IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


Given at a Full Committee Hearing:
CAN-SPAM Act
Thursday, May 20 2004 - 10:15 AM - SR - 253

The Testimony of Mr. Ronald Scelson
Scelson Online Marketing
May, 18, 2004

May, 20, 2004

To the Honorable Senator McCain and the subcommittee on Commerce

I am greatly honored to be invited to speak before this subcommittee today and would like to thank Senator McCain for inviting me.

As we have worked under the new CAN SPAM Law a few issues have arisen.

CAN SPAM CAN WORK I would like to begin however by stating that there are a few reasons why the new CAN SPAM Act is working and working well.

It is very promising to see our government working to do something about fraudulent activities on the internet. It is very good to see companies that are identifying themselves. It has helped tremendously in the following areas: · Repeat business and · New business for the mailing companies. · It has helped the recipients who are familiar with the law to identify US companies working to be legitimate from non-compliant companies both abroad and in the US. · Finally, it has helped those Internet Service Providers who do wish to work with mailing companies to know whom they can offer services to without violating any laws themselves.

ALL NEW THINGS HAVE A ROUGH TIME Despite all this good news, there are still many problems with implementation, cooperation, interpretation, and fraudulent or misleading practices – many stemming from the ISPs or their providers.

Following are some examples and issues that need to be looked at and resolved for the internet community to work in harmony.

Since the enactment of the CAN SPAM Act, my company and several others have all worked in compliance of the new law, which has been an extremely difficult task each day.

When we mail under the new law the major ISPs focus on our from addresses, subjects lines, our company information, and our disclaimers on the bottom of the email as well as our IP address. They use this information to block our emails. Thus the Act that is to curtail fraud, is in fact curtailing our ability to engage in free enterprise and our business is greatly hindered.

With this situation, many mailers – especially in foreign countries still have not been able to fully implement all steps of the new law. They are faced with the problem of how to comply with the law when the ISPs and backbones themselves are not being respectful of the new law. Although it is clear that the CAN SPAM law does not dive into the legalities or illegalities of the practices of ISPs, many mailing companies are still – simply put—backed into a corner. Shall they comply and go out of business due to ISP filtering or shall they attempt to comply partially, hoping that it will be clear that they have the intent to follow the law and remain out of trouble with the US regulating bodies. This is the dilemma for many.

Of course foreign companies have mainly chosen to follow the laws of their land and disregard the laws of the United States – especially with the actions of the ISPs to put all bulk email in the trash.

SHUT DOWN = AUTOMATIC NON-COMPLIANCE Every time a registrar shuts off a domain, an ISP closes a connection, or a hosting company shuts off or blocks an IP Address of a mailing company, there is a non-compliance issue. According to CAN SPAM of 2003, all mailing companies are to keep their removal systems active for 30 days after the email was sent. Every company including my own has had a major situation complying to this part of the law because ISPs, Registrars or hosting companies shut down the services without providing 30 day notice and keeping our connections active so that we can remain in compliance. Often we even lose our remove lists that were contained on the equipment that they now deny us access to.

BLOCK, TACKLE AND THROW Here is an example of what our company and many others have experienced.

AOL, Hotmail, Yahoo and other major carriers have blocked our network based on our company information. The larger anti-spam groups have done the same.

These anti-spam groups act like vigilantes now more than ever before. They put you on their blacklists—often networking these blacklists to other anti-spam groups as well. It is possible to have both your company name and IP addresses completely blocked in as little as 4 hours, thus preventing you from delivering your mail to more than ½ the internet. These groups will not remove the blacklist even if you prove to them that you are compliant with the new legislation. These organizations are not government backed or funded. They do not identify themselves like we do so pursuing legal action against them is nearly impossible. Many of these groups are not even on US soil. These are the same people who want our information published on the web. Nothing is done to stop them or interfere with them.

The ultimate blow for the mailing company however is how many of these groups also use automated systems to generate multiple complaints to the Internet service providers. They make it look like one person received numerous copies of the advertisement, or like the mailing company has generated a large amount of complaints and thus should be shut down.

For the Backbones and the ISPs the issue has always been how to engage in business without generating too many complaints. Since, with most of these groups, the number of complaints is the determining factor on when to leave services on or when to shut them off, many of the vigilante groups now have set up anonymous and multiple complaint sending automated systems. In fact, you will find that very few of the complaints that are generated today come from the intended recipient of the email as compared to the number that come from the automated anonymous complaint-sending systems. Interestingly, there are some vigilante groups that encourage people to purchase and use their software with proxies to prevent detection when sending in complaints!

In February of this year, the ISP I am currently with (WorldCom) received notice that I had joined AOL's whitelist and was mailing non-unsolicited email and had AOL's full permission to send mail into their domain. This was not spam. Because AOL’s automated remove system sent a copy of the undeliverable emails not only to us but also to WorldCom, WorldCom told us to stop mailing or they were going to shut us down. What was the logic in this action by WorldCom? AOL had granted us permission to mail into their domain. We were fully compliant with the law, and we were offering products and services that were a) in great demand and b) not fraudulent. And this was not even because of complaints. It was ONLY non-deliverable addresses in our list.

WHAT ABOUT THAT COMMON CARRIER LAW? When we review the FCC Communication Act, the above actions show that the ISPs are unjustly denying us service. In many cases, these groups are in fact common carriers providing us nothing more than a way to connect to the Information Highway. WorldCom is in violation of the FCC Communication Act, which clearly states that common carriers cannot tamper with, read, or alter the communications that they transmit. This includes communications across data lines.

The issue of whether or not an ISP is a common carrier has been argued in the courts as far back as 1997. In one suit, AOL claimed that they were a common carrier, yet just a short while later they claimed that they were not a common carrier. The FCC supported AOL’s claim that they were not common carriers and thus set a precedent that many ISPs have followed since. Interestingly, as we understand the charter of the FCC, they do not have the authority to determine who is or is not a common carrier. This is the job of Congress.

According to section 3 47 USC 153 – Section Ten of this act: “Common Carrier: the term of a “common carrier” or “carrier” means any person engaged as a common carrier for hire in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this act; the persons engaged in radio broadcasting shall not, insofar as such person is so engaged, be determined the common carrier.” At the time of this submission, I have yet to locate any ISP not subject to this act.

I located more information on common carriers at a website that detailed a lawsuit against Western Union a while ago.

“A ‘common carrier’ has a legislatively-granted monopoly over a particular route, region, or type of communications. In return, the carrier must carry everything and has no right to reject particular passengers or communications.

“Congress made Western Union a common carrier, for example, when it refused to carry cables from reporters to their newspapers because they competed with its own news service.

“It seems obvious that services which sell only a connection to the internet should be treated as common carriers. While Compuserve and AOL should have a right to edit and refuse to carry speech they do not like, ISPs should have no more right to do so than Western Union or the phone companies.”

Of course, this statement was made about AOL and Compuserve before they owned their own carrier lines. Thus it no longer holds true for these groups either.

LET THEM BE REMOVED The Can Spam Act also calls for the FTC to implement the Global Remove System. Absence of this removal system has allowed problems with removal to persist; its implementation could result in a much calmer internet environment much faster than anything else we have available to us today.

For example: 1. A recipient who wishes to receive no advertisements at all must remove himself from any advertisement that arrives in his inbox. This could quickly add up to a lot of extra work. With the Global Removal system, he would have to only remove himself once. 2. An Internet Service Provider continually gets complaints from the same person who enjoys sending such complaints and will not remove himself from a mailing list – the ISP can enter his email address into the removal system, thus putting an end to the problem, while maintaining his privacy. 3. By giving the rights back to the individuals, there is no need for any ISP to subscribe to the vigilante groups that filter and file multiple reports anonymously.

Yet, many of the anti-spam groups are strongly opposed to such a system. There are reasons for this: Just as commercial bulk email is big business, so is anti-spamming. With software and services to be sold to stop the flow of commercial email, their sales would be interrupted if the public had an easy and effective way to remove themselves from receiving internet email advertisements.

Additionally, the anti-spammers claim that there are people who would mail to the remove list – I have never met one however. Yes, there is a solution to this problem if it did exist. When a recipient of an email receives unwanted advertisements they click the remove link. This link takes them to a government site where they submit their email address, which will be encrypted. Software would be available to the mailers for doing removes. The software would retrieve the remove list while encrypted and remove the people without the mailer ever seeing the actual email address.

A program could be implemented where bulk mailers could sign up with the government and their IP address and Domains would be whitelisted with the ISPs allowing people who send compliant mail to get in while being able to stop spam.

ABOVE THE LAW? While we worked to get whitelisted with AOL, here is what we experienced: Things started out well, AOL was willing to work with us as we worked to deliver our list into their domain and get our non-deliverables removed. After just 3 mailings we were receiving virtually no undeliverable emails and very few complaints. The majority of this list was undeliverable mainly because the list had been built since I started mailing years ago. Obviously many email addresses changed over the years. The only way to get the bad addresses out of the list was to deliver into AOL and pick up their non-deliverable reports back to us.

WorldCom stepped in and tried to shut me down even after AOL sent proof of our whitelist classification. However, it seems that AOL found out who I was and denied me the whitelisting after this exchange of information between AOL and WorldCom. Charles Stiles, postmaster for AOL denied the whitelisting based on my list not being “true opt-in” and threatened to bring in their legal department. Yet, Opt-In had never been a part of the original whitelisting agreement with AOL.

The problem I have with this is just last year Ted Leonsis with AOL stated in front of congress that they send bulk email but they provided a way for there receivers to opt-out, which of course I do too. I fail to see the difference.

While small companies are often thwarted in their attempts to follow the laws of the land and the rules of the ISP, which do not align at this time, they are hard-pressed to stay in business. Large corporations however, not only disregard the laws of the land as passed by Congress, they ignore rulings by judges.

Recently I hired an attorney to sue the large carrier Covista. This resulted in an injunction that demanded they turn my service back on. Covista just ignored it.

AOL was recently sent an order to allow CI host to send mail to AOL’s network. AOL just like Covista is ignoring the judge’s order.

Scott Richter of Opt-In Real Big has been involved in an ongoing legal battle to allow him to send compliant email through his two providers. He too was awarded an injunction against one of his carriers. I do not know if his provider is abiding by the injunctions or not.

Evidence suggests that the ISPs think they are above the law and can sue us for failure to abide by the law while they simply ignore them.

All the large companies like AOL, Hotmail, Yahoo, Msn, Charter, and others are working together on an anti-spam system, while they continue to send email advertisements. If bulk mailing is so bad and so wrong, why are they engaged in it?

Is it bad and wrong as they say or is it merely that we needed to curtail fraudulent practices? If the problem was that of fraudulent practices, then that problem was solved with the new law. Yet ISPs stop our compliant mailings while they mail themselves. Begins to look like small business against big business . . . It has long been said that the internet is the first place where small business had the opportunity to play in the same field as big business . . . perhaps this is the threat?

President Bush is sending non opt-in bulk email, abiding by the new laws, into Hotmail and AOL. His message ended up in the bulk folder at hotmail and the spam folder at AOL. In my mind, a message from the president should be given a level of courtesy and respect in keeping with his position. Apparently, AOL and Hotmail do not hold the same respect.

BONDS DO NOT SOLVE ANY PROBLEMS A new trend is popping up for companies like Hotmail and Yahoo. They are contracting with third party companies such as Habius, and Bonded Sender. These third party companies are charging as much as 25,000.00 a year, non refundable to bond your IP addresses. However, there is no guarantee other than to take your money with only the possibility of allowing your mail in.

It seems no different than paying the mafia for protection to do legitimate business (legal definition of racketeering and fraud).

TRUTH IN REPORTING – TRUTH IN DELIVERING Although we have a law against fraudulent practices on the internet, it seems, that this law is not written well enough to include those who are using automated systems to identify, and file multiple complaints anonymously (often with proxies) against people who are sending email. Also, with ISPs any complaint is taken as a good reason to shut down services. Following are some recommendations of what could be done.

1. Complaints should be limited to being classified as valid only if they come directly from the intended recipients. 2. Automated reporting systems should be limited to one complaint and not sent with the use of proxies. Complaining Agency should be clearly identified. 3. ISPs and their providers should show respect toward the CAN SPAM law by only classifying as a valid complaint those which do not comply with the law. 4. Those Agencies or individuals doing the complaining or with any kind of ability to interfere with legal mail should have to fully identify themselves just like we have to identify ourselves. Appropriate email address should be provided for removal. 5. ISPs should not be allowed to filter what is required by law to be in our email advertisements. 6. ISP’s should not be allowed to shut our circuits down and discriminate against us when we send legal mail.

SUMMARY

The CAN SPAM Act of 2003 has brought promise and hope to the internet, yet adjustments still need to be made:

1. Rapid implementation of a Global removes system, which ISPs are required to add chronic complainers to. 2. ISPs to be treated as common carriers or minimally respect the laws that Congress has passed. 3. Companies interfering with these laws like Spews, Spam Cop etc. should be made to file only one complaint and reveal their identity. 4. People complaining should have to identify themselves (email address). 5. Mailing companies who comply with the law should not be at risk of losing their systems or services. They should not be forced into non-compliance due to instant shutdowns, and violation of 30-day remove systems.