mail server is placed on a whitelist and emails are delivered.  If a response doesn’t come through, the emails aren’t delivered to the end-user.

A few global databases of known spam web-domains and email addresses have been around for a number of years.  Its use is growing in conjunction with the other options above.   The idea is that end-users forward the spam messages to specific email addresses of the database robots.  Those robots parse the emails for information to ban the spamming users.  If the robots detect spam, the web-domain or email-addresses (if part of public email options such as Hotmail, Yahoo, or Gmail) will be banned.  Every email client will bounce the incoming email to its end-user off of the databases to ensure authentic, spam-free messages are delivered.  The flaw in this system is that a number of people could report spam falsely causing personal web-domains or email addresses to be flagged as spamming.  This would cause that persons message to go undelivered to willing recipients.

Past Legislative History

            Between 1995 and 2003, a majority of the states in the United States passed legislation against various types of SPAM transmission.  Congress decided to enter the arena by passing the CAN-SPAM Act of 2003.  However, the abbreviation is deceiving.  The long-name is the “Controlling the Assault of Non-Solicited Pornography And Marketing Act.”[9] Like the states, Congress’ actions weren’t against a majority of unsolicited messages.  The actions were against pornography-related messages.  Many organizations see this Act as a failure because SPAM continues to rise.  In a 2004 PC World article titled “Is the CAN-SPAM Law Working?” the author notes that less than one percent of all SPAM complied with the legislation.  Colorfully, the law is known as the YOU-CAN -SPAM Act in tech-trendy circles.

The use of SPAM has become synonymous with spreading viruses, fraud, theft, and other illegal computer activities.  Countries, particularly the United States, rely on the illegality of the underlying actions of the spammers to prosecute their actions without developing any legal consequences of SPAM generally.  This has created a lack of desire on the part of law makers and government agencies to resolve the growing threat from SPAM to the common end-user.[10]

The European Union’s (EU) Privacy and Electronic Communications Directive established a prohibition against the transmission of unsolicited commercial email in Article 13(1).[11]  The Directive requires that the addressee opt-in before email may be sent to the addressee.  EU created one exemption: it’s acceptable to send emails to the addressee when it’s related to a sale.  This policy makes opt-in mandatory for natural persons.  However, legal persons are more flexible; the member-nation may use opt-in or opt-out for legal persons.

Other nations and unions have taken the approach that all unsolicited messages are prohibited.  Consent can be expressed or inferred.  However, the consenting party can be an intermediary such as a business which the end-user has a relationship with.  This means that bulk databases can be provided to an organization that transmits SPAM and establish consent.  Assuming those companies and other legitimate enterprises made up the large bulk of SPAM, the international approach would fare better than the American Act.[12]

While SPAM delivery has decreased, the reason isn’t the legislation.  Rather, the technology and methods by system administrators has gotten better.  There are joint-projects and communication systems in place to notify and block offenders so that end-users don’t feel the annoyance as they once did.  Many programs and scripts have been created to combat the ongoing threat to the end-user and to decrease the workload on the servers supporting today’s email environment.

Executive Enforcement

            SPAM has a flexible attribute that allows it to fall within the jurisdiction of several executive agencies because of its electronic nature.  The United States has prosecuted several people, organizations, and companies based upon administrative actions of the Federal Bureau of Investigations (FBI), the Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), and the Federal Communications Commission (FCC).  The FTC has been the most positive agency in the fight against SPAM operations.

In 2003, the FTC acted against marketers of fake international driver’s licenses.[13]  A conglomerate of three partnerships, operating in the United States, were found guilty of fraudulent activities designed to extract money from innocent consumers.  The case was met with a slap on the wrist via settlement.  The defendants settled with the FTC:  1) permanently barring the defendants from promoting or selling fraudulent IDPs or any type of bogus identification document, 2) from misrepresenting the uses and benefits of IDPs and other identification document, and 3) recordkeeping provisions to ensure compliance with the settlement.

The FTC settled another case in 2004.  The defendants devised a SPAM scheme offering a free Sony Playstation.[14]  The end-user would open the email and install some software as part of the offer requirements.  The software rerouted their dial-up internet through 1-900 toll numbers.  The plaintiffs would charge $3.99 per minute.  Again, the FTC settled the lawsuit for a mere $2,500 (one fourth of the judicially imposed sanctions before settlement) and to turn over the $25,000 of “ill-gotten gains.”  The settlement barred the individuals from operating such a scheme again.

The SEC has acted against SPAM in a few cases as well.  Each case involved a scheme to increase the stock prices of corporations by using false press releases distributed to thousands of U.S. citizens via email.[15]  The citizens purchased the stocks at inflated prices and the corporation’s owner(s) would dump their stocks while it remained inflated.  Some of the owners made over five hundred thousand dollars before being shut down.  Afterward, the company would fail and the unfortunate shareholders would lose their investment.  These cases imposed stronger sanctions as compared to the FTC settlements.

International efforts have been the most successful.  The United States has limited itself because of the structures of our legal system.  But, actions against U.S. citizens who have caused harm internationally via SPAM have proven successful.  In 2008, one of the most successful international operations ended with the Department of Justice prosecuting nine American citizens and three foreigners.[16]  Each was charged with 41 counts for his or her actions.    Citizens on three continents were prey to the “pump and dump” stock scheme the crime ring instituted via SPAM email.

Current Judicial Climate

            Currently, the U.S. courts have held that the various States may further limit SPAM transmission.  Numerous cases are present where the defendant filed motions to dismiss asserting that the plaintiff’s claims were preempted by the CAN-SPAM Act.  Depending on the scope of the state law, some courts have allowed both to operate concurrently where the plaintiff assumes the law of his state of residence and not the state where the mail-server is physically hosted.  However, a number of cases have required that state law give-way to the federal Act.

In Facebook v. ConnectU[17], the social networking giant brought an action against the defendant company for using its spiders to collect email addresses on the profiles of Facebook users.  Essentially, ConnectU violated Facebook’s terms of access.  The collected emails began to receive email messages from ConnectU.  Further, several of the emails sent by ConnectU had forged header information which violated the CAN-SPAM Act.  Facebook won its litigation in the civil action against ConnectU.  The federal government did not attempt to bring criminal actions against the ConnectU even though its actions violated a number of federal laws aimed at protecting private information.

The two defendants in United States vs. Twombley and Eveloff[18] pleaded guilty to sending over 2.2 million SPAM emails.  They filed a motion to dismiss claiming that it was free speech.  The court denied the claim as commercial speech which doesn’t call for an over-breadth analysis.  The defendants forged header and sender information, used a falsely registered domain, and spoofed being a foreign pharmaceutical company.  The court denied the defendant’s challenge that the CAN-SPAM Act was too vague defining what constitutes a false email message.  Other motions were considered moot because the defendants filed pleas based on the above court’s decisions.

In 2007, MySpace filed suit against The Globe (Myspace Inc. v The Globe Inc.[19]).  The defendant developed scripts and used multiple fake aliases to send e-messages (Myspace-based email) to hundreds of recipients.  Myspace uses a hard-limit on e-messages that can be sent daily per account to protect users from spam onslaughts.  The court translated the Myspace e-messaging system to be equal to emails, giving it CAN-SPAM protection.  Such a translation means that a wholly owned and controlled messaging system of a private company can be regulated to protect against SPAM.  The plaintiff won on summary judgment upon review of the appellate court.

A U.S. District Court in eastern Illinois ruled in Rossario’s Fine Jewelry Inc. v. Paddock Publications[20] (2006) that facsimile spam was not trespass to chattel or conversion.  The plaintiff argued that the defendant converted the ink toner and the paper when the fax machine printed unwanted advertisements.  The court found that the lack of physically, unlawfully holding the plaintiffs property meant that such activities were outside the realm of the doctrines.  The claims under state fraud laws and conversion were dismissed.

Rossario’s decision is troubling for modern technology.  One third of all printers on the market now are pre-bundled with software that gives the printer its own unique email address.  Owners have the ability to send documents (PDF, DOC, XLS, JPEG, and others) to these email addresses; the printer receives the email and promptly prints the information.  If a spammer were to get ahold of the algorithm for generating these unique email addresses, millions of home-users and business-users could see their printers gushing out unwanted advertisements.  This ruling would be fodder for the spamming community to argue that their protected when submitting print jobs to private printers.

A more disturbing issue brought by spam came from the decision in United States v. Kelley[21].  Kelley was prosecuted for receiving child pornography and possessing child pornography.  The government seized the defendant’s computer and searched it for evidence of the illegal material.  The government found that the defendant had received nine emails containing attachments of young boys in sexually explicit positions.

While the district court found that the receipt of these child-pornographic emails did not establish probable cause, the 9th Circuit said otherwise.  It found that even though direct evidence failed to show that the defendant solicited the offending messages, the messages were enough under a totality of the circumstances test.  In the dissent, Circuit Judge Thomas stated:  “…every hour, millions of unsolicited and deceptively disguised emails are sent to innocent computer users.  Lowering our standards of probable cause to permit government intrusion into private residences based solely on proof of mere transmittal of unsolicited email constitutes an unwarranted erosion of the Fourth Amendment.”

The first felony conviction for SPAM occurred in 2006 when a Virginia state court convicted Jeremey Jaynes of a class-6 felony (Jeremy Jaynes v. Commonwealth of Virginia[22]).  The Virginia Ant-Spam Act made it a felony if the spamming actions met any one of three criteria (minimum daily SPAM traffic volumes, illegal revenue floor, or the use of a minor in the spamming operation).  Jaynes was sentenced to nine years in jail.  However, Virginia law states that a class-6 felony is punishable with up to five years imprisonment, a $2,500 fine, or both.

The above cases aren’t the only cases showing of the courts growing involvement in SPAM litigation.  And, the courts are sticking to their guns.  If the SPAM email fails to pass the CAN-SPAM Act’s tests, a ruling will be against the defendant.  The CAN-SPAM Act leaves a lot of room for those who wish to inundate PC inboxes.  This wiggle room has been given ample consideration as a 1st Amendment protection to send email to others just as junk mail can come through the Postal Service.

Preemption:  Current Federal Law

Again, the CAN-SPAM Act is designed to be used against pornography spam rather than all spam generally.  It has been utilized in many federal courts.  Defendants have claimed that the Act preempts various states’ law that had proffered the basis for the judicial action against them.

Generally, the Supremacy Clause of the Constitution gives federal law the ability to trump state law.  State laws are not preempted by the Act in situations involving fraud, only.  In part it reads that the Act “supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.”

In the decision of Gordon v. Impulse Marketing Group, Inc.[23], Fred Van Sickle, District Judge, dictated that “to some degree, the CAN-SPAM Act expressly preempts anti-spam legislation where a statute ‘expressly regulates the use of electronic mail to send commercial messages.’ However, the CAN-SPAM Act does not preempt state spam laws to the extent they ‘prohibit falsity or deception in any portion of a commercial electronic mail message or information attached thereto.’” The defendant could not use the preemption power of the Act because the Washington Electronic Mail Act was exempted; the Washington Act prohibits “falsity and deception.”

The case of Facebook v. ConnectU showed the preemptive power of the Act in full light.  The defendant, ConnectU, argued that the plaintiffs’ claims pursuant to the California Business and Professional Code were preempted by the CAN-SPAM Act.  The court agreed that the some of those claims were preempted stating that the California laws tried to regulate “the use of electronic mail to send commercial messages within the preemptive effect of the CAN-SPAM Act.”  The court did not find that the copyright claims were preempted on other grounds.

A Future Solution

            The technology is there to stop spam emails from arriving at the end-users email box.  But, there is not a useful manner to disable spam at its source for people living in the United States.  Therefore, the United States should develop a legal model similar to other nations to protect its citizens from the never-ending onslaught of unwanted, unwarranted email.  Further, the government must institute another regulatory device to help prohibit the transmission of illegal spam.

Part 1:  Legal spam interpretation model

            Opt-out, or unsubscribe options, are required by the Federal government to be placed in all mass-recipient spam email.  Advocates for opt-out insist that the sender has a Constitutional right to send the email to anyone he or she chooses whether or not the end-user wishes to receive such an email.  This is a “liberty” interpretation of the 1st Amendment.

The liberty viewpoint came into being during the Civil Rights era.  Preachers, protestors, and others had the right to speak in public places without government intervention in most instances.  Such views have transferred over to justify the spam email.  Further, advocates argue that email should be treated like physical mail where mass-mailing is acceptable.  Oddly enough, the Court held that mail inserted into a U.S. Postal Service’s mailbox was not done so as a public forum; so, mail must be paid to be sent through the Service’s infrastructure.

Other countries, including Korea and the E.U. nations, utilize the opt-in feature.  Korea’s highest court interpreted it to protect freedom of speech while also protecting the other person’s rights.  The opt-in policy can be interpreted as a “privacy” viewpoint of the 1st Amendment.  A person has the right to speak in the public forum, but people don’t have a Constitutional right to invade another’s private life so that they may be heard.

The “privacy” interpretation of the 1st Amendment’s right to freedom of speech had prevailed in the United States until the Civil Rights era.  Further, the “privacy” interest won out in the current “Do-Not-Call List” system to prohibit telemarketers from calling people who don’t want to be bothered.  Consequently, one can translate the revival of the “privacy” interest to be a call to utilize it where it could be best served.

A recent district court ruling (Hypertouch, Inc. v. Valueclick, Inc.[24]), upheld in an unpublished opinion by the Appellate Court, suggests that the opt-in option is viable under the Constitution.  The plaintiff previously registered with affiliates of the defendant to receive advertisement for the defendant’s products.  The court found for the defendant on summary judgment.  When challenged that the ruling would effectively bar plaintiffs from suing under California anti-spam laws, the Appellate Court stated “the only persons foreclosed by today’s ruling are individuals who solicit emails from an advertiser…”  The Hypertouch case gives ground to build an opt-in strategy in the courts.  Arguably, this case also lends itself to initiate a transition from the liberty to privacy interpretation of the 1st Amendment.

To provide footing for this judicial change, the legislative portion needs to assist in breaking old arguments apart.  The courts have defined spam email as the equivalent of junk mail sent through the postal system.  However, the postal system is operated by the single entity: the United States Postal Service.  Email operates by transmitting across multiple (up to several hundred) private networks connected together to create the internet.  While the importance is described below, the courts must learn that there are many entities involved and billing between them is required for allowing the email to flow across the network as part of its traffic.

Part 2:  Illegal spam legislative model

            To appease the nation’s computer users, the Federal government has the opportunity to further inhibit the illegal spammers’ ability to inundate their email boxes.  Congress’s legislation through the FCC’s operation of the “Do-Not-Call List” was successful.  Phone owners can opt-in to stop the onslaught of the telemarketers.  This could be utilized in the reverse for internet spam allowing for subscriptions to opt-out of all spam mailings.

Congress can create a database of illegal spammers.  This database can be utilized by Internet Service Providers (ISPs) or the end-user to filter out incoming email.  Such a database could be maintained using automatic and manual submission of email that breaks the internet’s email protocol standards.  As with the first legal proposal, this would also be an opt-in option for either the ISP or the end-user to decide whether or not to add this technology to their mail-server or mail-client.

The legislation can establish a stronger and more correct view of what email traffic is and how it operates as opposed to standard mail.  The courts have treated email as an equal to standard mail which isn’t correct.  Therefore, the argument that the public forum protects the sender’s right to distribute their materials should put email outside of the theories scope.  Email operates on private networks and crosses telecommunication equipment and lines which are privately owned and maintained unlike the US Postal Service; this requires that companies and users connected to these lines pay per use of transfer in some form.  The Postal Service requires that the sender foots the bill; email necessitates fees for the end-user (the receiver) and the sending party.

However, there is a risk in this type of legislation for abuse unlike that of the Do-Not-Call registry.  Spiteful people could report their enemies email addresses to the database as a spammer.  This legitimate user could find that his or her email address is barred from sending to those subscribed to the database for filtration.  Therefore, the legislation would need to include verification checks and to have a penalty for intentionally reporting false information.  Penalties could include being barred from using the list in the future, being listed as an abuser in the same or similar database, and fines that could be imposed to encourage the user act responsibly.

Some states, like California, are using their capabilities to repair the loopholes and failures of Congress to design the proper law.  Venkat Balasubramani, on the EricGoldman blog, stated “…Congress clearly did a crummy job with its preemption clause….it’s unclear how California’s policy would affect interstate advertising campaigns–a question we shouldn’t even have to ask when dealing with Internet activities. We really, desperately, need to rethink our governance scheme that puts states in the business of regulating the Internet.”[25] Agreeably, this is a matter for Congress to control because the risk of 50 different levels of spam control throughout that nation is a dangerous road to travel.  But, the issue should be resolved in a manner to best handle the privacy rights of the citizenry.

Conclusion

            The communications system of the internet, via email, has become a very important aspect of the lives of over a billion people worldwide.  Because of this, technology requires that the law to morph into something new to protect the infrastructure of the internet and to protect the citizens who use it.  There are an abundance of useful software techniques that can work alongside legal institutions to ensure a viable email system is maintained rather than being over-run by billions of SPAM emails daily.

While critics of such changes have worthy arguments, the premise remains flawed.  The internet is a connected network of thousands of private networks, creating a single unit of communications globally.  Treating the internet’s email capabilities like that of the United States Postal Service largely ignores the fundamental differences in the systems.  However, middle ground can allow for a mixture of liberty and privacy interests to flourish without one impeding upon the other.

Opt-in policies have been successful in other countries.  Requiring a similar system in the United States would save Americans countless hours each month spent dealing with spam.  It would save corporations millions of dollars, costs which are passed on to the consumer.  Blending the opt-in system characteristics with the tried system of the FCC’s Do-Not-Call List would provide an opt-out program to protect citizens from receiving the onslaught of SPAM emails just as it has protected telephone owners from continued annoyances of telemarketing campaigns.

 


[1]   Gary’s interview with NPR:  http://www.npr.org/templates/story/story.php?storyId=90160617

[2] Annual SPAM statistics were found at multiple sources and compiled into a graphic demonstation.  Primary sources were “The Big Business of Fighting Spam”  By Lisa Gill  and “Email spam level bounces back after record low” by Josh Halliday.

[3] Calculations for bandwidth is based upon the amount of SPAM currently being sent and the projected figures for 2016 multiplied by the file-size of average SPAM email.  The exponential equation is found in the graphic display.

[4] CENTRAL HUDSON GAS & ELECTRIC CORP. v. PUBLIC SERVICE COMMISSION, 447 U.S. 557 (1980)

[5] CANNING SPAM: CONSUMER PROTECTION OR A LID ON FREE SPEECH?   2004 Duke L. & Tech. Rev. 0016

[6] A number of anti-spam techniques have been listed and discussed in general at http://wikipedia.com/ under “Anti-spam techniques.”

[7] See “Spam Control Linux Servers” at http://derekgordon.com/linux-how-tos/spam-control/.

[8] SpamAssassin is part of the Apache project:  http://spamassassin.apache.org/

[9] The CAN-SPAM Act: A Compliance Guide for Business:  http://business.ftc.gov/

[10] Federal Spam Laws are discussed at  http://www.spamlaws.com/federal/index.shtml

[11] The Privacy and Electronic Communications (EC Directive) Regulations 2003a

[12] Over fifteen nation-states have created some form of anti-spam legislation.  http://spamlinks.net/legal-laws.htm

[13] In-house report is available at http://www.ftc.gov/opa/2003/11/mountainview.shtm.

[14] The in-house settlement with the Play Station 2 Spammers is discussed at:  http://www.ftc.gov/opa/2004/02/playstation2.shtm

[15] The SEC.GOV website lists numerous incidents.  Three reviewed for this article may be found at http://www.sec.gov/news/press/2007/2007-173.htm, http://www.sec.gov/news/press/2011/2011-46.htm, and http://www.sec.gov/news/press/2010/2010-70.htm.

[16] The Department of Justice report on the case:  http://www.justice.gov/opa/pr/2008/January/08_crm_003.html

[17] FACEBOOK, INC., Plaintiff, v. CONNECTU LLC, et al., Defendants.  489 F. Supp. 2d 1087

[18] UNITED STATES OF AMERICA, Plaintiff, vs. MICHAEL STEVEN TWOMBLY (1), JOSHUA EDWARD EVELOFF (2), Defendants.  475 F. Supp. 2d 1019

[19] MYSPACE, INC. v. THE GLOBE.COM, INC.  2007 U.S. Dist. LEXIS 44143

[20] ROSSARIO’S FINE JEWELRY, INC., etc., Plaintiff, v. PADDOCK PUBLICATIONS, INC., et al., Defendants.  443 F. Supp. 2d 976

[21] UNITED STATES OF AMERICA, Plaintiff-Appellant, v. KENNETH KELLEY, Defendant-Appellee.   482 F.3d 1047

[22] JEREMY JAYNES v. COMMONWEALTH OF VIRGIINA 276 Va. 443, 666 S.E.2d 303 (2008)

[23] Plaintiff, v. IMPULSE MARKETING GROUP, INC., a Nevada Corporation, Defendant.  375 F. Supp. 2d 1040

[24] HYPERTOUCH, INC. v. VALUECLICK, INC., 120 Cal.Rptr.3d 573 (2011)

[25] The Eric Goldman blog: http://blog.ericgoldman.org/archives/2011/01/hypertouch_v_valueclick.htm