CDT POLICY POST Volume 11, Number 4, February 16, 2005

A Briefing On Public Policy Issues Affecting Civil Liberties Online
from
The Center For Democracy and Technology

(1) Spam Deluge Continues - Will Technology Succeed Where Law Failed?

(2) CDT Spam Compendium Surveys Spam and Solutions

(1) Spam Deluge Continues - Will Technology Succeed Where Law Failed?

Passage of the federal CAN-SPAM Act in late 2003 marked an important development in the effort to stem the flow of unsolicited commercial email or "spam." The law, which went into effect on January 1, 2004, set minimum requirements for commercial email and established new criminal sanctions. It was intended to make it possible for law enforcement agencies and service providers to identify and seek civil and criminal remedies against purveyors of spam.

Yet spam continues to plague the Internet, undermining its potential for commercial, social and political activity. The CAN-SPAM Act has not succeeded in stemming the flow; its requirements are routinely ignored. Some legislators are already considering follow-on legislation. Internet Service Providers, which currently filter vast volumes of spam, are exploring more fundamental technological solutions, including authentication and trusted sender programs.Ê

Indicating the growing interest in authentication and other technical measures to control spam, the Federal Trade Commission sponsored a "Summit" on email authentication in November 2004. While these approaches could represent a positive and powerful step forward in the effort to reduce spam, they also raise important issues about how the Internet should work.

Tougher laws? Better technology? Will they work? What unintended side-effects might they have on the openness and low cost of the Internet? As a basis for considering these and other questions, CDT has compiled "Spam 2005: Technology, Law and Policy," a collection of 12 papers surveying the anti-spam efforts of policymakers, ISPs and technologists.

CDT report, "Spam 2005: Technology, Law and Policy:" http://www.cdt.org/speech/spam/spam2005/

FTC/NIST "Summit" on email authentication: http://www.ftc.gov/bcp/workshops/e-authentication/index.htm

(2) CDT Spam Compendium Surveys Spam and Solutions

The papers in CDT's compendium attempt to present a snapshot of the current debate about how best to address the spam problem. The papers consider the experience of users and businesses with respect to spam, and the extent and manner in which encounters with spam affect the online experience and the usefulness of the Internet. One paper looks specifically at enforcement of the CAN-SPAM Act. Four contributions examine technologies that would reduce the amount of spam. The compendium also includes perspectives from Europe and analyses of the opt-in approach to commercial email that has been adopted there. Finally, the compendium raises often-overlooked free expression and access to email issues that are raised by current technologies and proposed authentication systems. Here's a preview:

• Deborah Fallows of the Pew Internet & American Life project presents survey data showing that 29% of email users say they use electronic mail less now because of spam. Additional data from a Pew survey conducted shortly after the CAN-SPAM Act went into effect indicate that spam is causing a general loss of trust in the online experience. Consumers cite frustration with attempting to sort through spam and time wasted in downloading spam to get a handful of expected messages from friends. Others expressed particular concern about the high incidence of pornographic spam.
   
• The consumer reaction to spam is mirrored by that of Humana, Inc. a health benefits company. Beth Schowalter describes the costs imposed on businesses by spam.
   
• Recognizing the limitations of the CAN-SPAM Act, technologists have focused on technologies and systems that attempt to stop the flow of spam at various points in the delivery system or otherwise to change the way in which decisions are made about what email is and is not delivered into individuals' email boxes. Several papers discuss an increasing reliance upon authentication systems and methods of establishing the reputation of the senders.
   
• A paper by Habeas, a California-based company emphasizes the importance of emailers' adherence to best practices.
   
• Two papers discuss economic incentives for appropriate email practices. TRUSTe's Bonded Sender requires posting of a money bond that can be debited when a certain number of complaints are received for failure to comply with best practices. Vanquish Inc. places the power to economically penalize online marketers in the hands of email recipients in a system that allows delivery of messages based not on content, but on the value of the content to the individual recipient and the cost associated with requiring that he or she stop to open and consider the email message. Inherent in this discussion is the recognition, illustrated by Microsoft's submission, that no one solution will solve the spam problem, but that a "cocktail" of solutions in law, technology and informed consumers.
   
• Charles Curran of America Online and Jennifer Archie of Latham & Watkins review anti-spam enforcement efforts in 2004.
   
• Human right activists express concern that measures intended to curtail spam will interfere with the flow of bulk non-commercial email, depriving them of an assured way to quickly reach members. In their submissions, the Electronic Frontier Foundation (EFF) and Human Rights in China (HRIC) discuss the challenges these solutions pose for free expression and political speech. EFF points out the manner in which otherwise well-intentioned filters and blacklists can be used to filter out unpopular political speech. EFF also considers the implications of authentication systems for small organizations with limited funding and their ability to access and use the email system for political speech and grass-roots organizing. HRIC offers a case study to illustrate how anti-spam technologies and policies can be used by repressive governments to censor speech and to severely compromise the ability of activists to use email to promote democratic values.
   
• Finally, the compendium offers views from the European Union, where the law requires that online marketers have email recipients opt in to receiving online marketing messages. Professor Nicola Lugaresi of the University of Trento explains in detail the derivation of the opt-in approach and the role of practical solutions in supplementing the EU's legal regime. Miriam Rado, of the Federation of German Consumer Organizations, discusses the preference of consumer advocates and some businesses for the opt-in approach.
   

Detailed information about online civil liberties issues may be found at http://www.cdt.org/.

This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_11.04.shtml.

Excerpts may be re-posted with prior permission of ari@cdt.org

Policy Post 11.04 Copyright 2005 Center for Democracy and Technology