FTC Fights Spam With Carrot and Stick

The Federal Trade Commission (FTC) has been at the forefront of efforts to contain the onslaught of spam that still plagues e-mail in-boxes across the world. Most of its efforts have relied on using legal action as a stick. Now it's trying the carrot as well.

Under its mandate pursuant to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the CAN-SPAM Act), the FTC has issued a report to Congress outlining a system that would reward those who can supply the government with information about violations of the Act.

The report first notes that it is still too early to assess the effectiveness of the law, which has been in effect for slightly less than a year. There are some "significant hurdles" facing the FTC in these cases, according to the report: identifying the source of spam, developing enough evidence to hold a person liable for spam, and obtaining monetary rewards (the theoretical maximum civil penalties are typically mitigated by factors such as the defendant's ability to pay, for example).

The volume of mail is also an issue. More than 300,000 pieces of spam are delivered each day to the FTC's spam database, according to the report, and those who are forwarding these messages are not the type of informants who a reward system is meant for because they offer no information about who is really behind the spam; nor are rewards likely to go to cybersleuths, the report states, particularly because their lack of subpoena power, "can do little to identify spammers who deliberately conceal their identities, or to supply evidence showing a spammer's level of knowledge or culpability in a particular spam campaign."

Instead, the rewards should be aimed at insiders and whistleblowers who can provide "information resulting in the imposition of a final court order." The FTC recommends that these awards, which will range from roughly $100,000 to as much as $250,000, be funded through appropriations rather than civil penalties, because it estimates revenues from cases to be "relatively low."

To protect the system from abuse, the report recommends civil penalties for anyone who knowingly provides false information, promises anonymity unless informants need to testify, and states that the FTC cannot grant immunity from criminal liability.

Meanwhile, the FTC's "stick" approach is seeing some success, including the conviction in September of a wardriver who exploited unprotected wireless hot spots and used them to send spam. In one of the agency's first civil actions under CAN-SPAM, the FTC requested and received a preliminary injunction against three defendants from a company known as "Phoenix Avatar, LLC."

In the case, FTC paralegals, working undercover, bought diet patches advertised in spam. These were analyzed by a professor of medicine at the Mayo Medical School, who concluded that the patches were ineffective, and thus the court concluded that the diet patch ads were deceptive. A technology expert from security company LURHQ helped tie the defendants to the diet-patch spam.

The district judge who granted the injunction said he did so because "the FTC has a better than negligible chance of success" in proving that the diet patches were deceptive, and noted that there "is no dispute that the e-mails in question violate CAN-SPAM."

@ A CAN-SPAM Informant Reward System: A Report to Congress  is available through SM Online.