Recently in Internet Category
The Data Dilemma for Cell Phone Carriers: To Throttle or Not to Throttle? FTC Seeks to Answer by Suing AT&T Over Speed Limitations for Wireless Customers| Permalink
Benjamin Borden, MJLST Staff Member
Connecting to the Internet from a mobile device is an invaluable freedom in the modern age. That essential BuzzFeed quiz, artsy instagram picture, or new request on Friendster are all available in an instant. But suddenly, and often without warning, nothing is loading, everything is buffering, and your once treasured piece of hand-held computing brilliance is no better than a cordless phone. Is it broken? Did the satellites fall from the sky? Did I accidentally pick up my friend's blackberry? All appropriate questions. The explanation behind these dreadfully slow speeds, however, is more often than not a result of data throttling courtesy of wireless service providers. This phenomenon arises from the use of unlimited data plans on the nation's largest cell phone carriers. Carriers such as AT&T and Verizon phased out their unlimited data plans in 2010 and 2011, respectively. This came just a few years after requiring unlimited data plans for new smartphone purchases. Wireless companies argue that tiered data plans offer more flexibility and better value for consumers, while others suggest that the refusal to offer unlimited data plans is motivated by a desire to increase revenue by selling to data hungry consumers.
Despite no longer offering unlimited data plans to new customers, AT&T has allowed customers who previously signed up for these plans to continue that service. Verizon also allows users to continue, but refuses to offer discounts on new phones if they keep unlimited plans. Grandfathering these users into unlimited data plans, however, meant that wireless companies had millions of customers able to stream movies, download music, and post to social media without restraint, and more importantly, without a surcharge. Naturally, this was deemed to be too much freedom. So, data throttling was born. Once a user of an unlimited data plan goes over a certain download size, 3-5GB for AT&T in a billable month, their speeds are lowered by 80-90% (to 0.15 mbps in my experience). This speed limit makes even the simplest of smartphone functions an exercise in patience.
I experienced this data throttling firsthand and found myself consistently questioning where my so-called unlimited data had escaped to. Things I took for granted, like using Google Maps to find the closest ice cream shop, were suddenly ordeals taking minutes rather than seconds. Searching Wikipedia to settle that argument with a friend about the plot of Home Alone 4? Minutes. Requesting an Uber? Minutes. Downloading the new Taylor Swift album? Forget about it.
The Federal Trade Commission (FTC) understands this pain and wants to recoup the losses of consumers who were allegedly duped by the promise of unlimited data, only to have their usage capped. As a result, the FTC is suing AT&T for misleading millions of consumers about unlimited data plans. After recently consulting with the Federal Communications Commission (FCC), Verizon decided to abandon its data throttling plans. AT&T and Verizon argue that data throttling is a necessary component of network management. The companies suggest that without throttling, carrier service might become interrupted because of heavy data usage by a small group of customers.
AT&T had the opportunity to settle with the FTC, but indicated that it had done nothing wrong and would fight the case in court. AT&T contends that its wireless service contracts clearly informed consumers of the data throttling policy and those customers still signed up for the service. Furthermore, there are other cellular service options for consumers that are dissatisfied with AT&T's terms. These arguments are unlikely to provide much solace to wireless customers shackled to dial-up level speeds.
If there is a silver lining though, it is this: with my phone acting as a paperweight, I asked those around me for restaurant recommendations rather than turning to yelp, I got a better understanding of my neighborhood by finding my way rather than following the blue dot on my screen, and didn't think about looking at my phone when having dinner with someone. I was proud. Part of me even wanted to thank AT&T. The only problem? I couldn't tweet @ATT to send my thanks.
FCC Issues Notice of Proposed Rulemaking to Ensure an Open Internet, Endangers Mid-size E-Commerce Retailers| Permalink
Emily Harrison, MJLST Staff
The United States Court of Appeals for the D.C. Circuit twice struck down key provisions of the Federal Communication Commission's (FCC) orders regarding how to ensure an open Internet. The Commission's latest articulation is its May 15, 2014 notice of proposed rulemaking, In the Matter of Protecting the Open Internet. According to the proposed rulemaking, it seeks to provide "broadly available, fast and robust Internet as a platform for economic growth, innovation, competition, free expression, and broadband investment and deployment." The notice of proposed rulemaking includes legal standards previously affirmed by the D.C. Circuit in Verizon v. FCC, 740 F.3d 623 (2014). For example, the FCC relies on Verizon for establishing how the FCC can utilize Section 706 of the Telecommunications Act of 1996 as its source of authority in promulgating Open Internet rules. Additionally, Verizon explained how the FCC can employ a valid "commercially reasonable" standard to monitor the behavior of Internet service providers.
Critics of the FCC's proposal for network neutrality argue that the proposed standards are insufficient to ensure an open Internet. The proposal arguably allows broadband carriers to offer "paid prioritization" services. The sale of this prioritization not only leads to "fast" and "slow" traffic lanes, but also allows broadband carriers to charge content providers for priority in "allocating the network's shared resources," such as the relatively scarce bandwidth between the Internet and an individual broadband subscriber.
Presuming that there is some merit to the critics' arguments, if Internet Service Providers (ISPs) could charge certain e-commerce websites different rates to access a faster connection to customers, the prioritized websites could gain a competitive advantage in the marketplace. Disadvantaged online retailers could see a relative decrease in their respective revenue. For example, without adequate net neutrality standards, an ISP could prioritize certain websites, such as Amazon or Target, and allow them optimal broadband speeds. Smaller and mid-sized retail stores may only have the capital to access a slower connection. As a result, customers would consistently have a better retail experience on the websites of larger retailers because of the speed in which they can view products or complete transactions. Therefore, insufficient net neutrality policies could potentially have a negative effect on the bottom line of many e-commerce retailers.
Comments can be submitted in response to the FCC's notice of proposed rulemaking at: http://www.fcc.gov/comments
Ian Blodger, MJLST Staff Member
The US's military intervention against ISIL carries with it a high risk of cyber-terror attacks. The FBI reported that ISIL and other terrorist organizations may turn to cyber attacks against the US in response to the US's military engagement of ISIL. While no specific targets have been confirmed, likely attacks could result in website defacement to denial of service attacks. Luckily, recent cyber terror attacks attempting to destabilize the US power grid failed, but next time we may not be so lucky. Susan Brenner's recent article, Cyber-threats and the Limits of Bureaucratic Control, published in the Minnesota Journal of Law Science and Technology volume 14 issue 1, describes the structural reasons for the US's vulnerabilities to cyber attacks, and offers one possible solution to the problem.
Brenner argues that the traditional methods of investigation do not work well when it comes to cyber attacks. This ineffectiveness results from the obscured origin and often hidden underlying purpose of the attack, both of which are crucial in determining whether a law enforcement or military response is necessary. The impairment leads to problems assessing which agency should control the investigation and response. A nation's security from external attackers depends, in part, on its ability to present an effective deterrent to would be attackers. In the case of cyber attacks, however, the US's confusion on which agency should respond often precludes an efficient response.
Brenner argues that these problems are not transitory, but will increase in direct proportion to our reliance on complex technology. The current steps taken by the US are unlikely to solve the issue since they do not address the underlying problem, instead continuing to approach cyber terrorists as conventional attackers. Concluding that top down command structures are unable to respond effectively to the treat of cyber attacks, Brenner suggests a return to a more primitive mode of defense. Rather than trusting the government to ensure the safety of the populace, Brenner suggests citizens should work with the government to ensure their own safety. This decentralized approach, modeled on British town defenses after the fall of the Roman Empire, may avoid the ineffective pitfalls of the bureaucratic approach to cyber security.
There are some issues with this proposed model for cyber security, however. Small British towns during the early middle ages may have been able to ward off attackers through an active citizen based defense, but the anonymity of the internet makes this approach challenging when applied to a digitized battlefield. Small British towns were able to easily identify threats because they knew who lived in the area. The internet, as Brenner concedes, makes it difficult to determine to whom any given person pays allegiance. Presumably, Brenner theorizes that individuals would simply respond to attacks on their own information, or enlist the help of others to fed off attacks. However, the anonymity of the internet would mean utter chaos in bolstering a collective defense. For example, an ISIL cyber terrorist could likely organize a collective US citizen response against a passive target by claiming they were attacked. Likewise, groups utilizing pre-emptive attacks against cyber terrorist organizations could be disrupted by other US groups that do not recognize the pre-emptive cyber strike as a defensive measure. This simply shows that the analogy between the defenses of a primitive British town and the Internet is not complete.
Brenner may argue that her alternative simply calls for current individuals, corporations, and groups to build up their own defenses and protect themselves from impending cyber threats. While this approach would avoid the problems inherent in a bureaucratic approach, it ignores the fact that these groups are unable to protect themselves currently. Shifting these groups' understanding of their responsibility of self defense may spur innovation and increase investment in cyber protection, but this will likely be insufficient to stop a determined cyber attack. Large corporations like Apple, JPMorgan, Target, and others often hemorrhage confidential information as a result of cyber attacks, even though they have large financial incentives to protect that information. This suggests that an individualized approach to cyber protection would also likely fail.
With the threat of ISIL increasing, it is time for the United States to take additional steps to reduce the threat of a cyber terror attack. At this initial stage, the inefficiencies of bureaucratic action will result in a delayed response to large-scale cyber terror attacks. While allowing private citizens to band together for their own protection may have some advantages over government inefficiency, this too likely would not solve all cyber security problems.
Will Orlady, MJLST Staff Member
The Internet is infinite. At least, that's what I thought. But Ashley Parker, a New York Times reporter doesn't agree. When it comes to political ad space, our worldwide information hub may not be the panacea politicians hoped for this election season.
Parker based her argument on two premises. First, not all Internet content providers are equal, at least when it comes to attracting Internet traffic. Second, politicians--especially those in "big" elections--wish to reach more people, motivating their campaigns to run ads on a major content hubs i.e. YouTube.
But sites like YouTube can handle heavy network traffic. And, for the most part, political constituents do not increase site traffic for the purpose of viewing (or hearing) political ads. So what serves to limit a site's ad space if not its own physical technology that facilitates the site's user experience? Parker contends that the issue is not new: it's merely a function of supply and demand.
Ad space on so-called premium video streaming sites like YouTube is broken down into two categories: ads that can be skipped ("skip-able ads") and ads that must be played entirely before you reach the desired content ("reserved by ads"). The former is sold without exhaustion at auction, but the price of each ad impression increases with demand. The latter is innately more expensive, but can be strategically purchased for reserved times slots, much like television ad space.
Skip-able ads are available for purchase without regard to number. But they are limited by price and by desirability. Because they are sold by auction, in times of high demand (during a political campaign, for example) Parker contends that their value can increase ten-fold. Skip-able ads are, however, most seriously limited by their lack of desirability. Assuming, as I believe it is fair to do here, that most Internet users actually skip the skip-able ads, advertising purchasers would be incentivized to purchase a site's "reserved by" advertising space.
"Reserved by" ads are sold as their name indicates, by reservation. And if the price of certain Internet ad space is determined by time or geography, it is no longer fungible. Thus, because not all Internet ad space is the same in price, quality, and desirability, certain arenas of Internet advertising are finite.
Parker's argument ends with the conclusion that political candidates will now compete for ad space on the Internet. This issue, however, is not necessarily problematic or novel. Elections have always been adversarial. And I am not convinced that limited Internet ad space adds to campaign vitriol. An argument could be made to the contrary: that limited ad space will confine candidate to spending resources on meaningful messages about election issues rather than smear tactics. Campaign tactics notwithstanding, I do not believe that the Internet's limited ad space presents an issue distinct from campaign advertising in other media. Rather, Parker's argument merely forces purchasers and consumers of such ad space to consider the fact that the internet, as an advertising and political communication medium, may be more similar to existing media than some initially believed.
Jessica Ford, MJLST Staff
Apple's iPhone tends to garner a great deal of excitement from its aficionados for its streamlined aspects and much resentment from users craving customization on their devices. Apple's newest smartphone model, the iPhone 6, is no exception. However, at Apple's September 9, 2014 iPhone 6 unveiling, Apple announced that the new iOS 8 operating system encrypts emails, photos, and contacts when a user assigns a passcode to the phone. Apple is unable to bypass a user's passcode under the new operating system and is accordingly unable to comply with government warrants demanding physical data extraction from iOS 8 devices.
The director of the FBI, James Comey, has already voiced concerns that this lack of access to iOS 8 devices could prevent the government from gathering information on a terror attack or child kidnappings.
Comey is not the only one to criticize Apple's apparent attempt to bypass legal court orders and warrants. Orin Kerr, a criminal procedure and computer crime law professor at The George Washington University Law School, worries that this could essentially nullify the Supreme Court's finding in Riley v. California this year which requires the police to have a warrant before searching and seizing the contents of an arrested individual's cell phone.
However, phone calls and text messages are not encrypted, and law enforcement can gain access to that data by serving a warrant upon wireless carriers. Law enforcement can also tap and monitor cellphones by going through the same process. Any data backed to iCloud, including iMessages and photos, can be accessed under a warrant. The only data that law enforcement would not be able to access without a passcode is data normally backed up to iCloud that still remains on the device.
While security agencies argue otherwise, iOS 8 seems far from rendering Riley's warrants useless. Law enforcement still has several viable options to gain information with a warrant. Furthermore, the Supreme Court has already made it clear that it does not find that the public's interest in solving or preventing crimes outweighs the public's interest in privacy of phone data, even when there is a chance that the data on a cell phone at issue will be encrypted once the passcode locks the phone,
"[I]n situations in which . . . an officer discovers an unlocked phone, it is not clear that the ability to conduct a warrantless search would make much of a difference. The need to effect the arrest, secure the scene, and tend to other pressuring matters means that law enforcement officers may well not be able to turn their attention to a cell phone right away . . . . If 'the police are truly confronted with a 'now or never' situation,' . . . they may be able to rely on exigent circumstances to search the phone immediately . . . . Or, if officers happen to seize a phone in an unlocked state, they may be able to disable a phone's automatic-lock feature in order to prevent the phone from locking and encrypting data . . . . Such a preventive measure could be analyzed under the principles set forth in our decision in McArthur, 531 U.S. 326, 121 S.Ct. 946, which approved officers' reasonable steps to secure a scene to preserve evidence while they awaited a warrant." (citations omitted) Riley v. California, 134 S. Ct. 2473, 2487-88 (2014).
With all the legal recourse that remains open, it appears somewhat hasty for the paragon-of-virtue FBI to be crying "big bad wolf."
Daniel Schueppert, MJLST Executive Editor
More and more Americans are getting rid of their cable TV and opting to consume their media of choice through other sources. Roughly 19% of American households with a TV do not subscribe to cable. This change in consumer preferences means that instead of dealing with the infamous "Cable Company Runaround" many households are using their internet connection or tapping into local over-the-air broadcasts to get their TV fix. One of the obvious consequences of this change is that cable TV providers are losing subscribers and may become stuck carrying the costs of existing infrastructure and hardware. Meanwhile, the CEO of Comcast's cable division announced that "it may take a few years" to fix the company's customer experience.
In 2011 Ralitza A. Grigorova-Minchev and Tomas W. Hazlett published an article entitled Policy-Induced Competition: The Case of Cable TV Set-Top Boxes in Volume 12 Issue 1 of the Minnesota Journal of Law, Science & Technology. In their article the authors noted that despite the FCC's policy efforts to bring consumer cable boxes to retail stores like Best Buy, the vast majority of cable subscribing households in America received their cable box from their cable TV operators. In the national cable TV market the two elephants in the room are Comcast and Time Warner Cable. One of these two operators are often the only cable option in certain areas and together they provide over a third of the broadband internet and pay-TV services in the nation. Interestingly, Comcast and Time Warner Cable are currently pursuing a controversial $45 billion merger and in the process both companies are shrewdly negotiating concessions by TV networks and taking shots at Netflix in FCC filings.
The current fad of cutting cable TV implicates a pushback against the traditional policy of vertically integrating media, infrastructure, customer service, and hardware like cable boxes into one service. In contrast to the expensive cable box hardware required and often provided by traditional cable, internet media streaming onto a TV can usually be achieved by any number of relatively low cost and multi-function consumer electronic devices like Google's Chromecast. This arguably gives customers more control over their media experience by providing the ability to choose which hardware-specific services they bring into their home. If customers no longer want to be part of this vertical model, big companies like Comcast may find it difficult to adjust to changing consumer preferences given the considerable regulatory pressure discussed in Grigorova-Minchev and Hazlett's article.
Nia Chung, MJLST Staff
Cyberbullying comes in varying forms. Online outlets with user identification features such as Facebook and MySpace give third party attackers a platform to target individuals but remain identifiable to the victim. The transparency of identification provided on these websites allows victims the ability of possible redress without involving the Internet Service Providers (ISPs).
In February 2014, Bryan Morben published an article on cyberbullying in volume 15.1 of the Minnesota Journal of Law, Science and Technology. In that article Mr. Morben wrote that Minnesota's new anti-cyberbullying statute, the "Safe and Supportive Minnesota Schools Act" H.F. 826 would "reconstruct the Minnesota bullying statute and would provide much more guidance and instruction to local schools that want to create a safer learning environment for all." Mr. Morben's article analyzes the culture of cyberbullying and the importance of finding a solution to such actions.
Another form of cyberbullying has been emerging, however, and state initiatives such as the Safe and Supportive Minnesota Schools Act may prompt Congress to revisit current, outdated, federal law. This form of cyberbullying occurs on websites that provide third parties the ability to hide behind the cloak of anonymity to escape liability for improper actions, like 4chan and AOL.
On September 22, 2014, British actress Emma Watson delivered a powerful U.N. speech about women's rights. Less than 24 hours later, a webpage titled "Emma You Are Next" appeared, displaying the actress's face next to a countdown, suggesting that Ms. Watson would be targeted this Friday. The webpage was stamped with the 4chan logo, the same entity that is said to have recently leaked celebrity photos of actresses including Jennifer Lawrence, this past summer. On the same website, one anonymous member responded to Ms. Watson's speech by stating "[s]he makes stupid feminist speeches at UN, and now her nudes will be online." Problematically, the law provides no incentive for such ISPs to remove such defamatory content because they are barred from liability by a federal statute. The Communications Decency Act, 47 U.S.C. § 230, provides, "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Essentially, this provision provides ISPs immunity from tort liability for content or information generated on a user-generated website. Codified in 1996, initially to regulate pornographic material, the statute added sweeping protection for ISPs. However, 20 years ago, the internet was relatively untouched and had yet to realize its full potential.
Courts historically have applied Section 230 broadly and have prevented ISPs from being held liable for cyberbullying actions brought from victims of cyberbullying on its forum. For example, the Ninth Circuit upheld CDA immunity for an ISP for distributing an email to a listserv who posted an allegedly defamatory email authored by a third party. The Fourth Circuit immunized ISPs even when they acknowledged that the content was tortious. The Third Circuit upheld immunity for AOL against allegations of negligence because punishing the ISP for its third party's role would be "actions quintessentially related to a publisher's role." Understandably, the First Amendment provides the right to free exchange of information and ideas, which gives private individuals the right to anonymous speech. We must ask, however, where the line must be drawn when anonymity serves not as a tool to communicate with others in a public forum but merely as a tool to bring harm to individuals, their reputations and their images.
In early April of this year, the "Safe and Supportive Minnesota Schools Act was approved and officially went into effect. Currently, http://www.cyberbullying.us/Bullying_and_Cyberbullying_Laws.pdf have anti-cyberbullying statutes in place, demonstrating positive reform in keeping our users safe in a rapidly changing and hostile online environment. Opinions from both critics and advocates of the bill were voiced through the course of the bill's passing, and how effectively Minnesota will apply its cyberbullying statute remains to be seen. A closer look at the culture of cyberbullying, as is discussed in Mr. Morben's article, and the increasing numbers of anti-cyberbullying state statutes, however, may prompt Congress to revisit Section 230 of the Communications Decency Act, to at least modestly reform ISP immunity and give cyber-attacks victims some form of meaningful redress.
Minnesota's 'Safe and Supportive Schools Act' Passes (and a Brief Response to Mr. Fleury's Counterpoint)| Permalink
Bryan Morben, MJLST Managing Editor
On April 9, many students, parents, teachers, and school administrators rejoiced as Minnesota Governor Mark Dayton signed the Safe and Supportive Schools Act (the 7th engrossment of House Bill 826) into law. Senator Dibble, author of the bill in the Senate, recognized that "[n]o young person should be forced to choose between going to school or being safe. But today, far too many are put in that position." At the same time, however, many others disapprove of the Act as a solution to the bullying and cyberbullying crisis in Minnesota.
Without offering any recommendation to address the problem themselves, opponents of the Act continue to shoot it down on, what seems to me, to be mostly baseless grounds. I address a number of these in my article "The Fight Against Oppression in the Digital Age: Restructuring Minnesota's Cyberbullying Law to Get with the Battle," which can be found here. In that article, I recommended that the Minnesota adopt HF 826 (6th engrossment) to drastically improve Minnesota's antibullying law at the time. Since publication of the article, the bill went through one more engrossment before becoming law.
In a recent blog post, a fellow member of MJLST, Erin Fleury, made a couple counterpoints against adoption of the bill as recommended in my article. Specifically, Mr. Fleury argues that the definition of "bullying" was still overly broad and could encompass behavior not intended by the legislature. The definition Mr. Fleury quotes, however, is not found in the text of the 6th engrossment that I recommended. In fact, the Senate's amended version of the bill, which Mr. Fleury says "remedies these defects by requiring that all bullying conduct be 'objectively offensive,'" is the same in the prior version of the bill that I suggested (with a small change from "harassing conduct" to "harming conduct").
Mr. Fleury also contends that the prior bill could include "class clown" behavior as bullying because it would routinely interrupt and interfere with the learning environment. Again, I think this argument is without merit. First, it is unlikely that this conduct would arise to the "material and substantial" level of interference required by the bill (and interpreted by student-speech case law). And second, both the 6th engrossment and the amended version signed into law specifically state that the school bullying policy, including what constitutes bullying, "applies to bullying by a student against another student . . . ." (See Section 3, Subdiv. 1, emphasis added). Therefore, a class clown not directing his conduct towards any other specific student would not fall under the bullying definition.
As noted in my article, antibullying legislation like the Safe and Supportive Schools Act has been thoroughly reviewed and recommended by experts like the U.S. Department of Education and the MN Task Force on the Prevention of School Bullying. The MN Task Force was composed of parents, community members, health care professionals, education experts, school administrators, and policymakers. I believe that they have crafted a well-balanced law that should help curtail the bullying problems occurring in Minnesota schools without infringing on students' rights.
Elliot Ferrell, MJLST Staff
American Broadcasting Companies v. Aereo, Inc. has seen a surge in the news as the parties head in for arguments next Tuesday, and Justice Alito has no longer recused himself. The case involves copyright issues in streaming television over the internet, specifically asking "Whether a company 'publicly performs' a copyrighted television program when it retransmits a broadcast of that program to thousands of paid subscribers over the internet."
Some of the arguments revolve around the technology used. Aereo maintains that their streaming service is not a "public performance" in violation of copyright law because the DVR'd copy of customer's television content, saved to the cloud, comes from an "individual antenna" accessing "free-to-air broadcasts." However, others counter that Aereo's technology does not save them from violating the law because, when it comes to down to it, they are simply taking a signal, repackaging it, and selling it to their customers without compensating those who produce the content.
Personally, I can see the appeal of such a service. I catch my Game of Thrones on HBOGO, and whatever else I feel like watching on Netflix or the free section on Hulu. A few years ago, if there were a way to watch Lost immediately on the internet, then I may have questioned whether it was worth owning a television at all. However, none of this makes for a particularly compelling legal argument.
Perhaps the most relevant issue that will come out of this for the average person is what will happen to the consumer experience. If Aereo is successful than it could lead to cheaper prices cable bills, as Aereo's service costs a mere $8 per month while the average cable bill is over $100. However, this argument is complicated by the fact that a typical cable package includes a bit more than just the free-to-air broadcasts (but how much of that does the consumer really care about/want to pay for?), and Aereo's service is available in only a few regions. Additionally, one option broadcasters have in the event of an Aereo victory is to remove free-to-air content and sell it instead, perhaps with a streaming service of their own.
The consumer experience has been enriched by the options presented by television streaming services, and Aereo's service seems to supplement the current trend nicely. However, with the proliferation of sites like Netflix and Hulu and individual content producers providing their own similar services, access to free-to-air broadcasts over the internet seems kind of like an inevitability.
by Nathan Peske, UMN Law Student, MJLST Staff
On May 1, 1978 Gary Thuerk sent the first unsolicited mass e-mail on ARPANET, the predecessor to today's Internet. Thuerk, a marketing manager for Digital Equipment Corporation (DEC), sent information about DEC's new line of microcomputers to all 400 users of the ARPANET. Since ARPANET was still run by the government and subject to rules prohibiting commercial use, Thuerk received a stern tongue lashing from an ARPANET representative. Unfortunately this failed to deter future senders of unsolicited e-mails, or spam, and it has been a growing problem ever since.
From a single moderately annoying but legitimate advertisement sent by a lone individual in 1978, spam has exploded into a malicious, hydra-headed juggernaut. Trillions of spam e-mails are sent every year, up to 90% of all e-mail sent. Most spam e-mails are false ads for adult devices or health, IT, finance, or education products. The e-mails routinely harm the recipient through attempts to scam money like the famous Nigerian scam, phishing attacks to steal the recipient's credentials, or distribution of malware either directly or through linked websites. It is estimated that spammers cost the global economy $20 billion a year in everything from lost productivity to the additional network equipment required to transmit the massive increase in e-mail traffic due to spam.
While spam is clearly a major problem, legal steps to combat it are confronted by a number of identification and jurisdictional issues. Gone are the Gary Thuerk days when the sender's e-mail could be simply read off the spam e-mail. Spam today is typically distributed through large networks of malware-infected computers. These networks, or botnets, are controlled by botmasters who send out spam without the infected user's knowledge, often for another party. Spam may be created in one jurisdiction, transmitted by a botmaster in another jurisdiction, distributed by bots in the botnet somewhere else, and received by recipients all over in the world.
Anti-spam laws generally share several provisions. They usually include one or all of the following: OPT-IN policies prohibiting sending bulk e-mails to users that have not subscribed to them, OPT-OUT policies requiring that a user must be able to unsubscribe at any time, clear and accurate indication of the sender's identity and the advertising nature of the message, and a prohibition on e-mail address harvesting. While effective against spammers that can be found within that entity's jurisdiction, these laws cannot touch other members in the spam chain outside of its borders. There is also a lack of laws penalizing legitimate companies, often more easily identified and prosecuted, that pay for spamming services. Only the spammers themselves are prosecuted.
Effectively reducing spam will require a more effective international framework to mirror the international nature of spam networks. Increased international cooperation will help identify and prosecute members throughout the spam chain. Changes in the law, such as penalizing those who use spamming services to advertise, will help reduce the demand for spam.
Efforts to reduce spam cannot include just legal efforts against spammers and their patrons. Much like the international drug trade, as long as spam continues to be a lucrative market, it will attract participants. Technical and educational efforts must be made to reduce the profit in spam. IT companies and industry groups are working to develop anti-spam techniques. These range from blocking IP address and domains at the network level to analyzing and filtering individual messages, and a host of other techniques. Spam experts are also experimenting with techniques like spamming the spammers with false responses to reduce their profit margins. Efforts to educate users on proper e-mail security and simple behaviors like "if you don't know the sender, don't open the attachment" will also help bring down spammers' profit margins by decreasing the number of responses they get.
Like many issues facing society today, e-mail spam requires a response at all levels of society. National governments must work individually and cooperatively to pass effective anti-spam laws and prosecute spammers. Industry groups must develop ways to detect and destroy spam and the botnets that distribute them. And individual users must be educated on the techniques to defend themselves from the efforts of spammers. Only with a combined, multi-level effort can the battle against international e-mail spam be truly won.