The new anti-spam legislation is almost here. If we're lucky, it won't make matters worse.
11:00 PM, Dec 10, 2003 • By KATHERINE MANGU-WARD
ANTI-SPAM LEGISLATION landed on the president's desk on Monday with a loud splat. It is a patchwork of the nice-sounding, completely useless bits from the different proposals, all rolled into one.
When politicians say "there is no silver bullet," it's a sure sign that the bill they're talking about is useless at best. And that's exactly what backers of anti-spam legislation have been saying for the last year as they hashed out a bill that was supposed to rid Americans of the spam clogging their inboxes.
But knowledge of politician-speak is not required to figure out that the CAN-SPAM Act of 2003 won't do much good. FTC Chairman Timothy Muris (who ought to know) said of the bill's central feature, the "Do Not Spam" registry: ''My advice to consumers would be: Don't waste the time and effort to sign up.''
Championed by Democrat Charles Schumer of New York, the registry is modeled on the extremely popular "Do Not Call" list. But email addresses don't work the same way as phone numbers. For one thing, there are a finite number of phone numbers (we know how many possible combinations exist and how many are in use) but there are an almost infinite number of possible email addresses, and no one knows how many exist now. This makes establishing a database a tricky exercise.
There's also the question of how to keep the database secure. If the list is accessible thorough the Internet, it's every spammer's dream--a government-maintained database of valid email addresses ripe for hacking.
Finally, there's the enforcement problem. The anonymity of the Internet is one of its charms. Anyone can create as many addresses as he wants and can use a different name for each one. Tracking down spammers is expensive and difficult--and a registry won't help.
Neither will the requirement that spammers include a physical address in their emails. Think about how annoyed you are when you open your inbox and find 20 unwanted email advertisements. Wouldn't you be tempted to take matters into your own hands if you found out your spammer lived right down the block? Spammers will not include their addresses as long as they feel secure that they will not get caught. And they won't get caught unless they identify themselves. In other words, they're safe. The worst spammers are already vulnerable under anti-fraud statues, but those laws haven't stopped them, and neither will new ones.
The mandatory inclusion of an opt-out link in every email is also self-defeating. The FTC found that 63 percent of email list removal requests are not honored. Internet users have learned not to trust opt-out links. And because the opt-out laws don't apply to international spammers (who make up an ever-increasing contingent, as they move overseas to further minimize the possibility of prosecution) many of the links will still be phony. They will serve only to confirm that the email address is working and elicit a flood of new emails.
The legislation sent to the president also contains a requirement that emails with "adult content" must be labeled in the subject line. An April report by the FTC found that only 2 percent of email in the states that currently requires labeling of commercial and pornographic emails adhered to the laws. There's no reason to think that there will be a change in this shockingly low compliance rate just because a national mandate exists.
Senator Ernest Hollings has vowed to ''ride herd'' on the FTC to come up with a plan for the registry. That sounds good on C-SPAN, but while the legislation authorizes a registry, it doesn't mandate one. And the FTC shows every sign of producing a comprehensive study six months from now that politely says "fat chance" to the registry and the rest of Congress's efforts to convince the public that they can stop spam.
Katherine Mangu-Ward is a reporter for The Weekly Standard.