Would a solution to manage spam by as "simple" as to have a central email address registry database were consumers can opt out from receiving any spam email? Very similar proposition to the current direct marketing "do-not-call" lists. Such an approach coupled with enforcement may be an option. Basically this approach put the onerous on the spamer to comply and check if an email address belongs to a list. Regards, Eleas "Talk Straight, Follow Through" "Trust, Character, Commitment, Passion" -----Original Message----- From: Dean Anderson [mailto:dean@av8.com] Sent: Thursday, May 29, 2003 6:28 PM To: Tony Hain Cc: 'IETF Discussion' Subject: RE: The utilitiy of IP is at stake here The ECPA permits ISPs and telecos to reveal the identification of the participants in a communication. Though, the Privacy Protection Act may impose some additional requirements. Usuaully, ISPs have no interest in providing this information without a warrant or subpoena. Privacy is part of the service customers purchase. In the current system, it is not hard to nail down the originator, given there is Law Enforcement interest in finding our the identity. An IP address works just as good as a phone number. Even an open proxy has logs, or can be logged. In some cases, it has been hard to find out the identity via a civil action, as in the RIAA V Verizon. That case is not yet decided. AOL had a somewhat similar case, where it resisted a subpoena for identification. That case has some quirks, though. The plaintiffs also didn't want to be identified, and I think it was considered to be frivolous or malicious suit. I don't remember all the details. However, sans Law Enforcement requests, or civil subpoenas, it is difficult. It is unlikely that would change, though. And privacy groups would want to keep it that way, at least so that a court would decide whether the identity is wanted for frivolous or malicious reasons. I support the EFF in this view. Anyway, with Type 1 and Type 2 spam, this is unnecessary, since they tell you how to contact them in the message. It is only hard with Type 3 abuse, which is generally involved in crimes that Law Enforcement could pursue, but won't, for lack of interest. --Dean On Thu, 29 May 2003, Tony Hain wrote: > Iljitsch van Beijnum wrote: > > On donderdag, mei 29, 2003, at 21:34 Europe/Amsterdam, Tony > > Hain wrote: > > > > > The fundamental legal issue we need to deal with is the ability to > > > absolutely identify the originator of the mail. Is that > > precluded by > > > any existing privacy laws? If not, identity would provide > > the means to > > > pursue financial recourse for wasted time and resources. If > > so, we have > > > a non-technical issue that may prevent any solution. > > > > Too bad the bad ideas get much more air time than the good ones. > > Yesterday some really good points were brought up, today we're mostly > > rehashing the bad stuff. > > > > About the law: current laws are unable to keep spam in check. > > I was not asking about spam law. I was trying to be specific about any > privacy laws that would prevent identification of the originator of a > message. As long as there is a legal way to undeniably trace the message > origin, there is a chance we can build a technical approach to bulk > message handling system that will end random spam. > > > ... > > The real question is whether the current protocols > > exhibit flaws that make the spam problem worse than it would > > be without > > those flaws; and whether improved protocols can be implemented and > > deployed at reasonable levels of effectiveness and efficiency. > > I would argue yes, in that it is impossible to nail down the originator > with the current system. > > > > > It seems the answer to this was "no" five or six years ago. > > In the mean > > time, many things have changed. We now have more advanced techniques > > and more processing power at our disposal. Also, spamming in general > > has become much worse and many more children are online now, who are > > subjected to spam that isn't always "child friendly" to say > > the least. > > Maybe the answer is still "no" but the time is right to at least > > revisit the question. > > > > I agree. > > Tony > > > > >