Members will hear testimony relating to potential legislative, technical, and other approaches to curtailing unwanted spam. Senator McCain will preside.
Witness Panel 1
The Honorable Mark Dayton
The Honorable Charles E. SchumerUnited States SenatorNew York
Chairman McCain, Senator Hollings, Colleagues, Good Morning. Mr. Chairman, I want to thank you for holding this hearing to address Unsolicited Commercial E-Mail or Spam. I also want to commend Senators Burns and Wyden for their leadership and hard work on this issue. I believe we are under siege. Armies of online marketers have overrun email inboxes across the country with advertisements for herbal remedies, get-rich-quick schemes and pornography. As you are all aware, spam traffic is growing at a geometric rate, causing the Superhighway to enter a state of virtual gridlock. What was a simple annoyance last year has become a major concern this year and could cripple one of the greatest inventions of the 20th century next year if nothing is done. Way back in 1999, the average email user received just 40 pieces of unsolicited commercial email – what we call spam – each year. This year, the number is expected to pass 2,500. I know that I'm lucky if I don't get 40 pieces of spam every couple of days! As a result, a revolution against spam is brewing as the epidemic of junk email exacts an ever increasing toll on families, businesses and the economy. Let me illustrate this point with a story. My wife and I have two wonderful children, one of whom is just about to complete her first year at college. The other, a 14 year-old girl, is an absolute whiz on the Internet who loves sending and receiving email. As parents, we do our best to make sure she has good values and that the Internet is a positive experience for her – a device to help her with her schoolwork or learn about events taking place around the world and, maybe even a way to order the latest In Sync CD. You can imagine my anger and dismay when I discovered that not only was she a victim of spam like myself, but, like all email users, much of the junk email she was receiving advertised pornographic web sites. I was and remain virtually powerless to prevent such garbage from reaching my daughter's inbox. The frustration I feel in the battle against spam is one that I think business owners and Internet Service Providers across that nation can identify with. According to Ferris Research, spam costs businesses in the United States $10 billion each year in lost productivity, consumption of Information Technology resources and help-desk time. With surveys showing that over 40% of email traffic qualifies as spam, ISPs spend millions of dollars each year on research, filtering software and new servers to deal with the ever expanding volume of junk email being sent through their pipes. And, if the spam itself isn’t enough, spammers often engage in crimes such as identity theft and fraud to secure email addresses and domain names from which to send millions of pieces of junk email. All of this demonstrates that it’s time to take back the Internet from the spammers. And why I am joining you today in saying that enough is enough. We all know that spammers use a variety of tools and methods to send millions of email messages each day. In order to be effective, I believe spam solutions will have to be as creative and varied as the spammers’ efforts. We should give law enforcement officials, ISPs and others a wide variety of tools to fight spam. Among the possible solutions that are exist – and this is not an exhaustive list – are pending legislation in the Senate and the House the would enact anti-email harvesting provisions and special email labeling requirements; stipulate valid unsubscribe features; and prohibit false and fraudulent header, router and subject line information. And that’s just a start. As I said before, because of the dramatic challenges we face in stemming the spam flood, we need a multi-pronged approach. In particular, I believe stiff criminal penalties – including jail time for repeat offenders – are warranted. I am working with my colleagues on the Judiciary Committee on a bill to create these new penalties. We will hunt down spammers one by one, using criminal penalties to show what will happen to those who continue to send junk email. Another idea I have offered is a National No-Spam Registry. This list, maintained by the Federal Trade Commission, would be a gigantic database of people who have "opted out" of receiving spam by submitting their email addresses to the list. The list is modeled on the highly successful Do-Not-Call registries that have been used to ward off telemarketers. Although a similar list for email addresses poses security challenges that must be addressed before implementation, I am hopeful that this list might be one way we can give consumers control over their in-boxes. None of these solutions will be the silver bullet that stops all spam. But a multi-faceted approach has a better chance of reducing the ever-growing amount of spam than a solitary solution. And stemming this rising tide is essential if the internet is to continue to be an effective medium of communication and commerce. If spam continues to grow, people will rely on their email less and less. Right now, consumers are becoming so frustrated at the junk email bombardment that they delete legitimate commercial email as if it were spam. This is why so many interested parties, including the Direct Marketing Association, have come around to the view that the federal government can play a meaningful role in stopping spam. They know that effective federal anti-spam legislation will make it is more likely that consumers will read legitimate marketing messages. I think we can all agree that spammers must not be allowed to bog down the vast potential of email and the Internet. It is my hope that the impressive roster of panelists you have assembled here today will stimulate ideas to stop spammers in their tracks. I look forward to hearing their testimony and working with all of you to bring and end to the current junk email epidemic.
Witness Panel 2
The Honorable Orson SwindleCommissionerFederal Trade Commission
Thank you Mr. Chairman and members of the Committee for this timely discussion of SPAM and the threat it poses to the potential benefits of information technology. Consumers must have trust, confidence and comfort with technology and its uses, particularly when it comes to their privacy and the security of personal and sensitive information. SPAM undermines consumer trust and confidence. It represents a significant and rapidly growing threat to web-based services. The Commission’s prepared testimony provides the Committee with an excellent overview of our efforts to combat SPAM. What is SPAM? The FTC defines unwanted and unsolicited SPAM as “any commercial electronic mail message that is sent-typically in bulk- to consumers without the consumers prior request or consent.” There are at least four major concerns caused by SPAM. First, the volume is increasing at astonishing rates, current estimates indicate at least 40% of all email is SPAM. Second, recent studies by the FTC indicate that SPAM has become the weapon of choice of those engaged in fraud and deception. Nearly 66% of the SPAM we examined appeared to contain falsity and deception. I would ask our False Claims in Spam report be included as part of the record. Third, the sheer volume of SPAM — coupled with it’s capacity to transmit viruses, trojan horses, and other damaging code — threatens to do major damage to the internet and our critical infrastructure and the internet. Fourth, there is no easy solution — no one silver bullet that will solve the problem. Solutions must be pursued from many directions. These concerns represent enormous costs to businesses, the economy, consumers and society. Two specific problems demand attention by policy makers and industry leaders. First, there is the complex combination of technology, market forces and public policy that will be evolving for years to come. The second problem is one that I characterize as heavily influenced by the emotions of consumers, small businesses and home users by the millions who are literally fed up with SPAM. I am concerned that SPAM is about to kill the “killer app” of the internet — specifically — consumer use of email and e-commerce. If consumers lose confidence in web-based services and turn away, tremendous harm will be done to the economic potential of information technology. Solving these problems will require innovation, resources and time. However, dealing with the emotional reaction to SPAM by millions of users, demands immediate attention before it gets out of hand. Internet service providers, software manufacturers, and those engaged in designing operating systems must empower consumers with better control over their incoming email. Easing the SPAM burden on consumers would help to shore up trust and confidence. Surely, consumer empowerment is possible today. Why has industry not solved this problem? Frankly, to date, I am not convinced that industry has made the commitment or really wants to empower consumers by giving them easy-to-use tools for personal control. I read a book last summer, Tuxedo Park, by Jennet Conant – a fascinating account of Alfred Loomis, wealthy financier from the 1920s. He funded a private research laboratory at his Tuxedo Park estate, attracting the great scientists of his day. They were instrumental in the accelerated development of radar which enabled us to keep supply lines open to England early in WWII. War time crisis demanded that creative minds quickly find technical solutions to complex problems. Loomis and friends were up to the task. It occurs to me that we have a crisis today – we must avoid major set backs to the potential of information technology. We need great minds to quickly find solutions to SPAM. Empowering consumers would be a good first step. Is industry motivated to do the right thing and do it now? The FTC’s law enforcement efforts against SPAM are intensifying, but finding the guilty parties is resource intensive and a difficult technical challenge. We give consumer education high priority at the Commission. Our Information Security website and private sector partnerships continue to expand our reach. Recently, we released findings from three studies to better understand the magnitude of the SPAM problem, how SPAM is proliferated, and how consumers and users are victimized. Our recent three-day SPAM Forum aimed to better inform the dialogue and find the best possible solutions to the SPAM problem. The Forum was remarkable in its discussions and participation – over 400 participants and 80 panelists. I would like to share some of the Forum’s revelations — as well as some personal observations — about the realities of SPAM. First and most essential — the private sector must lead the way! We likely will not find the perfect solution. The target will be constantly moving as technology evolves. More laws are not necessarily the right answer. I heard little universal enthusiasm from participants for currently proposed legislation. Laws bestowing competitive advantage to larger firms over smaller competitors are questionable. Unenforceable laws will have little real effect. Overreaching laws will have unintended adverse consequences. Passing legislation to mandate best practices for “good actors” will not help us track down the “bad actors” engaged in fraud and deception. We must work together. Consumers, users, and civil society organizations also must be a part of our continuing dialogue to find solutions. Awareness and safe computing practices by all participants are essential. Developing a culture of security where all participants work to minimize our many vulnerabilities is an imperative, not an alternative. Our efforts to solve the SPAM problem and secure our information systems and networks is not a destination — we are embarked upon a journey! Thank you, Mr. Chairman.
The Honorable Mozelle W. Thompson
Mr. Chairman, the Federal Trade Commission appreciates this opportunity to provide information to the Committee on the FTC’s efforts to address the problems that result from bulk unsolicited commercial email. This statement discusses the Commission’s law enforcement efforts against spam, describes our efforts to educate consumers and businesses about the problem of spam, and focuses particularly on the Commission’s recent Spam Forum and several studies on the subject that the Commission’s staff has undertaken in recent months. As the federal government’s principal consumer protection agency, the FTC’s mission is to promote the efficient functioning of the marketplace by acting against unfair or deceptive acts or practices and increasing consumer choice by promoting vigorous competition. To fulfill this mission, the Commission enforces the Federal Trade Commission Act, which prohibits unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce. Commerce on the Internet, including unsolicited commercial email, falls within the scope of this statutory mandate. Unsolicited commercial email (“UCE” or “spam”) is any commercial electronic mail message that is sent – typically in bulk – to consumers without the consumers’ prior request or consent. The extreme speed, anonymity and negligible cost of sending spam differentiate it from other forms of unsolicited marketing, such as direct mail or telemarketing. Those marketing techniques, unlike spam, impose costs on marketers that limit their use. There are two basic problems with spam. First, deception and fraud appear to characterize the vast majority of spam. Indeed, spam appears to be the vehicle of choice for many fraudulent and deceptive marketers. Second, a serious Internet infrastructure problem flows from the sheer volume of spam that is now being sent. Spam, even if not deceptive, may lead to significant disruptions and inefficiencies in Internet services, and may constitute a significant problem for consumers and businesses using the Internet. In addition, spam can spread viruses that wreck havoc for computer users. These problems together pose a threat to consumers’ confidence in the Internet as a medium for electronic commerce. Virtually all of the panelists at the Commission’s recent Spam Forum, described in more detail below, opined that the volume of unsolicited email is increasing exponentially and that we are at a “tipping point,” requiring some action to avert deep erosion of public confidence in email that could hinder, or even destroy, it as a tool for communication and online commerce. In other words, as some have expressed it, spam is “killing the killer ap.” The consensus of all participants in the workshop was that a solution to the spam problem is critically important, but cannot be found overnight. There is no quick or simple “silver bullet.” Rather, solutions must be pursued from many directions – technological, legal, and consumer action. The Forum helped to suggest paths to follow toward solutions to the spam problems. These solutions will depend on cooperative efforts between government and the private sector. In fact, the Forum is only the most recent example of the FTC’s role as convener, facilitator, and catalyst to encourage that activity. But the Commission also plays another important role – that of law enforcer. The Commission has pursued a vigorous law enforcement program against deceptive spam, and to date has brought 53 cases in which spam was an integral element of the alleged overall deceptive or unfair practice. Most of those cases focused on the deceptive content of the spam message, alleging that the various defendants violated Section 5 of the FTC Act through misrepresentations in the body of the message. More recently, the Commission has expanded the scope of its allegations to encompass not just the content of the spam but also the manner in which the spam is sent. Thus, FTC v. G. M. Funding, and F.T.C.v. Brain Westby allege (1) that email “spoofing” is an unfair practice, and (2) that failure to honor a “remove me” representation is a deceptive practice. In these cases, the defendants’ email removal mechanisms did not work and consumers’ emailed attempts to remove themselves from defendants’ distribution lists were returned as undeliverable. Westby is also the first FTC case to allege that a misleading subject line is deceptive because it tricks consumers into opening messages they otherwise would not open. In other cases, the Commission has alleged that the defendants falsely represented that subscribing to defendants’ service could stop spam from other sources or that purchasers of a spamming business opportunity could make substantial profits. Thus, through our law enforcement actions the Commission has attacked and will continue to attack deception and unfairness in every aspect of spam. Experience in these cases shows that the primary law enforcement challenges are to identify and locate the targeted spammer. Of course, finding the wrongdoers is an important aspect of all law enforcement actions, but in spam cases it is a particularly daunting task. Spammers can easily hide their identity, forge the electronic path of their email messages, or send their messages from anywhere in the world to anyone in the world. Tracking down a targeted spammer typically requires an unusually large commitment of staff time and resources, and rarely can it be known in advance whether the target’s operation is large enough or injurious enough to consumers to justify the resource commitment. To complement its law enforcement efforts, the Commission endeavors to educate consumers and businesses on ways they can reduce the amount of unwanted spam they receive, and about particular types of scams commonly disseminated through spam, such as illegal chain letters and “Nigerian” scams. These materials are available on the FTC’s spam website, www.ftc.gov/spam. Another aspect of the Commission’s approach to spam is to investigate and research the problems it poses to understand them better. Through this research, the Commission can refine and better focus its law enforcement and consumer and business education efforts. Studying the Spam Problem The Commission has engaged in several research projects to explore how spam affects consumers and online commerce. These projects include a “Remove Me” surf, a “spam Harvest,” and a study of False Claims in Spam. The “Remove Me” Surf Last year the Commission announced the results of the “Remove Me” surf, in which the FTC and law enforcement partners tested whether spammers where honoring the “remove me”or “unsubscribe” options in spam. From email that participating agencies had forwarded to the FTC's spam database, the Commission’s staff selected more than 200 messages that purported to allow recipients to remove their names from a spam list. The agencies set up dummy email accounts to test the pledges. We found that 63 percent of the removal links and addresses in our sample did not function. If a return address does not work to receive return messages, it is unlikely that it could be used to collect valid email addresses for use in future spamming. This finding tends to disprove the common belief that responding to spam guarantees that you will receive more of it. The “Spam Harvest” In its “Spam Harvest,” the Commission’s staff conducted an examination of what online activities place consumers at risk for receiving spam. The examination discovered that one hundred percent of the email addresses posted in chat rooms received spam; one received spam only eight minutes after the address was posted. Eighty-six percent of the email addresses posted at newsgroups and Web pages received spam, as did 50 percent of addresses at free personal Web page services, 27 percent from message board postings, and 9 percent of email service directories. The “Spam Harvest” also found that the type of spam received was not related to the sites where the email addresses were posted. For example, email addresses posted to children's newsgroups received a large amount of adult-content and work-at-home spam. As part of this project, the staff developed consumer education material, including a publication, "E-mail Address Harvesting: How Spammers Reap What You Sow," that provides tips, based on the lessons learned from the Spam Harvest, to consumers who want to minimize their risk of receiving spam. The tips advise, among other things, that consumers can minimize the chances of their addresses being harvested by using at least two email addresses--one for use on web sites, newsgroups and other public venues on the web, and another email address solely for personal communication. Another suggested strategy to reduce spam is “masking” (disguising) email addresses posted in public. The “False Claims in Spam” Study An additional FTC staff study examined false claims in spam. The staff examined 1,000 spam messages selected randomly from three sources: our spam database of consumer-forwarded messages, the spam received at the addresses used in the Spam Harvest, and spam that reached FTC employee computers. The staff analyzed the messages based upon the types of products or services offered, the indicia of deception in the content of the messages, and the indicia of deception in the “from” and “subject” lines of the messages. The Types of Products or Services Offered - The staff found that 20 percent of the spam contained offers for investment or business opportunities, which include such things as work-at-home offers, franchise opportunities, or offers for securities. Another 18 percent of the spam offered adult-oriented products or services. Of those adult messages, about one-fifth included images of nudity that appeared automatically in the body of the message. Further, 17 percent of the spam messages involved finance, including credit cards, mortgages, refinancing, and insurance. All together, the investment/business opportunity, adult, and finance offers comprised 55 percent of our sample. Indicia of Falsity in the Content of Spam Messages - The staff also determined how many spam messages appeared misleading. Using expertise gleaned from past law enforcement actions and recent research efforts, the staff identified specific representations likely to be false. The staff found that 40 percent of all the combined categories of spam messages contained indicia of falsity in the body of the message. An astonishing 90 percent of the investment/business opportunity category of spam contained indicia of false claims. Evidence of Falsity in the “From” and “Subject” Lines - The staff also looked at evidence of deception in the “from” and “subject” lines of the spam. One third of the messages contained indicia of falsity in the “from” line. Messages falling into this category included “from” lines connoting a business or personal relationship, such as using a first name only, or stating “Your Account@XYZ.COM.” Another common instance of misleading “from” lines occurs when spammers make the sender’s name the same as the recipient’s address, so it appears that one has sent the message to oneself. In addition, the staff found that 22 percent of the spam messages contained indicia of falsity in the subject line, such as using “Re:” to indicate familiarity or a subject line that was unrelated to the content of the message, such as “Hi” or “Order Confirmation.” Over one third of adult-content spam contained false information in the subject line. Further, only two percent of the analyzed spam contained the label “ADV:” in the “subject” line, even though such a label is required by the laws of several states. Conclusions of the False Claims in Spam Study - Adding up the various forms of deception, the staff found that 66 percent of the spam appeared to contain at least one form of deception. This Spam Study confirms the Commission’s earlier belief that fraud operators, who are often among the first to exploit any technological innovation, have seized on the Internet's capacity to reach millions of consumers quickly and at a low cost through spam. Not only are fraud operators able to reach millions of individuals with one message, but they also can misuse technology to conceal their identity. The Commission believes the proliferation of fraudulent or deceptive spam on the Internet poses a threat to consumer confidence in online commerce and, therefore, views the problem of deception as a significant issue in the debate over spam. The FTC Spam Forum Building upon our research, education, and law enforcement efforts, the FTC held a three-day public forum from April 30 to May 2, 2003 on spam email. This was a wide-ranging public examination of spam from all viewpoints. The Commission convened this event for two principal reasons. First, spam is frequently discussed, but facts about how it works, its origins, what incentives drive it, and so on, are not widely known. The Commission anticipated that the Forum would generate an exchange of useful information about spam to help inform the public policy debate. This could help the Commission determine what more it might do to more effectively fulfill our consumer protection mission in this area. Second, the Commission sought to act as a potential catalyst for solutions to the spam problem. Through the Forum, the Commission brought to the table representatives from as many sides of the issue as possible to explore and encourage progress toward possible solutions to the detrimental effects of spam. The Commission believes that the Forum advanced both goals. As described below, the panelists contributed valuable information from a variety of differing viewpoints to the public record. In addition, the Forum spurred a number of participants into cooperation and action. Most notably, on the eve of the Forum, industry leaders Microsoft, America Online, and Yahoo! announced a collaborative effort to stop spam. Moreover, several potential technological solutions to spam were announced either at or in anticipation of the Forum. The Commission intends to foster this dialogue, and, when possible, to encourage other similar positive steps on the part of industry. The strong interest in addressing spam is shared by: consumers, Internet Service Providers (“ISPs”), law enforcement authorities, marketing services, bulk email marketers, anti-spammers, and retailers and manufacturers. These interest groups were represented at the Forum by 87 different panelists collectively possessing a tremendous range of expertise, and coming from all over the globe to participate in this discussion. Distinguished representatives from the European Commission, Canada, Australia, Korea, and Japan offered their views on how spam affects their countries and how they are trying to tackle the problem. On the domestic front, panelists included prominent representatives from all sectors affected by spam, such as the president of the consumer group, the SpamCon Foundation, the president of the Direct Marketing Association, vice presidents of America Online and Microsoft, and the Washington State Attorney General. Distinguished members of Congress - Senators Burns, Wyden, and Schumer, and Representative Lofgren – also addressed Forum attendees. The Spam Forum was organized into twelve panel discussions that were conducted over the course of three days. In addition to the 87 panelists, approximately 400 people were present each day in the audience at the FTC Conference Center, with many more individuals participating via a video link or by teleconference. Questions for the panelists were accepted from the audience and via a special email address from those attending through video link or teleconferencing. Day One of the Forum focused on the mechanics of spam. Panelists discussed in detail how spammers find email addresses and how deception in the sending of spam affects consumers and online commerce. Discussions then focused upon security weaknesses that enable or facilitate spam, such as open relays and open proxies. Day Two explored the economic costs of spam. Panelists participated in an in-depth discussion of economic incentives inherent in spam and the costs of spam to marketers, ISPs, and consumers, and its effects on emerging technologies. Specifically, panelists discussed spam blacklists, email marketers, and wireless spam (unsolicited text messages received via cell phone). Day Three focused on potential solutions to spam. Panelists discussed three potential avenues to a solution: legislation, litigation, and technology. Specific topics covered included: state, federal, and international legislation; civil and criminal law enforcement and private litigation against spammers; and various technological approaches. Panelists at the Forum bought forward an enormous amount of information about spam and how it affects consumers and businesses. Several primary themes emerged from the various discussions. First, the volume of spam is increasing sharply. Many panelists reported that the rate of increase is accelerating. For example, one ISP reported that in 2002 alone it experienced a 150 percent increase in spam traffic. Second, spam imposes real costs. The panelists offered concrete information about the costs of spam to businesses and to ISPs. Specifically, ISPs reported that costs to address spam have increased dramatically over the past two years. ISPs bear the cost of servers and bandwidth necessary to channel the flood of spam, even that part of the flood that is being filtered out before reaching recipients’ mail boxes. America Online reported that it recently blocked an astonishing 2.37 billion pieces of spam in a single day. Third, spam is an international problem. According to our international panelists, most of the spam received in their countries is in English and advertises American products or companies. Most panelists agreed that any solution to stopping spam will have to involve an international effort. Our law enforcement experience has taught that the path from a fraudulent spammer to a consumer’s in-box typically crosses at least one international border and frequently several. Thus, fraudulent spam exemplifies the growing problem of cross-border fraud. To enhance our effectiveness in the fight against fraudulent spam and other kinds of fraudulent schemes that cross international borders, the Commission will be asking this Committee, as part of our forthcoming reauthorization testimony, for additional legislative authority in a number of areas, including measures that would: allow the agency to share such information on targeted schemes with our overseas counterparts; provide investigative assistance to them in appropriate cases; improve our ability to obtain information from U.S. criminal agencies and federal financial regulators, who are often investigating the same types of fraudulent conduct that we are; and improve the agency’s ability to obtain consumer redress in cross-border cases by clarifying the Commission’s authority to take action in such cases, and by expanding the agency’s ability to use foreign counsel to pursue assets offshore. Legislation expanding the Commission’s authority in these ways is essential to improve the agency’s ability to fight fraudulent spam in particular, as well as other manifestations of the more general problem of cross-border fraud. Approaches to Solving the Spam Problem The broad themes that emerged from the Forum panel discussions depict the spam problem as increasing volume, increasing costs, and increasing international effects. This confirms that finding solutions to the problems posed by spam will not be quick or easy; moreover, the consensus of panelists was that no single approach will likely cure the problem. Some panelists at the Forum stated that a large scale technological change in the email protocol system is not likely to occur. Nevertheless, others indicated that there are incremental technical changes that can be grafted onto the existing email protocol to ease the burden of unwanted email on ISPs and consumers. In addition, consumer representatives stressed that any solution should include consumer empowerment – to allow email recipients to decide what messages they want to receive in their inbox, and to give recipients the technical tools to effectuate those decisions. Some panelists, but by no means all, advocated additional federal legislation and law enforcement efforts as a means to provide needed accountability and deterrence. All Spam Forum participants agreed that solving the problem of bulk unsolicited commercial email will likely necessitate an integrated effort involving a variety of technological, legal, and consumer action, rather than one single solution. Through the Forum and the follow-up efforts it suggested, the Commission hopes to act as a catalyst for technologists, industry, law enforcement, and policy officials to work together to find a solution. Conclusion Email provides enormous benefits to consumers and businesses as a communication tool. The increasing volume of spam to ISPs, to businesses, and to consumers, coupled with the use of spam as a means to perpetrate fraud and deception put these benefits at serious risk. The Commission looks forward to continuing its research, education, and law enforcement efforts to protect consumers and businesses from the current onslaught of unwanted messages. The Commission appreciates this opportunity to describe its efforts to address the problem of spam, and the outcome of its recent Spam Forum.
Witness Panel 3
Mr. Ronald Scelson
Oral Remarks from Hearing Transcript (witness's submitted written testimony follows): MR. RONALD SCELSON: First off, I'd like to thank Senator McCain for inviting me here for this. I know I'm probably the most disliked person in this entire room. (Laughter.) I send close to 180 million e-mails out every 12 hours. SEN. McCAIN: You've shown a great deal of courage by coming here today and we appreciate it. I mean that. MR. SCELSON: Listening to all you speak, I originally had a speech just like these gentlemen have, sir. But being here today, I got to get a little more of a feel about the things that these people do not like and what the government aspects of this are. In the e- mails I send out right now, the reason that I've gone back being a spammer. I originally started out, spam was not known as spam back then but eventually started becoming one. SEN. McCAIN: How long have you been in business? MR. SCELSON: Fifteen years. The reason e-mail has grown is people still buy. My average complaint ratio is 1,000 people complain, close to 2,000 remove in a mailing and a 1 to 2 percent response rate. If it's hated so bad, which people do complain, then why do more people buy than they complain about it? Most of what the government is not aware of, and certain ISPs including Hotmail's newest filters that are here with us, leave out in detail to you all is right now there's state laws, for instance, that say you have to provide a valid remove and ADV in the subject. Their key filter, which was just updated on Thursday, I had broken as of Friday and released free to the other bulk mailers, has in there that "remove" word, unsubscribe, opt-in. Well, now, you tell me, follow the law, don't spend spam, be a good guy. I'll be a good guy and mailing the Hotmail -- or AOL, that makes no sense -- and their filters will filter this out. Now, if I don't use this, I'm then accused of being a spammer. I agree with all the people here. There's no reason to use proxies. There's no reason to use relays and a Remove is a good option to add in there for people to use. As far as the way we gather our addresses. Most addresses for bulk snail mail are purchased from banks and a lot of companies. Your proposal to make extracting and gathering e-mail addresses and buying them is a good idea if it is also going to be added to the snail mail industry. What's fair for one is fair for the other. Personally, I do not get addresses this way. So it doesn't affect me. Most of the gentlemen here all offer a members' directory, which I am a paid member of all these clients. This members' directory is identical to a Yellow Pages providing e-mail, name, phone number and address. To automate software, which I have done for clients, to extract phone numbers from phone books is the exact same technology that extracts their members' directory which I am a paid member of and this is granted free from AOL to give me access to all these users. AOL does have the highest filter system in the world, no matter what anybody thinks. I do this every day. I give them full credit for this. The biggest thing I find most people also seem to forget when it comes to this is the carriers right now are deciding and filtering whose mail gets what, whether you're going to read and see your mail or not. This is censorship. I was brought up and fought for this and still fight for this because I believe in freedom. As an individual, what makes us free is the freedom of choice and that's who should decide whether or not they are going to receive this mail or not. The senator here does not like receiving e-mail. It should be his choice to decide whether he's going to receive it or not. I've heard the fact that it's risen the price of AOL and other companies' business to their customers to increase pricing and the burden of mail basically getting into their system. Somebody's prices increases are brought on by their own filters. At one time you could send 100 messages to 100 people one message at a time, using less resources and less bandwidth. Their new filters now make it mandatory that we send one person one message at a time thus chewing up their bandwidth and increasing their costs. On our end, I have one location alone that $2,200 a week in bandwidth. So I keep hearing the more we send, the less cost we have. The same bandwidth we chew up on your end, we're chewing up on our end. I am more than willing to work with any legislation to solve this problem. I agree, spam is not the way to go. When I set up my company to not send spam and to send 100 percent legal mail, going above and beyond that to include a toll free phone number, a physical address, a website, full information on the bottom of our messages so that we were 100 percent above and beyond all the common laws. To carriers such as Quest, which I have lawsuits against some of these carriers, AT&T, BellSouth. AOL I've had dial up accounts through that they've also terminated. If you mail 100 percent legal and they get a single complaint, they will turn around and kill your circuit so (a) we go out of business or (b) we then resort to forging the headers. The biggest complaint here is you can't find us. Well, if you could, you're going to shut us down so why should we let you find us? The laws definitely need to be made. I keep hearing there's no one simple solution. If you look at my written testimony, which it will take government backing, and I'm sure AOL's people would like to look at this as well, it states in there a very simple way that costs no money on AOL's end, no money on our end, makes the tax dollars go back to the government because if I stay here in the U.S. I owe you tax money for all the money I'm making the customers, et cetera. You passed the laws. We go outside the U.S. Corporations get moved outside the U.S. and from what attorneys have told me, if the corporation, the incoming money and everything is outside the U.S., there's no tax dollars owed in the U.S. And, basically, if you look at this system, it's very simple. It's to the point. It doesn't cost money and if the system's broken, that's where legislation again would have to enforce it. Solve the whole problem. As of right now, the latest carrier I was on was Covista. I was on them for two weeks, sending approximately 180 million e-mails a day. That's one e-mail per user on my database a day. Never send more than that. They shut me down for a total of 1,200 complaints. When you look at the volume of mail I'm pumping out, to get 1,200 complaints mathematically is nothing. I do honor my removes. Even to this day I send spam because I have to cloak my circuits to protect them from being shut down. But I still run, still have a honor of valid removes. It's not known as opt-out. It's not known as a remove because their filters would interfere. But words such as "take me off your list" is very understandable to a person receiving it and very much honored. One of the other big problems in e-mail is the anti-spam organizations preach don't use the removes. We're confirming your address is good, we won't remove you. I can't say there's not dumb people in the world. They're in every form of business and every walk of life, every nationality. It doesn't matter. But most companies I know of had the advanced technology that when I send an e-mail to a Hotmail server, I know right out the gate whether that address is good or bad. And if it's bad instead of -- because we have force our from addresses due to your filters -- if that address is bad, my mailer won't send it to it just to keep from clogging up anybody else's server. So since I know whether the address is good or bad or not, whether you asked to be removed, all that tells me is, yes, you want the mail or, no, you don't. I already know you're good. AOL's, on the other hand, system accepts everything. But AOL is nice enough to provide the undeliverable to everybody. So I still know if you're good or not. I agree there needs to be solution but just don't take the freedom away from the individual. This should be their right, not the carrier's, to say we're going to shut you down or we're going to block you. Most anti-spam groups that are fighting against spam are not government backed, government owned or anything. The reason Covista shut me down is spam House went to Quest, which is Covista's carrier, and threatened to blacklist their entire network because every anti- filtering trick they hit me with, did not work. And I still stayed 100 percent legal. And because of their threat, Quest passed it on down the line. I had to sue Covista for this. Now between everybody here, it's not their fault. I don't feel I should have to sue them but that's the way the government works. he anti-spam groups that have no legal right are interfering and forcing these people to shut us down. The pink contracts, which is what got me really well known, everyone thinks they're contracts to send spam. I can show these contracts to you. There's not a single word in that contract to send spam. The details of that contract define every state, what it's law is, and that if I send mail staying within every one of these laws, they will not shut me down which I should not have a contract to have to do this. My price for the bandwidth is three times higher when used for this particular means of doing it. And they still will step in eventually once they get threatened enough and shut you down. And most people are not aware of all this. Most bulk mailers are scared they've made it because of the recourses that will happen. I've been fighting for so long that if I don't say anything and no one else does, then either everyone's really turn to the underground and become a really bad thing or we can find a solution to work together. AOL has AOL special offers. I'm assuming you're familiar with this. It's their own personal spam company. They spam their own users with it. And I've received at my Hotmail account from AOL special offers advertisements to sign up for AOL. So the same people that are here today complaining about mail send mail. Why? Because it's profitable to the client and to them. I'm told there's a lot of cost factors in reading this e-mail and the time it takes up on your end, Senator. When you read this e-mail, for you to go through it and push delete, which could use ADV, you would know which ones are junk to make it a lot easier, when you read this mail and you push delete, yes it took some of your time. But, if you're at home where you don't have the extra assistance of the people around you, you have walk outside, go get the junk mail out the box, read this junk mail. Did you ever think how many chemicals, pollution, trees and all that are involved in this. And then you've got to throw it away. So if you add up the time it takes you deal with snail mail versus e-mail, both of them cost you time and money. E-mail is less on that comparison. And that's basically all I have to say. And thank you again for having me here today. Mr. Scelson's submitted written testimony: Scelson's Online Marketing 127 Rue Acadian Slidell, La 70641 To Whom It May Concern, My name is Ronald Scelson and I am the owner/operator of a commercial email company; that sends bulk email as a form of advertising for companies over the Internet. I feel my company is doing no different than any other advertising company who uses the postal service to send out unsolicited bulk-mail to your home. The only difference is we send this information via the Internet instead of the United States Postal Service. It all began with sending email into newsgroups. It went from there to the sending of email, as we know it today. At that time mail was just sent, we didn̓t care how. It was just pumped out and there were no removes. “Removes” is an industry term meaning – a hyperlink that will be sent back to the sender asking to have his/her email address removed from your mailing list. When email advertising started getting known by people as “Spam,” my company was one of the first companies to get removes and valid “From” addresses. Now, in response to the commercializing of emails, some groups were formed as “Blacklisting” companies. For example, SpamCop started interfering and getting us blacklisted. Note: These companies are Not government-backed nor funded, they are typical “everyday people” playing the role of a bully. Intimidating Internet carriers to cut off service to my company and other companies paying top dollar for Internet Service. My belief is that this business is doing a legitimate form of advertising and when done correctly, makes the client, government, and the commercial mailers money. In response to the bully tactics used by the Anti-Spam hate groups, my company decided to go Opt-In. In order to do this, Commercial Mailers had to sign a contract with the carriers. Now known as ‘Pink Contracts.” They are said to be Spam contracts to allow the sending of Spam under today's terminology. What these contracts were really for was to force us to pay twice as much money as a normal business would for Internet Service. Allow commercial email to be sent not “Spam” to people without shutting us down. Now what this really means is that all states have laws pertaining to email and if you break this law the email that is sent will be considered to be “Spam” This contract allowed us to send email as long as we abide by every state law. Meeting all of the requirements indicated by individual state law will not be considered Spam. This would also not be in violation of any ISP's (Internet Service Provider) policy. Now, when we sent the mail this way Anti-Spam (groups of people against Commercial Email that post your private info on their site. They also violate and interfere with current laws) groups would go to the carrier and tell the carrier “Hey! We've blacklisted them every way we can they are getting around it somehow so either you shut them down or we will shut you down!” Well, then the carrier shuts us down and breaks the contract. We have tried this with several companies. The last time we tried this doing it 100 % legal the outcome was my circuit was shut down, we were put out of business and a major lawsuit-- which to this day has still not been resolved. So, I was forced to go back to being a “Spammer,” where I could keep my Internet connection live and support my family. I believe that there should be guidelines arid Spam should be illegal. But the only way this would work is when the carriers realize that we live in the United States and not a communist country! They provide services that aren̓t different than any electric company. They get paid not to read, censor, and destroy people̓s email, but to provide a service! Now the individual has lost his/her right to get any email he/she wants. The Carriers have determined that they would screen all incoming mail and only allow email that the carrier wants the end user to receive. But not limiting themselves to their own advertising, that still to this day does not get screened. If I were to go into your Post Office Box, without your written permission, open your mail, decide what I think you should have or should not have, I would go to jail for this. This is exactly what the carriers are doing. The government says they want you to identify yourself and put “ADV” (advertising) in the subject and not forge your headers. If I mail 100% legal you come across two problems: 1. The carrier, not the individual, filters ADV, then none of my mail will get in and I will go out of business. 2. If I identify myself and not forge anything, the ISP will terminate my circuit for mailing legal and put me out of business. This is called legal mail, but I won̓t last a week and my line will be turned off. For no legal reasons, except for the bullying power the anti-spam groups have. I agree with having laws governing bulk emails. But carriers should be held accountable when they submit to these anti-spam groups. Terminating service to companies; such as my own, without any legal reason to do so is not the democracy that we all should be living. I think it should be done the right way as long as the carriers know they will be shut down for blocking a company or shutting down a company doing it legally. Filters are designed for ISPs to eliminate “Spam”. Most of these people that design these are “scam-artists.” Think about it, if the server accepts mail in any way. Then there is a way to send bulk mail. If laws are passed to eliminate bulk email, then the ISP̓s will shut down the commercial mailers. Then all the mailers are going to do is start corporations offshore and send their mail from offshore, now your laws and filters do nothing. Then, there is no taxable money being exchanged and money will be sent out of the country. This is not a solution, this is a joke! I designed a system 5 years ago because I believe in the freedom of the United States and the company that I stand behind. We should have the right to do our business in a legal way with out any interference from someone whom has no say so in the matter. The system that can stop Spam gives the freedom back to the people. It is very simple and very cheap, especially when you look at AOL who spent 11 million dollars last year to stop Spam and it did not work. Most people are not aware when you hit the send email button what all happens behind the scenes. Mail servers talk together just like people, if you send an email to email@example.com it will give an answer, error 550 user not available this means the address is no good. If you send it to firstname.lastname@example.org and my mailbox is full it will give an error 520 users mailbox full. Now my system is really simple and would be used by the individual not the carrier to stop Spam. They all have buttons in web-based emails example (Send mail) all you have to do is put an option “No Bulk Email” and put a check in the box. What this will cause to happen is when I send an email to you, I will see an error (example: 420) at that point, I know this user does not want email. This could only work if legislature enacts a law that would require Commercial mailers to look for this error when mailing. They would also be held criminally liable if they ignore and continue to send mail to these accounts. If you mail without forged headers, a valid from address, contact information and “Adv” in the subject they cannot shut you down or block you. If they do, there should be a fine imposed on the ISP. There would be no need for removes. Users are complaining they didn̓t ask to receive the mail so why should they remove themselves from 2000 plus different email companies; they are right this system eliminates that problem. Reporters have interviewed me several times on this issue; and the articles have always focused on the money being made and never mention the cost that “we” as Commercial Mailers have to put out. The bandwidth at just one location cost $2100.00/wkly, which is approximately $110,000.00 annually just for one carrier. AOL says they spend millions stopping Spam. This is a cost factor they brought on themselves and are passing on to the consumer. They are spending money doing something they should not be doing in the first place. I find this to be illegal, immoral, and unconstitutional. An example of this, is if I take a gun and shoot someone, the gun doesn̓t go to jail for murder, I do. I, as a human, squeezed the trigger. Well, AOL puts a filter in place that reads, censors, and destroys legal mail. THIS is illegal. They get away with this because they say a human does not read these messages, but a human did press the enter key to read and destroy mail. What is the difference? Some people state that snail mail is okay because you pay the post office to send it. We are more like private carries like UPS and Fed.Ex. (UPS and FedEx are registered trademarks to the individual companies. They are not in any way affiliated with my company.) A customer pays a private carrier to send mail. This company then pays the costs for fuel, drivers, and the truck to deliver the mail. As a customer pays us to send mail, we in turn pay for the servers, networking, electricity, and technology to deliver the mail. The ISPs say that “Spam” is chewing up so much bandwidth they are right at the end of capacity; this is their own fault. Part of ISPs Anti-spam filters do not allow high “BCC” (blind carbon copy) I could set my BCC setting to 500 for every 500 people who get this email I will use up a total of 33k in size (est. the ad is 33k). Since this filter is in place, I have to mail at 1 BCC, which means that if I send an ad to 500 people then it would be like 500 times 33k. Now I have consumed 1.6 megabytes of bandwidth for those 500 people. So, now you see why their cost went up. They say “Spammers” break laws, well here are some examples: If we use ADV it, we are blocked. If we use Remove or unsubscribe, we are blocked. If we use the same “From” address that is valid, we are blocked. If we send too many emails from one IP, we are blocked. So, we have two options: 1) Break the law and stay in business or do it legal and go out of business. (Meanwhile these carriers continue to violate the laws that are passed and for a touch of proof if you go to this website there is a list of common filters look for yourself. Http://www.mirror.ac.uk/sites/spamassassin.taint.org/spamassassin.org/tests.html) 2) If the government wants to pass laws it needs to be fair to everyone involved. The Commercial Mailers and the Carriers. But not allow these Anti-Spam groups to get away with threatening peoples lives just to feel that they have the power to control a company's destiny. Every state should have the same law to eliminate any possibility of violating these laws. This is necessary, due to the fact, that it is unknown where the recipient of an email resides and whether or not you have violated any laws. I don't believe you should email private servers. AOL, Hotmail, Yahoo etc. provide consumers a service offering email addresses. The consumer should have the right to choose to receive and sort his or her own mail, not the carrier. Laws and Censoring (filtering) email are not going to work, it will only drive the price up for the smaller companies. As with the larger companies, like Norton̓s System Works, Which sold more copies than ever before with email. Due to the reduction of the marketing and merchandising casts, the product was made available to the consumer at $39.95 in contrast to the $299.99 retail cost in stores. I consider myself living the American dream. I went to school in New Orleans where it was plagued by drugs and weapons. This is not what school was meant to be. I managed to survive the experience and ended up in a low-income neighborhood, still filled with drugs and violence. Even with a GED, I could not give my children the life I believe they deserve. So I started my own company and taught myself how to accomplish these things. In doing so, I found a way to create a business, provide for my family and put my children through a better school environment than I had. This to me IS the American Dream; freedom to grow and become something you dream of being. For doing this I was criticized, shut down, put out of business and threatened. I hope by me coming forward, this will show the untold side of the story that these anti-spam groups don't want you to hear. Please allow yourself to be open-minded and compare this industry to bulk mail. The differences between the two are that when you receive mail at your home. You open it, read it if you want, then throw it in the trash. You then have to carry that trash to the curb, where it is then hauled away and used as landfill (like we don't have enough trash already). Not to mention the trees that are cut down for the paper used! Then there is the Electronic Mail (E-Mail). If you don't want it, just check off DELETE. No mess, no cleanup, no pollution. I think my way is better! If there are any questions or comments, or if I could be of any service, please don't hesitate to contact me. Respectfully submitted, Ronald Scelson
Mr. Enrique Salem
Click here for a PDF version of Mr. Enrique Salem's remarks.
Mr. Marc RotenbergPresident and Executive DirectorElectronic Privacy Information Center
Click here for a PDF version of Mr. Mark Rotenberg's remarks.
Mr. Ted Leonsis
Chairman McCain, Senator Hollings, and Members of the Committee, on behalf of America Online, Inc., I would like to thank you for the opportunity to testify before the Committee on the issue of junk e-mail – or “spam.” My name is Ted Leonsis, and I am Vice Chairman of America Online, Inc. and President of the AOL Core Service. I would like to tell you a little bit about the nature of the spam problem and its effect on ISPs and Internet users, as well as some of the things that AOL is doing – along with our other industry colleagues – to help address this issue. But first, I would like to commend you for holding this hearing and taking a forward-looking approach to the spam problem at such a critical time. We believe that there is a strong and important role for government to play on this issue, and we are anxious to work with you to find a solution to this crisis. Spam is one of the biggest problems facing Internet users and Internet service providers (ISPs) today. Junk e-mail clogs the arteries that carry communications across the Internet – misappropriating the network and resources of ISPs, and negatively affecting the online experience of Internet users. And because junk e-mailers do not bear most of the costs of sending their millions of messages, consumers and ISPs must shoulder the majority of the expense and burden of handling spam. Moreover, much of the mail contains objectionable or misleading advertisements. Consumers are being bombarded with offensive, deceptive, annoying e-mail; and legitimate commercial e-mail that consumers might want to read is being lost in a sea of junk. Clearly, spam is a significant business and consumer issue that needs to be addressed. While spam has caused problems for ISPs and consumers for years, it has grown exponentially in recent months. Spam now accounts for 60-80% of all mail coming in from the Internet to AOL members, and AOL estimates that the overall volume of spam is doubling at least every four to six months. Spam is costing U.S. businesses in excess of $10 billion annually, clogging the Internet and overwhelming e-mail service providers (see Ferris Research at www.ferris.com). For everyone in the online world, spam is a burden that has reached crisis proportions – and it’s only getting worse. Fighting spam has become a serious quality of life issue for everyday consumers. At AOL, we're listening to our members and have declared spammers to be “Public Enemy #1.” AOL has taken a number of important steps over the past few months to fight back against spam, basing our actions on the complaints and concerns of our members. First, we have deployed strong technologies across our network to block and filter spam. Our anti-spam filters are now blocking up to 2.4 billion pieces of unwanted mail per day, which means we are stopping almost 70 spam e-mails per account per day from landing in the e-mail inboxes of our members. And we’ve fine-tuned technology that stops spam before it happens by preventing spammers from gathering – or “harvesting” -- e-mail addresses from AOL areas. Second, we’re enlisting our members in this fight by giving them new tools that make it easier than ever to block spam and report spammers. Our popular "Report Spam" button has resulted in a dramatic increase in the amount of spam being reported directly to AOL by its members – we now receive upwards of 9 million reports of unwanted e-mail per day. AOL’s Mail Controls are easy to use and allow our Members to block e-mail from specific mail address or entire domains, or to create a “permit list” of addresses from whom they will accept mail. We’re also providing our members with important consumer safety tips that can help them reduce spam and improve the security of their online experience -- particularly in the broadband environment, where it is critical that consumers know how to protect themselves in the world of “always-on” high-speed connections. Later this year we will introduce new spam identification tools that will be personalized for each member, so members can decide for themselves what is unwanted mail. And we will strengthen our already powerful Mail Controls, offering more ways stop spam before it reaches the inbox. In addition, AOL will -- in keeping with our longstanding commitment to providing strong Parental Controls -- take special steps to help provide kids on AOL with a safe, spam-free experience. In addition to the technology tools we use and provide to our members, we’re also joining with other ISPs in waging war against spammers in court. Just recently, AOL filed lawsuits against over a dozen companies and individuals responsible for sending 1 billion spam e-mails to our members. We've taken more than 100 individuals and companies to court over the past few years, resulting in millions of dollars in monetary penalties against spammers. We’re supportive of the actions that Earthlink and other ISPs have taken to fight spam on the legal front, and we look forward to finding new ways that industry can work together to bring spammers to justice. We’re also building alliances with others in our industry to think creatively and constructively about how to craft and implement real solutions to the spam problem. Just last month we joined with Microsoft and Yahoo! to announce a commitment to work together and with other industry stakeholders to combat spam. The group will initiate an open dialogue to drive the development of open technical standards and industry guidelines that will help fight spam, as well as discussing ways to cooperate with law enforcement efforts against large-scale spammers. And finally, we’re working with policymakers to support efforts to reduce unwanted e-mail. For example, we worked with Virginia legislators, the Attorney General, and the Governor to get a tough new law enacted in Virginia earlier this month that would provide criminal penalties for spammers who send junk e-mail by fraudulent means. We were also honored to participate in the spam workshop sponsored by the FTC several weeks ago, which served as a lively forum for debate and discussion about the complexities of the spam problem and how it can be addressed. Yet despite these efforts, spam remains a problem for service providers and their customers, particularly because many spammers use fraudulent transmission tactics -- such as forging e-mail addresses and Internet domain names -- to circumvent filters that are designed to allow ISPs to manage their mail load and empower consumers to exercise choice. In fact, we believe that these “outlaw spammers” (those who engage in fraud) are the primary cause of the overall spam problem. The “outlaw” spam problem includes: 1) e-mail that is sent using falsified means of technical transmission; 2) e-mail sent using hacked e-mail accounts; and 3)e-mail sent by spammers who intentionally abuse legitimate e-mail service providers by registering for multiple e-mail accounts or domain names using a false identity for the sole purpose of transmitting spam. “Outlaw” spam has increased alarmingly in the past year, and we believe that this dramatic growth underlies the astonishing increase in overall spam volume. These spammers are hijacking the computer resources and bandwidth of private consumers and businesses large and small, threatening to overwhelm the entire online medium. With the spam problem reaching crisis proportions, we believe that government can play a strong role in helping fight spam – both through increased enforcement efforts and through the enactment of new laws to target spam. AOL believes that federal legislation can serve two purposes in helping to fight spam. First, it can help set baseline rules of the road for legitimate marketers who use the e-mail medium to reach consumers. Such rules, combined with industry standards and new spam-fighting technologies developed by relevant stakeholders, will help to ensure that marketers use e-mail responsibly and will also provide legitimate businesses with some clarity regarding the legal obligations governing their marketing operations. Second, we believe that government action is critical to deterring “outlaw” spammers. Strong and effective laws – including tough criminal penalties – must be put in place to pursue and prosecute spammers who use fraudulent transmission tactics. The newly amended Virginia Computer Crimes Act is an example of a law that gives ISPs and law enforcement powerful tools for fighting “outlaw” spam. The Act calls for enhanced criminal penalties if, for instance, spammers employ minors to send spam or derive significant revenue from sending large-scale spam. This statute provides another way for law enforcement and service providers to take direct aim at “outlaw” spammers, using the law to put them out of business. We hope that Congress will follow Virginia’s lead by enacting legislation that will target “outlaw spam” by imposing stiff penalties on spammers who engage in techniques of fraud and falsification. Such legislation is needed not only to stop existing abuses, but also to safeguard new e-mail technologies that outlaw spammers may try to circumvent. We are pleased that many Members of Congress – including Members of this Committee – have taken an interest in the spam problem and are working to advance legislative solutions. In the meantime, AOL is committed to maintaining a leadership role in the fight against spam. The goodwill and trust of our members depends on our continued focus on developing solutions to this problem. AOL will to continue to pursue strong enforcement actions and innovate our spam fighting tools -- putting our members in even greater control. But ultimately, we believe the spam battle must be fought on many fronts simultaneously in order to be successful. From technology to education, from legislation to enforcement, industry and government can work together to reduce spam significantly and give consumers control over their e-mail inboxes. We applaud the Committee for examining this issue at such a critical time, and we look forward to working with you and other lawmakers to stop spammers in their tracks. Thank you for the opportunity to testify; I am happy to answer any questions you may have on this topic.
Mr. Trevor HughesExecutive DirectorNetwork Advertising Initiative
Executive Summary The NAI is a cooperative group of companies dedicated to resolving public policy concerns related to privacy and emerging technologies. In the past, the NAI has successfully launched self-regulatory solutions to online ad targeting, and the use of web beacons. The NAI has now turned its focus to the growing problem of spam and the related concern of deliverability of wanted emails. As part of this effort, a coalition has been formed within the NAI to represent the interests of email service providers (ESPs). The Email Service Provider Coalition (“ESP Coalition”) is made up of 35 leading companies – all of which are struggling with the onslaught of spam, as well as the emerging problems related to the deliverability of legitimate and wanted email. Email service providers enable their customers to deliver volume quantities of email messages. These messages originate from the full spectrum of the US economy – large and small businesses, educational institutions, non-profits, governmental agencies, publications, and affinity groups all use the services of ESPs to communicate with their customers, members, and constituents. While ESPs serve the marketing needs of the business community, it is by no means the only customer group served. Email service providers also deliver transactional messages (such as account statements, airline confirmations, and purchase confirmations); email publications; affinity messages; and relational messages. Within the ESP Coalition, we estimate that our members provide volume email services to over 250,000 customers. The ESP Coalition sees spam as a threat to the long-term viability of the ESP industry. Indeed, spam presents a dire threat to all uses of email – marketing, transactional, affinity and relational -- as the continued growth of spam will lead to the widespread abandonment of email as a communications tool. Put simply, the spam problem will critically damage the ESP industry if it is not curtailed. Consumers and businesses will not use email if the system becomes so choked with misleading and deceptive messages that those messages that are actually wanted are lost in the fray. The ESP Coalition strongly supports legislation to respond to the growing menace of spam. We believe that strong preemptive federal legislation will be a critical component (but not the only component) in the successful resolution of the spam problem. In the United States today, we have 28 states that have enacted some form of spam legislation. Many more are considering spam legislation in their current legislative sessions. Unfortunately, the standards and definitions applied by these statutes (and proposed in pending bills) are not consistent. As a result, we have a crazy quilt of differing standards and definitions that has created an unnecessarily complex compliance system. To make matters worse, enforcement within the global medium of email is exceedingly difficult when limited by state boundaries. We need preemptive federal legislation to harmonize these standards and provide powerful tools to enforcement officials. Federal legislation must carefully balance the legitimate use of email against the need to respond to spam. Email represents one of the most powerful drivers of efficiency and productivity in today’s economy. Our response to spam must take into account and protect the widespread utility of email. Overly restrictive or poorly crafted solutions may end up “throwing the baby out with the bathwater” and damaging the very tool we hope to protect. The NAI is very supportive of the current spam bill proposed in the Senate (the CAN-SPAM Act). While we continue to work on some minor technical details within the bill – such as the length of time available for processing unsubscribe requests and definitional issues – we are encouraged by the fundamental structure and approach taken by Senators Burns and Wyden. We feel that this bill endeavors to balance the continued use of email as a legitimate communications tool with strong standards and enforcement tools to prevent spam. TESTIMONY Mr. Chairman and Members of the Committee, I want to thank you for inviting me to testify. My name is Trevor Hughes, and I am the Executive Director of the Network Advertising Initiative (NAI). The NAI is a cooperative group of companies dedicated to resolving public policy concerns related to privacy and emerging technologies. In the past, the NAI has created self-regulatory programs for online ad targeting, and the use of web beacons. The group has now turned its focus to the growing problem of spam and the related concern of deliverability of wanted emails. As part of this effort, a coalition has been formed within the NAI to represent the interests of email service providers (ESPs). The Email Service Provider Coalition (“ESP Coalition”) is made up of 35 leading companies – all of which are struggling with the onslaught of spam, as well as the emerging problem related to the deliverability of legitimate and wanted email. Let me begin my testimony by explaining the unique role that email service providers play in the search for solutions to the spam problem. Email service providers enable their customers to deliver volume quantities of email messages. These messages originate from the full spectrum of the US economy – large and small businesses, educational institutions, non-profits, governmental agencies, publications, and affinity groups all use the services of ESPs to communicate with their customers, members, and constituents. While ESPs serve the marketing needs of the business community, it is by no means the only customer group served. Email service providers also deliver transactional messages (such as account statements, airline confirmations, and purchase confirmations); email publications; affinity messages; and relational messages. The ESP industry is robust and growing. Within the ESP Coalition, we estimate that our 35 members provide volume email services to over 250,000 customers. These customers represent the full breadth of the U.S. marketplace – from the largest multi-national corporations to smallest local businesses; from local schools to national non-profit groups and political campaigns; from major publications with millions of subscribers to small affinity-based newsletters. Even my local soccer association uses an email service provider to deliver schedules and standings to the players in the league. Jupiter Research estimates that the email marketing industry (which, again, is only a portion of the total spectrum of ESP customers) will grow in size to 2.1 billion dollars in 2003 (up from 1.4 billion dollars in 2002). By 2007, Jupiter estimates that the size of the email marketing industry will reach 8.2 billion dollars. All of these numbers are for the US market alone. Expanding the scope of this research to include all customers served by ESPs and foreign markets would increase these numbers significantly. But the size and importance of email in the marketplace should not be measured by dollars alone. Email is indeed the “killer app”. Over the past ten years, email has been a strong driver of productivity and efficiency in the marketplace. It has also been an important social tool. Email has shortened distances in the world – allowing communication to occur with unprecedented speed and detail. Email has created affinity within groups that previously were too widely separated geographically to effectively recognize their common interests and positions. As an example of the importance of email, a recent study by the META Group showed that, given a choice between email or telephones, 74% of business people would give up their phones before email. In other words, 74% of people now find email to be more critical than the telephone in their daily work. The Threat of Spam and the Solution(s) to Spam The ESP Coalition sees spam as a threat to the long-term viability of the email service provider industry. Indeed, spam presents a dire threat to all uses of email – marketing, transactional, affinity and relational -- as the continued growth of spam will lead to the widespread abandonment of email as a communications tool. Put simply, the spam problem will critically damage the ESP industry if it is not curtailed. Consumers and businesses will not use email if the system becomes so choked with misleading and deceptive messages that those messages that are actually wanted are lost in the fray. I will not belabor the statistics on the growth of spam or the costs associated with handling spam. Surely all of the panelist can agree that we are presented with an enormous problem. Without an expedient solution, spam may end up killing the “killer app” of email. The media and marketplace have been replete with spam solutions for many years. Important vendors, such as Brightmail, have done a tremendous job at stemming the tide of spam. But the problem still exists and continues to grow. Increasingly, we are presented with the question: can anything be done? The NAI believes that much can be done to solve the problem of spam. At the most fundamental level, we believe that we need to create accountability within the email delivery system. Spammers spend their days concocting new methods to obscure and falsify their identity in order to sneak past existing filters and avoid accountability. In many ways, our existing tools are merely reacting to the spam received today – and not preparing for or combating the spam that will arrive tomorrow. Stated differently, our efforts to cure spam are responding to the symptoms (the actual spam received) and not the cause (the lack of accountability on the part of spammers). So how do we create accountability within the email system? We believe that the solution to spam exists in three components: legislative, technological, and social. Let me address the technological and social components quickly and then focus on the part of the solution for which we look to you: federal legislation. The Technological Component Part of the problem in treating the spam epidemic is that spammers enjoy the impunity of anonymity. Spammers hide behind open relays, they spoof identity, and they deceive recipients with misleading “from” and “subject” lines. Make no mistake; the business of spamming is one of fraud and deception. The recent efforts of the FTC in relation to open relays and deception in spam should be commended. It is critical that we have strong deterrents to dissuade spammers from their trade. But the fundamental architecture of the Internet and email protocols still allows for the deception to occur. The NAI recently proposed an architectural “blueprint” to respond to this problem. I will submit a description of the effort along with this testimony. Essentially, the NAI’s blueprint, called “Project Lumos”, is designed to force senders of volume email to incorporate authenticated identification into every message sent. The use of authenticated identity, along with a rating of sending practices over time, prevents spammers from hiding behind the technology of email and forces all senders to be accountable for their sending practices. We have engaged with many of the major ISPs and other groups on this effort and are greatly encouraged by the traction our effort has gained since our launch just one month ago. Other technological solutions also hold promise. The NAI is actively working with other constituencies in the marketplace to bring about such solutions. I hope that we will have much more to share with you before the end of this year. The Social Component One part of the spam problem that has not been actively discussed is the need for consumer education around the appropriate use of email addresses. The Center for Democracy and Technology (www.cdt.org) recently released a study on the consumer actions that result in exposure of email addresses and, subsequently, spam. The results were compelling: the CDT report found that appropriate management of an email address by the holder of that address can drastically reduce the amount of spam received. Further, the study found that there are a few actions that can create enormous amounts of spam. Specifically, the CDT reported that posting an email address on a public website and posting an email address in a public newsgroup or chatroom both resulted in huge amounts of spam. This is due to the use of “spiders” or “bots” – programs that scour the web for email addresses and harvest them into a spammer’s database. Clearly, one component in the total solution to spam is the education of consumers on issues such as those raised by the CDT report. If consumers understand those practices that result in spam, they will be much better able to control the amount of spam in their in-boxes. The Legislative Component The ESP Coalition strongly supports federal legislation to respond to the growing menace of spam. We believe that strong preemptive federal legislation will be a critical component (but not the only component) in the successful resolution of the spam problem. In the United States today, we have 28 states that have enacted some form of spam legislation. Many more are considering spam legislation in their current legislative sessions. Unfortunately, the standards and definitions applied by these statutes (and proposed in pending bills) are not consistent. As a result, we have a crazy quilt of differing standards that has created an unnecessarily complex compliance system. To make matters worse, enforcement within the global medium of email is exceedingly difficult when limited by state boundaries. We need preemptive federal legislation to harmonize these standards and provide powerful tools to enforcement officials. We believe that the current spam bill before the Senate, the CAN-SPAM Act, sponsored by Senators Burns and Wyden, strikes the appropriate balance with regard to preemption. The CAN-SPAM Act would allow for a national standard to be set for the delivery of unsolicited commercial email. Given the incentives provided within the bill, most legitimate businesses will move to a fully consent-based model for email delivery. This is particularly true where the standard set by the bill will be uniform across the entire country. To combat spammers, the bill provides strong enforcement tools to the FTC, state attorneys general, and ISPs. We strongly support enforcement by all of these groups. As a coalition made up of legitimate businesses in the email industry, the NAI also strongly supports the inclusion of an affirmative defense for good faith compliance efforts within the CAN SPAM Act. Such tools help to ensure that litigation is properly targeted towards true spammers, and offers important protections for businesses working diligently to maintain approved best practices. One issue that has been raised in discussions regarding spam legislation, and may be raised again, is that of a private cause of action. Such a solution, while tempting, would do nothing to stop spam and would definitely create a morass of litigation against legitimate companies. Spammers spend their days looking for ways to technologically obscure their identities. Pursuing spammers requires enormous technological, financial and investigative resources. Individuals do not have such resources, but governments and ISPs do. In fact, if a private cause of action existed, ISPs would be drawn away from their enforcements efforts by a flood of discovery requests generated through consumer litigation. We have a very real example of what a private cause of action means when included in a spam statute. In the state of Utah, a spam statute was passed last year that allows for a private cause of action and class action suits. A single plaintiffs’ firm in Utah has now filed hundreds (and by some accounts, over a thousand) class action lawsuits under this statute. But the firm is not pursuing spammers. Given the cost and complexity of finding actual spammers, this firm has targeted leading companies and brands – using law firm employees as plaintiffs and seeking out “gotcha” moments as the basis of their complaints. Perhaps most telling is the fact that there are no data to suggest that the amount of spam in Utah has been reduced by even one message. Another issue that has been raised in relation to spam legislation is that of “opt-in” versus “opt-out”. Over the past few years, our industry has lost critical time debating this issue, while spam has been allowed to proliferate. Let me make one thing perfectly clear: the debate over “opt-in” or “opt-out”, regardless of what standard is eventually adopted, will not result in the reduction of spam. A spammer’s stock and trade is in deception. They do not care about whether they have permission from the recipient of the message. They pay no heed to all of the existing state laws regarding spam. The most restrictive “opt-in” spam statute will do nothing to dissuade spammers from sending their messages. A recent FTC study conveys this point succinctly. By reviewing a large body of spam received within the agency, the FTC estimated that fully two thirds of spam is fraudulent, misleading or deceptive. This means that the majority of spam is already violating an existing law in the United States. As currently written, the CAN-SPAM Act will provide important incentives for legitimate businesses to raise their email standards. The NAI firmly believes that email must be sent with the consent of the recipient, or within a pre-existing business relationship. Furthermore, we believe that email should be sent with informed consent – meaning that recipients have clear and conspicuous notice as to the results of providing their email address. This is a meaningful and workable standard. Again, the NAI is very supportive of the CAN-SPAM Act. We will continue to work with staff on a few technical issues details of the bill (such as the need for longer processing periods for unsubscribe requests), but look forward to seeing a federal law enacted this year. The Threat of Filtering and Blacklists Before I conclude today, I want to raise one growing problem in the fight against spam. While spam clearly represents a serious threat to the continued viability of email, the problems created by some of the current tools used to combat spam are equally threatening. Internet Service Providers (ISPs) are aggressively building filtering technologies to limit the amount of spam entering their systems. Conceptually, this is a positive development. However, the spam filters currently in place are creating a new problem: wanted email is not being received. According to a report by Assurance Systems, in the 4th quarter of 2002, an average of 15% of permission based email was not received by subscribers to the major ISPs. Some ISPs had non-delivery rates that were startling: NetZero 27% Yahoo 22% AOL 18% Compuserve 14% AT&T 12% The same report for the 3rd quarter of 2002 showed an average of 12% non-delivery rate for the major ISPs – meaning that the filtering of permission based email increased 25% from the third to fourth quarters of 2002. Some of the email campaigns within the Assurance Systems report had non-delivery rates as high as 38%. Non-delivery of wanted messages due to filtering (called “false positives” within the industry) represents an enormous threat to the ongoing viability of email as an effective communications tool. The market will stop using email for important communications if email delivery is unreliable. It is critical that false positives be eliminated if email is to survive as an efficient and productive means for communication. One of the main drivers in the false positive problem is the emergence and use of blacklists. These are lists of alleged spammers that ISPs – and any network administrator -- can use to filter incoming email. The blacklist operators build registries of IP addresses that they believe are associated with spam and make the lists available publicly. Currently, there are an estimated 300 blacklists in operation. Again, the concept of a blacklist may seem to make sense at first glance. Unfortunately, the reality of blacklists in today’s marketplace is far different. Many blacklists operate without standards and operate behind a veil of anonymity. For example, one of the leading blacklists, SPEWS (www.spews.org), offers no contact information: no phone numbers, no names, no addresses, and no email address for the organization. The website has purportedly been registered in Irkutsk, Russia. SPEWS has no defined standards for posting to its blacklist – evidence has shown that a single complaint can result in the blocking of an entire range, or “neighborhood”, of IP addresses. Further, for those innocent senders that become listed on SPEWS, the only way to resolve the problem is to post their request for removal to a public spam forum available through Google (http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&group=news.admin.net-abuse.email). All of these efforts are designed to combat spam. But in their zeal to eliminate the problem, they have created a potentially disastrous “ricochet” effect: false positives. Going forward, our solution to spam must carefully balance the need for strong action against spammers with a determination to preserve the deliverability of legitimate email. Conclusion The NAI believes that the problem of spam will be best resolved through three powerful forces: legislation (and enforcement); technology; and consumer education. Our group is actively working with ISPs and solutions providers to craft architectural solutions to spam that will drive accountability into the dark recesses of the Internet. We strongly feel that technology must be used to force spammers to identify themselves and be held accountable for their practices. We also believe that consumers must understand the need for careful management of their email addresses. We could drastically reduce the amount of spam received by average consumers through educational efforts on what not to do with an email address. But the technological and educational solutions are not enough. We need a strong federal statute to raise the standards for email practices across the entire country. Legitimate businesses will respond to such a statute by raising their practices to meet or exceed the standard set by law. Enforcement officials at both the state and federal level and ISPs will have powerful tools to seek out and bring to justice those individuals responsible for spam. And we can do it while maintaining the balance necessary to preserve the legitimate use of email. Mr. Chairman, on behalf of the NAI Email Service Provider Coalition, I want to pledge that we will continue to work to fight spam and preserve email with you and members of your staff. Spam is a complex problem and our efforts to craft solutions must be thoughtful, robust and effective. Thank you and I look forward to any questions you may have.