[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]
LEGISLATIVE EFFORTS TO COMBAT SPAM
=======================================================================
JOINT HEARING
before the
SUBCOMMITTEE ON
COMMERCE, TRADE, AND CONSUMER PROTECTION
and the
SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE INTERNET
of the
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTH CONGRESS
FIRST SESSION
__________
JULY 9, 2003
__________
Serial No. 108-35
__________
Printed for the use of the Committee on Energy and Commerce
Available via the World Wide Web: http://www.access.gpo.gov/congress/
house
__________
88-428 U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
----------------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON ENERGY AND COMMERCE
W.J. ``BILLY'' TAUZIN, Louisiana, Chairman
MICHAEL BILIRAKIS, Florida JOHN D. DINGELL, Michigan
JOE BARTON, Texas Ranking Member
FRED UPTON, Michigan HENRY A. WAXMAN, California
CLIFF STEARNS, Florida EDWARD J. MARKEY, Massachusetts
PAUL E. GILLMOR, Ohio RALPH M. HALL, Texas
JAMES C. GREENWOOD, Pennsylvania RICK BOUCHER, Virginia
CHRISTOPHER COX, California EDOLPHUS TOWNS, New York
NATHAN DEAL, Georgia FRANK PALLONE, Jr., New Jersey
RICHARD BURR, North Carolina SHERROD BROWN, Ohio
Vice Chairman BART GORDON, Tennessee
ED WHITFIELD, Kentucky PETER DEUTSCH, Florida
CHARLIE NORWOOD, Georgia BOBBY L. RUSH, Illinois
BARBARA CUBIN, Wyoming ANNA G. ESHOO, California
JOHN SHIMKUS, Illinois BART STUPAK, Michigan
HEATHER WILSON, New Mexico ELIOT L. ENGEL, New York
JOHN B. SHADEGG, Arizona ALBERT R. WYNN, Maryland
CHARLES W. ``CHIP'' PICKERING, GENE GREEN, Texas
Mississippi KAREN McCARTHY, Missouri
VITO FOSSELLA, New York TED STRICKLAND, Ohio
ROY BLUNT, Missouri DIANA DeGETTE, Colorado
STEVE BUYER, Indiana LOIS CAPPS, California
GEORGE RADANOVICH, California MICHAEL F. DOYLE, Pennsylvania
CHARLES F. BASS, New Hampshire CHRISTOPHER JOHN, Louisiana
JOSEPH R. PITTS, Pennsylvania TOM ALLEN, Maine
MARY BONO, California JIM DAVIS, Florida
GREG WALDEN, Oregon JAN SCHAKOWSKY, Illinois
LEE TERRY, Nebraska HILDA L. SOLIS, California
ERNIE FLETCHER, Kentucky
MIKE FERGUSON, New Jersey
MIKE ROGERS, Michigan
DARRELL E. ISSA, California
C.L. ``BUTCH'' OTTER, Idaho
Dan R. Brouillette, Staff Director
James D. Barnette, General Counsel
Reid P.F. Stuntz, Minority Staff Director and Chief Counsel
______
Subcommittee on Commerce, Trade, and Consumer Protection
CLIFF STEARNS, Florida, Chairman
FRED UPTON, Michigan JAN SCHAKOWSKY, Illinois
BARBARA CUBIN, Wyoming Ranking Member
JOHN SHIMKUS, Illinois HILDA L. SOLIS, California
JOHN B. SHADEGG, Arizona EDWARD J. MARKEY, Massachusetts
Vice Chairman EDOLPHUS TOWNS, New York
GEORGE RADANOVICH, California SHERROD BROWN, Ohio
CHARLES F. BASS, New Hampshire JIM DAVIS, Florida
JOSEPH R. PITTS, Pennsylvania PETER DEUTSCH, Florida
MARY BONO, California BART STUPAK, Michigan
LEE TERRY, Nebraska GENE GREEN, Texas
ERNIE FLETCHER, Kentucky KAREN McCARTHY, Missouri
MIKE FERGUSON, New Jersey TED STRICKLAND, Ohio
DARRELL E. ISSA, California DIANA DeGETTE, Colorado
C.L. ``BUTCH'' OTTER, Idaho JOHN D. DINGELL, Michigan,
W.J. ``BILLY'' TAUZIN, Louisiana (Ex Officio)
(Ex Officio)
(ii)
Subcommittee on Telecommunications and the Internet
FRED UPTON, Michigan, Chairman
MICHAEL BILIRAKIS, Florida EDWARD J. MARKEY, Massachusetts
JOE BARTON, Texas Ranking Member
CLIFF STEARNS, Florida BOBBY L. RUSH, Illinois
Vice Chairman KAREN McCARTHY, Missouri
PAUL E. GILLMOR, Ohio MICHAEL F. DOYLE, Pennsylvania
CHRISTOPHER COX, California JIM DAVIS, Florida
NATHAN DEAL, Georgia RICK BOUCHER, Virginia
ED WHITFIELD, Kentucky EDOLPHUS TOWNS, New York
BARBARA CUBIN, Wyoming BART GORDON, Tennessee
JOHN SHIMKUS, Illinois PETER DEUTSCH, Florida
HEATHER WILSON, New Mexico ANNA G. ESHOO, California
CHARLES W. ``CHIP'' PICKERING, BART STUPAK, Michigan
Mississippi ELIOT L. ENGEL, New York
VITO FOSSELLA, New York ALBERT R. WYNN, Maryland
CHARLES F. BASS, New Hampshire GENE GREEN, Texas
MARY BONO, California JOHN D. DINGELL, Michigan,
GREG WALDEN, Oregon (Ex Officio)
LEE TERRY, Nebraska
W.J. ``BILLY'' TAUZIN, Louisiana
(Ex Officio)
(iii)
C O N T E N T S
__________
Page
Testimony of:
Beales J. Howard, III, Director, Bureau of Consumer
Protection, Federal Trade Commission....................... 24
Betty, Charles Garry, President and CEO, EarthLink........... 31
Curran, Charles, Assistant General Counsel, America Online... 35
Hirschman, Kenneth, Vice President and General Counsel,
Digital Impact............................................. 52
Misener, Paul, Vice President for Global Policy, Public
Policy, Amazon.com......................................... 48
Murray, Christopher, Legislative Counsel, Consumer Union..... 60
Rubinstein, Ira, Associate General Counsel, Microsoft
Corporation................................................ 41
Selis, Paula, Senior Counsel, Washington State Attorney
General.................................................... 57
(iv)
LEGISLATIVE EFFORTS TO COMBAT SPAM
----------
WEDNESDAY, JULY 9, 2003
House of Representatives,
Committee on Energy and Commerce,
Subcommittee on Commerce, Trade, and
Consumer Protection joint with the Subcommittee
on Telecommunications and the Internet
Washington, DC.
The subcommittees met, pursuant to notice, at 1:03 p.m., in
room 2123, Rayburn House Office Building, Hon. Cliff Stearns
(chairman, Subcommittee on Commerce, Trade, and Consumer
Protection) and Hon. Fred Upton (chairman, Subcommittee on
Telecommunications and the Internet), presiding.
Members present, Subcommittee on Commerce, Trade, and
Consumer Protection: Representatives Stearns, Upton, Cubin,
Shimkus, Shadegg, Bass, Ferguson, Issa, Tauzin (ex officio),
Schakowsky, Solis, Markey, Davis, Stupak, Green, McCarthy,
Strickland, and Dingell (ex officio).
Members present, Subcommittee on Telecommunications and the
Internet: Representatives Upton, Stearns, Cox, Cubin, Shimkus,
Wilson, Bass, Walden, Tauzin (ex officio), Markey, McCarthy,
Davis, Boucher, Eshoo, Stupak, Engel, Wynn, Green, and Dingell
(ex officio).
Also present: Representatives Burr and Holt.
Staff present: David Cavicke, majority counsel; Ramsen
Betfarhad, majority counsel; Shannon Vildostegui, majority
counsel; Will Nordwind, majority counsel; William Carty,
legislative clerk; Gregg Rothschild, minority counsel; Jonathan
J. Cordone, minority counsel; Peter Filon, minority counsel;
and Nicole Kenner, minority research assistant.
Mr. Upton. Good afternoon. Pleased to hold this joint
subcommittee hearing today with my good friend Cliff Stearns,
Ed Markey and Jan Schakowsky. Today's hearing is entitled,
``Legislative Proposals to Combat Spam.''
I would note that when I returned from our July 4 break, I
found dozens of spam e-mails on my system last night, 3 or 4
times the normal for not cleaning it up for a couple of weeks.
This is a watershed moment for the Congress, and if we work
together as a Congress, I am confident that after many years of
fits and starts we may finally be in a position to respond to
our constituents' plea for help in protecting their in-boxes
from a flood of annoying junk e-mail and, more disturbingly,
the offensive smut.
Efforts in the last couple of Congresses have fallen short,
particularly because of squabbles between committees of
jurisdiction. At the end of the day, we have had some terrific
debates about combating spam but the bills have just died.
Meanwhile, spam has proliferated, consumers patience has worn
thin, and the volume of spam threatens to clog the arteries of
the Internet.
I know every member of this committee and these
subcommittees wants to combat spam. Vice chairman of this full
committee, Mr. Burr, has introduced legislation, H.R. 2214,
which would, at its core, empower consumers to opt out of
receiving commercial e-mail. I would note that Mr. Burr's bill
not only has the support of Chairman Tauzin, Mr. Stearns,
myself and others but even more--well, maybe not more
significantly but certainly important, the Judiciary Chairman,
Jim Sensenbrenner. This is indeed a major development and bodes
well for our efforts to once and for all move beyond the dead
bills and committee squabbles of the past, get legislation to
combat spam signed into law.
I also want to commend Mr. Green and Mrs. Wilson for
introducing their legislation, H.R. 2515. I was pleased to see
that when this bill was unveiled it contained so much common
ground between it and the Burr-Sensenbrenner-Tauzin bill.
Indeed, both bills apply opt-out to all commercial e-mail. Both
bills rely upon the FTC, the DOJ, State AGs and ISP private
rights of action for enforcement. These bills are not that far
apart, and I am convinced that the gaps can be bridged. Both
bills got sequential referrals to the Judiciary Committee, so
it is imperative that we avoid the inner committee pitfalls of
the past if we are going to deliver for the American people.
Based on the fine spadework of Mr. Burr, Tauzin and
Sensenbrenner to reach significant accommodation between the
two committees prior to the introduction of the bill, I believe
to their credit we are much closer to the goal line than ever
before. Mr. Green and Mrs. Wilson's proposal are very similar
in many respects, which I view as a further good sign that Mr.
Burr, Chairman Tauzin and Sensenbrenner came pretty close to
hitting the sweet spot.
Of course, like every other bill, H.R. 2214 was introduced
with the expectation that it likely would be perfected along
the way through the legislative process. That is what hearings,
markups, and house floor consideration--not to mention the
conference with the Senate--are for. Mr. Green and Mrs.
Wilson's bill provides some suggestions on where we can improve
our product, and I suspect that we will hear about some of
those today. For instance, we can tighten definitions to ensure
that we close down any potential and unintended loopholes.
I also support expanding AG enforcement to cover not only
the fraud provisions of the bill but also instances where
marketers fail to put required inclusions in their e-mails and
where marketers fail to honor consumer opt-out requests. I also
think that we can beef up the monetary caps and aggregate caps
on State AG recoveries, and I pledge to continue working with
all members of this committee in a bipartisan manner to make
these and other productive improvements upon the final product
as we continue to work in a cooperative fashion with the
Judiciary Committee.
To paraphrase my old boss, Ronald Reagan, it is amazing
what we can done if you don't worry so much about who gets the
credit. When it comes to combating spam there is plenty of
credit to go around in this committee on both sides of the
aisle as well as in the Judiciary Committee too. Mr. Burr, Mr.
Green, Mrs. Wilson, so many others deserve such credit. So if
we can just learn from the past, work together, avoid the
pitfalls, I am confident we will succeed in delivering anti-
spam legislation to the American people before too long. At
this point I yield to my friend from Massachusetts--maybe I
don't yield to him--Mr. Markey, for 5 minutes for an opening
statement.
Mr. Markey. I thank the chairman very much. This is the
second round for me in a battle against spam, and the last
round was very bitter, it was a multi-year fight, but,
ultimately, I was successful. Because spam is to the Internet
what Spam has been to culinary critics for years. For years,
millions of little kids, and that was my brothers and I in our
house in the 1950's, my mother was constantly serving
unsolicited Spam to my brothers and I.
And telling us it was good for us and telling us just
because she had a monopoly and just because she controlled the
capacity to Spam my brothers and I sometimes 3, 4 times a week,
always unsolicited. And we as consumers had very little ability
to protect ourselves successfully when we were 8 or 9, but by
the time we were 11 or 12 and we were able to organize better,
we ultimately were able to just stop the scourge of Spam. Now,
once again, spam raises its ugly head and consumers out there
are looking for relief from unsolicited invasions, especially
in the privacy of their home where they should have more
control over what it is that has allowed entry into that sacred
domain.
I want to salute the principal sponsors of the spam
legislation that I have cosponsored which has been offered by
Mrs. Wilson and by Mr. Green. I think it is important for us to
work with the other members who are working on other approaches
on this legislation, the chairman and others. This committee
approved spam legislation authored by our two colleagues in the
previous Congress, and I believe the bill they have introduced
in this Congress is an improvement over previous versions. It
is sensible regulation of certain Internet-based conduct and
includes realistic but tough enforcement measures. It will help
to preserve the best of what the Internet offers consumers and
to businesses while helping consumers and industry stem the
tide against the daily deluge of unsolicited commercial e-
mails.
One issue I want to highlight that I believe the Committee
ought to tackle as well is wireless spam. As wireless
technology advances and becomes like the traditional phone
networks and network for sending data, text and images in
addition to voice services, it is predictable that spam will
migrate to wireless services. When a computer user logs on in
the morning and finds 150 spam e-mails and has to spend time
deleting all of these items, it is a clear nuisance. Think
about the prospect of driving home and having your wireless
phone ring and buzz as all of these spam e-mails arrive. It
will be spam that follows you wherever you bring your phone. It
will be even more of a nuisance and more burdensome to
consumers to the extent to which they may pay their wireless
phone company based upon the number of text messages received
or sent. This is a future that is right around the corner
unless we act. It also has become the plague of millions of
wireless users in Asia and other parts of the world. Our
colleague, Rush Holt, has also introduced legislation that aims
to address this issue. I believe that we can tailor a remedy
for wireless spam that recognizes that spam to a wireless phone
is even more intrusive than it is to a desktop computer.
I look forward to working with all of my committee
colleagues on addressing this issue as we attempt to reach a
consensus committee position on the underlying issue. Again, I
want to commend you, Mr. Chairman, Chairman Stearns, and I look
forward to working with Chairman Tauzin and Mr. Dingell and the
other members on this very important legislation.
Mr. Upton. Okay. I now yield to the chairman of the
Subcommittee on Commerce, Trade, and Consumer Protection of
which we have having a joint hearing, Mr. Cliff Stearns from
Florida.
Mr. Stearns. I thank my colleague from Michigan and I
welcome the witnesses and I am pleased to co-chair this with my
colleague, Mr. Upton.
I think no one disputes the great value of e-mail. It has
brought efficiency and productivity to all of us and helped us
in a short period of time, and it has become critical,
ubiquitous, inexpensive and a very effective medium of
communication. It is a communication medium that at least
according to one survey 75 percent of us are not willing to
forgo for even telephone service. The evidence that e-mail is
indeed the killer application of the information and knowledge
age can be found simply in our routines, our daily routines at
work or play, where routinely, like Mr. Upton indicated, is
going through our e-mails and deleting what we have to do.
But, of course, a lot of this is filled, our e-mails are
filled with unwanted e-mails asking us to buy certain products
ranging from the real products to the absurd. I guess I
personally don't have a problem with the marketing per say.
After all, a consumer-based economy is highly dependent on
marketing to differentiate the array of goods that we have and
services to the consumers. But I think the problem is twofold
after you look at it from there.
First, the marginal cost of sending the additional e-mail
is just about zero. Senders of commercial e-mail have no
incentive to target their marketing. Thus, the networks and
systems that support e-mail are flooded with these e-mails.
Recent estimates suggest that as much as half of all e-mails
are composed of such commercial solicitations. Now, someone
bears the cost of this voluminous unwanted solicitations, and
of course that someone, ultimately, is the consumer, the user
of e-mail. We will pay, as the e-mail service providers buy
more equipment. They will pass it on to us. We will also pay,
all of us, in lost time and productivity--the time we have to
go through and delete those all these e-mails.
The second problem that I see is that e-mail communications
make accountability a lot more difficult. Unscrupulous people
use it to advance fraudulent and deceptive acts, and even good
commercial actors are tempted to take advantage of this lack of
accountability.
So I think targeted legislation that can bring about a
greater level of accountability to e-mail communications is
good. I think H.R. 2214 is that bill. It enjoys the support of
a lot of members, including the chairman of this committee as
well as the chairman of the Judiciary Committee, which is very
important. This type of cross-committee cooperation is very
important. It is necessary in order for us to enact finally
this legislation on spam. I am also pleased that some of the
leading voices for anti-spam legislation, indeed pioneers in
this effort, colleagues on my committee, are also interested in
trying to work through and pass legislation finally. I am
particularly talking about the gentlelady from New Mexico, Ms.
Wilson, and my colleague, Mr. Green and Mr. Boucher. So we have
an opportunity for a bipartisan bill.
I believe that effective Federal legislation should bring
about greater accountability as a bottom line. That greater
accountability can be achieved by strengthening existing laws--
making sure that fraud and deception is prosecuted and
subjected to severe penalties. In addition, I think that
legislation should encourage accountability through adoption of
certain best practices by e-mail marketers. I know a number of
witnesses today have their own thoughts on this issue. I have a
proposal that I think would advance best practices in the
market and in turn inject greater accountability. So I hope to
discuss this proposal later.
In conclusion, with an observation I think that our witness
will probably confirm, legislation is only one part of the
solution. I think many of you on the witnesses out there could
propose a technical solution. Technology, consumer education,
industry cooperation, in my view, are the key tools in
combating spam and injecting real and effective accountability.
We must also consider the transnational dimensions of spam. It
is an international problem that will require increased
international cooperation to combat. So I hope to introduce
bipartisan legislation before August recess that would
strengthen the Federal Trade Commission's ability to address
the growing problem of transnational fraud, including spam that
is not home grown. Thank you.
Mr. Upton. At this point, I would recognize the vice chair
of the Subcommittee on Commerce, Trade and Consumer Protection,
the gentlelady from Illinois, Ms. Schakowsky.
Ms. Schakowsky. Ranking, actually, but that is good.
Mr. Upton. I am sorry.
Ms. Schakowsky. No, that is all right.
Mr. Upton. I am sorry, the ranking member.
Ms. Schakowsky. No. I thank----
Mr. Upton. We thank you all on this side of the aisle. We
will get that voter registration changed in Illinois.
Ms. Schakowsky. I thank Chairman Upton and Chairman Stearns
for holding this hearing today on spam. I wanted to ask
unanimous consent to place in the record a statement by
Congressman Rush Holt, which focuses on wireless spam.
Mr. Upton. Without objection.
[The prepared statement of Hon. Rush Holt follows:]
Prepared Statement of Statement of Hon. Rush Holt, a Representative in
Congress from the State of New Jersey
I am pleased that the Subcommittees have convened this joint
hearing to explore ways to address the mounting problem of unsolicited
e-mail advertising, or spam, which has become perhaps the biggest
nuisance of the Information Age.
I urge the committee to include in their legislation provisions to
combat a related problem that has gotten out of hand in some countries
and is growing ever worse in the U.S.--spam sent to wireless phones
through text messaging.
The Japanese are already fighting off a tsunami of cell phone spam.
On one recent day, the 38 million customers of the largest Japanese
wireless company, NTT DoCoMo, received 150 million pieces of spam. Even
today, after passage of anti-spam laws in Japan, DoCoMo's subscribers
still receive up to 30 million wireless spam messages each day. This
has caused millions of Japanese wireless phone users to simply stop
using their cell phone service.
So far, U.S. cell phone users have been largely spared this torrent
of annoying, unwanted messages. I presume this is because a lot of
telemarketers don't believe there are enough text-capable cell phones
in the country. Most new phones are text capable, however, and the
number of text messages sent in this country has been rising rapidly,
quadrupling from 250 million messages sent in December 2001 to 1
billion messages sent in December 2002. 17% of cellular customers,
about 23 million people, currently use text messaging--including 45% of
cell phone users in the lucrative 18-to-25-year-old category. Direct
marketers are already beginning to salivate.
I have introduced the Wireless Telephone Spam Protection Act as
H.R. 122. This bill is intended to launch what could be called a
preemptive attack against wireless spam before it spins out of control
in the United States. Congress too often acts once the fire is already
lit. This time, we should put the fire out before it gets out of
control.
I want to emphasize that not only should anti-spam legislation
incorporate wireless spam, it should also set stronger penalties and
consumer protections. Under most wireless plans, consumers pay for each
message they receive--they're paying to be spammed. That is why
consumers should not have to opt out of text message spam after they've
already received it, but instead should only receive those messages
they choose to get.
Mr. Markey has recognized the importance of addressing the wireless
spam problem, and he has informed me that he intends to address it
during markup. I want to express my appreciation to Mr. Markey for his
efforts and for all of his leadership on telecommunications issues.
I hope we can stop the wireless spam tsunami before it floods us
all.
Ms. Schakowsky. My constituents have contacted me about how
much they hate spam, and it is important to note that spam is
more, however, than just a time-consuming nuisance to people. A
great deal of spam is fraudulent and obscene. According to the
Wall Street Journal and Reuters, 50 percent with children with
e-mail accounts receive e-mail with pornography. Under the
current law, parents are virtually powerless to stop their
children from receiving inappropriate and disturbing
solicitations. We need to give parents the tools to protect
their children. First Amendment rights need to be protected,
but predators that target our children and grandchildren must
be prevented from contacting them in the first place.
Spam has also provided enormous opportunities for scam
artists. Shamefully, many spammers take advantage of senior
citizens and children. This past April the FTC released a
report analyzing false claims made in spam. The FTC analyzed
1,000 pieces of spam and found that 66 percent contained
deceptive information. The FTC and State law enforcement
agencies need broader enforcement authority to go after all bad
actors regardless of where they make their pitch--from the
Internet, on television or in the newspaper. Cyber criminals
need to be held accountable.
It is important to note that spam is a problem that extends
far beyond fraudulent and obscene. We are all overwhelmed with
solicitations for loans and various products and Viagra.
Consumers do not want to receive e-mails from these businesses.
Maybe some do but those who don't should be able to opt out of
receiving future solicitations if they wish. Unwanted spam also
hurts our economy. It clogs networks and it causes entire
networks to crash. Experts estimate spam will cost U.S.
businesses over $10 billion this year. The problem will only
get worse over time. According to industry experts, the volume
of spam rose from 8 percent of all e-mail in January 2001 to 45
percent in 2003. Spam is likely to exceed 50 percent of all e-
mail by 2004. It is clear it is a major problem. The question
is what can we do to help our constituents and stop spammers
from sending unwanted solicitations while at the same time
ensuring that e-commerce remain vibrant.
Spam is a very difficult problem to solve partly because it
is hard to track down many of the culprits. A great deal of
spam is sent from abroad, and many spammers do not have fixed
addresses, are difficult to track down. But I am glad that we
are taking action. I am a co-sponsor of 2515, the Anti-Spam Act
of 2003, and I support the bipartisan bill because it gives the
FTC and State attorneys generals strong enforcement powers, has
a comprehensive opt-out provision and has a clear definition of
what types of commercial e-mail should be regulated. I want to
just list a couple of concerns, though, that I have about 2214
in its current form and hope that they can be worked out.
One, it limits the amount of damages that an attorney
general can pursue from the spammer that violates the law.
Second, it prevents from States from enforcing the opt-out
list. Third, it forces the FTC to establish a knowledge
standard before issuing an injunction. Fourth, it applies only
to e-mails that have a solicitation as a primary purpose, and I
am afraid companies will be able to bury solicitations in their
e-mail, that people will find the loopholes.
So I look forward to working with all my colleagues on both
sides of the aisle on this problem. We were able to do the do
not call list and that helped the FTC and passed legislation
that helped the FTC to implement it. We have gotten an
overwhelming positive response and now it is time to tackle
spam. It is clear that we need to take action before the
problem gets worse. Thank you, both chairman.
Mr. Upton. I recognize the chairman of the full committee,
Mr. Tauzin from Louisiana.
Chairman Tauzin. Thank you, Chairman Upton, and thank you,
Chairman Stearns, for holding this important joint hearing
today. I wish that Mr. Markey was still here because once again
today I have to defend--oh, you are here, you are back--I have
to defend someone against another unfair, unwarranted,
unreasonable political attack, this time the mystery meat known
as spam. I heard you, Mr. Markey, talk about how growing up you
and your brothers were subjected to unwarranted and unwelcomed
and unsolicited adventures with the mystery meat known as Spam.
That never troubled me as a young man. Before there was trail
mix, before there was power bars, as a young hunter and
fisherman there was Spam, and we loved it and enjoyed it and
still do. What upset us the most was powdered meat. Now, that
really--I never could understand--I mean if you want meat, you
should get meat, you should not get powder. I never understood
that when I was a child.
Mr. Markey. Yes. Well, we didn't have those cajun spices
that kills the taste, you see. I mean in an Irish home you eat
it straight. There is no extra----
Chairman Tauzin. Yes, meat and potatoes, I know. And then
the other thing that really got us was Vienna sausage, I mean
unsolicited Vienna sausage. Why Vienna? I mean we had Aunt
Doolie sausage, we had great venison sausage, we had every kind
of sausage you can imagine.
Mr. Upton. Did you have a cat or something?
Chairman Tauzin. Huh?
Mr. Upton. Didn't you have a cat or something that could
eat some of that?
Chairman Tauzin. I thought you were saying something else.
Bottom line is we had other things to object to besides the
mystery meat, Spam, and I want to defend it; it is still a good
product. But when it comes to unsolicited e-mails spam is
obviously a scourge.
If our house is our castle, our castle is under siege right
now, it really is. I mean we have gone after some who have put
it under siege. We helped pass the telemarketing do not call
list and Americans are calling like crazy to get on that list
and to stop unwarranted, unsolicited telemarketing calls. We
have allowed every citizen in the country to call the post
office and stop the junk mail from hitting my mail box. We can
say no to unwanted visitors, to unwanted telemarketing calls.
We can say no to unwanted postal mailings into our mailbox. It
is time we give Americans a chance to say no to unwanted e-
mails. It is that simple. And the bills we are working on are
going to do that and give Americans a new right.
And we have finally got concurrence with the Judiciary
Committee, we are working on a common product. I really want to
thank Mr. Burr and Mr. Upton and Mr. Stearns and all the
members who worked to negotiate that product with the
Judiciary. I want to thank Mr. Dingell, and I particularly want
to thank Ms. Wilson for their assistance in these negotiations.
They are still going on, we are still getting concessions. I
think we are getting closer and closer to a final product that
is going to join the Wilson-Green effort with the effort our
two committees are making, and instead of having a product that
is blocked at another committee from getting to the floor, now
we will have a joint committee product. We will have a product
on the floor, and the Senate is likely to pass the product. We
are likely to get some real action on this issue this year, and
I want to thank you all for it. I particularly want to commend
Ms. Wilson for again being an outstanding leader on this issue
as she was last year, last Congress, and to commend all of you
for recognizing that this is not going to happen if we fight
committee battles over it. It is going to happen when we all
come together.
I particularly want to point out the three features of this
bill quickly. It creates consumer choice for the first time in
this area, it has got huge new anti-fraud provisions. And by
the way, we have been improving them in these negotiations,
including new rights for the AGs of our State, strong
enforcement provisions, and as Mr. Markey pointed out, it
begins to do something now about a problem that has already hit
Europe, already hit Asia, it is really big in the common market
already, and that is the problem of wireless spam, which we
expect is going to be a huge problem in this country if we
don't cut it off in its tracks. And we have begun that process
in this bill.
So when you think about the fact that this bill is now
coming together in such a great bipartisan way and more
importantly between our two great committees of Judiciary and
Commerce, we have got a real chance to give consumers a real
chance to defend their Internet castle from this siege that so
many are under.
I have been asked is this an attack on the First Amendment,
the free speech amendment? It is not. This is about the right
to listen or not listen. Husbands understand that. We call that
selective hearing, and wives get real angry with us when we do
it. But Americans have always enjoyed the right to turn it off,
not to hear, not to listen. That doesn't affect people's right
to speak. They can speak all they want. You don't have to
listen if you don't want. What we are talking about in this
case is--on the Internet--your right not to receive information
you don't want, particularly when it is egregious and offensive
information, in many cases, into your home, the same way you
can say no to those kind of products when people sought to
deliver them over the mail or in a telephone conversation.
So this is a great effort, and I want to thank our two
subcommittees for working as closely as they have and for so
many of you, Mr. Green, and for so many of you coming together
and trying to find a common product. We are going to have one
next week, and we will deliver a great victory to the floor,
and eventually we will have the signature of the White House
and Americans will be better off for it. God bless you. Thank
you.
Mr. Upton. Recognize the ranking member of the full
committee, the gentleman from the great State of Michigan, Mr.
Dingell, for an opening statement.
Mr. Dingell. Mr. Chairman, I thank you, and I commend you
and Chairman Stearns for holding this hearing today. Spamming,
cramming, slamming, they are all unacceptable practices, and I
want to say to my colleagues, the chairman of the committee, to
the gentleman--rather to the gentlewoman from New Mexico, Ms.
Wilson, to my two friends, the chairmen of the subcommittees,
Mr. Green, and to the others, including my dear friend Mr. Burr
who have worked on this matter. I commend them and I am
appreciative of what it is they have done.
I want to observe that this committee has made a
significant effort to combat spam. During the past two
Congresses we have reported legislation to protect consumers
from the increasing amounts of commercial e-mail that fill in
their in-boxes. Unfortunately, the legislation has yet to make
it to the President's desk. I hope this year will be different.
I would note that we are engaged in a discussion with members
of the Judiciary Committee because of a rather unfortunate
shared jurisdiction on this matter. I would note that the
position of the other committee is one which strongly favors a
much weaker and much less protective bill of the rights and the
concerns of American consumers.
As all of us are aware, the amount of spam clogging the
information networks of this Nation has risen several fold
since we last considered legislation on this matter. In fact,
the volume has increased to such levels that it is degrading
the usefulness of e-mail as a quick means of communication. For
this reason, the call for action has constantly grown. Indeed,
spam legislation now enjoys broad support across the political
spectrum, even from industry groups that once opposed it. I am
confident that the resolve of this House to pass strong
legislation has increased and will grow as the people make
their wishes and their concerns known.
Today we find ourselves examining two bills. The first,
H.R. 2515, is a strong bill put forward by two of the leaders
on this issue: Mr. Green and Ms. Wilson. I am pleased to join
with them and a bipartisan majority of the committee who are
co-sponsors of the bill on which they are so well leading. The
second, H.R. 2214, was introduced by my dear friend, Mr. Burr,
along with Chairman Tauzin and Chairman Sensenbrenner. This
bill has several unfortunate weaknesses. I remain hopeful that
the competing bills can be reconciled into one strong bill. And
I want to make clear my affection and respect for the sponsors
of all of the legislation I discussed.
Four criteria will tell us whether a compromise bill would
provide immediate protection for consumers and would prevent
network congestion. First, it must afford State attorneys
general and the Federal Trade Commission, FTC, full enforcement
authority over each provision in the bill. Lack of enforcement
is simply to assure that we pass out nothing but a sham and a
fraud. The Burr-Tauzin bill, and I say this with respect for
its authors, fails to do this. It is unnecessary and wholly
unprecedented to place arbitrary caps on the damages that State
attorney generals may seek from serial spammers.
And I have a couple of words to say about serial spammers
and folk like that. We have a number of different things in
this world for which we have no great affection. One is
cockroaches and another is spammers. The Bible doesn't say what
we can do about cockroaches, so we regard them as pernicious
pests and step on them at every occasion. And it does tell us
that we have to be kind to our fellow man. It doesn't say that
we have to tolerate them clogging our in-boxes in our different
electronic devices with the kind of nonsense and sometimes
pernicious stuff that they dispense to their fellow citizens.
And so we can step on them at least figuratively by bringing to
a halt some of the more outrageous of their practices. I
believe that the legislation that we are going to confront
today has to address this fact.
Second, the legislation should apply to all commercial e-
mail, and it should not contain limiting purposes or limiting
primary purpose language that is found in the Burr-Tauzin bill.
From a consumer's perspective, spam is spam, and in my
experience, consumers find no distinction between good spam and
bad spam. They call it all bad spam. The Burr-Tauzin bill would
create a new category of legalized spam that would be exempt
from the opt-out provision and from State regulation. I don't
know anybody except those who would benefit from this that want
this kind of arrangement. Smart marketers would seize this
loophole to create spam that fits within this definition and is
exempt from law.
Third, the bill should also contain strong language
protecting consumers, particularly children, from unwanted
sexually oriented e-mail. Only the Wilson-Green bill ensures
that consumers will not be required to view offensive material
before opting out. This language is then critical and is
crucial to a successful piece of legislation.
Fourth, the bill must contain a sufficiently broad
definition of affiliates so that consumers are not required to
opt out of each affiliates' operation within a giant
corporation. Let me take one for example: Citigroup has
hundreds of affiliates, and Burr-Tauzin bill would require a
consumer to individually opt out of each affiliate. These
affiliates are functioning oft-times out of common mailing
centers, are functioning together with coordinated operations,
but the consumer will be propelled to submit to serial
annoyances from each of them and to be like a fellow swatting
flies to try and get a little bit of peace.
In contrast, the Wilson-Green bill takes a much more
sensible and consumer-friendly approach, one that the American
people want. Simply stated, if affiliates can share a
consumer's e-mail address, then they can also share that
consumer's request to opt out of future spam. Very simple. If
they can share it, they have to share two things: One, the
address, and, two, the demand of a citizen which must be
respected that they stop this nonsense.
In crafting a compromise, we must remember that the twin
purposes of this bill are to protect consumers from unwanted e-
mail and to help unclog our communications network. A bill that
does not provide for strong enforcement or that creates a
category of government-sanctioned spam will not achieve either
of these important purposes which I strongly support. I would
note that it will not stop the flood of filth on the Internet
also. I, therefore, look forward to the witnesses' testimony on
the two bills, and I urge my colleagues to make ready for a
fight. Let us win this and let us stop this nonsense now. Thank
you, Mr. Chairman.
Mr. Upton. The gentleman's time has expired. I would note
that we have three votes on the floor, which we will go for 1
or 2 more speakers if we can. But I also remind members that if
they defer their opening statement, they will get an extra 3
minutes bonus for their first round of questioning. So let me
just start that procedure. Mr. Shimkus?
Mr. Shimkus. Thank you, Mr. Chairman. I am going to keep
this short and I will take my opening statement. Two things are
wrong. Spam delegitimizes the Internet as a viable marketing
took, one. And worst of all, it exposes children to content
that may be harmful for them to view or see, and that is one of
the provisions in my colleague and good friend, Congressman
Wilson and Congressman Green's bill that I would like to see
become part of the law is that the Centers of Sexually Explicit
Material include a warning label that lets the recipient know
he or she will be going to a sexually explicit web site. This
will help stop the brazen spammers who embed sexual material in
the actual content of their e-mails.
This gives me also an opportunity to talk about the dot-
kids-dot-us, which Congressman Markey and I and Congress Upton,
which will come online we believe in September, which is a tool
to help parents make sure that there is age-appropriate
material for their kids when they are going through the web
sites. So this is my opportunity to encourage all of you that
don't know about dot-kids-dot-us or you companies in industry
and interest groups, that is going to be a good opportunity to
make sure your material is--if you want access to kids, that it
is going to be suitable for children. So with that, Mr.
Chairman, thank you for the time. I yield back.
Mr. Upton. Okay. Mr. Boucher.
Mr. Boucher. Thank you very much, Mr. Chairman. Spam is no
longer just a nuisance to consumers. It has truly become an
epidemic that carries a large economic cost. Today more than 40
percent of all traffic on the Internet in terms of electronic
mail is spam, and it is anticipated that very soon that number
will exceed 50 percent. For example, AOL and Microsoft
intercept each day more than 2 billion spam messages just
between those companies.
A solution is needed that will protect consumers and
businesses and punish the abusers. Such a solution must include
at a minimum three important factors: Vigorous enforcement, a
workable definition of spam and strong consumer protections.
First, spammers will not be deterred unless there is strong
enforcement. I was recently pleased to join with 29 of our
committee colleagues, a bipartisan majority, including
Representatives Wilson, Green, Dingell, Markey and others, in
introducing the Anti-Spam Act of 2003. Our legislation ensures
that Internet service providers, State attorneys general and
the Federal Trade Commission are given full authority to
enforce vigorously all aspects of the Anti-Spam Act.
Legislation without such enforcement is a tiger without teeth
and will not stop spam abuse. Any legislation with strong
preemption, which this bill, in fact both of these bills
contain, must be matched by strong enforcement. Otherwise the
States would lose their current authority to act in the
consumer interest.
Second, any legislation to reduce spam must define spam
broadly enough to include what consumers normally considered to
be junk mail. Common sense dictates that spam is commercial e-
mail that consumers do not want in their in-boxes. Accordingly,
spam legislation must provide consumers with an ability to opt
out of any e-mail with commercial content that they do not
want. Alternative legislation takes a very narrow approach to
the meaning of spam by defining spam as e-mail whose primary
purpose is commercial, which, in effect, becomes a legal
charter for companies to continue to flood in-boxes and burden
ISPs.
Third, the consumer opt-out must be simple and it must be
effective. Out legislation does not require a consumer to opt
out of each affiliate of a company in order to stop receiving
unwanted e-mail. If a consumer does not want to receive a e-
mail from a company of all 100 of its affiliates, a single opt
out should be effective. The alternative legislation would
require the 100 opt outs.
These three factors, vigorous enforcement, a common sense
definition of spam and strong consumer protections, are
essential as elements of legislation that will be effective in
fighting spam. It is my hope that prior to committee markup we
will be able to achieve consensus on these matters so that a
broadly supported and truly effective measure can be presented
to the House, and I look forward to working with our colleagues
who are authoring both of these measures in order to achieve
that goal. Thank you, Mr. Chairman. I yield back.
Mr. Upton. Thank you. I would note that we have three votes
that are pending. We have 9 minutes left in the first vote.
Immediately when the three votes are done we will resume, which
I would guess will be about 2:10. So we will stand adjourned.
[Brief recess.]
Mr. Stearns. The joint hearing of the Subcommittee on
Telecommunications and the Internet and the Subcommittee on
Commerce, Trade, and Consumer Protection will reconvene, and we
will continue with the opening statements. The gentleman from
California, Mr. Cox.
Mr. Cox. Thank you, Mr. Chairman. I want to welcome back
our panel and thank you for your forbearance during our floor
votes. It is a very distinguished panel and we look forward to
hearing from you. I want to thank you, Mr. Chairman, thank
Chairman Upton as well for holding this important hearing on a
maddening problem for all of us.
Anyone who uses the Internet appreciates the time that our
esteemed panel has devoted to studying this issue. Thank you
also to Chairmen Tauzin and Sensenbrenner and of course Mr.
Burr, the author of H.R. 2214, for your hard work in seeking to
stem the rising tide of spam.
I think Mr. Burr and his cohorts in this effort were very
wise in choosing not to create a national do-not-spam list. I
say that because while I favor such lists in the context of
unwanted telephone calls and faxes, the nature of the Internet
and more importantly the nature of most egregious spammers
strongly suggest that offshore operators, criminal
organizations frequently running fraudulent enterprises, would
simply use the do-not-spam list as a useful list of new e-mail
addresses, a fresh set of victims for their unwanted and often
repulsive communications.
Speaking of repulsive communications, I would also like to
commend the sponsors of H.R. 2214 for creating tough civil and
criminal penalties for pornographers who falsify header
information. When someone presents a false identity or
disguises the content of their e-mail by failing to include a
warning label, we should throw the book at them. There are
people who like pornography and there are people who abhor it,
but no consumer should be misled or tricked by it. For that
reason, I intend to work with the sponsors of the bill to go a
bit further and apply to e-mail the same standard the law
currently applies to physical mail. Congress should outlaw the
sending of unsolicited pornography.
The authors of H.R. 2214 also deserve great credit for
ensuring that the cure to spam isn't worse than the disease.
Specifically, the authors deserve credit for limiting the
ability of class action lawyers to profit from spam. We have
already seen how unscrupulous trial lawyers have profited
handsomely from unwanted faxes thanks to a loophole in the 1991
law that was intended to prevent them. Despite the lawyers
getting rich, my constituents still write to me asking for
relief from unwanted faxes. The Burr-Tauzin-Sensenbrenner bill
wisely focuses its attention on helping consumers rather than
simply authorizing lawyers to collect a new litigation tax. The
great strength of H.R. 2214 is that it empowers consumers and
Internet service providers, the people bearing the costs of
spam in time and in hassle. It will create harsh penalties for
those who inflict these costs.
Finally, Mr. Chairman, I would note that spam doesn't have
to be commercial to be annoying, to be costly or to be
burdensome. Last week, I am sad to report the California
Supreme Court in my home State issued a most peculiar ruling
that needs legislative correction. The court held that the
owner of a private computer network cannot use the law of
trespass to prevent an intruder from sending 200,000 e-mails
into that network. In this case, the network made repeated
requests to the spammer to cease and desist, but the court said
it could not find economic harm. I will soon introduce
legislation to correct this injustice and ensure that
trespassing is trespassing, whether the property is a piece of
land or a computer server. I hope that the authors of H.R. 2214
will consider this provision for inclusion in the final mark. I
yield back, Mr. Chairman.
Mr. Stearns. Thank the gentleman. Mr. Stupak?
Mr. Stupak. Thank you, Mr. Chairman, and I would like to
thank both chairmen for holding this hearing today, and I want
to welcome our distinguished witnesses. Unfortunately, I will
be in and out so I want to make this opening statement now, as
I have a number of matters up in my office I have to attend to.
I am concerned that this is now the third Congress in a row
that this committee has addressed this issue, held hearings,
markups and expressed commitment to combating spam. Yet while
the flood of unsolicited e-mails is only growing, ISPs becoming
more and more overwhelmed and consumers more aggravated, this
committee seems to be moving in the wrong direction.
I commend the chairman of the full committee and Mr. Burr
for working on legislation to combat spam, but I am concerned
that this bill is weaker than the legislation that has come
through this committee in the past. I believe that the bill
falls short due to insufficient enforcement and inadequate
protection to consumers. Furthermore, we must do all that we
can to protect parents and children from harmful pornographic
e-mails, and this bill does not provide such protection. This
is not the direction in which we should be going. This problem
of spam is too big and too expensive to provide piece meal
enforcement and inadequate remedies.
Last, I remain concerned that unlike the bills in previous
Congresses, this bill, or the bills pending before the
committee today, do not contain a private right of action. I
co-sponsored the legislation introduced by Representatives
Wilson and Green. This bill has a number of--a good number of
Democrats and Republicans on this committee in support of this
legislation, and I am pleased that efforts were made to
strengthen enforcement and provide protection from harmful
pornographic e-mail in this legislation. However, unlike the
last speaker, I would like to note that I think we should go
even farther and provide for a private right of action and in
fact for class actions. We must equip all injured parties with
the tools they need to take action and ensure that we do not
leave consumers out in the cold without an individual remedy. I
look forward to hearing from the witnesses today about these
bills and other measures that may be necessary in order to
address this growing problem. Thank you, Mr. Chairman.
Mr. Stearns. I thank the gentleman. I believe the
gentlelady from New Mexico, Ms. Wilson. I remind all members
that the opening statement is about 3 minutes, and we urge all
of you, so we can move forward here because we got a late start
because of the full committee markup and we are trying to get
to our witnesses who have patiently waited through votes, and
so I urge all of you to put it in part of the record if you
can. Thank you.
Ms. Wilson. Thank you, Mr. Chairman. I will submit a more
complete statement for the record, but I do want to set a
little bit the context in which we are meeting here today. Five
years ago, Mr. Green from Texas and I started working on then
what was a pretty obscure but annoying problem: spam or junk e-
mail. In the 106th Congress, we were able to pass the Wilson-
Green bill by 427 votes to 1, but the Senate did not take it
up. And in the 107th Congress, our bill, H.R. 718, passed this
committee by a unanimous voice vote and was scheduled for the
floor the week of September 11. In this 108th Congress, we have
now introduced H.R. 2515. It now has 56 co-sponsors, including
30 of the 57 members of this committee--10 Republicans and 20
Democrat co-sponsors. A majority of this committee is a co-
sponsor of the bill.
What was an obscure issue in 1998-1999 by 2001 started to
become a serious problem when it was estimated that 7 percent
of all e-mail was junk e-mail or spam and is now overwhelming
consumers on the Internet with estimates being 40 to 50 percent
of e-mail being spam on the Internet at a cost of some $10
billion per year, all of that cost paid for by the recipients
and not by those doing the advertising. Fifty percent of
children between 7 and 18 years of age report getting
pornographic spam in their e-mail boxes, and we have seen in
the last couple of years that the promise of technological
solutions have failed. Even if you are blocking 80 percent of
the spam with your filtering technology, the 20 percent that is
getting through is still overwhelming people's in-boxes. We are
now at the tipping point, I believe, where we are actually
discouraging use of e-mail, impeding commerce, and e-mail is
now becoming not a reliable or useful communications tool.
So what must good policy do? I think it has to have a
strong civil and criminal penalties for fraudulent e-mail. We
have to make sure that we protect consumers and children
particularly from sexually oriented messages. We have to have
clear definitions without loopholes on what spam is. If the
technical loopholes are the joy of spammers today, we certainly
don't want to create legal loopholes for them to be exploited
by spammers tomorrow. Consumers have to have a right to say,
``No. Take me off your list.'' And that right has to be
respected and enforceable. We have to have strong enforcement
mechanisms, particularly if there is no private right of action
in the bill.
I think we are at a tipping point. If we don't get strong
anti-spam legislation this year, the problem may rapidly be
getting to such a point that only an outright ban or an opt-in
approach will be enough. You know, it might be reasonable to
ask people for one or two opt-outs a day to protect their
rights and protect the rights of free speech, but is it
reasonable to ask a consumer to have to do that 100 times a
day? Possibly not, and I think we are rapidly getting to that
point where we may have to take more extreme action analogous
to the junk fax law if we are unable to get meaningful
legislation passed in this Congress.
Spam has become a significant problem that threatens to
cripple the Internet and the worldwide e-mail system and it is
about time we address it.
Mr. Stearns. I thank the gentlelady.
Mr. Davis from Florida. The gentleman passes.
Mr. Green? Mr. Green is not here.
Mr. Wynn.
Mr. Wynn. Thank you, Mr. Chairman. I really appreciate you
calling this hearing today. Let me just make the observation
that combined with our efforts on the do not call list, this
effort against spam could make us a truly pro-consumer
committee. Spam e-mails are unsolicited advertisements that
flood the Internet in an attempt to advertise an issue or
product to people who may not otherwise choose to receive it,
and cost a tremendous amount of money. It accounts for about 50
percent of e-mail traffic, and this number is only expected to
rise. Just today, a staffer said she had received over 78 spam
e-mails before lunchtime.
Spam e-mails, as opposed to junk mail, costs the sender
very little to distribute, with most of the costs paid for by
the recipient through increased Internet access, cost and time.
According to the Fight Spam! web site, AOL was receiving 1.8
million spam e-mails from a single company each day until AOL
got a court injunction to stop it. Just this one example cost
AOL consumers 5,000 hours of connect time daily to discard this
spam.
Additionally, fighting spam has emerged as a leading
business issue. One reported estimate found that spam cost
businesses up to $10 million each year primarily due to the
implementation of anti-spam technology and lost productivity.
The issue of spam is not simply limited to annoying
advertisements. It may also be a catalyst for fraud. An article
in the Jefferson City, Missouri News Tribune recently outlined
a national spam scam. The sender sent an e-mail to many
consumers stating concern over a credit card purchase at Best
Buy. The e-mail instructed the individuals to visit a special
web site to resolve the situation by entering their credit card
and social security numbers. As a result, Best Buy fielded
thousands of calls from consumers regarding the fraudulent e-
mail and needed to tell them to disregard the message or, if
they had already entered their personal information, to notify
their banks, credit card companies and the FTC's identify theft
program. The scheme cost Best Buy and consumers time and money.
Luckily, authorities were able to shut down the web site within
2 hours, however much damage had already been done. The Tribune
equated the scam to an electronic hit and run.
I am very pleased to be a co-sponsor of the Wilson-Green
anti-spam measure to protect consumers against spammers. This
is a measure that would provide effective spam counter measures
and enforcement measures against those individuals who
fraudulently e-mail consumers. The bill would allow consumers a
real opt-out solution and afford the Federal Trade Commission
and, importantly, State attorneys general and the Internet
service providers full enforcement authority over the bill's
civil provisions, providing a much needed enforcement
mechanism.
I look forward to hearing from our panelists and learning
more about how we may fight spam and continue our tradition of
being true consumer advocates. I relinquish the balance of my
time.
Mr. Stearns. Thank the gentleman. The gentleman from
Arizona.
Mr. Shadegg. I thank the chairman and commend him for
holding this hearing. I also commend the chairman of the
Subcommittee on Telecommunications and the Internet. I think
this is a critically important topic, and I believe it is
important that we move legislation as quickly as possible. I
will insert my full statement in the record, however, before
doing so I want to thank our witnesses for appearing today. I
look forward to their testimony, and I want to associate my
remarks with those of the gentleman from California, Mr. Cox. I
believe in fact we can go a little further in this legislation,
and I share his concern about unsolicited pornographic
material. And with that I yield back the balance of my time.
Mr. Stearns. I thank the gentleman.
The gentleman from Texas.
Mr. Green. Thank you, Mr. Chairman, and I understand we
have reduced our opening statements to 3 minutes, and I will be
brief as I can and ask permission to have the full statement
put in the record.
Mr. Stearns. By unanimous consent, so ordered.
Mr. Green. My colleague, Congresswoman Wilson and I have
been working on this. This is our third term on this, and I
want to thank her for the cooperation we have done, and it
looks like we are going to be able to pass strong legislation,
and that is what I would hope to see. I know that our hearing
will talk about the two differences between the Wilson-Green
legislation and the H.R. 2214, the Burr bill, and at last count
we have at least 25 members of our committee, 10 Republicans
and 19 Democrats which I believe is the majority that has co-
sponsored our bill, and I hope that after publicly defining
clear differences, that the negotiations will continue. We have
had some very successful negotiations to reach a consensus
committee position.
The Wilson-Green bill is about closing loopholes and
putting real teeth in anti-spam policy. We all know the urgency
of the problem. It is all over our front pages; in fact, in the
latest Consumer Reports talked about how to stop spam. Three
sessions ago when we started on this, we thought the--I
actually thought maybe technology could deal with it, but we
now know that technology can't do it. Otherwise we wouldn't
have all the ISPs here interested in passing as strong a bill
as possible.
Many of my constituents are lower income and minority folks
who draw on these new technologies for communication and
information benefits. If people new to the Internet continue to
meet these online scams that we have, offensive material and
the burden of overwhelming spam, they will be turned off and
not take advantage of these new technologies. That is why it is
so important.
I would hope to have our principles, one, I think we need
to empower the States. The States are doing some really
innovative efforts, but at the same time provide Federal
solution to the problem of spam. And, ultimately, as the
chairman said, do something internationally with our neighbors
who also have the same problem. With that, I will yield back my
time and will place my statement in the record.
Mr. Stearns. I thank the gentleman.
The gentleman from California, Mr. Issa.
Mr. Issa. Thank you, Mr. Chairman. I will be brief. I am
pleased to have this opportunity today to discuss the growing
problem, the epidemic growing problem of electronic junk mail,
or spam. In the years that I spent in the electronics industry
and running a small business, I watched the Internet and e-mail
grow, but it was only toward the end of my time in the private
sector that spam began to become a real and ongoing problem.
Today, an entire industry is trying to deal with this problem
and doing it without government assistance. The absence of
action by this body, both here in this committee and the
Judiciary, has led to a problem that can only be resolved by
action.
There are products today which through great effort and
expense deal with spam somewhat, but they are not available to
the common user nor are they likely to be. Products with anti-
spam agents, such as surf control, do a very effective job of
getting rid of 97, 98, perhaps even 99 percent both of sites
that would be offensive and of unwanted e-mail. However, to do
this they have to add digital signatures on a daily basis to
each and every spam site. This, of course, means that the
spammers are working ever harder to try to get ahead of
organizations like this, and the cost of doing this continues
to rise.
There is no question that this body has the ability to
enact digital signatures. We certainly took a lead when we put
in the V-chip technology some years ago in order to categorize
information. Other suggestions to help deal with this problem
include, if you will, sort of a Good Housekeeping seal or a
positive enforcement of somebody who in fact agrees not to be a
spammer and is checked on that basis.
Many of the pieces of legislation that we will be
considering in the days to come attempt to deal with a portion
of this product. I am convinced that no one bill has all the
answers, that in fact both here at this hearing today and in
working with industry and in combining the best features of
multiple bills will be the only way that we will succeed in
providing the leadership that the government has in harmony
with commerce in the private sector. With that, I yield back
the balance of my time.
Mr. Stearns. Thank the gentleman. Mr. Davis? Oh, that is
right, you passed. She is not here, Ms. McCarthy. Ms. Eshoo,
yes.
Ms. Eshoo. Thank you, Mr. Chairman, and to Chairman Upton
and Chairman Tauzin for holding what I think is really one of
the more important hearings that we could be having on an issue
that is affecting far too many people in this country. And I
know that this is going to be a worthwhile hearing given the
distinguished panel that is here, including Mr. Hirschman of
Digital Impact. The company is in the city of San Mateo which
is just outside my congressional district, but I think many of
your employees are my constituents, so a special welcome to you
here today.
We have to get this right. If we don't, the American people
are going to come right back to us. This is not something that
is fuzzy or blurred. This is an interruption in their lives
every single day. They pay for a service and someone else plays
with it and jams their in-boxes. And so we have the
responsibility to be very clear in terms of legislation that
what we do will be effective and it will be effective because
it will be enforced. And most frankly, if we miss the mark on
this, I know that we will be asked to come back to square one,
because there are too many that are being affected by this.
And the numbers are really staggering. According to E-
Marketer, 76 billion spam e-mails will be delivered this year.
Fifty percent of kids have received e-mails containing
pornographic or sexually explicit information. That is a lot. I
mean 50 percent is a lot. And U.S. businesses will spend close
to $10 billion to fight spam this year. And marketers are
brazenly claiming, and they did this just last week, that the
success of the do not call list will drive them to send even
more spam, costing U.S. business and consumers even more. So,
clearly, it is an issue that we have to address. And why would
they do that? Because, obviously, they have been chased away
from using one medium, and it is far cheaper, by the way, to do
e-mails, to do spam. It is just pennies per thousand.
So I am pleased to be a co-sponsor of the Wilson-Green
bill. I think, No. 1, it is important to have many ideas
introduced in the Congress, but I think that this is the bill
that really comes the closest to resolving things in an
effective and very clear way for the people that we represent.
I think if the House had passed their bills in either of the
previous two Congresses, we wouldn't be facing the spam
epidemic that we have today.
So I look forward to questioning the witnesses on the
differences between the bills that are under consideration and
by my friends, Mr. Burr and Mr. Tauzin. What I am confident of
is that I think we can work to iron out the differences. We
need your considered opinions today, and that is why hearings
are so important here. And I also think that obviously that
strong enforcement language is ultimately going to have to
carry the day, because if something doesn't have teeth in it,
then most frankly it is pretty language but not really worth
much than the paper that it is written on.
So welcome to all the witnesses, and thank you to all of
the chairmen for having this hearing today. I think it is one
of the more important ones that we can have, because I think
that this year, not next year but this year, in this Congress
we should pass stringent spam legislation. Thank you, Mr.
Chairman.
Mr. Stearns. Mr. Ferguson is recognized.
Mr. Ferguson. Thank you, Mr. Chairman. I want to thank you,
Mr. Chairman for holding this hearing. It is about a matter
that faces all of us who use the Internet and all of us who
rely on e-mail as an important and a viable form of
communication.
Spam isn't only a nuisance, it is a serious threat to the
feasibility of the Internet and to children who potentially can
be bombarded by graphic images that their parents or anyone in
a responsible position would not them to see. The prolific
emergence of spam on the Internet is alarming. The estimates
range up to 60 percent of all e-mail traffic is unsolicited
commercial e-mail, or spam. Forms of this unsolicited e-mail
can vary from advertisements for products to fraudulent scams
to pornography. Now, my wife and I have three young kids. They
are not Internet users yet, but I hope that they will be
someday soon. But I will tell you, I have real serious concerns
about them using the Internet and using e-mail if they are
going to be subjected to the same sort of bombardment of
messages that I know I am and others like me are subjected to.
We have to protect e-mail users against the proliferation
of fraud over spam. We have to punish those who invade our e-
mail use and people who use misleading header and routing
information and those who want to falsify their identify. In
short, I believe that we have to do everything we can to curb
the overwhelming bombardment that spam has unleased on our in-
boxes.
Mr. Chairman, again, I want to thank you for having this
hearing, and I look forward to the testimony of our panelists
and to hear their suggestions how we can come up with a
solution to this growing problem. I yield back.
Mr. Stearns. The gentlelady, Ms. McCarthy?
Ms. McCarthy. Mr. Chairman, thank you very much for this
important hearing, and I thank the witnesses too for taking
time to come before us and share their wisdom on this important
issue. I served in the Missouri State legislature for 18 years
before coming to Congress and was very active in the National
Conference of State Legislatures, and so I want to assure the
panelists and the experts here today and you, Mr. Chairman,
that, yes, there is a Federal rule and it is very important
nationally and internationally for us to become wise to do what
we can to help consumers with this problem, but also have to be
in partnership with the State attorney generals who are out
there struggling State by State right now trying to put in
place something that will work at the State level. And so as we
go forward with our legislation, let us also hear from those
who have been working with the States so that we are in tandem
with what State attorney generals are attempting.
We almost passed a bill successfully in the Missouri
legislature this past session, but Microsoft came in and killed
it because we will find out why perhaps later today or in the
course of our journey, but in any event, Mr. Chairman, this is
a very, very important issue, and I am so very grateful to you
for having this hearing, and I am grateful to each and every
one of you for coming and enlightening us and making us wiser
so that we can act in the best interest of the people. Thank
you.
Mr. Stearns. Thank the gentlelady.
Ms. McCarthy. Yield back.
Mr. Stearns. And author of the bill, 2214, Mr. Burr.
Mr. Burr. Thank you, Mr. Chairman. I would like to thank
all of my colleagues on the committee for what I think has been
a very thoughtful opening statement process so far. Mr.
Chairman, we have a very difficult balance to reach. The
difficult balance is to make sure we produce a piece of
legislation that makes it through the House of Representatives
and to accomplish that we have to work with our colleagues in
the Judiciary Committee who have not been in the past as open
to move legislation, legislation that potentially went too far.
I am proud to say that we have worked with them very closely.
They have been tremendous partners, as have Mr. Dingell and
many on the minority side as we have tried to negotiate closer
on some issues. I am not sure if we can get to closure on all
of them, but we are 98 percent of the way there, and I think it
explains just how difficult some of the things that we are
trying to accomplish are. We don't want this to face a
constitutional test down the road on this issue or that issue.
I think there is one thing that we can all agree on. One,
we would all like to get the discount airfare offers, we would
like to get the discount hotel offers. We never know when they
are going to be advantageous to us. We would all like to get
rid of the pornography that comes in. And the fact is that
those that want to get around what we designed will do it. They
are going to find a way to do it. So don't one of us walk away
from here and believe that we can create a trap that eliminates
all of it, because the only way to do that is to flip the power
switch on the back of the computer.
The industry has spent a tremendous amount of money, and
they deserve a lot of credit for what they have done to try to
filter, but when you have got individuals that intend on
getting from point A to point B regardless of how they get
there, trust me, at some point they are going to get there. So
I think that there is a certain amount that we have to accept
that we can't stop. And there is a certain amount that we want
to protect that can get there. That is the difficult balance.
I don't perfect to be an expert on this. That is why you
folks are here today, and I commend for your willingness. By
the same standpoint, I agree with Ms. Eshoo. She has been a
good friend, and we have a big responsibility, and we have to
get it as close to right as we possibly can. I have worked on a
lot of legislation in 9 years. I can't say that I have ever
done anything here that is perfect. This will not be perfect.
But I also want to make sure that when we complete this process
that the House passes a bill this time. And I would urge all of
my colleagues to understand that we have other partners, many
in the Judiciary Committee, ultimately on the House floor that
we have to pass the test with if in fact we want this bill to
have a chance to become law. What the American people want is
legislation that is signed into law and not something that is
just moved through committee and then dies a quick death.
Mr. Chairman, I thank you, Chairman Upton, Chairman Tauzin,
Mr. Dingell, and I encourage all of the members of the
committee to listen extremely carefully to the answers by these
witnesses today. I thank you, Mr. Chairman.
Mr. Stearns. Thank the gentleman. The gentlelady from
California, Ms. Solis.
Ms. Solis. Thank you, Chairman Upton. I would like to also
thank the witnesses for being here, and I would like to request
unanimous consent to submit my statement for the record.
Mr. Stearns. And by unanimous consent, so ordered.
Ms. Solis. And just like to briefly raise a point. In our
State of California, we have been very aggressive on this issue
of spam, and our Attorney General Lockeer there set up some
different provisions and actually went out and filed a first
lawsuit in L.A. County. He has also been criticized because we
haven't gone far enough. So, certainly, the State solutions
that are being offered I think in 30 States probably isn't
enough, and we do need to find a Federal solution, so I hope
today in listening to the comments that we hear from all of you
that we will come up with some genuine ability to start looking
at how we can address this issue. So thank you, Mr. Chairman.
Mr. Stearns. I thank the gentlelady.
Ms. Cubin?
Ms. Cubin. Thank you, Mr. Chairman. I don't have much to
say about the subject that hasn't been said by other members,
but I would like to share an excerpt of an e-mail that I
received from a constituent that I think typifies the problem
that people are facing all across the country. Jeannie Wright
from Douglas, Wyoming wrote to me, ``Dear Representative Cubin,
I am writing in support of the idea to stop the ocean of
pornographic e-mail. At my work address, I receive
approximately 30 such messages per week. Having never been a
viewer of pornography, you can imagine my disgust at receiving
messages in which explicit photos automatically appear. You
don't have to click on anything, they just appear on the
screen. For instance, last week, my daughter and a client were
in my office when a photo of a sexual act appeared on my screen
as I was searching for a work-related message I had been
expecting. How very embarrassing for me and the client and what
a lot to try to explain to my 8-year-old daughter, not to
mention my boss. These messages make me feel like a victim.
Nasty people I do not know and to which I cannot respond
are sending me sexually explicit garbage at the place of my
work. Many of the messages offer you a link to unsubscribe.
Only about 5 percent of those links are legitimate. The rest do
not exist. When I try responding to the e-mail messages, those
addresses cannot be found, and the e-mail comes back to me.
There is no identifying information on these messages, so I
can't even call a phone number and demand that it be stopped. I
am afraid to log onto the web sites suggested by the e-mails
for fear I will appear on another spam list and receive even
more. For now, my only answer is to continue receiving these
messages.''
This is clearly a troubling situation, and the Congress has
been called upon to act. Making hardworking, taxpaying, law
abiding moms and dads explain the smut that appears on their
computers to their children and their colleagues should not and
cannot be tolerated. Mrs. Wright, like many who have contacted
their representatives, ought not feel like they are victims.
Instead we need to empower Americans to stop the madness.
Giving folks the tools to stop the onslaught on the in-boxes is
the right thing to do. We already have enacted a national do
not call registry, and the same principles of consumer
empowerment are incorporated into these anti-spam bills.
Additionally, I intent to extend these principles to
unsolicited faxes by introducing legislation to update the law
to require more information and clear opt-out instructions for
recipients of junk faxes. I look forward to hearing our
witnesses, and I thank you for your patience and your time
waiting for us today. I yield back.
Mr. Stearns. Thank the gentlelady. Mr. Engel, the gentleman
from New York.
Mr. Engel. Well, thank you, Mr. Chairman. I want to start
by expressing a bit of frustration that we find ourselves here
again. Obviously, this is not a new issue; in fact, as Ms.
Wilson pointed out, in the 106th Congress the House passed a
version of the Wilson-Green bill of which I am proud to be a
co-sponsor, and this committee passed the Wilson-Green bill in
the 107th. The only difference today is the sheer volume of
unsolicited commercial e-mail, or spam, that exists. It is a
staggering 9.3 billion messages per day.
I just wanted to point out three parts of the Wilson-Green
bill that make it a better bill than the others. First are the
enforcement provisions for State attorneys general. Simply put,
the Wilson-Green bill allows them to do their jobs. Provisions
of the Rid Spam Act basically mean the attorney general of New
York, my home State, would never pursue such a case. Why?
Because of the $1 million cap. The fact is New York is a much
more expensive place to live and work. Such a restriction
especially in these difficult financial times with the States
would make pursuing such litigation a poor use of taxpayer
dollars.
The Wilson-Green bill also gives the ISPs greater power to
pursue the culprits who are degrading their networks. We all
know this is not like the U.S. postal system where direct
marketers pay for the use of the system. This is in fact the
opposite. A spammer can send thousands of messages for pennies.
The true cost is borne by the companies that maintain the
network infrastructure, from the telephone and cable lines the
data travels on, to the computers that the e-mails land in. The
ISPs are being hurt, and we have an obligation to update our
Nation's laws to provide them with tools to protect their
investment.
A second issue is one of fairness to the consumer. When a
consumer opens a bank account at Citibank, Citibank can share
that person's information with its affiliates, such as its
credit card system, to market to that person. It is not too
much that if that person, one of our constituents and a client
at that bank, indicates to Citibank a desire not to receive
unsolicited commercial e-mails, that Citibank puts that into
the information it shares with its affiliates. And thus the do
no spam request follows through.
Finally, the last thing I will mention, and it is not a
small issue, as my colleagues have also mentioned, is the
sexually explicit e-mails. They are obviously disgusting and my
constituents are fed up with them. Wilson-Green adopts the
tried and tested and proven approach of the postal system, a
blank e-mail with just a link similar to how it goes through
the postal system. The Rid Spam Act only requires an indication
that sexually explicit material is part of the e-mail, but the
e-mail could include sexually graphic pictures. That is simply
not good enough.
I regret that we still find ourselves debating this issue.
I deeply regret that instead of easily passing such an
important bill we are now devolving into two camps. This is a
very troubling development. It is my fervent hope that we will
work--the chairman will work with Mrs. Wilson, Mr. Green and
Mr. Dingell to find common ground and move a bill
expeditiously. And I yield back and I thank you.
Mr. Stearns. I thank the gentleman, and I believe the
gentleman from New Hampshire is going to forego his opening
statement, so with great expectation we bring up the panel. Mr.
Howard Beales, Director, Bureau of Consumer Protection, the
Federal Trade Commission; Mr. Charles Betty, president and CEO
of Earthlink; Mr. Charles Curran, assistant general counsel,
America Online; Mr. Ira Rubinstein, associate general counsel,
Microsoft Corporation; Mr. Paul Misener, vice president for
Global Policy, Public Policy, Amazon.com; Mr. Kenneth
Hirschman, vice president and general counsel, Digital Impact;
Ms. Paula Selis, senior counsel, Washington State Attorney
General; and Mr. Christopher Murray, legislative counsel,
Consumer Union. Welcome, all of you, and we will just start
with Mr. Beales, from my left to my right.
STATEMENTS OF J. HOWARD BEALES III, DIRECTOR, BUREAU OF
CONSUMER PROTECTION, FEDERAL TRADE COMMISSION; CHARLES GARRY
BETTY, PRESIDENT AND CEO, EARTHLINK; CHARLES CURRAN, ASSISTANT
GENERAL COUNSEL, AMERICA ONLINE; IRA RUBINSTEIN, ASSOCIATE
GENERAL COUNSEL, MICROSOFT CORPORATION; PAUL MISENER, VICE
PRESIDENT FOR GLOBAL POLICY, PUBLIC POLICY, AMAZON.COM; KENNETH
HIRSCHMAN, VICE PRESIDENT AND GENERAL COUNSEL, DIGITAL IMPACT;
PAULA SELIS, SENIOR COUNSEL, WASHINGTON STATE ATTORNEY GENERAL;
AND CHRISTOPHER MURRAY, LEGISLATIVE COUNSEL, CONSUMER UNION
Mr. Beales. Thank you, Mr. Chairman and members of the
subcommittee. I am pleased to be here today to discuss the
challenges presented by bulk, unsolicited commercial e-mail,
better known as spam. Protecting consumers' privacy has become
a principal focus of the FTC. Consumers are concerned about
their privacy, including unwanted intrusions into their daily
lives. Spam is one of the biggest such intrusions. Everyone
enjoys reading the e-mail they want, whether messages are from
friends or news about a sale at your favorite store. Today,
though, our in-boxes are clogged with unwanted, objectionable
and fraudulent messages. Spam is threatening to destroy the
benefits of e-mail.
Two factors make spam different from other forms of
marketing. One is that unlike telemarketing or direct mail with
e-mail it is very easy to hide one's identity or to cross
international borders. E-mail can be sent from anywhere to
anyone in the world without the recipient knowing who sent it.
The cost structure of e-mail is another difference between spam
and other forms of marketing. Sending additional spam costs the
spammer little or nothing. Instead, recipients and Internet
service providers bear most of the costs.
The problems caused by spam go well beyond the annoyance it
causes to the public. These problems include the fraudulent and
deceptive content of most spam messages, the sheer volume of
spam being sent across the Internet and the security issues
raised because spam can be used to disrupt service or as a
vehicle for spreading viruses. In February of 2002, we
announced the FTC's first systematic crackdown on deceptive
spam. Since then we have tackled spam on three fronts: Law
enforcement, education and research. To date, we have announced
54 law enforcement actions targeting deceptive spam, and the
staff continues to investigate and prepare new cases. Among
other unfair and deceptive practices, we have challenged
spoofing, the practice of forging the from line in an e-mail to
make it appear that the e-mail was sent from an innocent third
party. We challenged that as an unfair practice. We have also
challenged deceptive subject line information, false remove-me
representations, false representations that a service could
stop spam from other sources, false claims that buying a
spamming business opportunity could make you rich.
The Commission has also been active in business and
consumer education efforts and with its research efforts. As
you know, we recently conducted a 3-day spam forum to explore
and encourage progress toward potential solutions to the
detrimental effects of spam. The consensus of all participants
in the workshop was that a solution to the spam problem is
critically important but cannot be found overnight. There is no
quick or simple silver bullet; rather, solutions must be
pursued from many different directions: Technological, legal
and consumer action.
Right before the forum we announced the FTC spam study.
Only 16.5 percent of the spam we analyzed advertised a
legitimate product in a legitimate manner; that is, without
clear indicia of falsity. We also conducted the remove-me surf
to examine removal representations in spam. Contrary to the
belief that responding to spam guaranteed that you would
receive more of it, 63 percent of the removal links and
addresses in our sample simply did not function. Additionally,
in our spam harvest, we examined how computer harvesting
programs pick up consumers' publicly posted e-mail addresses
leading to, you guessed it, more spam.
We have used our research findings to develop informative,
high impact materials to educate consumers and businesses on
spam. Our spam web site has a wealth of information about how
to avoid spam in the first instance and what to do if you
receive it. There is no single cure for spam. Instead, a
balanced blend of technological fixes, business and consumer
education, legislation and enforcement will be required.
Today's focus, obviously, is on legislation. There are
three issues that any spam legislation must confront to
effectively deal with the spam problem. First, legislation must
address how to find the person sending the spam messages.
Although technological changes will most effectively deal with
this issue, we have proposed several procedural legislative
changes that can provide some assistance in our law enforcement
investigations. Second, legislation must deal with how to
punish the person sending the spam messages. Civil penalties
and possibly criminal sanctions would help address this issue.
Finally, legislation must determine what standards will govern
non-deceptive, unsolicited commercial e-mail. These standards
should include clear identification of the sender of a message
and empower consumers to end the flow of messages that they do
not wish to receive.
Our written testimony and our earlier reauthorization
testimony set forth specific legislative changes that we would
welcome along with several important principles that potential
spam legislation should consider. E-mail provides enormous
benefits to consumers and businesses as a communication tool.
The increasing volume of spam coupled with its widespread use
as a means to perpetrate fraud and deception put these benefits
at serious risk. We look forward to continuing our research,
education and law enforcement efforts to protect consumers and
businesses from the onslaught of unwanted messages. We
appreciate the opportunity to describe our efforts, and I look
forward to your questions.
[The prepared statement of J. Howard Beales III follows:]
Prepared Statement of J. Howard Beales III, Director, Bureau of
Consumer Protection, Federal Trade Commission
Mr. Chairman, the Federal Trade Commission appreciates this
opportunity to provide information to the Committee on the agency's
efforts to address the problems that result from bulk unsolicited
commercial email (``spam''). This statement discusses the Commission's
law enforcement efforts against spam, describes our efforts to educate
consumers and businesses about the problem of spam, and focuses
particularly on the Commission's recent Spam Forum and several studies
on the subject that the Commission's staff has undertaken in recent
months. It also discusses legislative ideas to enhance the Commission's
effectiveness in fighting spam.1
---------------------------------------------------------------------------
\1\ The views expressed in this statement represent the views of
the Commission. My oral statements and responses to any questions you
may have represent my own views, and not necessarily the views of the
Commission or any other Commissioner.
---------------------------------------------------------------------------
As the federal government's principal consumer protection agency,
the FTC's mission is to promote the efficient functioning of the
marketplace by acting against unfair or deceptive acts or practices and
increasing consumer choice by promoting vigorous competition. To
fulfill this mission, the Commission enforces the Federal Trade
Commission Act, which prohibits unfair methods of competition and
unfair or deceptive acts or practices in or affecting
commerce.2 Online commerce, including unsolicited commercial
email, falls within the scope of this statutory mandate.
---------------------------------------------------------------------------
\2\ The FTC has limited or no jurisdiction over specified types of
entities and activities. These include banks, savings associations, and
federal credit unions; regulated common carriers; air carriers; non-
retail sales of livestock and meat products under the Packers and
Stockyards Act; certain activities of nonprofit corporations; and the
business of insurance. See, e.g., 15 U.S.C. Sec. Sec. 44, 45, 46 (FTC
Act); 15 U.S.C. Sec. 21 (Clayton Act); 7 U.S.C. Sec. 227 (Packers and
Stockyards Act); 15 U.S.C. Sec. Sec. 1011 et seq. (McCarran-Ferguson
Act).
---------------------------------------------------------------------------
The problems caused by unsolicited commercial email go well beyond
the annoyance spam causes to the public. Indeed, these problems include
the fraudulent and deceptive content of most spam messages, the
offensive content of many spam messages, the sheer volume of spam being
sent across the Internet, and the security issues raised because spam
can be used to disrupt service or as a vehicle for sending viruses.
FTC SPAM FORUM
Building upon our research, education, and law enforcement efforts,
the FTC held a three-day public forum from April 30 to May 2, 2003 on
spam email. This was a wide-ranging public examination of spam from all
viewpoints. The Commission convened this event for two principal
reasons. First, spam is frequently discussed, but facts about how it
works, its origins, what incentives drive it, and so on, are not widely
known. The Commission anticipated that the Forum would generate an
exchange of useful information about spam to help inform the public
policy debate. This could help the Commission determine what it might
do to more effectively fulfill our consumer protection mission in this
area. Second, the Commission sought to act as a potential catalyst for
solutions to the spam problem. Through the Forum, the Commission
brought to the table representatives from as many sides of the issue as
possible to explore and encourage progress toward potential solutions
to the detrimental effects of spam.
Virtually all of the panelists at the Commission's recent Spam
Forum opined that the volume of unsolicited email is increasing
exponentially and that we are at a ``tipping point,'' requiring some
action to avert deep erosion of public confidence that could hinder, or
even destroy, email as a tool for communication and online commerce. In
other words, as some have expressed it, spam is ``killing the killer
app.'' The consensus of all participants in the workshop was that a
solution to the spam problem is critically important, but cannot be
found overnight. There is no quick or simple ``silver bullet.'' Rather,
solutions must be pursued from many directions--technological, legal,
and consumer action. The Forum explored and helped to suggest paths to
follow toward solving the spam problems. Such solutions will depend on
cooperative efforts between government and the private sector.
LAW ENFORCEMENT
The Forum is only the most recent example of the FTC's role as
convener, facilitator, and catalyst to encourage that activity. But the
Commission also plays another important role--that of law enforcer. For
example, the Commission has pursued a vigorous law enforcement program
against deceptive spam, and to date has brought 54 cases in which spam
was an integral element of the alleged overall deceptive or unfair
practice. Most of those cases focused on the deceptive content of the
spam message, alleging that the various defendants violated Section 5
of the FTC Act through misrepresentations in the body of the
message.3 More recently, the Commission has expanded the
scope of its allegations to encompass not just the content of the spam
but also the manner in which the spam is sent. Thus, FTC v. G. M.
Funding 4 and FTC v. Brian Westby 5 allege (1)
that email ``spoofing'' is an unfair practice,6 and (2) that
failure to honor a ``remove me'' representation is a deceptive
practice. In each of these cases, the defendants' email removal
mechanisms did not work and consumers' emailed attempts to remove
themselves from defendants' distribution lists were returned as
undeliverable.
---------------------------------------------------------------------------
\3\ E.g., FTC v. 30 Minute Mortgage, Inc., No. 03-60021 (S.D. Fla.
filed Jan. 9, 2003)
\4\ No. SACV 02-1026 DOC (C.D. Cal. filed Nov. 2002)
\5\ No. 032-3030 (N.D. Ill. filed Apr. 15, 2003).
\6\ ``Spoofing'' involves forging the ``from'' or ``reply to''
lines in an email to make it appear that the email was sent from an
innocent third-party. The third party then receives bounced-back
undeliverable messages and angry ``do not spam me'' complaints.
---------------------------------------------------------------------------
Westby is also the first FTC case to allege that a misleading
subject line is deceptive because it tricks consumers into opening
messages they otherwise would not open. In other cases, the Commission
has alleged that the defendants falsely represented that subscribing to
defendants' service could stop spam from other sources 7 or
that purchasers of a spamming business opportunity could make
substantial profits.8 Accordingly, these law enforcement
actions demonstrate that the Commission has attacked and will continue
to attack deception and unfairness in every aspect of spam.
---------------------------------------------------------------------------
\7\ FTC v. NetSource One, No. 022-3077 (W.D. Ky. filed Nov. 2,
2002).
\8\ FTC v. Cyber Data, No. CV 02-2120 LKK (E.D. Cal. filed Oct.
2002); FTC v. Internet Specialists, No. 302 CV 01722 RNC (D.Conn. filed
Oct. 2002)
---------------------------------------------------------------------------
In May 2003, the FTC joined the Securities and Exchange Commission,
United States Postal Inspection Service, three United States Attorneys,
four state attorneys general, and two state regulatory agencies to file
45 criminal and civil law enforcement actions against Internet
scams.9 As part of this sweep, the FTC brought five federal
court actions alleging the deceptive use of spam. In one case, the
defendants allegedly used spam with deceptive representations that the
email came from well-known entities, such as Hotmail or MSN, to market
a ``100% Legal and Legitimate'' work-at-home opportunity. Although the
spam promised consumers they could earn as much as $1,500 a week
stuffing envelopes supplied by the defendants, consumers ended up
paying $50 for a set of instructions on how to market a deceptive
credit-repair manual.10 In another case, the defendant
allegedly used spam to make false and deceptive income claims for a
chain-letter scheme dubbed ``Instant Internet Empire.'' 11 A
third complaint alleged that defendants used deceptive spam to market
an advance-fee credit card scam.12 In each of these cases,
the FTC was able to obtain preliminary injunctive relief and to shut
down the operations.13
---------------------------------------------------------------------------
\9\ FTC Press Release, Law Enforcement Posse Tackles Internet
Scammers, Deceptive Spammers (May 15, 2003), available at .
\10\ FTC v. Patrick Cella et al., No. CV-03-3202 (C.D. Cal.)
(complaint filed May 7, 2003), available at .
\11\ FTC v. K4 Global Publishing, Inc. et al., No. 5:03-CV0140-3
(M.D. Ga.) (complaint filed May 7, 2003), available at .
\12\ FTC v. Clickformail.com, Inc., No. 03-C-3033 (N.D. Ill.)
(complaint filed May 7, 2003), available at .
\13\ In the other two cases, the FTC filed stipulated final orders
prohibiting future participation in email chain letters. FTC v. Evans,
No. 4:03CV178 (E.D. Tex.) (complaint and stipulated final judgment
filed May 9, 2003); FTC v. Benson, No. 03CV0951 (N.D. Tex.) (complaint
and stipulated final judgment filed May 6, 2003). Both are available at
.
---------------------------------------------------------------------------
In addition to the law enforcement actions, in this sweep, the FTC
and 17 other federal and state consumer protection and law enforcement
agencies initiated an effort to reduce deceptive spam by urging
organizations to close ``open relays.'' 14 Fifty law
enforcers from 17 agencies identified 1,000 potential open relays, 90
percent of which were in 16 countries: U.S., China, Korea, Japan,
Italy, Poland, Brazil, Germany, Taiwan, Mexico, Great Britain, Chile,
France, Argentina, India, Spain, and Canada. The agencies drafted a
letter, translated into 11 languages and signed by 14 different U.S.
and international agencies, urging the organizations to close their
open relays to help reduce spam.
---------------------------------------------------------------------------
\14\ An open relay is an email server that is configured to accept
and transfer email on behalf of any user anywhere, including unrelated
third parties, which allows spammers to route their email through
servers of other organizations, disguising the origin of the email. An
open proxy is a mis-configured proxy server through which an
unauthorized user can connect to the Internet. Spammers use open
proxies to send spam from the computer network's ISP or to find an open
relay. See FTC Facts for Business, Open Relays--Close the Door on Spam
(May 2003), available at 15
criminal prosecution may well be appropriate for the most egregious
conduct. The FTC and its partners in criminal law enforcement agencies
continue to work to assess existing barriers to successful criminal
prosecutions. The FTC will explore whether increased coordination and
cooperation with criminal authorities would be helpful in stopping the
worst actors.
---------------------------------------------------------------------------
\15\ See, e.g., United States v. Barrero, Crim. No. 03-30102-01 DRH
(S.D. Ill. 2003) (guilty plea entered May 12, 2003). Like the related
case, FTC v. Stuffingforcash.com Corp., Civ. Action No. 02 C 5022 (N.D.
Ill. Jan. 30, 2003), the allegations in this criminal prosecution were
based on fraud in the seller's underlying business transaction.
---------------------------------------------------------------------------
Improved technological tools will be an essential part of any
solution as well. A great deal of spam is virtually untraceable, and an
increasing amount crosses international boundaries. Panelists estimated
that from 50 percent to 90 percent of email is untraceable, either
because it contains falsified routing information or because it comes
through open relays or open proxies.16 Because so much spam
is untraceable, technological development will be an important element
in solving spam problems. To this end, the FTC will continue to
encourage industry to meet this challenge.
---------------------------------------------------------------------------
\16\ Brightmail recently estimated that 90% of the email that it
analyzed was untraceable. Two panelists at the Commission's Spam Forum
estimated that 40% to 50% of the email it analyzed came through open
relays or open proxies, making it virtually impossible to trace. Even
when spam cannot be traced technologically, however, enforcement is
possible. In some cases, the FTC has followed the money trail to pursue
sellers who use spam. The process is resource intensive, frequently
requiring a series of ten or more CIDs to identify and locate the
seller in the real world. Moreover, the seller and the spammer often
are different entities. In numerous instances, FTC staff cannot
initially identify or locate the spammer and can only identify and
locate the seller. In many of those cases, in the course of prosecuting
the seller, staff has, through discovery, sought information about the
spammer who actually sent the messages. This, too, involves resource-
intensive discovery efforts.
---------------------------------------------------------------------------
Action by consumers and businesses who may receive spam will be a
crucial part of any solution to the problems caused by spam. A key
component of the FTC's efforts against spam is educating consumers and
businesses about the steps they can take to decrease the amount of spam
they receive. The FTC's educational materials provide guidance on how
to decrease the chances of having an email address harvested and used
for spam, and suggest several other steps to decrease the amount of
spam an address may receive. The FTC's educational materials on spam
are available on the FTC website.17
---------------------------------------------------------------------------
\17\ See
---------------------------------------------------------------------------
Finally, several initiatives for reducing the overwhelming volume
of spam were discussed at the FTC's Spam Forum. At this point,
questions remain about the feasibility and likely effectiveness of
these initiatives. The FTC intends to continue its active role as
catalyst and monitor of technological innovation and business
approaches to addressing spam.
LEGISLATION TO ENHANCE THE FTC'S EFFECTIVENESS TO FIGHT FRAUDULENT SPAM
Effective spam legislation must address the following three issues:
First, legislation must address how to find the person sending the spam
messages. Although we believe that technological changes will most
effectively resolve this issue, we have proposed several procedural
legislative changes that can provide some assistance in our law
enforcement investigations. Second, legislation must deal with how to
deter the person sending the spam messages. As discussed below, the
Commission believes that civil penalties, and possibly criminal
sanctions, would help address this issue. Finally, legislation must
determine what standards will govern non-deceptive, unsolicited
commercial email. The Commission believes that the appropriate
standards would include clear identification of the sender of a message
and by empowering consumers to end the flow of messages that they do
not wish to receive.
It would be useful to have additional legislative authority,
addressing both procedural and substantive issues, that would enhance
the agency's effectiveness in fighting fraud and deception. The
procedural legislative proposals would improve the FTC's ability to
investigate possible spam targets, and the substantive legislative
proposals would improve the agency's ability to sue these targets
successfully, including increased penalties for violations.
Procedural Proposals
The FTC's law enforcement experience shows that the path from a
fraudulent spammer to a consumer's in-box frequently crosses at least
one international border and often several. Thus, fraudulent spam
exemplifies the growing problem of cross-border fraud. Two of the
provisions in the Commission's proposed cross-border fraud legislation,
discussed at the recent reauthorization testimony, would be
particularly helpful to enable the FTC to investigate deceptive
spammers more effectively and work better with international law
enforcement partners.
First, the Commission has asked Congress to amend the FTC Act to
allow FTC attorneys to seek a court order requiring a recipient of a
Civil Investigative Demand (``CID'') to maintain the confidentiality of
the CID for a limited period of time. Several third parties have told
us that they will provide notice to the target before they will share
information with us, sometimes because they believe notice may be
required and sometimes even if such notice clearly is not required by
law.
Second, the Commission asked Congress to amend the FTC Act so that
FTC attorneys may seek a court order temporarily delaying notice to an
investigative target of a CID issued to a third party in specified
circumstances. Currently, the Right to Financial Privacy Act (``RFPA'')
and the Electronic Communications Privacy Act (``ECPA'') require such
notice.
The FTC's experience is that fraud targets often destroy documents
or hide assets when they receive notice of FTC investigations. Although
the RFPA and ECPA provide a mechanism for delaying notice, the FTC's
ability to investigate would be improved by tailoring the bases for a
court-ordered delay more specifically to the types of difficulties the
FTC encounters, such as transfers of assets offshore. In addition, it
is unclear whether FTC attorneys can file such applications, or whether
the Commission must seek the assistance of the Department of Justice.
Explicit authority for the FTC, by its own attorneys, to file such
applications would streamline the agency's investigations of purveyors
of fraud on the Internet, ensuring that the agency can rapidly pursue
investigative leads.
Other legislative proposals would enhance the FTC's ability to
track deceptive spammers. First, we request that the ECPA be clarified
to allow the FTC to obtain complaints received by an ISP regarding a
subscriber. Frequently, spam recipients complain first to their ISPs,
and access to the information in those complaints would help the agency
to determine the nature and scope of the spammer's potential law
violations, as well as lead the agency to potential witnesses.
Second, we request that the scope of the ECPA be clarified so that
a hacker or a spammer who has hijacked a bona fide customer's email
account is deemed a mere unauthorized user of the account, not a
``customer'' entitled to the protections afforded by the statute.
Because of the lack of a statutory definition for the term
``customer,'' the current statutory language may cover hackers or
spammers. Such a reading of the ECPA would permit the FTC to obtain
only limited information about a hacker or spammer targeted in an
investigation. Clarification to eliminate such a reading would be very
helpful.
Third, we request that the ECPA be amended to include the term
``discovery subpoena'' in the language of 18 U.S.C. Sec. 2703. This
change is particularly important because a district court has ruled
that the FTC staff cannot obtain information under the ECPA from ISPs
during the discovery phase of a case, which limits the agency's ability
to investigate spammers.18
---------------------------------------------------------------------------
\18\ See FTC v. Netscape Comm. Corp., 196 F.R.D. 559 (N.D. Cal.
2000).
---------------------------------------------------------------------------
Substantive Proposals
Substantive legislative changes also could aid in the FTC's law
enforcement efforts against spam. Although Section 5 of the FTC Act
provides a firm footing for spam prosecutions, additional law
enforcement tools could make more explicit the boundaries of legal and
illegal conduct, and they could enhance the sanctions that the agency
can impose on violators. As the Commission recently testified at its
Reauthorization hearing before this Committee, the Telemarketing and
Consumer Fraud and Abuse Prevention Act (``TCFAPA''), 15 U.S.C.
Sec. Sec. 6101-6108, provides a model for addressing unsolicited
commercial e-mail. Amendments to the TCFAPA would authorize the FTC to
adopt rules addressing deceptive and abusive 19 practices
with respect to the sending of unsolicited commercial e-mail.
Approaching spam through this statutory model would provide the market
with direction, but would do so within a framework that could change as
the problems evolve. Regardless of the statutory approach taken,
however, the Commission believes that the following elements are
important.
---------------------------------------------------------------------------
\19\ The FTC has determined, in the Statement of Basis and Purpose
for the Amended TSR, that the undefined term ``abusive'' used in the
legislation authorizing that Rule will be interpreted to encompass
``unfairness.'' 68 Fed. Reg. 4580, 4614 (2003).
---------------------------------------------------------------------------
First, any legislation should give the FTC some authority via
rulemaking to address deceptive practices relating to spam. Agency
rules could be adapted to new changes in technology without hindering
technological innovation, thus providing the market with direction, but
doing so within a framework that could change as the problems evolve.
Whether addressed through the legislation itself or through rulemaking,
unlawful practices that should be prohibited include: using false
header or routing information; using false representations in the
``subject'' line; using false claims that an unsolicited commercial
email message was solicited; using false representations that an opt-
out request will be honored; sending any recipient a commercial email
message after such recipient has requested not to receive such
commercial email messages; failing to provide a reasonable means to
``opt out'' of receiving future email messages; and sending commercial
email to an address obtained through harvesting or a dictionary attack.
Morever, any statute also should prohibit assisting and facilitating
any of the above, i.e., providing substantial assistance to another
party engaged in any violation knowing or consciously avoiding knowing
that such party is engaged in such violation.
Second, any legislation should embody the same standard of
liability that is embodied in Section 5 of the FTC Act, without a
general requirement to show intent or knowledge. Imposition of intent
or knowledge requirements as a precondition of liability would actually
make the FTC's ability to enforce the specific anti-spam statute more
restrictive than the agency's existing authority under Section 5 to
attack spam and would unnecessarily complicate enforcement.
Third, any statute or rule issued under the statute should be
enforceable by the FTC like other FTC rules. This entails actions in
federal district court, authority to seek preliminary and permanent
injunctions and other equitable relief, and liability for civil
penalties of up to $11,000 per violation. (The amount of civil
penalties is governed by statutory factors, such as ability to pay,
previous history of such conduct, egregiousness of the conduct, etc.).
Fourth, any legislation should authorize states to enforce the
statute or FTC rule in federal court. A state enforcement mechanism has
proven successful in other areas of consumer protection, such as
telemarketing, and would make the states more capable law enforcement
partners with the Commission.
Finally, any statute should seek to assure consistency between
state and federal laws. The scope of the Internet and of email
communication is global, transcending national boundaries. Congress
should seek to minimize artificial barriers that would break up this
market.
Additionally, the criminalization of false header and routing
information should be explored. The FTC staff has been discussing with
criminal authorities the likely effect of a specific statute that
criminalized this conduct. At this time, the FTC has no recommendations
on whether changes in the criminal code are necessary or
appropriate.20
---------------------------------------------------------------------------
\20\ Any legislation that criminalizes certain types of spam
activities should not negatively impact the FTC's existing Section 5
authority or impose new standards of proof, scienter, or evidence for
civil enforcement cases.
---------------------------------------------------------------------------
Admittedly, we recognize that these legal steps alone will not
solve the growing spam problem. Nor is it clear what impact these steps
will have on some of the other problems associated with spam (e.g.,
volume and security). These issues may need to be addressed separately.
Nevertheless, the FTC believes that legislation, such as that described
above, would provide more effective investigative and enforcement tools
and would enhance the FTC's continuing law enforcement efforts.
CONCLUSION
Email provides enormous benefits to consumers and businesses as a
communication tool. The increasing volume of spam to ISPs, to
businesses, and to consumers, coupled with the widespread use of spam
as a means to perpetrate fraud and deception, put these benefits at
serious risk. The Commission looks forward to continuing its research,
education, and law enforcement efforts to protect consumers and
businesses from the current onslaught of unwanted messages.
The Commission appreciates this opportunity to describe its efforts
to address the problem of spam.
Mr. Stearns. Thank you. I would again note that, all
members, your testimony is made full and part of the record, so
we are going to try to insist the 5-minute rule knowing that we
are a little later than we originally thought we would be when
this hearing started. Mr. Betty, welcome.
STATEMENT OF CHARLES GARRY BETTY
Mr. Betty. Thank you, Mr. Chairman, ladies and gentlemen of
the committee, and thank you for inviting me to testify before
you today. My name is Garry Betty and I am the CEO of
EarthLink. EarthLink is the Nation's third largest ISP, serving
5 million customers nationwide with dial-up, broadband, web
hosting and wireless Internet services. As such, we are on the
front lines every day in the fight against this unsolicited
commercial mail that we have been hearing about for the last
hour or so, known as spam.
Spam is a problem and a growing problem. At EarthLink, have
seen over a 500 percent increase in receipt of spam in the last
18 months. And what originally began as an occasional
inconvenience has now grown as quite an annoyance. Spam creates
inefficiency, but, more importantly, for our customers spam is
the No. 1 thing that they least like about the Internet. Like
other statistics we have heard, 50 percent of all of our
incoming mail is spam. Our existing technology, filtering
technology does successfully eliminate 70 to 80 percent of
those messages from ever getting to our customers, but with
this rapid increase even 20 to 30 percent of a lot of spam is a
lot of unwanted mail getting to our users' in-boxes.
Many of the members of this panel have commented on cost.
Spam does cost Internet providers real money. Excess server
capacity, an abuse team working full time to ferret out and
close down sources of spam, internal and external legal fees
are costs that we incur trying to shut down the most egregious
of spammers. Spam is a pernicious problem. Get rich quick
schemes, effortless weight loss programs aren't anything new,
but the cost burden imposed by spam is. Unlike, as we have
heard, telemarketing or direct mail pieces, which require the
sender to pay for these messages, spam adds insult to injury by
shifting this cost burden to people like Earthlink and of
course the customers who have to delete that from their in-
boxes.
In order to combat spam, I think we must attack it on
several fronts. Legislation, litigation, enforcement, customer
education and technology solutions are all fronts in this
fight, and I will try to briefly address some of these efforts.
EarthLink supports legislation to help ISPs and consumers
fight spam. Congress is clearly engaged in this issue, as we
have heard today. We count no fewer than eight bills pending in
the House and Senate, and rather than speak to just any one
bill, we would like to note provisions in various bills which
we think will be helpful to ISPs like Earthlink and our
consumers.
Legislative provisions Earthlink supports include no
restrictions on an ISP's current ability to block spam on
behalf of its customers. ISPs are consumers' first line of
defense against spam. Recognition of ISPs rights of action
against spammers. As I will discuss, ISPs' lawsuits against
spammers are an effective tool to fight spam. Allowing recovery
of actual damages greater than the capital and statutory
damages, requirements for accurate sender, subject line and IP
address information, prohibitions on using harvested e-mail
addresses to send spam, and criminal penalties for non-
compliance.
Another important front in the fight against spam is
litigation. Earthlink was one of the first ISPs to sue
spammers. We filed over 100 lawsuits against spammers in the
last 5 years and most recently won a judgment in May of 2003
against Howard Carmack, known as the Buffalo Spammer, who was
estimated to send out over almost a billion spam messages
through Earthlink alone in an 18-month period. Earthlink's case
against Carmack is illustrative. Not only did we win a monetary
damage but more importantly we obtained permanent injunctive
relief against him. Furthermore, we make all ISPs third party
beneficiaries of such judgments. This bars the defendant,
Carmack, from sending spam to Earthlink customers or to
customers of any other ISPs, and we would urge other ISPs to do
likewise.
Obviously, this case was successful even without specific
anti-spam legislation. Rather we relied on a combination of
laws including Federal statutes, State statutes, new laws, such
as the Computer Fraud and Abuse Act, and time-tested notions of
common law, such as trespass and conversion. This is not to say
Federal anti-spam legislation is unneeded; rather, it should
supplement and strengthen the legal recourse available today to
ISPs and other parties.
Perhaps the most promising front in the fight against spam
is the implementation of technology solutions. Earthlink and
ISPs have generally relied on filtering software to limit the
amount of spam customers receive. Earthlink's filtering system,
known as spaminator, successfully filters 70 to 75 percent of
all junk mail before it ever gets to a customer's computer. It
also gives users customizable tools to further reduce unwanted
e-mails in their in-box. Filtering technology worked well until
recently, but the volume of spam has increased and this is just
not enough. Most recently, Earthlink introduced a new challenge
response e-mail system, called SpamBlocker. This is a new way
to give customers control over their in-boxes. Unlike filters
which deliver all messages except for the ones they filter out,
SpamBlocker keeps messages outside of the gate of a user's in-
box letting in only those messages recognized by the senders.
Mr. Stearns. Mr. Betty, you are a minute beyond the 5. In
summary----
Mr. Betty. In summary, I think we have implemented
technology with SpamBlocker that in my own case I used to get
over 200 a day. I now have not received one unwanted e-mail in
my personal mailbox in over 6 weeks.
[The prepared statement of Charles Garry Betty follows:]
Prepared Statement of Charles Garry Betty, CEO, EarthLink, Inc.
Mr. Chairman, ladies and gentlemen of the Committee, thank you for
inviting me to testify before you today. My name is Garry Betty and I
am the CEO of EarthLink. EarthLink is the nation's 3rd largest Internet
Service Provider (ISP) serving 5 million customers nationwide with
dial-up, broadband (DSL, cable and satellite), web hosting and wireless
Internet services. As such, we are on the front lines every day in the
fight against unsolicited commercial e-mail, commonly known as spam.
As you well know, spam is a growing problem. There are over 70
million American households and businesses online today and almost
every one of them has firsthand experience with spam. We at EarthLink
have seen a 500% increase in spam over the past 18 months. What was at
first an occasional inconvenience grew to be an annoyance and now
threatens to overwhelm online communications. E-mail is often described
as the Internet's ``killer app.'' Left unchecked, spam threatens to
kill the killer app.
Spam creates inefficiency. By some estimates, spam is responsible
for $10 billion a year in lost productivity to American businesses. As
an ISP, approximately 50% of all e-mail coming into our servers is
spam. AOL estimates this figure as high as 80% on their network. We are
able to filter out 70-80% of these messages before they ever get to our
customers, but the increasing volume means that lots of unwanted
electronic junk mail still gets to user's in-boxes. Spam costs Internet
providers real money. Excess server capacity, an ``abuse team'' working
full time to ferret out and close down sources of spam on the internet,
internal and external legal fees are all costs we incur because of
spam. While we don't publish exact figures on this, it is fair to say
that they are in excess of $10 million a year for EarthLink alone.
Spam is a pernicious problem. While get rich quick schemes,
effortless weight loss programs and pills that promise to enlarge body
parts are nothing new, the cost burden imposed by spam is. Newspaper
and magazines ads, telemarketing calls, direct mail pieces and signs
tacked to telephone poles all require the sender to pay for their
messages. Spam adds insult to injury by shifting this cost burden. Spam
costs virtually nothing to send. (One recent widely circulated spam
message for spammers advertises 20 million email addresses for
$149.00.) Instead, the costs of spam are borne by ISPs which must
handle this junk e-mail and by consumers who get their in-boxes filled
with it.
In order to win the fight against spam, we must engage it on
several fronts. In addition to legislation, we must also use
litigation, enforcement, customer education and technology solutions to
combat spam. I would like to briefly address each of these in turn:
Legislation
EarthLink supports legislation to help ISPs and consumers in the
fight against spam. And Congress is clearly engaged in this issue. We
count no fewer than seven bills currently being actively discussed in
the House and Senate. Rather than speak just to any one bill, we would
like to note several provisions in various bills which we think will be
helpful to ISPs and consumers, based upon the experience Earthlink has
had in suing some of the nation's most egregious spammers.
First, we support the provision in several bills which note that
they place no restrictions on an ISP's current ability to block spam on
behalf of its customers. ISPs are truly the first line of defense
against spam for consumers. ISPs that deploy effective filtering and
blocking techniques can spare their customers a good deal of the
aggravation that spam creates. However, since spammers are constantly
looking for new ways to defeat ISP blocking protections, it is
important to ensure that legislation does not limit the ability of ISPs
to adjust and refine their filtering and blocking techniques to
maximize their effectiveness.
Similarly, we support the provision in various bills that note that
ISPs have a right of action to pursue legal action against spammers. As
I will discuss in the next section, ISP lawsuits against spammers are
an effective tool in the fight against spam.
Next, we would urge caution in placing a cap on monetary damages.
Based on our own litigation experience, we believe that large monetary
damage awards against the most egregious spammers send a strong signal
about the seriousness of spamming and have a stronger deterrent effect
against other spammers. We would urge Congress not to impose a damages
cap on ISP legal actions against spammers.
Finally, we support requirements for accurate sender, subject line
and IP address information. Consumers must have accurate sender,
subject line and IP address information, and we applaud the legislative
efforts to confirm these basic requirements. For too long spammers have
deceived innocent victims with fraudulent and deceptive ``come-ons'' in
the subject lines, confusing consumers into thinking that they are
receiving e-mails from a trustworthy entity or friend. These deceptions
must be stopped and legislative efforts to address this are well
directed.
Litigation
Another important front in the fight against spam is litigation.
EarthLink was one of the first ISPs in the country to go after spammers
in court. Earthlink's successful 1997 case against Sanford Wallace and
Cyberpromotions stopped what was then one of the most prolific spammers
on the Internet. Since that time, EarthLink has filed lawsuits against
over 100 spammers. Most recently, EarthLink won a judgment in May 2003
against Howard Carmack the ``Buffalo Spammer.'' It is estimated that
Carmack sent out some 850 million spam messages over an 18-month
period, or an average of about 2 million messages a day.
EarthLink's case against Carmack is illustrative of our lawsuits
against spammers. While we were able to obtain a $16.4 million judgment
against Carmack, we just as importantly obtained permanent injunctive
relief, barring him from spamming again. Furthermore, when EarthLink
gets judgments against spammers, it asks the court to make all other
ISPs 3rd party beneficiaries of those judgments. This bars the
defendant spammer not only from sending spam to EarthLink customers,
but also from sending spam to the customers of any other ISP. We urge
other ISPs to do likewise in their suits against spammers.
Obviously, this case was brought successfully without specific
anti-spam legislation. Rather, we relied on a combination of laws
including federal statutes such as RICO and the ECPA, state statutes
such as the Georgia Computer Systems Protection Act, fairly new laws
such as the Computer Fraud and Abuse Act and time-tested notions of
common law such as trespass and conversion. In all, our complaint
against Carmack included 14 counts. This is not to say that federal
anti-spam legislation is unneeded, rather that it should supplement and
strengthen the legal recourse available today to ISPs and other
parties.
A postscript: Based on information developed in EarthLink's civil
case against Carmack, the New York Attorney General subsequently filed
criminal charges against him for identity theft, landing him in jail.
We believe this to be the first time that anti-spam litigation has also
led to a criminal arrest of a spammer.
Technology Solutions
Perhaps the most promising front in the fight against spam is the
implementation of technology solutions. EarthLink and other ISPs have
until now generally relied on filtering software to limit the amount of
spam their customers receive. EarthLink's filtering systems, known as
spaminator, filters out 70-80% of all junk e-mail before it ever gets
to a customer's computer. Spaminator also provides users with
customizable tools they can use to further reduce unwanted emails in
their inboxes. It is possible to increase the sensitivity of filters
such as spaminator, but you then begin to run the risk of filtering out
messages from legitimate senders which an e-mail user wants to receive.
Filtering technology has worked well until recently. Eighty percent
(80%) effectiveness was fine in filtering through a few dozen spam
messages a day. But as the volume of spam has increased 5-fold in the
past 18 months, Internet users are now bombarded with sometimes
hundreds of messages a day. An 80% effectiveness filter therefore lets
through an increasingly unacceptable number of spam messages.
Enter SpamBlocker, EarthLink's new challenge-response e-mail
system. Developed at EarthLink, spamBlocker presents a new way to give
customers control over their inboxes. Unlike filters, which default to
letting through email except for the messages they filter out,
spamBlocker keeps all messages ``outside the gate'' of a user's inbox,
letting in only those messages from recognized senders. SpamBlocker
allows a user to import their address book of valid senders and to
quickly and easily add names to that list. Rather than only eliminating
email from unknown sources it holds these messages in a Suspect E-mail
folder allowing the recipient to review and accept the messages they
wish to receive. SpamBlocker also sends the sender a one-time easy to
complete Allowed Sender Request Form. Able to be completed in several
seconds by an actual person, it will not be usable by an automated
email program or be able to be filled out at all where, as is often the
case, a spammer fakes the IP address which is the source of his spam.
SpamBlocker will virtually eliminate spam in a user's in-box and is
available free to all EarthLink subscribers.
Thank you for giving me the opportunity to testify today.
Mr. Stearns. Terrific. I wish we all could say that.
Mr. Betty. If you were an Earthlink customer, you could.
Mr. Stearns. I am going to check with my brother who has
it. Mr. Curran.
STATEMENT OF CHARLES CURRAN
Mr. Curran. Chairman Stearns----
Mr. Stearns. You have got to hit that button. Try again.
Mr. Curran. Chairman Stearns----
Mr. Stearns. No.
Mr. Curran. There we go. Chairman Stearns, Chairman Upton,
Congressman Markey and Congresswoman Schakowsky, I would like
to thank you, along with Chairman Tauzin and Congressman
Dingell, for the opportunity to testify today before your
subcommittees about the crisis in the growth of junk e-mail. I
work in AOL's Legal Department battling spam, and I have
overseen AOL's significant litigation efforts against spam
senders. I would like to share a perspective from the front
lines of the anti-spam war.
Spam has increased at an alarming rate because it is simple
and very inexpensive for spammers to send large quantities of
e-mail and because the open nature of Internet e-mail
technology makes it quite easy for spammers to conceal their
identities and the scope of their spamming activities.
Consumers, businesses and ISPs face an ever-increasing deluge
of spam, and unfortunately these recipients bear the cost of
processing all these messages that flood their in-boxes every
day.
Consumers and ISPs use filters to try to stop this type of
junk e-mail, but spammers constantly adapt. To make sure their
e-mail gets through to recipients and to hide their identities,
spammers resort to technologies of falsification and evasion.
The evasive techniques include falsifying header and routing
information, commandeering innocent parties' Internet servers
to send spam, hacking into e-mail accounts belonging to
innocent users and registering for multiple e-mail accounts or
domain names that are then used to establish false identities
for transmitting spam.
Recent studies by the spam filtering company, Brightmail,
estimate that up to 90 percent of spam involves these kinds of
outlaw techniques of evasion. More recently, many spammers are
now adopting computer hacker techniques, such as computer
viruses to hijack innocent consumer's computers and use them to
send spam untraceably.
This isn't an easy battle, and AOL believes it must be
fought on many fronts simultaneously in order to be truly
effective. That is why we fight the spam war using a
combination of technology, legal counter measures, member
education and empowerment and collaboration with others in our
industry. We are also working with legislatures such as members
of your subcommittees on more effective legislation to bring
accountability to spammers.
On the technology front, AOL uses strong filtering
technologies to limit the tide of spam entering AOL's e-mail
system, blocking up to 2.4 billion messages per day. We are
also deploying spam-fighting tools later this summer that will
allow our members to divert unwanted e-mail to a separate spam
folder and adapt spam filtering to their individual
preferences. We provide parents with strong tools, our parental
controls, to help keep offensive and objectionable e-mail out
of children's in-boxes, and we empower our members to report
spam, helping AOL to improve its technological counter measures
as well as to identify candidates for enforcement action. The
fact that AOL members report up to 10 million spam complaints
daily demonstrates the critical importance of spam fighting to
our members.
On the legal front, we have served well over 100 defendants
in 25 lawsuits, winning court injunctions and damages awards to
help deter spam senders. The defendants in these suits have
advertised pornographic web sites, get-rich-quick schemes and
other dubious products. AOL continually investigates this
spamming activity and cooperates with Federal and State
authorities in their enforcement actions. We believe that
enhanced enforcement is vital to curtailing the growth of spam.
The anti-spam litigation brought by ISPs, like AOL, Earthlink
and Microsoft, parallel the increasingly aggressive enforcement
actions brought by the Federal Trade Commission and State
attorneys general. Bringing anti-spam cases is often complex
and resource intensive because large-scale spammers try every
bit as hard to mask the profits from their activities as they
try to hide how they send their e-mails. To give one example,
in a recent Federal court case, it took AOL 2 years to expose
the complex web of shell and offshore companies used by large
scale pornography spammers.
Despite these obstacles, ISPs have strong incentives to
bring enforcement actions. First, such actions help improve the
experience of our subscribers by attacking the sources that the
spam our members complain about most. And, second, it helps to
reduce the overall volume of spam on the Internet. We believe
that even stronger enforcement tools are necessary to establish
the kind of criminal penalties and civil damages necessary, and
we thank the subcommittees for making spam a priority issue
this year. We are particularly grateful to Chairman Tauzin and
Congressman Burr, as well as Congresswoman Wilson, Dingell and
Green for introducing legislation that sets a solid foundation
to address this problem.
AOL believes that legislation should do three things to be
an effective tool, most importantly because of the seriousness
of the outlaw spam problem. Legislation must provide for strong
criminal and civil penalties against spammers who use deceptive
or fraudulent tactics to hide their identities. For large-scale
spammers who use these outlaw tactics, felony-level penalties
are needed to deter them for engaging in this crime.
Second, legislation should provide clear baseline rules of
the road for commercial e-mail sent by marketers who do not
engage in outlaw e-mail transmission techniques. These rules
should provide consumers with meaningful choices about the
commercial e-mail messages they receive from a particular
sender and should prevent end runs around consumers'
preferences by the use of sham corporate successors or
affiliates.
Finally, it is also critically important that legislation
provide for ISP civil enforcement of its prohibitions. ISPs
such as a AOL have a unique role to play in anti-spam
enforcements because of our firsthand knowledge of the problem
obtained through the complaints of our members and our
experience fighting the latest technologies used by spammers.
We applaud the efforts of this committee in tackling the spam
problem at this critical juncture and look forward to working
with you and other lawmakers to develop legislative solutions
that can help consumers and their ISPs prevail in the anti-spam
war. Thank you for the opportunity to testify, and I am happy
to answer any questions you may have.
[The prepared statement of Charles Curran follows:]
Prepared Statement of Charles Curran, Assistant General Counsel,
America Online, Inc.
Chairman Stearns, Chairman Upton, and Members of the Subcommittees,
on behalf of America Online, Inc., I would like to thank you for the
opportunity to testify before the Subcommittees on the issue of junk e-
mail--or ``spam.'' My name is Charles Curran, and I am an Assistant
General Counsel in the Legal Department at America Online, Inc., where
much of my time is spent battling spam. I have overseen AOL's extensive
litigation efforts against spam senders, and appreciate this
opportunity to share with the Subcommittees a perspective from the
front lines of the anti-spam war.
I would like to describe the nature of the spam problem, its effect
on ISPs and Internet users, and some of the things that AOL is doing to
help reduce spam, and to explain the role that ISP enforcement and
litigation play in fighting the spam problem. But first, I would like
to thank the full Committee for making the spam problem a priority
issue this year, and Chairman Tauzin, Rep. Burr, and others for
introducing a strong legislative vehicle that we believe sets a solid
foundation to address this problem. We believe that spam has grown to
present a critical threat to the Internet, and that the spam battle
must be fought on many fronts simultaneously in order to be truly
effective--including policy initiatives, ISP litigation, government
enforcement, spam filtering technologies, member tools and education,
and industry collaboration. While technology holds many of the answers
to this problem, we cannot succeed in the fight against spam without
government working with ISPs to play a strong and important enforcement
role. We are anxious to work with you to find a solution to this crisis
for e-mail on the Internet.
1. THE REASONS FOR THE SPAM CRISIS
The principal drivers of the explosive growth in the spam problem
are the ease with which senders can transmit large quantities of e-
mail, and the similar ease with which spammers can conceal their
identities as the source of this junk e-mail.
First, the e-mail medium makes it possible for senders to transmit
virtually unlimited quantities of advertising messages at very low
costs. Spammers do not bear the costs of processing, sorting and
delivering all these e-mails: instead, it is the recipients and their
ISPs who must absorb the costs of managing the huge volume of unwanted
mail. Spammers are limited in e-mail transmission volume only by the
low costs of Internet connectivity. And because e-mail is a nearly
costless medium for senders, spammers have every incentive to send out
as many e-mails as possible, even if virtually no recipients want or
respond to the promotions, and despite heavy costs to ISPs who have to
process these huge quantities of mail. These underlying economics are
the principal cause of the rapidly expanding volume of spam, and the
reason that ISPs and businesses everywhere are experiencing such a
tremendous surge in junk e-mail--as spammers send out even greater
numbers of junk mail messages to which fewer and fewer recipients will
ever respond. AOL estimates that spam accounts for a staggering 60-80%
of e-mail traffic that hits our e-mail filters from the Internet, and
external studies predict similar alarming trends in Internet e-mail as
whole.
The second essential feature of the e-mail medium that contributes
to the spam problem is the fact that the technical protocols used to
send e-mails on the Internet can be manipulated by spammers, both to
conceal their identities as spam senders and to conceal the volume and
scope of their e-mailing activities. The ``open'' nature of the
Internet and its underlying e-mail transmission protocols lend
themselves to abuse by spammers looking to evade accountability for
their activities, and undermine and evade the attempts of consumers and
ISPs to filter out or block their junk mail transmissions. In AOL's
experience, most spam is sent using such evasive, ``outlaw''
transmission techniques.
A technical struggle is now taking place on the spam front, one
which pits consumers and ISPs using defensive spam filtering
technologies against spammers who seek to exploit any technical
loophole that will allow them to get their mail through to a
recipient's e-mail box. A new and even more pernicious feature of this
technological war is the increasing adoption by spam senders of
computer hackers' tools--such as viruses and ``Trojan horses''--to find
ever more untraceable ways to use innocent parties' computers to cover
their tracks.
The combination of low sender costs and lack of sender
authentication is irresistible to unscrupulous junk mailers. As a
result, Internet e-mail users now find themselves being bombarded with
an ever-increasing volume of spam in their mailboxes, much of it
containing objectionable or misleading content. Indeed, the Federal
Trade Commission's May 2003 spam survey indicated that at least two-
thirds (66%) of junk e-mail contains falsified header or subject line
information, and spam filtering companies like Brightmail estimate that
as many as 90% of spam messages contain falsified header or routing
information that make them untraceable to a specific source. And so the
spam problem is not just a problem in terms of the increasing volume of
spam that businesses must process and deliver, but also a challenge for
all consumers whose confidence in Internet e-mail is being steadily
eroded by incessant waves of spam in their email in-boxes.
2. WHAT AOL IS DOING TO FIGHT SPAM
AOL fights the ongoing spam war using a combination of
technological and legal countermeasures, as well as policy initiatives
and collaboration with others in industry. In lawsuits involving well
over a hundred defendants, AOL has used the legal process to penetrate
the secret world of spam senders, not only to help ensure that spammers
face accountability for their actions, but also to better understand
and combat the techniques of concealment used by the spammers. AOL's
goal is to improve the experience of our more than 35 million account
holders, and to deter would-be spammers from sending huge quantities of
junk e-mail in the first place.
On the technology front, AOL uses a comprehensive set of filtering
technologies at the network level to limit the tide of spam entering
AOL's e-mail system and our members' mailboxes. In recent months, these
anti-spam filters have blocked as much as 2.4 billion pieces of
unwanted e-mail in a single day, which amounts to stopping almost 70
spam e-mails per account per day from reaching our members. To counter
the flood of spam, AOL dedicates not only significant computer
resources to filtering junk mail, but also a large staff of
technologists, who give AOL the ability to respond on a 24-hour basis
to the ever-changing tactics used by spam senders to attempt to
penetrate the AOL network.
AOL also empowers its members to fight spam through a combination
of robust e-mail controls and a ``Report Spam'' tool that lets them
report and delete unwanted junk e-mail directly from their mailboxes.
Using the ``Report Spam'' button, members have reported more than 10
million spam complaints to AOL in a single day. AOL uses these member
complaints not only to help identify and filter in real-time the spam
being sent to the AOL network, but also to identify large-scale abusers
for law enforcement purposes.
Starting later this summer, AOL 9.0, the latest version of AOL's
online service software, will provide AOL members with a completely
revamped suite of spam-fighting tools. These tools include a new
``Spam'' folder that is separate from a member's mailbox for incoming
e-mail, and to which suspected spam is automatically routed. Not only
will spam filtering be enhanced at the network level; members also will
be provided personalized and adaptive spam filtering tools that adjust
to the individual preferences of each user, as well as word-specific
and URL filters that a member can use to route potentially
objectionable mail to their ``Spam'' folder. AOL's overall mail
controls and Parental Controls will offer additional features to help
protect users of all ages from objectionable spam and the content it
contains, such as blocks on the display of embedded images. And AOL
will continue to provide our members with other important consumer
safety tips and tools that can help them reduce spam and improve the
security of their online experience--particularly in the broadband
environment, where it is critical that consumers know how to protect
themselves in the world of ``always-on'' high-speed connections that
spammers sometimes attempt to abuse.
On the legal front, AOL has been active in suing spammers since
1997. AOL has filed 25 lawsuits against more than 100 companies and
individuals responsible for the transmission of spam advertising
pornographic Web sites, get-rich-quick schemes, and other dubious
products. These lawsuits have demonstrated the ever-greater lengths to
which spammers go to conceal their activities and continue their theft
of resources from the Internet community. The suits have resulted in
court decisions that not only prohibit further spamming by the
defendants, but also awarded significant financial damages that have
bankrupted many spam senders. AOL's most recent suits, announced
earlier this year, targeted more than a dozen companies and individuals
responsible for sending more than a billion spam messages to our
consumers. AOL continues to investigate other spam senders, sending
hundreds of cease-and-desist letters to suspected spam senders and even
the vendors of spamming software, so as to deter others from entering
the spamming business. And we have cooperated with federal and state
enforcement authorities in separate enforcement proceedings, sharing
our technical expertise to help widen the overall scope of deterrence.
We're also building alliances with others in our industry to think
creatively and constructively about how to curb the overall spam
problem. We've joined with Microsoft, Yahoo! and Earthlink to drive a
dialogue with other industry stakeholders necessary to the development
of open technical standards and industry guidelines that will help
fight spam. We also welcome the actions that Earthlink, Microsoft, and
other ISPs have taken to fight spam on the legal front, and look
forward to finding new ways that industry can work together to collect
the technical evidence necessary to bring spammers to justice.
Finally, AOL works with federal and state policymakers to support
efforts to reduce spam by enacting laws that specifically target the
deceptive, ``outlaw'' tactics used by spam senders, and that deter the
sending of spam by establishing appropriate financial and criminal
penalties. For example, we worked with Virginia legislators, the
Attorney General, and the Governor to get a tough new law enacted in
Virginia earlier this year that provides felony-level penalties for
spammers who send significant quantities of spam by fraudulent means.
AOL is grateful to the Members of the Subcommittees for their
willingness to consider similar tough remedies in federal legislation.
3. THE CRITICAL ROLE OF ISP ENFORCEMENT
Currently, the anti-spam litigation campaigns of ISPs like AOL,
Earthlink and Microsoft complement the vigorous efforts of the Federal
Trade Commission and State Attorneys General in this regard. ISPs have
a critical role to play in anti-spam enforcement efforts, not only
because we have a wealth of member complaints and evidence to support
effective legal action, but also knowledge from the front lines of the
spam battle of the complex and rapidly changing technologies used by
most spam senders to evade detection.
It is very important that federal anti-spam legislation provide for
ISP civil enforcement of both civil and criminal anti-spam
prohibitions. The spam problem has reached a sufficient magnitude that
government enforcement alone cannot stem the tide, and must be
complemented by sustained, industry-wide enforcement by ISPs. In many
cases, ISP assistance not only helps provide an important source of
evidence for criminal and other government enforcement--including
uncovering the identities of ``king pin'' spammers: it also is critical
to unmasking ``state-of-the-art'' technological exploits used by
spammers to avoid any kind of accountability.
ISPs like AOL aim to litigate against large-scale spammers, but the
spammers making the greatest profits from their activities naturally
expend significant efforts to conceal not only how they transmit their
spam, but also how they receive revenue from their activity.
Consequently, tracking down such spammers through litigation is often
highly complex, resource intensive, and time consuming. To provide one
example, some large-scale pornography spammers against whom AOL had
originally obtained a federal injunction tried to circumvent that
prohibition by transferring ownership of their pornography domains
through shell companies and offshore entities. A sustained, two-year
investigative process was needed to demonstrate the ``vast . . . cyber-
oriented, multi-state and multi-national conspiracy'' that a federal
court concluded warranted a $6.9 million damages award against the
defendants.1
---------------------------------------------------------------------------
\1\ AOL v. CN Productions, Court Order and Memorandum Opinion (10/
25/02) at pp. 24-25, available at http://legal.web.aol.com.
---------------------------------------------------------------------------
Similarly, large-scale sponsors of spam often use complex business
structures to attempt to distance themselves from the actual
transmission of spam. For example, AOL engaged in extensive litigation
against pornographic Web site operators who used a so-called
``Webmaster'' business model.-- Under this model, the Webmasters
obtained a share of the revenue derived at the pornography operator's
Web sites, based upon traffic driven to these sites by spam.-- The site
operators claimed, unsuccessfully, that the spam senders were
``independent contractors'' for whose actions they were not
responsible.
Most spammers also conceal or dissipate the profits of their
activity and, as a consequence, legal judgments against them often are
difficult to collect. The difficulty in holding such spammers
accountable financially, combined with the complexity and expense
necessary to even identify their activities, mean that spam enforcement
is far from a source of profits for ISPs.
But despite these obstacles, ISPs still have very strong incentives
to bring enforcement actions. First, such actions help to improve the
online experience of our individual members. Our members help us
identify the most objectionable forms of spam through their spam
complaints, and rightly expect us to take action to stop it. Second,
spam forces ISPs to make significant network and personnel expenditures
to process truly gigantic volumes of unwanted mail. ISP enforcement
thus not only serves to improve the member experience, but to create
deterrence to spam senders whose large-scale e-mail transmissions pose
the biggest burden to the Internet as a whole.
In short, ISP civil enforcement serves the interests of Internet
users and the entire Internet community by helping identify the most
appropriate targets for enforcement, illuminating the technologies and
subterfuges used by spammers to evade detection, and complementing and
supporting the actions taken by federal and state law enforcement.
Consequently, the ability of ISPs to sue for spam-related activity is
vital, in conjunction with government enforcement, to controlling the
spam problem.
4. THE NEED FOR STRONG CRIMINAL AND CIVIL PENALTIES AGAINST ``OUTLAW''
SPAMMERS
While ISPs have used existing law to attempt to stem the tide of
spam, stronger legislative enforcement tools are needed not only to
keep up with the ever-evolving techniques of transmission evasion used
by spammers, but also to establish the kinds of criminal penalties and
civil damages necessary to deter spammers from engaging in such
activities. Additionally, strong penalties prohibiting such ``outlaw''
techniques are essential to ensuring that future technologies promoting
``trusted'' e-mail can be used to help improve consumers' e-mail
experience.
The ``outlaw'' techniques that spammers typically have used to
conceal their activities include: (1) the falsification of e-mail
transmission information and misappropriation of innocent third
parties' domain names in such e-mails; (2) the transmission of e-mail
from hacked e-mail accounts belonging to innocent users; and (3)
registration for multiple e-mail accounts or domain names that are then
used to establish false identities for transmitting spam.
More recently, spammers have resorted to hijacking vast blocks of
Internet addresses--so-called ``zombie netblocks''--from which spammers
attempt to hide the scope of their activities by sending their e-mail
in small quantities from literally thousands of different places.
Additionally, there has been a sharp upsurge in spammers' surreptitious
use of innocent parties' Internet servers--the so-called ``open
proxies''--by which spammers convert computer servers to e-mail
processing facilities for their spam, once again concealing both the
true source and scope of their e-mail activities. The most alarming
recent development is spammers' increasing use of computer viruses to
turn the computers of consumers with residential broadband connections
into an unwitting ``stealth'' network for spam transmission.
``Outlaw'' spam has increased alarmingly in the past year, and we
believe that this dramatic growth underlies the astonishing increase in
overall spam volume. These spammers are hijacking the computer
resources and bandwidth of private consumers and businesses large and
small, threatening to overwhelm the entire online medium.
We are particularly pleased that both H.R. 2214 and H.R. 2515
contain criminal prohibitions addressing these abuses, as well as ISP
civil remedies that set statutory damage penalties. We look forward to
working with the Subcommittees, this Committee and the Judiciary
Committee on several refinements to make these prohibitions even more
effective.
Federal legislation also can serve an additional important purpose
by establishing baseline rules of the road for those advertisers who
use the e-mail medium to reach consumers, but who do not use ``outlaw''
transmission tactics. Such rules, combined with industry standards and
new spam-fighting technologies developed by relevant stakeholders, will
help ensure that marketers use e-mail responsibly, and also will
enhance the ability of consumers to make choices, through the use of
technology filters, about the kinds of email they wish to receive.
We are pleased that Members of the Subcommittees and the full
Committee have taken an interest in addressing the spam problem and are
working to advance legislative solutions.
In the meantime, AOL is committed to maintaining a leadership role
in the fight against spam. The goodwill and trust of our members
depends on our continued focus on developing solutions to this problem.
Spam continues to be the number one issue that we hear about from our
members, and is AOL's number one customer satisfaction priority. AOL
will continue to pursue strong enforcement actions and innovate our
spam fighting tools--giving our members even greater control. But
ultimately, we believe the spam battle must be fought on many fronts
simultaneously in order to be successful. From technology to education,
from legislation to enforcement, industry and government can work
together to reduce spam significantly and give consumers control over
their e-mail inboxes.
Thank you for the opportunity to testify; I am happy to answer any
questions you may have on this topic.
Mr. Stearns. Thank you very much.
Mr. Rubinstein.
STATEMENT OF IRA RUBINSTEIN
Mr. Rubinstein. Chairman Upton and members of the
subcommittee, my name is Ira Rubinstein, and I am an associate
general counsel at Microsoft Corporation. Thank you for this
opportunity to share Microsoft's views on an issue that needs
the attention of Congress and the work of your subcommittees:
The adoption of effective anti-spam legislation that
complements technological and industry-based measures and
strengthen existing enforcement tools. We commend you for
taking on an issue that harms millions of American consumers
and businesses every day.
Microsoft supports the legislation introduced by Chairman
Tauzin and Representative Burr as well as legislation
introduced by Representatives Wilson and Green, both of which
are co-sponsored by several members of the subcommittees. These
proposals will help strengthen existing enforcement mechanisms,
including the abilities of ISPs to prosecute spammers on behalf
of their customers and give law enforcement and the FTC
additional means to penalize spammers. They also include
important civil and criminal penalties that will help make
fraudulent spammers more accountable and deter would be
spammers from sending fraudulent e-mail to consumers. We
commend the sponsors of these bills for their leadership and
are grateful that these proposals contain these important
elements.
In my written testimony, I discuss Microsoft's
technological advancements to help fight spam and our
cooperation with law enforcement around the world to prosecute
fraudulent spammers. Today, however, I want to address how
Congress can enable technology to win the battle against spam.
To date, the fight against spam has been largely devoted to
filtering, which automatically screens e-mail messages and
blocks those determined to be spam. Filtering has proven to be
a critical mechanism to reduce the volume of spam. Microsoft
filters block over 2.4 million spam messages a day from
reaching our customers, but filters are in an arms race with
the ever-growing volume of spam. Today, because filters do not
have detailed information about senders, they sometimes capture
wanted e-mail and let spam through. However, there a number of
ways to improve filtering. By providing filters with more
information about senders of commercial e-mail, we can reduce
spam volume with minimal impact on accuracy of filters, thereby
improving consumers' confidence in the e-mail messages they
receive and their willingness to opt out from unwanted e-mail.
Both industry and government have important roles to play
in helping filters work better. Industry can help by creating
organizations that will establish commercial e-mail guidelines
and certify senders who follow such guidelines through seals
that can be identified by filters and seen by customers.
Similar organizations already help in protecting consumers'
privacy online. For example, think of TRUSTe and BBBOnline.
Backed by sufficient industry support, e-mail best practices
could similarly help spam filters and consumers distinguish
between legitimate businesses and unlawful spammers.
Government can help by jump starting independent e-mail
trust authorities through legislative initiatives. We believe
legislation is necessary in this area because today, even
though many individual companies are doing the right thing,
there are no broadly adopted e-mail best practices. There is
also no easy way for these companies to participate in such
programs and show that they adhere to best practices. With a
critical mass of participants, filters will work as intended
and block unlawful spam from reaching consumers' in-boxes.
To encourage the widespread adoption of e-mail best
practices, a legislative incentive is needed. We suggest an
ADV, or advertisement label, be put on all unsolicited
commercial e-mail unless the sender comes within a safe harbor
that requires membership in a best practice program. To be
clear, we are not proposing a stand-alone ADV requirement;
rather, we see it as a means to drive the widespread adoption
of e-mail best practices. There are incentives other than ADV
labeling that Congress could also select.
Without mandating a technology or one-size-fits-all
solution, our safe harbor identifies several basic components
that industry guidelines must incorporate, such as giving
consumers notice of how e-mail addresses will be used and to
whom they will be disclosed. But the proposal is market-based
permitting industry to take the lead in developing specific
guidelines within these parameters. We expect a number of
industry safe harbor organizations to emerge. We encourage the
members of these subcommittees to include a legislative
incentive that drives the widespread adoption of e-mail best
practices in any anti-spam proposal. The importance of
promoting technological solutions to fight spam should not
overlooked.
In conclusion, we commend the subcommittees for holding
this hearing today and appreciate your determination to seek
strong legislation to help stem spam. Microsoft is committed to
working with you to craft effective Federal anti-spam
legislation. Thank you.
[The prepared statement of Ira Rubinstein follows:]
Prepared Statement of Ira Rubinstein, Associate General Counsel,
Microsoft Corporation
Chairman Stearns, Chairman Upton, Ranking Member Schakowsky,
Ranking Member Markey, and Members of the Subcommittees: My name is Ira
Rubinstein and I am an Associate General Counsel at Microsoft
Corporation. I want to thank you for the opportunity to share
Microsoft's views on an issue that needs the attention of Congress and
the work of your subcommittees: the adoption of effective anti-spam
legislation that complements technological and industry-based measures
and strengthens existing enforcement tools. There are plenty of
statistics that document with convincing evidence that spam presents an
intolerable burden to consumers and network operators alike, but all
the evidence most Americans need is to log on their computer in the
morning and see a string of e-mails that are at best distractions and
all too often are illegal or shocking.1
---------------------------------------------------------------------------
\1\ Last year, an estimated 1.8 billion spam e-mails were sent each
day, accounting for nearly 40 percent of all e-mail sent over the
Internet. This year, that number is expected to climb to well over 10
billion a day. That is over half of all e-mail sent worldwide and is up
from 7 percent in 2001. See Jonathan Krim, ``Spam's Cost to Business
Escalates,'' Washington Post March 13, 2003 at A1 (citing study
conducted by Brightmail Inc.).
---------------------------------------------------------------------------
Microsoft is here today because the risk of inaction and the risk
of not combating spam will render this vital communications medium so
cluttered with interference that it will no longer be seen as a
reliable and efficient communications tool. Spam filters are doing
their best; indeed, Microsoft's filters block over 2.4 billion spam
messages a day. But the filters cannot keep up with the ever-growing
volume of spam. And consumers, understandably, are quickly losing
confidence in the value of their inboxes. We welcome the important work
of the Subcommittees and the sponsors of anti-spam legislation and look
forward to working with you to see that strong anti-spam legislation is
passed to preserve e-mail as an important link in our society.
Microsoft brings to the debate on spam a perspective that sees the
problem from different angles and reflects the policy balance facing
the Subcommittees. As a provider of Internet and e-mail based services,
Microsoft currently bears the bandwidth, storage, and software costs of
processing spam and spends countless hours responding to customer
concerns about their receipt of ever-growing amounts of junk e-mail. As
a developer of filtering technology, we are constantly trying to
prevent spam from clogging our e-mail system and stay a step ahead of
spammers who use a range of illicit practices to avoid detection. And,
as a company that uses e-mail to responsibly communicate with
customers, we worry that our messages are getting lost in the noise of
spam.
This perspective drives us to recommend a balanced, multi-pronged
approach to combating spam. This approach depends on the combined
efforts of industry and government, and includes the following
elements:
(1) Developing and implementing new and more sophisticated
technological tools to combat spam;
(2) Aggressive enforcement campaigns by both the private and public
sector to penalize illicit spamming practices and deter others
from engaging in these activities; and
(3) Federal legislation that strengthens existing enforcement tools and
encourages the widespread adoption of e-mail best practices and
a means for filters and consumers to identify senders that
adhere to such practices.
First, I address the focus of this hearing--legislation to combat
spam. I next turn to a discussion of technological developments and how
we in industry are using our know-how to develop cooperative strategies
to track down spammers. I then describe some of our recent enforcement
actions against spammers and our work with law enforcement around the
world to combat this growing problem.
STRONG FEDERAL ANTI-SPAM LEGISLATION IS NEEDED
Microsoft supports strong federal anti-spam legislation because the
current legal and regulatory regime is simply not up to the task.
Although ISPs have achieved some success in using litigation and other
techniques to police spam, existing laws need to be strengthened to
focus on the problems raised by spam, such as the forging of sender
information, that make it difficult to prosecute spammers successfully.
Also, the spam problem is not one that can be eradicated through the
efforts of Microsoft and other ISPs alone. For these reasons, we
support federal anti-spam legislation that strengthens existing
enforcement mechanisms, including the ability of ISPs to prosecute
spammers on behalf of their customers, and provides both law
enforcement and the FTC with additional means to penalize spammers. A
number of important legislative proposals have been introduced along
these lines, including H.R. 2214 and H.R. 2515, and we commend the
sponsors of these bills for their insight and look forward to
continuing to work with them to craft effective anti-spam legislation.
As the Subcommittees consider these proposals and seek to write
legislation, we urge you to adopt:
Incentives for legitimate marketers to distinguish themselves
and thereby improve technology. Legislation has a role to play
in supporting effective filtering technology by creating
incentives for e-mail marketers to adopt e-mail best practices
and to certify themselves as trusted senders who can be more
easily identified by consumers and filters alike. Promoting
technology in this fashion is an important addition to any
anti-spam proposal.
Strong civil and criminal penalties for fraudulent e-mails.
Anti-spam legislation should prohibit the use of false or
misleading header information (including source, destination
and routing information), false or misleading subject lines,
and the misuse of third-party domain names and IP addresses. It
also should capture all bad actors involved in the chain of
sending fraudulent e-mail.
Effective ISP, State AG and FTC Enforcement. Enforcement is a
critical component of attacking the spam problem. ISPs and law
enforcement currently invest considerable time and effort to
locate and prosecute spammers on behalf of their customers.
Anti-spam legislation should support these efforts and not
raise roadblocks--such as burdens of proof or affirmative
defenses--that will inhibit meaningful enforcement.
Express language that preserves ISPs' right to combat spam.
ISPs have the incentive to combat spam; it is essential that
ISPs maintain the ability to do so. Any anti-spam law should
expressly state that its provisions do not impose an obligation
upon ISPs to carry or block certain types of e-mail messages.
Such a provision would not shelter ISPs from liability for
filtering; rather, it would simply clarify that the anti-spam
law does not grant senders of e-mail messages new rights that
they do not have today.
Federal preemption with appropriate carve outs. Federal
preemption of state statutes that regulate the sending of
commercial e-mail messages is needed, provided the federal
anti-spam law contains strong substantive requirements.
However, ISPs rely heavily on state contract and trespass laws,
as well as laws relating to computer fraud and theft, in their
fight against spammers. Thus, preemption in any anti-spam law
should carve out such important state laws.
Industry Best Practices Buttressed by Strong Enforcement
These legislative principles seek to enhance existing anti-spam
technologies and leverage the self-regulatory features of a best-
practices regime with serious, and necessary, enforcement mechanisms.
To date, much of the effort in the fight against spam has been devoted
to ``filtering,'' which involves the automatic analysis of e-mail
messages to determine whether or not they are spam. Once a filter has
determined that a message is spam, the e-mail system can take
appropriate action, such as placing the message in a Junk Mail folder
or deleting it prior to delivery. Filtering has proven to be a useful
and necessary mechanism to reduce the volume of spam traveling over ISP
and corporate networks.2 Already, filters on the servers at
MSN and Hotmail block more than 2.4 billion messages a day, before they
ever reach our customers' inboxes.
---------------------------------------------------------------------------
\2\ An internal IT consultant at a Fortune 50 energy company
conservatively estimates that filtering enables the company to save
between $100 and $200 million per year. See Meredith Levinson,
``Seething Over Spam,'' CIO, Jan. 2003, available at http://
www.cio.com/archive/111502/et--article.html.
---------------------------------------------------------------------------
Even with the passage of legislation, filtering will continue to
play an essential role, both as a means of dealing with those who
ignore or are beyond the scope of the law (e.g., foreign spam) and to
help consumers manage their inboxes. But technology needs help. Today,
because filters do not have detailed information about senders, they
may misclassify legitimate e-mail as spam (producing so-called ``false
positives'') and mistakenly fail to catch all spam (producing ``false
negatives''). By providing filters with more information about senders
of commercial e-mail, we can reduce the risk of these types of mistakes
and we can improve consumer's confidence in the e-mail messages they
receive.
Both industry and government have important roles to play in
enabling filters to work better. Industry can help by creating
independent e-mail trust authorities that will establish commercial e-
mail guidelines and certify senders who follow such guidelines through
``seals'' that can be read by filters and understood by consumers.
Similar authorities already help in protecting consumer's privacy
online, with organizations such as TRUSTe and BBBOnline providing
certification for websites that follow certain privacy guidelines.
Backed by sufficient industry support, e-mail best practices could
similarly help distinguish between legitimate businesses and
spammers.3
---------------------------------------------------------------------------
\3\ One program that has established guidelines for e-mail
communications is described at http://www.postiva.com/article/sitemap.
---------------------------------------------------------------------------
Government can help by ``jump starting'' the creation of and
participation in independent e-mail trust authorities. Today, few
industry members follow broadly adopted e-mail guidelines and even
fewer utilize technology to show that their messages adhere to such
guidelines. An effective way to encourage marketers to adopt e-mail
best practices is to give them an incentive to do so. Our proposal is
that an advertisement or ``ADV:'' label be put on all unsolicited
commercial e-mail unless the sender comes within a Safe Harbor that
requires membership in an FTC-approved self-regulatory organization
that complies with certain e-mail best practices. We want to make it
clear that we are not proposing a stand-alone ``ADV:'' requirement but
rather see it as a means to drive the widespread adoption of e-mail
best practices. There may be other sound ideas on giving industry
incentives to adopt e-mail best practices but use of the ``ADV:'' label
has the additional benefit of allowing consumers to easily identify
unsolicited commercial e-mail and to customize their spam filters to
either deliver such mail or automatically delete it.
Without mandating a technology or one-size-fits-all solution, this
Safe Harbor proposal identifies several basic components that industry
guidelines must incorporate, such as notice to consumers regarding the
use and disclosure of their e-mail addresses. But the proposal is
market-based, permitting industry to take the lead in developing
specific guidelines that go above and beyond the basic e-mail best
practices identified. This will allow industry self-regulatory
organizations to emerge and compete on the basis of the strength of the
e-mail practices they certify and on their enforcement. The Safe Harbor
proposal also gives the FTC the authority to ensure e-mail trust
authorities adopt e-mail practices that satisfy legislative
requirements. Participants that fail to live up to the guidelines would
face involuntary termination and mandatory public reporting. In
addition, such participants would be referred to the FTC, thus
providing the FTC with an additional enforcement tool.
Critics claim that industry can do this on its own and therefore
legislation is not necessary. But without appropriate incentives, there
is no guarantee that a critical mass of industry members will certify
their adherence to industry e-mail best practices. Without a critical
mass, makers and users of spam filtering software will not bother to
modify their software to recognize senders that participate in e-mail
best practice programs. If only a few makers of email software modify
their software to recognize such participants, few, if any, senders
will comply because it would not be worth the expense.
On the other hand, with a critical mass of participants, developers
and users of spam filtering software would find it very useful to use a
certificate of compliance with e-mail best practices as a means to help
them avoid filtering good mail. In addition, legitimate senders would
find it worth their cost to sign up. Better yet, if most or all
legitimate mail senders sign up, then any remaining commercial e-mail
would be from those unlawful spammers who do not abide by e-mail best
practices and such e-mail could be filtered aggressively. In the end,
filters would work as intended and block unlawful spam from reaching
consumers' inboxes.
Microsoft believes that the widespread adoption of e-mail best
practices along with a method to associate e-mail communications from
businesses that adopt such best practices will ameliorate many of the
problems currently associated with spam. Consumers will be able to
exercise choice since they can recognize e-mails from businesses that
follow e-mail practices with which they are comfortable; businesses
will be able to distinguish their legitimate electronic communications
from spam; and filters will be better equipped to identify e-mail
communications from legitimate senders, thereby reducing false-positive
and false-negative problems.
SPAM THREATENS VIABILITY OF E-MAIL AS A COMMUNICATIONS MEDIUM
The reason why strong federal anti-spam legislation is needed is
because spam plainly threatens the viability of what has become a
critical communications medium. The anti-spam software company
Brightmail has projected that at least half of all e-mails individuals
and businesses receive will be spam by September 2003 or
earlier.4 By 2007, unless significant changes are made, it
is estimated that more than 70 percent of all e-mail messages will be
spam.5
---------------------------------------------------------------------------
\4\ PR Newswire, ``Spam on Course to Be Over Half of All E-mail
This Summer,'' July 1, 2003.
\5\ ePrivacy Group, ``Spam: By the Numbers'' (2003), available at
http://www.eprivacygroup.com (citing Radicati Group).
---------------------------------------------------------------------------
The reason for this exponential growth is simple: spam is cheap and
easy to send. For roughly ten dollars a month, a spammer can obtain an
ISP account and for another thirty dollars, websites such as
BulkBarn.com offer all of the following: 300,000 ``fresh bulk e-mail
addresses'' a week, bulk e-mail starter kits, and free bulk e-mail
software.6 Using such systems, spammers can send 650,000 e-
mails per hour from an inexpensive mail server. And given that 100
responses for every 10 million messages sent can generate a profit,
spammers have no financial incentive to stop the massive junk
mailings.7 There is little reason for a spammer to limit the
number of messages sent, or be selective about the chosen recipients,
since the marginal cost of every additional message is effectively
zero.
---------------------------------------------------------------------------
\6\ Melissa Solomon, ``The Other Side,'' Computerworld, November
11, 2002, available at http://www.computerworld.com/softwaretopics/
software/groupware/story/0,10801,75736,00.html.
\7\ ePrivacy Group, ``Spam: By the Numbers'' (2003), available at
http://www.eprivacygroup.com (citing the Detroit Free Press); Mylene
Mangalindan, ``For Bulk E-mailer, Pestering Millions Offers Path to
Profit,'' Wall Street Journal, November 13, 2002.
---------------------------------------------------------------------------
Of course, spam is cheap to send, but not to receive. Ferris
Research estimates that spam will cost U.S. corporations more than $10
billion in 2003.8 This figure includes productivity losses
and the additional equipment, software, and manpower needed to combat
the problem. According to some analysts, it costs roughly $250 to send
a million spam messages, but it costs about $2,800 in lost wages, at
the federal minimum wage, for those same million spam messages to be
deleted.9 And spam impacts all organizations, big and small.
IDC estimates that for a company with 14,000 employees, the annual cost
to fight spam is $245,000.10
---------------------------------------------------------------------------
\8\ Scott Bekker, ``Spam to Cost U.S. Companies $10 Billion in
2003,'' ENT News, January 9, 2003, available at http://www.entmag.com/
news/article.asp?EditorialsID=5651 (citing conclusions of Ferris
Research study). [can we cite to actual Ferris Report?]
\9\ Theo Emery, ``Meeting Takes Aim at Spam,'' Associated Press
(citing researcher at MIT), available at http://www.ohio.com/mld/
beaconjournal/business/5028845.htm.
\10\ Jonathan Krim, ``Spam's Cost to Business Escalates,''
Washington Post, March 13, 2003 at A1, available at http://
www.washingtonpost.com/ac2/wp-dyn/A17754-2003Mar12 .
---------------------------------------------------------------------------
ISPs are hit particularly hard by the spam problem. They spend
millions of dollars each year because of spam, implementing and
updating filtering software, providing additional server space and
processor power to deal with the high volumes of e-mail, and giving
support to customers frustrated by the receipt of a barrage of unwanted
messages. In addition, the transport and delivery of spam places
significant stress on ISPs' mail servers, delaying the speed and
effectiveness of all e-mail communications and causing system outages.
Spam also harms the ability of legitimate businesses to use e-mail
to communicate with existing customers. Many businesses are simply
afraid to use e-mail to contact their customers for fear of being
branded spammers. Others are concerned that their e-mails will not be
found among the mass of spam filling up most consumers' in-boxes. This
is of particular concern for critical service industries such as
security and insurance firms, where customer contact is regulated and
necessary and the communication vehicle they use must be reliable.
The economies of spam favor the abusers and disfavor the victims--
i.e., consumers. Consumers are forced to spend time and energy
assessing, reviewing, and discarding spam. In a study recently released
by Symantec Corporation, 65 percent of the 1,000 people surveyed
reported spending more than 10 minutes each day dealing with
spam.11 And 37 percent of the survey respondents indicated
that they received more than 100 spam messages each week.12
Consumers also must contend with e-mail messages that use misleading
subject lines to induce them--or, worse, their children--into viewing
messages that contain sexually explicit material. According to
Symantec's survey, 69 percent of respondents agreed or strongly agreed
that spam is generally harmful to e-mail users. In addition, 77 percent
of respondents with children under the age of 18 noted that they are
concerned or very concerned about their children reading
spam.13
---------------------------------------------------------------------------
\11\ News Release, ``Symantec Survey Reveals Growing Concerns Over
Spam,'' http://www.symantec.com/press/2002/n021202.html.
\12\ Id.
\13\ Id.
---------------------------------------------------------------------------
From virtually any perspective, spam has become a significant
problem that threatens to cripple the worldwide e-mail system.
Consumers are walking away from their e-mail accounts because they
simply can't deal with the problem. It is time for the private and
public sectors to come together to preserve the viability of this
critical communications medium.
INDUSTRY IS DEVELOPING NEW TECHNOLOGICAL TOOLS TO COMBAT SPAM
We recognize that federal legislation alone is not sufficient to
combat spam. This is why a critical element of Microsoft's multi-
faceted anti-spam strategy focuses on developing new and more
sophisticated technological tools. Recognizing the increasing
importance of fighting spam on behalf of our customers, we recently
created a new Anti-Spam Technology and Strategy Group that brings
together specialists from across the company and integrates all of our
anti-spam strategy and R&D efforts. The combined efforts and expertise
of this group has enabled us to create new anti-spam technologies that
are even more precise, easier to use, and adaptable. We are working to
integrate them into more of our products, particularly MSN, Hotmail,
Outlook and Exchange.
For example, MSN 8 employs machine-learning technology to enable
customers to train their filters to separate desirable e-mail from
undesirable spam. It also uses a collection of more than 200 million e-
mail addresses, called a Probe Network, to attract spam before it is
delivered to a customer's e-mail inbox. Finally, it allows customers to
choose from three levels of filtering protection to capture certain
types of incoming e-mails, or they can choose to receive e-mails only
from individuals who are on their ``safe lists.'' Microsoft also
recently updated MSN 8 with further improvements in its spam
technologies, giving customers an option to block offensive images in
e-mail, and adding the ability to filter mail in languages besides
English.
Microsoft also recently announced the inclusion of new anti-spam
technologies in our new Exchange Server 2003 for partners. One tool
allows partners to integrate their anti-spam solutions with Exchange
Server 2003 functions. Partner solutions will be able to scan incoming
e-mail messages and attach a numeric score, or ``Spam Confidence
Level'' (SCL), to each message. The SCL indicates the probability that
the message is spam, and based on a threshold set by an administrator,
the message will be forwarded to either the recipient's inbox or junk
mail folder. Exchange 2003 also allows administrators to assign
enterprise-wide ``allow/deny'' lists and to integrate real-time black
hole list services, which provide immediate spam blocking if a sender
is a known spammer. In addition to its anti-spam tool, Exchange Server
2003 works with junk mail filters in Microsoft Office Outlook 2003.
These filters allow users to block content using default settings,
assign ``safe'' and ``block'' lists, automatically file junk mail to
their trash folders, and profile spam by assigning points or scores to
certain keyword identifiers.
Microsoft has also joined forces with other ISPs to better enable
systems operators and consumers to block and filter spam. In April,
Microsoft, AOL and Yahoo! announced a wide-ranging set of initiatives
to fight spam together. Since then, Earthlink has joined the effort,
which involves promoting business guidelines, best practices and
technical standards that can help curb spam sent or received via any
online service or computing platform.
As an example of our combined work in this regard, we are working
on a new initiative aimed at eliminating the common practice of
``domain spoofing'' where spammers substitute fictitious sending
addresses and even remove all origination data to mask their true
identity and location. Under this initiative, software used in
transmitting and receiving e-mail will be able to determine whether a
message that claims to originate from [email protected] was actually
sent from example.com. Spam filters can then take into account evidence
of a spoofed domain when deciding whether or not a message is spam.
This simple change alone will help filter out a significant percentage
of spam.
ISPs are working together to support other anti-spam technological
advancements, including restricting e-mails from systems determined to
be open to unauthorized use (such as open relays, open routers, or open
proxies). We are also working together to share information about
spammers who set up many different e-mail accounts to avoid detection.
This will help put an end to this game and shut spammers down more
effectively.
ENFORCEMENT IS A CRITICAL COMPONENT OF COMBATING SPAM
Enforcement is another critical element of our multi-pronged
approach to fighting spam. On June 16, Microsoft filed 15 lawsuits in
the United States and the United Kingdom against companies and
individuals alleged to be responsible for billions of spam messages
sent in violation of state and federal laws. We have undertaken this
enforcement campaign in response to the thousands of subscriber
complaints received every day. Like other providers or Internet access
and e-mail services, our top priority is ensuring that our subscribers
feel comfortable using e-mail to communicate.
Our aggressive litigation campaign is targeted at stopping some of
the most offensive e-mail practices affecting Microsoft customers. In
some cases, defendants are alleged to have used deceptive and
misleading subject lines to disguise e-mail messages that actually
contained pornographic images, dating service solicitations and other
adult services. One case involves e-mail messages that include a false
virus warning. Recipients are instructed to download an ``update''
purported to protect their system, when in fact the download is nothing
more than a toolbar that appears to track their movements on the
Internet. In other cases, defendants are alleged to have ``spoofed''
the sender's e-mail address, making it seem that the spam originated
from hotmail.com or other recognized senders. Among the defendants in
the lawsuits are several individuals and entities that are listed as
known spammers on Internet registries that monitor spam activities
worldwide.
Microsoft will continue to work with law enforcement around the
world to enhance their enforcement efforts against spammers who rely on
fraudulent means of transmission to circumvent anti-spam filters and
mislead recipients. Such efforts will include: (1) developing better
mechanisms for preserving electronic evidence relating to spammers'
activities; (2) coordinating among ISPs and industry members to help
ensure that anti-spam enforcement efforts are most effectively deployed
against spam senders who cause the greatest impact on consumers; and
(3) similarly coordinating in referring spammers for civil or, where
appropriate, criminal enforcement actions. The goal of this effort will
be to make spammers more accountable and to deter would-be spammers
from using such ``outlaw'' techniques to send e-mail to consumers.
Spam is a serious problem and the public and private sectors must
coordinate on a broad response if we are going to be effective in
addressing it. We believe that a multi-faceted approach is needed:
better technology tools to enable consumers to keep spam from getting
to their computer screens; more collaboration among the industry
leaders so we can combine our resources; aggressive enforcement against
people who are breaking the law; and effective federal anti-spam
legislation that strengthens enforcement tools and enables technology
to work better for the benefit of consumers. We commend the
Subcommittees for holding this hearing today and appreciate your
determination to seek strong legislation to help combat spam. And we
thank you for extending us an invitation to share our experience and
recommendations with you. Microsoft is committed to working with you to
craft effective federal anti-spam legislation that will thwart the
efforts of those who abuse e-mail and preserve the viability of the
medium.
Mr. Burr [presiding]. I thank the gentleman.
The Chair recognizes Mr. Misener for opening statement.
STATEMENT OF PAUL MISENER
Mr. Misener. Thank you, Mr. Chairman, very much and good
afternoon. My name is Paul Misener. I am Amazon.com's vice
president for Global Public Policy. Thank you very much for
inviting me to testify this afternoon.
Mr. Chairmen, Amazon.com deplores spam. We find it annoying
and often offensive and increasingly designed to defraud,
confuse or trick consumers. Therefore, tempered by the
recognition that legitimate businesses occasionally make honest
mistakes, we ask that you pass a strong, effective, nationwide
anti-spam law.
It almost goes without saying that spam annoys and often
offends consumers. At very little cost to themselves, spammers
cram our e-mail boxes full of messages from shady businesses
about questionable products and services and often in ways that
shock even the most worldly adults. The sheer volume of spam
makes it increasingly difficult for consumers to receive the e-
mail, both personal and commercial, they want. Accordingly,
Amazon.com's practice is to never spam. We send e-mail only to
those individuals--our customers--with whom we have an extant
relationship. And we provide our customers thorough choice
mechanisms that allow them to determine for themselves how
much, if any, e-mail they receive from Amazon.com. We believe
this is simply good, pro-customer business practice.
But spam has become even worse than annoying and often
offensive. Spam is increasingly used to defraud, confuse and
trick consumers. Many employ well-known fraud schemes, others
may be more subtle, yet use fraud techniques that predate e-
mail communications. Offers to get rich quick, lose weight fast
and find a date nearby are nothing new and are common in spam.
Although efforts to confuse consumers are somewhat more
sophisticated, spammers use classic sleights of hand, such as
subject lines that entice recipients to open e-mails they
otherwise would not. Examples are commercial e-mails that use
highly informal or personal subject lines. The confusion
doesn't last long, however, for once a consumer opens the
message and finds an advertisement for diet pills the sleight
of hand becomes obvious. This spam approach is not unlike
common physical mail advertisements that are intentionally
shaped, formatted and colored to look like a check. The whole
idea is to get consumers to open the envelope but, once inside,
the deception is over.
Increasingly, however, Amazon.com has observed, and been a
victim of, highly sophisticated techniques that convincingly
trick consumers into thinking that an e-mail is coming from a
reputable sender. This kind of deception is particularly
insidious because the fraud not only involves what is said or
how it is said but who purportedly is saying it. Indeed, over
the past few months, many consumers have received commercial e-
mails from addresses such as [email protected] or
[email protected], but such e-mails were not sent by Amazon.com
or anyone who works for the company. They are part of a growing
problem called ``spoofing,'' whereby headers of commercial e-
mails are intentionally forged to appear to come from reputable
companies or individuals. Technological solutions to the
spoofing problem are elusive.
Legal solutions are somewhat more promising. Current law,
however, could be dramatically improved with new, nationwide,
anti-spam legislation. Amazon.com is very grateful, Mr.
Chairmen, that you and members of your subcommittees here are
working on such legislation in a bi-partisan fashion, in close
cooperation with the Judiciary Committee. We particularly
appreciate the strong national policy that would be established
by passing an anti-spam law this year and would support the
inclusion of a provision that would allow the FTC to prosecute
knowing beneficiaries of spam, not just the spammers
themselves. But on behalf of our customers and company,
Amazon.com will support particular anti-spam legislation only
if it recognizes that legitimate businesses occasionally make
honest mistakes that should not be proscribed. Please allow me
to explain.
Because commercial e-mail necessarily involves computers
and human programmers, there have been and will continue to be
occasional e-mail mistakes, no matter how many preventative
measures are taken. Such truly honest mistakes are rare and
certainly are not the cause of the in-box clutter and
associated consumer angst that have led us all to this point.
Of the acts that would be prohibited by the comprehensive anti-
spam bills now before the House, honest mistakes are obviously
plausible only for accidentally sending e-mail to individuals
who have opted-out of receiving them. Proscribing such mistakes
would have the perverse effect of discouraging e-mail use by
the most reputable companies. Amazon.com believes that H.R.
2214 and H.R. 2515 would wisely distinguish between actions
that may plausibly be mistakes and those that almost certainly
involve unlawful intent. They would require plaintiffs
complaining of commercial e-mail being sent after an opt-out
choice to allege with particularity that the defendant has
engaged in a, quote, ``pattern or practice'' of ignoring such
choices. No such pattern or practice allegation would be needed
for complaints regarding, for example, false headers.
In conclusion, Mr. Chairman, Amazon.com deplores spam. On
behalf of our customers and company, and tempered by the
recognition that legitimate businesses occasionally make honest
mistakes that should not be proscribed, Amazon.com respectfully
asks that you pass strong, effective, nationwide anti-spam
legislation this year. Thank you again for asking me to
testify, Mr. Chairman. I look forward to your questions.
[The prepared statement of Paul Misener follows:]
Prepared Statement of Paul Misener, Vice President for Global Public
Policy, Amazon.com
Good morning, Chairman Upton and Chairman Stearns; Mr. Markey and
Ms. Schakowsky; and members of the Subcommittees. My name is Paul
Misener. I am Amazon.com's Vice President for Global Public Policy.
Thank you very much for inviting me to testify today.
Messrs. Chairmen, Amazon.com deplores spam. We find it annoying and
often offensive and increasingly designed to defraud, confuse, or trick
consumers. Therefore, tempered by the recognition that legitimate
businesses occasionally make honest mistakes, we ask that you pass a
strong, effective, nationwide anti-spam law.
SPAM ANNOYS AND OFTEN OFFENDS CONSUMERS
Messrs. Chairmen, it almost goes without saying that spam annoys
and often offends consumers. At very little cost to themselves,
spammers cram our email boxes full of messages from shady businesses,
about questionable products and services, and often in ways that shock
even the most worldly adults. The sheer volume of spam makes it
increasingly difficult for consumers to receive the email, both
personal and commercial, they want.
AMAZON.COM'S PRACTICE IS TO NEVER SPAM
Accordingly, Amazon.com's practice is to never spam. We send email
only to those individuals--our customers--with whom we have an extant
relationship. And we provide our customers thorough choice mechanisms
that allow them to determine for themselves how much--if any--email
they receive from Amazon.com. We believe this is simply good, pro-
customer business practice.
SPAM IS INCREASINGLY USED TO DEFRAUD, CONFUSE, OR TRICK CONSUMERS
But spam has become even worse than annoying and often offensive.
Spam is increasingly used to defraud, confuse, or trick consumers. Many
employ well-known fraud schemes, such as the infamous Nigerian
businessman hoax. Others may be more subtle, yet use fraud techniques
that predate email communications: offers to get rich quick, lose
weight fast, and find a date nearby are nothing new, but are common in
spam.
Although efforts to confuse consumers are somewhat more
sophisticated, spammers still use classic sleights of hand, such as
subject lines that entice recipients to open emails they otherwise
would not. Examples are commercial emails that use highly informal or
personal subject lines like, ``Party Next Week!'' or ``how's it
going?'' The confusion doesn't last long, however, for once a consumer
opens the message and finds an advertisement for diet pills the sleight
of hand becomes obvious. This spam approach is not unlike common
physical mail advertisements that are intentionally shaped, formatted,
and colored to look like a check. The whole idea is to get consumers to
open the envelope but, once inside, the deception is over.
Increasingly, however, Amazon.com has observed--and been a victim
of--highly sophisticated techniques that convincingly trick consumers
into thinking that an email is coming from a reputable sender. This
kind of deception is particularly insidious because the fraud not only
involves what is said or how it is said, but who purportedly is saying
it.
Indeed, over the past few months, many consumers have received
commercial emails from addresses such as [email protected] or
[email protected]. But such emails were not sent by Amazon.com or anyone
who works for our company. They are part of a growing problem called
``spoofing,'' whereby headers of commercial emails are intentionally
forged to appear to come from reputable companies or individuals.
Technological solutions to the spoofing problem are elusive. At the
network level, shortcomings in the underlying email software
communications protocols make spoofing relatively easy to accomplish,
yet virtually impossible to stymie. And, at the local consumer level,
filtering software cannot effectively block spoofed messages without
also blocking many legitimate ones. Legal solutions are somewhat more
promising. Amazon.com and other companies are investigating spoofing
incidents and considering a variety of civil actions. We also are aware
that the FTC and state attorneys general have brought and are
considering additional civil and criminal fraud or trade practice
actions.
AMAZON.COM SUPPORTS ANTI-SPAM LEGISLATION
Current law, however, could be dramatically improved with new,
nationwide, anti-spam legislation. Amazon.com is very grateful, Messrs.
Chairmen, that you and members of your Subcommittees are working on
such legislation, in a bi-partisan fashion, and in close cooperation
with members of the Judiciary Committee. We particularly appreciate the
strong, national policy that would be established by passing an anti-
spam law this year, and we would support the inclusion of a provision
that would allow the FTC to prosecute knowing beneficiaries of spam,
not just the spammers themselves. But, on behalf of our customers and
company, Amazon.com will support particular anti-spam legislation only
if it recognizes that legitimate businesses occasionally make honest
mistakes that should not be proscribed.
Please allow me to explain.
HONEST, INFREQUENT MISTAKES SHOULD NOT BE PROSCRIBED
Because commercial email necessarily involves computers and human
programmers, there have been and will continue to be occasional email
mistakes, no matter how many preventative measures are taken. Such
truly honest mistakes are rare and certainly are not the cause of the
in-box clutter and associated consumer angst that have led us all to
this point. Not only are these mistakes expected and essentially not
preventable, the harm to consumers is minimal, and there already are
strong market forces at work: Reputable companies simply do not want to
irritate consumers who have asked not to be bothered.
Of the acts that would be prohibited by the comprehensive anti-spam
bills now before the House, honest mistakes are obviously plausible
only for accidentally sending email to individuals who have opted out
of receiving them. Proscribing such mistakes would have the perverse
effect of discouraging email use by the most reputable--and thereby
most exposed--companies. Every day, Amazon.com sends tens of thousands
of emails to our customers and, thus, just one simple mistake (such as
accidentally sending a notice of a new jazz CD release to customers who
have elected not to receive email on jazz music), could expose us to
astronomical penalties. Surely, this is not the goal of anti-spam
legislation. And, of course, the other acts that would be prohibited by
the anti-spam bills--such as falsifying email headers--are so
necessarily intentional or systematic that it would be implausible to
claim that they are merely the result of honest mistake.
Amazon.com believes that H.R. 2214 and H.R. 2515 would wisely
distinguish between actions that may plausibly be mistakes and those
that almost certainly involve unlawful intent. They would require
plaintiffs complaining of commercial email being sent after an opt-out
choice to allege with particularity that the defendant has engaged in a
``pattern or practice'' of ignoring such choices. No such pattern or
practice allegation would be needed for complaints regarding, e.g.,
false headers.
Importantly, the ``pattern or practice'' language in these House
bills would not create a loophole for the real spammers to escape
punishment. In the first place, to reiterate, it does not apply to the
prohibited acts that almost certainly are intentional or systematic,
such as the falsification of header information; rather, it would only
apply in the circumstance where an email is sent to an individual who
has opted out of receiving such email. Moreover, true spammers do not
have legitimate businesses that would occupy the vast majority of their
emails. As a business necessity, spammers simply must have a pattern or
practice of spamming, not just send an occasional spam. In other words,
it will be very easy to tell the difference between the honest,
infrequent mistakes of companies not in the spam business from the true
spammers, who must spam most or all of the time.
CONCLUSION
In conclusion, Mr. Chairman, Amazon.com deplores spam. On behalf of
our customers and company, and tempered by the recognition that
legitimate businesses occasionally make honest mistakes that should not
be proscribed, Amazon.com respectfully asks that you pass strong,
effective, nationwide anti-spam legislation.
Thank you again for inviting me to testify. I look forward to your
questions.
Mr. Burr. Thank you very much.
The Chair would recognize Mr. Hirschman for the purposes of
an opening statement.
STATEMENT OF KENNETH HIRSCHMAN
Mr. Hirschman. Thank you, Mr. Chairman. Mr. Chairman and
members of the committee, thank you for inviting me to testify.
My name is Ken Hirschman, and I am general counsel of Digital
Impact. Digital Impact is a provider of online direct marketing
solutions for enterprises, including numerous Fortune 500
companies who have embraced permission-based e-mail as a viable
and efficient customer communication and marketing tool.
Digital Impact is also a founding member of the E-mail Service
Provider Coalition of the Network Advertising Initiative, which
was formed to represent the interests of e-mail service
providers. Thirty-four other e-mail service providers have
joined Digital Impact in the E-mail Service Provider Coalition,
all of which are struggling with the onslaught of spam and the
emerging problems related to the deliverability of legitimate
and wanted e-mail.
E-mail service providers enable their customers to deliver
volume quantities of e-mail messages. While E-mail Service
Providers serve the marketing needs of the business community,
marketing is by no means the only focus of E-mail Service
Providers. E-mail Service Providers also deliver transactional
messages, such as account statements, airline confirmations and
purchase confirmations, e-mail publications, such as online
newsletters, affinity messages and relational messages.
We believe that much can be done to solve the problem of
spam. At the most fundamental level, we believe that we need to
create accountability within the e-mail delivery system.
Spammers spend their days inventing new methods to obscure and
falsify their identity in order to sneak past existing filters
and avoid accountability. Legitimate e-mail service providers
would never engage in such practices. We believe through a
combination of Federal legislation and technology we can bring
accountability to e-mail.
Part of the problem in treating the spam epidemic is that
spammers enjoy anonymity. Spammers hide behind open relays, as
I said before, they forge their identity, and they deceive
recipients with misleading from and subject lines. Make no
mistake, the business of spamming is one of fraud and
deception. The E-mail Service Provider Coalition recently
proposed an architectural blueprint to respond to this problem.
The blueprint, called Project Lumos, is designed to force
senders of volume e-mail to incorporate authenticated
identification into every message sent. The use of
authenticated identification, together with a rating of sending
practices over time, prevents spammers from hiding behind the
technology of e-mail and forces all senders to be accountable
for their sending practices. We have engaged with many of the
major ISPs and other groups on this effort and are greatly
encouraged by the traction our effort has gained since our
launch just 3 months ago.
But technology isn't enough. The E-mail Service Provider
Coalition strongly supports Federal legislation to respond to
the growing menace of spam. We believe that strong preemptive
Federal legislation will be a critical component in the
successful resolution of the spam problem. One issue that has
been raised in the discussion of proposed Federal spam
legislation is that of a safe harbor. Such a provision would be
welcome in this legislation as it would mandate accountability
by requiring all mailers to identify themselves and adhere to
standards of behavior in order to benefit from its protections.
In addition, and probably more important, a safe harbor will
offer redress to consumers that is not present in the proposed
legislation.
Again, Digital Impact and the rest of the members of the E-
mail Service Provider Coalition are very supportive of the Rid
Spam Act. We will continue to work with staff on certain
details of the bill, but we look forward to seeing a Federal
law enacted this year. Mr. Chairman, on behalf of Digital
Impact and the E-mail Service Provider Coalition, I want to
pledge that we will continue to work with you and members of
your staff. Spam is a complex problem and efforts to craft
solutions must be thoughtful, robust and effective. Thank you
and I look forward to any questions you may have.
[The prepared statement of Kenneth Hirschman follows:]
Prepared Statement of Kenneth Hirschman, Vice President & General
Counsel, Digital Impact, Inc.
Mr. Chairman and Members of the Committee, I want to thank you for
inviting me to testify. My name is Ken Hirschman, and I am Vice
President and General Counsel of Digital Impact, Inc. Digital Impact is
the premier provider of online direct marketing solutions for
enterprises, including numerous Fortune 500 companies who have embraced
permission-based email as a viable and efficient customer
communications and marketing tool.
Digital Impact is also a founding member of the Email Service
Provider Coalition of the Network Advertising Initiative (NAI), which
was formed to represent the interests of email service providers.
Thirty-four other email service providers have joined Digital Impact in
the ESP Coalition, all of which are struggling with the onslaught of
spam and the emerging problems related to the deliverability of
legitimate and wanted email.
The NAI is a cooperative group of companies dedicated to resolving
public policy concerns related to privacy and emerging technologies. In
the past, the NAI has created self-regulatory programs for online ad
targeting and the use of web beacons. The group has now turned its
focus to the growing problem of spam and the related concern of email
deliverability.
Let me begin my testimony by explaining the unique role that email
service providers play in the search for solutions to the spam problem.
Email service providers enable their customers to deliver volume
quantities of email messages. These messages originate from the full
spectrum of the US economy--large and small businesses, educational
institutions, non-profits, government agencies, publications, and
affinity groups all use the services of ESPs to communicate with their
customers, members and constituents. While ESPs often serve the
marketing needs of the business community, we also deliver
transactional messages (such as account statements, airline
confirmations, and purchase confirmations), email publications,
affinity messages and relational messages.
The ESP industry is robust and growing. Within the ESP Coalition,
we estimate that the 35 members provide volume email services to over
250,000 clients. These customers represent the full breadth of the U.S.
marketplace--from the largest multi-national corporations to smallest
local businesses; from local PTAs to national non-profit groups and
political campaigns; from major publications with millions of
subscribers to small affinity-based newsletters.
Jupiter Research estimates that the email marketing industry
(which, again, is only a portion of the total spectrum of ESP
customers) will grow in size to 2.1 billion dollars in 2003 (up from
1.4 billion dollars in 2002). By 2007, Jupiter estimates that the size
of the email marketing industry will reach 8.2 billion dollars. All of
these numbers are for the US market alone. Expanding the scope of this
research to include all customers served by ESPs and foreign markets
would increase these numbers significantly.
But the size and importance of email in the marketplace should not
be measured by dollars alone. Email is indeed the ``killer app''. Over
the past ten years, email has been a strong driver of productivity and
efficiency in the marketplace. It has also been an important social
tool. Email has shortened distances in the world--allowing
communication to occur with unprecedented speed and detail. Email has
created affinity within groups that previously were too widely
separated geographically to effectively recognize their common
interests and positions.
As an example of the importance of email, a recent study by the
META Group showed that, given a choice between email or telephones, 74%
of business people would give up their phones before email. In other
words, 74% of people now find email to be more critical than the
telephone in their daily work.
THE THREAT OF SPAM AND THE SOLUTION(S) TO SPAM
The ESP Coalition sees spam as a threat to the long-term viability
of the email service provider industry and to legitimate commercial
email. Indeed, spam presents a dire threat to all uses of email--
marketing, transactional, affinity and relational--as the continued
growth of spam could lead to the widespread abandonment of email as a
communications tool. Consumers and businesses will not use email if the
system becomes so choked with misleading and deceptive messages that
those messages that are actually wanted are lost in the fray. Put
simply, the spam problem will critically damage the ESP industry and
the use of legitimate commercial email if it is not curtailed.
I will not belabor the statistics on the growth of spam or the
costs associated with handling spam. Surely all of the panelist can
agree that we are presented with an enormous problem. Without an
expedient solution, spam may end up killing the ``killer app'' of
email.
The media and marketplace have been replete with spam solutions for
years. Some of these solutions have performed commendably in the fight
against spam. But the problem still exists and continues to grow.
Increasingly, we are presented with the question: can anything be done?
We believe that much can be done to solve the spam problem. At the
most fundamental level, we believe that we need to create
accountability within the email delivery system. Spammers spend their
days concocting new methods to obscure and falsify their identity in
order to sneak past existing filters and avoid accountability. In many
ways, our existing tools are merely reacting to the spam received
today--and not preparing for or combating the spam that will arrive
tomorrow. Stated differently, our efforts to cure spam are responding
to the symptoms (the actual spam received) and not the cause (the lack
of accountability on the part of spammers).
So how do create accountability within the email system?
The solution to spam exists in three components: legislative,
technological and social. Let me address the technological and social
components quickly and then focus on the part of the solution for which
we look to you: federal legislation.
THE TECHNOLOGICAL COMPONENT
Part of the problem in solving spam is that spammers enjoy impunity
through anonymity. Spammers hide behind open relays, they falsify their
online identities (a practice popularly known as ``spoofing'') and they
deceive recipients with misleading ``from'' and ``subject'' lines. Make
no mistake--the business of spamming is one of fraud and deception.
The recent efforts of the FTC in relation to open relays and
deceptive spam should be commended. It is critical that we have strong
deterrents to dissuade spammers from their trade. But the fundamental
architecture of the internet and email protocols still allow for the
deception to occur.
The NAI recently proposed an architectural ``blueprint'' to respond
to this problem. Essentially, the NAI's blueprint, called ``Project
Lumos,'' is designed to force senders of volume email to incorporate
authenticated identification into every message sent. The use of
authenticated identity, along with a rating of sending practices over
time, prevents spammers from hiding behind the technology of email and
forces all senders to be accountable for their sending practices. We
have engaged with many of the major ISPs and other groups on this
effort and are greatly encouraged by the traction our effort has gained
since our launch of project Lumos in April of this year.
Other technological solutions also hold promise. The NAI is
actively working with other constituencies in the marketplace to bring
about such solutions. I hope that we will have much more to share with
you before the end of this year.
THE SOCIAL COMPONENT
One part of the spam problem that has not been actively discussed
is the need for consumer education around the appropriate use of email
addresses.
The Center for Democracy and Technology (www.cdt.org) recently
released a study on the consumer actions that result in exposure of
email addresses and, subsequently, spam. The results were compelling:
the CDT report found that appropriate management of an email address by
the holder of that address can drastically reduce the amount of spam
received. Further, the study found that there are a few actions that
can create enormous amounts of spam. Specifically, the CDT reported
that posting an email address on a public website and posting an email
address in a public newsgroup or chatroom both resulted in huge amounts
of spam. This is due to the use of ``spiders'' or ``bots''--programs
that scour the web for email addresses and harvest them into a
spammer's database.
Clearly, one component in the total solution to spam is the
education of consumers on issues such as those raised by the CDT
report. If consumers understand those practices that result in spam,
they will be much better equipped to control the amount of spam in
their in-boxes.
THE LEGISLATIVE COMPONENT
The ESP Coalition strongly supports federal legislation to respond
to the growing menace of spam. We believe that strong preemptive
federal legislation will be a critical component (but not the only
component) in the successful resolution of the spam problem.
In the United States today, 33 states have enacted some form of
spam legislation. Many more are considering spam legislation in their
current legislative sessions. Unfortunately, the standards applied by
these statutes (and proposed in pending bills) are not harmonized. As a
result, we have a crazy quilt of differing standards that has created
an unnecessarily complex compliance system. To make matters worse,
enforcement within the global medium of email is exceedingly difficult
when limited by state boundaries. We need preemptive federal
legislation to unify these standards and provide powerful tools to
enforcement officials.
We believe that the RID SPAM Act strikes the appropriate balance
with regard to preemption. The RID SPAM Act would allow for a national
standard to be set for the delivery of unsolicited commercial email.
Given the incentives provided within the bill, most businesses will
move to a fully consent-based model for email delivery. This is
particularly true where the standard set by the bill will be uniform
across the entire country. To combat spammers, the bill provides strong
enforcement tools to the FTC, state attorneys general, and ISPs. We
strongly support enforcement by all of these groups.
One issue that has been raised in discussions regarding spam
legislation, and may be raised again, is that of a private cause of
action. Such a solution, while tempting, would do nothing to stop spam
and would definitely create a morass of litigation against legitimate
companies. Spammers spend their days looking for ways to
technologically obscure their identities. Pursuing spammers requires
enormous technological, financial and investigative resources.
Individuals do not have such resources, but governments and ISPs do.
We have a very real example of what a private cause of action means
when included in a spam statute. In the state of Utah, a spam statute
was passed last year that allows for a private cause of action and
class action suits. A single plaintiff's class action law firm in Utah
has filed hundreds (and by some accounts, over a thousand) class action
lawsuits under this statute. But the firm is not pursuing spammers.
Given the cost and complexity of finding actual spammers, this firm has
targeted leading companies and brands--using firm employees as
plaintiffs and offering pre-complaint settlements for several thousands
of dollars--knowing that companies would rather pay the nuisance value
of these suits than submit to the costly process of proving their
innocence. Perhaps most telling is the fact that there is no data to
suggest that the amount of spam in Utah has been reduced by even one
message.
Another issue that has been raised in relation to spam legislation
is that of ``opt-in'' versus ``opt-out''. Over the past few years, our
industry has lost critical time debating this issue, while spam has
been allowed to proliferate.
Let me make one thing perfectly clear: the debate over ``opt-in''
or ``opt-out'', regardless of what standard is eventually adopted, will
not result in the reduction of spam. Spammers rely on deception, not
permission. They do not care about whether they have any sort of
relationship with the recipient of the message. They pay no heed to all
of the existing state laws regarding spam. The most restrictive ``opt-
in'' spam statute will do nothing to dissuade spammers from sending
their messages.
A recent FTC study conveys this point succinctly. By reviewing a
large body of spam received within the agency, the FTC estimated that
fully two thirds of spam is fraudulent, misleading or deceptive. This
means that the majority of spam already violates existing law.
As currently written, the RID SPAM Act will provide important
incentives for legitimate businesses to raise their email standards.
Digital Impact and the NAI firmly believe that email must be sent with
the consent of the recipient, or within a pre-existing business
relationship. Furthermore, we believe that email should be sent with
informed consent--meaning that recipients have clear and conspicuous
notice as to the results of providing their email address. This is a
meaningful and workable standard.
Again, we strongly support the RID SPAM Act. We will continue to
work with staff on a few issues we have with the bill, but look forward
to seeing a law enacted this year.
THE THREAT OF FILTERING AND BLACKLISTS
Before I conclude today, I want to raise one growing problem in the
fight against spam. While spam clearly represents a serious threat to
the continued viability of email, the problems created by some of the
current tools used to combat spam are equally threatening. Internet
Service Providers (ISPs) are aggressively building filtering
technologies to limit the amount of spam entering their systems.
Conceptually, this is a positive development. However, the spam filters
currently in place are creating a new problem: wanted email is not
being received.
According to a report by Assurance Systems, in the fourth quarter
of 2002, an average of 15% of permission-based email was not received
by subscribers to the major ISPs. Some ISPs had non-delivery rates that
were startling: NetZero, 27%; Yahoo, 22%; AOL, 18%; Compuserve, 14%;
and AT&T, 12%.
The same report for the third quarter of 2002 showed an average of
12% non-delivery rate for the major ISPs--meaning that the filtering of
permission-based email increased 25% in a single calendar quarter. Some
of the volume email campaigns within the Assurance Systems report had
non-delivery rates as high as 38%.
Non-delivery of wanted messages due to filtering (called ``false
positives'' within the industry) represents an enormous threat to the
ongoing viability of email as an effective communications tool. The
market will stop using email for important communications if email
delivery is unreliable. It is critical that false positives be
eliminated if email is to survive as an efficient and productive means
for communication.
One of the main drivers in the false positive problem is the
emergence of blacklists. These are lists of alleged spammers that ISPs
can use to filter incoming email. The blacklist operator builds a
registry of IP addresses that they believe are associated with spam and
makes it available publicly. Currently, there are an estimated 300
blacklists in operation.
Again, the concept of a blacklist may seem to make sense at first
glance. Unfortunately, the reality of blacklists in today's marketplace
is far different.
Many blacklists are without standards and operate behind a veil of
anonymity. For example, one of the leading blacklists, SPEWS
(www.spews.org), offers no contact information, no phone numbers, no
names, no addresses, and no email for the organization. The website has
purportedly been registered in Irkutsk, Russia. SPEWS has no defined
standards for posting to their blacklist--evidence has shown that a
single complaint can result in the blocking of an entire range, or
``neighborhood,'' of IP addresses. Further, for those senders listed on
SPEWS, the only way to resolve the problem is to post your request for
removal to a public spam forum available through Google (http://
groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-
8&group=news.admin.net-abuse.email).
All of these efforts are designed to combat spam. But in their zeal
to eliminate the problem, they have created a potentially disastrous
``ricochet'' effect: false positives. Going forward, our solution to
spam must carefully balance the need for strong action against spammers
with a determination to preserve the deliverability of legitimate
email.
CONCLUSION
Digital Impact and the NAI believe that the problem of spam will be
best resolved through three powerful forces: legislation (together with
vigorous enforcement), technology and consumer education. The NAI is
actively working with ISPs and solutions providers to craft
architectural solutions to spam that will shine the bright light of
accountability into the dark recesses of the internet. We strongly feel
that technology must be used to force spammers to identify themselves
and be held accountable for their practices. We also believe that
consumers must understand the need for careful management of their
email addresses. We could drastically reduce the amount of spam
received by average consumers through educational efforts on what not
to do with an email address.
But the technological and educational solutions are not enough. We
need a strong federal statute to raise the standards for email
practices across the entire country. Legitimate businesses will respond
to such a statute by raising their practices to meet or exceed the
standard set by law. Enforcement officials at both the state and
federal level and ISPs will have powerful tools to seek out and bring
to justice those individuals responsible for spam. And we can do it
while maintaining the balance necessary to preserve the legitimate use
of email.
Mr. Chairman, on behalf of Digital Impact and the other members of
the NAI Email Service Provider Coalition, I want to pledge that we will
continue to work to fight spam and preserve email with you and members
of your staff. Spam is a complex problem and our efforts to craft
solutions must be thoughtful, robust and effective.
Thank you and I look forward to any questions you may have.
Mr. Stearns. I thank the gentleman.
Ms. Selis?
STATEMENT OF PAULA SELIS
Ms. Selis. Thank you, Mr. Chairman.
Mr. Stearns. Just pull the mike up close to you.
Ms. Selis. There we go. Thank you, Mr. Chairman, members of
the committee, and thank you for having me testify today. My
name is Paula Selis, and I am senior counsel with the
Washington State Attorney General's Office, Consumer Protection
Division. Led by our attorney general, Christine Gregoire,
Washington has been a pioneer in the fight against unlawful
spam and was one of the first to pass a law in 1998 prohibiting
false or misleading subject lines, headers and points of
origin. Our law has survived a constitutional challenge that
took us to the U.S. Supreme Court and has been used as a
successful enforcement tool not only by our office, but by
ISP's, some of whom are here today, and private individuals,
consumers themselves.
But has it been enough to stop the onslaught of spam? It
has not. Spam continues to be the No. 1 source of consumer
complaints to our office. It continues to bring pornography,
phony get-rich-quick schemes, pyramid schemes and computer
viruses into our homes. One State alone cannot change the
landscape. It is simply not enough of a deterrent to spammers
that they might be sued in 1, 2 or even 12 States. As long as
it is cheap to send spam, when even a 1 percent rate of return
on millions of e-mail messages yields a profit, spammers will
make money and stay in business. That is why we need a strong
Federal law-to create a deterrent that reaches further than the
States can go and raise the cost of doing business for spammers
so it is no longer profitable to operate. We must take the
profit out of spam to take the spam out of our in-boxes.
The bills currently before your committee must be viewed in
light of this bottom line analysis. Do they effectively deter
spammers by raising their cost of doing business? Is the cost
of violating the law high enough to force compliance with it?
To accomplish these goals, the bills must not only create
uncapped financial penalties for violations, they must also
empower as many entities as possible to take action. Not only
should States, ISPs and the FTC have the right to sue spammers
under every cause of action under the law, so should private
consumers who must bear the brunt of in-boxes filled with junk.
The bills also need to create as many substantive protections
as possible and leave a clear path for States to take action
when their laws are stronger. Causes of action for false
subject lines and dictionary attacks where a domain can be
overwhelmed by a flood of spam are essential. Mandatory
identifier information as well as opt-out options are also
essential. Criminal penalties, which the State of Virginia has
pioneered, should be a fundamental part of the legislation, but
there must be adequate civil enforcement ability to assure
those substantive requirements are complied with.
A comparison of the two bills under consideration
demonstrates the relative strength of one over the other. While
their aims are similar, H.R. 2515 provides more substantive
protection, more enforcement options and more deterrent effect.
H.R. 2515 not only requires the inclusion of identifier
information in a piece of spam, it creates a cause of action
for States and ISPs against a spammer who fails to comply. H.R.
2214 does not. Like many strong laws, including Washington's,
H.R. 2515 prohibits a very common tactic for spammers--the use
of false subject lines. H.R. 2214 does not. H.R. 2515 permits a
State to sue a spammer who fails to honor an opt-out request.
H.R. 2214 does not.
The limitation on damages in H.R. 2214 is also problematic.
The bill limits damages to $100 per violation, in contrast to
the more effective deterrent level of $500 provided for in H.R.
2515. This limitation on per-violation damages in 2214 is
compounded by the limitation on aggregate damages that can be
obtained by a State enforcement authority. There is no reason
to cap damages for violations involving hundreds of millions of
spam. It is unprecedented. H.R. 2515 does not contain these
limitations.
Additionally, H.R. 2214 creates burdens on enforcement that
are unprecedented in consumer protection statutes. While the
bill prohibits a spammer from sending additional spam once a
consumer has opted out of receiving it, a violation can only be
demonstrated if the spammer knew or should have known of the
opt-out request. This means an enforcement authority, such as
the FTC, must prove the spammer's level of knowledge to prevail
in court, a standard unknown under currently existing trade
law. The level of knowledge required under 2214 to prove a
civil violation is more akin to that of a criminal statute. In,
contrast, H.R. 2515 does not create these barriers to civil
enforcement.
In conclusion----
Mr. Stearns. Do you mind just taking your speaker and
shutting it off for a second?
Ms. Selis. Okay.
Mr. Stearns. Okay. Now try it.
Ms. Selis. All right.
Mr. Stearns. Yes.
Ms. Selis. Okay. We will go from here. These differences as
well as others in the two bills are surmountable and should not
stand in the way of passing effective legislation. Our office
will continue to work with staff to provide support and
suggestions based on our own experience with our own State law.
In conclusion, we support the work of this committee in
tackling the enormous and growing issue of spam. We urge you to
pass a bill that is as strong as possible, that gives consumers
and ISPs adequate substantive protections and creates
sufficient deterrent mechanism to take the profit out of spam.
Thank you.
[The prepared statement of Paula Selis follows:]
Prepared Statement of Paula Selis, Senior Counsel, Washington Attorney
General's Office of Attorney General
My name is Paula Selis and I am Senior Counsel with the Washington
State Attorney General's Office Consumer Protection Division. Led by
our Attorney General, Christine Gregoire, Washington has been a pioneer
in the fight against unlawful spam and was one of the first to pass a
law in 1998 prohibiting false or misleading subject lines, headers and
points of origin. Our law has survived a constitutional challenge that
took us to the U.S. Supreme Court, and has been used as a successful
enforcement tool not only by my office, but by ISP's and private
individuals.
But has it been enough to stop the onslaught of spam? It has not.
Spam continues to be the number one source of consumer complaints to
our office. It continues to bring pornography, phony get-rich-quick
schemes, pyramid scams and computer viruses into our homes.
One state cannot change the landscape. It is simply not enough of a
deterrent to spammers that they might be sued in one, two, or even
twelve states. As long as it's cheap to send spam, when even a 1% rate
of return on millions of email messages yields a profit, spammers will
make money and stay in business.
That's why we need a strong federal law--to create a deterrent that
reaches further than the states can go, to raise the cost of doing
business for spammers so it's no longer profitable to operate. We must
take the profit out of spam to take the spam out of our in-boxes.
The bills currently before your committee must be viewed in light
of this bottom line analysis--do they effectively deter spammers by
raising their cost of doing business? Is the cost of violating the law
high enough to force compliance with it?
To accomplish these goals, the bills must not only create uncapped
financial penalties for violations--they must also empower as many
entities as possible to take action. Not only should states, ISP's and
the FTC have the right to sue spammers under every cause of action
under the law, so should private consumers who must bear the brunt of
in-boxes filled with junk.
The bills also need to create as many substantive protections as
possible, and leave a clear path for states to take action when their
laws are stronger. Causes of action for false subject lines and
``dictionary attacks'' where a domain can be overwhelmed by a flood of
spam are essential. Mandatory identifier information as well as opt-out
options are also essential. Criminal penalties, which the state of
Virginia has pioneered, should be a fundamental part of the
legislation. But there must be adequate civil enforcement ability to
assure those substantive requirements are complied with.
A comparison of two of the many bills under consideration
demonstrates the relative strength of one over the other. While their
aims are similar, HR 2515 provides more substantive protection, more
enforcement options and more deterrent effect. HR 2515 not only
requires the inclusion of identifier information in a piece of spam--it
creates a cause of action for states and ISP's against a spammer who
fails to comply. HR 2214 does not. Like many strong state laws,
including Washington's, HR 2515 prohibits a common tactic for
spammers--the use of false subject lines. HR 2214 does not. HR 2515
permits a state to sue a spammer who fails to honor an opt-out request.
HR 2214 does not.
The limitation on damages in HR 2214 is also problematic. The bill
limits damages to $100 per violation, in contrast to the more effective
deterrent level of $500 provided for in HR 2515. This limitation on
per-violation damages in HR 2214 is compounded by the limitation on
aggregate damages that can be obtained by a state enforcement
authority. There is no reason to cap damages for violations involving
hundreds of millions of spam. HR 2515 does not contain these
limitations.
Additionally, HR 2214 creates burdens on enforcement that are
unprecedented in consumer protection statutes. While the bill prohibits
a spammer from sending additional spam once a consumer has opted out of
receiving it, a violation can only be demonstrated if the spammer knew
or should have known of the opt-out request. This means an enforcement
authority, such as the FTC, must prove the spammer's level of knowledge
to prevail in court, a standard unknown under currently existing trade
law. The level of knowledge required under HR 2214 to prove a civil
violation is more akin to that of a criminal statute. In, contrast, HR
2515 does not create these barriers to civil enforcement.
These differences as well as others in the two bills are
surmountable and should not stand in the way of passing effective
legislation. Our office will continue to work with staff to provide
support and suggestions based on our experience with our own state law.
Strong legislation is only one part of the solution. As a state
attorney general's office, we believe that consumer education is also
important, as is the advent of technology. If legislation is passed, it
must be flexible enough to allow for new technologies that may
ultimately be more effective than any law. There is no easy fix to this
problem, and it will take all the tools we have to address it.
In conclusion, we support the work of this committee in tackling
the enormous and growing issue of spam. We urge you to pass a bill that
is as strong as possible--that gives consumers and ISP's adequate
substantive protections, and creates sufficient deterrence and
meaningful enforcement mechanisms to take the profit out of spam.
Mr. Stearns. I thank the gentlelady.
Mr. Murray?
STATEMENT OF CHRISTOPHER MURRAY
Mr. Murray. Subcommittee Chairman Stearns and other
distinguished members of the committee, I am here today to
represent the print and--Consumers Union, the print and online
publisher of Consumer Reports magazine. I would like to thank
you for the opportunity to testify before the committee today.
As the excellent testimony of the witnesses have gone
before me has indicated, spam is a source of heartburn, upset
and nausea that is rising in the throats of consumers. I don't
think I need to detail the enormous costs that are entailed in
spam. I will note there is one study that came out last week
which indicated that spam costs every business in America $874
for every employee, every year. Those businesses will end up
passing all of those costs on to consumers. As Mr. Rubinstein
indicated, we are in an arms war with spammers right now. They
put in better filters, the spammers get smarter software to
send out their spam. They get better personnel to try and beat
the spammers and the spammers end up working around the clock
to beat the new personnel. So it doesn't seem that failing some
solid legislation coming out of Congress this year that we are
going to do anything abou this for consumers.
I will note one new kind of spam I am hearing about is
wireless phone spam, and a friend of mine even has some patents
for location-based wireless spam which would allow a spammer to
say, ``Well, you are a half mile from a Starbucks right now. I
will give you 50 cents off of your next latte if you come by in
the next 30 minutes.'' That is kind of a nightmarish consumer
scenario for me and I would like to see this bill address
wireless spam.
I agree wholeheartedly with the drafters of both bills that
the No. 1 problem and step No. 1 for cleaning up spam is the
criminal element in spam, the fraudulent spam we are seeing. I
have heard reports that two-thirds of all spam have some kind
of fraudulent content in them. So that is where we need to
start. And I think labeling pornography is also a big step in
the right direction, although I would like to see in whatever
legislation comes out of committee I would like to see the
Wilson-Green approach which ensures that consumers don't have
to view the pornography to opt out.
Which brings me to my primary area of concern with H.R.
2214 and H.R. 2515, which is that both bills have as their core
solution opt-out for consumers. Imagine that you put a do not
solicit sign in the front door of your home and the way that
that ``do not solicit'' sign worked was that every solicitor
who came by your front door got one shot at you, and you could
opt-out with each company that comes by your door and
potentially each branch of the company that comes by your door,
except I think we can all see you would spend a whole lot of
time opting-out. And there is a bit of a consumer paradox right
now. Consumer Reports in the latest August issue we recommend
that when consumers get spam they do nothing. You don't view
it, you don't buy anything from spam, and you don't even
allow--you disable the preview pane of your browser, of your e-
mail program so that you can't even see the spam because as
soon as you view the spam, the spammer will know that you have
received it and he will know that that is a live address.
So there is this paradox consumers find themselves in which
is we are telling them not to opt out but if opt out is the
core solution that we provide, I don't know that we are going
to give them a different recommendation because there is still
going to be an immense volume of spam that is coming from
overseas, and there is no way for the consumer to tell the
difference between an e-mail from the Netherlands or an e-mail
that is coming from a domestic source.
So I would like the committee to perhaps examine to see if
there is some kind of opt out plus. I know that opt-in probably
is not politically realistic but is there some way we could
provide a less burdensome opt-out for consumers? The Federal
``do-not-call'' list, which the FTC with the full support of
the administration just put in place 2 weeks ago, has received
an overwhelming consumer response. It has been an enormous
consumer success, and something that is closer to that model
might be an effective mechanism for consumers. Now, I
understand that with a ``do-not-spam'' registry there are some
security concerns, but I wonder again if there is some sort of
opt-out plus that we could look at which is perhaps some way
consumers can know if it is a trustworthy opt out. I would like
to work with the committee on that.
I will note in passing, Senator Hatch mentioned a few weeks
ago that his committee was willing to look at opt out as--
excuse me, to look at opt-in and he also noted that we would be
wise to look at successful models that have come before us. The
Telephone Consumer Protection Act, the junk fax law, has been a
great consumer success, and the two key elements of that were
that it was an opt-in regime, and it had a private right of
action for consumers. I think the committee would be wise to
consider those approaches.
I am pleased to agree, again wholeheartedly, with the ends
of everyone that is at the table today, and I am sure that we
can reconcile our differences as to the means. Thank you for
the opportunity to testify.
[The prepared statement of Christopher Murray follows:]
Prepared Statement of Chris Murray, Legislative Counsel, Consumers
Union
Subcommittee Chairmen Stearns and Upton, Ranking Members Schakowsky
and Markey and other distinguished members of the Committee, thank you
for the opportunity today to represent Consumers Union,1 the
print and online publisher of Consumer Reports, in your exploration of
H.R. 2214, the ``RID-SPAM Act'' (sponsored by Reps. Burr,
Sensenbrenner, and Tauzin).
---------------------------------------------------------------------------
\1\ Consumers Union is a nonprofit membership organization
chartered in 1936 under the laws of the State of New York to provide
consumers with information, education and counsel about goods,
services, health, and personal finance; and to initiate and cooperate
with individual and group efforts to maintain and enhance the quality
of life for consumers. Consumers Union's income is solely derived from
the sale of Consumer Reports, its other publications and from
noncommercial contributions, grants and fees. In addition to reports on
Consumers Union's own product testing, Consumer Reports and Consumer
Reports Online (with approximately 5 million paid circulation)
regularly carry articles on health, product safety, marketplace
economics and legislative, judicial and regulatory actions which affect
consumer welfare. Consumers Union's publications carry no advertising
and receive no commercial support.
---------------------------------------------------------------------------
It is almost unnecessary for me to detail what the problem with
``spam'' 2 is, because every time we open up our email
inboxes we are confronted with exactly how bad things have gotten. When
I arrive at work every morning, I can be confident that I will be
greeted with at least a dozen messages advertising everything from life
insurance and credit card offers to Viagra alternatives and
pornography.
---------------------------------------------------------------------------
\2\ See Jonathan Krim, ``Protecting Its Proprietary Pork.''
Washington Post, July 1, 2003 (E01). ``Early Internet users coined the
term spam to describe junk e-mail after a skit by the comedy group
Monty Python. In the routine, a group of patrons at a restaurant chant
the word ``spam'' in louder and louder volume, drowning out other
conversation.''
---------------------------------------------------------------------------
The ingenuity of spammers appears to be bottomless.3
They find our addresses in novel ways. They have figured out myriad
methods to avoid being filtered by Internet Service Providers (ISPs)
and consumers. They have discovered how to commandeer our computers to
send spam for them, and they are even finding new devices to spam us
on. For example, text messaging on mobile phones, an increasingly
popular application for consumers, is also becoming a haven for spam.
While filtering technologies are becoming increasingly effective,
unfortunately their efficacy is not increasing as fast as the volume of
spam is growing.
---------------------------------------------------------------------------
\3\ See attached article, ``E-Mail Spam: How to Stop It From
Stalking You.'' Consumer Reports, August 2003.
---------------------------------------------------------------------------
Spam costs consumers and businesses money.
Some estimate that roughly 40% of all email is spam 4
and experts say that by the end of this year more than half of all
email traffic will be spam. Consumers pay for all that spam, because
when ISPs' costs go up--because ISPs have to buy more servers and pay
personnel to figure out how to filter that spam--consumers' monthly ISP
subscription fees go up.
---------------------------------------------------------------------------
\4\ See Jonathan Krim, ``Spam's Cost to Business Escalates.''
Washington Post, March 13, 2003 (A01).
---------------------------------------------------------------------------
One company estimates that spam will cost business $10 billion
dollars this year alone (due to lost productivity, bandwidth costs, and
money spent on filtering tools).5 A study released last week
estimates that spam costs businesses $874 per employee every year,
because employees spend an average of 6.5 minutes every day dealing
with it.6
---------------------------------------------------------------------------
\5\ See www.ferris.com/rep/200301/SM.html.
\6\ ``Spam: The Silent ROI Killer'' by Nucleus Research. More
information at: www.pcworld.com/news/article/0,aid,111433,00.asp.
---------------------------------------------------------------------------
America Online, the largest ISP, is currently blocking up to 2.4
billion spam messages every day.7 The costs of the bandwidth
and servers required to move that volume of spam are astronomical--when
we add the costs of sophisticated filtering systems and personnel to
battle the continually escalating spam arms race, the costs of spam to
ISPs (and ultimately to consumers) is truly staggering.
---------------------------------------------------------------------------
\7\ See testimony of Ted Leonsis (Vice Chairman and President,
Advanced Products Group, America Online) before the Senate Commerce
Committee, May 21, 2003.
---------------------------------------------------------------------------
Recently the Washington Post reported that mainstream e-commerce
companies are selling consumers email addresses to
spammers.8 For example, when consumers purchased popular
``Hooked On Phonics'' products, their addresses were being sold in
complete violation of their privacy policy. That is, the company told
consumers that they would not sell their personal information and then
turned around and did precisely the opposite. ``Hooked on Phonics''
corporate parent subsequently updated their privacy policy and said
that they meant to update it earlier; they claimed they had done
nothing wrong, they were simply slow to update their privacy policy.
---------------------------------------------------------------------------
\8\ Jonathan Krim, ``Web Firms Choose Profit Over Privacy.''
Washington Post, July 1, 2001 (A01).
---------------------------------------------------------------------------
Even worse, one company who was contracting with a 3rd party
``shopping cart'' provider (the mechanism used by consumers to complete
an electronic commerce transaction) had a privacy policy which would
have prevented consumers' email addresses from being shared with
anyone. However, consumers might not have noticed that the shopping
cart company behind the scenes of the electronic transaction--``Cart
Manager''--had a completely different privacy policy and that by
purchasing a product online, they were unwittingly making themselves
vulnerable (there was no link to the shopping cart company's privacy
policy in the process of check out).9
---------------------------------------------------------------------------
\9\ Id.
---------------------------------------------------------------------------
A relatively new practice, known as ``email appending,'' raises
enormous privacy concerns. Email appending is the practice of
harvesting a consumer's email address from a Web site or other means
and combining that consumer's email address with their mailing address,
telephone number, and other personally identifiable information.
Mainstream companies such as Sears are using email appending to
merge customers email addresses with their mailing addresses and their
automotive repair histories. A marketing magazine recently told its
readers how to ``email append'' their mailing lists:
Send an Excel spreadsheet of your customers' names, addresses and phone
numbers to an e-mail appending company, and the appending
company will send back e-mail addresses that belong to those
customers.
What the appending company doesn't mention is that often it is missing
a good deal of the information that you possess, and it may
decide to append your data to its files just as it appends its
e-mail addresses to yours. That means you are paying the
company to incorporate your information into its e-mail
database.
For example, the automotive department at Sears provides its customers'
names, addresses, phone numbers, and car models, makes and
repair histories to e-mail appending firms when it requests
customers' e-mail addresses. Sure, the company gets the e-mail
addresses, but at the same time it contributes to privacy
erosion--all so it can send an e-mail about its lube, oil and
filter change special.10
---------------------------------------------------------------------------
\10\ See Mike Banks Valentine, ``E-Mail Appending Erodes Privacy.''
CRM Buyer Magazine, May 23, 2002. www.crmbuyer.com/perl/story/
17914.html
---------------------------------------------------------------------------
A large percentage of spam is also fraudulent and/or misleading,
making it a serious consumer problem as well as difficult to prosecute.
The Federal Trade Commission (FTC) recently issued a report
11 regarding false claims in spam, which found that 96% of
spam had false information in either the message text or in the
``From'' and ``Subject'' lines.
---------------------------------------------------------------------------
\11\ www.ftc.gov/reports/spam/030429spamreport.pdf
---------------------------------------------------------------------------
Clearly, spam is ripe for legislative action. We agree with the
ISPs and others that strong criminal enforcement and an ISP right of
action are essential ingredients to successfully reducing spam. But
thus far the bills proposed, including H.R. 2214, have an ``opt-out''
of spam as part of their core solution. In other words, an ISP must
first pass on the spam to consumers, consumers must then read the spam,
and then they can exercise their right to stop receiving messages from
that particular sender (perhaps at their peril as described below). We
believe H.R. 2214 needs to be improved because it lacks an ``opt-in''
provision and private right of action for consumers at the same time
that it excludes class action suits. This puts too much burden on
consumers to block spam and makes it too difficult to hold spammers
legally accountable for their inappropriate interference with
consumers' email.
Imagine that you put a ``do not solicit'' sign at the front door of
your home, and every company in the world could only ring your doorbell
once, at which point you would have the option to tell that salesperson
that you did not want to be contacted anymore. Of course, in addition
to telling that salesperson you didn't want to be solicited, you would
have to do the same for solicitors that work for a different branch of
the same company. You would need to keep track of each company you told
not to solicit you, and if a company violated your request, you could
petition the Federal Trade Commission to take up your case.
Of course, this is an absurd burden to place on people. We all know
that ``do not solicit'' means exactly that. Consumers can say no to
advertising at their front door, period. The Federal Trade Commission's
recent enactment of a robust ``do not call'' list means that now
consumers have a tool to say no advertising at the dinner table. It is
now incumbent on Congress to provide consumers with a tool to say no to
advertising on our computers.
When the Federal Trade Commission recently took a close look at
spam and what could be done to reduce it, many, if not most of the
participants in that workshop agreed that opt-in was the best way to
eliminate spam. It would be unwise for Congress to proceed down the
opt-out path, which was clearly disfavored by experts.
Senate Judiciary Committee Chairman Hatch suggested several weeks
ago that he would be willing to consider drafting legislation that
entails an opt-in approach. He noted that one of the primary weaknesses
of opt-out is that it leaves the burden on the consumer to eliminate
spam. ``People who receive dozens, even hundreds, of unwanted emails
each day would have little time or energy for anything other than
opting-out from unwanted spam.'' 12
---------------------------------------------------------------------------
\12\ Senator Orrin Hatch and Senator Patrick Leahy Press Release,
``Hatch, Leahy Target Most Egregious Computer Spammers.'' Jun. 18,
2003.
---------------------------------------------------------------------------
Senator Hatch continued on to say that,
``[a] third way of attacking spam--and one that was favored by
many panelists and audience members at the FTC forum--is to
establish an opt-in system, whereby bulk commercial email may
only be sent to individuals and businesses who have invited or
consented to it. This approach has strong precedent in the
Telephone Consumer Protection Act of 1991 (TCPA), which
Congress passed to eliminate similar cost-shifting,
interference, and privacy problems associated with unsolicited
commercial faxes. The TCPA's ban on faxes containing
unsolicited advertisements has withstood First Amendment
challenges in the courts, and was adopted by the European Union
in July 2002.'' 13
---------------------------------------------------------------------------
\13\ Id.
---------------------------------------------------------------------------
As Senator Hatch points out, the Telephone Consumer Protection Act
(also known as the ``Junk Fax'' law) could serve as a good model for
dealing with spam. That law successfully helped eliminate junk faxing
by 1) establishing an opt-in regime and 2) preserving a private right
of action against violators, especially by allowing for the possibility
of class action enforcement. We believe that the threat of class action
enforcement combined with an opt-in approach is the best way to reduce
spam for consumers.
In addition, Congress should not allow ISPs to be the primary
entities driving a legislative solution. ISPs are an integral part of
any solution, as their technical expertise and participation in
enforcement is essential, but they have mixed incentives with regard to
spam.
ISPs have clear incentives to reduce some amount of spam, because
it costs them an enormous amount of money--except where the ISP is also
a marketer. In the case of AOL and Microsoft, the two largest ISPs,
those companies have clear incentives to get rid of other people's
spam, but not such clear incentives to have limitations on their own
spam. In fact, it may be that the best way for AOL and Microsoft to
maximize their marketing revenues is to get rid of everyone's spam but
their own, so that they can charge would-be spammers for preferred
placement of spam. As the Washington Post recently reported, California
state legislators were recently pressured by these companies as they
tried to beef up spam regulations:
One [California] state senator, who represents several Los
Angeles suburbs, accused Microsoft of eleventh-hour arm-
twisting to exempt Internet service providers from
responsibility for being the conduits of spam. Firms such as
Microsoft, America Online and Yahoo Inc. market to their own
members, and large portions of overall e-mail traffic traverse
their systems.
``Microsoft is talking out of both sides of its mouth,'' said
state Sen. Debra Bowen (D), who points to statements by
Microsoft Chairman Bill Gates about how much the company is
fighting to eliminate junk e-mail. But ``their focus has been
on getting immunity for themselves and preserving their ability
to strike deals to send spam,'' she said.14
---------------------------------------------------------------------------
\14\ Jonathan Krim, ``Internet Providers Battling to Shape
Legislation: Microsoft, Others, Said to Want Immunity.'' Washington
Post, July 5, 2003 (D10).
---------------------------------------------------------------------------
Ronald Scelson, also known as the ``Cajun Spammer,'' testified
before the Senate Commerce Committee 15 that some ISPs are
signing ``pink contracts' which allow spammers to send emails to ISPs'
subscribers, charging the spammers more than they charge other
commercial clients.
---------------------------------------------------------------------------
\15\ Testimony of Ronald Scelson before the Senate Commerce
Committee, May 21, 2003.
---------------------------------------------------------------------------
If these allegations are true, then it is unwise for Congress to
give ISPs consumers' proxy on spam by allowing ISPs to have a right of
action against spammers at the exclusion of individual suits and class
actions. Giving ISPs a right of action will certainly help those ISPs
to maximize the revenues they receive from spammers by providing them
with a very large stick for spammers that do not pay, but it does not
appear to be the best way to reduce spam.
Until Congress enacts meaningful legislation to fix the spam
problem, Consumer Reports recommends that consumers deal with spam by
doing nothing. This means do not respond to spam, do not view spam, and
most especially, do not opt-out of spam because this will tell spammers
that your email address is a functioning one.
This recommendation--that consumers do nothing with spam, and
especially do not opt-out--is at obvious odds with bills that provide
for opt-out as their way to clean up spam. That is because when
consumers opt-out they are verifying for a spammer that their email
addresses are current. Under an opt-out law, consumers would ostensibly
have a remedy with spammers within the United States (i.e. spammers
using opt-out for illegitimate purposes such as verifying that an email
address is current could be prosecuted), but the opt-out law would
still not apply for any spam originating outside the U.S.--spammers in
other countries or offshore could not be prosecuted. Furthermore, it
would be extremely difficult for consumers to tell whether email is
originating from the U.S. or elsewhere.
In other words, once an opt-out spam bill were enacted into law,
because of the continued possibility of cross-border fraud, we would
still recommend to consumers that they should not exercise the opt-
out--leaving consumers no better off than they are today.
In our August issue of Consumer Reports, we recommend the following
8 ways to block spam:
1. Don't buy anything promoted in spam. Even if the offer isn't a scam,
you are helping to finance spam.
2. If your email address has a ``preview pane,'' disable it to prevent
the spam from reporting to its sender that you've received it.
3. Use one email address for family and friends, another for everyone
else. Or pick up a free one from Hotmail, Yahoo!, or a
disposable forwarding-address service like www.SpamMotel.com.
When an address attracts too much spam, abandon it for a new
one.
4. Use a provider that filters email, such as AOL, Earthlink, or MSN.
If you get lots of spam, your ISP may not be filtering
effectively. Find out its filtering features and compare them
with competitors'.
5. Report spam to your ISP. To help the FTC control spam, forward it to
[email protected]. (``uce'' stands for unsolicited commercial email).
6. If you receive spam that promotes a brand, complain to the company
behind the brand by postal mail, which makes more of a
statement than email.
7. If your email program offers ``rules'' or ``filters,'' use one to
spot messages whose header contains one of more of these terms:
html, text/html, multipart/alternative, or multipart/mixed.
This can catch most spam, but may also catch most of the
legitimate emails that are formatted to look like a Web page.
8. Install a firewall if you have broadband so a spammer can't plant
software on your computer to turn it into a spamming machine.
An unsecured computer can be especially attractive to spammers.
As mentioned earlier, as a legislative remedy, an opt-in regime
(with a private right of action) appears to be the best choice. We
recommend that consumers not opt-out of spam because this will simply
confirm for the spammer that their email address is a live one. Opting
out means getting more spam.
If we put ourselves in the shoes of a consumer trying to opt-out
from spam several years from now, imagine trying to tell the difference
between spam that is from a legitimate marketer, spam that originated
from an overseas or offshore server, and spam that is simply a ripoff.
There is no way I can think of under an opt-out regime to differentiate
between these different types of spam. Opt-out may turn out to be a cop
out.
It may be that there is a possibility for a modified version of
opt-out, such as opt-out that allows for an entire domain to opt-out
(e.g. ``aol.com'' could opt-out for all its users, so that individual
users, such as ``[email protected]'' do not have to give their names to
spammers). This is one potential implementation of the ``national do
not spam'' registry proposed by Senator Schumer. I have some misgivings
about a ``national do not spam'' registry because of the obvious
security risks posed by such a list, but I wonder if allowing entire
domains to opt-out obviates some of those potential risks.
In addition, by including preemption of state laws and class
actions, I believe HR 2214 will fail to stem the rising tide of spam.
Congress should enact federal legislation that offers basic protection
for consumers, and states should have a right to increase such
protections based on unique local needs, just as the FTC did with the
Federal ``Do Not Call'' list.
Any solution in the end will need to involve a variety of methods
and actors, including a legislative remedy (opt-in with both private
and ISP rights of action in addition to criminal enforcement), action
from industry to improve filtering technologies as well as a way to
attack the problem across international borders. It will be critical
that Congress address the immense volume of fraud in spam, but Congress
should also consider measures that will address mainstream companies'
use of spam. While fraud is a huge problem, consumers' annoyance with
spam does not end with rogue spammers. Just as the FTC's national ``do
not call'' list allowed consumers to say no to advertising at the
dinner table, consumers should have the ability to say no to all spam,
even when that spam comes from companies that are not engaged in fraud.
Mr. Stearns. I thank you, Mr. Murray. I think we are
finished with the opening statements, so I will open up with
some questions. Mr. Beales, I will start with you. You have
heard the opening statements from the members and you have also
heard from our panel. Of the two bills that we have, I guess
the question would be do you favor one bill over the other?
Mr. Beales. We haven't taken a position on a particular
piece of legislation. We have tried to talk about the kinds of
provisions that we think are useful, and I think there are
attractive features of each bill.
Mr. Stearns. That is what I would say based on what you--I
thought you would say that. So you feel that the two bills have
aspects about them that are appropriate or suitable but neither
one of the bills as they stand now alone, in your opinion,
would be suitable?
Mr. Beales. Well, I think that is right. I think that is
right as well. I mean I think--we think legislation should
leave us some flexibility to address problems as they emerge,
and I think a great example is dictionary attacks. A year ago
we would have said, and I think the bill said a year ago,
harvesting is it, that is what we need to prohibit. They didn't
say a word about dictionary attacks. This year, dictionary
attacks are the way spammers are generating their messages.
Without some flexibility to address that kind of change in
practice through rulemaking, we are going to be back in the
soup in fairly short order.
Mr. Stearns. I am going to go to Microsoft on this, but let
me ask you, Mr. Beales, what is your view on sort of a safe
harbor approach to label e-mail as a means of fighting spam?
Mr. Beales. Well, we are skeptical about labeling e-mail as
a solution, because we think what ends up happening, and it
certainly showed up in our false claims in spam study, is you
get compliance and ADV label by legitimate marketers, but you
don't get compliance by the people who are the problem. What we
found in our study was--and, you know, there are 10 States that
have an ADV requirement. One of them is California. I don't
think spammers can plausibly say, ``Well, we didn't know
anybody on our list lived in California.'' What we found was
only 2 percent of the spam in our sample of 1,000 had the
label.
Mr. Stearns. Okay. Mr. Rubinstein, Microsoft believes that,
``The widespread adoption of e-mail best practices along with a
method to associate e-mail communication from business that
adopt such best practices will ameliorate many problems
currently associated with spam.'' I think that is a quote you
used. That suggests that you perhaps--you and Mr. Beales might
not agree, and I thought you might just comment on it.
Mr. Rubinstein. Sure.
Mr. Stearns. Just pull the mike up if you would.
Mr. Rubinstein. Sorry. I think there are three things that
recommend a safe harbor approach. One is that it helps
reinforce the distinction between legitimate senders and
spammers. The second is that it could improve filtering
technology by providing additional inputs to filters, namely
that the mail is from a company that adheres to best practices.
That allows filters to act more aggressively against mail
lacking that indication and to do so without being more
inaccurate in creating false positives or false negatives. And
then, finally, I think, as Mr. Murray pointed out, it could
help restore confidence, consumer confidence in opt outs.
In response to Mr. Beales, I think in fact we may not be
disagreeing as much as it may seem, because, again, we have not
proposed ADV labeling as a stand-alone solution in any Federal
legislation. Rather, we see it as an incentive for companies to
join safe harbor programs, but we would be happy to consider
other possible incentives. Some that have already been under
discussion include a presumption of compliance for companies
that participate in best practice programs, namely the
compliance with the 101(a) type requirement. This would not
affect fraud.
Mr. Stearns. So what would be the Federal Government's role
dealing with e-mail?
Mr. Rubinstein. Well, the Federal Government's role would
primarily be to jump start this process. Today, there are a lot
of companies doing the right thing, but there are no widely
adopted best practices. If there was a strong incentive for
companies to sign up for best practices, then it would become
quickly adopted across the board. And until it is pervasive,
until a large number of companies take advantage of this
approach, it won't provide the benefits that we see to it.
Mr. Stearns. One of the differences between the bills is in
the ability to sue, and, Mr. Murray, we went back and looked at
your testimony before the Judiciary Committee yesterday on
spam. In response to a question from Chairman Coble, you
indicated that plaintiffs could sue senders of commercial e-
mail, ``They would go first after the deep pockets.'' Given
that most spammers are judgment-proof, aren't civil and
criminal penalties against spammers a more effective deterrent
to spam?
Mr. Murray. I think that spam is such an enormous problem
that we need to recruit the help of all sides of this, and I do
believe that consumers are an absolutely integral piece of
that, because press accounts have indicated that some ISPs, not
all ISPs, are signing contracts with spammers for preferred
placement of spam.
Mr. Stearns. But you see the problem with your statement
saying they will go after the deep pockets. That might be
somebody, somewhere out there and that just creates a huge
amount of litigation, jury trials, when we are trying to deter
this.
Mr. Murray. Yes, sir, Mr. Chairman, but first there would
have to be bad behavior to instigate that litigation. And the
question that Chairman Coble asked me yesterday was about who
would people go after first, and I think we do know that people
would likely go after the money. But assuming that the people
with the money have done some bad behavior, then I don't think
that that is necessarily out of line.
Mr. Stearns. My time has expired. Mr. Boucher?
Mr. Boucher. Thank you, Mr. Chairman, and I want to thank
each of the witnesses for your very helpful testimony here
today. Let me just pursue a couple of questions that are
related to differences that appear in the two bills that are
before us and get the benefit of the views of anyone who wants
to respond with respect to these specific provisions.
First of all, one of the bills provides that an opt-out
once it is taken is effective with regard to the sender of spam
but not with regard to affiliates of that sender. So a bank
that has 100 affiliates, as many banks do, having separately
incorporated their various branches or divisions, could be
subject to a single opt-out for the sender alone but not for
all of those many affiliates. A separate opt-out under that
bill would be required for each. Is there any justification for
a provision such as that or do you see that as a loophole that
could render the opt-out right less simple and less effective
than it needs to be? Who would care to answer? Ms. Selis?
Ms. Selis. I will take a stab at that from a consumer's
perspective. Most consumers don't differentiate between one
affiliate and the other. They get a piece of spam in their e-
mail and they just don't want it. They don't want that piece of
spam, they don't want a piece of spam from an affiliate.
Oftentimes, they don't want a piece of spam from anyone. And to
create an extra hurdle for them by requiring them to opt-out as
to particular affiliates of a business will require them to
opt-out repeatedly and put another burden on them. It gives
them less control over their e-mail box, which is not what I
think this committee wants to do.
Mr. Boucher. All right. Thank you. Mr. Murray?
Mr. Murray. If I could just add briefly. I understand the
intent behind that is to enable consumer choice. If perhaps
consumers have some more distinguished preferences that they
would like to be able to receive information from one company
and not from another, I don't think that is necessarily a bad
thing as long as it is accompanied by the possibility of a
global opt-out, as long as more detailed requests for opt-out
have alongside one opt-out that will cover everything that is
very transparent and very obvious to the consumer, I don't know
that there is great harm in that.
Mr. Boucher. But you are saying that at a minimum there
ought to be a single opt-out opportunity----
Mr. Murray. Absolutely.
Mr. Boucher. [continuing] with respect to the sender and
all affiliates.
Mr. Murray. Absolutely.
Mr. Boucher. Others care to comment on that? Mr. Betty?
Mr. Betty. I don't know that it is really the most relevant
issue, because the people that we are trying to get don't
really care what regulations you put into place for opt-in or
opt-out. As indicated by Mr. Beales, most of the responses that
you send when you try to find out where the stuff is coming
from is it bounces, it falses. The true marketers are going to
try to comply with what consumers want anyway. So I don't know
a universal opt-out or a single opt-out is really relevant at
all.
Mr. Boucher. Well, some people simply aren't going to obey
the rules no matter what. I mean that is your point.
Mr. Betty. That is right.
Mr. Boucher. But we have to try to write this law in such a
way that we target those who are going to respect it and then
we will leave it to law enforcement to target those who don't.
But thank you. Let me move on to another question.
The definition of e-mail strikes me as being particularly
important. One of the bills would define spam as commercial e-
mail, the primary purpose of which is commercial, but e-mail
that is drafted in such a way that is partly commercial and
partly informative, perhaps, or in some other way arguably non-
commercial would fall outside the net. And I can imagine a lot
of creative ways that spammers could redraft their messages so
that arguably the primary purpose in the minds of some might
not be commercial. Is that a problem or should we simply say
commercial e-mail generally would be defined as spam and be
subject to the opt-out? Views on that. Mr. Beales?
Mr. Beales. Well, the--I am sorry, I lost the thread of
your question.
Mr. Boucher. Well, the question simply is this: One bill
says that spam is anything that has a primary commercial
purpose. The other bill simply says that it is unsolicited
commercial e-mail. So the question is, is it unduly limiting to
have this qualification that the primary purpose of the message
has to be commercial?
Mr. Beales. And I think we would prefer that it not be a
primary purpose. An important purpose, a principal purpose,
language like that might make sense. I think there is an issue
there because there are a lot of--I mean you have probably been
e-mailed newspaper articles, for example, that have advertising
along with them. A purpose of that communication is to sell, a
purpose, but I don't think most people would call that kind of
advertising that goes with that newspaper article spam in quite
the same way. And I think the definition needs to distinguish
those cases but we think the primary purpose kind of language
is problematic.
Mr. Boucher. Okay. Yes, Mr. Rubinstein?
Mr. Rubinstein. We share the committee's concerns with
loopholes, as expressed earlier in the opening statements, but
I would like to point out one--just make one other observation.
Mr. Boucher. Which concern do you share because several
opinions have been expressed.
Mr. Rubinstein. Well, the concern that the way this is
defined may create loopholes, and I think that would be a
mistake. But there is another issue that I would like to
address that----
Mr. Boucher. You are saying that saying primary purpose is
unnecessary in this case and could be problematic?
Mr. Rubinstein. No. I am saying that we also need to look
at the combination of that definition with how exceptions are
treated, and that is another difference in the bill. Document
2515 tends to treat exceptions in terms of enumerating specific
examples for which opt-out would not be required, such as
product updates, security updates, warranty information and so
on. Our only concern around this is that there are other
possible examples that may not be included in that list. One
obvious one would be updates to a privacy statement that make a
material change in that privacy statement. That is not on the
list. There may be other things that are not on the list that
represent important communications between a company and its
customers. So we are just a little bit concerned about that
approach that only enumerates specific exceptions rather than
providing broader----
Mr. Boucher. Mr. Rubinstein, thank you very much. My time
has expired. Thank you, Mr. Chairman.
Mr. Stearns. Gentleman's time has expired. Thank you. The
chairman of the Telecommunications and the Internet
Subcommittee, Mr. Upton.
Mr. Upton. Well, thank you, Mr. Chairman, and I will try to
make sure I don't repeat questions that might have been asked.
If I do, please bear with me and I will get the answer later
on. Mr. Beales, I would be interested to know what the FTC's
stand is on a ``do-not-spam'' list. As we saw, I thought it was
important legislation that we passed earlier this year, the
``do-not-call'' list, which is now being implemented and your
operators are taking lots of calls all the time, including from
my house, and it seems like it was a very good idea, welcomed
by the American public for sure, and I would be interested to
know what your thoughts are if we develop something like a
``do-not-spam'' list along those same lines. What is it
workability?
Mr. Beales. Well, we think it is a very intriguing idea,
but, unfortunately, there are three differences from phones
that make it not at all clear that we can do it at this point.
One is it is easy to identify valid phone numbers and so a list
of valid phone numbers doesn't have much value. A list of valid
e-mail addresses is a whole different story, and that is what a
do-not-spam list would be. That problem is compounded by, two,
that we can't trace the spammer, we can't tell where it is
coming from, and we need to give that list to spammers and
somehow only give it to good guys who will use it to purge
their lists and not as a list, and that is hard to imagine how
we could enforce that.
The third problem is the size of the data base. People
change their e-mail addresses all the time, and what we would
have over time is a larger and larger data base of more and
more dead e-mail addresses. That would help with the first
problem but it really wouldn't help us to be able to process it
at all. So we think it is an intriguing idea but at this point
we don't know how we could do it.
Mr. Upton. I would also note as you make that point that
whereas most homes have one hard line, maybe two if they have
got a computer if they don't have cable for high speed, or
perhaps a cell phone or two, but most--I look at my own family,
we have got a good number of e-mails. My son has got two, my
daughter has got two, my wife and I have one, so you have got a
lot more e-mails than you do number of households that are out
there. Any other comments from the rest of the panel, any
concurrence? Mr. Murray?
Mr. Murray. Chairman Upton, I wonder if there is--there was
an intriguing idea raised by a journalist from the Washington
Post, which was a ``do-not-spam'' list where domains could opt-
out, where, for instance, AOL.com could choose that its members
not receive spam or MSN.com or Earthlink, and I wonder if that
is some sort of a hybrid that we could work with.
Mr. Upton. Mr. Rubinstein, do you have a comment?
Mr. Rubinstein. I would concur with Mr. Beales and also
point out in response to an earlier comment from Congresswoman
McCarthy that in opposing the Missouri State bill, we did so
explicitly because it provided for a ``do-not-spam'' list and
we have opposed that, both in State law and Federal law. As to
Mr. Murray's suggestion, I am not really certain, and I would
ask Chuck Curran to comment too, I am not really certain how a
large ISP would handle a domain-based opt-out given there would
be often be disagreements among its own subscribers as to what
domain to opt-out from, and I don't know how we would resolve
those disagreements.
Mr. Upton. Let me get to another question before my time
expires. I confess that I am an AOL subscriber, and I also
confess, Mr. Betty, that a number of my family are Earthlink
subscribers as well. As I sat down at my computer last night
looking over the e-mail from over the 4th, Mr. Curran, we have
got as AOL, as a subscriber, I have got the little icon that
allows me to say no more and it is spam, block it forever. Tell
me how that system works. How do I know--I mean there was a
fear for a long time that if you did that, the folks that are
sending you this junk know that is a live person and they may
in fact try to come back at you. How does your system work on
your end when the user says, ``I don't want to get that stuff
anymore,'' and how long does it take?
Mr. Curran. If you are referring to the report spam
feature----
Mr. Upton. Yes.
Mr. Curran. [continuing] what we use that as is a reporting
tool for two purposes, one of which is to, in effect, get real-
time feedback about what our members are reporting as spam to
enhance our ability to do technological filtering of that same
type of spam.
Second, that reported spam is transferred to a data base
which can be mined for information about the largest scale
spammers. In effect, it is a way to build a data analysis to
support enforcement and preventative technology. So it is not--
the spam is not being--your report of spam is not being
forwarded on to that----
Mr. Upton. Well, let me just--as an example, last week I
refinanced my house. I don't need to do that again for a while,
I hope. There must have been 10 or 12 refinancing bids
unsolicited that came in on my e-mail that I deleted last
night, and I checked them as spam. Is there a likelihood then
those are going to come back from those same----
Mr. Curran. Regrettably, mortgage refinance spam is a
mainstay of today's spam, so there may be an issue of pure
coincidence. I too have engaged in a mortgage refinance, but I
am also getting random offers of mortgage refinances, so there
may not necessarily be----
Mr. Upton. But are the same folks going to come back at you
a second or third time even if you say this is spam and I don't
want it, Mr. Betty?
Mr. Curran. In many----
Mr. Upton. Yes. So are you saying it was a worthless
exercise for me rather than simply hit the delete button and go
through the process?
Mr. Betty. I mean I can't speak for what AOL does but we
get a lot of feedback as well, and after you have identified
where the spam is coming from after you have gotten the first
several it doesn't really help to get the next 200,000. But if
these people are trying to defraud consumers, the fact that you
are reporting it back to us, we really do know, we are spending
lots of money trying to solve this problem for the consumers.
What we suggested is they just delete it, and we continue to
work on tools to allow you not to get it the first time, and we
have now taken the step to integrate it with your mailbox so
you won't get it if you don't want it.
Mr. Upton. I know my time is expired.
Mr. Stearns. Gentleman's time has expired. Gentleman from
Texas?
Mr. Green. Thank you, Mr. Chairman, and let me first start
out, one, to thank, like my colleagues, all our panel for,
listening to ours, and I said it earlier, to some members of
our panel, that we are still working on putting together a bill
and sometimes us listening to each other in our opening
statements let us know where we are so we can see where we are
going. But your testimony today has been really helpful.
In an earlier hearing, I ran out of time and I am sure I
will today, but we submitted questions to the FTC and I would
like to read one into the record. It compares one spam bill,
H.R. 2214 that imposes a knowledge standard the Commission must
prove to successfully bring a civil action for violations of
three provisions of the bill. And we asked the FTC how does
this compare with common FTC enforcement authority? Is it safe
to say that the FTC would be less likely to bring in action in
situations where it would be required to prove a knowledge
standard. Let me read into the record, Mr. Chairman, the
response from the Federal Trade Commission to that.
Mr. Stearns. Do you want to make it part of the record by
unanimous consent?
Mr. Green. I would like to make it part of the record.
Mr. Stearns. By unanimous consent.
Mr. Green. ``In conclusion, the knowledge standards
contained in H.R. 2214 exceeds those required to obtain a
district court injunction or administrative cease and desist
order under Section 5 of the FTC Act. Further, the knowledge
standards contained in H.R. 2214 are unnecessary in connection
with the civil penalty action in light of the knowledge
standard imposed for civil penalty actions under the FTC Act,
Section 18, rule violations. Moreover, the knowledge standards
set forth in 2214 are expressed differently from those in the
FTC Act potentially giving rise to the litigation issue about
the differences in the standard. Given the harmful nature of
the conduct prescribed by this proposed legislation, the FTC
should be able to enjoin future violations readily and to
impose civil penalties where appropriate without duplicate
burden of meeting two arguably different knowledge standards.
Therefore, we anticipate that retention of the knowledge
standards in H.R. 2214 will reduce the enforceability of the
provisions.'' This is in response to a question of the FTC.
Mr. Beales, in your response to Chairman Stearns' question,
you stressed the flexibility of the FTC. Does one bill provide
better flexibility to the FTC, the Burr bill, 2214 or the
Wilson-Green bill? which provides better flexibility in your
opinion?
Mr. Beales. Well, there is somewhat more flexibility in the
Wilson-Green bill, but it is still quite limited in terms of
the rulemaking authority that we have. I mean----
Mr. Green. So you would prefer--I am going to run out of
time--the Wilson-Green bill provides more flexibility but not
near as much as the FTC would like. Is that correct?
Mr. Beales. That is correct.
Mr. Green. Okay. Given that the Wilson-Green bill has no
knowledge standards that address the dictionary attacks, can
you say that the FTC prefers, in your opinion, the Wilson-Green
bill or that we are closer to what you would prefer?
Mr. Beales. There a number of things in that bill that we
think are improvements over what is in 2214, but we haven't
taken a position at all on which----
Mr. Green. I understand, and we understand also Federal
agencies shouldn't take positions, but, again, it is in your
opinion.
Let me ask some questions of our ISPs, both AOL, Earthlink
and Microsoft. Both 2214 and 2515 contain several civil
provisions. It is important for ISPs to be able to enforce each
section, and please if you could do it as brief as possible
because, again, we have just a brief time to ask questions. Mr.
Chairman, are we going to have a second round of questions?
Mr. Stearns. I don't know. I just----
Mr. Green. I know it is late and our witnesses have been
here a good while, so----
Mr. Stearns. And we probably have some votes coming. I
think--you know, I have tried to be liberal on the time, just
some people going over 1 or 2 minutes, and some who did not
have an opening statement so they will have 8 minutes. And the
panel has also been here very patiently.
Mr. Green. Well, then I would like to ask if we could
submit questions like I have done before with the Federal Trade
Commission.
Mr. Stearns. Yes, absolutely.
Mr. Green. I will put it in the record today and in future
hearings we will put those into the record. But mainly I guess
to summarize all the questions for the ISPs, the Burr bill does
not permit ISPs to enforce the inclusion section of the bill.
Would it be helpful to ISPs to have that specific inclusion so
you can enforce those inclusion sections? Earthlink? Microsoft?
Mr. Curran. Yes, it would.
Mr. Green. Okay. And that, generally, is the opinion of all
three that are on the panel? Okay. Mr. Chairman, I will yield
back my--well, I don't have any time left. And, again, I will
submit questions to our panel.
Mr. Stearns. All right.
The gentleman from Arizona is recognized.
Mr. Shadegg. Thank you, Mr. Chairman. I am going to follow
the model that Mr. Boucher set and put this question to the
panel. Anybody who wants to answer, I would like to do so. I do
have restraints on time. I also want to follow up on a question
that he asked. The two bills have different definitions, he
called them definitions of e-mail, I would call them
definitions of the application of the law. In either case, in
one case it says they must have a partial purpose which is
commercial, in the other case it says if they have any
commercial purpose at all, then they are covered by the span of
the law. It seems to me, my own bias, that you have a broader
definition, if there is any commercial purpose in the e-mail,
it ought to be covered by the law, and then you write safe
harbor or opt-out language that would protect it. But I am
interested in your professional opinion on that issue of the
definition within the two different bills. Yes, sir?
Mr. Beales. Well, I think the broader definition is, in
general, preferable, but I think it does need to be limited to
address the advertising problem in some way, because there are
a lot of communications that are--that may be advertising
supported and where there is partly a commercial purpose for
something that comes in electronically or via e-mail.
Mr. Shadegg. Well, as I understand the Wilson bill, the
Wilson bill says if there is any commercial purpose to the e-
mail, then it is covered by the law. Whereas the other piece of
legislation by Mr. Burr and Mr. Tauzin says if it is primary or
for a principal purpose, it is commercial. And the problem I
have is I think that fudge language will allow somebody to come
in and just put a whole bunch of content in there and allege,
``Well, my primary or principal purpose wasn't commercial, and
therefore I didn't have to comply with this law.''
Ms. Selis. If I could respond to that----
Mr. Shadegg. Please.
Ms. Selis. [continuing] I think of it as an enforcement
question. I think about what it is going to be like to----
Mr. Shadegg. As a former attorney general, so do I.
Ms. Selis. Yes. When you go into court what is their first
defense going to be? Well, it wasn't primarily commercial, it
was just in part. And the question is how many loopholes, how
many hurdles are we going to put in the law such that when an
enforcement official goes in, be it the FTC, be it a State
attorney general, even be it the ISPs, how many of those
hurdles are they going to have to jump over, how many defenses
are going to be in there, and I see that language of primary as
being a hurdle, frankly.
Mr. Shadegg. Any other comments on that question? Let me
ask a second question. Congressman Cox talked about the issue
of the application of the law of trespass. Do any of you--have
any of you given thought to the application of the law of
trespass to this issue? Do any of you have strong feelings that
we should not try to seek to extend the law of trespass to
this? Because I consider it a trespass. Whether it is trespass
into my computer or trespass into a space on the Internet
service provider that I am currently renting, it seems to me
when you send me an e-mail I don't want, you are trespassing.
Comment on that? Yes, sir. Mr. Murray.
Mr. Murray. The case that I believe Representative Cox was
referring to is the Hamidi v. Intel case which recently came
down. I did not read the decision carefully but what I saw
distinguished in that case was political speech versus
commercial speech. And what they said was we will not limit
political speech over companies' networks. We will not allow
you to censor your employees' political speech. I think that
this----
Mr. Shadegg. Yes, I would agree with that.
Mr. Murray. [continuing] is a clear distinction between--
this is only commercial speech which is within the purview of
both of these bills.
Mr. Shadegg. Other comments on the extension of the law of
trespass explicitly?
Mr. Curran. The doctrine of trespass has always been vital
to ISPs' protection of their networks. That said, recognize
that there are 50 States. This is the common law of each
particular State. California's decision may not be binding as
it applies, while certainly influential.
Mr. Shadegg. Well, we can write a statutory provision on
trespassing into Federal law in this legislation, I think.
Mr. Cox seems to think so as well.
Mr. Curran. It is a difficult area in terms of leaving to
the States their historical area of competence as to the
protection of private property rights of which trespass is one
of the core.
Mr. Shadegg. So you have a reservation about that.
Mr. Curran. It is an interesting issue.
Mr. Shadegg. It is an interesting issue. Other comments?
Safe harbor, there is a limited safe harbor provision in one of
the bills and no safe harbor provision in the other. Would any
of you advocate that we need--there was some comment earlier
about some of the opt-outs or some of the provisions that would
not be covered, that specifically say, well, a warranty update
or a privacy policy update gets you out of coverage under the
law. Are there other safe harbors that any of you would
advocate? Yes, sir?
Mr. Hirschman. Can you hear me?
Mr. Shadegg. Yes.
Mr. Hirschman. I would certainly advocate some form of safe
harbor for any form of statute that were enacted, primarily
because it would further the concept of accountability. It
would force people to come forward and say, ``I am a mailer and
this is the IP address through which I am mailing.'' This is a
practice that we at Digital Impact already do. We go to ISPs
and we say, ``Here is a list of all of our IP addresses with a
list of the clients behind them. Do as you see fit but we are
going to use best practices.'' I have no doubt that the best
practices that we require our clients to use are going to be
better than whatever we will see in legislation or regulation
because we are extremely strict. What I would like to see is
some form of safe harbor whereby if a company has satisfied all
the conditions of the safe harbor, they could avoid the costly
litigation of trying to prove that e-mail wasn't commercial or
that e-mail was not unsolicited or the rest of the litigation
that can go along with this.
Mr. Shadegg. Yes. I actually have read the safe harbor
provision that is in the legislation, and I don't think it
makes sense but I think we should have safe harbor provisions
along the lines of what you suggest where if you engage in
these practices and you in fact have done them all, you ought
to be able to get yourself out of the litigation loophole. So I
appreciate your testimony.
Mr. Stearns. Thank the gentleman. The gentleman from
Massachusetts.
Mr. Markey. Thank you. Mr. Murray, if you get spammed on
your desk, at least you can leave your desk, but if you get
spammed on your wireless device, it is traveling with you. You
are like a mobile target for spammers. Are you of the opinion
that the legislation which we pass should also deal in a
comprehensive way with the wireless world so that we in an
anticipatory way try to avoid having the same mess created in
the wireless world that has already been created in the online
world?
Mr. Murray. From a consumer perspective, I think that it is
critical that we consider wireless spam, which is ramping up
extremely quickly. The growth rate of wireless spam is quite
troubling. There is a political expediency question which
Representative Burr raised. I think consumers should get a spam
bill and they should get one soon.
Mr. Markey. Did you say there is an expediency issue?
Mr. Murray. Yes, sir.
Mr. Markey. What is that?
Mr. Murray. Just in the sense of I would like to see a bill
come out of committee, and if that were terribly controversial
and it would risk stopping the bill----
Mr. Markey. Should it be controversial?
Mr. Murray. I don't think it should at all, but I have
worked with--let me restate that. I think that consumers
absolutely deserve a strong wireless spam measure, and I would
love to see it included in this bill. I would hope that it
wouldn't be controversial on the committee or in the full
House.
Mr. Markey. So you do support it wholeheartedly, though.
Mr. Murray. Absolutely.
Mr. Markey. Okay. The Cellular Telephone and Internet
Association, CTIA, estimates that last December wireless
carriers processed more than 1 billion text messages, four
times higher than just 1 year earlier. In Japan, the dominant
wireless carrier, Dokamo, processes 1 billion messages a day,
and some estimate that 80 percent of that is unsolicited
messages. So from a--again, from a political perspective but
more importantly from a consumer perspective, isn't this the
time, isn't this the place to do it rather than waiting? We
might not return to the issue for 4 or 5 years?
Mr. Murray. Absolutely. I agree with that 100 percent. And
as I noted earlier, there is the possibility that as we put in
a location-based tracking system for cellular users, that we
will see location-based spam, and I think that we should be
working on killing wireless spam and all of its iterations.
Mr. Markey. But you are saying that you don't want it to be
delayed a day, though. How much time would you delay if there
was opposition to protecting against wireless?
Mr. Murray. I believe that that falls more clearly within
your realm of expertise.
Mr. Markey. Thank you so much, yes.
And we will try to make that determination, because I don't
think it would really be a good idea for us not to take this
opportunity, which might not arrive for several more years if
we don't take it as this train is leaving the station. And I
think, to be honest with you, it would really irritate people
so much more to be spammed on their cell phone than they ever
feel in terms of irritation on their computer. I mean it just
would wind up causing something that would match the reaction
to the national do not call list that we have been seeing over
the last 9 days in America. So I thank you, Mr. Chairman, very
much, and I look forward to working toward the goal of
including very strong wireless spam protection language in this
comprehensive bill.
Mr. Stearns. Okay. Mr. Beales, I understand you have to
leave, and so we want to thank you very much for your kindness
and patience in staying, and we will look forward to talking to
you again.
Mr. Beales. Thank you very much.
Mr. Stearns. And Mr. Walden, you have 8 minutes. You didn't
have an opening statement, so you are recognized.
Mr. Walden. All 8 minutes was for Mr. Beales but that is
okay. No, I am just kidding.
Mr. Rubinstein, you talked about the idea of e-mail best
practices and a seal that could accompany, I assume, the e-mail
so you would know as the recipient. Is that how that would
work?
Mr. Rubinstein. Yes.
Mr. Walden. Would there be some guarantee that the seal
wouldn't be counterfeited by one of these spammers? Can you
prevent that?
Mr. Rubinstein. I think in order for such a seal to be
effective, it would have to rely on digital signatures or other
encryption techniques to prevent that type of spamming, which
would certainly completely undermine the program.
Mr. Walden. Right. And you are confident that technology,
the encryption technology would work against these folks?
Mr. Rubinstein. I think that would be the best approach
from a security standpoint, but it might be harder to
implement. Another possibility is to use IP addresses but then
we would have to address some of the ways that those can be
spoofed. So there are discussions underway looking at the
appropriate technology.
Mr. Walden. Ms. Selis, welcome as a fellow Northwesterner.
I represent the district right up against Washington State. I
wondered when we are talking about trying to track these people
down, the way they make money is through people's credit cards
on the Internet, I would guess, pretty much--I mean how do
they--somehow they are getting paid for the porno or whatever.
Is there a way to go after it from the financial side or the
tax side?
Ms. Selis. Well, your question brings up sort of the
fundamental issues with tracking spammers. What we found in our
cases is that almost inevitably the merchant, the one who is
getting the credit card payment, is not the spammer. The
merchant is getting leads from the spammer who in turn is
contracting to somebody else to get leads, who in turn is
contracting with somebody else, et cetera, et cetera. To give
you an example, in one of the cases we brought against a
company out of Minnesota, we had to send 14 pre-suit subpoenas
to determine exactly who the sender was, and we couldn't do it
through the merchant. The merchant was a debt-adjustment
company who was in fact from credit card payments in Florida,
but that merchant has bought a leave list from somebody else
who in turn who had gotten the leads from somebody else, et
cetera, et cetera. So would that we could do it that easily, it
takes oftentimes--somebody pointed out that it took 2 years to
track a spammer that way.
Mr. Walden. I also want to ask about this issue of pop-up
ads. How do they differ from spam if at all, and how do you
nuke them? See, I am in favor of the death penalty for those
folks, whoever they are out there. It is absolutely outrageous
invasion of privacy, invasion of my private property that this
stuff goes on, and there is no good, easy way to get rid of it,
and I am curious, how do you feel either of these bills would
address that issue, which I think is far more insidious than
spam, which is bad enough. I agree with the former chairman's--
you know, putting them in the line of cockroaches, although I
don't think cockroaches are this bad. Yes, Mr. Betty?
Mr. Betty. Pop-ups, singularly, the largest thing people
hate is spam, the second thing people hate most are pop-up ads.
They are very different than spam. How you deal with those
issues are different. Like we have done in the spam case, we
took a leadership position in that. We offer our users a tool
called Pop-up Blocker. I think I have gotten one or two pop-up
ads in the last year. I mean there are technologies out there
that can prevent these from coming to your web browser. You
just have to go to the right people to get it implemented.
Mr. Curran. Yes. Fortunately, that issue is much more
amenable to technological solutions, and like Earthlink we have
introduced pop-up blockers that enable users to deal with the
issue at the browser level. So that is perhaps a good news
story.
Mr. Walden. Yes. Did anybody else have comments on that
particular side of things? Yes.
Mr. Misener. If I may, Mr. Walden, just to go back to the
earlier question you asked Ms. Selis about the beneficiaries of
spam and it has always seemed to me that the business model of
spamming would dry up if no one ever paid----
Mr. Walden. Right.
Mr. Misener. [continuing] for the products advertised. And,
therefore, we certainly would support any kind of an additional
remedy given to either the State AGs, to the FTC, the Attorney
General of the United States or perhaps the ISPs themselves for
going after the beneficiaries, the knowing beneficiaries of
spam. And as you may be aware, Chairman McCain offered an
amendment to S. 877 recently which would do just that, and we
certainly do support that approach.
Mr. Walden. What about best business practices among
businesses to make sure they know where they are getting their
lists or put a privacy statement that says, ``We don't know
where we are getting this list of e-mail contacts,'' so the
consumers would know?
Ms. Selis. Well, the notion of best practices, and it has
been talked about here, I think it is important also to
recognize that you can have best practices but if you have no
enforcement mechanism for a violation of those best practices--
--
Mr. Walden. Oh, yes. I am with you on that.
Ms. Selis. [continuing] they are worthless. So I think it
is an intriguing idea. If you put a burden on the merchant who
purchases the list to disclose where he got the list or to say,
``I don't know where I got the list,'' or to charge him what
some level of liability for getting the list from a spammer.
And I think there are some provisions in both of these bills
that would do that with assisting and facilitating language. So
I think there is fodder for that in the current legislation.
Mr. Walden. Okay. The other issue, our own server in my
company got hacked into and used as, I guess, a way to bounce
e-mail through to other accounts. The only way we knew was
because it quit working effectively for our uses, and it turned
out it was somebody overseas doing it and it was porno and all
of that. Does anything we do here in either of these bills give
us the ability to go after these jokers that are operating on
some island where there is no governance or in countries where
we are unable to really track them down? And it is really a
two-part question. One, what do you do in the ungoverned areas?
And, two, it seems to me there is also an international trade
component that needs to come up in our trade discussions with
countries who don't enforce laws against spamming that we may
want to have enforced here. And I would welcome your input on
those two subjects.
Mr. Curran. I think it is also important to consider that
while your servers may have records showing that the spam came
from an international source, it is also entirely possible that
it is a U.S.-based spammer who relayed from an offshore
computer back into your computer. So you don't necessarily want
to assume too quickly U.S. spammers----
Mr. Walden. Right. Good point.
Mr. Curran. [continuing] who spam in the English language
and negotiate their transactions in dollars are necessarily
moving away from the United States when the opportunities are
rich enough to, in effect, bounce offshore their computer----
Mr. Walden. And then it comes back.
Mr. Curran. Exactly. It is a series of piggyback moves. So,
certainly, from our perspective, the U.S.-based spammer
environment is target rich in terms of the need for
enforcement, and we shouldn't let the prospect of potential
international issues deter us from taking action against the
U.S.-based spammers.
Mr. Walden. All right. I appreciate that, and I will close
with this one comment. I am not usually a big advocate for
lawsuits, but I will tell you what, when you talk about $876
per employee in a company, I can tell you it is happening
because you have got to bring in some high-priced IT person to
fix the problem and put in the latest firewalls and all of
that. And I think there ought to be a private right of action
with multiple damages. I mean I want to go after these people
and shut them down and make them pay or it is going to destroy
the usefulness of the Internet. It is already destroying small
business out there, and something has to happen. So I
appreciate all your comments and your testimony today, Mr.
Chairman, and I yield back.
Mr. Stearns. Thank the gentleman. Mr. Davis, recognized for
8 minutes.
Mr. Davis. Thank you, Mr. Chairman, and thank you to the
witnesses for staying so long. First, I would like to know to
what extent there is a consensus in the panel as to the target
we have been discussing today, whether there is a prevalent
business model for the spammer? Ms. Selis a little while ago
described what seemed to be a former business model in terms of
what is motivating the spammer, who ultimately is the client or
beneficiary? Is there a consensus here? Is it clearly a profit-
minded agent who is motivated by the extent to which those few
people are actually positively responding to the spammer and
providing something of value? Does someone want to take a stab
at this?
Mr. Curran. I think there are a couple of different
business models. There is the spammer who sends on their own
behalf and transacts directly. There are professional spammers
who rent their services out for hire and who will deliver a
script on behalf of a particular advertiser. There is also a
lot of lead generation spam where complex business structures
are used to--that somebody is an independent agent or
contractor, allegedly, will drive traffic toward a particular
web site in effect generating leads and getting a cut. But you
are correct that ultimately the name of the game is to
facilitate even transactions by a fractional portion of the
recipients.
Mr. Davis. I would presume that from the ISP perspective
there is obviously value to your bottom line in minimizing the
pop-ups and spamming for the sake of your customers. Some of
the written testimony suggests that perhaps not in the case of
you but others in your industry you may have some conflict of
interest here in two respects I would like you to comment on or
anyone else. The first is the extent to which you are arguably
spamming your own subscribers, and, second, the extent to which
there is a temptation or opportunity for you to share in some
of the profits these spammers are deriving by charging them an
extra price for the privilege of using your network.
Mr. Betty. We absolutely wouldn't take any money from a
spammer, and we actively shut them down and sue them when we
can find them. So that is not a concern of ours at all. We
don't practice really--we don't rely on advertising-related
revenues, we rely on the money we get on a monthly basis from
our consumers as the basis of the relationship with them. So
the monies we spend are trying to enhance our fundamental value
proposition that we offer, and we will continue to do that if
there are no other alternatives.
Mr. Rubinstein. I would concur with that. Microsoft doesn't
spam its customers, and we don't profit in any way from spam or
sharing, making spam available to--making our customer list
available to spammers. I would also add that we do send
commercial e-mail to our customers, but it would qualify under
this--it would not be treated as spam under this bill.
Mr. Davis. Because of the prior existing relationship.
Mr. Rubinstein. Either it is a strictly prior existing
relationship or it is subject to an opt-out, so we would
readily abide by all of the requirements in this bill.
Mr. Misener. Mr. Davis, it seems to me that there is one
other potential conflict here with the ISPs, which we have
raised before, and, hopefully, it is not one that would ever
come to pass. But the concern would be that many ISPs have
multiple businesses. They not only are providing communications
services but also running, for example, e-commerce businesses,
certainly for profit. The concern would be that any self-help,
any self-remedy offer to ISPs allowed them to filter e-mail in
an anti-competitive fashion. And so we certainly would hope
that none of the discussion today would allow--or none of the
provisions of the bills that would be passed or considered in
Congress or here in the House would envision ISPs being able to
somehow skirt anti-competition law, and perhaps that can be
taken care of in report language.
Mr. Davis. To Ms. Selis, how would an aggregate damage cap
affect your ability as an attorney general's office as well as
others to bring suits against spammers?
Ms. Selis. Well, there is frankly no reason for it. It
would be problematic. When you talk about spammers, you talk
about huge volumes. I recently deposed a defendant in one of my
cases who sent out 55 million spams a day, and he did this over
a period of time. And to put a cap on that kind of activity
simply makes no sense, because it is such widespread activity,
he is making so much money that if we put a cap o this, if we
arbitrarily said X amount of dollars, $1 million, it wouldn't
be an effective deterrent for somebody with that huge an
operation. So I don't see any reason for it. There is no cap in
any other kind of trade violation which this is under existing
Federal law, and I don't see any good reason for it in this
area either.
Mr. Davis. The Burr-Tauzin bill contains a knowledge
standard that you as an attorney general would have to prove as
part of the bill. How do you think that would impact your
ability to effectively enforce such a law?
Ms. Selis. Well, again, I think that it is a real deterrent
to good enforcement, and, again, it is unprecedented. Under
existing trade law, intent is not an element of proof. It is an
element of proof in a criminal case, and it should be because
there are higher penalties in a criminal case, but under the
consumer protection law there is no knowledge standard, and to
have to prove a defendant's state of mind means more
litigation, more cost to the States, more cost to the FTC, more
cost to the taxpayers and less effective litigation in the long
run.
Mr. Davis. The Burr-Tauzin bill, obviously, in a good faith
effort to try to boil down the solution here refers to primary
purposes Representative Shadegg alluded to. It seems vague.
Does anyone on the panel want to argue that that is not overly
vague in terms of having meaningful enforcement here? Does
anyone on the panel want to argue that there ought to be a
separate opt-out request for each affiliate of a company?
One of the other differences between Wilson-Green and the
Burr bill is that Wilson-Green adopts--and I am co-sponsor of
Wilson-Green as you can probably tell--adopts the post office
standard in terms of protecting people as far as pornographic
material. I am trying to stop my sons from growing up too
quickly. It is a losing battle. This is a particularly good one
for me. Does anyone question whether the Wilson-Green approach
is the preferable approach on this particular issue or whether
there is something in between?
One of the other differences between the two bills is that
Wilson-Green specifically targets as a violation dictionary
attacks. I have talked to high schools in my home Tampa that
are experiencing this. Does anyone question whether our bill
ought to specifically be prohibiting dictionary attacks?
Mr. Curran. That is definitely a positive addition.
Mr. Davis. Mr. Chairman, thank you very much. That
concludes my questions.
Mr. Stearns. Thank you. The gentlelady is recognized for 5
minutes.
Ms. Wilson. Thank you, Mr. Chairman. I wanted to thank you
all for your testimony, and I read your written testimony and
have been listening to the testimony in the anteroom here. I
appreciate your time and your patience. I had a couple of
questions and first for Mr. Curran. Has AOL ever spammed its
members?
Mr. Curran. Spam is the No. 1 complaint that our members
have about our service, so that is not something that we want
to do. If we communicate with our members by e-mail, we always
provide them an opt-out. And not only that, we offer them a
general opt-out in our privacy policy so that they don't ever
have to hear from us if they don't want to. And, obviously,
that situation is quite different from the experience that many
of our members have in the mailbox where they have the kind of
outlaw spam that contains a non-working opt-out, completely
falsified headers and no meaningful way for the consumer to
exercise to choice.
Ms. Wilson. Is ShopDirect.aol.com part of AOL or is that a
false header?
Mr. Curran. Shop Direct is in fact part of--is part of AOL.
And Shop Direct--people who use the Shop Direct service may
hear from Shop Direct, but they can always opt-out from those
e-mails.
Ms. Wilson. Mr. Chairman, I would just like to make this
document as part of the record. It is actually a spam e-mail to
me from America Online, I am one of your subscribers and
requested multiple times to opt-out. It is a problem even under
your service.
Mr. Rubinstein, do you ever----
Mr. Stearns. So ordered by unanimous consent.
[The document follows:]
[GRAPHIC] [TIFF OMITTED] T8428.001
[GRAPHIC] [TIFF OMITTED] T8428.002
Ms. Wilson. Thank you, Mr. Chairman.
Mr. Rubinstein, does Microsoft spam their MSN or Hotmail
members?
Mr. Rubinstein. Like AOL, we communicate with our customers
by e-mail, but we always offer an opt-out with one narrow
exception, which is Hotmail sends a monthly subscriber letter
and that is an opt-in letter that you agree to receive as part
of the service, and it is one letter per month. Other than
that, I am sure that we make every effort not to spam our
customers, but we may have made mistakes in the past, and if we
have, I would only emphasize that those are mistakes not a
business practice. We don't profit from spam, and we try to
avoid sending spam. And once this bill is passed, we would
certainly comply with all the requirements under the bill.
Ms. Wilson. Mr. Betty, in your testimony, in your written
testimony anyway, you say that 20 million e-mails could be sent
for $149 or less, and I am concerned--and Ms. Selis, you also
addressed this same issue--of how do you--how can you make the
penalty high enough to discourage the practice? How can you
make the cost high enough to discourage the practice so that
the potential cost is worse than the gain of continuing to be a
spammer, at least on the civil penalty side? How do you go--how
should we go about doing that in statute, and what are the most
important things to keep in mind? I know that is something of
an open-ended question but if you could address that.
Mr. Betty. I think not having limitations on awards is a
big deterrent. People that are repeat offenders if they get
increasingly egregious, it would be okay. Our experience when
you get to the most notorious of them they aren't making tons
of money, they are scraping by a living, and even when you get
these awards you are never going to get any recovery but it is
such a deterrent that it does prevent them from continuing or
they go to jail. So I don't--except for putting them in jail
and making it easier for us to get to that point, there is not
much we can do.
Ms. Wilson. And perhaps, Mr. Murray, I would like to end
with you, and I also found your testimony to be interesting on
this issue of what is commercial e-mail. And from your
perspective, having looked at both of these approaches and
probably numerous others, what is the best approach to defining
what it is that consumers have the right to opt-out of?
Mr. Murray. Well, I will say for starters that I think
primary purpose provides wiggle room that is just unnecessary.
I know the representative from the Federal Trade Commission
indicated that there were some e-mails we would like to allow
through if it comes from a newspaper and it is an article with
an advertisement attached. I don't see--even if we provide for
an opt-out, that is not particularly onerous. So I don't see
any reason to not have a broad definition of what is
unsolicited commercial e-mail. I think that providing loopholes
is just setting up consumers for more spam.
Ms. Wilson. Thank you. And I want to thank all of you. I
think Mr. Davis said something that I think was really striking
is this question of should customers be required to opt-out of
every affiliate, and nobody seems to think that that is the
right approach. I think several of those questions were really
telling. It is a very serious problem, and it is a--everybody
thinks that they are not the ones who spam and it is all the
other guys, they are all legitimate. But if I am the one who is
cleaning it out of my mailbox, I should have the right to say,
``Take me off your list. I didn't opt-into any of this.'' And
as far as I am concerned, if I am paying for the service, I
should have that right. I thank all of you for your time and
your patience today.
Mr. Stearns. I thank the gentlelady. The gentlelady from
California is recognized for 5 minutes.
Ms. Eshoo. Thank you, Mr. Chairman, again for having this
important hearing and to all of the panelists. I think that you
have given us a good deal of information today, and what I
thought I would do since I am the last one, I believe, to make
some comments and ask a question is to see if I can summarize
because I listened very hard throughout this hearing to what
your answers were to the questions that were posed.
Does everyone agree that this has to be enforceable? All
right. Everyone is nodding, so no one disagrees. That is
applies to all commercial e-mail. Everybody agree on that? All
right. That there be strong language that protects not only
adults but most especially children from pornographic spamming
and just the crap that is out there. I don't know what other
way to put it. I don't want to dignify what is done, so maybe
that is a good word for it. Everyone agree to that? All right,
we have consensus on that. Do you all agree that affiliates be
included in the opt-outs? I think that question was asked, but
I want to be sure that everyone agrees on that. All right. Are
you nodding too? Yes? All right.
I am sorry that the gentleman from the Federal Trade
Commission had to leave when he did. I was dying to ask him a
few questions, but I think that as a committee we should pose
to the Federal Trade Commission some questions, and that is how
long did it take the FTC to develop the do not call list, and I
think that a list that is developed on this is a cannot spam
list. I mean we really have to be tough about it. But I think
that we should go back and examine how that was constructed and
what were the hurdles for the FTC? How long did it take for
them to weed all of that out? Is there a possibility of
including in legislation the whole notion of a cannot spam list
through the FTC that they would help to make work and actually
implement.
It is my recollection, and I don't know if this is an
accurate one, but my sensibilities tell me that they were not
all that enthused very early on about a national do not call
list, and we helped to make that work. I mean certainly there
had to be an appropriation but we worked on that for a while. I
think that what we do has to be able to weed out the worst of
the worst who send and then flip around their e-mail address.
And, again, Mr. Chairman, I hold--I am going to be really
consistent about this, that if we don't get this right, we are
going to have tens of millions of Americans on our back and
justifiably so if we really miss the mark on this. And no one,
I don't think, is going to be congratulatory if we put
something on the books that cannot be enforced. And I think
that, Ms. Selis, you have been enormously helpful today in the
answers that you have given to several of my colleagues. So I
don't know what other questions I would ask other than maybe I
will ask Ms. Selis given what Washington State has adopted and
you have that in place, do you have any recommendations to us
that you would make that as strong as your enforcement is, is
there something that was left out of this that we can--out of
your experience that we can benefit from? Outside of the strong
enforcement provisions, are there any other recommendations
that you would make to us?
Ms. Selis. Well, I think that the one thing we can't do is
be 50 States or the Federal Government.
Ms. Eshoo. Exactly.
Ms. Selis. And----
Ms. Eshoo. That was going to be one of my summary
questions. Everyone here agrees that we would all benefit from
a national law, a strong umbrella rather than--anyone ever try
to open an umbrella in the rain when it is not working well? We
all know what that is. So we need a strong Federal umbrella.
Ms. Selis. Right. We need as many people, as many entities
who can all do their own level of enforcement in order to stop
this problem. One State isn't going to do it, five States isn't
going to do it. ISPs, private citizens, a private right of
action I think is really important here. It will take a lot of
people to solve this problem.
Ms. Eshoo. In listening to the panelists, I think that we
always listen for on this side of the dias where you agree with
one another and where you disagree, because those are the
things--I mean we end up being referees in all of this and try
to come out with the best product for the American people.
Where are the disagreements here? It sounds to me like you are
all kind of agreeing with each other. What are the
disagreements amongst you? One of them might be private right
to action, yes, and, most frankly, I don't think that would
ever get out of a subcommittee or a full committee here. That
is just my opinion, but is there anything else that is
contentious? Gee, you were all so talkative, now you are so
quiet. No. So there really isn't any--there aren't any great
bones of contention between you?
Mr. Rubinstein. I am not sure about between us but----
Ms. Eshoo. Well, the panel. I mean you have listened same
way as I have all day.
Mr. Rubinstein. The panel did--several people expressed
themselves in opposition to the do-not-spam list. I don't know
if that is the consensus view of the panel, but that is maybe
the trend from what I heard.
Mr. Stearns. Time of the gentlelady is expired.
Ms. Eshoo. Can he answer? Mr. Chairman, can he answer.
Mr. Stearns. Sure. Oh, absolutely. Go ahead.
Mr. Betty. There is very clear consensus on the key, key
problems of dealing with all this outlaw spam. And as far as
the other elements, they are more perhaps just differences of
degree in terms of complementing the anti-outlaw provisions
with things that provide for proper consumer choice but not a
lot of disagreement.
Ms. Eshoo. Okay. Thank you very much. And thank to you, Mr.
Chairman.
Mr. Stearns. I thank the gentlelady, and I remind all
members that the record will remain open if members want to ask
questions, particularly to the Federal Trade Commission
Chairman. And I want to thank all the panelists for their time,
their answers to our questions. And with that, the
subcommittee--both subcommittees are adjourned.
[Whereupon, at 4:50 p.m., the subcommittees were
adjourned.]
�