Addressing ISPs Troubles Will Ease Burden on Individuals
by Hiawatha Bray, Boston Globe
Washington, D.C., May 21, 2003-A new Competitive Enterprise Institute study on spam email surveys the effectiveness of current user-based countermeasures and laws and suggests additional strategies for stopping unwanted emails through legal and technical solutions to help Internet Service Providers (ISPs).
Spam is the consumer technology issue of the moment. Everyone agrees it is a problem, but there is little agreement on the best solution. And while far more public attention has been focused on how spam affects individual email users rather than ISPs and other large network administrators, the consumer-focused approach is only part of the solution. The consumer is the end of the spam's journey; its origins lie in the policies and technologies of networks.
"While there is naturally more public sympathy for end users deluged with emails for adult products and pyramid-marketing scams than for the headaches of ISPs, solving most of the ISPs' problems would probably also solve most of the problem for consumers," said Senior Policy Analyst and study co-author Solveig Singleton. "The converse is not true, however, meaning that legal and technical solutions with an emphasis on the perspective of ISPs are more likely to be effective for everyone."
The study, Spam: That Ill O' the ISP: A Reality Check for Legislators, assesses contractual, technical, and statutory solutions, noting that while there are some effective technical solutions to help consumers and businesses control spam, ISPs, the most seriously affected, have found only partial solutions. It also concludes that effective spam control will come only with innovations in enforcing laws or policies. Many of the provisions of proposed new laws thus far are too broad, but research on deterrence shows none would be helpful without relatively strict enforcement.
The study, Spam, That Ill O’ The ISP - A Reality Check for Legislators, written by Solveig Singleton and Hanah Metchis, is available online at http://www.cei.org/gencon/025,03482.cfm. [Full report in PDF format here.]
EXECUTIVE SUMMARY
Most public attention has been focused on how spam affects individual email users; less on its impact on ISPs and other administrators of large networks. But the consumer-focused approach is unlikely to solve the most serious aspects of the problem. The consumer is the end of spam’s journey; its origins lie in the policies and technologies of networks. Solving most of the problems for ISPs would probably also solve most of the problems for consumers, but the converse is not true. Therefore, this paper assesses spam and its legal and technical solutions with an emphasis on the perspective of ISPs.
We begin by navigating among several competing definitions of spam and outlining its most seriously problematic aspects for consumers, businesses, ISPs, and legitimate marketers. We go on to assess contractual, technical, and statutory solutions.
- For end users, the best solutions are the new Bayesian content filters, which can be tailored to individual preferences.
- ISPs, the most seriously affected, have limited and constrained the spam problem successfully using filters, litigation, and contractual solutions.
- Spammers have been largely forced off of legitimate ISPs onto foreign relays and hijacked ISPs.
- Many (not all) provisions of the new laws proposed thus far are too broad, but none would be helpful without vigorous enforcement.
- Significantly stepped up enforcement levels would be necessary for any law to have a deterrent effect.
The study cites empirical research showing that laws have little deterrent effect unless there is a substantial probability that violators will be caught. Increasing the severity of penalties is ineffective if enforcement is ineffective. Many federal and state laws already apply to spam. While a few more carefully targeted laws might be justified, the most effective use of government resources would be increased enforcement. And it should be aimed at real bad actors, not legitimate businesses that have taken a misstep in posting a privacy policy or administering an email list.