An article by Paul Jamieson, “$t0pp^ng $p@m!!“, in Legal Affairs, argues that the government needs to get out of the business of regulating spam:

…legal measures may be largely powerless to affect the spam problem because the architecture of e-mail is resistant to traditional methods of government regulation. While members of Congress and the Federal Trade Commission will be quick to claim credit in the event that the spam problem is reduced, the role they play is small

I of course like this point. I’m less certain about Paul’s prescriptions:

Consumers and businesses suffering from the torrent of spam must look for relief not from formal law developed on Capitol Hill or in a watchdog agency, but from the people who write the code that makes the Internet run, and then from the private businesses that put the code to work.

He points, seemingly approvingly, to Bill Gates’ Global Infrastructure Alliance for Internet Safety, efforts to charge postage for email, challenge-response systems, and systems that verify the sender’s email address. I know just enough about these to be nervous to varying degrees, but not enough to have actual opinions worth stating. But Paul’s conclusion worries me:

To solve the spam problem, the federal government should create incentives for the private sector to develop solutions. It could subsidize effective technological solutions to spam, much like what the government does to subsidize the availability of Internet access in the nation’s schools and libraries. Or it could require that a company license any truly effective solution to anyone who wants it. Government could also be more aggressive in supporting industry consortia, including the recognition of an industry standards-setting body that would develop practices to combat spam and share the best ones. If it turned out that the best anti-spam strategy required ISPs to employ a particular method of authentication, the government could mandate compliance with that standard.

If the government is going to pick favorites and enforce compliance, we might as well have it doing the regulating in the first place.

Here’s where I get confused: I like the end-to-end principle because it maximizes options. That principle is meant to apply low down on the stack. But I think it applies higher up, too, where the “center” isn’t defined by protocols for packets but by economic forces. If one company has an effective monopoly on, say, the browser or DRM software, then even though no packet headers are being changed, we have in effect lost the ability to innovate that the end-to-end principle is about. A government mandated authentication scheme feels to me like a violation of the end-to-end principle, just higher up the stack.

Don’t get me wrong. I don’t know what to do about spam, I don’t know how to evaluate the ideas being presented, and I recognize that there are times when the end-to-end principle needs to be over-ridden by more pressing concerns. But, IMO, only only only when the case is so compelling and is so much in the interest of users and the long-term effects have been so carefully thought through and we are sure that not only are there no other options but no one is going to come up with one tomorrow…

Categories: Uncategorized dw