TechLaw - Spam Related Legislation |
|
|
My Anti-Spam Related Directed Research Blog... if it's about spam, it's on here.
Archives
|
Tuesday, March 08, 2005
For the first time, a State has convicted an individual for illegally downloading copyrighted material from the Internet, reports the Associated Press. Parvin Dhaliwal faces a three-month deferred jail sentence, three years of probation, 200 hours of community service and a $5,400 fine. Investigators claim he had "$50 million in music and movies" on his PC, and was selling the content to others. Wednesday, December 15, 2004
Sorry that things have been a bit quiet lately. That'll change shortly, and with the following we have a lot to digest:
Read the entire story here. Friday, July 09, 2004
Anti-Spam Technical Alliance Publishes Industry Recommendations to Help Stop Spam Yahoo!, Microsoft, EarthLink and AOL Propose Key Best Practices and Technologies to Tackle The Problem of Unsolicited Commercial E-Mail SUNNYVALE, Calif., REDMOND, Wash., ATLANTA, and DULLES, Va., June 22, 2004 -- The Anti-Spam Technical Alliance (ASTA), whose participants include Yahoo! Inc. (Nasdaq “YHOO”), Microsoft Corp. (Nasdaq “MSFT”), EarthLink (Nasdaq “ELNK”) and America Online Inc. (NYSE “TWX”), today unveiled the result of more than a year of close collaboration by presenting a host of detailed best practices and technical recommendations for the entire industry in an effort to fight the scourge of spam. The proposal provides recommended actions and policies for Internet service providers (ISPs) and e-mail service providers (ESPs) as well as large senders of e-mail including governments, private corporations and online marketing organizations. These recommendations primarily focus on two key issues: helping solve the e-mail forgery problem by eliminating domain spoofing through Internet Protocol (IP)-based and signature-based solutions; and best practices to help prevent ISPs and their customers from being sources of spam. The complete ASTA proposal can be found at each adopting company’s Web site: * Yahoo Anti-Spam Resource Center * Microsoft Privacy Web site * EarthLink spamBlocker * American Online ASTA was founded in April 2003 to bring together key industry stakeholders to drive technical standards and promote collaboration in the development of industry guidelines to address the spam problem. Current members include leading technology companies such as America Online, British Telecom, Comcast, EarthLink, Microsoft and Yahoo! Comments “With these proposed solutions, ASTA is taking a huge step toward collective and enforceable technologies in reducing spam and e-mail forgery,” said Brad Garlinghouse, vice president of Communication Products at Yahoo! Inc. “We are laying out clear best practices and Good Neighbor policies that will help change the rules of the game on spammers once and for all.” “We believe that thanks to continued innovation and the ongoing cooperation of governments and industry around the world, we are on the right path to turn the tide against spammers — but further change is needed on an industrywide basis to thoroughly contain the problem for consumers and businesses worldwide,” said Ryan Hamlin, general manager of the Anti-Spam Technology & Strategy Team at Microsoft. “Our aim with this proposal is to help lay out a clear framework for the industry as we continue to work together to end the spam business and put our customers back in control of their inboxes once again.” “Today’s announcement shows the industry’s commitment to working together to develop the best technical standards and practices that all providers can use to stop spam,” said Linda Beck, executive vice president of Operations at EarthLink. “By collaborating on new ways to better identify the origin of messages, we can help lift the veil of anonymity on spammers and restore the integrity of e-mail. We encourage continued testing and public discussion in order to move toward industry-standard technical solutions.” “This announcement opens an entirely new chapter in spam fighting on behalf of all online consumers. Spam is an industrywide challenge that merits an industrywide solution. Creating a set of best practices puts us on a clear glide-path to winning a major battle against spammers, scammers and spoofers,” said Matt Korn, executive vice president, Network & Data Center Operations at America Online. “This proposal also shifts the spam fight toward identifying legitimate senders of e-mail to ensure prompt delivery of their e-mail. Now we’re going to focus on testing and evaluating cost-effective technologies that can identify legitimate senders of e-mail and help restore consumer trust in their e-mail inboxes.” Summary of ASTA Recommendations ASTA’s proposal focuses on two key issues: helping solve the e-mail forgery problem by eliminating domain spoofing through IP-based and signature-based solutions, and best practices to help prevent ISPs and their customers from being sources of spam.. Recognizing that broad adoption of any technology or best practice is critical to solving the spam epidemic, all members of ASTA have agreed to the following recommendations: Addressing E-mail Address Forgery One of the key problems with today’s e-mail infrastructure is that messages do not contain enough reliable information to enable recipients to decide whether an e-mail message is legitimate and reliably identify the sender. Spammers take advantage of this fact and commonly disguise the origin of their messages by forging the sender addresses on their e-mail using someone else’s domain name. This is called “domain spoofing.” Although the problem of identifying the origin of e-mail is complex, there are two promising new methods that organizations can implement to lay a foundation for future advances and promote authentication that verifies that senders of a message is who they claim to be: 1. Authenticating senders based on IP addresses. Currently, the only trustworthy attribute in an e-mail message header is the IP address of the server that is transmitting the e-mail. IP addresses can therefore be used by e-mail receivers to verify other attributes in the message header, such as the sending domain, and thus help reduce the common forms of phishing and forgery that are rampant today. This verification loop can be done using the existing Domain Name System (DNS) infrastructure combined with fairly simple changes to the receiver’s e-mail systems. 2. Authenticating senders based on content signing. Another approach to sender authentication uses a technology called Content Signing (CS). CS systems use public/private key pairs to generate the signatures that are used for sender verification. The public keys may be made broadly available through a variety of key exchange mechanisms or via publication in a directory or in DNS. The private keys are stored securely on the domain’s mail servers. When a user sends an e-mail message, the mail server uses the stored private key to automatically generate a digital signature for the message. When the recipient’s mail server receives the e-mail message, it retrieves the sender’s public key and uses it to verify the digital signature in the message. This verifies both the sender’s identity and the integrity of the message body (that the e-mail content was not modified during delivery). As with IP-based sender authentication, the companies believe that content signing technologies are an important component of a long-term industry solution. Throughout the process of implementing these technologies, ASTA members will provide feedback that along with other industrywide feedback will enable subsequent improvements to the specification to be completed, with the goal of providing for the best long-term, industrywide IP based authentication solution. It is the belief of this group that the ubiquitous deployment of some or all of these proposals, combined with the most innovative anti-spam filtering technologies and approaches, continued litigation against the worst offenders, appropriate legislation and other measures, will serve to reduce the economic incentives and eliminate the entry points for spammers to continue their barrage of unwanted communications. ASTA looks forward to the community response to this proposal and invites participation from all segments of the community to assess the validity and impact of these proposed solutions and their accompanying technical specifications. Addressing Spam Through Best Practices In the proposal, ASTA recommends a number of best practices that organizations should implement as applicable. Many of these practices have already been adopted by responsible organizations using e-mail today, but broader global adoption is necessary, as the combined effect of implementing these approaches can serve to minimize opportunities for spammers. Those who do not adopt these proposals risk loss of online user confidence in the safe and trusted exchange of e-mail for the entire community. Specifically, ASTA’s proposal outlines the following: * Recommendations for ISPs and mailbox providers and organizations that provide Internet connectivity, such as these: Some of these recommendations are already part of laws in various countries including the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 in the United States. However, the disparity between laws and the absence of anti-spam laws in most countries means the industry needs to come together and adopt consistent policies and practices that drive spammers out of business. Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft's Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp. Wednesday, June 23, 2004
From Legal Affairs Magazine $t0pp^ng $p@m!! The private sector needs to regulate spam because the government can't. By Paul Jamieson LOSE 20 POUNDS IN 20 DAYS on the amazing grapefruit diet pill! Expand the size of your body parts! You have emerged one of the winners of the EGOLI LOTTERY SOUTH AFRICA! Spam is that rare legal and public policy problem in which the behavior in question is anathema to nearly every publicly identifiable interest holder. Legitimate businesses that use e-mail as a marketing tool support spam reform because their communications are often lost in the avalanche. Consumers and businesses that rely on e-mail for transactions and communication overwhelmingly dislike spam for the same reason and make their displeasure known to elected officials. Internet service providers, or ISPs, such as Yahoo and Earthlink, oppose it because junk e-mail taxes their networks. Nevertheless, five months after the effective date of a sweeping federal law imposing stiff civil and criminal penalties on spammers, well over half of all e-mail is still spam. There is just as much if not more spam now than there was before the legal barriers were erected. What gives? The short answer is that legal measures may be largely powerless to affect the spam problem because the architecture of e-mail is resistant to traditional methods of government regulation. While members of Congress and the Federal Trade Commission will be quick to claim credit in the event that the spam problem is reduced, the role they play is small. Consumers and businesses suffering from the torrent of spam must look for relief not from formal law developed on Capitol Hill or in a watchdog agency, but from the people who write the code that makes the Internet run, and then from the private businesses that put the code to work. THE CONTROLLING THE ASSAULT OF NON-SOLICITED PORNOGRAPHY AND MARKETING ACT, or CAN-SPAM, was signed by President George W. Bush in December 2003 and is ambitious in intent if not effect. Under the statute, unsolicited commercial e-mail isn't banned, but it must contain headers revealing that a message is an advertisement or solicitation. All unsolicited commercial e-mail must come from a valid e-mail address and contain an accurate postal address to which a recipient can write back. Misleading message headers are also banned, even for recipients who have agreed to receive commercial mail, as with users who checked a box asking for future promotional material about dog food on the Pets.com website. Under the statute, Internet service providers are not held liable for routine conveyance of e-mail. If you get spam from loseweight@earthlink.net, you can't sue Earthlink. But all of those who send or who contract to send illegal commercial e-mail are subject to civil suits by Internet service providers, the FTC, and state law enforcement officials. Penalties are severe. For example, if a state brings a suit, a spammer may be forced to pay damages of $250 per e-mail, up to $2 million (the cost of 8,000 e-mails), plus attorneys' fees. Egregious spammers, as repeat offenders, may also face felony charges with prison terms of up to five years per violation. But the law has had no appreciable effect on reducing spam. Consumers surveyed by the Pew Internet Project report that the volume of spam is the same or has increased since January 1, when the law went into effect. Postini, a company that runs a spam-filtering service processing one billion messages a week for 2,500 other companies, said that spam rates have stayed virtually constant since before that date. * * * Several factors constrain the law's regulation of spam. First, the nature of e-mail makes it hard to locate perpetrators. Because of the Internet's configuration, spammers can easily hide their actual e-mail addresses in addition to their countries of origin, using false header information and bogus domain names. One popular tactic is to send messages that appear to be from technical support staff of the recipient's Internet service provider (e.g., administrator@msn.com) with a message that the user's account needs to be updated or fixed. Sending a message that appears to come from one of these accounts requires no specific access to either MSN or Earthlink. Spoofing an address requires only an Internet connection and a few minutes to learn how to falsify the information. Identifying purveyors of spam, then, is challenging. Of the 222 defendants of recent CAN-SPAM lawsuits filed by the four largest ISPs, only seven were named, because the plaintiffs' attorneys couldn't figure out who they were going after. And even if spammers could be identified, many are beyond the jurisdiction of American law. AOL reported that, one week after the new statute went into effect, approximately 10 percent of the 2.4 billion spam e-mail messages it was receiving daily had shifted in origin to offshore locales. The economics of spam are so favorable to spammers that no matter how high regulation erects the barrier to entering the business it wouldn't be high enough. Direct mail and telemarketing require companies to spend a lot of money—to pay people to spend time on the phone, and for printing messages and sending them through the mail. But spam puts nearly all the costs on recipients, ISPs, and the companies that built and that run the "pipes" through which e-mail travels. Sending an e-mail promoting Viagra to 500,000 users costs a spammer about the same as sending it to 50. PRIVATE SECTOR REGULATION by the "code" of cyberspace, rather than by formal law, has been crucial to the Internet's development, to which the government has contributed most significantly by being restrained in its use of regulation. The development of encryption standards that protect the exchange of financial information over the Internet makes a good example. As a result of development by companies of encryption protocols that are strong but easy to use, it's now no more dangerous to type your MasterCard number into Amazon.com than it is to give the number to a phone operator. This encryption technology came entirely from the private sector and not from the government, which chose not to enact strong encryption standards in part because it feared that they would limit the FBI's surveillance powers. A similar effort by the private sector to regulate spam by code is being mounted by influential code writers. Microsoft's Bill Gates announced in February that he was helping to create a loose consortium of companies called the Global Infrastructure Alliance for Internet Safety, formed to share ideas about technical solutions to Internet security threats as well as spam, which many people see as the major threat to the continued expansion of the Internet. Gates cited several technological innovations designed to combat spam, including a sort of caller ID for e-mail that would verify the sender's e-mail name address conveyed as a series of numbers that the software could look up. Another authentication proposal under consideration by members of the consortium is a system known as challenge-response, under which a sender not already on a recipient's "safe" list would have to confirm his identity by responding to an automatic message from the recipient's e-mail system. The computer-generated reply message would direct the sender to a website to answer questions—such as "What is the number of states in the United States?"—that would rotate each time a sender went there, and which would be simple for humans to answer but hard for machines. Still another coalition option would be implementing a form of postage for e-mail (say, some fraction of one cent charged to senders by their ISPs) that would only lightly burden regular users but would be prohibitively expensive for mass e-mailers. ISPs are also reviewing restrictions on the number of e-mail messages that can be sent at one time, in an effort to undercut spammers who send thousands at once. The government's CAN-SPAM law doesn't undermine these solutions, each of which holds great promise, and several of which could also be used to help protect other technologies—such as cellphones and instant messaging—likely soon to face spam onslaughts. But CAN-SPAM doesn't help, either. To solve the spam problem, the federal government should create incentives for the private sector to develop solutions. It could subsidize effective technological solutions to spam, much like what the government does to subsidize the availability of Internet access in the nation's schools and libraries. Or it could require that a company license any truly effective solution to anyone who wants it. Government could also be more aggressive in supporting industry consortia, including the recognition of an industry standards-setting body that would develop practices to combat spam and share the best ones. If it turned out that the best anti-spam strategy required ISPs to employ a particular method of authentication, the government could mandate compliance with that standard. In the meantime, as e-mails pile up that come from the ostensible fortune-wielding children of "Nigerian dictators" and from network administrators asking us in vaguely worded messages to open attachments, it's clear that we are far from having a good solution to spam. Until the government figures out a new way of working effectively with programmers, we will just have to keep hitting "delete." Read the entire article here. Monday, June 07, 2004
Spam messages on the increase [Ed. note - Now I always take studies from companies whose mission it is to sell you anti-spam software as part of their services with a large grain of salt, but anecdotal evidence, along with my own inbox observations appear to, if nothing else, confirm that spam certainly hasn't gone down.] Spam messages on the increase Story from BBC NEWS: http://news.bbc.co.uk/1/hi/technology/3746023.stm Junk mail now accounts for nearly 70% of e-mails worldwide, according to filtering firm MessageLabs. Despite efforts in the US to cut down on the sending of unsolicited messages, new laws seem to be having the opposite effect. Spammers are simply adapting rather than shutting up shop. "The law goes part way to legitimise spam rather than outlaw it," said Natasha Staley, information security analyst at MessageLabs. * * * SPAM TRENDS 40% is healthcare related 37.8% is financial 12.8% is direct products 4.8% is pornography Source: Clearswift "We expect global levels to reach 80% by the middle of the year," Ms Staley told BBC News Online. The US Can-Spam Act, which came into force at the beginning of the year, has been dismissed by experts as ineffectual. Spammers can adhere to requirements such as providing a legitimate return address without it affecting their business practices. "The law hasn't had as much of an impact as we hoped. I imagine it will have to be revised as there are wide gaping holes," said Ms Staley. * * * Read the entire article here - http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/3746023.stm |