Computer underground Digest Sun June 8, 1997 Volume 9 : Issue 43 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.43 (Sun, June 8, 1997) File 1--Alert: Two Anti-Spam Bills in Congress; One Good, One Bad File 2--Text of S. 771 (Senate version of Anti-Spam bill) File 3--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Thu, 22 May 1997 17:25:22 EDT From: John R Levine Subject: File 1--Alert: Two Anti-Spam Bills in Congress; One Good, One Bad There are two anti-spam bills in progress now. One is an "opt-out" bill filed earlier this week by Sen. Murkowski of Alaska. The other is an "opt-in" amendment to the existing junk fax law to be filed shortly by Rep. Chris Smith of New Jersey. Both bills attempt to address the problems of spam, but unfortunately the Murkowski bill has several critical flaws that both make it ineffective and would impose huge extra costs on ISPs. Fortunately the Smith bill has none of these problems. The Murkowski bill: * Requires that advertisements be tagged "advertisement" and have valid contact info. * Requires that each advertiser maintain an opt-out list, with a 48 hour window permitted before acting on an opt-out request. * Requires that all ISPs provide filtering on incoming mail, with substantial fines if they don't. * Prescribes a variety of remedies, including a cumbersome proceeding before the Federal Trade Commission for ISPs accused of harboring spammers. The full text of the Murkowski bill is on the senator's web site at . This could be a disaster for ISPs. It does nothing to address the costs that spammers put on ISPs now, and adds unfunded mandates by requiring filtering of mail that nobody wanted in the first place. It also makes spam clearly legal, so the amount of spam will greatly increase. We already know the reasons opt-out doesn't work: each tiny spammer starts with an empty opt-out list, and they have an incentive to keep lousy records and lose opt-out requests. The simple filtering that the bill mandates would exclude all advertising mail, so it makes it much more difficult for existing legitimate opt-in businesses to operate since their mail would be filtered, too. The Smith bill, in contrast, is a short amendment to 47 USC 227, the existing junk fax law, to make unsolicited commercial e-mail illegal, with the same $500 civil penalty as currently applies to junk fax. It puts no new requirements on ISPs. Rather, it makes it incumbent on advertisers to sign up people affirmatively and to keep careful records of opt-in requests, so the advertisers bear the bulk of the cost. Legitimate e-mail advertisers already do these things. What you need to do: * Particularly if you run an ISP or other Internet-related business, call your representative and ask him or her to support and ideally co-sponsor the Smith bill. Tell him why the Murkowski bill would be bad for your business. * Senator Murkowski has asked for e-mail comments at commercialemail@murkowski.senate.gov. Remember, his goals are laudable, it's the implementation that has problems. Encourage him to adopt the language of the Smith bill. Incidentally, I hear that Cyber Promotions supports the Murkowski bill. ------------------------------ Date: Thu, 29 May 1997 16:21:19 -0500 (CDT) From: Jim Thomas Subject: File 2--Text of S. 771 (Senate version of Anti-Spam bill) Please note throughout S. 771, Commission refers to the Federal Trade Commission, not the Federal Communications Commission S. 771 BILL TEXT Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Unsolicited Commercial Electronic Mail Choice Act of 1997''. SEC. 2. FINDINGS. Congress makes the following findings: (1) The Internet is a worldwide network of information that growing numbers of Americans use on a regular basis for educational and personal activities. (2) Electronic mail messages transmitted on the Internet constitute an increasing percentage of communications in the United States. (3) Solicited commercial electronic mail is a useful and cost-effective means for Americans to receive information about a business and its products. (4) The number of transmissions of unsolicited commercial electronic mail advertisements has grown exponentially over the past several years as the technology for creating and transmitting such advertisements in bulk has made the costs of distribution of such advertisements minimal. (5) Individuals have available no effective means of differentiating between unsolicited commercial electronic mail advertisements and other Internet communications. (6) The transmitters of unsolicited commercial electronic mail advertisements can easily move from State to State. (7) Individuals and businesses that receive unsolicited commercial electronic mail advertisements often pay for the costs of such receipt ,including the costs of Internet access and long distance telephone charges. (8) Unsolicited commercial electronic mail can be used to advertise legitimate services and goods but is also used for fraudulent and deceptive purposes in violation of Federal and State law. (9) Individuals and companies that use unsolicited commercial electronic mail for fraudulent and deceptive purposes often use fraudulent identification information in such electronic mail, making it impossible for a recipient to request to be removed from the mailing list or for law enforcement authorities to identify the sender. (10) The inability of recipients of unsolicited commercial electronic mail to identify the senders of such electronic mail or to prevent its receipt impedes the flow of commerce and communication on the Internet and threatens the integrity of commerce on the Internet. (11) Internet service providers are burdened by the cost of equipment necessary to process unsolicited commercial electronic mail. (12) To facilitate the development of commerce and communication on the Internet, unsolicited commercial electronic mail should be readily identifiable and filterable by individuals and Internet service providers. SEC. 3. REQUIREMENTS RELATING TO TRANSMISSIONS OF UNSOLICITED COMMERCIAL ELECTRONIC MAIL. (a) Information on Advertisement. (1) Requirement. Unless otherwise authorized pursuant to a provision of section 7, a person who transmits an electronic mail message as part of the transmission of unsolicited commercial electronic mail shall cause to appear in each electronic mail message transmitted as part of such transmission the information specified in paragraph (3). (2) Placement. * (A) Advertisement. The information specified in subparagraph (A) of paragraph (3) shall appear as the first word of the subject line of the electronic mail message without any prior text or symbol. * (B) Other information. The information specified in subparagraph (B) of that paragraph shall appear prominently in the body of the message. (3) Covered information. The following information shall appear in an electronic mail message under paragraph (1): * (A) The term ``advertisement''. * (B) The name, physical address, electronic mail address, and telephone number of the person who initiates transmission of the message. (b) Routing Information. All Internet routing information contained within or accompanying an electronic mail message described in subsection (a) shall be valid according to the prevailing standards for Internet protocols. (c) Effective Date. The requirements in this section shall take effect 30 days after the date of enactment of this Act. SEC. 4. FEDERAL REGULATION OF UNSOLICITED COMMERCIAL ELECTRONIC MAIL. (a) Transmissions. (1) In general. Upon notice from a person of the person's receipt of electronic mail in violation of a provision of section 3 or 7, the Commission * (A) may conduct an investigation to determine whether or not the electronic mail was transmitted in violation of the provision; and * (B) if the Commission determines that the electronic mail was transmitted in violation of the provision, may + (i) impose upon the person initiating the transmission a civil fine in an amount not to exceed $11,000; + (ii) commence in a district court of the United States a civil action to recover a civil penalty in an amount not to exceed $11,000 against the person initiating the transmission; or + (iii) both impose a fine under clause (i) and commence an action under clause (ii). (2) Deadline. The Commission may not take action under paragraph (1)(B) with respect to a transmission of electronic mail more than 2 years after the date of the transmission. (b) Administration. (1) Notice by electronic means. The Commission shall establish an Internet web site with an electronic mail address for the receipt of notices under subsection (a). (2) Information on enforcement. The Commission shall make available through the Internet web site established under paragraph (2) information on the actions taken by the Commission under subsection (a)(1)(B). (3) Assistance of Federal Communications Commission. The Federal Communications Commission may assist the Commission in carrying out its duties this section. SEC. 5. ACTIONS BY STATES. (a) In General. Whenever an attorney general of any State has reason to believe that the interests of the residents of that State have been or are being threatened or adversely affected because any person is engaging in a pattern or practice of the transmission of electronic mail in violation of a provision of section 3 or 7, the State, as parens patriae, may bring a civil action on behalf of its residents to enjoin such transmission, to enforce compliance with the provision, to obtain damages or other compensation on behalf of its residents, or to obtain such further and other relief as the court considers appropriate. (b) Notice to Commission. (1) Notice. The State shall serve prior written notice of any civil action under this section upon the Commission and provide the Commission with a copy of its complaint, except that if it is not feasible for the State to provide such prior notice, the State shall serve written notice immediately upon instituting such action. (2) Rights of commission. Upon receiving a notice with respect to a civil action under paragraph (1), the Commission shall have the right + (A) to intervene in the action; + (B) upon so intervening, to be heard in all matters arising therein; and + (C) to file petitions for appeal. (c) Actions by Commission. Whenever a civil action has been instituted by or on behalf of the Commission for violation of a provision of section 3 or 7, no State may, during the pendency of such action, institute a civil action under this section against any defendant named in the complaint in such action for violation of any provision as alleged in the complaint. (d) Construction. For purposes of bringing a civil action under subsection(a), nothing in this section shall prevent an attorney general from exercising the powers conferred on the attorney general by the laws of the State concerned to conduct investigations or to administer oaths or affirmations or to compel the attendance of witnesses or the production of documentary or other evidence. (e) Venue; Service of Process. Any civil action brought under subsection (a)in a district court of the United States may be brought in the district in which the defendant is found, is an inhabitant, or transacts business or wherever venue is proper under section 1391 of title 28, United States Code. Process in such an action may be served in any district in which the defendant is an inhabitant or in which the defendant may be found. (f) Actions by Other State Officials. Nothing in this section may be construed to prohibit an authorized State official from proceeding in State court on the basis of an alleged violation of any civil or criminal statute of the State concerned. (g) Definition. In this section, the term ``attorney general'' means the chief legal officer of a State. SEC. 6. INTERNET SERVICE PROVIDERS. (a) Exemption for Certain Transmissions. The provisions of this Act shall not apply to a transmission of electronic mail by an interactive computer service provider unless the provider initiates the transmission. (b) Notice of Transmissions from Commission. Not later than 72 hours after receipt from the Commission of notice that its computer equipment may have been used by another person to initiate a transmission of electronic mail in violation of a provision of section 3 or 7, an interactive computer service provider shall (1) provide the Commission such information as the Commission requires in order to determine whether or not the computer equipment of the provider was used to initiate the transmission; and (2) if the Commission determines that the computer equipment of the provider was used to initiate the transmission, take appropriate actions to terminate the use of its computer equipment by that person. (c) Notice of Transmissions from Private Individuals. (1) In general. Subject to paragraph (2), not later than 14 days after receipt from a private person of notice that its computer equipment may have been used by another person to initiate a transmission of electronic mail in violation of a provision of section 3 or 7, an interactive computer service provider shall + (A) transmit the notice to the Commission together with such information as the Commission requires in order to determine whether or not the computer equipment of the provider was used to initiate the transmission; and + (B) if the Commission determines that the computer equipment of the provider was used to initiate the transmission, take appropriate actions to terminate the use of its computer equipment by that person. (2) Minimum notice requirement. An interactive computer service provider shall transmit a notice under paragraph (1) with respect to a particular transmission of electronic mail only if the provider receives notice with respect to the transmission from more than 100 private persons. (d) Blocking Systems. (1) Requirement. Each interactive computer service provider shall make available to subscribers to such service a system permitting such subscribers, upon the affirmative electronic request of such subscribers, to block the receipt through such service of any electronic mail that contains the term``advertisement'' in its subject line. (2) Notice of availability. Upon the applicability of this subsection to an interactive computer service provider, the provider shall + (A) notify each current subscriber, if any, to the service of the blocking system provided for under paragraph (1); and + (B) notify any new subscribers to the service of the blocking system. (3) Blocking by provider. An interactive computer service provider may, upon its own initiative, block the receipt through its service of any electronic mail that contains the term ``advertisement'' in its subject line. (4) Applicability. The requirements in paragraphs (1) and (2) shall apply + (A) beginning 1 year after the date of enactment of this Act, in the case of an interactive computer service provider having more than 25,000 or more subscribers; and + (B) beginning 2 years after that date, in the case of an interactive computer service provider having less than 25,000 subscribers. (e) Records. An interactive computer service provider shall retain records of any action taken on a notice received under this section for not less than 2 years after the date of receipt of the notice. (f) Construction. Nothing in this section may be construed to require an interactive computer service provider to transmit or otherwise deliver any electronic mail message containing the term ``advertisement'' in its subject line. (g) Definition. In this section, the term ``interactive computer service provider'' has the meaning given that term in section 230(e)(2) of the Communications Act of 1934 (47 U.S.C. 230(e)(2)). SEC. 7. RECEIPT OF TRANSMISSIONS BY PRIVATE PERSONS. (a) Termination of Transmissions. (1) Request. A person who receives a transmission of unsolicited commercial electronic mail not otherwise authorized under this section may request, by electronic mail to the same electronic mail address from which the transmission originated, the termination of transmissions of such mail by the person initiating the transmission. (2) Deadline. A person receiving a request for the termination of transmissions of electronic mail under this subsection shall cease initiating transmissions of electronic mail to the person submitting the request not later than 48 hours after receipt of the request. (b) Affirmative Authorization of Transmissions Without Information. (1) In general. Subject to paragraph (2), a person may authorize another person to initiate transmissions to the person of unsolicited commercial electronic mail without inclusion in such transmissions of the information required by section 3. (2) Termination. + (A) Notice. A person initiating transmissions of electronic mail under paragraph (1) shall include, with each transmission of such mail to a person authorizing the transmission under that paragraph, notice that the person authorizing the transmission may request at any time the recommencement of the inclusion in such transmissions of the information required by section 3. + (B) Deadline. A person receiving a request under this paragraph shall include the information required by section 3 in all transmissions of unsolicited commercial electronic mail to the person making the request beginning not later than 48 hours after receipt of the request. (c) Constructive Authorization of Transmissions Without Information. (1) In general. Subject to paragraph (2), a person who secures a good or service from, or otherwise responds electronically to, an offer in a transmission of unsolicited commercial electronic mail shall be deemed to have authorized transmissions of such mail without inclusion of the information required under section 3 from the person who initiates the transmission providing the basis for such authorization. (2) Termination. + (A) Request. A person deemed to have authorized the transmissions of electronic mail under paragraph (1) may request at any time the recommencement of the inclusion in such transmissions of the information required by section 3. + (B) Deadline. A person receiving a request under this paragraph shall include the information required by section 3 in all transmissions of unsolicited commercial electronic mail to the person making the request beginning not later than 48 hours after receipt of the request. (d) Effective Date of Termination Requirements. Subsections (a), (b)(2), and(c)(2) shall take effect 30 days after the date of enactment of this Act. SEC. 8. ACTIONS BY PRIVATE PERSONS. (a) In General. Any person adversely affected by a violation of a provision of section 3 or 7, or an authorized person acting on such person's behalf, may, within 1 year after discovery of the violation, bring a civil action in a district court of the United States against a person who has violated the provision. Such an action may be brought to enjoin the violation, to enforce compliance with the provision, to obtain damages, or to obtain such further and other relief as the court considers appropriate. (b) Damages. (1) In general. The amount of damages in an action under this section for a violation specified in subsection (a) may not exceed $5,000 per violation. (2) Relationship to other damages. Damages awarded for a violation under this subsection are in addition to any other damages awardable for the violation under any other provision of law. (c) Cost and Fees. The court, in issuing any final order in any action brought under subsection (a), may award costs of suit and reasonable attorney fees and expert witness fees for the prevailing party. (d) Venue; Service of Process. Any civil action brought under subsection (a)in a district court of the United States may be brought in the district in which the defendant is found, is an inhabitant, or transacts business or wherever venue is proper under section 1391 of title 28, United States Code. Process in such an action may be served in any district in which the defendant is an inhabitant or in which the defendant may be found. SEC. 9. RELATION TO STATE LAWS. (a) State Law Applicable Unless Inconsistetive Authorization of Transmissions Without Information. (1) In general. Subject to paragraph (2), a person may authorize another person to initiate transmissions to the person of unsolicited commercial electronic mail without inclusion in such transmissions of the information required by section 3. (2) Termination. + (A) Notice. A person initiating transmissions of electronic mail under paragraph (1) shall include, with each transmission of such mail to a person authorizing the transmission under that paragraph, notice that the person authorizing the transmission may request at any time the recommencement of the inclusion in such transmissions of the information required by section 3. + (B) Deadline. A person receiving a request under this paragraph shall include the information required by section 3 in all transmissions of unsolicited commercial electronic mail to the person making the request beginning not later than 48 hours after receipt of the request. (c) Constructive Authorization of Transmissions Without Information. (1) In general. Subject to paragraph (2), a person who secures a good or service from, or otherwise responds electronically to, an offer in a transmission of unsolicited commercial electronic mail shall be deemed to have authorized transmissions of such mail without inclusion of the information required under section 3 from the person who initiates the transmission providing the basis for such authorization. (2) Termination. + (A) Request. A person deemed to have authorized the transmissions of electronic mail under paragraph (1) may request at any time the recommencement of the inclusion in such transmissions of the information required by section 3. + (B) Deadline. A person receiving a request under this paragraph shall include the information required by section 3 in all transmissions of unsolicited commercial electronic mail to the person making the request beginning not later than 48 hours after receipt of the request. (d) Effective Date of Termination Requirements. Subsections (a), (b)(2), and(c)(2) shall take effect 30 days after the date of enactment of this Act. SEC. 8. ACTIONS BY PRIVATE PERSONS. (a) In General. Any person adversely affected by a violation of a provision of section 3 or 7, or an authorized person acting on such person's behalf, may, within 1 year after discovery of the violation, bring a civil action in a district court of the United States against a person who has violated the provision. Such an action may be brought to enjoin the violation, to enforce compliance with the provision, to obtain damages, or to obtain such further and other relief as the court considers appropriate. (b) Damages. (1) In general. The amount of damages in an action under this section for a violation specified in subsection (a) may not exceed $5,000 per violation. (2) Relationship to other damages. Damages awarded for a violation under this subsection are in addition to any other damages awardable for the violation under any other provision of law. (c) Cost and Fees. The court, in issuing any final order in any action brought under subsection (a), may award costs of suit and reasonable attorney fees and expert witness fees for the prevailing party. (d) Venue; Service of Process. Any civil action brought under subsection (a)in a district court of the United States may be brought in the district in which the defendant is found, is an inhabitant, or transacts business or wherever venue is proper under section 1391 of title 28, United States Code. Process in such an action may be served in any district in which the defendant is an inhabitant or in which the defendant may be found. SEC. 9. RELATION TO STATE LAWS. (a) State Law Applicable Unless Inconsistent. The provisions of this Act do not annul, alter, or affect the applicability to any person, or otherwise exempt from the applicability to any person, of the laws of any State with respect to the transmission of unsolicited commercial electronic, except to the extent that those laws are inconsistent with any provision of this Act,and then only to the extent of the inconsistency. (b) Requirement Relating to Determination of Inconsistency. The Commission may not determine that a State law is inconsistent with a provision of this Act if the Commission determines that such law places greater restrictions on the transmission of unsolicited commercial electronic mail than are provided for under such provision. SEC. 10. DEFINITIONS. In this Act: (1) Commercial electronic mail. The term ``commercial electronic mail''means any electronic mail that + (A) contains an advertisement for the sale of a product or service; + (B) contains a solicitation for the use of a toll-free telephone number or a telephone number with a 900 prefix the use of which connects the user to a person or service that advertises the sale of or sells a product or service; or + (C) contains a list of one or more Internet sites that contain an advertisement referred to in subparagraph (A) or a solicitation referred to in subparagraph (B). (2) Commission. The term ``Commission'' means the Federal Trade Commission. (3) State. The term ``State'' means any State of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the United States Virgin Islands, the Commonwealth of the Northern Mariana Islands, the Republic of the Marshall Islands, the Federated States of Micronesia, the Republic of Palau, and any possession of the United States. ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 3--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.43 ************************************