Spam: Where's the BEEF?
I like to think of myself as a responsible Netizen, but there's only one of me.
Whenever I receive junk e-mail (which is rare, mind you, because my university is pretty good about blocking it and I'm not so naïve about inviting it), I do two things. First, I tell my e-mail client it's junk, to train its built-in filter. Second, I use a cute little URL provided in the headers to report it to the university, where I'm led to believe human beings target the offending service providers for further investigation. (Really, I do these things in the opposite order because my software deletes messages that I mark as junk, but it makes more rhetorical sense this way.)
I've often wanted to do more to help defeat junk e-mail, which is often called "spam," though I have mixed feelings about that term as both a Minnesotan and a vegetarian. In 2005, spam cost the world $50 billion, about eight months' spending on the war in Iraq. One idea is to launch a "distributed denial of service" (DDoS) attack on every jerk who sends me a message with the word "Cialis" misspelled. In a DDoS, you simply overwhelm the target's Internet access by simultaneously sending him or her (her?) as much useless noise from as many different places as you possibly can. The target system's resources are overloaded trying to deal with all of that junk - poetic justice.
Naturally, that would be illegal, and vigilantism is problematic at best. The fine folks at Spamhaus, for example, gather and publish information about suspected spammers, ostensibly so the developers of spam-filtering software can add to their block lists, but it's tempting to do other things with that information. These third-party solutions are generally constrained by what can be done legally, and in most cases, for a profit.
I would like to see a new, international quasi-NGO formed to deal with this problem. Perhaps a branch of Interpol. We could call it the Bureau for the Elimination of Electronic Fraud (BEEF). Unlike existing third parties, it would have the authority to use any means necessary to stop spammers, like a DDoS or worse. (I'm picturing a pudgy, bespectacled, greasy-haired teenager sitting in the dim glow of his LCD monitor and filling his fat face with Cheetos when a SWAT-like team kicks down the door to his parents' basement to charge in and point some kind of electromagnetic pulse gun at his dual-core liquid-cooled Linux box, threatening to pull the trigger if he makes any sudden keystrokes.) (Disquieted by the uncanny imagery, I'm now looking over my shoulder before I pick up the fork again with one hand and resume typing with the other.) It would be even cooler if this organization played nicely with developers. Imagine a cow-shaped button on your e-mail client that lets you automatically report a message to the BEEF for further investigation, with a single click.
Naturally, this could only go so far, because the organization wouldn't be able to read any e-mail until someone voluntarily submits it for investigation. To do anything more pre-emptive than that would violate the unofficial right of privacy, but that alone isn't so bad: I have a reasonable expectation that private e-mail I write to you won't be read by government snoops on its way (even though I know that's not true, but I have to rely on trust to feel safe in the unlikelihood that you'd forward the message to someone who shouldn't see it or let someone less trustworthy find out your password. This wouldn't be a serious handicap, and if everyone does their part, it would make the Internet a riskier place to commit fraud.
But, as always, no one asked me.