[PLUG] Spam, Etc.
Jason Van Cleve
jason at vancleve.com
Sat Jun 21 13:42:01 UTC 2003
This is only indirectly Linux-related, but I'd really like some input
from those in the know. In an article today on the recent Best Buy
email hoax, I learned that ID theft is keeping good pace with spam, with
161,800 cases reported last year (FTC) versus 86,200 in 2001 (an
increase of 88 percent and a total of $343 million in damages). The
Internet is a great medium because it's a global anarchy, but if this
trend continues, it seems people will eventually call on the government
to take some drastic measures that would undoubtedly change the very
nature of the medium. The FBI and like agencies have been making
vaguely reassuring statements, like "It can be very difficult, but it's
not impossible" to catch Internet criminals--presumably just so they
don't seem completely helpless. But my guess is, by and large, they
are, and I've been thinking for some time that it must fall to us, the
technologists, to provide the means of fixing these problems. I mean,
let's face it, email, in spite of all the filtering being done, just
isn't the tool is was before the spam epidemic hit (with spam accounting
for nearly 50% of emails, I'd say we're drowning here).
My paltry little idea is this: what if everyone went down to their
local post office or DMV or something and registered a public encryption
key, and a database was formed of those keys by which non-registered
keys could be filtered? Email clients could then opt to receive only
emails signed by registered keys, so they couldn't be spammed without
implicating someone.
This seems fairly analogous to physical ID cards like driver licenses,
which are issued and validated in the same way. I don't know enough
about ID theft to be sure it would help with that, but it seems like a
viable approach to the spam problem, at least. We're passing anti-spam
laws right and left, but what good are those if the spammers can't be
identified?
Now, I admit I can't relate very well to you hard-core privacy
advocates, personally, but it seems like this could be implemented as a
voluntary system, so you could still use your anonymous email addresses,
except that not everyone would accept your unidentified mail.
I'll stop there, because I'm sure some of you are already prepared to
punch a few holes in my theory. There is the international problem of
either getting other countries to create a credible registration process
or blocking all their emails, so that spam could not still be sent from
a server in the Netherlands. Again, though, I don't trust our
government to fix these problems without essentially taking over the
whole Internet. So we may need to act quickly to come up with a better
idea.
--Jason Van Cleve
More information about the PLUG
mailing list