Thank you Mr. Chairman and members of the Committee for
this timely discussion of SPAM and the threat it poses to
the potential benefits of information technology.
Consumers must have trust, confidence and comfort with
technology and its uses, particularly when it comes to their
privacy and the security of personal and sensitive information.
SPAM undermines consumer trust and confidence. It represents
a significant and rapidly growing threat to web-based services.
The Commission's prepared testimony provides the Committee
with an excellent overview of our efforts to combat SPAM.
What is SPAM? The FTC defines unwanted and unsolicited
SPAM as "any commercial electronic mail message that is sent-typically
in bulk- to consumers without the consumers prior request
There are at least four major concerns caused by SPAM.
First, the volume is increasing at astonishing rates, current
estimates indicate at least 40% of all email is SPAM.
Second, recent studies by the FTC indicate that SPAM has
become the weapon of choice of those engaged in fraud and
deception. Nearly 66% of the SPAM we examined appeared to
contain falsity and deception. I would ask our False Claims
in Spam report be included as part of the record.
Third, the sheer volume of SPAM - coupled with it's capacity
to transmit viruses, trojan horses, and other damaging code - threatens
to do major damage to the internet and our critical infrastructure
and the internet.
Fourth, there is no easy solution - no one silver bullet
that will solve the problem. Solutions must be pursued from
These concerns represent enormous costs to businesses,
the economy, consumers and society.
Two specific problems demand attention by policy makers
and industry leaders. First, there is the complex combination
of technology, market forces and public policy that will
be evolving for years to come. The second problem is one
that I characterize as heavily influenced by the emotions
of consumers, small businesses and home users by the millions
who are literally fed up with SPAM.
I am concerned that SPAM is about to kill the "killer app" of
the internet - specifically - consumer use of email and e-commerce.
If consumers lose confidence in web-based services and turn
away, tremendous harm will be done to the economic potential
of information technology.
Solving these problems will require innovation, resources
and time. However, dealing with the emotional reaction to
SPAM by millions of users, demands immediate attention before
it gets out of hand.
Internet service providers, software manufacturers, and
those engaged in designing operating systems must empower
consumers with better control over their incoming email.
Easing the SPAM burden on consumers would help to shore up
trust and confidence. Surely, consumer empowerment is possible
today. Why has industry not solved this problem?
Frankly, to date, I am not convinced that industry has
made the commitment or really wants to empower consumers
by giving them easy-to-use tools for personal control.
I read a book last summer, Tuxedo Park, by Jennet Conant - a
fascinating account of Alfred Loomis, wealthy financier from
the 1920s. He funded a private research laboratory at his
Tuxedo Park estate, attracting the great scientists of his
day. They were instrumental in the accelerated development
of radar which enabled us to keep supply lines open to England
early in WWII. War time crisis demanded that creative minds
quickly find technical solutions to complex problems. Loomis
and friends were up to the task.
It occurs to me that we have a crisis today - we must avoid
major set backs to the potential of information technology.
We need great minds to quickly find solutions to SPAM. Empowering
consumers would be a good first step. Is industry motivated
to do the right thing and do it now? The FTC's law enforcement
efforts against SPAM are intensifying, but finding the guilty
parties is resource intensive and a difficult technical challenge.
We give consumer education high priority at the Commission.
Our Information Security website and private sector partnerships
continue to expand our reach.
Recently, we released findings from three studies to better
understand the magnitude of the SPAM problem, how SPAM is
proliferated, and how consumers and users are victimized.
Our recent three-day SPAM Forum aimed to better inform
the dialogue and find the best possible solutions to the
SPAM problem. The Forum was remarkable in its discussions
and participation - over 400 participants and 80 panelists.
I would like to share some of the Forum's revelations - as
well as some personal observations - about the realities
First and most essential - the private sector must lead
We likely will not find the perfect solution. The target
will be constantly moving as technology evolves.
More laws are not necessarily the right answer. I heard
little universal enthusiasm from participants for currently
Laws bestowing competitive advantage to larger firms over
smaller competitors are questionable. Unenforceable laws
will have little real effect. Overreaching laws will have
unintended adverse consequences. Passing legislation to mandate
best practices for "good actors" will not help us track down
the "bad actors" engaged in fraud and deception.
We must work together. Consumers, users, and civil society
organizations also must be a part of our continuing dialogue
to find solutions.
Awareness and safe computing practices by all participants
Developing a culture of security where all participants
work to minimize our many vulnerabilities is an imperative,
not an alternative.
Our efforts to solve the SPAM problem and secure our information
systems and networks is not a destination - we are embarked
upon a journey!
Thank you, Mr. Chairman.