Amazing, But True: FTC Doesn't Want To Rush Into National Privacy Standards

from the good-for-them dept

Wed, Jul 23rd 2008 1:25am — Mike Masnick

While there are plenty of gov't agencies that seem to rush into any chance to add more regulations that grant them more power, the FTC has a history of being quite reasonable and quite conservative about these things. You may recall that years ago, the FTC was against the idea of CAN-SPAM because it would effectively legalize plenty of spam, with one FTC commissioner noting that spam should be anything that you don't like -- and legislating against that is next to impossible. Specifically, he was worried (correctly, it appears) that in allowing lawmakers to define spam, it has merely opened up more possibilities for spamming.

That commissioner (Orson Swindle) is no longer with the FTC, but the Commission seems equally skeptical of any sort of national privacy standards, noting that any set standards would deal with the market we see today, not the markets of tomorrow, and that could create serious unintended consequences. It's so rare these days to see federal agencies not leap forward to try to regulate, and to actually worry about the unintended consequences of regulating too soon, that it's rather refreshing.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ftc, privacy, unintended consequences

13 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

creig, 23 Jul 2008 @ 1:51am

spam regulation
i remember when the postal service tried to sneak a law through congress attached to some other legislation as an ammendment to charge 5 cents per any e-mail sent because it was cutting into their stamp selling business for letters so deeply.it obviously failed and at the time i was estatic.now though,so many people,companies can send out a million or more spam e-mails at one time that i believe the only way to protect us all from inbox's with 200 spam emails everyday is to limit the amount of emails a person or company can send in a given time.if you exceed that # of e-mails, then you would have to pay the government a fee for every e-mail.i mean #'s like the average person or even small business owner would send in a month. maybe 50,000 emails and after that even a penny an email would stop these companies that send out millions of spam emails daily.i left my yahoo box unattended for 5 days and had to delete over 1000 spam emails 25 at a time.do the math of how long it took me.spam has become a plague to us average users.
[ link to this | view in chronology ]
- Anonymous Coward, 23 Jul 2008 @ 2:32am
  
  Re: spam regulation
  You seem to not get the fact that the internet is a global thing. An Attidude im seeing increasingly coming from the USA. Its great that you want to charge people to send emails, but how would you go about doing that? Theres no way your going to convince every country in the world with internet access to approve the same thing. Youd just get people outsourcing their spam. Also how would you stop company X from signing up to an email service through a proxy based in the UK or elsewhere?
  
  Now I know these tubes of yours can be hard to understand but you cant just go dumping a truckload of Bullshit onto them and hope the problem goes away.
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Jul 2008 @ 5:41am
    
    Re: Re: spam regulation
    Nice tube refrence! I was going to ask the first poster the same thing: how much of your spam in your inbox appears to come from a source that you could identify and have US jurisdiction to collect any tax money from? This comes back to the same issue as this FTC issue, there is no way for some current laws regarding some of these things to work in the global environment.
    [ link to this | view in chronology ]
  - evan, 23 Jul 2008 @ 5:56am
    
    Re: Re: spam regulation
    Ahahaha, awesome Ted Stevens reference.
    [ link to this | view in chronology ]
- hegemon13, 23 Jul 2008 @ 7:01am
  
  Re: spam regulation
  Um, that would not work at all. A lot of spam is sent from bot-nets and zombie computers. So, you want to charge the average Joe for every email his trojan-infected computer sends? Plus, even if it is a company sending it out, how do you enforce a fee on a foreign company, which is the other major source for spam?
  
  I would argue that Yahoo is not providing the most valuable service. On my Yahoo account, I get 50-100 spam messages a day in my inbox, and I frequently have legitimate messages filtered as spam. On my Gmail account, I get 1-2 per month in my inbox. The spam automatically filters to my spam folder, though even that only gets a few per month. I have never had a legitimate message filtered on Gmail. This may have to do with their purchase of Postini last year.
  
  The fact is, the best way to fight spam is through good spam filters. We can pass all the laws we want, but it isn't going away.
  [ link to this | view in chronology ]
  - Xanthir, FCD, 23 Jul 2008 @ 7:33am
    
    Re: Re: spam regulation
    Um, that would not work at all. A lot of spam is sent from bot-nets and zombie computers. So, you want to charge the average Joe for every email his trojan-infected computer sends? Plus, even if it is a company sending it out, how do you enforce a fee on a foreign company, which is the other major source for spam?
    
    The solution I outlined just above in a previous comment addresses this. Individual email accounts are the ones who get charged, so an infected computer can't be charged unless their actual email account has been compromised (and the email providers would have heuristics to detect this and shut it down temporarily, at least after the first few high-profile people with enormous email bills; another idea would be the email providers capping the amount you are allowed to send unless you provide some human verification).
    
    As for enforcing fees on foreign companies: you don't. However, if they want to send you email, they have to opt-in to the escrow service (or get verified as a legitimate business sender) or else their mails get automatically returned.
    [ link to this | view in chronology ]
- Xanthir, FCD, 23 Jul 2008 @ 7:28am
  
  Re: spam regulation
  now though,so many people,companies can send out a million or more spam e-mails at one time that i believe the only way to protect us all from inbox's with 200 spam emails everyday is to limit the amount of emails a person or company can send in a given time.if you exceed that # of e-mails, then you would have to pay the government a fee for every e-mail.i mean #'s like the average person or even small business owner would send in a month. maybe 50,000 emails and after that even a penny an email would stop these companies that send out millions of spam emails daily.i left my yahoo box unattended for 5 days and had to delete over 1000 spam emails 25 at a time.do the math of how long it took me.spam has become a plague to us average users.
  
  A similar idea has been seriously considered by a lot of smart people, but without the nationalistic problems inherent in your idea. Rather than being a corporate-driven thing, it can instead be easily market-driven, and I think eventually something like the following will appear.
  
  Basically, the responsibility has to be on your email provider. You would have a whitelist of email addresses that are allowed to send you mail normally. Any mails from addresses not on your whitelist would be automatically returned with an error message *unless* they deposited one cent (US$0.01) into an escrow account hooked up to you. You can then either approve the message (whitelisting the address and refunding the cent) or spam it (blacklisting the address and keeping the cent). After a certain amount of time has passed the cent is automatically returned, so you don't have escrow accounts sitting around collecting money for long periods of time. If you receive an email from someone not on your whitelist without the automatic deposit, it will automatically return the mail with an error message.
  
  The reason this works even with the tiny, tiny deposit is that spammers start with absolutely miniscule margins. Only a tiny fraction of the emails sent out ever generate a sale, but they still come out on top because they can send out millions of spams per dollar. Note that a lot of spammers have gone out of business in recent years because antispam technology has gotten much better; if you used to successfully plant 1 million emails in inboxes per dollar, but now only 100 thousand of them successfully get through, that's a 90% drop in potential revenue.
  
  A one cent escrow would drop this to 100 emails sent per dollar. Virtually zero spammers can make money with that sort of ratio, and the spam industry as a whole would come crashing down.
  
  This solution, naively implemented, would of course also kill corporate mailings, which aren't necessarily spam (though they can be to individual people). This can be gotten around relatively easily. Just employ a trusted authority to verify that an email address is a real business, similar to what Verisign does for security certificates now. These addresses would be put on a semi-whitelist by cooperating email providers, allowing them to get to your mailbox without the escrow deposit. You would of course still be free to blacklist them if you like, and particular email providers could choose to ignore this list (allowing people to use them if they *really* don't want any corporate email).
  
  If just the top 5 email providers got together and provided this sort of service, the collective weight would force everyone else to adopt it as well, and spam would be a thing of the past.
  
  This same idea can obviously be applied to blog commenting systems as well, and really anything that has a problem with spam. CAPTCHAs are gradually becoming less and less useful as the spammers create smarter bots, and eventually there won't be anything left that (a) is easy for humans to solve but hard for computers and (b) is easy for computers to generate.
  [ link to this | view in chronology ]
Anonymous Coward, 23 Jul 2008 @ 5:54am

Net neutrality FTW.

Once this goes we ALL loose.
[ link to this | view in chronology ]
- Anonymous Coward, 23 Jul 2008 @ 5:57am
  
  Re:
  Lose.
  [ link to this | view in chronology ]
Karl, 23 Jul 2008 @ 8:35am

So are we opposing a federal law that would require all behavioral advertising be opt-in? I tend to the the FTC plays a hands off role in technology issues more because they're stocked with industry lobbyists who want a weak regulatory authority, and not because they're so terribly worried about bad laws....
[ link to this | view in chronology ]
Kevin, 23 Jul 2008 @ 9:58am

Or you could just not regulate anything
Maybe we need to just get people accustomed to dealing with spam as a necessary part of using the internet. Much like smelling the city's garbage every friday morning is a necessary part of using the cities infrastructure. Like how inhaling exhaust is a necessary part of using the side walk of a city street.

Spam's not going to go away, quit trying to make it stop and just get better at managing it.

Cheers,

Kevin
[ link to this | view in chronology ]
- Xanthir, FCD, 23 Jul 2008 @ 11:23am
  
  Re: Or you could just not regulate anything
  Permeating the city with garbage smells isn't a necessary part of the infrastructure. It's simply that no one has felt it worth it to fix the issue - dealing with some bad smells once a week is cheaper than fixing it.
  
  Same with inhaling exhaust when walking on the sidewalk - it's not necessary, it's just that nobody wants to spend the money and effort to fix it.
  
  Spam can be solved in the same way, with money and effort. There are actually some very good ways to completely throttle spam that aren't very expensive or difficult, it's just that nobody's bothered to set them up yet, as they need network effects before they become really usable.
  [ link to this | view in chronology ]
Clueby4, 23 Jul 2008 @ 10:13am

Whatever helps you sleep
Yea right, like establishing a Opt-in rule is so frelling complicated and nebulous. I concur with Karl's analysis, that the "revolving-door" nature of the FTC is the source of the motivation, not any desire to benefit the public.
[ link to this | view in chronology ]