A recent item posted on politech and Farber's IP mailing lists caused some controversy, so I thought I should expand on it here.

The spam law debate has been going on for close to a decade. There are people with many views, and we've all heard the other side's views many times as well. The differences lie in more fundamental values that are hard to change through argument.

Because of that there are giant spam law battles among people who are generally all on the same side -- getting rid of spam. Each spam law proposal has people who feel it does too much and chills legitimate speech on one side, and those who feel it does too little and legitimizes some spam on the other. (With many other subtleties as well.)

It's commonly reported that most spam is sent by a relatively small group of hardcore, heavy volume spammers. In theory much from a group of 20, and the bulk from a group of around 200. I have never known if this is true or not, but a recent conversation with a leading antispam activist gave evidence that it was. Antispammers have tracked down a lot of spam, seen billions of spams come into spam-traps and even infiltrated spammer "bulker" message boards to learn who's who and how they operate.

So let's assume for the moment that it's true that most spam comes from this core group. Let's focus spam law efforts on a law designed just to get them. A law so narrowly targetted that nobody need fear a chilling effect on legitimate speech, that everybody can get behind. (A law that also makes it clear that it's not precluding other laws or giving blessing to lesser spammers.)

I would see such a law demanding many criteria. It would require the spammer send millions of spams. It would require the spammer do this with wilful disregard for the consequences -- ie. a malicious intent. It could require the spammer have made $10,000 from their spamming. It would also provide funding and direction for law enforcement to actually go after these spammers. It would fine them into bankruptcy (all they ever made from spamming plus punative fines) and possibly jail them, particularly if other criminal actions like fraud, sale of illegal products and computer breakins were involved.

This wouldn't stop all spammers, but it might well put a real dent in the volume of spam, and scare off many from entering the upper echelons of spamming. This is a great deal more than any other spam law has managed to do.Some people think the tests I describe would be hard to prove, but in fact they're easy. These spammers send not millions, but billions of spams, and it's easy to prove with statistical data from spamtraps and user reports, as well as the spammers own seized records, that they sent really large volumes. All these spammers get lots of user complaints, lose accounts at ISPs etc. so there is no trouble in proving that they did all this with deliberate and malicious intent, with wilful desregard to all sorts of rules. And of course, all the big spammers are making lots of money.

They may go offshore, but if you are really determined to enforce (and this proposal requires that) this can be dealt with. Enron's folks were 100 times smarter than the spammers, and paid a lot more to hide their dealings, but they fell as have many like them. Truth is the law only ever goes after the big offenders, and sometimes not even those. Broad spam laws designed to capture the small-time spammer would actually net few of them. Law enforcement just doesn't have the time. (Private rights of action, as found on the anti-junk-fax and anti-telemarketing laws, also have a long history of very minimal use.)

Enforcement makes a big difference. Most spam out there is already illegal, and with stiffer penalties (computer intrusion, fraud, prescription drugs etc.) than any anti-spam law could ever have. But there's no resources to enforce these laws broadly on spammers.

But again, the key is to stop fighting, focus narrowly on a fat target in a way that causes no constitutional debates or civil rights issues, a way that scares nobody about bringing down the hand of government regulation onto E-mail. Maybe it won't be enough, but it's more likely than anything to at least do something. I bet even the DMA would be willing to get behind a law like this.

Now it's no secret that I'm not a big fan of law as a solution here, and I believe I can claim to have been right in my claims that the laws we've seen so far would cause more bickering and trouble than they would stop spam.

But if these uberspammers are really the cause of a lot of the problem, maybe a law like this could even make the difference.