In my last column, I discussed the pending Unsolicited Commercial Electronic Mail Act of 2001 (H.R. 95) and compared its potential effectiveness with the ineffective Telephone Consumer Protection Act of 1991, which dealt with junk faxes.
The thing that bothers me most about the proposed anti-spam bill is the matter of enforcement. As we all know, laws are only as strong as the deterrents set against them, and as far as Im concerned, on the big list of crimes against humanity, spammers may be the lowest priority in the entire crime spectrum.
Lets assume the anti-spam bill becomes law and the next day you get spammed by 30 entities. Who are you going to call? Can you imagine the reaction if you were to call your local police department to report that someone in Canada sent you a spam e-mail? You could always report it to your states attorney general—that is, until they get so many they stop responding to spam reports. Remember, your state attorney general also takes action against fraud and scam artists who con money or whose products actually kill people. Where do you think your spam report will fit in their priorities? So that leaves only one option: suing the party who spammed you. That task could be formidable, at best.
First, consider how much spam you get each day and the numerous sources from which it originates, most of the time from masked addresses. Now think about how much time it would take to backtrack each of the spam messages to its source. Once you do, how do you go about deciding what/whom to sue? If you make it this far, three to four months down the road you will finally get your court date. You better be sure to have some network and computer experts willing to testify that the accused IP address went from here to there, changing, mutating, eventually arriving in your in-box, because youll be in front of a judge who probably has little expertise in advanced computer networks.
Finally, you win. But by the time you get back to your PC, there are 30 more spam messages waiting for you. Is this a process youre willing to go through, and if so, how often? Is this something your company is willing to spend your time on, or is it easier to simply click delete? Unlike junk fax, which is considered theft because perpetrators use your paper and toner to print their advertisements, spam isnt nearly as costly—it just takes some bandwidth and disk space. Sure, spam can be a security risk and a major annoyance, but whos going to actually go to court over it?
This morning I was checking the logs of my personal firewall at home and noticed that 10 people tried to break into my computer while I was asleep. Are there laws in place for this, and if were going to be filling our courts with such cases, shouldnt hackers be our first priority?
