IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Given at a Full Committee Hearing:
Hearing on Spam (Unsolicited Commercial E-Mail)
Wednesday, May 21 2003 - 9:30 AM - SR-253
The Testimony of
The Honorable Orson Swindle
Commissionser, Federal Trade Commission

Thank you Mr. Chairman and members of the Committee for this timely discussion of SPAM and the threat it poses to the potential benefits of information technology.

Consumers must have trust, confidence and comfort with technology and its uses, particularly when it comes to their privacy and the security of personal and sensitive information.

SPAM undermines consumer trust and confidence. It represents a significant and rapidly growing threat to web-based services. The Commission's prepared testimony provides the Committee with an excellent overview of our efforts to combat SPAM.

What is SPAM? The FTC defines unwanted and unsolicited SPAM as "any commercial electronic mail message that is sent-typically in bulk- to consumers without the consumers prior request or consent."

There are at least four major concerns caused by SPAM.

First, the volume is increasing at astonishing rates, current estimates indicate at least 40% of all email is SPAM.

Second, recent studies by the FTC indicate that SPAM has become the weapon of choice of those engaged in fraud and deception. Nearly 66% of the SPAM we examined appeared to contain falsity and deception. I would ask our False Claims in Spam report be included as part of the record.

Third, the sheer volume of SPAM - coupled with it's capacity to transmit viruses, trojan horses, and other damaging code - threatens to do major damage to the internet and our critical infrastructure and the internet.

Fourth, there is no easy solution - no one silver bullet that will solve the problem. Solutions must be pursued from many directions.

These concerns represent enormous costs to businesses, the economy, consumers and society.

Two specific problems demand attention by policy makers and industry leaders. First, there is the complex combination of technology, market forces and public policy that will be evolving for years to come. The second problem is one that I characterize as heavily influenced by the emotions of consumers, small businesses and home users by the millions who are literally fed up with SPAM.

I am concerned that SPAM is about to kill the "killer app" of the internet - specifically - consumer use of email and e-commerce. If consumers lose confidence in web-based services and turn away, tremendous harm will be done to the economic potential of information technology.

Solving these problems will require innovation, resources and time. However, dealing with the emotional reaction to SPAM by millions of users, demands immediate attention before it gets out of hand.

Internet service providers, software manufacturers, and those engaged in designing operating systems must empower consumers with better control over their incoming email. Easing the SPAM burden on consumers would help to shore up trust and confidence. Surely, consumer empowerment is possible today. Why has industry not solved this problem?

Frankly, to date, I am not convinced that industry has made the commitment or really wants to empower consumers by giving them easy-to-use tools for personal control.

I read a book last summer, Tuxedo Park, by Jennet Conant - a fascinating account of Alfred Loomis, wealthy financier from the 1920s. He funded a private research laboratory at his Tuxedo Park estate, attracting the great scientists of his day. They were instrumental in the accelerated development of radar which enabled us to keep supply lines open to England early in WWII. War time crisis demanded that creative minds quickly find technical solutions to complex problems. Loomis and friends were up to the task.

It occurs to me that we have a crisis today - we must avoid major set backs to the potential of information technology. We need great minds to quickly find solutions to SPAM. Empowering consumers would be a good first step. Is industry motivated to do the right thing and do it now? The FTC's law enforcement efforts against SPAM are intensifying, but finding the guilty parties is resource intensive and a difficult technical challenge.

We give consumer education high priority at the Commission. Our Information Security website and private sector partnerships continue to expand our reach.

Recently, we released findings from three studies to better understand the magnitude of the SPAM problem, how SPAM is proliferated, and how consumers and users are victimized.

Our recent three-day SPAM Forum aimed to better inform the dialogue and find the best possible solutions to the SPAM problem. The Forum was remarkable in its discussions and participation - over 400 participants and 80 panelists.

I would like to share some of the Forum's revelations - as well as some personal observations - about the realities of SPAM.

First and most essential - the private sector must lead the way!

We likely will not find the perfect solution. The target will be constantly moving as technology evolves.

More laws are not necessarily the right answer. I heard little universal enthusiasm from participants for currently proposed legislation.

Laws bestowing competitive advantage to larger firms over smaller competitors are questionable. Unenforceable laws will have little real effect. Overreaching laws will have unintended adverse consequences. Passing legislation to mandate best practices for "good actors" will not help us track down the "bad actors" engaged in fraud and deception.

We must work together. Consumers, users, and civil society organizations also must be a part of our continuing dialogue to find solutions.

Awareness and safe computing practices by all participants are essential.

Developing a culture of security where all participants work to minimize our many vulnerabilities is an imperative, not an alternative.

Our efforts to solve the SPAM problem and secure our information systems and networks is not a destination - we are embarked upon a journey!

Thank you, Mr. Chairman.