US House, Senate Agree on Anti-Spam Bill

Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.

The RIAA/MPAA has their mitts in this one too!

Go to http://thomas.loc.gov [loc.gov] and do a bill search on "anti-spam" and read the Senate version, from which I quote:

...the term `unsolicited commercial electronic mail message' does not include an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an unauthorized user of protected material notifying such user that the use is unauthorized and requesting that the use be terminated or that permission for such use be obtained from the rights holder or holders.

Unbelievable.

Re:Translated version

If anyone wants to hear that in English, it sounds like they're saying that the MPAA- and RIAA- bots don't count as SPAM.

They do if the the intended recipient of the mail is not, indeed, using said protected material unlawfully. Hmmmmmm. This could be VERY interesting the next time they make a mistake on the identity of the alleged pirate.

So a false notice by the RIAA *D *is* SPAM?

If I read that right, it appears to say that an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an innocent person is SPAM. Fascinating. What is the RIAA's error rate, and what is the fine for repeated violations?

Re:Nonsense

So hate on haters.

Wow.

You're missing the point. The question isn't so much whether their email should be considered spam, as it is the fact that such a provision is front-loaded into legislation that on its face has absolutely nothing to do with copyright issues.

This is particularly relevant given the past instances of industry involvement in the legislative process, and most especially the DMCA itself, which it has been alleged saw language included at the last moment on behest of the RIAA that was never approved by any member of the House or Senate.

In other words, it is just another example of corruption of our government by the "entertainment" industry.

Maybe if these people spent less time choking our freedoms with self-serving laws and spent more time on creating art we wouldn't have to deal with fare such as Matrix: Sucks and Matrix: Really Sucks.

This is to be consitent with DMCA's safe-harbor

DCMA has a safe-harbor provision, which gives infringers an out if they take down the infringing material once notified by the IP owner.

From keytlaw [keytlaw.com]

• Digital Millennium Copyright Act Safe Harbor
  The simplest, cheapest and best way a web site owner may protect against liability for copyright infringement resulting from users' uploaded content is to comply with the safe harbor provisions of the Digital Millennium Copyright Act. Web site owners who comply with the requirements of the DMCA and who take appropriate action after receiving notice of copyright infringement from a copyright owner, will not be liable for money damages for users' uploaded content.

I think they just wanted to make it consitent with DMCA.

The closest distance between two points is a tunnel
- Lyndon Johnson.

IAAL

Are you a lawyer? I am. I am not incorrect. The safe harbor provision has been widely-interpreted as applying to Web sites as well as OSPs. Web sites which, like /., allow anyone to post on them are considered OSPs for the purpose of DMCA.

And since Web sites are often maintained by various people, the DMCA safe harbor generally applies, which is why most commercial Web sites have DMCA contact info for an agent to receive notices of claimed infringement.

Obviously, if the infringer infringes on purpose, there is no safe harbor.

Re:The RIAA/MPAA has their mitts in this one too!

Dear Common Thief,

After scanning your network, this is an automated message notifying you that the copyright owner, Meds2U.com, believes you are making unlawful use of one or more copyrighted materials held by said owner. Please cease and desist immediately your unlawful use of these materials, or contact us so that licensing of said materials can be arranged. Under the DMCA, we hereby certify that we act as representatives of Meds2U.com which sells phentermine, Xanax, Viagra, Prozac, Celebrex, and many other prescription medications available at below pharmacy cost to you from http://www.meds2u.com 24 hours a day, 7 days a week!

Yours truly,

Dewey, Cheatem, and Howe
Attorneys at Law

Can you say loophole

Never underestimate the inventivness of spammers and conartists... For example I could envision a legit spam such along the lines of:

- - - - - - - - - - - -
Dear Sir no doubt you have been receiving messages on increasing your penis size.

Let me take this time to inform you that my company Hammer Inc. has a US Trademark and copyright on the term "penis enlargement" and a patent on our exclusive fully herbal penis enlargement treatment plan. All those other companies are violating our establish copyrights and infringing on our patent. We have very strong IP rights in this area let me assure you.

So therefore let me offer our treatment at an incredible savings, just sign up now and we will give you 30% of list. Your lover will love you for it...

v/r McBribe CEO Hammer Inc.

Finally!

This has been a long time coming, I hope we're actually able to enforce it. Although, its going to be tough with all the world wide spam.

Is this really just fluff to impress voters? Or do you think it will actually carry any weight?

Re:Finally!

No, It's a _horrible_ idea. Two things.

(1.) U.S. Laws only reach as far as U.S. borders. Where does 95% of spam come from?

(2.) What is to stop spammers(who have previously shown themselves to be willing to break the law and root people's servers to use as relays) from using this Do-not-spam list as a database to spam? I mean, think about it, a nice, large index of completely valid email addresses? This is spammer gold people!

great... wait...

How is this not an international please-spam-me,-here's-my-favorite-and-most-privat e-email-address list? Even if it prevents US companies from spamming you, it's like a golden list for most spammers in the world.

And even if they MD5 each address or something not-totally-braindead, it turns into a us spammer hash-checking, finding it on the do-not-spam list, and selling it to a foreign counterpart as a quality address.

Re:Finally! - BAD, BAD, BAD

This has been a long time coming

Judging by the text of the bill, not long enough.

Properly implemented, a law would be a good thing, but this misses on several counts..

First - it defines spam incorrectly.

Spam is unsolicited bulk email. This uses the term 'unsolicited commercial electronic mail message' - whether an email is commercial or not is irrelevant as to whether it is spam. Although the majority of spam is commercial in nature, not all of it is, just as not all unsolicited commercial email is spam (as evidenced by their need to include an exemption for copyright infringement notices.)

Second, the fact that it's opt-out, means that it legalizes spam - it's a pro-spam bill, not an anti-spam bill.

I haven't finished reading it, but if it overrides state legislation, then it's the worst possible outcome.

Re:SPAM fines

that says INTENTIONAL not INTERNATIONAL

This is a BAD bill

This is a BAD bill... it preempts all state spam laws -- some of which are actually decent, and let US the CONSUMERS go after the spammers instead of depending on fat, lazy, guberment morons to do it.

Don't preempt the SPAM state laws!!!

How?

How can any of them possibly believe that this would do any good?

Re:How?

I think that congress (and your average citizen) believes that legislation is the solution to most problems. The SPAM wars will be fought and won with innovative technology, not with legislation. Don't get me wrong, some of the acts spammers engage in should definitely be illegal. But they should be illegal on principled grounds, no on the hope of detterence.

Unlimited Damages ...!?

... unlimited damages for fraud and abuse.

What the -- unlimited damages ...?!

Holy crap, get ready for the undead legion of attorneys to rise from the grave!

-kgj

Exactly...

How will this be enforced? The global nature of the Internet seems to be unmanagable by a single government.

Oooo...Oooo...I have a question!

Aren't those old dudes in the Senate the ones that are buying all that Viagra?

I thought so.

more of the same

While I applaud the intent, unfortunately this is another totally ineffective anti-spam legislation. There are plenty of laws already on the books making 99.9% of spam illegal, but the problem is the government and related law enforcement agencies do not enforce the existing laws so why would anyone think this is any different? People need to realize that passing a law, and enforcing a law are entirely different. This is like going into a book store and buying a book, but not reading it! I hear next week Tauzin is going to solve the world hunger problem by passing a law making it illegal to throw out leftovers. Hurrah!

At this point, the only way you can realistically take action against a spammer based on these laws is by printing them out, finding the spammer and then hitting him over the head with the actual laws. Law enforcement agencies and district attorneys have repeatedly demonstrated an apathy towards pursuing and prosecuting spammers. The FBI has a monetary threshold of damages on any case of this nature it even elects to investigate. There are virtually no resources dedicated to enforcing this bill and there are no competent agencies available to even investigate! Please send a message to your political leaders that enforcement and not more laws are key to dealing with this problem.

The law looks good, but without dedicated provisions and a change in policy which will actually insure that these issues will be enforced, this is just a joke.

Office Space, anyone?...

"including five years in [Federal Pound-Me-In-The-Ass] prison"

Bet someone's going to regret pushing all those penis patches (of grow 3 inches! fame).

how long before...

some state court says that's unconstitutional and lets spammers spam?

Re:how long before...

"how long before some state court says that's unconstitutional and lets spammers spam?"

Pretty long, seeing as state courts can't rule on a Federal issue. Spam, being 'insterstate commerce' (in a manner of speaking) is most certainly all Federal. I also doubt there are many Federal courts that would consider the question of the bill's constitutionality. You have the right to speak, not to be heard; most certainly not at someone else's expense. If you had the right to be heard by your audience, you could sue deaf people for violating your right to free speech. How absurd is that? Free speech protects you when you're standing on a corner preaching your religious views or publishing a political opposition newspaper. It does not force everyone to stop and listen to you speak, nor force anyone to buy a copy of your newspaper.

If spammers want to continue to spam legally, they ought to stand on a street corner and hand out fliers to anyone who wants one. Thus, the optimal example of an 'opt-in' system. The way it works now, they're jamming the fliers into your pocket, whether you want them or not, to the point that your pockets explode when you get home. Every time you try to cover your pockets, they find another way to jam another flier into your pants. Activity like that would get you shot in New York, and perhaps worse in L.A.

deeply dissapointed

A few things that the bill missed

1. No requirement for opt-in
2. No jail time only monetary damages
3. No public stonings

Most spam *IS* from the USA

I direct you to Spamhaus.org rokso list [spamhaus.org]

Have a quick scan down the list of countries...

Simon

Not going to sign up for Don't-email-list

The very idea of don't email list is stupid. the only way to fight spam is by attacking their business model. You get spam because some idiot thinks he is getting a good deal for the product that the spammer sells. don't the law makers know that there is a diff between phones and emails? it costs real money to call someone to sell something but it costs almost nothing to send out emails. Also what about security for these Don't-emails-lists(if they are created)? what are they going to do give the spammer a list of email address he shouldn't email? yeah right. I bet the spammers would support this bill.

Finally..

Finally, we get an antispam bill. Only this time, it won't be delayed like the nocall list was. What spammer would object to it publicly? If he/she did, they'd be lynched (I'll be the one holding the 10 yr old motherboard; can't use the comp for anything else, so might as well go to a good cause).

First thing, I'm going and registering all the domains I own, and my comcast account. Then, for good measure, I'm going to see if I can pipe all emails through servers in California.

One question: does this federal law overrule the Calif law, and if so, is it for better or worse? What's CAUCE's opinion on this?

Unlimited damages

...reminds me of an NDA from Sony I signed in a previous life. Buried deep in the middle of it was the phrase (from memory)

"Should PARTNER at any time divulge material covered by this agreement, then financial reparation may not be sufficient"...

(No, the NDA wasn't under the NDA - do you think I'd be telling you this, if it was ???)

I never did get clarification on what non-financial reparations would be demanded (first-born son?, ritual dismemberment ?)

Simon.

Here's what I'm going to do:

An experiment.

I'm going to create a new email account, and register it on the "do not spam" registry. It will have a random account name on my own domain.
I will not use this account for anything else.

As a control, I will create another random account under the same domain, and not use it anywhere, even on the "do not spam" registry.

I will measure how long it takes before the first address receives spam, how long before the second receives spam, and the amount of spam each receives.

Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).

It's better than nothing

Some will argue that it won't help because all the spam comes from China and South Korea. Wrong. A lot comes from those two countries, but the number one source of spam in the world is the U.S.

Then they'll argue that the spammers will move their mail servers to another country. So what? If the company doing business is still located in the U.S., the anti-spam laws will apply. I already block China and South Korea. I'm damn close to blocking Brazil. If the spammers move, it will be easier to block them.

Then they'll say the spammers will move their entire business to another country. Hell, that works for me. Maybe they'll move to the next country on the anti-terrorism hit list.

As for the idiots saying spam is protected by the Constutition. Bzzt! Wrong! Your right to free speech does not extend to breaking into my home to set up your soap box. Your right to free speech does not give you the right to make me pay to listen. Your right to free speech does not continue when I tell you to shut up and get the hell out of my house, nor does it mean you can sneak back in the next day to make me listen yet again.

Re:Another attempt to kill capitalism

Spam is profitable at such a low rate of response that it will NEVER disappear, even if it pisses 99.98% of the people. It is the stupid .02% of the people who make spam work.

Spam will NOT be profitable if it generates NOISE. In order for Spam to work, it must leave behind a point of contact of some sort. If we collectively fill that point of contact with JUNK responses, spam will disappear because it cost MORE to the spammers than it is worth. Imagine a spammer having to sort through millions of fake responses to find the one that is legit?

That is how spam will be defeated.

Horribly flawed idea.

This is horribly flawed.

This list will need to be distributed for spammers to check it for compliance. When it gets distributed it will be explicitly added to all spam lists by illegal spammers and list aggregators. All current and future illegal and foreign spammers (i.e. most of them) will then bombard everyone on the list with more spam.

As usual they will get away scott free thanks to hijacked servers and IP blocks foreign immunity & the usual shady practices.

This is unworkable.

Wow

Five years in prison, and potentially up to $6 million in damages, all for spamming?

Now, I appreciate that spam, for a lot of people, is a major problem. I know that as a user, rather than an admin, and a careful one at that, I don't see the true extent of the problem. I get perhaps a couple of dozen spams a week to a single address that I was foolish enough to have in plaintext on a website a couple of years ago. To me, it's no big problem - Mozilla Mail's junk tools catch 95% of them. Still, I'm aware that spam is a serious problem for a lot of people.

But five years in jail? That seems somewhat excessive to me. I condemn the RIAA's lobbying partly because of the excessive penalties they seek; I cannot, in all conscience, support similar penalties for a crime which, to me at least, doesn't seem a great deal more heinous.

This is not an anti-spam bill

This is not an anti-spam bill. This is a pro-spam bill. (I'm looking at S.1231 on thomas.loc.gov, and assuming that's the latest version.)

It seems like the meat of this bill is in this clause:

... it shall be unlawful for any person to initiate the transmission of any UCE to a protected computer unless the message provides clear and conspicuous identification that the message is an advertisement or solicitation, by providing, as the first characters in the subject line, `ADV:'.

So, basically, spam all you want as long as the recipient isn't on the do-not-spam list, and as long as the spam is labeled. Point-by-point for today's news release:

1. Empowers American consumers with the right to opt-out of all unwanted and unsolicited commercial e-mail or SPAM.

   The bill is opt-out. Enough said.

2. Provides the FTC with the authority to set up a "Do-Not-SPAM" registry based on Chairman Tauzin's work on the "Do-Not-Call" registry for unwanted and unsolicited telemarketing telephone calls.

   Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.

3. Grants the strongest available protection for parents and consumers to say "no" to the receipt of pornographic SPAM.

   The pornifity of the email is irrelevant. Spam is spam. Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.

4. Makes it a crime, subject to five years in prison, to send fraudulent SPAM.

   But non-fraudulent spam is ok? I thought fraud, whatever the medium, was already illegal.

5. Allows the FTC and state attorneys general the ability to vigorously enforce the laws contained in the anti-SPAM legislation.

   I just don't see the point of a law where enforcement is not permitted.

6. Enforces statutory damages of $2 million for violations, tripled to $6 million for intentional violations, and unlimited damages for fraud and abuse.

   Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?

Opt-out is very bad for non-individual mail

Much of the spam we get comes from mailing lists. This kind of scheme would require every list admin to submit all their mailing list addresses to some stupid opt out lists. There are many examples of this not being practical, such as the Debian bug tracking system which has a different email address of each bug (and there are over 200k). FWIW, it does receive spams that clutter up bug audit trails and are extremely annoying. Being allowed to spam should not be the default.

#1

#1 -- I will not "OPT-OUT". Ever. I have, on occasion, will decide to OPT-IN. Those thinking OPT-OUT are blocked on the first (#1) violation. No questions asked and only a personal phone call, if you know me, will I allow further such traffic.

Just as I refuse/block UNAVAILABLE calls and judiciously decide what profanity of choice to use on PRIVATE callers.

With _any_ OPT-OUT type of choice shortly I'll simply white-list a very few and block everybody else. Email is pretty much dead already anyway. How many hundreds of thousands, if not millions of business' are there in the US alone? For next to nothing they'll all be spamming me -- no thanks. :)

I guess this means I won't be getting funds transfered to my bank account from Africa. Darn.

easiest anti-spam bill

I'm sure I'm not the only one who would end almost all US based spam given one document - a signed pardon.

just visit various spammers, liquidate them, no consequences.

Hell, I'd even make a very large campaign contribution to Bush for that piece of paper, and I can't stand the man.

Simple solution to spam problem

add "sending of unsolicited commercial email" to the already insanely loose definition of "terrorism" in the Patriot Act and let ashcroft lock up all the spammers with no due process.

Hasn't passed the House yet. Call Congress now.

This bill (referred to S.877, even by the Clerk of the House) hasn't actually passed the House yet. The House is still in session, at 2:30 AM. There was a voice vote, but it wasn't decisive, and a roll call vote was scheduled. To save time, all the roll call votes today will be run at the end of the "day". The roll call vote is on the calendar, but it hasn't happened yet. At this moment, the House is voting on whether to recommit the Medicare prescription drug benefit bill back to committee.

This bill could still die. Call your Congressional office. [house.gov] The staff is still there, very tired, and answering the phone.