Download our in-depth report: The Ultimate Guide to IT Security Vendors
WASHINGTON -- Congress will be focused on taking care of end-of-year spending bills when it returns to work this week, as well as putting finishing touches on the Can Spam Act of 2003.
Dubbed the most significant Internet-related legislation so far by the 108th Congress, the bill awaits "technical corrections" in the House before it can be sent to President Bush for his promised signature.
The Can Spam Act establishes the first national standards for the sending of commercial e-mail and charges the Federal Trade Commission (FTC) with enforcing the Act. The FTC is required to report back to Congress within two years on the effectiveness of the Act and the need, if any, for modifications.
"With this bill, Congress is saying that if you are a spammer, you can wind up in the slammer. That is the bottom line. The bottom line is that there will be criminal penalties and real prosecution," said Sen. Charles Schumer, D.-N.Y. "Will we go after every spammer, somebody who makes a mistake here and there? No. But the studies show us -- this is what gives all of us such hope -- that maybe 250 spammers send out 90 percent of the e-mail. And we are saying to those 250, no matter where you are, or how you try to hide your spam, we will find you. This bill gives the FTC and the Justice Department the tools to go after you."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Wireless spam is also covered by the bill with the Federal Communications Commission (FCC) required to promulgate rules within nine months to shield consumers from unwanted "unwanted mobile service commercial messages."
Consumers expecting to see a significant drop in e-mail are likely to be disappointed. The bill permits e-mail marketers to send unsolicited commercial e-mail (UCE) as long as the message contains an opt-out mechanism, a functioning return e-mail address, a valid subject line indicating it is an advertisement and the legitimate physical address of the mailer.
Pre-empting any existing state anti-spam laws, the bill makes it a misdemeanor crime subject to up to one year in jail to intentionally send UCE with falsified header information and sets out civil penalties for a host of other common spamming practices used to obtain e-mail addresses, including harvesting, dictionary attacks and spoofing. Hijacking computers or open relays for the purpose of sending unlawful spam are also proscribed.
A late amendment to the bill by Sen. John McCain, R.-Ariz., holds businesses knowingly promoted in UCE with false or misleading header information subject to FTC penalties and enforcement remedies, regardless of whether the FTC is able to identify the spammer who initiated the e-mail.
Another section of the legislation prohibits the sale or other transfer of an e-mail address obtained through an opt-out request to prevent the treatment of this class of mail as a confirmation of a "live" e-mail address and selling that information to would-be spammers.
Spammers also face civil penalties for using automated means to register for multiple e-mail accounts from which to send unlawful UCE, a technique commonly used by spammers to cycle rapidly through different originating addresses, making the spammers hard to track down and the UCE they send more difficult for Internet service providers and other e-mail service providers to filter.
In addition, the bill requires the FTC to produce several reports on other proposed solutions to slowing UCE, including a national do-not-spam list similar to the FTC's popular do-not-call registry. The FTC has six months after the enactment of the bill to come up with a plan for creating the e-mail registry or else explain to Congress why the creation of such a list is not currently feasible.
Earlier this year, the FTC testified at Senate hearings on the legislation that a do-not-spam list raises significant technical, security and privacy questions that would need to be resolved before such a list could be implemented.
"I believe that it will work. I know that the FTC has some doubts. Although, fortunately, they now say it is technically feasible,"Schumer, who sponsored the amendment calling for the do-not-spam report, said in November. "My answer to the FTC: Try it. We do not have anything better. It is not going to solve everything, but it is the best tool we have."
Schumer said he had been assured by McCain, chairman of the Senate Commerce Committee, and Sen. Ernest F. Hollings, D.-S.C., the ranking minority member of the committee, as well as Senators Conrad Burns, R.-Mont., and Ron Wyden, D.-Ore., the bill's co-sponsors, "We will make sure they (FTC) implements it. We will either do it by statutorily or by pressure from the appropriators and others."
The agency also has nine months to draft suggestions for the implementation of a system to grant a reward of not less than 20 percent of the total civil penalty for the first person to report the identity of a false header source, a bounty plan supported by Rep. Zoe Lofgren, D.-Calif.
Within 18 months of the bill enactment, the FTC must also produce a report on possible mandated subject line labeling, such as ADV for advertising. As currently drafted, the Can Spam Act requires UCE to carry identifying information that it is an advertisement or solicitation but does not mandate any specific language.
Other priority items on lawmakers' technology agenda -- an extension of the Internet access tax ban that expired Nov. 1 -- most likely will not see any action until mid-January. Differences remain over the duration of the next moratorium and the definitions of Internet access.