- The Washington Times - Thursday, September 16, 2004

The Federal Trade Commission told Congress yesterday that a proposed “bounty” to catch spammers is flawed, but could be helpful if rewards are high enough.

The FTC said most people don’t have the technical knowledge to track down senders of junk e-mail, but that the lure of big money — between $100,000 and $250,000 — could persuade spammers to turn on one another.

Congress asked the FTC for a report on feasibility of the bounty system as part of the federal Can-Spam Act, which went into effect Jan. 1.

The bounty concept gained popularity after it was advocated by Lawrence Lessig, a Stanford law professor, who noted that traditional law enforcement was ill-equipped to tackle the spam problem. Spam makes up as much as 75 percent of all e-mail sent worldwide and costs businesses more than $10 billion in lost productivity and services each year, technology analysts say.

A provision for the creation of a bounty was inserted into the Can-Spam Act at the last minute by Sen. Jon Corzine, New Jersey Democrat, and Rep. Zoe Lofgren, California Democrat.

The FTC stopped short of telling Congress that the bounty system should be created. But it said such a system should have rewards high enough to encourage insiders to identify spammers.

The FTC also said rewards should be paid through appropriations, rather than with money from civil suits, and that the FTC’s decisions on rewards should be exempt from judicial or administrative review.

In a written opinion to the FTC, Stanford computer-science professor Dan Boneh criticized the bounty concept, arguing that the average citizen likely would be duped by the many layers of deceit that spammers use to mask their identity and location.

“Our analysis suggests that spammers who understand identity-concealment techniques … are unlikely to be identified by a cyber-sleuth who relies on the electronic trail alone,” Mr. Boneh wrote.

Experts also noted that the average citizen does not have subpoena power to pursue spammers with the same zeal as the government.

Software engineers are working on systems to verify the true origin of e-mail, such as Yahoo’s DomainKeys or Microsoft’s SenderID. But it is not clear how such systems will affect spammers’ behavior, Mr. Boneh said.

But some legal experts noted that federal agencies have used bounty systems to pursue criminals for years, often with success. The Internal Revenue Service has used paid informants to collect unpaid taxes, and the Environmental Protection Agency pays up to $10,000 for information on illegal dumping. The key, legal experts said, is to collect information from people with inside knowledge of the spammer’s activities.

“The insider can have information about actual violations of the [Can-Spam] Act, actual knowledge by the spammer, and actual connections between the person and the acts,” said Marsha Ferziger Nagorsky, a lecturer on law at the University of Chicago and author of a book on civil bounty programs. “These are the informants the FTC needs to bring in, and these are the informants the bounty system might do the most good in bringing in.”

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.

 

Click to Read More

Click to Hide