On Unsolicited Commercial Electronic Mail Regulation

Share

I would like to thank the committee for the invitation todiscuss H.R. 718, the "Unsolicited Commercial Electronic Mail Actof 2001," introduced by Rep. Wilson, and H.R. 1017, theAnti-Spamming Act of 2001, introduced by Rep. Goodlatte. My name isClyde Wayne Crews Jr., and I am Director of Technology Studies atthe Cato Institute.

Overview

In the heated debate over the outpouring of unsolicited bulkemail, otherwise known as "spam," it's important to remember thatnot every unsolicited message is evil incarnate. Despite thehysteria, the optimal amount of unsolicited commercial email is notzero. Sometimes, commercial email is friendly or otherwisewelcome-yet unsolicited.

Unsolicited commercial mail can be annoying, but it probablytops out as a vice rather than a crime except in rather specificinstances, such as when the sender is peddling fraudulent or phonygoods, or is impersonating someone else in the message's headerinformation. Or perhaps a sender might be breaking a bulk-mailingcontract he has made with an Internet Service Provider (ISP).

Laws supposedly designed to halt spam can do more harm thangood, especially on an Internet that has yet to even hit on asuccessful marketing model. That is not to say that spam is theroad to success: rather, legislation can have unintendedconsequences that otherwise harm commerce regardless of any impacton spam. Notably, a recent report expects eighty percent of SanFrancisco's remaining dot-coms will fail over the coming months.Banner ad click-thoughs are down, as is the money spent on suchmarketing. Unsolicited email may be an annoyance to many of us, butit's also a part of a larger picture in which companies andentrepreneurs are groping for ways to keep the Internet's servicesand options growing while making a profit.

It's not apparent that businesses that are selling legal andlegitimate products have any less right to use email than anyoneelse. The Internet as it exists today is a public, open system andnone can legitimately claim a right to exclude others and have themedium regulated on their behalf. However the government mustprotect citizens against force and fraud.

As this testimony argues, with solutions available and improvingon the sender, ISP and user side and even hints that the spamproblem is stabilizing, legislation is not wise, especially whenit's considered that Internet communication itself is still amoving target; email is just one manifestation. Government shouldnot use the novelty of the technology to justify intervention,especially when there's plenty of novelty to come. Conditions arechanging every day. We don't have all the answers to the spamproblem, and interference now can impede superior solutions to thedilemma that are emerging.

Besides, if the idea is to target the most annoying kinds ofspam (LOSE WEIGHT FAST!; MAKE MONEY AT HOME!; XXX! ), spam lawssimply will not be enforceable. The bad guys will just go offshore,out of the reach of legislation, and the effect of a spam law willsimply be to create mischief and regulatory hoops for mainstreamcompanies who typically are not the greatest offenders. Legitmatecompanies will end up being targeted, with small business likelytaking a lot of the brunt of the rules. As will be described,reputable companies are embracing opt-out-and often opt-in-policiesof their own accord, and the phenomenon of "permission-based"email--which looks a lot like spam but is actually friendly fire,so to speak (with enviable click-through rates!) is on therise.

Not all unsolicited commercial email is created equal. Nor areISPs, who would be given legislative immunity for "good faith"efforts blocking and policing what they believe to be spam, even inthe absence of customer consent, and in spite of what mightotherwise have been negotiated privately. That will createconfusion and a legislative nightmare. As noted, the market isalready embracing permission-based emailing. It'll resemble spam tomany ISPs for sure. Government should enforce private contractsregarding the delivery of such bulk mail, not dictate what theterms should be or allow one party to set the termsunilaterally.

Spam is just marketing. And there are different levels of spam"guilt." Spam is much less invasive than door-to-door selling, butwe don't outlaw that. It's best to allow people to decide forthemselves whether or not to entertain sales pitches. To the extentunsolicited communication is responsible for growth of the Internetand future communications options, hindering unsolicited mail couldhamper access for many; a government created digital divide.

How Big is the Spam Problem?

It certainly easy to see why spam is widely used by theunscrupulous. It's as easy to send a million emails as it is tosend one. Some organizations like CAUSE find that spam accounts forabout 10% of all email. Others have estimated it to be up toone-third of traffic. A recent and frequently cited study by the ECseems to indicate the problem isn't as big as it used to be, that"It is safe to say the spam phenomenon is now in decline," and thatspam had its "heyday between 1995 and 1998."1

Spam clearly remains problem but it's one ripe for politicalmischief, as legislation proposed can be more problematic than spamitself. The debate thrives on loaded language, like the word "spam"itself, or in the description of marketers collecting emails as"harvesting." Some seem to detest Internet commerce as a worldview.But commerce and a commercialized Internet are critical toexpanding online services, and access itself.

Private Means of Coping With Spam

It is worth reviewing some of the means of coping with spam inplay today and on the horizon, because they help illustrate whylegislation is unneeded and also highlight some of the problemsthat legislation can create by changing the rules midstream in anadapting marketplace.

Individuals' Tools to Attack Spam:

The basic instructions to Internet users still apply: Read thefine print before filling out forms; don't post your email addresson Usenet posting or in chat rooms (even "munging" the address withan insert like NOSPAM won't protect an email for long2); try to avoid posting your email on yourwebsite. If need be, set up set up separate "junk" email account touse in online interactions. Finally, don't respond to spam, even toask to be removed since this is often just a trick to assure thatan email address is live. Instead, report and send the spam, eitheryour ISP (which reports it to the spammer's ISP and which mighthelp since most ISPs have "no spam" stipulations as part of theirterms of service) or to a service like SpamCop.

There are other preemptive strikes that can be taken againstunwanted mail. For example the Direct Marketing Association runs alist (at http://www.e-mps.org/en/) that Websurfers can visit and sign into to have their names removed fromemailing lists. DMA member companies must abide: "All DMA memberswho wish to send unsolicited commercial e-mail must purge theire-mail lists of the individuals who have registered their e-mailaddress with e-[Mail Preference Service]." The service is evencapable of blocking business-to-business email, not just consumeremail.

Of course, legitimate businesses that are part of the DMA aren'tthe chief culprits. Most spam comes from companies that are by nomeans DMA members.

Beyond such pre-emptive moves, email filtering is a commontactic. Email filters can do a number of things: They can block bysending to a separate folder, or even delete emails altogether.They can block based on the sender's email (called "blacklisting"),or they can block based on words in the subject line or body.Online email services will often send email to a "bulk folder" ifthe email is not specifically addressed to you, but insteadcontains numerous addressees. The Hotmail email system, forexample, makes spam easy to deal with, even though the system isquite susceptible to spam. Bulk mail goes into a special folder andis held there for two weeks and then automatically deleted. Duringthat time, the user can open the folder and scan for legitimatemail that shouldn't have been sent there. Rather than reading anyof the spam, a user need only note legitimate messages and clickthe "This is not bulk mail" button. Those messages will never besent to the bulk bin again.

Increasingly, consumers can configure email to accept only someaddresses (whitelisting). If consumers so choose, the default canincreasingly evolve from today's "everything comes in unless yousay 'no'" to "nothing comes in unless you say "yes.'" Spamcop, forexample, offers white lists or safe list filters, and these can beintegrated with existing email accounts.3

Email tools for kids, such as that provided byemail-connection.com, can be set up so that a child can send onlyto parent-approved recipients. Of course, problems of children'sunattended use of the Internet go well beyond email. But even herethere are solutions, and some have opted to join private networksaltogether, such as eKids Internet and JuniorNet, where onlymembers of the network itself, not the public Internet,participate-yet many of the features of the public Internet areduplicated through partnerships.

Aside from standard filtering, there are two main methods toblock spam that could emerge, and already have to certain extent:passwords and postage. These tools are truly novel, removing eventhe argument for opt-out requirements. While filtering will zapsome innocent emails, password and postage systems hold the promiseof getting around that problem. One programmer offers a system forUnix users by which the sender gets an autorespond messagecontaining a password when he sends an email, if he is not listedin the recipients "privileges database." He must then respond withthe password in the message. The initial autorespond states, "Spamfoiling in effect. My email filter autoresponder will return arequired email password to users not yet in the privilegesdatabase."4 That blocks spam, which isautomatized.

One company called MailCircuit offers spam-free email serviceson what it calls its "Handshake System" to assure that "If youdon't want it, you do not have to receive it…Our MailVerification Program stops unwanted mail period."5 By this unique method, when an email comes toa recipient, the sender is sent a message by the system asking fora unique response. If they reply, they are added to the friendslist and future messages go through. Again, since spam isautomatized, this process usually stops it.

As seen in the next section, techniques for ISPs to share"postage" with legitimate emailers is on the rise. There could alsobe mechanisms by which individuals are paid postage for receivingunsolicited mail (remindful of the often seen notice from sellerson eBay: "I accept PayPal."), and could waive the fee in certaincases, particularly if the system were to expand beyond commercialemail to encompass all "unknown" emailings.6 What an innovation it would be forindividuals rather than the USPS to collect postage! As they arenow starting to do with commercial mailers, ISPs may be able tohelp facilitate postage for individuals.

ISP Tools to Attack Spam:

Paralleling those used by consumers, various ISP filteringoptions are in play (XXX; For Immediate Release!; Earn MoneyFast!). ISPs are also able to block bulk mails that come from dialup accounts, which many spammers employ in order to hide theirheader information.7

ISPs also block known spammer directories such as the MAPS"Realtime Blackhole List." Blacklisting can lead to problems, butit is a perfectly legitimate exercise of property rights. Disputesarise because some bulk mailers regard this as vigilante behavior.Legislation would likely have some impacts on this option; but it'sby no means clear that legislation is a good substitute for it.

Increasingly there appear to be ways emerging for ISPs to shiftsome of the costs and inconvenience of spam back to the spammer.One option is for ISPs to develop ways to start charging forcommercial emails. Already, a company called ChooseYourMail"charges advertisers a delivery fee which is shared with the ISP.This enables the ISP to defray rising mailserver costs and helpkeep monthly access fees low for their subscribers."8 This fits in the vein of request marketingthat is changing the commercial mailing industry. Such pay systemshelp shift the burden back where it needs to be and represent thefirst steps toward "postage" for commercial email.

ISPs and technology providers may need to "collude" to implementthese systems on a wide scale, and they must be allowed toexperiment.

Notably, privately owned networks like eKids don't experiencesignificant shift-the-burden problems with spam. Commercial emailpolicies would be spelled out to ISPs who join (or establish) suchnetworks. And the question of who bore the costs, rather than beinganswered by legislation from Washington, D.C., would be resolved bycontract. Some networks may disallow "spam" altogether. Of thosethat permit it, some may require spammers to pay fees to accountfor the strain they place on networks. Or, network owners couldrequire that member ISPs maintain certain capacity.

"Peer Pressure" On The Bulk Mail Industry IsAddressing Spam

Permission-based email will grow, and it represents a mountingsource of peer pressure on the commercial mailing industry to makemail less intrusive over time. The market needs to adjust to thesenew realities. Indeed, there is a cottage industry devoted tospelling out the difference between permission email andspamming.9 Permission mailing ispraised widely:

Permission email has been identified as the nextgeneration of Internet marketing. Enjoying significantclick-through rates over banner ads and other forms of onlinemarketing, it has experienced phenomenal industry growth and hasled Jupiter Communications to predict that commercial emailmarketing will become a $7.3 billion business by 2005. ForresterResearch reports email use accounts for over 35% of all time spenton the Internet and estimates that 50% of consumers will becommunicating via email by 2001. Clearly, permission email hasemerged as one of the most powerful Internet marketing mediumsever.10

Third party stamps of approval are on the rise as bulk mailersseek to legitimize themselves. As Removeyou.com head Thomas Brockto told the Wall Street Journal, "We are not here to killthe spam industry. We are here to save it. We are simply forcingthe bulk-mail industry to do the right thing."11 His group maintains a list of people whodon't want to be spammed. When individuals forward a spam toRemoveyou, they contact the spammer and invite them to joinRemoveyou.

Problems with Government Regulation of Spam

Given all such developments, it's apparent that the market ismoving toward solutions for a spam problem that may in fact havestabilized. The prospects are good, and legislation intended totarget specific areas can have unintended effects that bleed overand hinder superior private solutions as well as online commerceand consumer access to growing online services. It's not enoughjust to have an aversion to spam, and then feel that's all we needto know. The legislative cure can be worse than the disease. And itcan bring a lot of expensive enforcement and litigation costs inthe areas covered below, in the bargain. It's not even clear thatall the voices are being heard in the debate. Most small businessesare not on the Internet, and it's not clear that they would have aneasy time meeting legislative hurdles.

Ironically, in fact, it is the government's mandate that cellphones incorporate 911 location capability that swung the door opento spam in that particular arena, which promises to be a realhot-button spam issue in the near future. The mandate is costly,and the best way for manufacturers to pay for it is to allowmarketers access to customers. Nonetheless, the industry's tradeassociation, sensitive to outrage and its impact on profits, isadopting an "opt-in" approach of its own accord that would assureno customer gets pitched unless he permits it. It's noteworthy thateven when government "subsidizes" unsolicited mail, peer pressurekicks in to control it.

Most legitimate vendors are increasingly offering opt-out. Lawswill be unenforceable as far as the most offensive material goes,as these relocate overseas. Much spam already originates fromPacific rim nations, for example.12

What Will Count As Spam?

Spamming used to refer to individual behaviors, in which userswould post the same message to numerous newsgroups.13 Will the definition of what counts ascommercial spam change? It is conceivable that, in the wideuniverse that is the Internet, spam could come to mean not just"unsolicited commercial" email but other things unsolicited.

It is not clear what ultimately will count as "unsolicitedcommercial" email. What if a reputable company sends mail unasked,but provides return address and removes your name when you ask?That presumably will remain legal in the the legislation at hand.But that could easily change on the floor. And certain activistswho hope to profit from "consulting" on email issues are pushingaggressively for opt-in laws that would outlaw initial contactsaltogether-a clear constitutional problem, as well as a deathsentence for electronic commerce (particularly for small firms).Mandatory opt-in for mail has serious free speech implications.Nonetheless some consumer groups in this round of hearings arereiterating the call for a "federally mandated 'opt-in' policy oncommercial email."14 That pressurewill not go away, and legislation now is the camel's nose under thetent.

As it stands, the legislation defines a "commercial electronicmail message" as one that "primarily advertises or promotes thecommercial availability of a product or service for profit orinvites the recipient to view content on an Internet web site thatis operated for commercial purpose." This is quite a loosedefinition. What counts as "primarily"? And most newsletters, whichoften are not primarily commercial, include links back to websitesthat are often run for profit. What about electronic newslettersfrom actual media services, such as the Industry Standard, whoseemails contain advertisements and links between stories? It isunfair to treat ads differently just because they happen to be partof a news service, and someone will inevitably point that fact out.The media business is for-profit, after all.

What about organizations that are primarily informational innature, perhaps even labors of love, say a gardening website, thatallows sponsors to insert brief advertisements in emailnewsletters. Spam legislation could have a detrimental effect onsuch electronic newsletters. Given the penalties proposed in thelegislation at hand, there are clearly incentives to go on "spamhunts," looking for evil embedded within every email.

In such an environment regulation could lead to even more spam,somewhat disguised. Spam legislation could lead to our receiving"public service announcements," that happen to include an offer fora product somewhere down the line. Other questions regarding spaminclude; what is to be the status of political emailings? Some mayget more junk mail from their congressman than they do fromspammers. Rep. Goodlatte mentioned "chain letters" in histestimony.15 Would those be subject tolegislation? What about forwarded jokes? Gartner has referred tosuch potentially nuisance mail as "occupational spam." So thebroadening of what gets classified as spam may not be that remote apossibility.

Super-Contractual Immunity for ISPs Will DistortEmerging Internet Markets

Legislation proposes to allow blocking as well fines by ISPs"that establish a policy." ISP spamming policies are fine, but theyshould be private contractual matters, not set from above infederal law. This amounts to an unwarranted federalization ofcontracts. Besides, there are now well over 5,000 ISPs inoperation, which could create a patchwork nightmare as theyimplement federal policy.

If ISPs are given too much power to decide what is spam and tounilaterally block it, with immunity, they will inevitably blocklegitimate transactions that consumers want. Many legitimatecommunications can easily be confused with spam. ISPs are given"good faith" immunity in the bill, but that gives them too muchability to simply reject forwarding messages when it suits theirpurposes (and the Internet already suffers from a separate class ofrelated traffic-sharing problems that must be worked through byvoluntary means). The legislation gives ISPs financial incentivesto block spam since doing so helps them relieve pressure on theirnetworks.

Legislation should not come between what are complexrelationships between companies, ISPs and users. Government can'tjust rubber-stamp random ISP blockages that they otherwise wouldneed to negotiate to secure, and then on top of that facilitate theblocked party's potentially being sued. And it's certainly notclear that consumers would even want ISPs to block, even on goodfaith, since it takes away the assurance that permission-basedemails would get delivered. Indeed, an amendment to the version ofH.R. 718 marked up in the House Energy and Commerce Committee givesa sweeping opt-out right to ISPs, allegedly similar to the onegiven consumers.16

As noting in recent testimony in the Senate with regard torelated legislation, small ISPs and customers could get cut offwithout their knowledge:

[W]e are concerned about reports that ISPs, in theireagerness to help their subscribers avoid receiving unwanted UCEs,may block emails that subscribers not only want, but havespecifically contracted to receive as part of an electronicbusiness relationship…[The bill] does nothing to preventthis from happening, and does nt even require ISPs to give noticeto consumers that they intend to block, or that they have blocked,the transmission of e-mail either in general or from particularsenders.17

Some marketers may favor this policy, but it also seems quitepossible that this legislation could disrupt permission-based emailalternatives just as they are emerging. Will the ISP know, care, orbother to keep track of the fact that a consumer signed up forinformation from Sears, Gap or Tower Records offline? Will an ISPblock mailings from Scott's Lawn updating consumers on when tothrow fertilizer and grass seed? Or another example; if by breakingthe shrinkwrap and lid on software, I accept the software'sagreement and it "phones home," that should be acceptable asconsent for emails I later receive. It is not legitimate for ISPsto intervene (with immunity) in any private emails unlessauthorized. Especially as friendly commercial email traffic rises,regulation could create more problems than solutions. It's vitalthat emails that consumers have contracted to receive arenever blocked. Often, these could contain critical or timesensitive information (such as financial data). Similarly otherkinds of innocent bulk email, like letters sent from tradeassociations to members, could be captured in error.

Opt-in or opt-out arrangements already made in the offline worldthat customers seek to transfer to the Internet are plainly put atrisk. If permission was granted offline (or even online), how wouldISP know? Under the proposed legislation, they can block it, andnot even let the intended recipient know they're doing it. The billin this way interferes with the emergence of permission basedmarketing since, according Jerry Ceresale of DMA, it "doesn'taccount for prior relationships." The legislation doesn't makeclear how ISPs will be aware of and honor prior relationships, andthere's no sense that it appreciates the fact that sucharrangements will increasingly be made routinely, and there appearto be no real incentives for an ISP to investigate or keeptrack.

Clearly the existence of a "pre-existing" relationship like thatspecified in H.R. 718 may not be as straightforward to obtain assupposed. And it could lead to a scramble by companies otherwiseindifferent to collect personal data hastily that they otherwisemay not have bothered to obtain. (H.R. 718, for example, would takeeffect 90 days after enactment.) There's nothing necessarily wrongwith accumulating such information, but it seems counter to thespirit allegedly motivating this legislative push.

A better solution all around may be for ISPs to look for ways tocharge for commercial emails that are not on a white list.Legislation could have the effect of shifting wealth artificiallyand permanently toward ISPs, when the market might otherwise moveus toward a system whereby consumers get paid instead for eachunsolicited commercial mail they accept. The consumer gets nothingif the ISP gets to reduce traffic unilaterally--and could even beharmed. This is not to say the consumer is entitled to suchpayment--merely that such an outcome is a logical resolution of thespam problem and a regulatory "solution" could foreclose what couldbe a tremendous opportunity.

And again, ISPs are not all created equal, and some are evenspam-friendly. Clearly not all favor the federal granting of powerto ISPs. Indeed, the good faith clause could allow an ISP to blockout a smaller competing ISPs who may be accused, legitimately orillegitimately, of being a source of spam.18

Identification Requirement CreatesProblems

There are also potential problems with establishing what willqualify as "clear and conspicuous" identification of spam. Spam isalready usually immediately obvious to the recipient, a kind ofbackground noise.

The intent here seems to be to aid spam filters, but that mightnot be the result. Filtering technologies could move in directionsthat would be impeded by mandatory identifier information. Theremay be possible conflicts with other species of identifiers thatmay emerge for solicited commercial mail. It could also interferewith "preview screen technology used by many consumers to rapidlyscreen messages and their content."19Besides, it would likely require legal counsel to certify for abusiness what counts as clear and conspicuous, leading small orreluctant businesses to avoid email altogether.

Identifiers could hurt small businesses as well by unfairlystigmatizing unsolicited mail generally; Identifiers would likelyfail to distinguish between XXX and, say, home gym equipment orflower seeds. Identifiers could also cause confusion where messagesare only partly commercial.

Potential Impacts on Emerging MessagingTechnologies

The desktop is only one means of accessing the Internet, and itis entirely conceivable that over time it will declinesignificantly in importance relative to mobile, remote, and otherdevices (handhelds, cell phones, the Carrier/GE thermostat,automobiles, etc.)

These are struggling industries, and marketing will be requiredfor these devices to proliferate, and legislation impedingcommercial email could stall them. Strategy.com, for example, oneof the most prominent outfits whose business plan included offeringtargeted services to consumers over remote devices, is facingsevere hard times in a skeptical venture capital environment.Artificial restrictions on commercial email are the last thingcompanies like this need.

Recall that, at bottom, what's being proposed with spamlegislation is the further regulation of communications; email justhappens to be the format of the day. It's unclear what the impactof legislation would ultimately be on services like InstantMessaging (since the compact nature of IM may not lend itself toopt-out and other messages), the eventual wireless Web,peer-to-peer interactions, and services like Fax4Free.com or eFax.Even the adoption of pop-up ads on the Web would be suspect underspam legislation. After all, no one explicitly asks for these. Spamlegislation limiting emailing could unintentionally promote thesein the short term-and then lead to yet another backlash.

Pathway for Ill-Considered PrivacyLegislation

One of the worries is that spam violates privacy. Spam is notprimarily a privacy issue in the sense of personally identifiableinformation about you being known. The real spammers who use datarobots to harvest emails off newsgroups and websites typicallydon't know anything about you. But if legislation imposes opt-inand/or opt-out policies, it paves the way toward a broader privacybill that could have several negative effects.

Tools to secure Internet privacy are improving all the time,with new browser technologies that police web sites according touser preferences just one of many options available to consumers.There is no one level of privacy preferences that consumers share,and no government rule capable of acknowledging that fact.

Levels of privacy protection are properly competitive features,therefore markets are necessary to provide the mix people desire.All government needs to do is enforce privacy contracts when theyare violated.

Privacy legislation, particularly the "opt-in" variety that spamlegislation seems to admire, also violates free speech: yet ifcorporate free speech is a target, will media speech also be in thecrosshairs? Privacy is a key value and people want it protected.Ultimately, the question is, who provides the best discipline:markets or politicians?

Unintended Impacts on the Right to Anonymity andFree Speech

Free speech for the sender

Spam is, at bottom, merely advertising. And business speech isstill just speech. There is a problem in saying that we shall enjoythe freedom to contact or visit companies anytime we like, but theycan't contact us. Even the opt-out requirement in the legislationcan be problematic: does it preclude all future contactfrom a company by email--or just contact about a particular subjector offering? It's certainly fine for consumers to effect completeblackouts from companies if they like. But implementing this withfederal legislation appears to be overly heavy handed, and betterleft to emerging contractual relationships.

Plus, the precedent set would be troublesome: Could advertisingrestrictions pop up elsewhere, such as on the new Web pop upads?

Free speech for the public

Goodlatte's H.R. 1017 would ban using false email returnaddresses in commercial email, as well as software capable ofhiding such information. The requirement that valid headerinformation be featured has significant implications for freespeech.

It can be very simple, thumbnail-sized code indeed that forgesthe "from" line of an email.20Individuals should retain the right to safeguard their anonymity bysuch means.21 It just happens to bethe case that the very techniques that facilitate spam can alsoprotect individuals' identity. It is a mistake to criminalize bulkmessaging software. Yet H.R. 1017 could make such simple butcritical software illegal.

Right now the Internet, especially as we sit on the cusp of arevolution in peer-to-peer networking, is one of the onlyunregulated, open-to-all forms of communication we have. Thebenefits of leaving it alone, despite problems with some of the"communicators" that populate cyberspace, vastly outweigh thepotential costs.

In a way, the spam debate helps illustrate that the underlyingcrucial Internet debate is really not the one about privacy thatgets all the media attention these days. Rather, the real questionis whether government will allow individuals to remain anonymouswhen they actually have the technological means to do so. Asstrange as it may sound, "spam" and the use of "spamware" are meansby which individuals can maintain a cloak of anonymity. Forexample, Spam Mimic is a Website that disguises a message by makingit look like spam so that "sniffers" might be more likely to ignoreit.

At the very time the concern is to enhance privacy on theInternet, it's unwise to criminalize uses of software that hideheaders, or source and routing information. Consumers may seekthese for privacy reasons. Spam legislation that impedes anonymityand individuals' attempts to protect their privacy would be takingaway with one hand what government proposes to give with the other.Here, the federal government would be artificially harming privacy,and setting the stage for unnecessary privacy regulations.

This is the kind of unintended consequence that can emerge whengovernments try to leapfrog the fact that we still have a lot oflearning to do.

Loophole Mess

Loopholes in legislation, which could easily emerge from thegive and take that will characterize a spam bill on the floor, canhave unintended consequences. What if a loophole explicitly permitscertain kinds of bulk mail that emerging market institutions wouldhave chosen to shut out?

Unreasonable Penalties

Rep. Chris Cox (R-California) has argued the fines stipulated inthe Wilson bill are in excess of the actual harm done by thetypical spam. And it seems that $500-per remedies (up to a $50,000maximum) would be off-putting to small businesses, and essentiallykeep many of them off the Internet as far as trying to conductemail marketing is concerned. Besides, if people are going to get$500 for every unwanted email, why go to work anymore(!). Surelyit's not this much of a burden to delete emails or otherwise takesteps not to receive most of them at all. The level of federallyspecified remedies appears to go too far and create a lot ofpotential for mischief. Email has always been a phenomenonoperating on the principle that not everyone has to grant explicitpermission in order to be contacted-which is arguably the essenceof the Internet revolution. If that premise is going to bereversed, with penalties besides, it represents a fundamentalchange with plenty of opportunity for mischief.

Ironically could end up with lawyers specializing in offering tohelp individuals lay claim to the $500 remedies they are "entitled"to. Would these solicitations qualify as spam?

What Should Government Do?

The Federal Trade Commission already has power to "prosecutefraudulent or misleading commercial emails."22 States likewise have powers to prosecutefraud. Otherwise, it's better to let existing and emerging markettools address the spam problem because of harmful impacts oflegislation on legitimate commercial emails, emerging Internetcommunications methods and free speech.

Government should not grant ISPs a top-down right to block, withimmunity. While private efforts to block spam do not constitutestate action, government-sanctioned blockage arguably crosses thatline and violates free speech.

Granted, ISPs may be going overboard in some instances whenblacklisting sites that spam or that offer software potentiallyusable for spamming. But at least blacklisters are subject tomarket pressures and discipline. In an ongoing case, New Zealand'slargest ISP (Xtra) is seeking to have itself removed from the OpenRelay Behavioural Modification System blacklist as an accusedsource of spam. The operator of the list, however, says, "What[Xtra] doesn't seem to understand is that the internet is acooperative of privately owned networks…No one has the rightto send e-mail anywhere. It is a privilege that is granted by theowners of those networks."23 Emailmarketers should be held accountable to the contracts they makewith ISPs.

The government can't stop spam. In the final analysis, themarket will have to do the heavy lifting. Regulation now is likelyto simply harm legitimate commerce. In trying to make lifedifficult for unsolicited mail, it is all to easy to make itdifficult for solicited mail, too.

Notes

1. Maureen Sirhal, "Experts Struggle to GaugeImpact of 'Spam'," National Journal's Technology Daily,May 7, 2001, p. 4.

2. See http://www.antionline.com/features/jargon/spamblock.html

3. See, for example, David P. Hamilton, "You'veGot Mail (You Don't Want)," Wall Street Journal, April 23,2001, p. R 21.

4. See http://www.uwasa.fi/~ts/info/spamfoil.html.

5. According to MailCircuit, "The way it worksis simple: When you receive an unfamiliar message our MailVerification Program checks to see if it is from a familiaraddress, if not it places the message on hold and sends a letter ofintroduction to the sender of the mail message asking them to replyin a unique way, if they reply as requested the senders message isallowed to pass through to your inbox and they are added to yourlist of Friends. If they do not reply to the message in a certainamount of user defined days then the message is deleted and thesenders address is placed in your hostile list, thus not allowingthat sender to send any email messages to your email accountagain." http://www.mailcircuit.com/handshake.htm.

6. See, for example, Declan McCullagh,"Consuming Spam Mail," Contributors' Forum, The Library ofEconomics and Liberty, February 12, 2001.

7. Hamilton, p. R 21.

8. http://www.mailcircuit.com/cym.htm.

9. See, for example, http://www.digitrends.net/marketing/13640_12335.html

10. http://www.yesmail.com/learn/

11. Hamilton, p. R 21.

12. Noted in McCullagh, February 12, 2001.

13. Noted in James W. Butler III and AndrewFlake, "The Effective Control of Unsolicited Commercial Email,"U.S. Internet Industry Association, Internet Policy White Paper, p.1.

14. Maureen Sirhal, "Anti-Spam Bills Debatedat Hearing, In Letters," National Journal's TechnologyDaily, April 26, 2001.

15. "Statement of Congressman Bob Goodlatte,Senate Communications Subcommittee-Spamming Hearing," April 26,2001.

16. Noted in Adam S. Marlin, "Anti-Spam BillApproved By Panel Over Industry Objections," CQ DailyMonitor, March 29, 2001, p. 6.

17. Jeremiah S. Buckley (General Counsel,Electronic Financial Services Council), Testimony Before theSenate Commerce Subcommittee on Communications, April 26,2001, p. 3.

18. See, for example, the February 17, 2001letter from the U.S. Internet Industry Association to Rep. HeatherWilson.

19. James W. Butler III and Andrew Flake, "TheEffective Control of Unsolicited Commercial Email," U.S. InternetIndustry Association, Internet Policy White Paper, p. 7.

20. See, for example, Declan McCullagh, "Use aSpam, Go to Prison," Wired News, March 24, 2001.

21. See for example Jonathan D. Wallace,Nameless in Cyberspace:Anonymity on the Internet Cato Institute BriefingPaper, (December 8, 1999)

22. Noted in Sirhal, April 26, 2001.

23. Michael Foreman, "Xtra May Use Court toGet Off Blacklist," The New Zealand Herald Online,Tuesday, May 1, 2001.
http://www.nzherald.co.nz/storyprint.cfm?storyID=184372.

Committee on the Judiciary
United States House of Representatives