Washington Bids to Can Spam

Fed-up lawmakers propose remedies and penalties, including fines, jail time.

The prospect of federal anti-spam regulation is no longer a question of "if" but rather "how much?"

U.S. lawmakers who were once resistant to wading into Internet regulation are now expressing the need to act quickly before the problem of unwanted messages outweighs the benefit of e-mail. Last week, two new federal bills joined the anti-spam crusade even as state laws grew in number and gravity.

Federal approaches to mitigating the problem vary considerably, however. At one end of the spectrum is a light-touch tactic endorsed by U.S. Rep. Zoe Lofgren, D-Calif., previously known for opposing any measure limiting Internet use. Last week, Lofgren introduced a bill that would put some guidelines on commercial e-mail and authorize the Federal Trade Commission to use 20 percent of the money from fines it would collect to reward individuals who identify spammers.

Recognizing that district attorneys and U.S. attorneys do not have abundant resources to pursue spam, the bill would create a bounty, "unleashing the 18-year-olds to go after the spammers," Lofgren said last week during an anti-spam forum held at the FTC here. As in numerous state laws, the Lofgren measure would also require all commercial e-mail to display the letters "ADV" in the subject line, identifying it as an advertisement.

Charles Schumer

On the other end of the spectrum is a new bill by U.S. Sen. Charles Schumer (pictured), D-N.Y., which calls for jail time of up to two years for serious, repeat spammers and a "no-spam" registry, similar to the FTCs "do not call" list.

The tough approach reflects growing frustration among businesses and ISPs, which are finding it increasingly expensive to handle spam. Last week, Virginia enacted the first state law making it a felony to intentionally alter e-mail headers or other routing information and send out more than 10,000 messages within 24 hours or 100,000 within 30 days. Violators would face one to five years in jail. Altogether, 26 states have passed anti-spam laws.

IT managers tasked with trying to filter the increasingly insidious spam are widely supportive of legislative action. "Im pretty heartened by some of the talk," said Sandy Whiteman, chief technologist at Cypress Integrated Systems Inc., in Charleston, S.C. "Only a small group of spam houses are making money, and a lot of them have known business addresses. They should be accessible to law enforcement."

Tough penalties against perpetrators are not sufficient for some, however, and the frustration is spurring a range of creative recommendations.

"Id like to see not only penalties but damage awards to companies that have to spend money cleaning it up," said Bob Barton, senior director of systems integration at InfiniSwitch Corp., in Westboro, Mass. "If recipients forward spam to a collection site that taxed the [original] sender, the collection site would get the money. We could automatically forward them to our favorite charities."

The anti-spam moves by Lofgren and Schumer are only the latest. On Capitol Hill, a middle-ground approach is reflected in a bill sponsored by Sens. Conrad Burns, R-Mont., and Ron Wyden, D-Ore., first introduced last year and reintroduced earlier this month.

Known as the "CAN-SPAM" bill, the Burns-Wyden measure won the support of the Senate Commerce Committee in the last session but did not make it to a vote in the Senate. The bill would require that all unsolicited marketing e-mail contain a valid return address and an accurate subject line. Senders would be banned from further mailings once a consumer asked them to stop.

Many ISPs consider the Burns-Wyden initiative too weak to handle the problem. Brian Arbogast, a vice president at Microsoft Corp., in Redmond, Wash., said the bill does not contain adequate enforcement opportunity for ISPs and states. Arbogast also said that legislation should contain a provision requiring "ADV" labeling.

From America Online Inc.s perspective, the Burns-Wyden approach sets good standards, but "it needs to be complemented with strong criminal penalties for the really slimy folks," said Joe Barrett, senior vice president of systems operations at AOL, in New York.

Faced with an expanding roster of angry customers, ISPs are looking to policy-makers to take a firm stand. "We had the reputation for hosting spammers, so we started going after them. Theyre like gangs that run from one ISP to another and attack like a virus," said Jim Fitzjarrell, senior director of operational excellence at Verio Inc., in Denver. "Dealing with spam on our network is a never-ending battle."