"There's a math game we play to illustrate the problem," Mozena says. "There are 24 million small businesses in the United States. If only 1 percent of those businesses got your e-mail address, and sent you one e-mail a year, you'd get 657 messages in your in box every day. Our worry is that if a couple of guys working out of backrooms and basements generate this much spam, what happens if we open it up [to large legitimate businesses]. One of these companies has more resources than all the spammers combined."
Oddly enough, the Can Spam Act is similar to laws already on the books in many states where opt-out programs proved utterly ineffectual.
"The legislative approach in California heretofore was to require that it be labeled and to require that unsolicited commercial e-mail have a valid opt-out mechanism," says Joanne McNabb, chief of the California Office of Privacy Protection. "That's been the law in California. It produced one action."
Recently, however, California passed S.B. 186, an opt-in law with a private right of action for consumers, which was to take effect in January 2004. Many observers cited S.B. 186 as the impetus behind the federal Can Spam Act.
"What [S.B. 186 sponsor California state Sen. Kevin] Murray did," says McNabb, "was go for an outright ban on unsolicited commercial e-mail, and made it binding on not only the marketer, but also the advertiser. His thinking is that the advertiser is more likely to be findable than the spammer."
Indeed, most spam is already illegal, based on fraud and trespass-to-chattels laws. You cannot sell Vicodin and Viagra without a prescription. Child pornography is illegal in all 50 states, even Nevada. Spammers get around this, however, by spoofing e-mail header information, which makes finding them particularly hard.
"We recently did a false-claim study, and we found that in two-thirds of the cases, there was some indication of falsity in the header," says Brian Huseman, staff attorney with the Federal Trade Commission's Bureau of Consumer Protection. While the Can Spam Act specifically bans such practices, and provides for criminal penalties for those who violate them, the FTC does not have the resources to go after most spammers. Once again it's a numbers game.
Which is exactly why a private right of action, which would give those on the receiving end of a spam message the right to sue, is the only real means of putting a dent in the volume of spam. Unfortunately, the Can Spam Act provides for a private right of action only for e-mail service providers, not individual consumers. When anyone can take a spammer to small claims court, as Californians would be able to do under S.B. 186, it creates, as Kramer says, "an army of enforcement."
Even worse, the Can Spam Act stipulates that an advertiser must knowingly violate the rules, which makes the already overtaxed FTC's job even harder.
"If a federal spam law is going to be passed, we don't want it to increase the burden of our existing enforcement," says Huseman. "We don't want to have to prove knowledge, or the intent to violate. Burns-Wyden would add knowledge requirements, which is a hurdle that does not exist [under current FTC rules]."
Yet don't hold your breath waiting for the House to correct the Senate's mistake. "A private right of action is a nonstarter in a Republican House and Senate," one source told Salon off the record. "Consumers would like an opt-in, the real world is opt-out."
But what about that do-not-spam list tacked onto the bill at the last minute? Won't that protect your e-mail address in much the same way that the federal do-not-call list protects your phone line from telemarketers?
No.
"Unfortunately, a lot of the reasons a do-not-call list works do not translate well to a do-not-spam list," says David Baker, vice president for law and public policy for EarthLink, one of the most active ISPs in the fight against spam. Spam costs EarthLink millions of dollars a year, and the company is on record supporting the Can Spam Act. Baker believes the act will help in the fight against spam, but he cites several reasons that a do-not-spam list won't work, most notably the difficulties in finding spammers and the low overhead involved in sending spam. Moreover, the requirement is not that the FTC create a do-not-spam list, but that it study the feasibility of doing so, just as it did with the do-not-call list in 1991, 12 years before the list was finally set up. Worse, the FTC doesn't even think that it can enforce a do-not-spam list.
"This is the key issue we have with a do-not-spam list," says Huseman. "It would be very difficult to enforce. We really don't see that a registry would amount to a big reduction in the amount of e-mail." And in a nightmare scenario, Huseman and others worry that spammers could access the do-not-spam registry to obtain valid e-mail addresses.
Meanwhile, across the pond, the European Union implemented an opt-in anti-spam law on Friday, leaving the United States behind. "If we don't pass a good anti-spam law in the United States," says Mozena, "we're going to run the risk of being the last big Internet nation without one."
About the writer
Mathew Honan is a San Francisco freelance writer. His work has appeared in Mother Jones, the National Journal Technology Daily, and Macworld magazine.
Story finder (3 ways to search Salon)
Salon Directory (browse by topic)