[Asrg] Re: Spam and crime analogy

[Jim Witte <jswitte at bloomington.in.us>]

> That's what's so hideous about spam, it incurs lots of costs and yet
> owing to its unwanted nature no one wants to pay those costs. Which is
> similar to much crime,

  Making the sender pay would probably suit many receivers of unwanted 
spam just fine.  The problem is how to make the spammers pay for their 
boat-loads of email without making everyone else pay for the email they 
send.  And that's already been hashed out here at great length with the 
e-postage thread.

  The analogy to crime is interesting, because crime is (to a large 
extent) handled (or attempted to be handled) by police.  Police are a 
public good, and are, directly or indirectly, paid for my taxes 
(indirect would be federal income tax paying for grants to states)  And 
there already *is* a small degree of "taxation" regulation of spam 
going on: the FTC goes after the really big and egregious fish out 
there, but that's a "whack-a-mole" game.

  What the crime analogy suggests is that the costs of controlling (or 
reducing, or eliminating [?]) spam should fall on society as a whole, 
or at least that segment which uses computers (which, possibly is 
everyone, since we ALL use computers indirectly when we buy products 
from companies).

  What if a logistical/legislative framework could be made (this would 
probably be impossible under the current administration, and anyway, 
spam is a worldwide problem) to tax producers of operating systems when 
vulnerabilities which allow spambots to "easily" exploit their 
products?  By "easily" I mean something like "using a feature of the OS 
that would have no other reasonable purpose)."  This is very vague, I 
know, but so is the DMCA..  Vulnerabilities that I think might fit this 
definition would be the open port numbers others have mentioned in 
Windows, automatic executable running in windows, no protection for 
downloaded programs attempting to modify the registry or TCP/IP stack, 
etc.  Other OS's (MacOSX Darwin, Linux) probably have similar problems. 
 Hardware and other-software companies (makers of home broadband 
routers, software and hardware firewalls, etc) could also be brought 
under this umbrella.  This would theoretically stop a lot of the spam 
attacks at their source: the insecure OS or firewall, etc that allowed 
the spam to be sent in the first place.

  Do I think this would work?  In reality, probably not.  Is it 
logistically and legislatively feasible?  Almost certainly not.  But 
maybe it's worth considering a bit - seeing spam as an externality like 
crime, and it's solution also must be funded/executed as an externality 
and public good.

Jim


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg