Modernizing Authentication — What It Takes to Transform Secure Access
WASHINGTON -- Government officials from both the U.K. and the U.S. warned Tuesday anti-spam legislation will be largely ineffective without international cooperation. Britain has already passed legislation aimed at stopping the flood of unsolicited e-mail while several bills are currently being debated in Congress.
Speaking at a luncheon sponsored by the Forum on Technology & Innovation, U.S. Sen. Ron Wyden (D.-Ore.), co-sponsor of an anti-spam bill with Conrad Burns (R.-Mont.) that is pending a floor vote, said even a "tough law with aggressive enforcement" will be meaningless if spammers simply move offshore to countries without anti-spam laws.
"International cooperation will still be needed," said Wyden, who predicted the Burns-Wyden legislation would be voted on in the Senate "shortly."
Andrew Pinter, who reports directly to British Prime Minister Tony Blair as his "e-Envoy," echoed Wyden's remarks, commenting that "legislation is not everything. A lot of it (spam) is pornography and it is already illegal. The great importance is international cooperation where agencies from different countries work together effectively. We need cross-border solutions involving information sharing, not prosecutions, which are done in each country."
That cooperation will be essential said Charles Curran, assistant general counsel with America Online, who noted, "What we have been seeing lately is outlaw spammers looking to co-locate with servers in Russia and China." Neither country has an anti-spam law.
Pinter said the U.S. and the U.K. need to draw Russia and China into the international community but "first we have to get our own houses in order."
In March, the British Parliament approved a new opt-in law requiring companies to obtain permission from an individual before sending e-mail, but the regulations do not cover business e-mail addresses, a provision Pinter called a "soft opt-in."
The Burns-Wyden bill requires commercial e-mailers to use clear and conspicuous identification that the message is an advertisement or solicitation and that the e-mail contains an opt-out provision. Under the bill, unsolicited commercial e-mail must contain the valid physical address of the sender.
The bill also beefs up penalties for address harvesting and dictionary attacks, using scripts or other automated means to establish multiple electronic mail accounts to avoid detection and to knowingly relay or re-transmit an unsolicited commercial electronic message.
Under the bill's provisions, spammers who use false headers or misleading subject lines face up to a year in jail and a maximum fine of $1 million.
In the House, a partisan dispute over penalties and private right of action has kept anti-spam legislation bottled up in committee. House versions of anti-spam legislation also call for opt-out provisions.
The panel agreed that philosophical differences between opt-in/opt-out legislation are minor details in the international effort against spam.
"Until issues of authenticity (of the spammer's address) is dealt with, it (opt-in/opt-out) is relatively unimportant," Curran said.
Howard Beales, director of the Federal Trade Commission's Bureau of Consumer Protection, added, "Clearly fraudulent operators are hiding behind the anonymity of the Internet. It is possible to stay here (in the U.S.) and make it look like it came from abroad."