Security

Decision Support: FTC and others go on the offensive against spam

Become aware of anti-spam legislation.


IT professionals know all too well that unsolicited commercial e-mail (a.k.a. spam) is a major resource drain on the e-mail systems managed by IT departments and a colossal waste of time for employees. Even worse than the standard spam from legitimate companies is the misleading and often fraudulent messages from the shadier companies.

In the past, the U.S. government has been unable to act effectively and decisively against spam. All antispam bills have either been killed outright or, after pressure from direct marketing lobbyists, gutted of any enforcement power. However, this may be changing as the Federal Trade Commission (FTC) has recently announced that it's finally taking some serious action against spammers on the basis of blatant transgressions. Some private industries have also attempted to regulate spam, which has had mixed results up until this point.

Government actions
At the 2nd Annual Privacy & Data Security Summit in Washington, DC, on Jan. 31, 2002, FTC Consumer Protection Director J. Howard Beales announced that the commission was about to take action against multilevel marketers (pyramid-scheme companies) and blatantly fraudulent spammers. This action would involve injunctions and fines.

Initially, the FTC plans to act only against the most obvious cases of fraud and not against spam in general. Enforcement agencies always like to tackle the most winnable cases first.

According to a CNET report, Jason Catlett, president of Junkbusters, said of the FTC move, "It's welcome news. The FTC started looking at this problem in 1997.” He also pointed out that the commission hasn’t done anything yet.

Director Beales confirmed this, saying, “It's the first time the commission has launched a systematic attack on deceptive spam." He said the FTC actions are also intended to prevent businesses from hiding their identities behind false e-mail addresses.

Of course, nothing is secret in Washington, so it’s unsurprising to this longtime government observer that several direct marketing groups are already touting new initiatives in an obvious effort to block FTC and congressional action.

Private efforts
Microsoft and DoubleClick have announced a program operated by TRUSTe that would allow spammers to register and receive a certification that they are legitimate. According to a report in The San Francisco Chronicle, members would have to pay between $4,000 and $14,000 to join and would have to respect a “no spam” list, as well as truthfully represent the contents of the advertising e-mails in the subject line.

The Direct Marketing Association (DMA) is proposing Guidelines for Online Commercial Solicitations for e-mail advertising and wants an opt-out database for people who don’t want spam. The DMA has a similar “do not call” database for telemarketers, but tests have shown that it is widely ignored. In fact, placing your number in the database may even result in more telemarketing phone calls, just as trying to unsubscribe from e-mail marketing lists merely confirms your address and makes it more valuable.

Legislation
The Unsolicited Commercial Electronic Mail Act of 2001, sponsored by Rep. Heather Wilson, R-NM, failed but has been reintroduced. Unfortunately, it now lacks key features, such as a way for entire groups of individuals, like ISP subscribers, to opt out en mass, or for the right for people to sue spammers.

Not surprisingly, Jerry Cerasale, the DMA's senior vice president of government affairs, said this about the initial Wilson bill: "We think that an opt-out should be an individual choice, not an organization's choice." So if the bill passed, you couldn’t even join a special antispam ISP or e-mail service and have all spam blocked to ensure that you would get only business e-mail.

The Coalition Against Unsolicited Commercial Email (CAUCE) made some noise last year but has apparently abandoned its efforts. The latest message on its News page was dated about nine months ago, and the most recent legislative update is even older.

Final word
At the security conference, Director Beales said that every day, individuals and organizations forward the FTC upward of 10,000 spam messages. This appears to be one of the main reasons that the FTC has finally decided to take some action to protect consumers and legitimate businesses alike.

By now, it should be obvious that Congress, being heavily lobbied by the direct marketing groups, probably won't enact any effective legislation that specifically targets spam in the near future. The DMA and other businesses that make money off spam will never limit their activities more than they are forced to. Volunteer groups just don’t have any clout, and individuals or single businesses can’t do anything about this problem directly.

It’s clear that many regulators would like to go further, at the very least banning false subject-line content and false return addresses, along with having an enforceable way to block unwanted spam. Since the industry groups claim to approve of these things as long as they are voluntary, why not make them mandatory and put some teeth into the FTC actions?

If we want to reduce the gigantic cost in time and bandwidth that spammers now pass along to businesses and individuals, we must let the U.S. Congress and the FTC know that we support action and do not support weakened legislation or self-regulation by the industry, which has had years to act in response to vociferous complaints. I feel the best way to start is to forward any and all spam to uce@ftc.gov. If 10,000 spams per day has gotten them to take some initial action, just think what 1 million per day would do.

Have a comment or a question?
We look forward to getting your input and hearing about your experiences regarding this topic. Post a comment or a question about this article.

 

Editor's Picks

Free Newsletters, In your Inbox