[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]
SPAM AND ITS EFFECTS ON SMALL BUSINESS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON REGULATORY REFORM AND OVERSIGHT
of the
COMMITTEE ON SMALL BUSINESS
HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTH CONGRESS
FIRST SESSION
__________
WASHINGTON, DC, OCTOBER 30, 2003
__________
Serial No. 108-44
__________
Printed for the use of the Committee on Small Business
Available via the World Wide Web: http://www.access.gpo.gov/congress/
house
______
93-042 U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON SMALL BUSINESS
DONALD A. MANZULLO, Illinois, Chairman
ROSCOE BARTLETT, Maryland, Vice NYDIA VELAZQUEZ, New York
Chairman JUANITA MILLENDER-McDONALD,
SUE KELLY, New York California
STEVE CHABOT, Ohio TOM UDALL, New Mexico
PATRICK J. TOOMEY, Pennsylvania FRANK BALLANCE, North Carolina
JIM DeMINT, South Carolina DONNA CHRISTENSEN, Virgin Islands
SAM GRAVES, Missouri DANNY DAVIS, Illinois
EDWARD SCHROCK, Virginia CHARLES GONZALEZ, Texas
TODD AKIN, Missouri GRACE NAPOLITANO, California
SHELLEY MOORE CAPITO, West Virginia ANIBAL ACEVEDO-VILA, Puerto Rico
BILL SHUSTER, Pennsylvania ED CASE, Hawaii
MARILYN MUSGRAVE, Colorado MADELEINE BORDALLO, Guam
TRENT FRANKS, Arizona DENISE MAJETTE, Georgia
JIM GERLACH, Pennsylvania JIM MARSHALL, Georgia
JEB BRADLEY, New Hampshire MICHAEL MICHAUD, Maine
BOB BEAUPREZ, Colorado LINDA SANCHEZ, California
CHRIS CHOCOLA, Indiana ENI FALEOMAVAEGA, American Samoa
STEVE KING, Iowa BRAD MILLER, North Carolina
THADDEUS McCOTTER, Michigan
J. Matthew Szymanski, Chief of Staff and Chief Counsel
Phil Eskeland, Policy Director
Michael Day, Minority Staff Director
(ii)
?
C O N T E N T S
----------
Witnesses
Page
Beales, Hon. J. Howard, III, Federal Trade Commission............ 3
Cerasale, Jerry, The Direct Marketing Association................ 8
Goldberg, Bruce, Weatherman Records.............................. 10
Rizzi, John A., e-Dialog, Inc.................................... 12
Giordano, Catherine, Women Impacting Public Policy............... 15
Ham, Shane, Progressive Policy Institute......................... 17
Crews, Clyde Wayne, Jr., Cato Institute.......................... 20
Appendix
Opening statements:
Schrock, Hon. Ed............................................. 33
Prepared statements:
Beales, Hon. J. Howard, III.................................. 35
Cerasale, Jerry.............................................. 53
Goldberg, Bruce.............................................. 59
Rizzi, John A................................................ 61
Giordano, Catherine.......................................... 74
Ham, Shane................................................... 80
Crews, Clyde Wayne, Jr....................................... 85
(iii)
HEARING ON SPAM AND ITS EFFECTS ON SMALL BUSINESS
----------
THURSDAY, OCTOBER 30, 2003
House of Representatives,
Committee on Small Business,
Subcommittee on Regulatory Reform and Oversight,
Washington, D.C.
The Subcommittee met, pursuant to call, at 10:33 a.m. in
Room 2360, Rayburn House Office Building, Hon. Ed Schrock
[chairman of the Subcommittee] presiding.
Present: Representatives Schrock and Gonzalez.
Chairman Schrock. Good morning, everyone. I think we will
go ahead and get started. I am sure other Members will come in.
Rumor is we are supposed to have three votes at 10:30, but you
know how that goes around here. It may be a little bit after
that. I will go ahead and do my opening remarks. We will let
Mr. Beales do his, and then we may have to go vote.
Since inception of the Internet and electronic mail,
businesses have found opportunities to use both as vehicles of
marketing and advertising. Every day, Americans receive
billions of e-mails, and its low cost allows marketers and
business people to reach wider audiences than ever before.
Unfortunately, like any business practice in the United
States, there are those who abuse this technology by sending
bulk, unsolicited e-mails to users without their permission.
Spam, as it has been dubbed, is estimated to constitute over 40
percent of commercial e-mail. It clogs e-mail servers, reduces
productivity, inhibits growth and has a direct affect on small
businesses in the U.S.
There are, however, many small businesses in the United
States who execute e-mail marketing campaigns legally and who
use e-mail as a tool to inform and communicate with their
customers.
Several current legislative proposals exist to combat spam.
Options include increasing the jurisdiction of the Federal
Trade Commission, creating a Do Not E-Mail registry requiring
opt in or opt out provisions, requiring all bulk e-mailers to
have trusted identification or imposing harsher penalties on
criminal spammers. Whatever the ultimate remedy, we want to
make sure that the specific impact on small business in taken
into account.
Over a billion small businesses use e-mail as a marketing
tool, and millions use more e-mail to communicate with
employees, suppliers and others critical to their business.
Criminal spam cannot be allowed to prevent e-mail from its
legitimate uses, and as time passes the problem will get even
worse if action is not taken.
[Mr. Schrock's statement may be found in the appendix.]
Chairman Schrock. Right now I want to thank all the
witnesses for coming today, and I would like to recognize the
Ranking Member, Mr. Gonzalez. We did not know if you were going
to go first or what, so you can make comments, and then we will
probably have to go vote.
Mr. Gonzalez. Thank you very much, Mr. Chairman. My
apologies for being a bit late. The fact that the bells are
going off now is probably good because we will get that vote
out of the way. I will keep my remarks very, very brief.
Fact-finding. What is the purpose of any testimony is
really for this Committee to get a better handle on what is
going on out there in the small business world. Spam has
created tremendous problems for individuals, government and
businesses, but especially small businesses, as the chairman
has already pointed out.
The question is what is the appropriate remedy? I hope that
we will have many of the witnesses who will be able to tell us
what they are doing and what they see for the future. The
question really comes down to one of regulation and what is the
proper and appropriate role for the government to play in order
to achieve what would be the maximum benefit that this e-world
allowed us with the Internet.
It is so important to balance I guess when you think of
terms of free speech, because I do believe that some of these
issues rise to the level of free speech and, as I have said,
the regulatory scheme of things and then, of course, free
enterprise if we can just somehow take all the factors into
consideration and fashion something that makes a lot of sense.
We know the Senate has acted. We know we have bills on the
House side. It is a matter of working together to really
fashion something that is effective and reasonable under the
circumstances so that we do not reach a critical point where we
overreact. That is the greatest danger here in Congress, and
that is when a crisis arises and we act quickly and not
necessarily prudently.
Again, thank you, Mr. Chairman. I guess we should vote.
Chairman Schrock. I think we will. That is a good idea. We
will go vote, do our three votes, and we will be back quickly.
Sorry, Mr. Beales. Those bells are compelling. Thank you.
[Recess.]
Chairman Schrock. We are told we are going to have no more
votes until 1:00, but we also were told that we are going to
vote all night, so a lot of silly things are going to happen
today. We have one of those every once in a while, so we must
endure it. Hopefully by 1:00 we will have accomplished a lot.
Before we begin receiving testimony from the witnesses, I
want to remind everyone that we would like each witness to keep
their oral testimony to five minutes. In front of you on the
table you will see a box that will let you know when your time
is up. When the light is yellow, you have one minute remaining.
When five minutes have expired, the red light will appear. Once
the red light is on, the Committee would like you to wrap up
your testimony as soon as you are comfortable. At the six
minute mark your trap door will open, so keep that in mind.
First I would like to introduce the Honorable J. Howard
Beales, III, who is the Director of the Bureau of Consumer
Protection for the Federal Trade Commission. Thank you for
being here, and we are looking forward to your testimony.
STATEMENT OF THE HONORABLE J. HOWARD BEALES, III, DIRECTOR,
BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION
Mr. Beales. Thank you, Mr. Chairman. I really appreciate
the opportunity to provide the FTC's testimony about spam and
its effect on small businesses.
The problems caused by unsolicited commercial e-mail go
well beyond the annoyance that spam causes to the public. These
problems include the fraudulent and deceptive content of most
spam messages, the offensive content of many others, the sheer
volume of spam being sent across the Internet and the security
issues raised because spam can be used to disrupt service or as
a vehicle for sending viruses.
To gain a better understanding of the nature of spam, the
FTC staff reviewed a sample of approximately 1,000 pieces of
spam. Sixty-six percent contained facial elements of obvious
deception in the From line, the Subject line or the text of the
message. When these data are further analyzed to exclude
sexually explicit e-mail and e-mail hawking products or
services that are permeated with fraud like chain letters or
cable descramblers, only 16.5 percent of the spam did not
contain obvious deception and came from possibly legitimate
marketers.
We further analyzed a random sample of 114 of these spam,
looking behind the header information to see who had registered
the domain name for any Web sites that were connected to that
e-mail by a hyperlink. We found none from Fortune 500
companies, only one from a Fortune 1,000 company.
The Commission also convened a three-day spam forum.
Virtually all of the panelists opined that the volume of
unsolicited e-mail is increasing exponentially and that we are
at a tipping point, requiring some action to overt deep erosion
of public confidence that could hinder or even destroy e-mail
as a tool for communication and on-line commerce.
A solution to the spam problem is critically important, but
it cannot be found overnight. There is no quick or simple
silver bullet. Rather, solutions must be pursued from many
directions--technological, legal and consumer action.
Two key characteristics of spam make the problem
particularly difficult to solve. The first is anonymity. It is
possible to send an e-mail from anywhere to anyone and make it
appear as if it came from somewhere completely different. Once
it passes through an open relay or an open proxy that could be
anywhere in the world, spam is virtually impossible to trace.
The second key characteristic is economics. For the
spammer, sending out a few or a few thousand more messages is
virtually cost free. Because it is so cheap, spamming can be
profitable even if the response rate is very low. At our spam
forum, one spammer said his business was profitable even if the
response rate was as low as .0001 percent.
The panelists at the forum also discussed the damaging
effect that spam has on businesses and particularly on small
businesses. Although a single piece of spam to a single
consumer causes de minimis economic harm, the cumulative
economic damage from spam is enormous and growing. Although
there is a lack of firm research regarding cost, estimates--
maybe guesses is a better word--have ranged from $10 billion to
$87 billion a year.
The onslaught of fraudulent and offensive spam robs
businesses that would like to use commercial e-mail messages as
a cost effective way of marketing their goods and services.
Legitimate sellers tend to be drowned out or overlooked by
consumers who simply ignore commercial e-mail messages because
so much spam is so distasteful.
One panelist, the president of a small ISP in Little Rock,
Arkansas, stated that spam is his number one customer complaint
and that addressing the increasing amount of spam is placing
the very existence of his business in peril. His company does
not have the financial resources and large support staff found
at large ISPs. When a deluge of spam arrives, e-mail is
delivered more slowly and customer complaints increase
dramatically, causing the small customer support team to
struggle to address complaints.
Spammers also harvest e-mail addresses from public places
on the Internet such as Web sites. That poses a particular
problem to small businesses because posting e-mail addresses on
their Web sites facilitates the communication with existing or
potential customers. In our spam harvest analyzing what on-line
activities placed consumers at risk for receiving spam, we
found that 86 percent of the e-mail addresses posted as web
pages and in news groups received spam.
In a recent Wall Street Journal article, a market research
firm reports that spam makes up 31 percent of the e-mail that
small businesses receive and that fighting spam is the top e-
mail priority for 84 percent of small businesses. Clearly, spam
has real and significant impacts on small businesses that
jeopardize the benefits of e-mail as a communication and
marketing tool. These benefits can be preserved only through
attacking spam through a balanced blend of technological fixes,
business and consumer education, legislation and enforcement.
The Commission will continue to combat spam through its
research, consumer and business education and aggressive law
enforcement.
Thank you, and I look forward to your questions.
[Mr. Beales' statement may be found in the appendix.]
Chairman Schrock. Thank you very much.
I was sitting here listening to what you were saying. My
wife handles all her parents' affairs; her parents have reached
the stage where she has to handle all their business and
personal affairs. She will return home tonight from California
after a month, and I guarantee you she will have 1,000 plus
unwanted, some of them pretty nasty things. She complains about
it all the time, but does not know what to do about it.
One of the elements in the Senate spam bill includes a
study of a Do Not Mail list, just like we have a Do Not Call
list, and I know this is something you oppose. If you are
eventually required to produce something like this, how will
you protect legitimate contacts with previous or existing
contacts? There certainly has been some controversy about that
with the Do Not Call and the Do Not Fax.
Mr. Beales. Well, I think our inclination would be to
approach it the same way we have approached it with Do Not
Call. If you have an existing business relationship with
somebody, that is a circumstance in which consumers generally
expect to be contacted. They are not upset by the contact, and
that would apply to e-mail as well as to the telephone so I
would think that would be our starting point.
Of course, if we had to go ahead we would explore in a rule
making how that has worked in Do Not Call and what changes or
adjustments might be necessary or appropriate.
Chairman Schrock. What will enforced enhancement powers
allow you to do or not to do?
Mr. Beales. Well, our key concern about the Do Not Spam is
enforceability. As I mentioned in the kinds of e-mail that we
find out there, these are not people that pay a lot of
attention to legal rules. As a result, we are concerned that a
Do Not Spam list would not make any appreciable reduction, any
observable reduction in the volume of spam that people get.
What legislation can do is we have asked for some
procedural improvements that would help us get information and
keep the existence of our investigations secret from the
targets of those investigations.
We think we need some legislative tools that would let us
better cooperate with foreign law enforcement authorities
because cross border fraud is particularly a problem in spam
enforcement, and we think that legislation needs to include
criminal penalties for the worst of spam because too often what
we find is the people we find do not have any money, so civil
penalties really would not enhance our ability to go after
people all that much.
Chairman Schrock. When you are talking about cross borders,
state to state, do you see the need of federal preemption of
state laws in favor of some national program that every state
has to abide by?
Right now I am sure all 50 have a different process, and
for people who are legitimate it is very, very confusing to
them.
Mr. Beales. Well, I think that is right. I think the
Internet is by its nature borderless, and it does not make
sense to erect artificial borders that people then have to
figure out and worry about how to comply with. The broader the
set of rules, the better.
Chairman Schrock. Now offshore. What could be done with
businesses who send the spam offshore?
Mr. Beales. Well, what we have done on a case by case basis
is to build cooperative law enforcement relationships with
foreign authorities.
In one spam case that involved the sale of domain names
that did not exist we cooperated with the British authorities.
One was .usa and was heavily promoted in the wake of September
11. They even sold .god domain names for a while. We shut down
the operation from the servers in the United States, and they
shut down the operation from there.
There is another case where we just named a defendant in
the Netherlands. We have referred that case to the Dutch
authorities and are trying to help them in bringing action, so
it really is a case by case attempt to build cooperative
enforcement relationships, and that will become increasingly
important.
Chairman Schrock. Of course, there is a lot of technology
being developed to try to solve some of this. Do you see that
technology being part of the solution to spam, or they will
find something, and there will be a way for them to find to
counter that? Do you see good things coming down the pike in
that arena?
Mr. Beales. Well, I think that in the long run the
solutions are going to have to be in significant part
technological because I think that it is very difficult to
imagine any real solution if we preserve the current level of
anonymity.
To change that anonymity so we can figure out who is doing
it and trace e-mail back to its source, to do that is going to
require technological solutions.
Chairman Schrock. Some of the testimony I was reading last
night said there is a way that people can block being found
out. You have to be able to break that logjam, and I do not
know how you do that. Even the new technology I do not think
can do that yet.
Mr. Beales. I think that is correct. I think it may require
changes in the basic mail protocol to make sure there is
information that authenticates where it came from, but I think
in the long run that is essential because whatever the solution
it is going to be extremely difficult to enforce unless we can
find the violators.
Chairman Schrock. I agree.
Mr. Gonzalez?
Mr. Gonzalez. Thank you very much, Mr. Chairman.
Members of Congress are so fortunate because we, at least
our office computers, live in a spam free world. I am going to
tell you, it is wonderful.
When I go back to my campaign office and turn that thing
on, it is horrible, you know, what we have to clear out because
you only have so much capacity. I am not even crazy about all
the stuff that the server is telling me about.
You get spoiled up here. I mean, it is just absolutely
wonderful to go in there, and it is nice and clear. You are not
constantly bombarded by stuff that you never asked for, are not
interested in and offended by. If we feel that way, I can
imagine just about anybody out there similarly situated, which
is every American citizen with a computer.
It is interesting. In today's Post there is a great
article, E-Mail Providers Devising Ways to Stop Spam, and they
are talking about the private sector, and they are talking
about the servers. It seems to me there was something you said
that was disturbing, and I guess I have kind of two questions.
One of them is enforceability is going to be a problem
period. I would like to think that we have established
principles, legal and otherwise, that kind of point the way on
how we are going to approach this, even when technology
changes.
I was making a note here. At one time they used to knock on
your door, right, the solicitors and such, and we tried to do
something about that. Then they came through the mail. Then
they came by the phones. Then they came by the faxes. Now they
come through the e-mail, right?
I am not sure what is next. You know, something in the
ether world. The question really comes down to do these
principles still apply in how we try to regulate unsolicited
contact with citizens when it comes to the electronic age and
e-mail.
The second part of my question is really the point of
contact. We have to figure out where do we try to tackle this
whole thing. That seems to me it is going to be the server. Of
course, I am encouraged by what the servers are trying to do
together to make sure, as you had pointed out, that anybody who
is sending an e-mail has a legitimate address so that we can
take action and then on the private sector how we establish
what is a trusted sender and what is not. That can be difficult
in and of itself.
What you said about enforceability. All right. We are going
to be able to identify them now, which is crucial, which I will
admit is crucial, but are you still going to be able to enforce
it? We will be able to trace back up as to who sent it, but are
we still going to have enforcement problems if we have a no
spam list or if we do criminalize the act itself?
I guess those are the real questions here. Do the old
principles still apply on how we try to regulate, enforce and
punish? Secondly, even if we can identify it at the server
point, which I think is the contact point where we can all say
that is where we need to really concentrate our efforts, does
it matter because whoever is in charge of regulating, whoever
has a right to sue, and right now there is not a private cause
of action, whether they are going to be frustrated in doing it.
Mr. Beales. Well, I think the basic principles certainly
remain the same. That is, it really is the same basic
principles that apply to marketing communications in any
medium. It is what we have used to go after spam so far, and we
have brought nearly 60 cases against fraudulent and deceptive
spam.
I do not think it is a problem of basic principles or
anything fundamental, that there needs to be fundamental
changes in the principles there. It is just another form of
marketing. If we could find people, it could be regulated in
much the same way as other forms of marketing are.
What is unique is partly the economics, but I think more
fundamentally from an enforcement perspective the anonymity of
e-mail. The phone system, whether it is used for a telephone
call or a fax, contains information with the call about where
it came from. E-mail does not work that way, and there is
nothing in the message that lets us go back.
If we could go back, I do not think enforcing the law would
be any harder here than it is with telemarketing or with direct
mail. You know, some of those messages are deceptive. We need
to bring cases and we do bring cases in those areas, but most
of the companies engaged in those activities are legitimate,
and we can go after and prosecute the bad actors. When we
cannot find anybody, then it is much more difficult.
Mr. Gonzalez. So until technology allows us to identify the
sender, as we have the servers at the present time attempting
to do that, it does not matter what legislative scheme we come
up with. It is going to be really difficult.
Mr. Beales. It is going to be really difficult. It can be a
little bit more. It can be a little bit less difficult or a
little bit more difficult, but it is going to remain very
difficult until we can figure out where it is actually coming
from.
Mr. Gonzalez. Thank you very much.
Chairman Schrock. Well, you are lucky there are only two
Members here today. We thank you for being here. We thank you
for your testimony.
Mr. Beales. I appreciate the opportunity.
Chairman Schrock. Sure. Thank you very much.
We will get ready for the second panel.
[Pause.]
Chairman Schrock. Thank you all for being here. As I said
earlier, the five-minute rule, if you can do that, that would
certainly be a help because we want to hear what you have to
say, but we also have some questions as well.
First, I would like to introduce Mr. Jerry Cerasale. He is
the Senior Vice President for Government Affairs for the Direct
Marketing Association. Prior to joining the DMA, he was Deputy
General Counsel for the Committee on Post Office and Civil
Service for the U.S. House of Representatives.
Jerry, welcome.
STATEMENT OF JERRY CERASALE, SENIOR VICE PRESIDENT, GOVERNMENT
AFFAIRS, THE DIRECT MARKETING ASSOCIATION
Mr. Cerasale. Thank you very much, Mr. Chairman and Mr.
Gonzalez. Thank you very much for inviting me here to speak on
this important topic.
The Direct Marketing Association is a trade association of
4,500 corporate members, many of whom are small businesses, and
they market directly to consumers for sales or their people who
help support marketers marketing.
E-commerce is very important to all marketers, especially
small businesses, and there is a huge promise from e-commerce.
It is a low barrier to entry. It is a way to find consumers
quickly and efficiently.
There has been, however, a huge growth in Web sites, and
what happened early in the Internet was that you could have a
Web site up, and a search engine would find your company, and
consumers could find you. The search engines now are
advertising media wherein you pay to get prominence in the
search find.
Many small businesses can no longer be part of that because
it becomes cost prohibitive, so they have to look to go back to
the old style of trying to get a list, trying to find customers
rather than customers coming to find you, especially for a
smaller business.
What we have is a growth potential in e-commerce of small
businesses needing e-mail much more than even larger
businesses. You find a list, a targeted list, and you try to
reach those customers who are interested. That is the way it
should work, and that is the promise of e-mail because it is so
inexpensive so that entrepreneurs can get in and try to find
customers that are interested in them.
There is, as my son would say, a dark side to e-mail, and
the same thing that creates the promise, the low barrier to
entry, creates the dark side. The dark side is it is very
inexpensive. It does not pay.
If you do not care about the attitude of customers and you
are looking for, as what Mr. Beales said, a response rate of
\1/1000\ of one percent is good enough, if that is the attitude
that an individual has you are not going to spend the money to
target, and you are just going to flood the system with e-mail.
That is the dark side. That flood comes in with pornographic
stuff, sexually explicit, things you are not interested in, get
rich quick schemes, Nigerian scams and, sadly, even computer
viruses.
What we have to do is try and, from our perspective, save
the promise. Kill the dark side without killing the promise I
guess is the way to really look at it. What we have tried to
show in testimony is the DMA has done a few studies to show
does e-mail work? Are people at least even interested in it?
We find that 36 percent of adults in our study actually
responded to an e-mail and purchased something, $17.5 billion.
Consumers alone spent $7.6 billion, and unsolicited e-mails to
prospects--not even to customers--was sales of about $1.5
billion. There were savings out of this e-mail marketing of
$1.5 billion, and even the prospects said they said in a year
$300 million, which is not tiny, especially for small
businesses.
We find in our study that 21 percent of the marketing
budgets for small businesses went to e-mail versus 13 percent
for larger companies. Excuse me. Their Internet, not their e-
mail. Their e-commerce budget. Small businesses are more
dependent upon e-mail marketing than are larger businesses.
The Internet sales. Twenty-one percent of small business
Internet sales came from e-mail marketing, the rest coming from
Web sites and so forth, but that is significantly larger than
the 12 percent that came for larger businesses.
What we need is a national standard. We have to try and
avoid solutions that destroy the promise of the Internet, and
destroying the promise of the Internet could be something like
an opt in or even a very restrictive Do Not E-Mail list because
there is no time then to try and correct the problem. People do
not know the small business, the new business. They do not know
them. They are not a customer of them already. You then would
cut out this potential market.
We have to get rid of the fraudulent, untargeted
pornographic e-mails. We hope that the House will move quickly
to pass some legislation, but the big key is also not just to
pass the legislation, but to provide the resources to enforce
the provision.
The DMA is working with the FBI and others to try and get
some money through the White Collar Crime area to try and get
some enforcement, so we are doing that. Legislation is only one
of those prongs, but we need it.
Thank you very much.
[Mr. Cerasale's statement may be found in the appendix.]
Chairman Schrock. Thank you very much.
The Subcommittee is now going to hear from Mr. Bruce
Goldberg. Mr. Bruce Goldberg is the former president of
Weathermen Records, an on-line music t-shirt company based
outside of Dallas, Texas.
After having several years of intensive marketing
experience as an executive for Neiman Marcus, his passion for
music and an eventual understanding of the Internet led Mr.
Goldberg to become a very successful entrepreneur and founder
and president of Weathermen Records.
He is here today to share his personal experience as to how
spam has affected him as a small business owner, and, for those
of you who did not see it, he was featured in a Wall Street
Journal article on August 19, a fascinating article that is
entitled Spam's Easy Target: Floods of Unsolicited E-Mail
Handicaps Small Businesses. How Some Are Fighting Back.
I am looking forward to your testimony. Thank you for being
here.
STATEMENT OF BRUCE GOLDBERG, FORMER PRESIDENT, WEATHERMEN
RECORDS, FARMER'S BRANCH, TX
Mr. Goldberg. Thank you very much. Good afternoon. My name
is Bruce Goldberg from Weathermen Music in Dallas, Texas. I am
here to represent my business, but, more importantly, I am here
to represent all the small businesses in the United States that
are powerless against unsolicited e-mail.
In college, I studied Business Marketing with the hopes
that someday I would be able to work for myself and own my own
company. After college, I worked my way up the ladder for
Neiman Marcus, completing their executive development program
and working as part of their buying staff.
I have always had a passion for music. My passion soon
turned into a hobby, and I started buying and selling records
at monthly music conventions. I started to keep a list of names
and addresses who wanted to receive notification when I got new
stuff in. Before I knew it, I was mailing out 500 of these
lists a week.
I reinvested every dime I made and started to expand into
music t-shirts. I put together a small mail order catalog, and
before too long I was sending out 1,000 copies a month with the
U.S. mail. Around the same time, I started to subscribe to a
service that would allow me to communicate with people all over
the world via the computer called Prodigy. Soon I was able to
set up a tiny web page with a template that Prodigy supplied.
This was the beginning of my on-line company.
As my customer base grew, I decided to leave Neiman Marcus
to concentrate on my mail order company. When domain names were
first being offered, I quickly bought up the name The
Weathermen, as my company name with the marketing idea of being
a music forecaster.
I invited my new customers to sign up for my free e-mail
updates. My list quickly grew from the initial 1,000 to 60,000.
Today, Weathermen Records is one of the largest on-line t-shirt
music stores with over 50,000 regular worldwide customers and
6,000 Web sites linked to our site. We carry about 4,000
different music t-shirts from all over the world. We are still
considered a small business with only three employees.
Nine-five percent of our sales and communications are done
over the Internet. When I first started, it never crossed my
mind that I could get an e-mail that was bulk e-mailed to me
about Viagra, lowering my mortgage payment, losing weight or
getting rid of my debt. Throughout the years, I started getting
more and more spam, but pretty much was able to just delete it
as it came in.
As my on-line presence grew, so did the amount of spam I
received. I was finding that whereas most people get one of
each spam, we were getting five to 10 of each, depending on how
many of our e-mail addresses were hit.
The hard part was distinguishing the legitimate e-mail from
junk, as I have to treat each new e-mail as a potential
customer. A lot of legitimate e-mails were being accidentally
deleted. Even as careful as I was, I would still lose customers
by accidentally deleting their messages.
We were getting 15 spam e-mails to one legitimate e-mail. I
needed to do something about this. It was getting worse. On
more than one occasion, my company server was so overloaded by
spam it shut itself down for several hours, costing me a day's
business and its customers.
The first thing I did was to set up my account so that
anything intended for ex-employees went right into the trash
bin. The second thing I did was employ a spam filtering service
called Spam Cop that would filter out any e-mail that was
previously reported by fellow Spam Cop members as spam, and it
was put into a special separate spam holding tank for spam e-
mails. The problem with the service, however, is sometimes it
grabs legitimate e-mail.
In an average day, the spam mail folder will keep 1,000
spam e-mails from reaching our system. Today, with all the
filtering systems still in effect, we still get three spam
mails for one legitimate e-mail. I spend at least an hour a day
sending spam to my trash box. I get spam 24 hours a day, seven
days a week.
I was recently featured in an article in the Wall Street
Journal about spam. Because of the article, I got spammed. I
will probably get spammed from this testimony finding its way
to the Internet.
Chairman Schrock. Not from us you will not.
Mr. Goldberg. Instead of spending my time dealing with my
mail situation, I could use the time to better serve my
customers, increasing my profits, which in turn would generate
more tax dollars for my community.
I believe something must be done about this situation that
gets worse by the day. If the problem continues to grow at the
rate it is currently growing, it will be impossible for
businesses to rely on the Internet and e-mails as a form of
communication.
I believe that people that send spam and harvest and sell
e-mail addresses should be fined and prosecuted. I believe our
government should try to work with other governments to abolish
spam sent from other countries to try to prey on the elderly
and young by means of deception.
I use my e-mail as a form of communication. Imagine if you
used the telephone as a form of communication and your phone
rang all day long with solicitors, but you still had to answer
every call to see who it was before you could hang up because
you were afraid you would lose legitimate customers.
Imagine instead of spending your time before your hearings
to make sure you were prepared to serve your community you had
to take that hour to weed through thousands of e-mails to find
the ones that you needed to start your work day. That is what I
do every day.
I also believe that if lawmakers were the targets of the
same amount of excessive and unwanted spam as small businesses
and had to go through all the mail themselves as a lot of small
businesses do, spam would have already been outlawed.
Chairman Schrock. Bite your tongue.
Mr. Goldberg. I love my country. I grew my business from
the ground up by using simple principles that consisted of good
communication and providing a fair price, good quality product
to people who would normally not be able to find it.
You could say that spam finally shut me down. This past
week, I sold my company and am currently unemployed. For the
sake of the new owner, I hope that this testimony will result
in a resolution and the end of deceptive, unwanted, unsolicited
commercial e-mail.
I hope whatever career I travel down next, I do not have to
put up with the same frustration that plagued me and other
small businessmen for years.
Thank you for listening.
[Mr. Goldberg's statement may be found in the appendix.]
Chairman Schrock. Thank you very much.
It is my pleasure now to introduce John Rizzi, who is the
CEO of e-Dialog, a Boston based e-mail marketing firm that
specializes in precision e-mail for companies like the NFL,
Staples and Charles Schwab.
Mr. Rizzi has over 14 years of executive leadership in
successful start up businesses all related to e-mail
technology, applications or marketing services. Prior to his
experience as an information systems expert, many of his
leadership and management skills were gained as an officer in
the Navy.
I can relate to that. I am a retired naval officer, and I
think everything I learned I learned in the Navy too. Some not
so good. Most of it good. Welcome.
STATEMENT OF JOHN RIZZI, CEO, E-DIALOG, INC., LEXINGTON, MA
Mr. Rizzi. Thank you, Mr. Chairman and Members of the
Committee. I am very delighted to be here today and certainly
grateful that the voice of the small businessman is respected
in these halls.
My name is John Rizzi, and I run a business of 51 people in
Lexington, Massachusetts, called e-Dialog. My business is 100
percent dependent on the effective use of e-mail as a marketing
and communication channel. I am an e-mail service provider. Put
simply, my company acts like the e-mail marketing department
for other large companies that are really finding the
relationship with their customers to be very important and
certainly want to do e-mail right.
Our clients include well-respected companies like John
Deere, Charles Schwab, Schering-Plough, Reuters, Harvard
Business School Publishing and the NFL. In fact, if you enjoyed
reading your Redskins newsletter this morning, the one from
your favorite team, perhaps the Patriots, it came from e-
Dialog.
I am also a veteran of the e-mail industry, starting with a
company over 14 years ago in an old laundromat that developed
and sold e-mail technologies before they were available to
anybody in the networks in small businesses.
For my entire post Navy career, I have been a part of the
e-mail industry and in fact have been very proud to participate
in the creation of the e-mail revolution. However, I am not so
proud over the last couple years where our mailboxes have
become polluted with spam.
E-mail is a wonderful, vibrant, economically valuable
communications tool that is suffering critically right now with
this infection. I could not be more pleased that so much
legislative effort is going into finding a cure. What is most
important now is we quickly act and stop this epidemic. The
CAN-SPAM bill passed last week by the Senate is a giant step in
the right direction, and I would urge the House to pass it as
soon as possible.
The key value e-mail brings to businesses is that it
cheaply expands their reach to customers outside their local
area to everywhere in America, if not beyond. It makes them
competitive with the big guys at a very low cost. For example,
I personally buy tea for my wife from a company, a small shop
called Special Teas in Connecticut, I buy parts for my car from
3X Performance in North Carolina, and I buy toys for my
daughter from a place called Suzi's Dollhouses in Idaho.
I enjoy my relationship with each one of these customers,
and I have these relationships because of the e-mail they send
me. It is good for their business, and it meets my personal
needs. They are all clearly e-mailing across state lines. While
I do not know for sure, it is very possible that somewhere
unwittingly they are breaking the law.
This binder--I had to bring a little show and tell; my
daughter recommended it--contains the briefings of 37 different
state laws, their anti-spam laws. On the one hand I am
delighted that action has been taken. On the other hand,
imagine the confusion and how overwhelmed I am and my company
is to comply. This binder would scare the dickens out of Suzi
and her dollhouse store in Idaho, wondering and worrying that
every time she presses the Send button she might be a
lawbreaker.
In my business, I have the focus and the expense of three
employees that spend all day every day worrying about the state
laws, industry regulations that we support and compliance and
deliverability issues. I have to say, I am really glad I have
these three people because when I go through this binder I get
stuck at C.
I can only get that far because when I come to C, I find a
state that has a hastily approved anti-spam law approved during
some real political turmoil that is a disaster waiting to
happen for any e-mailer in America that is trying to mail into
that state and certainly any small business in that state
trying to do e-mail. We have to stop that. More state laws like
this are on the way. There are at least 13 more states to go.
Since e-mail is inherently an interstate medium, small
businesses need one federal law that is predictable, manageable
and enforceable. The CAN-SPAM Act, with any weaknesses it may
have, solves this problem. As you can tell, I am very
supportive of the preemptive conditions of the law.
As happy as I am about the prospect of an anti-spam law, we
have to talk about the stark reality that we face, which is the
worst spammers today are already lawbreakers. If not actually
breaking the law, they are unethical business people that will
happily take your money for their latest form and brand of
snake oil.
The trouble is that spammers can hide on the Internet. They
can falsify their identities and do their work with impunity.
The law can only be effective when the perpetrator of a crime
can be found, and to do that we need technology.
I am happy to say my company is part of an industry group
of legitimate e-mail marketers called the E-Mail Service
Provider Coalition, nearly all of these businesses small
businesses, that are working together to develop a universal
technology to provide an authentication system for large e-
mailers that will effectively remove the hidden identities of
spammers.
I brought copies of a white paper about this issue called
Project Lumos which I would offer for review and to be entered
into this record. Simply, either the sender of the mail will be
automatically authenticated as an identifiable and legitimate
e-mailer or the mail does not go through. This, combined with
other initiatives, will drive spammers out of their holes where
the law can find them.
Coincidentally, as Mr. Gonzalez mentioned, a very good
article about this is in today's Washington Post.
I and my colleagues in the industry are extremely confident
that this will work, and it is only months ago. We need to be
realistic that this is part of the solution, and the law alone
cannot solve the problem.
The final critical factor for the protection of small
businesses is the subject of a Do Not E-Mail registry. I have
to admit, this sounds intuitively obvious and like a good idea,
but I have to tell you with all my experience that this is a
disaster waiting to happen, especially for small businesses.
Look deeply, and you will find enormous technology
challenges that small businesses will not be able to adopt. You
will see security challenges that if compromised will allow
this big list to go into the wrong hands, and I dare say you
will be spammed within hours, if not minutes, when that
happens.
You will see business people confused as to why they can
mail fewer and fewer of their customers, and you will see
consumers frustrated and confused when they are getting less
and less mail from their favorite companies, but no less spam.
Remember, spammers are lawbreakers. They are not going to take
their lists and match it and clean it against a registry. They
are already breaking the law.
The good guys will do it though, so they are going to have
fewer and fewer people to mail to, but no one will get any less
spam. The Do Not E-Mail registry I am afraid will backfire, and
small businesses will lose.
To summarize, please act quickly and approve the CAN-SPAM
bill that came from the Senate. Give the industry time to
develop the technology that will make spammers identifiable,
support consumer education on how to avoid spam, and, very
importantly, please do not hurt small businesses by mandating a
Do Not E-Mail registry.
Thank you.
[Mr. Rizzi's statement may be found in the appendix.]
Chairman Schrock. Thank you. I like the idea of your
Redskins thing, but my guess is Mr. Gonzalez would prefer the
Dallas Cowboys, right?
Mr. Rizzi. We do their newsletter too.
Chairman Schrock. It is my pleasure to introduce Catherine
Giordano. Catherine is the president and CEO of Knowledge
Information Systems, which is a Virginia Beach based technology
training and research firm. She is here today representing
Women Impacting Public Policy, WIPP.
Ms. Giordano has more than 24 years' experience in the
operation, management and coordination of major projects,
management, supervision and training of personnel.
I have known Catherine for many years. We live in the same
city. When I first decided to run for the state Senate, she was
one of the first people I went to. She gave me that are you
crazy look then, and when I saw her at breakfast this morning
that look was still on her face.
We are glad to have you here, Catherine. Thanks.
STATEMENT OF CATHERINE GIORDANO, PRESIDENT AND CEO, KNOWLEDGE
INFORMATION SYSTEMS, VIRGINIA BEACH, VA, ON BEHALF OF WOMEN
IMPACTING PUBLIC POLICY (WIPP)
Ms. Giordano. Thank you very much. Good morning, Mr.
Chairman and Mr. Gonzalez. My name is Catherine Giordano. I am
the president of Knowledge Information Solutions, Inc. located
in Virginia Beach, Virginia, and I am appearing today on behalf
of Women Impacting Public Policy, a national bipartisan public
policy organization advocating on behalf of women in business
representing 460,000 members nationwide. I serve as co-chair of
WIPP's procurement committee.
K.I.S., my company, is a woman-owned, 8(a) certified small
business which employs 47 workers. We provide computer products
and IT services such as ISP Internet and wireless connectivity
and network design and consulting. We supply IT products and
services to the federal government through 11 government wide
acquisition vehicles to approximately 47,000 customers.
I would like to thank you, Mr. Chairman, for inviting me to
speak on a subject that my company deals with on a daily basis
and one that I believe is very costly to small businesses--
spam. Coincidentally, KIS just recently completed an internal
analysis of the effect of spam on our business, so this
testimony is timely to our company.
Most business environments are now computer based and
dependent on e-mail as the essential form of business
communications. At KIS, our small business is reliant on a
communication system to our customers that is by electronic
mail and correspondence predominantly through computer
technology.
Small businesses are always interested in attracting new
customers, and we are ever mindful and concerned about annoying
current or prospective customers. Therefore, KIS offers a form
of permission based customer marketing that will readily remove
their name from any KIS mailing list upon request. This
practice is typical of most other small businesses. Legitimate
businesses take these requests seriously and honor requests to
remove names from the list.
Unsolicited commercial electronic mail, spam, represents 30
percent of KIS' inbound correspondence. It is an ongoing
process, and it becomes more expensive as the innovation of
global spam capabilities has shifted the burden of cost from
the sender of the spam to the small businesses, ISP providers
and the customer.
Since spammers continuously change their methods of
operation, we spend additional employee time to find just the
right mix of settings to adjust. Our review shows that KIS'
small business customers spend an average of seven minutes per
day per person dealing with spam.
Since KIS provides 250 small businesses in the southeastern
Virginia region information technology management and ISP
support services, we estimate that the total cost in lost
productivity to these customers is estimated to be $2.9 million
annually. Mr. Chairman, $2.9 million could be used much more
productively by small businesses on items such as equipment
purchases, creation of jobs or providing health care to
employees.
The spam filtering methods KIS currently utilizes is DNS or
domain naming services, the protocol for translating names into
IP addresses. For example, an address like www.google.com must
be converted into a numeric 216.239.41.99. One of the options
to filter spam through DNS, called blacklisting, typically
catches only 25 percent of these e-mails. Filters utilizing key
word searches will catch an additional 5 percent of the e-mail.
The number of false positives, which are e-mails that are
wrongfully identified as spam, raises daily as more and more
companies are inadvertently submitted to blacklist servers. Of
these e-mails caught by DNS blacklisting, the keyword
searching, two to five percent are false positives.
The cost associated with identifying false positives is
roughly $2,499 annually and an estimated yearly cost of
employee productivity after KIS current anti-spam measures to
my company is an estimated $93,750.
To implement a KIS internal, full-blown, perimeter e-mail
server incorporated spam detection system costs our customers
$4,500 plus the cost of equipment. Their return on investment
after implementation of a full-blown spam detection software is
estimated at 5.5 months, and that only catches 85 percent.
As the Committee knows, the Senate in the last several
weeks passed an anti-spam measure by 97-0. Although WIPP has
not had a chance to review the proposals pending before the
House in depth, our thoughts are twofold. One, spam is a costly
expense for small businesses. Two, when enacting legislation to
limit spam, Congress should take into account the effect of its
actions on small businesses for compliance.
When considering a new law to prevent spam, our members do
not want the burden of seeking permission from every customer
in order to send an e-mail. The FCC's proposed legislation on
the Do Not Fax rule is a good example of good intentions by the
government agency, but bad consequences for small business. The
proposed rule would require every business to seek permission
from every customer before faxing things like invoices and
other necessary business communications.
We have heard from our small businesses, and they are
simply not practical when trying to restrict unsolicited faxes.
Similarly, such a system for e-mail communications would be
onerous for small businesses. Compliance with an opt in is
problematic for small businesses with limited resources.
In closing, I would like to paraphrase a quote from Ms.
Paula Seles, Senior Counsel, Washington State Attorney General,
delivered before the Committee on Energy and Commerce on July
9:
Strong legislation is only one part of the solution. If
legislation is passed, it must be flexible enough to allow new
technologies that may ultimately be more effective than any
law. There is no easy fix to this problem, and it will take all
the tools we have to address it.
Ms. Seles' statement summarizes WIPP's approach on spam.
There is no question in our minds that limiting spam is good
for small businesses. The solution, however, must take into
consideration the compliance cost to small business.
Thank you.
[Ms. Giordano's statement may be found in the appendix.]
Chairman Schrock. Thank you, Catherine.
We are voting. Mr. Ham, Mr. Crews, the two votes will be
quick. We will be back and then let you do your testimony.
I am sorry. I thought for sure this would not happen until
1:00, but anything happens. We will be right back.
[Recess.]
Chairman Schrock. My apologies, and thank you for your
patience.
Mr. Rizzi, we would have never allowed this in the Navy,
would we?
Mr. Rizzi. No, sir.
Chairman Schrock. It is not efficient.
We are going to hear next from Shane Ham. He is the senior
policy analyst for the Technology and New Economy Project at
the Progressive Policy Institute here in D.C. He Progressive
Policy Institute is a think tank affiliated with the Democratic
Leadership Council. Mr. Ham writes and lectures on a number of
technology and new economy policy issues.
We are glad to have you here, and thanks for your patience.
STATEMENT OF SHANE HAM, SENIOR POLICY ANALYST, PROGRESSIVE
POLICY INSTITUTE
Mr. Ham. Thank you, Mr. Chairman. At the Progressive Policy
Institute, we have been advocating for the advancement of the
Internet economy for six years because we think it is important
to the future growth of the entire U.S. economy, and that is
why for almost that long we have been pushing for spam control.
We have been involved in this debate since all the way back in
the 1990s, back even when the DMA was opposed to legislation on
it.
We have been moderate on the subject. We have never called
for a complete ban on all unsolicited commercial e-mail or for
an opt in standard, which is effectively the same thing as a
complete ban because if you have opted in it is no longer
unsolicited e-mail. I feel that if you opt in it is no longer
unsolicited. You say I am requesting the e-mail, so it cannot
technically be spam anymore, which that is the same thing as a
ban.
I think the opposition to an effective spam legislation by
the marketing industry and others is increasingly becoming a
Pyrrhic victory. We now have a patchwork quilt of state laws
that it is very, very difficult for businesses to comply with.
There is a law out there in that seaward state that is going to
just give all e-mail businesses fits.
I think, more importantly, the real tipping point that we
are looking at now in spam is that people are beginning to
understand and become upset about the fact that spam is
destroying the entire e-mail system in general.
A recent report by the Pew Internet Foundation, and I cite
this in my written testimony, indicates that we are now
officially at the point where more than half of Internet users
believe that spam has caused them to trust the e-mail system in
general less, and I think that is a real tragedy.
It is becoming harder and harder for moderates like us to
find a balanced solution to the problem that will, you know,
benefit consumers, that will benefit Internet users and protect
the people who rely on e-mail to run their businesses and their
small businesses.
I think when you are thinking about what to do about spam
with regard to small businesses, there are a couple things you
need to keep in mind. First of all, it is perfectly clear, as
we have heard already today, that small businesses are much
more the victims of spam than they are ever going to be
utilizers of spam in order to grow their businesses. It does
really more harm to small business overall than it could ever
really do good.
The main reason for that obviously is that small businesses
cannot take the steps to protect themselves that individual
users can. You cannot have a white list that only lets your
friends and family e-mail you because you have to get e-mail
from complete strangers if you want to grow your customer base.
You cannot just set up a filter that throws out anything that
is vaguely suspicious because you will be throwing out
customers too.
That is why I think, as Howard Beales said, 84 percent of
small businesses say that fighting spam is their top priority,
but not nearly that many would say continuing to spam
themselves as a business strategy is a top priority.
I think another problem that small businesses face is that
it is getting harder and harder for the average Internet user
to distinguish between legitimate and illegitimate spam. That
is increasingly becoming a false dichotomy.
There is a clear legal line between fraudulent and non-
fraudulent spam, and there may be a moral line between senders
who follow industry best practices and those who do not, but to
the average users they are just distrustful of any kind of
unsolicited e-mail that they find in their in box in general.
The idea, as Jerry was citing some numbers about how many
businesses are using e-mail in order to expand their customer
base, but I think you will find as the spam problem continues
to get worse and worse and people trust the system less and
less, there will be fewer and fewer people that are willing to
respond to spam not only to make a purchase, but even to do
something like click an opt out link as it becomes more and
more clear that clicking that link that says Remove Me From
Your Mailing List is a good way to get 10 times as many spam as
you were getting before.
People are just going to completely tune out from it, and
it will, I believe, disadvantage small businesses because the
only kind of e-mail marketing that is going to work is going to
be from the large, brand name firms that people already know
and trust, but trying to find new customers for a small
business that nobody has ever heard of, tragically those small
businesses are going to be lumped in with the scam artists and
the pornographers and all the other spammers that end up
straight in the trash.
We have over the years advocated different solutions, but
we think that we have gotten to the point where we really need
to take a radical look at this. The problem has just gotten too
bad to take the smaller steps that might have worked four or
five years ago.
The Do Not E-Mail list is one that has been talked about a
lot. I know that even the FTC is opposed to that, and there is
no doubt that there is tremendous technical problems with
implementing a Do Not E-Mail list, but we still think it is a
good idea, but it has to be done completely.
The way it happened in the Senate bill that just asked the
FTC to do a study and then sort of gave them permission to go
forward with it if they so choose after the study is not going
to work. It is going to take significant research with probably
millions of dollars to hire the staff and equipment that will
be necessary to keep a Do Not E-Mail list safe from hackers and
from spammers.
The other thing that PPI has long advocated, and we really
think this will work, is requiring a standard label in the
subject line identifying spam not just for pornographic e-mail
sent to make it automatically filterable, but for all e-mail
that fits the definition of unsolicited commercial e-mail.
All three of the major bills right now just indicate that
there has to be a clear and conspicuous--it has to be obvious
basically that an e-mail is spam. You cannot make the subject
line fraudulent. That is not going to allow technology in the
computerized, automated filters to do the work that is
necessary to keep the spam out of in boxes and protect small
businesses from the flood of spam in their in boxes that they
have to wade through.
I think that everything else, you know, regarding private
right of action, those are details that can be negotiated. I
think preemption is something that everybody is in favor of,
but if we do not get I think these two things, a truly
effective Do Not E-Mail list and a standard label for all
unsolicited commercial e-mail, I do not think we are actually
going to solve the problem.
Thanks for your time.
[Mr. Ham's statement may be found in the appendix.]
Chairman Schrock. Thank you very much.
Wayne, you are a very patient man. Wayne Crews is the
Director of Technology Studies for the Cato Institute. He is an
expert on new economy regulatory issues, including antitrust
policy, privacy, spam and intellectual property.
Before he went to Cato, he was the Director of Competition
and Regulation Policy at the Competitive Enterprise Institute,
and we are glad to have you here. Thank you.
STATEMENT OF WAYNE CREWS, DIRECTOR OF TECHNOLOGY STUDIES, CATO
INSTITUTE
Mr. Crews. Thank you. It is my pleasure. Good morning, Mr.
Chairman. I appreciate the opportunity to appear today.
Chairman Schrock. It used to be morning, but it is not
anymore.
Mr. Crews. It is afternoon now. We can have some Spam for
lunch.
The increasingly apparent downside of an Internet on which
you can contact anyone you want is that anyone can contact you.
The openness that was once central to the Internet experience,
as the marketers like to call it, is now a drawback.
However, the dilemma is not just that legislation likely
will not rid us of spam, given the net global pool of
scofflaws. Rather, legislation like ADV mandates and Do Not
Call lists still do not address the root problem of spam. One,
the lack of authentication of senders, and, two, the ability of
spammers to shift the cost of bulk e-mail to the recipients.
Clearly, such misdeeds as peddling shoddy goods, forging
the name of the sender and phony unsubscribe promises should be
punished. Abuses like dictionary attacks and spoofing often
commandeer unwitting computers, and they resemble hacking more
than they do commerce.
To a great extent, these are already illegal, and
alternative market driven solutions by a technology pricing and
industry consortia are going to become more urgent. Maybe that
is a blessing in disguise because spam is not a single dilemma.
Kids seeing porn in the in box is a different problem than ISPs
overwhelmed with ricocheting Viagra ads.
Moreover, the industry must coalesce to address cyber
security and hacking concerns that need remedying perhaps more
urgently even than spam. Actually solving such problems is a
different proposition from passing a law.
Proposed legislation, for example, would impose subject
line labeling like ADV for commercial e-mail, mandate
unsubscribe mechanisms, ban harvesting software, set up fines
or even bounties and contemplates an extensive and likely
hackable, in my view, Do Not Spam list.
If the legislation merely sends the worst spammers
offshore, we have only created regulatory hassles for small
businesses trying to make a go of legitimate commerce and
mainstream companies that already followed best practices like
honoring unsubscribe requests.
Proposed legislative penalties can easily keep many small
businesses out of Internet marketing altogether for fear of a
costly misstep. Is that our goal? Commercial e-mail, even if
unsolicited, may not always be unwelcome, yet how might the
definition of spam expand after legislation? Is it just bulk
unsolicited commercial mail, or is it anything you did not ask
for?
Numerous questions arise. Many e-mails are not commercial,
but are still unwanted--press releases, resume blasts,
political and charitable solicitations. I have even seen the
term scholarly spam used for e-mails sent by groups like my
own. Even the signature lines we all put in our e-mails are a
subtle solicitation, whether we admit it or not. If we need ADV
for advertisements, why not REL for religious appeals?
We should not discount the creativity of lawyers looking to
sue the easy marks in the wake of legislation like the small
business that will inevitably slip up when he is implementing
an unsubscribe request or trying to adhere to the Do Not Call
list and Do Not Spam list and makes an error.
Navigating e-commerce regulations after legislation like
this could be relatively easier for large firms, and that is
something to consider with regard to small business impact.
Much of the marketing industry's newfound support of spam
legislation seems defensive and aimed at protecting the ability
to send legitimate commercial e-mail. That is understandable.
Post legislation, marketers are surely going to feel that
they have met federal requirements like ADV and a street
address. Therefore, ISPs have no right to block their messages.
One cynic said that the CAN-SPAM Act meant that you can spam.
Blacklists, despite their problems, are one of the key
means of dealing with spam today. Contracts and rights of ISPs
and consumers to end unwanted relationships, rather than
federal guidelines, still need to play a big role in the
future, especially as technology catches up with the problem.
There is some good news. If your fundamental desire is to
stop spam totally in your personal in box, you can do it
already using a handshake or a challenge and response account,
and that might be something we talk about later. There is a
movement in the industry towards that.
Meanwhile, the entire industry needs to get busy on
standards such as digital signatures or seals for trusted e-
mail as a means of helping tomorrow's ISPs block spam, but it
could require unprecedented industry coordination. At bottom,
the flat fees and free e-mail of today are not a fact of nature
or natural right.
Ultimately, e-mail postage or protocols that allow ISPs and
users to charge fractions of a cent for unsolicited mail would
allow users to impose their own conceptions of spam. Emerging
bonded sender programs anticipate this kind of sea change.
It may be that today's e-mail system in which originators
of messages remain anonymous is altogether inappropriate for
the commercial information society of tomorrow. While the
government must not outlaw anonymous e-mailing, maybe it needs
to be impossible, not merely illegal, to send a commercial e-
mail if the network owner cannot discern who you are or charge
you. If so, those are jobs for the industry that cannot be
replicated by passing a law.
Thank you very much.
[Mr. Crews' statement may be found in the appendix.]
Chairman Schrock. Thank you, Wayne, and thank you all very
much.
If we do not get this spam under control, what do you see
as the largest long-term effect on your businesses? Obviously
Bruce Goldberg, we heard what happened to him. Are we going to
hear more stories like him or what? I am curious what you might
think.
Mr. Cerasale. If I may start, Mr. Chairman, I think you are
going to get a growing lack of trust and lack of use of e-mail.
What is happening today is there is so much spam. Even from
large companies, a legitimate e-mail that is a confirmation of
an order is not opened because they are just being deleted.
I think from the point of view of looking at it at the
consumer's side, you are going to see the non-economic, non-
commercial use of e-mail from the consumer side, and I think
that that is a real problem that faces all marketers trying to
use e-mail.
Chairman Schrock. Bruce?
Mr. Goldberg. I believe the problem, in my opinion, keeps
growing because there are a lot of companies out there who see
how easy it is to get away with it, and they just keep jumping
on the bandwagon whereas before they would not do it. Now they
see how easy it was.
I had one company that sent me an e-mail about selling
beepers, beeper service, free beepers. They put their 800
number in there. I decided to call them to see what they would
say.
I called them, and I said do you really sell beepers
through your spam e-mails? I mean, are people that stupid that
they would trust you by going through this? They said yes. I
mean, we get tons of orders every day. I was amazed. I was
thinking wow, maybe I should do this.
Chairman Schrock. We will have you up here for a different
reason, right?
Mr. Goldberg. I mean, there is still the ethical belief
that I do not think it should be done, but I just think that a
lot of people are jumping on the bandwagon because they see
they can get away with it, and it just keeps multiplying every
day more and more. It is never going to end.
Chairman Schrock. John?
Mr. Rizzi. The line between being a good e-mailer and a
spammer are getting blurrier and blurrier every day. We see
companies frozen with making their decisions about how to do e-
mail right, even companies with budgets to do it, because they
do not want to be mixed up in the mailbox with all the Viagra
ads and so on.
Already there is an impact on business. There is an impact
on our business with clients that are slowing down or just
freezing where they are as far as how much mail they want to
do.
Many companies today that, you know, were heading down that
path to doing e-mail more effectively have stopped to wait to
see, you know, what kind of technology comes out, what kind of
legislation comes out. The future is very predictable. There
will be less and less and less of the good stuff.
Chairman Schrock. Catherine?
Ms. Giordano. From my perspective, it would be the fact
that we communicate with our customer base through the system
itself, and it is usually marketing information that they have
requested.
We have become more and more hesitant to do that kind of
communication, but I can tell you it is very onerous on a
business owner to have to stop that ease of communication and
pick up the phone, call the individual and say I am now going
to fax you this information. Will you pick it up on the other
end so it is not considered a junk fax? It is usually
information they have requested.
The second thing it is going to do for me is I now
currently have one person dedicated--it is actually one and a
half people dedicated, about a $40,000 a year salary--to
monitor this system, and I am going to have to add additional
people to just take the load to monitor what we receive and
what we receive for our customers.
It is kind of a double edged sword for me. It means I
cannot do business as usual, and it means I have to spend more
money to assist the small businesses that are receiving the
other end of that burden.
Chairman Schrock. Shane?
Mr. Ham. I think over the very long term probably the worst
case scenario would be sort of a Balkanization of the entire e-
mail system. Rather than having the simple open system that we
have today, more and more people will start to get into little
mini e-mail systems that only their friends and family are in
and leave everybody else out. The e-mail as we know it just
will cease to exist.
Chairman Schrock. Wayne?
Mr. Crews. You can see I am skeptical of legislation, but
it may come to pass that we need--the states, 30 of the states,
already have legislation, and the e-mails are still coming in.
It is not stopping it. We may see that ramp up to another level
if things go global and the e-mail still comes in.
You are already seeing some of the big players take new
steps that they could have taken a long time ago, in my
opinion, and I think if the industry does not get its act
together and solve this the legislation is going to come and be
more onerous with limiting the amount of outbound e-mail that
an individual can send, things of that sort that you have seen,
or if you do send e-mail and your pattern changes you suddenly
get a challenge response, a challenge from the provider, things
of that sort.
You are seeing those kinds of things start to happen. You
are seeing movement on making a seal work or a trusted sender
seal work. It is a tremendous undertaking. I have heard that
kind of thing be compared to widening all the nation's roads
six inches.
On the other hand, if that is what Commerce requires, if it
is the case that an anonymous e-mail system like we have is
unsuitable for a commercial world where you have to do a lot of
things, you want to do your anonymous speaking, but you have to
have secure commerce. You have to have financial transactions,
insurance, purchases, all kinds of things.
It may be that we are still six years into the popular
Internet, and if we need to make those fundamental changes they
need to be thought about now. We should be careful that
legislation does not unintentionally make folks say well, the
government is taking care of this problem. We do not really
worry about moving forward.
Chairman Schrock. Unfortunately, the government would
probably just add to the complication of the thing if they did
it.
You peaked my interest when you said handshake. Would you
go into that briefly?
Mr. Crews. Okay. It is not an answer for everybody, but I
will just mention it really quickly. I am sure a lot of the
folks on the panel already know what it is and folks here know
what it is, but for two and a half years I have had an account
like this.
EarthLink has just come out with a major roll-out of what
they call a challenge and response e-mail system for its users.
In other words, you sign up for this account. You can dump your
white list in, all of your contacts and things of that sort.
Any of those who e-mail you will come through.
If you get any e-mail from a stranger, that stranger gets a
response not from you, but from the system, that asks him to
enter a certain password that is generated there or look at an
image because typically a spam box cannot decipher images and
things like that, and then put that into the reply, and then
the message will go through. That stops spam.
In two years, I have not gotten a spam in that account. It
does not mean I will not. It does not mean you cannot set up,
you know, spam sweatshops where people just answer the
challenge. It can still happen, but in general what it does is
it changes the focus. In a way it is a proof of concept. The
reason we have spam is because it is costless for the sender.
In a way a challenge and response, despite all of its
problems, because it throws wrenches in the mailing list and
things like that, because it causes real problems there, but it
is a proof of concept that if you shift the cost back to the
sender it does put a real damper on what they do.
Now, if I am an individual and I have this at home, I do
not want my kids to see, you know, an unprotected e-mail
account pop up because now they contain graphics and
everything. This protects you from that.
If you are a business and you need to get solicitations
from customers, you need to get customers to come right through
or if you are a media company and you need press releases to
come right through, it is not going to be appropriate for you.
Then again, as time goes by, maybe it will be. The ethic
may very well change from everything comes in unless you say no
to nothing comes in unless you say yes. That is what challenge
and response does.
Remember, once you do it you only do the challenge one
time. If I get an e-mail from a stranger and he answers the
challenge, any future e-mail he sends me will come through
without being impeded so long as I have not blocked him, so
every for businesses it might be appropriate if they think
their customers are willing to put up with that.
Chairman Schrock. So you have the choice of whether to
block or not to block?
Mr. Crews. Right.
Chairman Schrock. All right. You are all familiar with
that, I guess.
Mr. Gonzalez?
Mr. Gonzalez. Thank you very much.
The first thing I want to point out is that we really
appreciate your testimony and your patience. Many times we have
the witnesses, and they only see a couple of Members up here
and get discouraged. Please understand that your testimony
forms the basis for a lot of things that we do here because
obviously we are taking it down. It is being recorded. Your
written statements will be disseminated among all of the
Members.
When I was voting, I saw Ranking Member Velazquez, and she
reminded me that we were having an Hispanic caucus meeting and
I was on the agenda. Of course, she understood that I was here.
This is our first priority.
Please understand that the Chairman and Mr. Manzullo and
the Ranking Member, Congresswoman Velazquez, will join us in
thanking you for your presence here this morning. It is very,
very important, and it is a great education.
I am going to start off with maybe benchmark things that we
can agree on, things that are not clear even in my mind. The
problem that Congress faces right now is that we do have a
cure, as they say. The good news is that we have a cure. The
bad news is it kills you. That is the real fear.
I think Mr. Crews understands what I am talking about. It
is a delicate balance, as I have already said, and I am hoping
that we move quickly because if the market does not do it then
the abuses, and we reach the crisis, and then we overreact.
The first thing I am going to ask all the witnesses is what
is your definition of spam? I am getting the impression that
they will be different. Maybe I am just wrong about that.
I will start with the first witness. Is it Mr. Cerasale?
Mr. Cerasale. Cerasale. Mr. Gonzalez, thank you. We have
tried to define spam, and you get even within our membership
lots of different versions. I think that the way we look at it,
it is unsolicited, bulk, untargeted e-mail.
Some people would add there is fraudulent stuff in it, but
that is probably just a fact that it is that. Ninety percent of
the spam that comes into AOL I have heard them testify violates
some current law already, so I would say you would look at
bulk, unsolicited, untargeted e-mail.
Mr. Gonzalez. Thank you.
Mr. Goldberg. I have to agree. The mail does not
necessarily have to have a deceptive product in it because I
have seen some legitimate e-mails come through, but it is just
anything that basically comes out that you do not ask for that
can go to like if it hits a domain they can put 100 different
@theweathermen.com, like they can put sales, owner, webmaster,
Mike, John, Steve, and you will get every single one of those.
That is I guess what I would consider it.
Mr. Rizzi. It is definitely a challenge to define spam.
Often it comes down to a question of opt in versus opt out. In
our industry, many, many think tanks and many, many resources
have been spent on the question of opt in versus opt out. I
have to tell you, it is very important and largely academic
until we can find the spammers.
There are 100 definitions that are important. The fact of
the matter is lawbreakers do not care, so we have to find a way
to identify them, and then once we identify them we can start
dividing it down to well, was this spam or was it not, and was
it opt in or was it not.
There are technologies that can be developed that can even
have triggers in them for that level of sensitivity, so I think
that is where we need to head, but it is still very hard to
define.
Ms. Giordano. In my business microcosm, the best way to
define it is if it does not relate to my business environment,
it is spam. That is how I have defined it for the folks that
actually monitor our system.
We have received everything from solicitations from people
in foreign countries to help them because their father died and
they need money and will you please enter your bank account
number, like I am really going to do that, to the Viagra ads or
sunscreen. You name it, it comes in.
They know that from a personal perspective in my little
space, which is KIS, whatever does not relate to my business
does not belong there. Therefore, they block.
Mr. Ham. I think that a key element of spam is it
definitely has to have a commercial purpose, and it has to be
unsolicited in a sense not only that it was not asked for, but
from a business that you really had no prior interactions with.
If you have been given a chance to opt out in a previous
interaction--if you were to go to TicketMaster and buy concert
tickets and you are given a chance to opt out and you choose
not to do so and then TicketMaster sends you an e-mail saying
guess what, your favorite band is coming back to town, even if
I never really wanted that e-mail in my in box it would not be
spam because I had the chance to avoid it and chose not to do
so.
Mr. Crews. I agree with a lot of what I have heard here. I
mean, the definition of spam can vary, and it can change over
time. I mean, as commercial solicitations, if they were to go
down, you can imagine non-commercial ones would increase.
The key point, though, is it does not matter how
legislation defines spam. People need to be able to define it
themselves and decide what they are going to filter out. I
mean, even ISPs filtering out and blacklisting things, you
know, is one of the big hammers we have now to deal with the
problem, but you can lose important messages that way.
The more individuals can decide through trusted sender or
through eventually if there is a way to charge to look at an
unsolicited mail, ultimately the road you want to go to is to
let people decide for themselves, and you want to make sure the
legislation does not in any kind of way impede that.
I will just point out something extra on the Do Not Call
list because it occurred to me as I was hearing some of the
commentary on it that there is a big reason why it would not
help. If one of the main problems we are having now is
dictionary attacks, it would not matter that you put your name
on the Do Not Call list because the bad guys are simply going
to go johnsmith1, johnsmith2, [email protected], and it is
not going to matter if your name is on the Do Not Call list.
Ultimately people have got to be able to filter out all of
that kind of stuff that is going to come through, and it is
going to require industry getting its act together.
Mr. Gonzalez. I guess the important point is that I am not
sure that Members of Congress--we all have our own definitions
of spam, just as you do. I think it is important what Mr. Crews
pointed out, and that is you give the consumer, the citizen,
the ability to define spam in their own world and then to
proceed to exclude that which they equate to spam.
I mean, that is the perfect world if we can reach it, and
we have to remember that because that which empowered really
Mr. Goldberg to be a success very well would be complained by
others because they are being solicited for one reason or
another about music t-shirts or whatever the business was. We
do not want to do that. We want to see more success stories
like Mr. Goldberg.
Let us see if we can agree on something that is basic. Do
we all agree, and then go down, and you tell me if any of you
disagree, that there has to be a federal preemption so that you
do not have to deal with 50 different sets of rules? I mean, we
do that all the time, and you already know what it is like.
Do we all agree that we are going to have to have some sort
of sender ID mechanism, and the technology has to be there for
the enforceability portion of it--also, it allows some
filtering and such--and that we should not have an opt in
because that would be unworkable?
I will just start again. Mr. Cerasale?
Mr. Cerasale. I agree with those three points.
Mr. Gonzalez. Okay. Mr. Goldberg?
Mr. Goldberg. Definitely. I agree, too.
Mr. Gonzalez. Mr. Rizzi?
Mr. Rizzi. I agree.
Mr. Gonzalez. Ms. Giordano?
Ms. Giordano. I agree as well.
Mr. Gonzalez. Mr. Ham?
Mr. Ham. I agree with all three.
Mr. Gonzalez. Mr. Crews?
Mr. Crews. I am just putting on my legislation critic hat,
that is all.
You know, federal preemption is something debating in a lot
of areas in on-line privacy and all sorts of areas, but again
just passing the law or setting up a Do Not Spam list or
mandating the ADV, it does not do any good to preempt the
states with that kind of law if it is not doing any good. That
is my only concern.
Mr. Gonzalez. But if it is a good law, in other words, the
best that we can fashion----.
Mr. Crews. As I said in the testimony, you go after the bad
actors, the fraudulent stuff. If someone is impersonating
someone else in an e-mail and things like that or impersonating
another domain name, things of that sort, sure, that is
appropriate to go after, but it is not something that can be
micromanaged in any kind of way.
You have to be careful about ADV requirements and Do Not
Spam list requirement and their impacts on small business and
who can manage that, you know, whether that is something that a
small company can really deal with.
Mr. Gonzalez. Okay. Thank you all very much.
Chairman Schrock. Let me follow on to what Mr. Gonzalez
said as it involves Congress. What is the worst thing that
Congress and the FTC can do in this situation? So many times we
create legislation here that we think is going to help, but we
think there are so many unintended consequences that we do more
harm than help.
That is why I, frankly, wish the market would take care of
this instead of people in Washington because you know when
Washington gets involves it is probably going to put more
hamstrings on you than you want.
What is the worst thing that we could do so we do not do
it?
Mr. Cerasale. Okay. Because of what has happened in your
home state, I think if you do nothing would be very problematic
because California's law, which will go into effect on January
1, will effectively put an opt in regime across the nation
because of the way the law is set up that you violate it even
if you send an e-mail to an account that is billed in
California.
For example, I live in California. My son is in college in
Connecticut and uses my AOL account, which is billed in
California. If you send an e-mail there, that would be a
violation. There is a real problem.
Chairman Schrock. You have to rethink that, letting your
son have your AOL account.
Mr. Cerasale. That is true, but that is a problem. I think
doing nothing would be awful at this point in time, not
preempting California.
The Do Not E-Mail list also just is not going to work.
There is no way to keep it fully secure because if I give you a
list with two million e-mails on it and someone scrubs it for
me and I get back a million e-mails that are not on the list, I
sudden have at least a million e-mails that are on the list
because I have the old list, so it does not even need to be
hacked to be able to get that list.
Chairman Schrock. Bruce?
Mr. Goldberg. I believe that the solution would be that I
do not think that unsolicited e-mails should be completely
banned because a lot of problems will come into play.
I had my server hacked into one time. I have an open script
in there. I am not an HTML expert, but somebody somehow got in
and found a loophole in my system where they can send their e-
mail out using my system to make it look like it was coming
from me.
When I reported it to the ISP that I use, they basically
said well, you need to tighten up that hole that is in there so
that they cannot send out mail anymore. If there was a Do Not
Spam list--I mean if there was an unsolicited law, I would have
been probably in a lot of trouble for that, even though I did
not even know it was going out.
I think that the solution, in my opinion, is somebody needs
to come up with some kind of technology kind of like what
EarthLink is using to just kind of--you know, a nationwide,
across the board everybody uses the same thing.
I know a couple states now have a thing where if you call
you have to identify yourself. If it does not recognize your
name, you have to say who you are, and then the person on the
line gets to decide whether or not they want to take that call.
I think that if all the states did that with e-mail, I
think that we probably would not even have to go any further
with the Do Not Call list or anything like that because
somebody came up with a product that already took care of the
situation before it got that far.
Mr. Rizzi. I would agree that doing nothing is the biggest
problem, particularly because of preemption in all the states,
the 37 states now. The California situation is very threatening
to the business.
Let me give you a little anecdote about Utah. Utah has a
private cause of action condition in their law, which means
pretty much any lawyer can go after anybody that may have made
a mistake in the way they sent their e-mail. If there is even
one percent of the small businesses in America that understand
that that law exists when they are mailing somebody in Utah, I
would be surprised. It does not happen.
What has happened there is that one law firm in Utah has
now placed over 1,200 lawsuits. One law firm. Most of the
people that have received this spam are staff members of that
law firm, and they were simply what we refer to in the industry
now as ``spambulance chasers'' and going after--you know, it is
no different. Going after small businesses that do not have the
resources to do the investigation, hire their lawyers. It is
much easier to comply and submit and write their check and say
go away.
That will happen more and more. I am sure there are just
stacks of lawyers in California right now wringing their hands
for January 1 to put on their own ``spambulance'' process, and
that is a problem. There will be millions of small businesses
breaking the law on January 1, and they will not know it.
Chairman Schrock. Unintentionally.
Mr. Rizzi. Completely unintentionally with their heart in
it like Bruce here to go do the right thing for their
customers, but they will not know it. They will be breaking the
law.
Legislation, if it does not happen in this session, our
industry and small businesses everywhere are going to be
lawbreakers.
Chairman Schrock. Catherine?
Ms. Giordano. Big ditto on that. My 47,000 customer list is
not contained within the borders of Virginia, and my biggest
fear is that what it will do if there is not some uniform code
of compliance. I am not sure I understand what the uniform code
is.
I would like it to be a technological advancement that
would rid the problem as well, but it is going to be at the
ultimate end state, the cost of doing business and indeed
putting small businesses like mine out of that business
completely.
Chairman Schrock. Legal costs could kill you.
Ms. Giordano. Exactly.
Chairman Schrock. Yes. Shane?
Mr. Ham. I agree with all of the other witnesses on this
preemption thing, but I think probably even worse would be to
implement a Do Not Spam list without the resources to do it
correctly because it could turn into a complete disaster if it
is not done right, or it would probably involve a very
complicated technical situation where the FTC has to set itself
up as a remailer.
There are hurdles that need to be challenged, but if it is
not done right then the spam problem will get worse literally
within minutes after implementing----.
Chairman Schrock. So what I hear you saying is maybe a
federal guideline would be more appropriate than California
doing their thing, Utah doing their thing?
Mr. Ham. Definitely. Definitely.
Chairman Schrock. Okay. Wayne?
Mr. Crews. Just be cautious about small business bearing
the brunt of this. They will be the easy mark.
Chairman Schrock. They will be.
Mr. Crews. I mean, it is the case that big companies have
been targeted too by ambitious lawyers because they are easy to
get to, and you cannot get to a lot of these bad guys.
Also watch out for loopholes. I mean, a lot of the reasons
the spam you are getting has these random characters in it is
because of the state laws that say you cannot send the same
message to everybody. They shift it a little bit and send the
stuff out anyway.
Whatever is done, it is not just preemption of the states.
That does not concern me so much as preemption of what the
market needs to do because ultimately the problem cannot be
solved here. It is a technological, organizational industry
problem that has to be solved that way, and it is not just
spam. It is issues over cyber security and things of that sort
that are even more fundamental than spam, but have to do with
bad actors that you do not want getting onto your networks.
Also, another thing here. You asked about what is the worst
you could do. You have to watch out for what liability
provisions could emerge here. There was spam legislation last
year and that had been debated this year that would give ISPs
immunity from liability.
Now, I think negotiating something like that in the
marketplace is perfectly appropriate, but if you have an
evolving market where questions of who is liable if a message
does not go through needs to be worked out through commerce,
through the commercial process. It is inappropriate for
Congress to stipulate that.
Similarly, in the House the spam legislation, of course,
Zoe Lofgren's bill, for example, who did not want legislation a
couple years ago, but now does. At that time she thought people
could deal with it in a lot of ways, but the problem has gotten
a lot worse.
She would set up a bounty for consumers to go after spam.
Now, if I am a small business person I am terrified then
because I am scared to use e-mail because I know how vindictive
and malicious people can get sometimes. If they know that the
law is going to let them sue $500 for every unsolicited e-mail
or something like that, I am not going to work anymore. I am
just going to look for spams too and hope I get them.
You have to be careful. Spam is a huge problem, but, on the
other hand, if it is a small business that has sent out an
unsolicited e-mail, you know, the harm that they have caused is
far less.
If you were talking about a legitimate company that is
using its fax list or its members who bought its products and
things, the harm caused by them sending out an e-mail is far
below what some of those penalties could be.
Chairman Schrock. It seems like the greatest harm is the
time and money it costs a company to address it. As Catherine
said, she has a person and a half who has to address this. She
has to pay them, and that is a cost she has. If some regulation
was put in place, she might not have to.
Charlie?
Mr. Gonzalez. I do have to comment on the private cause of
action because I am still a believer that it is appropriate in
certain circumstances.
I understand what you are saying. I think a lawyer that
basically gets his staff together and says okay, let us make a
list of all the things so we have a cause of action is
deplorable. I think it is sanctionable and I think what is left
of what used to be a great profession even further down.
What we are talking about is you have a remedy, and the
consumer, the small business or whatever communicates to the
sender. I am not on your list. I do not want to be on your
list. I am rejecting it. You are ignored. Now, do you have to
wait for the government to act on that? Do you really believe
you are going to get your Attorney General or the appropriate
agency or department of the United States Government to move
quickly enough on this?
If they are doing it to you, they are doing it to thousands
and thousands of other people, so I think it is appropriate
that in certain circumstances, which is pretty outrageous, that
the individual have that cause of action.
Now, what is a measure of damages? I think you are right.
How is an individual harmed? Do you have groups, parties that
come together for that purpose and go after the bad actors? I
think there is a legitimate role for the private sector there
because the profession, the private lawyer and the private
practice is part of that private sector.
I do not want to dismiss that out of hand. I think it can
be appropriate again in limited and very specific
circumstances. I do appreciate what you are saying here on the
abuses and the fact that I do not want a huge target being
drawn on every small businessman and woman in this country by
anybody who is litigious.
Thank you again for your concerns and your testimony this
morning and afternoon.
Chairman Schrock. Let me just ask one final question. Do
you have any comments on what Howard Beales talked about when
he was here?
Mr. Cerasale. Well, I think Howard did talk about needing
enforcement, needing funds for enforcement, and I think that
that is very appropriate.
One of the things that he did say, however, was a
difficulty in trying to find people. A lot of times if we are
looking at really commercial stuff, the pornography stuff is
more difficult, but to try to give funds to follow the money.
Even though people can hide right now, if they are trying to
sell something you can try to follow the money. That takes
resources.
We understand, and it is hard for me to believe this
figure, but from of the Federal Bureau of Investigation when we
have been working with them trying to set up and get some
people who are currently violating the law with spam, they said
that really they think there are about between 150 and 300
really bad actors that produce most of the stuff.
Now, I do not know. It is hard for me to believe that, but
that is what they have told us, and they have told others that.
It may be that some funds to try, and I think Howard's thing
was funds to give them enforcement authority to go after them
now.
I mean, the saddest thing about this whole spam debate is
that the FTC found that two-thirds on their face when they are
looking at the spam study were fraudulent. AOL says that 90
percent that they receive are fraudulent. They are already
violating laws, and we are not going to get them, which means
that there is a real enforcement problem.
I think that that is someplace that Congress should look at
very closely to see if we can get some funds into some
enforcement to go get some of these people now.
Chairman Schrock. Did you say FBI?
Mr. Cerasale. FBI, yes.
Chairman Schrock. If they know it is that number, how do
they know who it is? If they know who they are, why can they
not stop it?
Mr. Cerasale. That is a good question that we have asked.
Chairman Schrock. Yes.
Mr. Cerasale. Now, we are working with them on a project
called Slam Spam actually. The DMA is working with them. We are
giving them some money to get some agents directly focused on
spam because it is hard. It is intensive. It needs lots of
resources, and it is not necessarily the glory arrest.
We would hope to get some arrests soon with some spammers,
but I think that enforcement money is probably a good way to
spend some resources because we can go get some people that are
already breaking laws.
Chairman Schrock. Any others of you have comments on
Howard?
[No response.]
Chairman Schrock. Let me join Mr. Gonzalez in saying thank
you very much. You have been very patient. Your testimony and
answers to questions have been very helpful.
I feel certain something very useful will come out of this
and help you prevent the problems you have been having so that
it will not happen again and again.
Thank you very much for being here. This hearing is
adjourned.
[Whereupon, at 1:13 p.m. the Subcommittee was adjourned.]
[GRAPHIC] [TIFF OMITTED] T2986.001
[GRAPHIC] [TIFF OMITTED] T2986.002
[GRAPHIC] [TIFF OMITTED] T3042.001
[GRAPHIC] [TIFF OMITTED] T3042.002
[GRAPHIC] [TIFF OMITTED] T3042.003
[GRAPHIC] [TIFF OMITTED] T3042.004
[GRAPHIC] [TIFF OMITTED] T3042.005
[GRAPHIC] [TIFF OMITTED] T3042.006
[GRAPHIC] [TIFF OMITTED] T3042.007
[GRAPHIC] [TIFF OMITTED] T3042.008
[GRAPHIC] [TIFF OMITTED] T3042.009
[GRAPHIC] [TIFF OMITTED] T3042.010
[GRAPHIC] [TIFF OMITTED] T3042.011
[GRAPHIC] [TIFF OMITTED] T3042.012
[GRAPHIC] [TIFF OMITTED] T3042.013
[GRAPHIC] [TIFF OMITTED] T3042.014
[GRAPHIC] [TIFF OMITTED] T3042.015
[GRAPHIC] [TIFF OMITTED] T3042.016
[GRAPHIC] [TIFF OMITTED] T3042.017
[GRAPHIC] [TIFF OMITTED] T3042.018
[GRAPHIC] [TIFF OMITTED] T3042.019
[GRAPHIC] [TIFF OMITTED] T3042.020
[GRAPHIC] [TIFF OMITTED] T3042.021
[GRAPHIC] [TIFF OMITTED] T3042.022
[GRAPHIC] [TIFF OMITTED] T3042.023
[GRAPHIC] [TIFF OMITTED] T3042.024
[GRAPHIC] [TIFF OMITTED] T3042.025
[GRAPHIC] [TIFF OMITTED] T3042.026
[GRAPHIC] [TIFF OMITTED] T3042.027
[GRAPHIC] [TIFF OMITTED] T3042.028
[GRAPHIC] [TIFF OMITTED] T3042.029
[GRAPHIC] [TIFF OMITTED] T3042.030
[GRAPHIC] [TIFF OMITTED] T3042.031
[GRAPHIC] [TIFF OMITTED] T3042.032
[GRAPHIC] [TIFF OMITTED] T3042.033
[GRAPHIC] [TIFF OMITTED] T3042.034
[GRAPHIC] [TIFF OMITTED] T3042.035
[GRAPHIC] [TIFF OMITTED] T3042.036
[GRAPHIC] [TIFF OMITTED] T3042.037
[GRAPHIC] [TIFF OMITTED] T3042.038
[GRAPHIC] [TIFF OMITTED] T3042.039
[GRAPHIC] [TIFF OMITTED] T3042.040
[GRAPHIC] [TIFF OMITTED] T3042.041
[GRAPHIC] [TIFF OMITTED] T3042.042
[GRAPHIC] [TIFF OMITTED] T3042.043
[GRAPHIC] [TIFF OMITTED] T3042.044
[GRAPHIC] [TIFF OMITTED] T3042.045
[GRAPHIC] [TIFF OMITTED] T3042.046
[GRAPHIC] [TIFF OMITTED] T3042.047
[GRAPHIC] [TIFF OMITTED] T3042.048
[GRAPHIC] [TIFF OMITTED] T3042.049
[GRAPHIC] [TIFF OMITTED] T3042.050
[GRAPHIC] [TIFF OMITTED] T3042.051
[GRAPHIC] [TIFF OMITTED] T3042.052
[GRAPHIC] [TIFF OMITTED] T3042.053
[GRAPHIC] [TIFF OMITTED] T3042.054
[GRAPHIC] [TIFF OMITTED] T3042.055
�