Things that Go ‘Bump’ in the ‘Net

I’m reading about the first-ever felony conviction for spamming. While I almost always agree with the ACLU on free speech issues, I found the Virginia ACLU’s amicus brief in the acse totally unpersuasive.

The ACLU argues that the First Amendment protects a right to anonymous speech, which I wholeheartedly agree with. However, I don’t think that right can be stretched so far as to strike down the Virginia anti-spam statute at issue in this case. This statute prohibited the falsification of email headers while sending more than 10,000 pieces of unsolicited bulk email. So this means that under the statute, someone may (a) send out an unlimited number of emails using a real email address, (b) send out 9999 emails per day (99,999 per month, 999,999 per year) while falsifying email headers, or (c) send out an unlimited number of emails with falsified addresses to people who have previously consented to receive them. I find it extremely difficult to imagine a circumstance in which these restrictions would impinge on legitimate exercises of free speech. The activities prohibited by this statute simply don’t include the kinds of situations that motivate the constitutional protection of anonymous speech—defending a point of view or releasing sensitive information without fear of reprisal or public embarrassment. Whistleblowers might want to send falsified emails to a few dozen journalists, legislators, or business leaders, but I’m having trouble thinking of a plausible situation in which a whistle-blower had a genuine need to reach more than 10,000 people.

I find analogies to older technologies—and to 18th-century pamphleteers in particualr—unpersuasive in this case because this case just isn’t like anything that existed in the pre-Internet age. In 1975, there just wasn’t any way to transmit tens of thousands of messages for a fraction of a penny per message. The costliness of information transmission—any available communications technology cost at least a few pennies per message—meant that the law never had to grapple with the possibility that sending messages could become a significant enough nuisance to require regulation. Now we do live in that world, and I think it’s a mistake to put too much weight on misleading analogies to older communications technologies with vastly different properties.

A final reason anti-spam legislation doesn’t bother me from a First Amendment perspective is that I don’t see any slippery slope here. Not only is the activity being targeted unambiguously bad, but there are very few grey areas, and the grey areas are pretty bad themselves. The Virginia statute applies two very clear bright lines—spam must be unsolicited and it must consist of more than 10,000 pieces in a 24-hour period—that make it trivially easy for anyone interested in following the law to do so. Moreover, thanks to the growth of spam filters, there is an enormous gulf between bad spammers and legitimate emails users. Legitimate users who did vaguely spam-like things (say, a non-profit organization that sent out a fundraising appeal to people who hadn’t consented to receive it) would get most of their spam blocked by ISPs’ spam filters and would get contacted by email administrators very promptly to be told to knock it off. It’s hard to imagine such an organization breaking Virginia’s law (sending out 10,000 copies and forging email headers), and even if it did it’s hard to imagine a prosecutor going after them. Which means that only spammers are engaging in spammer-like behavior. It’s pretty easy to write a statute that criminalizes most spammers and few if any legitimate email users. To use the Supreme Court’s lingo, Virginia’s spam law strikes me as “narrowly tailored” to blocking an undisputed evil and is no more restrictive than is necessary to accomplish that objective. If there’s any speech restriction that should pass First Amendment scrutiny, this is it.

Update: None of this is to say that some anti-spam laws can’t be too broad. CAN-SPAM, for example, appears to criminalize the sending of “multiple” deceptive emails or the creation of more than five separate email accounts for sending commercial emails. I can certainly think of grey areas for those kinds of prohibitions, and would have serious doubts about their constitutionality.

This interesting post on The 463 reminds us that the opening of society in China may not lead to a blossoming of freedom and tolerance, but to a nationalist frenzy like we saw in the Balkans after the fall of communism there.

I don’t know whether the Chinese people have separate ethnic identities that would lead them to fight each other, or whether China as a whole would turn against the world (and especially the United States) in a fit of nationalist anger. Anyone?

If it’s not already happening, I can certainly see Chinese party officials whipping up nationalism seeking to hold power on the cheap.

Something to think about when you go to decide whether tech companies should engage with China. I still think they should, but soberly, and not so much like a neocon expecting to be met with flowers in Iraq.

I’ve run across the most curious thing today.

Searches on Google that should turn up the Cato@Liberty blog (at http://www.cato-at-liberty.org) do not return any result with that URL in it.

Berin took great care the other day to report on the temporary demotion of some Progress & Freedom Foundation content by the Google search engine. I want to do a similar, careful job with this because it’s a sensitive area.

Could I ask you, our visitors, to check what you get from Google? Visit Cato@Liberty and then craft the Google search that you think is most likely to return that Web site. (I’ve tried searching “site:cato-at-liberty.org the” for example, which would return instances of the word “the” on the cato-at-liberty.org domain, and gotten no results.)

Next, if you have any technical knowledge, please opine on what might be causing this to occur. Cato@Liberty is a fairly high-traffic site with a large following. Its disappearance from Google search results is unusual. Any ideas on how to get it restored would be welcome.

Update: It’s a problem with robots.txt on the site.

TLF readers may have heard that Google was craftily censoring my free-market colleagues at the Progress & Freedom Foundation.  Our good friend and invaluable TLF commenter Richard Bennett blogged over  the weekend about how Google seemed to block access to our site when he tried to search for “net neutrality.”

This is one of the most amazing things I’ve ever seen. Google is blocking net neutrality documents from the PFF’s web site, but documents in the same format that deal with other subjects are not flagged “dangerous.”

This is really outrageous, and a clear example of the problem with a monopoly gatekeeper.

This story made the rounds this morning and much of the DC Internet policy community was atwitter with allegations of censorship by Google.  But as I explain in the comment I tried (unsuccessfully) to post on Richard’s blog, this is all an innocent and unfortunate misunderstanding: Continue reading →

With California’s law against talking on a cell phone while driving taking effect next week, Mike Masnick is asking what else should be banned while driving.

I think the TLF audience of public policy sophisticates could add to the tenor and quality of the list. I’ve done my part (comment #42), and I obviously need a life.

Americans have a love-hate relationship with their cellphones.   Consumers have adopted wireless telephony with a passion — with over 250 million subscriptions at last count.  Many would rather venture out without their pants than without their phones.  Yet,  at the same time,  Americans seem deeply suspicious of the little devices,  perhaps believing that anything this convenient must be harmful.  

The latest case in point:  a video circulating on the net purportedly showing how radiation from cellphones can pop popcorn.   Posted on youtube and circulated endlessly by email, the video has been viewed millions of times.  It appears to to be an amateur recording made in someone’s living room, with a group of friends to put three cellphones in a circle around some popcorn kernels, then call them — making the phones ring and the popcorn pop to much merriment.

The unspoken message:  if these gizmos can explode a kernal of corn, what are they doing to your brain?

The problem though is that the whole thing is a hoax.   A total fabrication.  As it turns out, the radiation from even three cellphones isn’t even enough to warm up corn, never mind pop it.  As one commenter on the video put it:  “A 1 kilowatt microwave takes around one minute to pop its first kernel, and that’s in a closed environment. A cell phone transmitter operates from 0.1 to 1 watt, but this video shows these kernels popping almost immediately.”

And I’m not an electrical engineer, but I suspect that having the phones ring doesn’t change the equation much.

Continue reading →

Peter Swire of the Center for American Progress has a paper out called “No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime.” He identifies how local law enforcement lacks the ability and incentive to address various wrongs done on the Internet because of their complexity and their multi-jurisdictional nature.

Swire has identified a real problem. Just like everyone else, law enforcement struggles to keep up in the changing online environment. And it’s true that local law enforcement lacks incentive to expend efforts going after a distant cybercrime ring for the benefit of one local complainant and thousands of strangers.

(He calls this a “commons problem” and I understand how he means it to illustrate that law enforcement personnel and organizations are economic actors. Crime victims are a sort of public good to them and they can’t enjoy the benefits of caring for most of those who would benefit from their work. I think this fits more neatly in the public choice box: local law enforcement in one jurisdiction doesn’t get any benefit – budgetary, political, or otherwise – from helping strangers, so they won’t.)

His conclusion is that there should be more federal law enforcement – such as by the Federal Trade Commission and Justice Department – or “federated” law enforcement, combinations of state and federal authorities: “A more federated approach recognizes the usefulness of enforcement task forces that draw on multiple jurisdictions. Federal?state task forces, for instance, have been used widely for drug prosecutions and, more recently, in fighting terrorism.”

While these are logical conclusions, I would be reluctant to call for greater federal law enforcement. There isn’t authority for it in the constitution, and the uses of “federated” law enforcement he identifies – in the “War on Drugs” and the “War on Terror” – have not been shining examples we ought to follow.
Continue reading →

I’m often asked what one can do to avoid becoming the victim of “identity theft” – actually identity fraud, the use of one’s personal information to impersonate, typically in the financial services world.

My advice is usually “not very much,” and I specifically recommend against any of the credit or ID theft monitoring services. My rough cost-benefit analysis of these services is that it isn’t worth $8 or $10 per month to avoid the relatively low risk of being a victim of any kind of serious identity fraud. Credit card fraud is the most common form of ‘identity theft.’ It threatens no liability and only a little bit of inconvenience to most consumers in the United States – consumers that are prudent, anyway. And I’ve never understood what these services would or could do to prevent or mitigate a true impersonation fraud.

The one thing they might do is place “fraud alerts” on your identity with credit bureaus, but that’s burning the village to save it. Anticipatorily sullying your own credit file may reduce your likelihood of being a subject of identity fraud, yes, but it destroys the benefit of having good credit in the first place – that’s what you’re trying to protect.

Now comes news that LifeLock, one of the most prominent purveyors of “proactive identity theft protection,” is being sued in several states. The allegations cluster around . . . oh, I’ll put it this way: B.S.ing people into paying them money. I don’t know whether the specific allegations are merited, or whether selling people assurance about something they needn’t fear is actionable, but my gut is that LifeLock is closer to a scam than a real service. It’s certainly not worth $100+ a year.

Check your bank and credit card statements when they come. You might get a copy of your credit file from each of the major credit bureaus if you’ve got a big financial transaction like a mhome purchase or refinancing. Other than that, my advice is to relax and have a good time. You’re not going to avoid being a subject of identity fraud using these services, and only in the rare, exotic case will being a victim of identity fraud cause you a great deal of harm.

Scott Cleland sometimes cracks me up. You can infer why this time here.

Listening to another panel at the 2008 Tech Policy Summit I heard an interesting point brought up by Rachel O?’Connell the Chief Security Officer of Bebo. When signing up for a Bebo account, users are now shown their IP address and told that they are not anonymous when using Bebo. Presumably the user’s location information could also be displayed along with anything else that can be found doing a reverse DNS lookup.

I thought this was a novel thing to do and may be a real deterrent to cyber-bullies or potential online stalkers. So, I thought I’d post on it. Before I did, I ran a quick search on “Bebo IP address” using Google. Such a query will bring up a host of tools to mask your IP address while using Bebo. Presumably these are TOR type services or other proxies that route your traffic around and therefore obscure your originating IP.

So, is Bebo discouraging online baddies, or reminding them to anonymize their IP?