Wednesday, April 7, 2004

Yet another proposal?

Things I find wrong with this proposal:

"(1) A person who wishes to greatly reduce spam must install software on each computer with an e-mail client application (such as Microsoft Outlook)."

Doesn't take into account the scope of what he's proposing. Everyone who has an e-mail client must also install some other software? What hooks does it require? Personnaly, Outlook doesn't run on my home computers or any of my servers. For those really paranoid moments, I use a text client with no hooks to external programs. Am I going to be required (the "or else" kind) to change my preferred e-mail client if it doesn't have the hooks to run with this extra software. The assumption is that my grandmother can install software.

"(2) A person who wishes to greatly reduce spam, when sharing his or her e-mail address, must also go through the trouble of sharing a code number."

A personal ID number? Your papers please? (Sorry, I sat in a proposal for mandatory PKI certificates for all Internet users last night.) (To protect the children, of course!) This assumes that my grandmother can remember another number, let alone being able to figure out how to use e-mail.

"(3) Mailing list services must make a slight modification to their databases and mailing scripts to store and use codes in addition to e-mail addresses. "

Are you going to pay for this? The improper assumption is that all mailing lists respect their subscribers' privacy and don't sell the codes along with the addresses. It also assumes that my grandmother can code the changes into her mailman server without damaging her pr0n list. (heh)

Adding technology isn't going to work. That way leads to an arms race as spammers develop ways around the obstacles placed in front of them. We'll solve the spam problem via technology about the same time that the virus problem is solved via similar methods.

Adding more laws isn't going to work. Do that will only add greater contempt for the law. They're criminals already, another law won't make them feel bad about themselves.

The only solution is enforcement. Unfortunately, very few law enforcement agencies have the personnel/time/money/talent/inclination to track down and prosecute spammers. Most of those that do are acting in response to corporate complaints, not complaints from the individual citizen.

I've learned (via recent jobs) that small business takes a beating from small scale fraud and theft. There's a well-populated gap between what local law enforcement is able to investigate and what state/federal law enforcement is willing to investigate. Who fills that gap? Private investigators, if the businessman/woman is willing to pay for an investigation that may or may not yield results.

Unfortunately, enforcement of exisiting laws is also a probable non-option. It costs to train the local law enforcement officer(s). You also have to find officers willing to take the training. Low-end cybercrime, while possibly glamourous for prosecutors, holds little career advancement for the local city cop or sheriff (usually it's not within their jurisdiction either).