In a lukewarm endorsement of a bounty system for spammers, the U.S. Federal Trade Commission said offering US$100,000 to $250,000 to whistleblowers inside the spamming community would help catch the online criminals.
In a report assessing the feasibility of a system that rewards members of the public for tracking down spammers, the FTC cited the difficulty of identifying, locating and gathering evidence against spammers.
However, the commission said that, if limited to “insiders with high-value information,” a proposed bounty system would be an effective tool in prosecuting spammers and preventing the unsolicited e-mails, which have risen in quantity over the past several years despite the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2002 (CAN-SPAM) and other state antispam laws.
Although bounties for virus writers offered by Microsoft have proven somewhat effective in snagging the computer criminals, some experts are doubting the effectiveness of bounties for spammers. Still, other analysts said any deterrence against spamming is needed, particularly given the increasing amount of spam and the ongoing brazenness of its senders.
Bounty Benefits Unclear
The FTC reviewed existing spam cases and concluded that if a reward system was designed to generate information that helps identify, locate and prosecute spammers, it might improve the effectiveness of CAN-SPAM enforcement.
The FTC added, however, that even with sizeable rewards, whistleblowers who are spammers themselves or associates of spammers might still be reluctant to come forward.
“To an extent an insider has ‘unclean hands’ and faces potential legal liability, it is questionable whether such a person would be willing to assume the significant personal risk of coming forward,” the FTC report said. “Thus, the benefits of a reward system remain unclear.”
More Serious Than Just Spam
Gartner analyst Lydia Leong told TechNewsWorld that, in addition to the potential legal ramifications, a spamming associate also might be afraid to come forward out of fear because the spammer community has moved closer to being like the world of organized crime.
Leong said the bounty, which she described as an “informant’s bounty” aimed at the spammer community rather than at antispam activists, might help catch the worst offenders who have likely violated more than the CAN-SPAM Act.
“The ones they really want to catch have probably broken laws in more ways than CAN-SPAM,” Leong said. “These legislative measures won’t reduce the spam we have today, but it will have a long-term impact on how desirable it is to be a spammer.”
The FTC stipulated that, if successful, a bounty system for spammers would have to do several things: tie eligibility to a court order, rather than civil penalties; fund rewards separately from civil penalties; restrict eligibility to insiders; be exempt from review to minimize disputes; and establish high enough rewards, recommended between $100,000 and $250,000.
Industry analyst Joyce Graf called a spammer bounty system a “great idea,” adding that spammers now feel they are immune to prosecution and often brag about their spamming exploits.
“I think we need something, at least, to make it a more dangerous profession,” Graff told TechNewsWorld. “So the risk is as great as the damage they cause.”
Basex CEO and chief analyst Jonathan Spira told TechNewsWorld that the bounty, which could open the door to a range of amateur cybersleuths interested in the reward funds, is unlikely to impact spammers who can pay their associates greater amounts.
“The bounty could potentially only affect a handful of people who work with spammers large enough to be turned in,” Spira said. “I just think the population [of spammers] is too small.”
Spira, who criticized the CAN-SPAM act for its ambiguous definition of spam, predicted that a spammer bounty system would “fail as visibly as CAN-SPAM.”