Some people drape themselves in the American flag when they’re making a power grab; others hide behind the First Amendment of the Constitution.
Twice this week, the enormously popular “Do Not Call” anti-telemarketing program was attacked by businesses claiming the right to annoy the innocent. It was a victory for nuisance both times.
In the first blow to sanity, the Federal Trade Commission was admonished for over-stepping its authority by giving citizens the chance to have their phone numbers protected from telemarketers. The second judge said this same program violated the American guarantee of free speech.
Of course this is nonsense. Free speech has always been subject to regulation. You’re not free to start shouting on a street corner at 3 am. And you’re not free to make a disturbance in a restaurant, school or library. All of these are nuisances, and the courts have always allowed the right of the people to protect themselves from anti-social behavior.
IT managers should be watching the legal wrangling over this case, because efforts to legislate against spam will be next on the court dockets. In recent days, the governor of California signed a law that places fines of up to $1 million on spam campaigns. And the following day, the U.S. Senate Judiciary Committee approved the Criminal Spam Act of 2003 which specifies a jail term up to 5 years for bulk mailers who try to obscure their identities while sending a bulk emailing.
Taken together, the two laws could be an effective deterrent. They outlaw unsolicited mass mailings and outlaw a favored technique of spammers to elude detection.
In recent weeks, it’s become clear that spam is threatening more than our sanity. It is becoming a significant cost for corporations who need to filter email in order to weed out not just the annoyances but pornography and malicious code. Any corporation that tries to avoid this mounting expense will find that it is opening itself up to more than inefficiency; the stream of explicit pornography that employees will receive in an unfiltered environment will leave such organizations open to sexual harassment claims.
Of course, filtering is far from perfect. We all have anecdotes of filters blocking important email. I recently was blocked when an email I sent happened to use the same phrases used in the header of a popular virus. It took me seven re-tries before I was able to figure it out. How many other business documents are being blocked without a trace?
Legislation will not be perfect. It can’t stop offshore emailers, unless other countries pass reciprocal legislation. Enforcement will be a nightmare. And since all legislation, including the anti-spam and FTC “Do No Call” programs, provide an exception for companies with whom you have a business relationship — however tenuous — there will be new forms of abuse.
The best solution is likely to come from the AntiSpam Research Group which is sanctioned by the IETF (Internet Engineering Task Force) and the IAB (Internet Architecture Board). Recommendations from this group will carry sufficient weight to win over the service providers, domain administrators and software suppliers.
Among the proposals the group is considering: an authentication scheme for the domain portion of addresses used in SMTP mail transport. When such a protocol is approved, email admins would be able to positively identify whether incoming email was from a legitimate sender or was bogus. It would also provide a practical way to track emailers breaking anti-spam laws.
The process of crafting laws strong enough to survive challenges is painfully slow, but at least it has begun. The process of revising the email protocols is likely to be faster, though it would move more quickly if industry leaders began to champion the cause.
At some point, the right to annoy will be discredited as a constitutional guarantee, but not without a struggle.
— Gus Venditto is the editor-in-chief of internet.com.