asrg@conference.ietf.jabber.com - 2003/03/20

[08:45] %% logger has arrived.
[09:48] %% rjs3 has arrived.
[10:09] %% carlalf has arrived.
[10:20] %% JavierA has arrived.
[10:21] %% mrose has arrived.
[10:26] %% mattz has arrived.
[10:28] %% Eliot has arrived.
[10:28] %% wcw has arrived.
[10:28] %% resnick has arrived.
[10:29] %% shep has arrived.
[10:31] %% NedFreed has arrived.
[10:37] %% jis has arrived.
[10:37] <jis> hi all
[10:37] <jis> spam spam spam spam....
[10:38] <Eliot> anyone NOT in the meeting room want some jabber of what's going on?
[10:39] %% _ruffi_ has arrived.
[10:43] %% _ruffi_ has left.
[10:43] <NedFreed> I'll try, but it will be somewhat intermittent
[10:43] <NedFreed> Charter review: Focus and motivation
[10:43] <NedFreed> Focus is on the problem of unwanted email msgs, loosely referred to as spam
[10:44] <NedFreed> Definition of spam inconsistent and unclear
[10:44] %% kmurchison has arrived.
[10:44] <NedFreed> Generalize the problem into one of content-based communication
[10:44] <mrose> just put "blah, blah, blah" into your cut-and-paste buffer and type ^V liberally
[10:44] <NedFreed> Expressing consent closer to the source makes it more difficult to satisfy
[10:44] <NedFreed> downstream recipients
[10:46] %% randy has arrived.
[10:46] <wcw> the statement was made that spam makes up a large percentage of email traffic. The only reference I found via google was a statement made by an anti-spam vendor. Anyone know of any better studies?
[10:46] <NedFreed> (Diagram of policy enforcement points)
[10:46] <Eliot> define large
[10:46] <NedFreed> Purpose of the WG:
[10:46] <NedFreed> (1) Understand the problem evaluate solutions
[10:47] <randy> BrightMail says 40% is spam. I think all such stats are useless.
[10:47] <NedFreed> (2) Taxonomy of solutions
[10:47] <randy> It varies so much from address to address. I suppose for large enough ISPs it would all average out.
[10:47] <NedFreed> (3) Characterization of the problem
[10:47] <Eliot> vjs@rhyolite.com keeps at least some stats in this area.
[10:47] <NedFreed> (4) Requirements for solutions
[10:47] <NedFreed> (5) Understand the scope of spam legislation
[10:48] %% rafdalb has arrived.
[10:49] <NedFreed> (Will expand on legislation point in a bit)
[10:49] <NedFreed> Solutions: (1) Novel approaches (2) Standards based on common techniques
[10:49] <NedFreed> (3) Combiination of approaches (4) Best practices
[10:50] <NedFreed> [Do we really think something novel will emerge from this? -NF]
[10:50] <NedFreed> Evaluate solutions: (1) Effectivness (2) Accuracy (3) Cost
[10:51] <NedFreed> Cost: Effect on normal use, monetary costs
[10:51] <NedFreed> Effect on normal use: Delays, new procedures
[10:51] <NedFreed> Cost: Bandwidth, computation, etc.
[10:52] <NedFreed> (Sorry, can''t read the diagram even with my monocular)
[10:53] <NedFreed> Number of different parties involves: ISPs who have to deploy solutions,
[10:53] <NedFreed> users who have to deal with solutions
[10:53] <Eliot> that's it- he'll never be a marketing master of power point ;-)
[10:53] <NedFreed> (Jigsaw puzzle diagram flashed by)
[10:53] <NedFreed> Interaction between technology and law: Technology vs. leglislation
[10:54] <NedFreed> Casual spammer/hobbyist spammer/Hacker spammer/Large-scale spammer
[10:54] <NedFreed> Technology more effective on left, law more effective on right
[10:54] <NedFreed> Most large scale spam comes from a group of less than 200 spammers.
[10:55] <NedFreed> Somebody from SpamCon to tell us about the size of the spam problem
[10:55] <Eliot> person sitting next to me makes a good point: large scale spammers are off shore...
[10:56] <NedFreed> Yep. But the other someone else pointed out what happens to offshore people we don't like...
[10:56] <NedFreed> (The usual laptop/projector shuffle is underway)
[10:57] <NedFreed> New speaker: Steve Atkins Size and cost of the problems
[10:57] <NedFreed> SpamCon Foundation
[10:57] <NedFreed> "Word to the Wise" ??
[10:57] <NedFreed> How bad is it?
[10:57] <NedFreed> 4% found spam not annoying
[10:57] <NedFreed> 96% find it annoying, or worse
[10:58] <NedFreed> 161 million USE end users who find it annoying or worse
[10:58] <NedFreed> End users are really annoyed
[10:58] <NedFreed> AOL users reported 4 million pieces of spam on Feb 20
[10:58] <NedFreed> Mar 5 they reported 5.5 million
[10:58] <NedFreed> (begs the question of how many AOL end users there are... -NF)
[10:59] <Eliot> two data points does not a trend make...
[10:59] <NedFreed> Graph extrapolating from two data points -- unbelievable.
[10:59] <wcw> didn't he also say that 4% found spam annoying and therefore we can assume that 96% found it annoying?
[11:00] <Eliot> no.. he said 4% DIDN'T find it annoying..
[11:00] <Eliot> but otherwise your point holds (imho)
[11:01] <NedFreed> Bar chart projecting 200 odd pieces of spam per user versus 25 real msgs.
[11:01] <NedFreed> Assuming trend continues 2006 140 thousand or more spams per recip per day
[11:01] <NedFreed> Eliot cannot take it any more...
[11:03] <NedFreed> Current spam increase is a factor of between 5 to 9 per year.
[11:03] <NedFreed> After filters rate increase is lower
[11:04] <NedFreed> Cost: 2-3 yrs back $2-3 per user per year
[11:04] <NedFreed> now $30-50 per yr.
[11:04] <Eliot> let's see - cpu, bandwidth, disk. in order to deal with cpu you would have to stop the problem close to the source, right?
[11:04] <NedFreed> $730/yr lost productivity loss per employee (UK study)
[11:05] <NedFreed> $8.9 billion/yr cost to industry
[11:05] <NedFreed> US industry, that is.
[11:05] <NedFreed> $650 million anti-spam filtering product costs
[11:05] %% randy has left.
[11:06] %% randy has arrived.
[11:06] <NedFreed> Question: Does cost include personell costs
[11:06] <NedFreed> Answer: no.
[11:06] <NedFreed> Each spam that gets through costs $1-2 in lost productivity
[11:06] <Eliot> $1-$2 per employee per spam????
[11:07] <NedFreed> Dialup provider est $2000 - $10000 to deal with a single spamming dialup customer
[11:07] <rjs3> where are these numbers coming from?
[11:07] <NedFreed> [I'm giving cites when he gives them.]
[11:07] <rjs3> I'm in the room, that was more of a general question.
[11:08] <NedFreed> A large end user ISP $8 to handle each incoming complaint
[11:08] <NedFreed> Large ISP may receive hundreds of thousands of complaints per month
[11:08] <NedFreed> Profits to the spammer:
[11:08] <NedFreed> Spam-related porno $3.2 billion in 2002
[11:09] <NedFreed> Arizona AG seized $30 million from one "grow 1-3 inches" spam group
[11:09] <NedFreed> Around 70% spam has illegal content
[11:09] <NedFreed> According to Howard Beale (sp?) of the FTC
[11:10] <NedFreed> Lot of people respond to spam. Rates tiny but still amazing
[11:10] <NedFreed> Number of people who want to buy the "miracle growth cream" is scary
[11:10] <NedFreed> "It really does work"
[11:10] <NedFreed> [Actual quote, but not, I suspect, what he intended -NF]
[11:11] <NedFreed> Al Ralsky - 200 mailservers (picture)
[11:11] <NedFreed> Not a nice man
[11:11] <NedFreed> 140 million/hour
[11:11] <NedFreed> Uses x86 linux boxes and open relays
[11:12] <NedFreed> He's exprapolating linearly -- I won't bother quoting the numbers
[11:12] <shep> Did you know that 87% of statistics are just made up on the spot?
[11:12] <mattz> what's "illegal content"?
[11:12] <NedFreed> Now he's working with his extrapolation numbers
[11:12] <NedFreed> [Didn't say what illegal content is -NF]
[11:12] <shep> How hight would a stack of pennies be?
[11:12] <Eliot> ronald reagan would be proud.
[11:13] <NedFreed> Stacking money to the moon, output of the mint, etc.
[11:13] <NedFreed> 80% of incoming mail bloccked at the router
[11:13] <NedFreed> Cost of spam still nearly $12000/mo
[11:13] <NedFreed> Hosting provider: $9500 revenue from spammer
[11:14] <NedFreed> Causes ISP to be blacklisted
[11:14] <NedFreed> $16500 loss due to blacklist of innoent customers
[11:14] <NedFreed> $38500 more due to being unable to remove spammer in a timely fashion
[11:15] <NedFreed> Question: Why not remove them faster
[11:15] <NedFreed> Answer: Takes time to remove due to contract difficulties
[11:15] <NedFreed> Notes that contracts sometimes redlined to remove removall clauses by
[11:15] <NedFreed> over-eager salescritters
[11:16] <NedFreed> Phil Hallam-Baker points out that spammers sometimes sue for "wrongful termination"
[11:17] <NedFreed> DNS provider is the weak point with spammers; Web servers have backups
[11:17] <NedFreed> 15% of solicited mail doesn't reach recipient's mailboxes
[11:17] <NedFreed> [I find that hard to believe -NF]
[11:17] <NedFreed> That's it!
[11:18] <NedFreed> http://word-to-the-wise.com
[11:18] <NedFreed> follow the whitepapers link to see slides
[11:19] <NedFreed> Dave Crocker: Spam is an upper layer problem, therefore evokes more emotion than lower layer stuff does
[11:20] <NedFreed> Group is in danger of getting bogged down in this.
[11:20] <Eliot> motivation talk over... please....
[11:20] <NedFreed> Example: Near as he can tell numbers cited don't have the basis to be asserted as fact
[11:20] <NedFreed> (applause)
[11:21] <NedFreed> Dave now echoing Eliot's motion to move past motivations...
[11:22] <NedFreed> Dave reiterates points that this is all very conjectural.
[11:22] <NedFreed> (more applause)
[11:23] <NedFreed> Chair saying these numbers the best we can do...
[11:24] <NedFreed> Group will try and get better numbers
[11:24] <NedFreed> Brightmail founder. TIm something? Actually has numbers.
[11:25] <Eliot> Tim Pozar.
[11:25] <NedFreed> New speaker: Solving spam by establishing a platform for sender accountability
[11:26] <NedFreed> Hans Peter B - something. Can't read it
[11:26] <NedFreed> Digital Impact
[11:26] <Eliot> Brondmo
[11:26] <NedFreed> Subtitle THe email service provider perspective
[11:27] <NedFreed> Only one solution that will work. Problem won't go away until we have
[11:27] <NedFreed> accountability built into the infrastructure.
[11:27] <NedFreed> Email service provider coalition.
[11:27] <NedFreed> Got together 30 companies and counting
[11:27] <NedFreed> Active since dec 2002
[11:27] <NedFreed> 3 sub-committeees.
[11:27] <NedFreed> Legislative.
[11:27] <NedFreed> Communications
[11:28] <NedFreed> Technological solutions
[11:28] <NedFreed> Another slide I cannot see.
[11:28] <NedFreed> Balloons getting bigger moving to the right
[11:29] <NedFreed> [Better contrast choices would be appreciated -NF]
[11:29] <NedFreed> Why consent?
[11:29] <NedFreed> Traditional offline direct marketing: Ask forgiveness
[11:29] <NedFreed> Today's online direct marketing: No consent
[11:29] <NedFreed> Defining consent is very difficult.
[11:30] <NedFreed> Opt out from one, opt out from everything?
[11:30] <NedFreed> Opt of ads opts you out of developer updates (example)
[11:30] <NedFreed> Mail gateway view:
[11:31] <NedFreed> [His use of the term, not mine -NF]
[11:31] <NedFreed> see huge amount of incoming spam.
[11:31] <NedFreed> ESP view: Known B2B sender, known B2C senders, known relationship senders
[11:32] <NedFreed> No way to differeniate this traffic from spam
[11:32] <NedFreed> AOL numbers presented previously are correct but misrepresentative
[11:32] <NedFreed> Button thought of as "unsubscribe", not "report spam"
[11:32] <NedFreed> Completely unreadable list of lots of technology solutions 11/2002
[11:33] <NedFreed> Existing solutions to spam are ineffectiive
[11:33] <NedFreed> Mostly based on guesswork.
[11:33] <NedFreed> Throwing the baby out with the bathwater
[11:33] %% Eliot has left.
[11:33] <NedFreed> Blacklists cut off legitimate sources
[11:34] <NedFreed> False positive: Small company in Colorado.
[11:34] <NedFreed> Average non-delivery to top ISPs: 15%
[11:34] <NedFreed> [Again, I don't believe it -NF]
[11:34] <NedFreed> Jigsaw puzzle again -- faster than I could type it
[11:34] <NedFreed> Build ACCOUNTABILITY into the system
[11:34] <NedFreed> NAI effort
[11:35] <NedFreed> Verification and certification
[11:35] <NedFreed> Authentication
[11:35] <NedFreed> Objective compliance monitoring
[11:35] <NedFreed> Enforcement
[11:35] <NedFreed> Need for standards, broad consensus, and "ownership" among various
[11:35] <NedFreed> constituencies.
[11:36] <NedFreed> Good behavior is being disincentivized. [his word -NF]
[11:37] <NedFreed> Objective compliance monitor: There needs to be a mechanism for
[11:37] <NedFreed> monitoring compliance to whatever verification you sigh up for.
[11:37] <NedFreed> Four steps to eradicate spam:
[11:37] <NedFreed> (1) Implement platform for accountability
[11:38] <NedFreed> (a) verification and certification
[11:38] <NedFreed> (b) Authentication layer
[11:38] %% leg has arrived.
[11:38] <NedFreed> (c) Objective compliance monitoring
[11:38] <NedFreed> (2) Independent email trust authority
[11:38] <NedFreed> (3) Pass Federal preemptive legislation prohibiting falsifying headers
[11:39] <NedFreed> Dave Crocker is at the mic.
[11:39] <NedFreed> Query from the floor re: international issue
[11:39] <NedFreed> Dave: Let's be clear about what we're not fixing. Our laws don't apply
[11:39] <NedFreed> in China, Africa, etc.
[11:40] <NedFreed> "You need to adhere to the standards even if you live in China"
[11:40] <NedFreed> [Direct quote - NF]
[11:40] <NedFreed> (4) Demand full transparency
[11:40] <leg> "should not be possible to hide"
[11:40] <NedFreed> Should not be possible to pretend or hide.
[11:41] <NedFreed> Four people at mic
[11:41] <NedFreed> Report from Washington Internet Daily (?):
[11:42] <NedFreed> Talking about the click-wrap loss
[11:42] <NedFreed> where the spammer won because of a preexisting agreed to relationship
[11:43] <NedFreed> Eliot: Are you going to go down the road as to specifics of the
[11:43] <NedFreed> technical underpinning of this?
[11:43] <NedFreed> Details plz about email trust authority
[11:43] <NedFreed> Answer offline
[11:43] <NedFreed> New question: Sender transparency: Identify actual user or ?
[11:44] <NedFreed> New question: Spammers already spend IP addresses and domains
[11:44] <NedFreed> like water. What prevents them from doing this here?
[11:44] <NedFreed> Answer: Economics
[11:45] <NedFreed> Problem of users forgetting what they have subscribed do. Moving up from
[11:45] <NedFreed> the recipients causes problems.
[11:46] <NedFreed> Answer: agree
[11:46] <NedFreed> Point about international sources of spam
[11:46] <NedFreed> Answer: Lack of trust relationship is the problem
[11:46] <NedFreed> Followup: Bank robbers wear masks
[11:47] <NedFreed> Talking to China. Considering not shutting down spammers in China but
[11:47] <NedFreed> filtering at the "Great Firewall of China"
[11:48] <NedFreed> Chair saying no more allowed in line
[11:48] <NedFreed> (three in queue)
[11:49] <NedFreed> Chair saying there are short term things we can do now while we put this
[11:49] <NedFreed> in place.
[11:49] <NedFreed> Question: When you talk about consent what do you mean? Who are
[11:49] <NedFreed> the parties who consent? Do you consent to get a certain categories of
[11:49] <NedFreed> mail.
[11:50] <NedFreed> Response: Problem of cutting off updates when you meant to cut
[11:50] <NedFreed> off ads
[11:52] <NedFreed> Bob Moscowitz: Use of economics to regulate use of email CA by spammers
[11:52] <NedFreed> Bob sees that as unlikely. Service has to be reasonably priced.
[11:53] <NedFreed> This may make it unusable for the stated purpose.
[11:53] <NedFreed> Response: Important point, discuss offline.
[11:53] <NedFreed> Dave Crocker: Nixon: We could do it, but it would be wrong
[11:54] <NedFreed> Problem of spam must be attended to the way we eliminating roaches
[11:54] <NedFreed> We do not get of them completely.
[11:54] <NedFreed> We use a variety of approaches and try not to poison everyone else in the house.
[11:55] <NedFreed> We have had email signature mechanisms available for years. They are
[11:55] <NedFreed> rarely used.
[11:56] <NedFreed> Some talk about how the speaker represents lots of ISPs and how they
[11:56] <NedFreed> believe accountability is the solution.
[11:56] %% Eliot has arrived.
[11:56] <shep> What did JI want to say?
[11:56] <NedFreed> New speaker: Best practices for end users
[11:57] <NedFreed> Speaker: John Morris
[11:57] <NedFreed> Center for Democracy & Technology (?)
[11:58] <NedFreed> [Couldn't read the URLs - NF]
[11:58] <NedFreed> New report issued yesterday by CDT
[11:58] <NedFreed> Reports on 6 months of research
[11:58] <NedFreed> Generally aimed at end users
[11:58] <NedFreed> Available on web.
[11:59] <NedFreed> Methodology: Creatred hundreds of email addresses
[11:59] <NedFreed> Placeed on Web sites, USEFOR, Web discusssion boards, e-commerce
[11:59] <NedFreed> transactions ,etc.
[11:59] <NedFreed> Vast majority scraped from Web sites
[12:00] %% Eliot has left.
[12:00] <NedFreed> 97% plus. [Pie chair makes it imposisble to read breakdown -NF]
[12:00] %% Eliot has arrived.
[12:00] <NedFreed> Spam received at addresses only displayed using words: ZERO
[12:00] <NedFreed> example at domain dot com
[12:00] <NedFreed> Spam received at addresses onlyh displayed using HTML characters: ZERO
[12:01] <NedFreed> Key finding: Removing plain text addresses from web helps
[12:02] %% carlalf has left.
[12:02] <NedFreed> USENET was the second biggest source of spam
[12:02] <NedFreed> Vaste majority of addresses scraped from USENET headers
[12:02] <NedFreed> Very little spam from body of message
[12:02] <NedFreed> Which newsgroup makes a difference.
[12:03] <NedFreed> Post to alt.sex.* gives you lots of spam. Postings to misc.industry does not.
[12:03] <NedFreed> All tested sites honored opt-out requested if made at email address first
[12:03] <NedFreed> provided.
[12:03] %% rafdalb has left.
[12:03] <NedFreed> Most (but not all) sites promptlyh honored opt-out requests made two
[12:04] <NedFreed> weeks later.
[12:04] <NedFreed> Almost no spam to addresses posted in Web-based discussion boads.
[12:04] <NedFreed> Very little spam to WHOIS listing.
[12:04] <NedFreed> But none of the domains were approaching time for renewal.
[12:04] <NedFreed> Best practices: Don't put email addresses on web sites. If you have to, disguise them.
[12:05] <NedFreed> Don't post to USENET.
[12:05] <NedFreed> Opt out at the time you give your address to a web business.
[12:05] <NedFreed> Use multiple disposable email addresses.
[12:05] <NedFreed> Link was on list yesterday.
[12:05] <NedFreed> Site was bogged down with requests at the time.
[12:06] <NedFreed> Henning: Dont use mailto URLs on web pages.
[12:07] <NedFreed> See http://www.cdt.org
[12:07] %% jis has left.
[12:08] <NedFreed> Point about using long email address. Dictionary attacks on short local parts.
[12:09] <NedFreed> Guy did a test onf 300 spam messages by opting out.
[12:09] <NedFreed> Seemed to work in most cases. But the "grow 3 inches" types are a waste
[12:09] <NedFreed> of time to try and opt out from.
[12:09] <NedFreed> All the numbers everyone is quoting here are promoting their own view
[12:09] <NedFreed> and solution
[12:10] %% dcrocker has arrived.
[12:10] <NedFreed> Study didn't try opting out using unsubscribes in spam.
[12:11] <NedFreed> It would be good to know more about the effect of using opt-out.
[12:11] <NedFreed> Anecdotal evidence that it increases spam.
[12:11] <NedFreed> More quanitative study warranted.
[12:12] <NedFreed> Clicking validates email
[12:13] %% dcrocker has left.
[12:13] <NedFreed> Chariing saying we're still in "the background part"
[12:15] <NedFreed> New speaker: The law on spam
[12:15] <NedFreed> His firm specializes in suing spammers
[12:16] <NedFreed> (working on the slides)
[12:16] <NedFreed> He applauds "the anger he sees in this room"
[12:16] <NedFreed> Rah rah rah
[12:16] <Eliot> ^V
[12:16] <NedFreed> We're all on the same side.
[12:16] <leg> couldn't we get to lunch faster without this?
[12:17] <NedFreed> [No kidding -NF]
[12:17] <NedFreed> Convert the problem from something to something else
[12:17] <leg> current speaker is "Jon Praed"
[12:17] <NedFreed> First expressed by Lessig -- he went to law school with him.
[12:17] <NedFreed> Internet Law Group
[12:17] <NedFreed> Definition of spam.
[12:18] <NedFreed> Unsolicited bulk commercial electronic messages
[12:18] <NedFreed> Doesn't care about chain letters
[12:18] <NedFreed> Has to be commercial
[12:18] <NedFreed> Substantially similar messages
[12:18] <NedFreed> Unsolicited -- intent of recipient is key
[12:19] <NedFreed> Disagrees with "your spam is not my spam". Common link is consent.
[12:19] <NedFreed> Spam is not the first time we have had to wrestle with architecture and law.
[12:19] <NedFreed> Spam fighting tools: (1) Shield (2) Sword
[12:20] <NedFreed> To evade filters is fraud
[12:20] <NedFreed> Filters force spammers to be either illegal or legit.
[12:20] <NedFreed> Legit have some argument about whether or not they had consent.
[12:21] <NedFreed> Clearing the middle of the room is key.
[12:21] <NedFreed> People know if they consented.
[12:22] <NedFreed> He says fax anti-spam laws work.
[12:22] <NedFreed> [I disagree - I get lots of fax spam -NF]
[12:23] %% kcrispin has arrived.
[12:23] <NedFreed> Thinks spam is going to get worse.
[12:23] <NedFreed> Sees the connection to the Intenet as the point of attack.
[12:24] <NedFreed> Done through third party collaborators.
[12:24] <NedFreed> Sees lots of fault lying with ISPs too eager to connect spammers.
[12:24] <NedFreed> "They'll end up getting sued"
[12:24] %% dcrocker has arrived.
[12:25] <NedFreed> Cash payments to third parties via FedEx
[12:26] <NedFreed> Purpose of laws
[12:26] <leg> the ietf/spy movie convergence
[12:26] <NedFreed> (1) General and specific deterrence
[12:26] <NedFreed> (2) Compenstation of victims
[12:26] <NedFreed> (3) Retribution
[12:26] <NedFreed> (4) Education
[12:27] <NedFreed> Phill Hallam-Baker: Thinks what's happening is money laundering
[12:27] <NedFreed> Agreement from speaker
[12:27] <NedFreed> Marine out today fighting part of this battle.
[12:28] <Eliot> exactly how do we "help" from an RG standpoint?
[12:28] <NedFreed> Education a big problem: Kids today learning to engage in illegal conduct.
[12:29] <NedFreed> [Invite them all to come to the IETF - comment from neighbor]
[12:29] <NedFreed> Legal weapons:
[12:29] <NedFreed> (1) Injunctions
[12:29] <NedFreed> (2) Money Judgements - non dischargable in bankruptcy, fund anti-spam fight
[12:29] <NedFreed> (3) Imprisonment
[12:30] <NedFreed> [So if I added (4) Capital Punishment would anyone believe it was actually on the slide -NF]
[12:30] <NedFreed> Hierarchy of anti-spam rules:
[12:30] <Eliot> "ARE YOU BEING SPAMMED??? THE LAW FIRM OF DEWEY CHETEM and HOWE WILL SUE SPAMMERS FOR YOU"...
[12:30] <NedFreed> (1) AUPs
[12:30] <NedFreed> (2) Common law
[12:31] <NedFreed> (3) State statutes
[12:31] <NedFreed> (4) Federal statutes
[12:31] <NedFreed> (5) International laws
[12:31] %% kmurchison has left.
[12:31] <NedFreed> State laws codidy trespass
[12:31] %% mrose has left.
[12:32] <NedFreed> State laws add labelling requirements
[12:32] <NedFreed> Also outlaw fraudulent spam
[12:32] <NedFreed> All part of clearing middle ground
[12:32] <NedFreed> Federal statutes: Computer fraid and abuse act
[12:32] <NedFreed> Criminalizes unauthorized access
[12:33] <NedFreed> Other analogues haven't received enough attention: Anti-fax laws.
[12:33] <NedFreed> Says "it literally stopped the problem overnight"
[12:33] <NedFreed> Comment at mic: Faxers won't pay long distance charges
[12:35] <NedFreed> Adult content disclosure of proof of age an interesting analogue
[12:35] %% resnick has left.
[12:35] <NedFreed> widen's "can spam" act seems to have the most legs right now
[12:36] <NedFreed> (talking about future laws)
[12:36] <NedFreed> Anything that gets spammers attention will help
[12:37] <NedFreed> International law - no law that applies everywhere the Internet works
[12:37] <NedFreed> Goals of federal proposals:
[12:37] <NedFreed> (1) discourage use of fraud
[12:38] <NedFreed> (2) Encourage transparency of identify
[12:38] <NedFreed> "Sunshine" Proposal: Require every commercial email to identify a
[12:38] <NedFreed> custodian of record.
[12:39] <NedFreed> Failure to disclose -- spam assume high civil penalties
[12:39] <NedFreed> False disclosures - fraud, civil penalties
[12:39] <NedFreed> Disclosures subject to reasonable due diligence.
[12:39] <NedFreed> If custodian is legitimate relatively small survivable penalties for
[12:39] <NedFreed> problems with consent
[12:40] <NedFreed> Law needs from Internet structure: Identity, geography
[12:41] <NedFreed> "Netizens avoid lawless parts of the Internet"
[12:42] <NedFreed> geography needed because of lack of international law
[12:42] %% ole has arrived.
[12:42] <NedFreed> why we will defeat spam:
[12:43] <NedFreed> (1) Victory doesn't require 100%
[12:43] <Eliot> it's at least a fair statement for a lawyer to state requirements for interlock between legal and technical realms.
[12:43] <NedFreed> Cut to questions
[12:43] <NedFreed> (applause)
[12:43] <NedFreed> Now we get to work items.
[12:44] <NedFreed> But its 11:30 and I have another meeting, so someone else will have
[12:44] <NedFreed> to step up and do the notes.
[12:44] %% NedFreed has left.
[12:45] %% Eliot has left.
[12:45] %% leg has left.
[12:47] %% ole has left.
[12:50] %% kmurchison has arrived.
[12:51] %% rjs3 has left.
[12:51] %% kmurchison has left.
[12:52] %% mattz has left.
[12:53] %% kcrispin has left.
[12:55] %% mark.ellison has arrived.
[12:56] %% mark.ellison has left.
[12:59] %% randy has left.
[13:00] %% JavierA has left.
[13:07] %% dcrocker has left.
[13:27] %% shep has left.
[14:08] %% wcw has left.
[14:27] %% SRuffino has arrived.
[14:27] %% SRuffino has left.