Anti-Spam Laws: All Bark, No Bite

In an effort to cut down on spam, Connecticut legislators have made it a crime - with a penalty of up to $25,000 a day - to send bulk e-mail messages that conceal the identity of the sender.

So how's that law working out for you?

Most of the spam in your computer in-box probably violates that 3-year-old law, which highlights the problem governments face trying to control commercial e-mail.

At least 22 states have anti-spam laws on the books. They impose a variety of restrictions on e-mail marketing: no phony subject lines, no sending messages without a recipient's permission, mandatory use of "ADV" to identify the mail as a paid ad, easy instructions for getting off a mailing list.

They all have strong supporters. And they all suffer from the same Catch-22: The laws work - for those who obey them. But those spammers who don't play by the rules are nearly impossible to track down and punish.

As if to mock the patchwork of state laws, many spammers have adopted a simple - if not necessarily legally valid - precaution. In small print at the bottom of each message, they write that the e-mail is "not intended for recipients or residents" of the states with anti-spam laws.

But that doesn't stop them from sending it.

State Rep. Paul Doyle, D-Wethersfield, who sponsored Connecticut's law, acknowledges it has done little to stop the flood of spam. Stricter legislation was proposed this year, but quickly withdrawn over concerns that it, too, would have little effect.

With so many consumers frustrated by the flood of commercial e-mail, stronger laws would seem to be a spam-dunk. But regulating electronic ads isn't as simple as it seems.

Much of the spam destined for U.S. computers either originates from or is sent through Internet servers in foreign countries. So a comprehensive attack on spam would require global cooperation, including teamwork from a host of countries that are barely on speaking terms.

In the United States, legislation often bumps up against commercial free-speech rights and the question of whether states can regulate interstate commerce. Courts in California and Washington have struck down portions of those states' laws, ruling that they were in conflict with the U.S. Constitution.

And proposals that radically restrict spam often face strong opposition from mainstream direct-marketing firms. Those companies fear that broad anti-spam laws will also affect traditional telemarketing and direct mail.

The regulation of commercial e-mail is such a political hot potato that Congress has failed to pass a single piece of legislation controlling spam in eight years of trying. Several proposals are pending this session.

Meanwhile, enforcement at the federal level generally falls to regulatory agencies. In March, the Federal Trade Commission, through its recently created "International Netforce," filed civil complaints targeting 63 alleged Internet or e-mail-related scams. The commission has also sent warning letters to more than 1,000 spammers.

But it's a drop in the bucket; the agency receives 15,000 consumer complaints about spam every day and has collected 8 million spam e-mails that are stored in a dedicated computer called "the refrigerator." The FTC uses the giant database to divine trends in spamming and to identify the biggest offenders.

Financial scams using e-mail are investigated by the Securities and Exchange Commission. Since 1995, its Office of Internet Enforcement has brought more than 300 actions involving more than 1,000 people.

But there, too, the agency can investigate only the most serious of the 800 complaints that arrive daily.

"We can't prosecute every lead where we find there's a potential violation; we have to allocate the resources the best we can," said John Reed Stark, head of the Internet Enforcement Office.

Individual Internet service providers large and small have also turned to the courts to deter spammers. America Online - which is spammer heaven with its 34 million subscribers - has sued more than 40 individuals and companies for sending unsolicited bulk e-mail or "harvesting" e-mail names from the site. In April, AOL accepted what it deemed a "substantial" amount of money to settle a lawsuit brought against a Florida company that had sent millions of sexually oriented e-mails to AOL members.

Beyond the companies, a handful of e-mail recipients have taken on spammers by filing suits in small-claims courts, a move championed by anti-spam advocates.

"I think that what's become pretty clear is that citizen action is needed, individual citizen action," said Tom Geller, founder of the SpamCon Foundation, an anti-spam group in San Francisco.

Bennett Haselton of Bellevue, Wash., has built a cottage industry of suing spammers in small-claims court. He's been awarded a total of $5,000 from seven defendants, although collecting the money is another matter.

Haselton ultimately believes it will take a technical solution to tame spam. But in the meantime, he's teaching others how to sue.

"If I end up actually making money, then other people will get in on it, too; not for altruistic reasons, but simply hoping to cash in as well," Haselton said.

"And that's a good thing, because the only way this will have an impact on spam is if enough people start taking action on their own."