Is Spam Still Part of the Info/Law Debate?

Discussing Washington v. Heckel (2004) with my Computer and Internet Law students earlier today, I wondered aloud whether anybody really cared about the spam issue any more.

Here at Info/Law, we’ve got our spam tag over there on the right-hand side, and if you click it, you can see the half-dozen or so posts, some of them bearing only indirectly on the “spam problem,” that we have managed to cobble together between the three of us over the past year and a half. So apparently, at least among my Info/Law colleagues and myself, spam isn’t exactly a burning issue on the order of, say, privacy. Are we giving spam short shrift? Or is the issue really dropping off all of our collective radar screens?

It’s true that you still occasionally see stories in the news about how the estimated level of spam, as a percentage of all e-mail traffic, has crossed yet another seemingly absurd threshold; or how unwary Windows users are having their PCs hijacked and turned into spam-sending zombies. My general sense, however — based on absolutely no empirical evidence, I admit — is that a good deal of the wind has gone out of the sails of the anti-spam crusade; that this just isn’t a topic any more that really grabs people, that causes them to form coalitions or demand legislative action or file lawsuits or pen densely reasoned, meticulously footnoted scholarly articles as they once did.

I’ve been trying to come up with reasons for what I perceive to be the relative lack of public interest in the spam problem. This isn’t by any means meant to be an exhaustive list of possibilities — indeed, I’m quite certain that not all of them can simultaneously be true, and possibly none of them individually are, either. I’d love to hear any comments proposing alternative explanations (or disputing my overall perception that there has been a relative decline in interest in spam):

  1. All hope is lost. We have tried everything, and nothing has worked. The flood of spam has risen to overwhelm all attempted countermeasures. State and federal anti-spam legislation has been ineffective. Blacklists, whitelists, challenge-and-response schemes, captchas, and other technical fixes haven’t gained traction outside the small community of tech-savvy users with the time and expertise necessary to configure and maintain them. On this view, there’s no point in debating the problem any more, because nothing we do in the future will work, either.
  2. We lack the collective will to try the things that will really work. Here I’m thinking of some of the more radical proposals, like tampering with SMTP, or imposing micropostage (you can send e-mails only if you pay, say, $0.000001 each) or cryptographic-challenge (you can send e-mails only if your computer first computes a solution to some sort of simple equation) burdens on senders. The idea behind the latter sorts of proposals is that we want to target the million-at-a-time bulk e-mailers without also harming individual users, so we impose some sort of a burden that is inconsequential to “typical” users but becomes onerous as the quantity of sent mail increases to spammer levels. These seem to have, individually and collectively, gone nowhere, on the not unreasonable ground that we shouldn’t have to destroy the village in order to save it. On this view, the problem isn’t the inefficacy of the proposed solutions, but rather on the lack of collective willpower to do the hard work necessary to get them implemented. I suppose you could lump my own (widely, and likely justly, ignored) modest proposal (lawsuits to force the owners of zombified PCs to bear the costs they now impose on the rest of us by running {unpatched versions of,} Windows!) in with this category, too. On this view, unless there is some dramatic shift in public attitudes that creates a call for action and makes some of the now-unpalatable choices palatable, the problem doesn’t warrant further debate.
  3. Good filters have reduced spam to the level of acceptable background noise. The debate about spam has abated because the problem is mostly gone. Organizational e-mail providers (corporations, universities, and the like), along with the big free (think: Gmail) and fee-based (think: Spamcop) providers have roughly kept pace with the spammers in the perpetual filtering arms race. The filters, on the whole, work, and they’re constantly learning and improving. Most of the spam that is sent is never delivered. Every now and then, one gets through, but when it does it’s more amusing than annoying. The era of people actually receiving and having to wade through 50-100+ spams a day is long past.
  4. Spam isn’t annoying any more because the Internet is pervasively commercial. Unsolicited ads arriving in your in-box used to be cause for consternation in the Net’s idyllic, John Perry Barlow era (i.e., up through the mid-1990s). But now, unsolicited ads are everywhere you look. If you use a search engine, read a news site, or do any of the ordinary activities of daily life on the Web, you’re going to be reading advertisements (unless you’re one of that tiny subset of people who configure their browsers to refuse to load images from advertising servers or set up a proxy to filter them out). Ads are an unavoidable part of life now, so why should e-mail be any different? Nobody debates the spam problem any more because our normative expectations about what life “ought” to be like online have altered to incorporate a certain amount of spam.
  5. D00D EMAIL IS TEH SUXX0R!!!1! LOL K THX. There’s a generational divide emerging, and many of the people who use the internet most heavily have turned to other channels — chat, instant messaging, social networking sites, etc. — to carry the communications that used to (and, for ladies and gentlemen of a certain age, still do) go through e-mail. On this view, spam is becoming a peripheral issue because e-mail is becoming a peripheral tool. (Or, to put it more cynically, concern over spam is decreasing because the spammers have succeeded in driving people away from e-mail.)
  6. The battle has been won! Federal and state legislation has succeeded in driving the worst of the worst (the graphic porn spams) offline. All the big spammers are in jail; it was really only 10 guys in Florida anyway. People are becoming more educated and well able to protect themselves online, so spam is becoming less profitable and therefore more rare. This Panglossian explanation is obviously the one about which I’m the most skeptical, but there are a few data points you could marshal in support, ranging from the occasional high-profile convictions of spammers to new government anti-phishing education campaigns.

Am I way off base in thinking that people are growing less interested in spam as a policy issue? Should it be dropped from the cyberlaw curriculum?

8 Responses to “Is Spam Still Part of the Info/Law Debate?”

  1. I don’t think you’re offbase in your analysis- this is a very thorough and mostly correct list. But the suggested potential conclusion (drop it from the curriculum) seems wrong. This seems like a great history lesson, showing technology solving a problem that law (mostly) failed to solve despite a fairly high level of interest. That seems worthy of keeping in the curriculum even if actually solving spam using legal tools is no longer an interesting problem.

  2. Now that I think about it, that actually sounds like a great paper topic- ‘the rise and fall of spam law.’ :)

  3. I believe the rise of online email providers with effective spam filters has taken the teeth out of the anti-spam movement. Consider Gmail — heavily used, and yet only a tiny fraction of spam makes it past the filters. Thus, although the same (or more) spam may be being sent, since consumers no longer see it in their inbox they are no longer concerned.

  4. I think that three things are afoot:
    1. Spam = nuisance of low value for the recipient. Making things worse, those with potentially higher costs (like bandwidth, server time, hard drive space, etc.) have mostly relegated spam to automated processes, pass along those costs to the recipient and don’t have to actually see the issue.

    2. Spam has largely moved offshore or into the background. This could largely be because of relatively effective enforcement against the half dozen or so worst offenders (remember the guy with the Lambo that was arrested?)

    3. The spam issue has either dovetailed into or been swallowed up by other issues people see as related: fraud and privacy areas.

  5. I vote for a combination of #3 and #5, with a dollop of #6 (the part about people learning to protect themselves).

    But I think Luis is right that it still is an important part of teaching cyberlaw, if only to show the life cycle of a problem from its start to, sort of, its end. And it also exemplifies the important principle that one-to-many communication and an accompanying elimination of quality control is not always a good thing (though often it is).

    Fnally, a version of the spam problem is still with us in the form of the “badware” problem — and many of the same debates about law, tech, and economics are cycling back into the discussion there too.

  6. Spam is like a pest problem, there is a cost to keeping a building pest free, and for a small subset of building staff pest control is a major ongoing issue, but for most people its not something you ever really think about, except for the occasional ant infestation or rat or whatever. As long as the pests are kept to a reasonably low level and the people in the building are not majorly inconvenienced by pest control measures, everyone is happy. And you’re right about economies of scale — a huge office building can probably fight the problem more effectively than many small Victorian houses. Regardless, there is no point in passing laws demanding a halt to pests, or essays for general consumption about the tactics of pest control.

    In general technologists have come up with pretty good automated systems for detecting and controlling spam, and for analyzing it in aggregate and predicting trends. A small subset of people (sysadmins) may spend a huge amount of time dealing with the problem, but now that most of the silly “solutions” (change the whole architecture of email, force people to use disruptive challenge-response systems, etc., etc.) have been abandoned, spam continues to simply be a minor background irritation for the everyday user.

  7. Some of Jonathan Zittrain’s work has convinced me that spam and badware are becoming more virulent over time and seriously threaten the internet’s stability. I don’t know if that’s in “The Generative Internet” or just elsewhere.

  8. I dunno, Frank. I love Jonathan Zittrain, but I have never been persuaded by his Chicken Little portrayal of spam — in fact, I think Tim hits the nail on the head in this post that the problem has been reduced to acceptable levels without the more radical measures JZ proposes. Of course, as I acknowledged in my previous comment above, other menaces are now on the rise. But mightn’t those play out the same way?