Email spam: we've all gotten sick of it. "Come to this URL and look at naughty pictures!" "Miracle thigh cream - cheap!" "Jesus is Coming (and He Needs a Green Card!)" Ten years ago it was nonexistent, at least as an organized enterprise. Three years ago it was a minor annoyance. Today it's most of the traffic on the Internet, a bandwidth and time waste of truly monumental proportions.
When a spammer bulk-emails the identical message to millions of recipients, it doesn't cost the spammer any more than it costs the rest of us to send a single email. Most of the cost is passed on to the recipient systems or to the rest of the net. As a result, spammers have no economic incentive to limit their activities. Junk-mailers pay for each piece of email they send; telemarketers pay for each call they make; but spammers don't pay any more to send to a million addresses than to a hundred, and the more spam gets sent out, the more each person on the net will get. There's nothing in the economics of spam to prevent it from growing until it makes email unusable.
In light of all this, CAUCE, the Coalition Against Unsolicited Commercial Email, was formed in 1997 to push for a legislative solution to the email spam problem. The main tactic CAUCE has chosen to fight email spam is the so-called Smith Bill, HR1748. The Smith bill would amend the current law against commercial faxes to apply to email. Specifically, it makes it unlawful:
to send an unsolicited advertisement to an electronic mail address of an individual with whom [the sender] lacks a preexisting and ongoing business or personal relationship, unless such individual provides express invitation or permission.
An unsolicited advertisement is defined as follows:
any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person without that person's prior express invitation or permission.
Much as I'd like to get rid of email spam with one simple law, and as appealing as it is to think a solution has been found, this one doesn't seem to me to measure up. Some of the Smith approach's defects:
The basic problem here is that the Smith bill doesn't target email spam; instead, it targets unsolicited commercial email. These classes overlap, but they're not the same. A single email to a specific person has never been considered a violation of netiquette or an abuse of the net, whether specifically requested or not. One piece of email takes negligible resources, and even if the recipient turns out not to be interested, it takes up a tiny amount of his or her time.
Email spam, however - a single message sent to hundreds, thousands, even millions of email addresses - takes a huge amount of bandwidth and resources,. While it costs any single recipient only a small amount of time, the aggregate time and annoyance to those millions of recipients is considerable. It doesn't cost the sender any more to send millions of copies than to send one email - but it does cost the net as a whole. This is why email spam has always been considered an abuse of the net.
CAUCE's FAQ and other public material completely ignores this critical distinction, using "unsolicited commercial email" interchangeably with such non-equivalent terms as "spam", "junk email", and "mass mailings". Given this confusion, it's not surprising that CAUCE's bill targets commercial email instead of targeting spam.
Here are a few real-life examples of email - spam and non-spam - along with how they fare under the Smith bill:
I post to rec.crafts.polymer-clay asking whether anyone has a good source they've bought from. A newsgroup regular who owns a polymer clay business replies with a price list. Was my general request enough to constitute the "express invitation" needed to make this email legal? Maybe, maybe not. I certainly didn't tell the guy specifically that he could email me.
I reply via email to someone's post on Usenet. My regular .signature contains the line "Nrrd for rent - no job is too big, no fee is too big." This is an advertisement of my services, hence problematic under the Smith bill; I could make a case that the poster has solicited replies, but has he solicited my sig ad? This perfectly ordinary signature makes me liable for any message I send to someone I don't already know.
A friend of mine tells me Joe Blow at Acme Computers might need a technical writer, and I need to pay the rent. I get Joe's address from the friend and email him: "Jane tells me you might need technical writers. I do technical writing at reasonable rates. Hire me." This is straightforward: it's a commercial advertisement for services, Joe hasn't asked for it (since Joe does not yet know me from Adam), and I have no relationship (yet) with Joe. The Smith bill makes this email illegal.
Someone using a forged From address emails fifty million copies of an announcement that the Second Coming is nigh and everyone must accept Jesus as their personal savior. Mail servers crash under the load. But this spam does not contain a commercial advertisement, so under the Smith bill - supposedly "the solution" to email spam - there is no recourse and no legal way to stop this spammer.
A political campaign mails a hundred thousand solicitations for donations. Even though it involves money, this spam is not a commercial advertisement by the Smith bill's definition, so the law can't touch it.
Someone emails a million copies of "I saw you on the net...check out www.hotstuff.com!" The URL given turns out to be a generic naughty-pictures-for-money site. But since the spam itself does not contain an advertisement, it probably isn't illegal under the Smith bill. Again, "the solution" fails to stop spam.
Something is wrong with this picture.
These examples make it clear that the Smith bill doesn't try to eliminate email spam (or any other form of net-abuse). Instead, it takes the politically easy way out by banning unsolicited commercial email, whether that email is spammed or not. It doesn't solve the problem, and it creates problems of its own by attacking email users who don't spam.
It will slow down one large part of the problem - spam that contains a commercial advertisement - but only that class of spam, and only as long as commercial spammers don't move offshore to do their sending. On the downside, it bans single, non-net-abusive emails and opens the door to further content-based censorship of email. My conclusion is that the Smith bill, or other legislation modeled on it, imposes too many problems of its own in exchange for too little gain against the real problem of email spam. It's a poorly-written law that chooses its target based on what's easy to hit instead of what the problem is.
So are you pro-spammer?
Of course not. (Is anyone, apart from spammers?)
Aren't fax and email enough alike that the same laws should apply to both?
Yes and no. There are some similarities, which led spam-fighters to start looking at the junk-fax law as a possible solution years ago, but these similarities don't hold up very well when you look at the legal details.
One reason the junk-fax law survived legal challenge was the cost-shifting argument: faxes cost money to receive, and this was part of the justification for regulating them. The cost of email also is partially borne by the recipient. However, fax is much more expensive than email for the recipient: a single fax message costs several cents to receive and ties up a phone line for a fairly long period, while the cost in money and resources to receive a single email message is negligible. (It's true that the cumulative cost of mass email can be enormous, but remember that the Smith bill doesn't target mass email - it makes even single messages sent to one recipient illegal.)
Also, from a practical point of view, fax senders must be in the same geographic region as recipients or else the long-distance charges get prohibitive. This makes it easy to enforce fax laws, since senders and recipients will normally be located in the same jurisdiction. This is not true of email at all: email costs the same to send whether it's coming from next door or from the other side of the world. State or US laws concerning email are unlikely to have nearly the impact of fax laws for this reason.
Then what do you suggest as an alternative?
I'm sorry to say that I don't have a panacea or a magic wand to wave. I think that spam can be eliminated, or at least reduced to a minor and occasional irritant, and that legal as well as technical measures can be of use in accomplishing this. But I think the fight against spam will probably need to be a multi-pronged approach that includes laws against net-abusive actions such as relay theft and address forgery, continued efforts to educate sloppy ISPs on their responsibilities, and shunning of sites that allow destructive behavior toward the rest of the net.
If there were a magic legal wand in the anti-spam battle, it would be a law specifically targeting email spam. Such a law might be patterned on the Smith bill, but instead of specifying content ("commercial email"), it would target unsolicited bulk email: spam, regardless of what the message contained, would be illegal and the targets of spam could sue for statutory damages. Such a law would need to be carefully written to avoid hitting legitimate mailing lists on the one hand, and letting spammers escape by making minor changes to their spam on the other, but it could be done.
The Usenet spam-cancelers do the same thing as the Smith bill, and their activities are widely accepted. So isn't the Smith bill OK, too?
The Usenet spam-cancelers base their cancellations on how often an article is repeated: more than twenty copies and it gets canceled, regardless of whether it's commercial or noncommercial. If the spam-killers started discriminating on content they'd lose their legitimacy. They discriminate on exactly the issue evaded by the Smith bill: the issue of bulk repetition.
But no one will actually sue someone who sends a single commercial email, or puts a URL in their signature, will they? Even if that's technically allowed by the law, it's stupid and therefore won't happen. So is there really a problem?
All I can say is that the law is not a Do What I Mean language. If putting an ad for your programming services in your signature isn't legal, sooner or later you will run into a kook who'll take advantage of the law. Most people won't sue over email of this kind, but the risk is there, it's substantial, and it's enough to chill senders of non-spam email.
Even were we guaranteed freedom from kooks, a law that relies on the assumption that it "won't be enforced as written" to keep it from doing harm is a poorly-drafted law. (I heard the "but it won't actually be enforced" line about the wackier parts of the CDA, too.)
OK, if all this is true, then why is CAUCE taking this tack? Are they bad guys?
Not at all. CAUCE, as a group, has concerns that are shared by any aware person who cares about the future of the net. They have done a lot of good in galvanizing attention and energy to the problem of email spam. I am, personally, disappointed that CAUCE took the easy way out in backing a law that doesn't target the problem area and creates a lot of problems on its own - but I can certainly understand how it happened, and at least CAUCE has done something.
CAUCE includes many respected members of the net community who are well able to understand the problems with the Smith bill's approach. I believe that frustration with the problem and hope for a simple solution has blinded them to the flaws in their legal approach. I also believe that CAUCE's cause will be much better served by a straightforwardly anti-spam law than by an attempt to get at spam as a side effect of attacking UCE. I hope CAUCE can be persuaded to modify its approach to target the real problem - email spam.
Links of interest: