Spam deja vu

In June, politicians in Washington had finally declared an all-out war on spam, vowing to take speedy action to curb the Internet's No. 1 menace.

One senator gave an impassioned floor speech warning that without a law, "we risk the destruction of all legitimate expression and commerce on the information superhighway." The New York Times predicted "a lively congressional debate" on spam over the next few months.

Well, almost. Those events did occur, but the year was 1997.

Since then--more than six years later--Congress has accomplished precisely nothing on spam. No federal law restricting the flow of unsolicited bulk e-mail has ever been enacted, and no law will be enacted until next year, if ever. At this rate, a delay of another six years wouldn't be surprising.

It's time for the tech community to realize that turning to the federal government for help in this area is simply not productive. It's like trying to teach a cow to configure BGP routers: You won't succeed, and you'll annoy the cow.

Washington's torpidity has spurred state legislators into action, with California Gov. Gray Davis signing one of the most restrictive state antispam laws last week. What California may learn, though, is that the law is so broad that it's vulnerable to legal challenges.

In about a week, both the Senate and the House of Representatives plan to adjourn until January 2004. And even next year, prudent observers know to keep expectations low: Rep. Zoe Lofgren, a Democrat who represents Silicon Valley, warned a few days ago that spam legislation is, once again, at an impasse.

Since 1997, Congress has accomplished precisely nothing on spam.

What a surprise.

All of this seems like a flashback to 1997, when the Democratic senator who gave that passionate-but-futile floor speech was Robert Torricelli of New Jersey, who eventually abandoned his political career on the heels of a fundraising scandal. Torricelli wasn't the only politician trying to grab headlines: A CNET News.com article published around the same time highlighted two similar bills and said "spam is clogging Congress' agenda today."

In spring 1997, the Federal Trade Commission (FTC) convened a workshop featuring an actual spammer who defended his practices as employing "standard communications protocols defined by the founders of the Net," and an America Online executive who testified that spam was customers' biggest complaint. AOL and Microsoft signed on to a report to the FTC touting "technical standards and specifications that will assist users in controlling incoming e-mail."

Six years later, the parallels are almost eerie. This spring, the FTC convened a workshop featuring an actual spammer and an AOL executive who testified that spam was customers' biggest complaint, with more than 2 billion unsolicited e-mail messages arriving at AOL every day. The same week, AOL and Microsoft said they would join forces to work on technical measures to fight spam.

Guaranteed gridlock
The reasons for the perpetual spam impasse are complex and subtle. Sure, the Direct Marketing Association, as I've stated before, is guilty of doublespeak on spam. And lobbying for new laws is hardly that group's highest priority. Last week, DoubleClick's chief privacy officer--the company is an active member of the DMA--warned of laws that could add "unnecessary cost and complexity to legitimate marketers."

Partisan squabbling between Democrats and Republicans over who will get to take credit for an antispam law is another explanation. In July, bickering erupted during the two major parties during a meeting of two House Energy and Commerce subcommittees.

Rep. Bart Stupack, D-Mich., for instance, complained that the Republican-backed plan expressly prohibits class-action lawsuits. Such lawsuits are a favorite of trial lawyers, whose deep pockets make them hugely valued contributors to the Democratic Party. An analysis performed by Common Cause for the 2000 election cycle calculated that trial lawyers favored the Democratic Party over the Republican Party by a 40-to-1 margin for soft money contributions, giving a total of $14.5 million to the Democrats.

Politicians also like to see their names attached to legislation--the antispam proposals go by names like Wilson-Green and Tauzin-Sensenbrenner--and can be obstructionist if they don't get what they want.

But then again, Washington can sometimes be so generally lethargic the town makes a 300-bit-per-second dial-up link look positively zippy. Jim Harper, a Washington tech lawyer who previously worked in the House and the Senate, said: "Look at prescription drugs or Social Security reform. When I first got to Washington, I was working on Social Security reform. That was around nine years ago, and it's still around. There's a huge difference between Congress time and Internet time."

Technological countermeasures, even with their problems, remain our best bet.

Capitol Hill is equipped to deal with issues at a glacial pace, Harper said. "That's why Congess won't be an effective regulator of the Internet," he said. "Also, I have great doubts about whether even a federal law will reduce the amount of spam. About 35 states have spam laws. Despite the laws, the amount of spam has increased."

Harper makes a good point. If every political jurisdiction in the world had perfect antispam legislation with strong civil and criminal penalties, and police with no other crimes to worry about, then antispam laws might solve all of our problems. Not one of those three assumptions is true, so technological countermeasures, even with their problems, remain our best bet. Work on Bayesian filters, collaborative measures, and smarter challenge-response systems is promising.

Also, even if Congress were to enact a law, it would probably set an "opt-out" instead of "opt-in" standard, which would do little to unclog our mailboxes. That difference between the two standards is crucial: An opt-out law would effectively give any e-mail marketer the right to repeatedly spam everyone on the Internet until the hapless recipient clicks on the "unsubscribe" link. If you change e-mail addresses, you get to repeat the process--and that's not even counting the overseas spammers who don't care about any U.S. law.

Opt-in would be a tougher standard, but it's politically unacceptable and constitutionally dubious. Last week, a federal judge in Colorado blocked the FTC's do-not-call list because it violated the First Amendment's guarantee of freedom of speech. The judge ruled: "The First Amendment prohibits the government from enacting laws creating a preference for certain types of speech based on content." (That bodes ill for California's antispam law, which takes an opt-in approach.)

So where does that leave us? Legally speaking, the situation is about the same as it was six years ago, except that spam is a far bigger problem. The difference is that now we know we can't trust Congress to solve it for us.