Spam wars hit the next battlefield

Spam wars hit the next battlefield

The U.S. Federal Trade Commission expects to release this week its first study about the feasibility of a Do Not E-Mail registry, similar to the Do Not Call registry that has proved a popular deterrent to telemarketers. And spam remains the commission's top priority tech issue, says Howard Beales, director of the FTC's Bureau of Consumer Protection. He spoke in San Francisco at the International Association of Privacy Professionals' Truste Symposium recently, describing the challenges of enforcing spam laws and privacy policies.

Current Tactics

Spam is the toughest problem the FTC has ever confronted because enforcement is difficult, Beales said. Spammers can conceal an e-mail address and make the message look like it came from anyone, anywhere. And the cost, even when there are low responses, makes it profitable.

"A spammer in one of our workshops said that even if one in ten thousand responds, it's a profitable venture," Beales said.

The FTC estimates that two-thirds of spam is deceptive or false and violates the law. The rest are pitches for porn and prescriptions. Beales estimates only about 16 percent of spam offers something that might be legitimate.

The FTC tries to track spam through the URLs in e-mail, he said.

"We follow the money," he said. "We can issue a subpoena to see what payment method was used for the URL and usually after six or more sequential subpoenas, we can find a real person."

But the payoff often is poor. Tracking spam takes enormous upfront resources but often doesn't lead to a worthwhile target, Beales said. Most spammers are small operations; in one FTC study of 114 messages, only one message was from a Fortune 1000 company.

Still, armed with the new CAN-SPAM Act and fortified by Congressional and citizen complaints, the FTC is developing new weapons against spam.

It is developing an open relay project that should help identify insecure mail servers. Beales also cited Operation Secure Your Server, a worldwide effort to close access to spammer anonymity.

Tougher law enforcement is the answer, suggest some others.

"The reason we have so much spam is because law enforcement is not doing its job," says Steven B. Adler, program director of IBM Corp. enterprise privacy solutions. "It's mail fraud. If we want to control spam, we don't need caller ID, we need training for law enforcement. Make the penalty more costly than reward."

Promoting Privacy

Spam is also related to another FTC priority: Privacy. The commission is charged with making sure organizations implement and follow privacy policies.

"Security is a process. There are always going to be new threats," Beales said. "Companies need to have a system of updating according to vulnerabilities. And it's important companies don't make [more] vulnerabilities in the process."

He cited a recent case in which Tower Records, after a system upgrade, omitted authentication code--which meant that anyone could get access to information about purchases.

Skimping on security isn't just unwise, it's illegal, he said.

"Deceptive or unfair practices are illegal," Beales said. "When security is inadequate, we think promises are deceptive."

The technical tools aren't inadequate, they simply aren't implemented as they should be, says John T. Sabo, manager of security, privacy, and trust initiatves with Computer Associates.

"Security is a component of privacy, yet we don't look at it holistically," Sabo says.

Others say standards aren't the answer.

"We have a lot of research work at IBM, but there's a dearth of actual implementations," Adler says. "There's no lack of standards, but a lack of implementations." Rather, diligence and better funding for privacy projects are the answer.

"Privacy is inadequately funded," Adler says. Companies consider the risk remote. "We don't think it will happen to us."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments