US House, Senate Agree on Anti-Spam Bill 448
Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.
SPAM fines (Score:1, Insightful)
Does this mean that if you are a spammer in the USA, and you spam addresses outside of the US, you will be fined $6 million dollars? Or does it mean that if you are a spammer from outside the USA, and you spam inside the USA, you will be fined by the USA for doing so? Or does it cover both as international violations?
How is the average SPAMming scumbag supposed to know where his 1.6 million email addresses are going? Do you look at every AOL email addy and assume it's linked to a user in the states? Okay, now what about Hotmail? Does this mean a new database of SPAMworthy email addys will be created so that SPAMmmers will have to use it against their lists, to prevent fines? Might be a good way to lower the bounce-count, at the bare min... not to mention, a way to perhaps add a SPAM-surcharge, so that SPAMmers will have to pay to SPAM.
The meaning of this could get mixed into a quagmire. I wouldn't care, because they are spammers (so who cares anyway), but I wouldn't want to see some of the more savvy ones wiggle off the hook because of some point of law that was overlooked. I mean, at least the law is here, but let's really have at it and make it solid.
IANAL, but American law only applies to America, right? How are they going to stop the spam coming into the states? Many of the offenders exist outside the States. Is if the next US lead war is going to be against countries who SPAM, and rip off Americans with Nigerian scams? That'd be funny as hell!
But as for unlimited damages for fraud and abuse, I think it's a good idea that the US Gov't has the power to bankrupt SPAM companies that lie, cheat and steal. How can I convince my own govrenment (Canada) to do something like this?
How? (Score:3, Insightful)
Exactly... (Score:5, Insightful)
how long before... (Score:5, Insightful)
Translated version (Score:3, Insightful)
Too bad.
Re:How? (Score:5, Insightful)
Not going to sign up for Don't-email-list (Score:3, Insightful)
Re:Translated version (Score:5, Insightful)
They do if the the intended recipient of the mail is not, indeed, using said protected material unlawfully. Hmmmmmm. This could be VERY interesting the next time they make a mistake on the identity of the alleged pirate.
So a false notice by the RIAA *D *is* SPAM? (Score:5, Insightful)
This is a BAD bill (Score:5, Insightful)
Don't preempt the SPAM state laws!!!
What about the people... (Score:2, Insightful)
Re:SPAM fines (Score:2, Insightful)
Sounds like they're making a distinction between intentional and non-intentional... as in hijacked pc's??? I don't want to wake up one day and have a $2 mill lawsuit on my front door having no clue someone hijacked my pc and sent spam. I'm pretty up on my protection and common sense, but this is kinda scary. ????
Re:How? (Score:3, Insightful)
Hey, I kinda like that word. Tech-norant, as in "tech ignorant."
Nonsense (Score:3, Insightful)
I fail to see the problem, or even while this special exemption was necessary. Also note this would protect rights holders whose works are published under the GPL as well as the **AA.
So hate on haters.
Re:The RIAA/MPAA has their mitts in this one too! (Score:3, Insightful)
Re:The RIAA/MPAA has their mitts in this one too! (Score:3, Insightful)
Re:how long before... (Score:5, Insightful)
Pretty long, seeing as state courts can't rule on a Federal issue. Spam, being 'insterstate commerce' (in a manner of speaking) is most certainly all Federal. I also doubt there are many Federal courts that would consider the question of the bill's constitutionality. You have the right to speak, not to be heard; most certainly not at someone else's expense. If you had the right to be heard by your audience, you could sue deaf people for violating your right to free speech. How absurd is that? Free speech protects you when you're standing on a corner preaching your religious views or publishing a political opposition newspaper. It does not force everyone to stop and listen to you speak, nor force anyone to buy a copy of your newspaper.
If spammers want to continue to spam legally, they ought to stand on a street corner and hand out fliers to anyone who wants one. Thus, the optimal example of an 'opt-in' system. The way it works now, they're jamming the fliers into your pocket, whether you want them or not, to the point that your pockets explode when you get home. Every time you try to cover your pockets, they find another way to jam another flier into your pants. Activity like that would get you shot in New York, and perhaps worse in L.A.
Here's what I'm going to do: (Score:5, Insightful)
I'm going to create a new email account, and register it on the "do not spam" registry. It will have a random account name on my own domain.
I will not use this account for anything else.
As a control, I will create another random account under the same domain, and not use it anywhere, even on the "do not spam" registry.
I will measure how long it takes before the first address receives spam, how long before the second receives spam, and the amount of spam each receives.
Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).
A little overbroad (Score:2, Insightful)
Re:Not going to sign up for Don't-email-list (Score:3, Insightful)
The previous version of the bill didn't specify whether entire domains would be included, but apparently left it to the FCC to decide. Of course, the DMA and their pet congressmen want the bill as weak as possible, so the latest draft of the bill might have been changed to prohibit inclusion of entire domains.
Re:Finally! (Score:5, Insightful)
(1.) U.S. Laws only reach as far as U.S. borders. Where does 95% of spam come from?
(2.) What is to stop spammers(who have previously shown themselves to be willing to break the law and root people's servers to use as relays) from using this Do-not-spam list as a database to spam? I mean, think about it, a nice, large index of completely valid email addresses? This is spammer gold people!
Re:Nonsense (Score:5, Insightful)
Wow.
You're missing the point. The question isn't so much whether their email should be considered spam, as it is the fact that such a provision is front-loaded into legislation that on its face has absolutely nothing to do with copyright issues.
This is particularly relevant given the past instances of industry involvement in the legislative process, and most especially the DMCA itself, which it has been alleged saw language included at the last moment on behest of the RIAA that was never approved by any member of the House or Senate.
In other words, it is just another example of corruption of our government by the "entertainment" industry.
Maybe if these people spent less time choking our freedoms with self-serving laws and spent more time on creating art we wouldn't have to deal with fare such as Matrix: Sucks and Matrix: Really Sucks.
No, believable and necessary (Score:3, Insightful)
You mean that a message from a wounded party asking the (possibly inadvertant) offender to stop the tort is unbelievable?
Bah.
The darn law doesn't mean that an e-mail is now legal service; it means that the RIAA won't have a "we'd get sued" excuse to not try and tell people "please stop that, we see what you're doing" before starting a lawsuit.
Re:Finally! - BAD, BAD, BAD (Score:5, Insightful)
Judging by the text of the bill, not long enough.
Properly implemented, a law would be a good thing, but this misses on several counts..
First - it defines spam incorrectly.
Spam is unsolicited bulk email. This uses the term 'unsolicited commercial electronic mail message' - whether an email is commercial or not is irrelevant as to whether it is spam. Although the majority of spam is commercial in nature, not all of it is, just as not all unsolicited commercial email is spam (as evidenced by their need to include an exemption for copyright infringement notices.)
Second, the fact that it's opt-out, means that it legalizes spam - it's a pro-spam bill, not an anti-spam bill.
I haven't finished reading it, but if it overrides state legislation, then it's the worst possible outcome.
Re:How to fund enforcement (Score:2, Insightful)
Re:Finally! (Score:1, Insightful)
(2) You're right. Hopefully they're smart enough to hash it first, or something. Once a claim is made, hash th email address and if the hash, matches, then the email adresses were the same. But the spammer can't go backwards on it, so it doesn't do him any good.
We need a Do-SPAM registry (Score:2, Insightful)
Re:It's better than nothing (Score:3, Insightful)
Re:Translated version-Loophole (Score:1, Insightful)
In lawyer-speak, what they really want in this legislation would involve terms like the email being sent on the "good faith" assumption that a violation was occurred. "Good faith" for lawyers is a claim that they're trying to do the right thing, whether or not they are succeeding.
Let's hope the RIAA lobbyists don't follow SlashDot and this passes as is.
great... wait... (Score:5, Insightful)
And even if they MD5 each address or something not-totally-braindead, it turns into a us spammer hash-checking, finding it on the do-not-spam list, and selling it to a foreign counterpart as a quality address.
Horribly flawed idea. (Score:3, Insightful)
This list will need to be distributed for spammers to check it for compliance. When it gets distributed it will be explicitly added to all spam lists by illegal spammers and list aggregators. All current and future illegal and foreign spammers (i.e. most of them) will then bombard everyone on the list with more spam.
As usual they will get away scott free thanks to hijacked servers and IP blocks foreign immunity & the usual shady practices.
This is unworkable.
Re:Finally.. (Score:3, Insightful)
This law makes it legal to send spam in all 50 states.
The law has many things wrong with it:
Re:Horribly flawed idea. (Score:3, Insightful)
> This is unworkable
Please see my previous posting [slashdot.org] on why this is actually very workable.
There's no reason you can't give a spammer an encrypted list of addresses. All they have to do take one of their addresses, encrypt it, and compare the encrypted address with each address on the Do-Not-Spam list. If they match, then the address must be removed.
No decryption of the Do-Not-Spam list required.
Only SPAM fix is technology (Score:2, Insightful)
Fixes: .1 cent per would be enough) to send email, SPAM would not be profitable.
1. Convince entire internet population never to respond to SPAM - impossible.
2. Add some CPU cycles to send each email. If mail servers were required to perform some reasonable expensive operations (calculate some expensive hash) that made it cost some money (even
3. Require white listing before email accepted (send some message requesting to be put on accept list first, recipient must approve).
2 or 3 could solve the problem, but neither will happen until the system becomes completely unusable. Nobody likes to adopt new technologies, and no two vendors are going to agree on the proper solution until forced.
Re:Exactly... (Score:3, Insightful)
If I may provide an example:
J. Random Person is fed up with spam from the infamous Mr. Rawlsky [slashdot.org]. In order to combat this, J. signs up with the "Do Not Spam" list.
Several months go by to allow Mr. Ralsky time to get the list and remove addresses from it. However, Mr. Ralsky doesn't remove J.'s email address and J. (after some careful tracking with his anti-spam breathren) forwards his email to the FTC. Mr. Ralsky is screwed.
Granted, this only works if you can trace the identity of a spammer, but at least now there can be some recourse if that identity is successfully traced. Yes spammers will get better at hiding their tracks, but at least some will be stopped.
This is not an anti-spam bill (Score:5, Insightful)
It seems like the meat of this bill is in this clause:
So, basically, spam all you want as long as the recipient isn't on the do-not-spam list, and as long as the spam is labeled. Point-by-point for today's news release:The bill is opt-out. Enough said.
Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.
The pornifity of the email is irrelevant. Spam is spam. Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.
But non-fraudulent spam is ok? I thought fraud, whatever the medium, was already illegal.
I just don't see the point of a law where enforcement is not permitted.
Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?
IAAL (Score:5, Insightful)
And since Web sites are often maintained by various people, the DMCA safe harbor generally applies, which is why most commercial Web sites have DMCA contact info for an agent to receive notices of claimed infringement.
Obviously, if the infringer infringes on purpose, there is no safe harbor.
Re:Finally! (Score:3, Insightful)
The USA. Well, maybe not exactly 95%, but certainly the vast majority is sent by people in the USA, plugging "products" targeted at US citizens. Spamhaus is currently not responding, otherwise I'd provide a link to the page with their research about the big spammers. They're almost all in the USA.
The fact that messages originate from open relays in Asia does not change the fact that the people responsible for sending those messages are in the US.
What is to stop spammers ... from using this Do-not-spam list as a database
Enforcement of the law. If the law isn't enforced, it won't discourage any of them. But if it is (and we can only hope), and some spammers get a criminal conviction with jail time, it will likely cause other spammers to stop, or move overseas.
We can only hope a number of prosecuters out there have been refraining because there weren't any specific laws and the prospects for putting spammers behind bars were slim. If that changes, we can optimistically hope a number of attorney generals in various states (cough, Florida, cough) will "make an example" out of their state's notorious spammers... and of course make a big public scene about what heros they are for it.
Re:Nonsense (Score:2, Insightful)
-matt
Re:Finally! (Score:3, Insightful)
Re:Nonsense (Score:2, Insightful)
I agree that this line probably is a totally unnecessary addition, but I don't see any evidence that it was put there by the RIAA or MPAA or any other such AA, it doesn't say "The RIAA and MPAA will be able to write you, this does not go for any other copyright holders" so it protects ALL copyright holders equally (even though this isn't even ABOUT copyright, it's about spam, so it's stupid that it's even mentioned IMO)
-matt
Re:Nonsense (Score:3, Insightful)
Opt-out is very bad for non-individual mail (Score:3, Insightful)
Inline with spamhaus' definition (Score:3, Insightful)
A couple of notes:
- Content of a message is not relevent.
- Significantly, spam is spam if the recipient is irrelevent. RIAA/MPAA's messages would be sent to specific people.
RIAA/MPAA might be evil bastards, but their not evil bastards because of this....
Re:This does what.... (Score:3, Insightful)
The crime is "sending FRAUDULENT spam". It's an opt-out law. It lets 'charities' and 'political organisations' spam you. And there's a nice little clause in there which means that it's only fraudulent if you forge five or more addresses. NOT GOOD.
Be prepared for spam to dwarf Swen as the biggest bandwidth hit on the Net next year. And legally, you can't do a goddamn thing; it's whack-a-mole all over again.
Re:The RIAA/MPAA has their mitts in this one too! (Score:3, Insightful)
The big issue today isn't even the actions of these corporations, it's the power and influence they hold. That microsoft illegally abuses it's monopoly is one thing, that microsoft had the power to weasel out of the issue is far far worse. That the RIAA is suing 12 and 15yr olds is one thing, that they have the power to insert whatever they want into any law they want is again FAR FAR worse.
Re:Nonsense (Score:2, Insightful)
"its not considered unsolicited advertising if you have prior business with the entity"
Only because direct-marketing scum have brainwashed us into believing that certain types of business have special rights to intrude on our time and waste it to their commercial ends.
Do you really believe that absolutely anyone you have ever done business with, of any kind, suddenly has the right to contact you, at any time, to attempt to renew or continue that business? Your bank? You insurance agency? Your plumber? Joe's Cabs? Pizza Heaven? Wal-mart?
It's total nonsense. Business transactions are one-offs. If I want to do business with you again I will contact you. If you attempt to waste my time, not only will you likely cop an earful of abuse but there is no way I will do business with you ever again.
While direct marketing exists -- be it by phone, snail mail, or people ringing your doorbell -- spammers will rightly point to it as providing moral justification for their activities. I see no qualitative difference between someone advertising Viagra in my Inbox and someone phoning me up to see if I want to sell my house. It's all an unnecessary intrusion on my time. A plague on the lot of them, and on fools who value their personal time so little as to tolerate them.
Re:This does what.... (Score:3, Insightful)
The US-originating spammers already use open proxies, r00ted cablemodem boxes and other funness to market their sites, generally hosted on dodgy ISPs in the Far East (China especially) using fake WHOIS registrations and idiotic registrars (VeriSign et al). You really think this law is going to stop these people? There's no trail of proof with these guys. Only the idiots will go to jail, and that's if the government can be bothered prosecuting; a good comparison is fax.com, which is illegal (and knows it) but still keeps on running, flipping the bird at the FTC.
(In the UK, we're getting a fudge of a spam law; spam to consumers is banned, but spam to businesses is just fine. Even that's better than this thing.)
And besides, just banning 'fraudulent' spam will mean that people will just spam 'legitimately'. "This is a commercial advertisment as specified by the CAN SPAM act (S.823). Therefore, it is not spam since we provide the following add-your-name-to-our-billions-CDs^Wremove link." We already had that with S.1618 and that didn't even become law.
This bill is a disaster waiting to happen, just designed to let the DMA open the floodgates; so therefore, be prepared for a wave of 'legitimate' spam from every business you can think of (given their 'get out of jail free' card.) Won't be fraudulent, won't be forged. Will be spam, but the government won't care.
I didn't read the bill enough to see whether it prevented us from blocking them, but let's hope it doesn't; even then, it'll be a whack-a-mole worse than Sanford Wallace at his peak.