Download our in-depth report: The Ultimate Guide to IT Security Vendors
With Wednesday night's historic Senate vote to approve the first ever federal anti-spam legislation, the focus now turns to the House of Representatives in Congressional efforts to have a bill on President Bush's desk by the end of the year.
Competing bills in the House containing many of the same provisions of the Burns-Wyden legislation that sailed through the Senate on a 97-0 vote are currently bottled up in the Energy and Commerce Committee.
Disputes about the ability of individuals to sue spammers, caps on damages and definitions of what actually constitutes spam continue to divide the committee members. Chairman Billy Tauzin (R.-LA) has predicted the House will pass an anti-spam bill this year.
"The Senate vote ought to light a fire on our side," a highly placed source on the committee told internetnews.com late last night. "The Senate ironed out its differences and so will we."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Any differences between the House and Senate versions will have to be worked out in a joint conference committee and then voted on again by both chambers. The White House issued a statement Wednesday night indicating Bush would sign an anti-spam bill.
Many of the same differences splitting House members faced the Senate. Throughout this legislative session, various senators filed a number of anti-spam proposals that were ultimately incorporated in the Burns-Wyden legislation.
The Can Spam Act (S. 877) approved by the Senate, co-sponsored by Senators Conrad Burns (R.MT) and Ron Wyden (D.-OR), requires bulk commercial e-mailers to include opt-out provisions and valid header and subject lines in their solicitations and provides civil and criminal penalties for violations of the law.
The bill defines spam as an "unsolicited commercial electronic message" that is not a "transactional or relationship" message and is sent to the recipient without prior affirmative or implied consent.
While providing for no private right of action by recipients of spam, it does allow Internet service providers (ISPs) adversely affected by a violation of the law to bring a civil action and sets a maximum civil penalty of $1.5 million for knowing and willful violations of the law. It also triples the monetary damages for spammers who engage in the currently common practices of e-mail address harvesting and dictionary attacks.
The bill also includes an amendment championed by Sen. Charles Schumer (D.-NY) directing the Federal Trade Commission (FTC) to come up with a plan for a federal do-not-spam list similar to the agency's popular do-not-call registry. The legislation gives the FTC, which opposed the amendment, six months to report back to Congress with any potential drawbacks to the registry.
None of the House versions of anti-spam bills call for a do-not-spam registry, but Sen. John McCain said Wednesday night it would survive a conference committee compromise bill.
"This is something we have been working on for some time now," Burns said in a statement issued by his office. "There has been an ongoing push from all sides on this issue, and the time has finally come. The overwhelming message from consumers and industry alike is that something needed to be done and I am happy to say that today we succeeded in that effort in the Senate."
The legislation targets deceptive messages sent by many large-volume e-mailers, who often hide their identities, use misleading subject lines, and refuse to honor opt-out requests from spam recipients. In particular, the legislation hopes to stem the efforts of spammers who hawk financial scams, sexual enhancement products and pornography.
Civil provisions of the bill require senders of commercial e-mail to include a valid return address so consumers can opt-out with confidence and that the e-mail contain clear notification that the message is an advertisement, along with a valid physical postal address.
An amendment to the bill requires the FTC to write rules for the mandatory labeling of pornographic messages and a separate provision directs the FTC to consider mandatory labeling, such as ADV for advertising, for unsolicited e-mail generally.
"Today, the Senate has sent the message that the government is going on the offensive against kingpin spammers," said Wyden. "Americans are tired of just watching and fretting over in-boxes clogged with unwanted e-mail, and this legislation is an important step toward giving them more control."
To toughen that offensive, Senators Orrin Hatch (R.-Utah) and Patrick Leahy (D.-VT) added criminal provisions ranging up to five years in prison for common spamming practices such as hacking into somebody else's computer to send bulk spam, using "open relays" to send bulk spam with an intent to deceive; registering for five or more e-mail accounts using false registration information and using these accounts to send bulk spam, and sending bulk spam from somebody else's Internet protocol addresses.
Schumer's do-not-spam registry is the probably the most controversial aspect of the bill since the FTC has said it does not support the idea, testifying last summer that the agency does not think a list could be properly secured.
While the bill authorizes the FTC to implement a do-not-spam registry, it gives the agency a back door since it has six months to show why it won't work.
"Within a year it is my belief that we will have [a no-spam] registry, and just as the no-call registry was a great success, I believe the no-spam registry will be a great success," said Schumer.