Want CNET to notify you of price drops and the latest stories?

Bill would let spamees sue spammers

The latest federal antispam bill would create a national "Do Not Spam" registry of e-mail addresses and give individuals the right to sue spammers for $1,000 per message.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
5 min read
A pair of unusual political allies, a left-wing Democrat and a conservative religious group, teamed up on Thursday in Washington's latest bid to rid the Internet of spam.

Sen. Chuck Schumer of New York joined with the Christian Coalition to announce support for a new bill that would create a national "Do Not Spam" registry of e-mail addresses and, unlike other federal proposals to date, give individuals the right to sue spammers for $1,000 per unlawful message.

In a second unusual twist, Schumer's Stop Pornography and Abusive Marketing (SPAM) Act generally requires that unsolicited commercial e-mail include "ADV"--for advertisement--in subject lines. But the SPAM bill has been questioned because certain industry groups, such as the Direct Marketing Association, could qualify for a loophole that would permit them to send bulk e-mail without placing ADV on their messages.

Schumer's proposal has also been criticized because it could endanger legitimate Internet services such as "anonymous remailers" and would give marketers access to the complete do-not-spam list.

At a press conference on Capitol Hill on Thursday, Schumer stressed that pornographic spam was piling up in e-mail in-boxes so quickly that prompt action by Congress was necessary.

"The avalanche of pornography being sent to kids by spammers makes checking e-mail on par with watching an X-rated movie," Schumer said in a statement. "America's children have been under attack for a long time, from violent TV shows, racy music videos and now pornographic spam. The V-chip gave parents control of the TV. My SPAM Act will give them control over the computer."

Christian Coalition of America president Roberta Combs said the SPAM Act would "go a long way to stop the filth of pornography junk e-mail that our children and grandchildren are receiving every day on the Internet...I urge the U.S. Senate to act immediately to end the blight of unwanted Internet pornography."

Schumer's efforts come as Congress is facing a deluge of antispam bills. In April, Sen. Conrad Burns, R-Mont., introduced his antispam bill, and key House Republicans are backing a bill that promises to slap the worst bulk e-mailers with prison terms and millions of dollars in fines. Rep. Zoe Lofgren, D-Calif., has a bill that pushes ADV tags, but without a do-not-spam registry. On Wednesday, the Federal Trade Commission announced its own plan to turn its investigators into spam cops. Sen. Mark Dayton, D-Minn., has also proposed a do-not-spam list.

Schumer's bill, however, is the only proposal so far in Congress that would let any "recipient adversely affected by a violation of this act" bring a lawsuit in state court that would recover statutory damages of up to $1,000 per e-mail message. Internet service providers would be immune from such lawsuits, and class action suits would not be permitted.

For Schumer, the fight against spam has become personal. He told a conference in Washington recently that his 14-year-old daughter was inundated with spam promoting pornographic Web sites

and that he was "utterly amazed" to learn that no federal criminal laws existed to punish that practice. In response, Schumer said, he asked his staff to prepare this bill creating a national do-not-spam list. Also in April, the New Democrats proposed a similar idea that would be "modeled on the 'Do Not Call' list currently under development" by the FTC.

Letting the fox guard the henhouse?
Ray Everett-Church, a privacy consultant at ePrivacyGroup.com and a board member of the Coalition Against Unsolicited Commercial Email, said Schumer's bill is probably the most promising so far but added that a successful do-not-spam list will be tricky. According to the SPAM Act, the FTC is required to create the registry and hand copies of it "to marketers for the purpose of complying."

"How do you give marketers access to the list without the list falling into the wrong hands?" Everett-Church said. "That's going to require enormous resources and security requirements. If that list falls into the wrong hands, it would be an extremely valuable list... There are a lot of practical management and security issues that would have to be addressed before people would trust a do-not-spam list."

The SPAM Act says that the FTC has six months to "issue regulations for establishing and maintaining the registry, providing secure distribution of the registry to marketers for the purpose of complying with this section, protecting the registry from unauthorized use, and enforcing the provisions of this section."

A second problem, Everett-Church said, is that the bill would regulate specific technologies, and underlying protocols or standards may change. "Laws should focus on what is the harmful thing that's being done," Everett-Church said. "In the case of spam, it's a really a question of cost-shifting from the sender to the recipient. If there were a law against shifting the cost of advertising onto the recipients, then you could go after junk faxes, spam and (wireless) spam."

For instance, Schumer's bill only regulates spam sent to e-mail addresses with "domain names" after the @ sign. But the Internet standard for e-mail (RFC 822) permits numeric Internet addresses--also called domain-literals--to be used in messages. That means an e-mail sent to recipient@example.com would be regulated, but one sent to the same address at recipient@[] would not be.

Roger Dingledine, a cryptographer and founder of Moria Research Labs, said the wording of Schumer's bill is so broad that it could imperil "anonymous remailers."

An anonymous remailer is typically a free Internet service that strips off information identifying the sender of an e-mail message and forwards it to the recipient anonymously.

Remailers have been harshly criticized by governments in the past, but their supporters point out that anonymity can be of use to whistle-blowers, human rights activists and people living under repressive regimes.

Section 206 of the SPAM Act says it "shall be unlawful for any person to initiate the transmission of commercial electronic mail...without identifying the valid, physical address of the sender in a clear and conspicuous manner."

Anonymous remailers could be banned depending on what the word "initiate" means, Dingledine said. "Since it's unclear whether legitimate services such as anonymity systems count as initiators, I think it's critical that Mr. Schumer clarify what he's trying to do. He should go after the spammer, not the Internet infrastructure."

The SPAM Act would also permit parents to register their child's address for a special do-not-spam list, restrict spambots that crawl Web sites looking for addresses and require the FTC to let certain industry "self-regulatory organizations" permit their members to send bulk e-mail without ADV tags. Like every other antispam bill in Congress, it does not apply to spam sent by nonprofit groups, charities or politicians.