Modernizing Authentication — What It Takes to Transform Secure Access
Date: 12/14/2017 @ 1 p.m. ET
The Federal Trade Commission (FTC) asked Congress Wednesday for additional powers to facilitate the agency's battle against spam, including making it a possible crime to use false e-mail header and routing information.
Speaking before the House Energy and Commerce Committee, the FCC commissioners outlined a range of procedural and substantive legislative recommendations the FTC believes would enhance its effectiveness in combating unwanted e-mail.
In a joint statement, the commissioners requested that the FTC Act be amended to allow agency attorneys to seek a court order requiring a recipient of a civil investigative demand (CID), most likely an Internet service provider (ISP), to maintain the confidentiality of the CID for a given amount of time.
The FTC is also seeking the ability to apply for a court order temporarily delaying notice to an investigative target where a CID has been issued to a third party in certain circumstances when the Right to Financial Privacy Act (RFPA) and the Electronic Communications Privacy Act (ECPA) would require such notice.
In addition, the commissioners suggested several proposals designed to improve the FTC's ability to track deceptive spammers, including clarification of the ECPA to allow the FTC to obtain complaints received by an ISP regarding a subscriber, and clarification of the scope of the ECPA so that a hacker or spammer who hijacks a bonafide customer's e-mail account is deemed a mere unauthorized user of the account, and not a "customer" entitled to the protections afforded by the statute.
The commissioners recommended that the ECPA be amended to include the term "discovery subpoena" in its language, noting that this change was particularly important because a district court has ruled that the FTC staff cannot obtain information under the ECPA from ISPs during the discovery phase of a case, which limits the agency's ability to investigate spammers.
In detailing the legislative recommendations, the commissioners' testimony stated that each is intended "to improve the agency's ability to implement its mission to serve consumers."
The FTC's recommendations come in the light of a number of proposed bills designed to curb the growth of spam. Energy and Commerce Committee Chairman Billy Tauzin (R.-La.), who has proposed his own plan, said he would work with the FTC to take into account the agency's requests.
Tauzin's bill would allow consumers to opt-out of any commercial e-mail they choose not to receive and would also require that any commercial e-mail must include identification that the message is an advertisement and must contain a valid street address for service of process.
In addition, the legislation would provide states, ISPs and federal authorities such as the Department of Justice and the FTC with criminal and civil remedies to enforce state computer fraud laws and general fraud laws against spammers.
The Tauzin bill will be competing with legislation already introduced in the Senate by Conrad Burns (R.-Mont.) and Ron Wyden (D.-Ore) known as the Can Spam Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act), which calls for unsolicited e-mail marketing messages to have a valid return address. The legislation would also mandate e-mail marketers be required to remove customers from their mailing lists if requested.
The bill gives more legal ammunition for ISPs to take spammers to court, allows the FTC to impose fines, and gives state attorneys general the power to bring lawsuits.
Sen. Charles Schumer (D-NY) is also promising to introduce legislation to create a national "do-not-spam" registry under the FTC's auspices and would also force Internet advertisers to put an ADV tag in the subject line of any unsolicited piece of e-mail. Burns and Wyden's bill contains no subject line labeling requirement.
In addition, Silicon Valley Rep. Zoe Lofgren (D.-Calif.) has prepared a bill called the Reduce Spam Act (Restrict and Eliminate Delivery of Unsolicited Commercial E-mail). The legislation would create a bounty for the first person who reports a particular spammer and establishes criminal penalties for fraudulent spam. Lofgen also wants unsolicited e-mail to have labeled subject lines, such as ADV (advertising).