Charting tactics in the war on spam

Christine Gregoire knows she can't win.

The attorney general of Washington state has long been at the vanguard in the battle against spammers, and if there's one thing she's learned about her opponents, it's that when one falls, 10 will rise to take their place.

Still, Gregoire has led her state's charge against unsolicited commercial e-mail, helping establish the constitutionality of Washington state's groundbreaking antispam law and lodging the state's first suit against an offender. She took the stand Tuesday with Microsoft executives heralding that company's legal assault on spammers from California to the United Kingdom.

Gregoire spoke to CNET News.com from Redmond, Wash., about her state's spam battle, offering advice for legislators around the country and specifically to politicians residing in the other Washington, whose laws could pre-empt those of the states.

Q: When did spam first come to your attention, as the attorney general?
A: Our law was passed about three years ago, but it was immediately challenged when we took an enforcement action. It was declared constitutional two years ago, so there was no enforcement tool until two years ago this month. We were the first state in the nation to have a constitutional challenge under free commerce and First Amendment grounds, and our case wound up going to the Supreme Court, which denied cert. (A term that refers to a decision by the Supreme Court to hear an appeal from a lower court.) Our state Supreme Court held the law to be constitutional, and that set the pace around the rest of the county. People were in kind of a stand-down mode, waiting for the outcome of the challenge to our law.

Now there are some 33 other states that have passed antispam laws; and just three years ago, when we passed ours, we were No. 2 in the nation. That shows you how quickly legislators have stepped up in light of huge consumer concern.

What would be your advice to the U.S. Congress in its deliberations over a spam law for the nation?
I would say you have to have a piece of federal legislation that has real teeth. The solution, in my mind, is changing the economics of spam. We have to change it so that it costs the spammers more to spam us than they stand to profit from it. So the law has to carry an economic consequence so spammers have to think twice before violating the law.

The solution, in my mind, is changing the economics of spam.

Secondly, I think the major concern we have right now is that this is such a dynamic area that one of the major solutions to this is in technology. We can't have federal legislation that isn't visionary enough to let technology develop.

Is there that risk with the legislation being considered?
Absolutely. We have looked at most of the legislation that's pending before Congress, and we're concerned about it viewing the problem through glasses that are only useful for today's problem. And we need to think about it as an evolving field with evolving technology.

We're in the race for the ISPs (Internet service providers), because every time they come up with some filtering mechanism, sure as I'm standing here the spammers find a way around it. And every time we come up with ways to investigate them, they find new ways to hide.

I'm not sure I understand in what ways the federal laws under consideration might hinder that kind of technological innovation.
They're basically saying you have to identify the e-mail as e-commerce, that you have to have an opt-out, when, in fact, the potential for tomorrow's e-commerce has to be recognized and the technology to filter it out has to be well-understood. We have consumers who want to receive ads, but also the ability to say, "Don't give it to me anymore." That option needs to be thought through.

What we don't need is federal legislation that's outdated the day it's signed.

And we need a technology option that's very consumer friendly, so the consumer could say on their computer, "I don't want advertisements from anyone I haven't done business with." We need to make sure that we allow technology that would allow that. What we don't need is federal legislation that's outdated the day it's signed.

Can you say more about what concerns you about the federal legislation?
Virtually all the legislation pre-empts the states. I wouldn't say that I would never entertain a pre-emption idea, but based on what's there now, I would be reluctant to. One specific area is that most of the laws say consumers have no private right of action, and I just think that's a mistake. We need right of action by the states, the federal government, ISPs and private consumers. And there's no reason to take away from any of those entities.

In the press conference you mentioned things consumers could do to protect themselves.
The biggest thing they can do is be careful about the use of their e-mail address. When filling out registration forms or surveys, or purchasing something online, they need to decide whom they're willing to give that address to and protect it as personal information. They need to help themselves with signing up with an ISP that has good filtering systems and software that has the additional ability to filter out spam. In the case of Washington state, they can contact ISPs and disclose that it's a Washington e-mail address, because that puts everyone on notice that we have a law that protects them.

That brings up another point that came up in the press conference, which is the difficulty of prosecuting spam offenses across borders. How successful have you been in Washington state, in that respect?
We've been successful: All four of the suits we have brought have been against out-of-state spammers. But it will be a considerable challenge to us as a state if it's from another country. So that's why we're partnering with the ISPs, especially Microsoft, for the international part of the problem.

Say more about your relationship with private industry on this issue, particularly with Microsoft.
We've been working with them on the federal legislation and how it can be developed with allowances for technology to move forward. We've been encouraging them to bring actions like those announced Tuesday. Only if ISPs are willing to do that is the message going to go out that if you send spam it's not only the state attorneys general you have to deal with. And we've partnered with the Federal Trade Commission in a national effort to try to bring enforcement actions in every state in the country. I hope to do more of those. But we can't do it alone. We need to work with the private sector, with private lawyers, so we can get our arms around it and change the economics of spam.