Joho the Blog
An Entry from the Archives

« Being towards death || Back to Blog | David Reed on Kerry on Tech »

June 25, 2004

How not to regulate spam, or, Where does end-to-end apply?

An article by Paul Jamieson, "$t0pp^ng $p@m!!", in Legal Affairs, argues that the government needs to get out of the business of regulating spam:

...legal measures may be largely powerless to affect the spam problem because the architecture of e-mail is resistant to traditional methods of government regulation. While members of Congress and the Federal Trade Commission will be quick to claim credit in the event that the spam problem is reduced, the role they play is small

I of course like this point. I'm less certain about Paul's prescriptions:

Consumers and businesses suffering from the torrent of spam must look for relief not from formal law developed on Capitol Hill or in a watchdog agency, but from the people who write the code that makes the Internet run, and then from the private businesses that put the code to work.

He points, seemingly approvingly, to Bill Gates' Global Infrastructure Alliance for Internet Safety, efforts to charge postage for email, challenge-response systems, and systems that verify the sender's email address. I know just enough about these to be nervous to varying degrees, but not enough to have actual opinions worth stating. But Paul's conclusion worries me:

To solve the spam problem, the federal government should create incentives for the private sector to develop solutions. It could subsidize effective technological solutions to spam, much like what the government does to subsidize the availability of Internet access in the nation's schools and libraries. Or it could require that a company license any truly effective solution to anyone who wants it. Government could also be more aggressive in supporting industry consortia, including the recognition of an industry standards-setting body that would develop practices to combat spam and share the best ones. If it turned out that the best anti-spam strategy required ISPs to employ a particular method of authentication, the government could mandate compliance with that standard.

If the government is going to pick favorites and enforce compliance, we might as well have it doing the regulating in the first place.

Here's where I get confused: I like the end-to-end principle because it maximizes options. That principle is meant to apply low down on the stack. But I think it applies higher up, too, where the "center" isn't defined by protocols for packets but by economic forces. If one company has an effective monopoly on, say, the browser or DRM software, then even though no packet headers are being changed, we have in effect lost the ability to innovate that the end-to-end principle is about. A government mandated authentication scheme feels to me like a violation of the end-to-end principle, just higher up the stack.

Don't get me wrong. I don't know what to do about spam, I don't know how to evaluate the ideas being presented, and I recognize that there are times when the end-to-end principle needs to be over-ridden by more pressing concerns. But, IMO, only only only when the case is so compelling and is so much in the interest of users and the long-term effects have been so carefully thought through and we are sure that not only are there no other options but no one is going to come up with one tomorrow...

Posted by D. Weinberger at June 25, 2004 11:33 AM

Comments

Submitted for consideration: "End-To-End" is *wrong* in this situation. Spam is, at the core, nothing but a crime. The "end-to-end" argument *here*, in this case, is nothing but the Libertarian shibboleth of government is inefficient, the free-market is the solution to everything, dressed-up in trendy tech-talk.

There are places in the world which have end-to-end law enforcement, where you hire bodyguards in a localized solution to roving bandit bands. These are not good places to live. This impresses me that the solution is wrong in this particular case.

Posted by: Seth Finkelstein | June 25, 2004 12:48 PM

Post a comment

Guidelines for Commenting

Basically, you can say what you want. (Click here for the fine print.)

If you haven't left a comment here before, your comment may be put into a queue for me to approve. Sorry for the delay. Blame the damn spammers.