TCS Daily

Should We Can Spam?

By Sandy Starr - April 9, 2003 12:00 AM

Spam - unsolicited email, not the potted meat product - has become a major concern in business, policy and technology circles.

It is estimated that anything from one in eight to half of all emails are spam, and that 90 percent of internet users receive spam, of which 10 percent is pornographic. It is predicted that these figures will rise steadily in coming years, until the problem is completely unmanageable.

Individuals complain that spam erodes their privacy, while businesses complain that spam is costing them millions in server space and lost employee time. Not only does spam affect regular email, as read on PCs - it has also come to affect newer communications technologies, such as interactive TV and text and photo messaging over mobile phones.

Research into the problem is not unanimous in its conclusions. At least one piece of research carried out last year, by the Pew Internet and American Life Project, found that workplace email is relatively unaffected by spam. But the conventional wisdom is that spam is everywhere, and must be stopped at all costs. A recent poll by Harris Interactive found that 80 percent of internet users find spam "very annoying", and 74 percent of internet users would like mass spamming to be made illegal.

It seems that this wish is about to come true. US attempts at implementing specific anti-spam legislation have met with only limited success (although there has been some successful and costly litigation against spammers under existing US law), but in Europe, things have gone much further. Seven EU member states already have anti-spam legislation, and the remainder are likely to adopt such legislation by the end of this year.

This is because October 2003 is the deadline for implementing the European Commission's Directive on Privacy and Electronic Communications, which dictates that "member states shall take appropriate measures to ensure that...unsolicited communications for purposes of direct marketing...are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications".

This directive has come in for a fair bit of criticism. Commentators have applauded the intentions behind the directive, but have criticized its lack of clarity regarding issues such as cross-border disputes and which authority will oversee the new anti-spam regime. Commentators have also pointed to the formidable technical difficulty of suppressing spam, whether mandated by law or not. But hardly anyone has bothered to ask whether anti-spam legislation is even necessary, and what the negative consequences of it might be.

The major problem with legislating against spam is defining it. As with pornography, most people's working definition of spam is "I know it when I see it" - adverts for penis and breast enlargement, Nigerian financial scams, dodgy mortgage deals, and all manner of perverse pictures and clips. But regardless of whether we can recognize it, can we actually define it?
Paul Judge, the chairman of the Anti-Spam Research Group, defines spam as "a problem of unwanted messages...we believe that you as an individual or organization should be able to decide the messages that you want and the messages that you don't want" - a definition that has met with widespread approval. But outlawing spam on the basis of such a definition, far from saving the internet, will stifle it.

Do your friends seek your permission before emailing you? Of course not, that would be ridiculous. Do complete strangers ever email you to introduce themselves, because they've come across you and share a business, academic, political or recreational interest with you? Of course - why shouldn't they? Email is as valid a means of introducing yourself in this way as the telephone or the postal service. Indeed, one of the great things about the internet is that it offers such a rich opportunity for like-minded people across the globe to meet one another.

"Ah", say the anti-spammers, "but we've got no problem with any of that - what we object to is unsolicited commercial email." Okay, so say you've emailed someone about a discussion you're holding that relates to that person's line of business, but the event has an entrance fee. Or say you've emailed an academic about a book you've written that relates to his field of research, and you happen to mention that the book can be purchased from your own website. Have you suddenly gone from being a benevolent stranger to an unscrupulous spammer, because a commercial transaction - however tangential - is involved?

Spam doesn't lend itself to the kind of universal definitions required by law, because it is a problem that we all experience differently. Depending on your profession, your personal disposition, and the way you use your email, spam can be anything from a minor inconvenience to a crippling burden. And one person's spam can be another person's interesting and legitimate email notification. The real tragedy is that the European authorities are applying a blunt legal instrument to this diverse problem, at precisely the time when a promising new technical solution has been devised for dealing with it.

Previous technical and industry solutions to the spam problem - various types of filters, community labeling of emails, blacklists for spammers, whitelists for non-spammers - have suffered from inflexibility, tending either to let unwanted spam in or to inadvertently keep desired email out. But new Bayesian techniques of spam-filtering, recently developed by computer scientist Paul Graham, use statistics to determine the likelihood of email being spam, rather than concluding bluntly that it either is spam or it isn't.

Crucially, Bayesian filtering accommodates differences of individual use and preference, by paying attention to what we do and don't delete as spam, and then incorporating those decisions into subsequent assessments. The success of this method has yet to be widely proven, but early indications are good, and we should see how it develops. Rather than seeking to reduce the amount of spam that gets sent, we should be raising our expectations of how technology can let us manage our email individually.

When the Directive on Privacy and Electronic Communications prohibits the sending of commercial email without consent, it employs the definition of "consent" laid out in the earlier Data Protection Directive, where a person's "consent" is "any freely given specific and informed indication of his wishes".

Imposing this standard as a prerequisite for email communication goes beyond tackling the problem of spam, and threatens to make us all hesitate and tread cautiously before communicating online. This can only undermine the internet's potential to bring us new experiences, encounters and ideas.

Sandy Starr coordinates information technology coverage for

TCS Daily Archives