Modernizing Authentication — What It Takes to Transform Secure Access
Federal Trade Commission (FTC) Chairman Tim Muris told Congress Wednesday his agency will continue to address the ever-growing problem of spam, but he is also hopeful that technological fixes and other industry initiatives will provide additional solutions.
Speaking before the House Subcommittee on Commerce, Justice, State, the Judiciary and Related Agencies in support of a $191.1 million budget request, Muris said the FTC continues to battle spam through "law enforcement efforts, consumer and business education, and research."
In the past year, Muris said the FTC and 12 law enforcement partners brought 30 enforcement actions as part of an ongoing initiative to fight deceptive spam and Internet scams. The FTC also initiated, with 10 participating agencies, a "Spam Harvest," a study designed to test which actions taken by consumers online may put them at the greatest risk of receiving spam.
In addition, the FTC recently settled an action against a company that allegedly profited from a particularly "insidious spam scam."
According to the FTC complaint, the subject line of a mass e-mail read "Yahoo sweepstakes winner," and the message congratulated the recipient for being chosen as a winner of a prize in a recent Yahoo sweepstakes contest. Most often, the message mentioned that the prize was a Sony Playstation 2, making it particularly attractive to adolescents.
But the message was not from Yahoo and the recipients had not won anything. Instead, after clicking through five Web pages, consumers were connected to a pornographic Web site at a cost of up to $3 a minute. The FTC filed a complaint against the operators of the adult Web site to which consumers had been driven by the spam.
The settlement enjoined the defendants from making misleading representations of material facts in e-mail and other marketing, including deceptive e-mail header information. The settlement also requires defendants to prevent third parties that promote their videotext services, through e-mail or other means, from making deceptive statements.
In further 2002 actions, the FTC targeted spammers and Web site operators for deceptive marketing of fake international driving permits. According to Commission complaints, the defendants claimed that their driving permits (which cost up to $375) were alternatives to state-issued drivers' licenses, and could be used to drive legally in the United States; to avoid points or sanctions for traffic violations; and as an identification document. The FTC obtained preliminary injunctions against such practices in six federal court actions.
To bolsters its 2003 anti-spam efforts, the FTC will host a public forum from April 30-May 2. The forum will explore the proliferation of, and potential solutions to, unwanted spam and will examine how the ability of spammers to remain anonymous assists those who perpetrate fraud and complicates law enforcement efforts.
The workshop will include panels to address different issues associated with spam, including the daily experience of consumers, filter programmers, and ISP abuse department personnel in dealing with spam; e-mail address harvesting technology; deceptive routing and subject information in spam; and the costs and benefits of spam, including the costs ISPs spend on filtering, bandwidth, and customer service that are passed on to consumers.
Other panels will consider security weaknesses such as open relays, open proxies, and FormMail scripts in e-mail transfer technology; Blacklists; viruses, Web beacons, and spyware that may be attached to e-mail; wireless devices, text-based messaging, and wireless e-mail; current and proposed spam legislation; enforcement of current and proposed international spam legislation; and recent private and governmental spam law enforcement actions.
The forum will be held at the FTC offices in Washington.