When it comes to combating the spam pandemic, there's the appearance and there's the reality.
As far as appearances go, things are looking up. The US Congress finally passed a real antispam law: the Can-Spam Act, which took effect Jan. 1.
Microsoft, Yahoo, America Online and EarthLink now have a powerful legal weapon they can use to bring spammers to heel. And it's not just the Internet service providers. Last week, Ohio's legislature got into the act when it passed a bill to let the state put out-of-state spammers on trials.
Great. I say send all the bums to Siberia and force-feed them castor oil twice a day, if that's what it takes. But get-tough measures alone won't suffice -- and this is where the debate about what to do needs to shift focus.
For too long, the question of how to fight spam -- with technology or with laws, that is -- has been viewed in either/or terms. Technologists are comfortable with technology and look down their noses at government-imposed solutions. The politicians usually don't have a clue what the technologists are talking about. And so you have all the makings of a dialogue of the deaf.
But there are signs that the thinking is starting to evolve.
I recently attended a colloquium where a clutch of technology executives debated what to do. But even these experts acknowledged that there was no such thing as a magic bullet to stop spam. Instead, they expressed palpable unease at how spam has turned e-mail into a medium of maybes -- the result being that Internet communications have lost the vital attribute of reliability.
Their one uniform point of agreement was that spam in all its derivations constitutes a mortal threat to the vitality of the Internet as a vehicle for communication and commerce.
How bad? Sink your teeth into these stats (courtesy of Symantec CEO John Thompson): There are 100 new viruses and 50 new vulnerabilities detected each week. And the fastest-growing non-violent crime of them all is phishing. At one time, spam may have been a problem of minor annoyance, but phishing has turned it into a problem of fear -- so much so that the average ISP is now spending significant amounts of money on e-mail hygiene. If this keeps up, you can kiss the future of low-cost (or free Web) e-mail goodbye.
I'd like to believe the technology industry is smart enough to figure out a solution. That assumes rival companies can check their egos sufficiently in order to play nice with each other. That's easier said than done. When it comes to deciding how best to provide e-mail authentication, for example, you have Microsoft pushing its own "Sender ID," while the other big guys treat anything emanating from Redmond as if it were radioactive.
 |
The politicians view this as a political issue, and so their reflex reaction is to enact legislation. But spam is a global problem, and enacting new laws in the USA won't do much to impress a phishing ring in Moscow.
What's the next move? I think Thompson nailed it when he said the key to making serious inroads is to change people's online behaviour. He recalled that the government's Smokey the Bear campaign -- as corny as it was -- was a huge success in curbing the outbreak of man-made forest fires.
This would be more than a lame update of Nancy Reagan's "Just Say No" anti-drug mantra. The idea here is to put responsibility on the shoulders of Internet users and compel them to pay more attention to spam prevention. Fact is that when it comes to spam, it's not just good guys versus bad guys anymore. It's also what to do about the lazy guys -- the careless Web surfers. They are the ones who are getting in trouble.
Face it -- people still do dumb things when they get online. Many people don't pay attention to how they share information over the Internet and to what they download. If you can raise awareness and influence behaviour patterns, that may not eradicate spam. But it would go a long way toward drying up the swamp.
biography
Charles Cooper is the executive editor of commentary at CNET News.com.
The problem is not that law in general does not work, but that a weak, ill-conceived law can't make a difference. Unlike the Australian Spam Act 2003 or the Californian anti-spam law (both of which require an 'Opt-In' model, where sender needs consent prior to the unsolicited message), the US CAN-SPAM Act 2003 does not outlaw spam, but effectively legalises it (subject to bans on the worst abuses). Its doomed 'Opt-Out' model, promoted by the US Direct Marketing ****ociation (but not by their more pragmatic Australian counterpart), authorises unsolicited commercial messages and puts the onus on the recipient to unsubscribe. Once you accept this principle, the whole game is lost. The main criticism should go to the legislators in Congress and the Senate that put marketers' interests above those of the internet as a whole, and p****ed this dud law.