As far as appearances go, things are looking up. Congress finally passed a real antispam law: the, which took effect Jan. 1.
Microsoft, Yahoo, America Online and EarthLinkthey can use to bring spammers to heel. And it's not just the Internet service providers. Earlier this week, Ohio's legislature got into the act when it passed a bill to let the state put out-of-state spammers on trials.
Great. I say send all the bums to Siberia and force-feed them castor oil twice a day, if that's what it takes. But get-tough measures alone won't suffice--and this is where the debate about what to do needs to shift focus.
For too long, the question of how to fight spam--with technology or with laws, that is--has been viewed in either/or terms. Technologists are comfortable with technology and look down their noses at government-imposed solutions. The politicians usually don't have a clue what the technologists are talking about. And so you have all the makings of a dialogue of the deaf.
But there are signs that the thinking is starting to evolve.
I recently attended a colloquium where a. But even these experts acknowledged that there was no such thing as a magic bullet to stop spam. Instead, they expressed palpable unease at how spam has turned e-mail into a medium of maybes--the result being that Internet communications have lost the vital attribute of reliability.
Their one uniform point of agreement was that spam in all its derivations constitutes a mortal threat to the vitality of the Internet as a vehicle for communication and commerce.
How bad? Sink your teeth into these stats (courtesy of Symantec CEO): There are 100 new viruses and 50 new vulnerabilities detected each week. And the fastest-growing nonviolent crime of them all is . At one time, spam may have been a problem of minor annoyance, but phishing has turned it into a problem of fear--so much so that the average ISP is now spending significant amounts of money on e-mail hygiene. If this keeps up, you can kiss the future of low-cost (or free Web) e-mail goodbye.
I'd like to believe the technology industry is smart enough to figure out a solution. That assumes rival companies can check their egos sufficiently in order to play nice with each other. That's easier said than done. When it comes to deciding how best to provide e-mail authentication, for example, you have Microsoft pushing its own "," while the other big guys treat anything emanating from Redmond as if it were radioactive.
And then there's Yahoo and Cisco each coming up with rival e-mail systems that use digital signatures to verify the sender's authenticity. For what it's worth, a Cisco exec attending the meeting said the companies are talking with each other. I'm not holding my breath, but hey, hope springs eternal.
The politicians view this as a political issue, and so their reflex reaction is to enact legislation. But spam is a global problem, and enacting new laws in the U.S.A. won't do much to impress a phishing ring in Moscow.
What's the next move? I think Thompson nailed it when he said the key to making serious inroads is to change people's online behavior. He recalled that the government's Smokey the Bear campaign--as corny as it was--was a huge success in curbing the outbreak of man-made forest fires.
This would be more than a lame update of Nancy Reagan's "Just Say No" antidrug mantra. The idea here is to put responsibility on the shoulders of Internet users and compel them to pay more attention to spam prevention. Fact is that when it comes to spam, it's not just good guys versus bad guys anymore. It's also what to do about the lazy guys--the careless Web surfers. They are the ones who are getting in trouble.
Face it--people still do dumb things when they get online. Many people don't pay attention to how they share information over the Internet and to what they download. If you can raise awareness and influence behavior patterns, that may not eradicate spam. But it would go a long way toward drying up the swamp.