[PLUG] Spam, Etc.

Jason Van Cleve jason at vancleve.com
Sat Jun 21 13:42:01 UTC 2003


This is only indirectly Linux-related, but I'd really like some input 
from those in the know.  In an article today on the recent Best Buy 
email hoax, I learned that ID theft is keeping good pace with spam, with 
161,800 cases reported last year (FTC) versus 86,200 in 2001 (an 
increase of 88 percent and a total of $343 million in damages).  The 
Internet is a great medium because it's a global anarchy, but if this 
trend continues, it seems people will eventually call on the government 
to take some drastic measures that would undoubtedly change the very 
nature of the medium.  The FBI and like agencies have been making 
vaguely reassuring statements, like "It can be very difficult, but it's 
not impossible" to catch Internet criminals--presumably just so they 
don't seem completely helpless.  But my guess is, by and large, they 
are, and I've been thinking for some time that it must fall to us, the 
technologists, to provide the means of fixing these problems.  I mean, 
let's face it, email, in spite of all the filtering being done, just 
isn't the tool is was before the spam epidemic hit (with spam accounting 
for nearly 50% of emails, I'd say we're drowning here).

My paltry little idea is this:  what if everyone went down to their 
local post office or DMV or something and registered a public encryption 
key, and a database was formed of those keys by which non-registered 
keys could be filtered?  Email clients could then opt to receive only 
emails signed by registered keys, so they couldn't be spammed without 
implicating someone.

This seems fairly analogous to physical ID cards like driver licenses, 
which are issued and validated in the same way.  I don't know enough 
about ID theft to be sure it would help with that, but it seems like a 
viable approach to the spam problem, at least.  We're passing anti-spam 
laws right and left, but what good are those if the spammers can't be 
identified?

Now, I admit I can't relate very well to you hard-core privacy 
advocates, personally, but it seems like this could be implemented as a 
voluntary system, so you could still use your anonymous email addresses, 
except that not everyone would accept your unidentified mail.

I'll stop there, because I'm sure some of you are already prepared to 
punch a few holes in my theory.  There is the international problem of 
either getting other countries to create a credible registration process 
or blocking all their emails, so that spam could not still be sent from 
a server in the Netherlands.  Again, though, I don't trust our 
government to fix these problems without essentially taking over the 
whole Internet.  So we may need to act quickly to come up with a better 
idea.

--Jason Van Cleve





More information about the PLUG mailing list