From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Fri, 23 May 1997 02:49:15 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: Spam IS Free Speech
In-Reply-To: <3.0.1.32.19970521144153.00ac47e0@labg30>
Message-ID: <Pine.LNX.3.91.970522182630.712B-100000@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




> Are you telling me that being subjected to a jack-boot investigation for
> running pyramid schemes *and* having your customers leave because they
> can't get mail services is a reasonable expense to bear because of
> Spamford's "right to free speech"?  Spamford's speech (or that of his
> "customers") isn't even directed at the sendmail operator or his customers.
>  The sendmail operator above is merely being used by Spamford as a
> megaphone to broadcast the message of spam to other people (who really
> don't want it, either, but that's beside the point.)

You have argued my point for me, if operators took more security 
precautions like authentication protocols this sort of abuse of mail 
servers would not occur. If spamford had to send the spam from his own 
domains with his address on them he would get the retaliation.
Technology is the way to protect against actions like this, not ethical 
arguments.

> It's no longer the same as shouting down the marketing researcher.  

To some extent I agree, but it isn`t really the same in the first place, 
it was just a vaguely similar situation, in that the market researcher 
cannot pretend to come from somewhere else so I will not shout at a 
innocent bystander. 

> What Spamford has done is to see me walking down the sidewalk carrying a
> megaphone, and grab me and tell me that I must stand there and hold my
> megaphone in front of some spammer's mouth while the spammer shouts at a
> crowd of people who don't want to hear him.  

Exactly, solution? - refuse the megaphone. Protect your mail servers.

> All the while, you stand there
> next to Spamford and claim that I must continue to hold my megaphone for
> the spammer because it's his "right to free speech", and the only way to
> avoid it is to turn my megaphone off, denying me the ability to allow
> anyone else to use my megaphone.

Spamford has a right to send whatever traffic he wants to your servers, 
if that includes false routed spam mails so be it, you have to protect 
yourself. I don`t claim that anyone has to leave their servers insecure 
so spamford can speak through them, but if you leave them open he does 
have a right to route through them. If you don`t want this, secure them.

> The icing on this cake is that if the spammer starts announcing "Make Money
> Fast" over my megaphone, the FBI will come and investigate ME because I'm
> the one holding the megaphone!

This is a fault of the FBI and not of the spammer.

> Free speech is NOT the subject here.  My right to walk down the street with
> my (lawfully registered) megaphone has been usurped by a thug.  You're
> telling me that every megaphone owner has a *duty* to hold it in front of
> every spammer's mouth.  

No, I`m saying if he holds it in front of their mouth he has to expect 
them to speak.

> Remember, these are finite megaphones.  They have batteries that
> need replacing, and the owners are stuck standing there holding them while
> the spammers speak as long as they want.  Sorry, but those megaphone owners
> may have other things to do with their megaphones and their time.  You're
> confusing "the right to free speech" with "the right to kidnap megaphone
> owners".

You are forgetting the 998348934th ammendment of the US constitution:

Congress shall make no law infringing the right of the people to kidnap 
megaphone owners...

Seriously though, you make the comment earlier that listening to speech 
costs nothing because you can walk away, the internet is the same. If you 
don`t like getting mail from someone, killfile them, tell them to stop, 
change your address, get off the internet. You have a number of options, 
it may seem that your percieved "right" to have someone not send you mail 
is being infringed and you are being forced to get off the internet or 
change addresses, but this is really not necessary if you can handle a 
killfile. This is like when people talk about their percieved "right" to 
walk down the street without being mugged, they have no such right, it is 
simply that the default case is for them to not be mugged, and if they 
are mugged this constitutes a violation of their property rights.

> In this particular case, of course, there was a technical solution:
> install a sendmail to prevent routing of incoming mail.  ISPs and
> corporations around the globe will need this new hardened sendmail to keep
> the spammers away.  Restricting the speech they carry.  Turning off the
> megaphones.
> 
> Spam is interfering with the *real* victim's (the sendmail operator's)
> ability to provide customer service; in a very real and fiscally damaging
> way.  It's also restricting the traffic he can carry to only that speech
> originating from
> his domain.  His right to carry YOUR speech has been restricted by his
> technical solution to keep his machine alive.

This is not really a restriction, they have the choice: carry the spam or 
kill the other mail altogether. No-one is forcing them to take either 
course of action, sure it`s a sad case of affairs when we have to take 
technological action against people for using others equipment in 
unpleasant ways, but it`s simply the way things are.

> What is ultimately likely to happen, however, is that Mr. Wallace will be
> prosecuted under existing laws for swindling the original MMF spammers.
> He's profiting by charging them to steal resources from ISPs.  He *might*
> be able to avoid prosecution by putting a "warning sticker" on his
> advertising saying something to the effect that, "if you send a Make Money
> Fast scam out, the jack-booted thugs will come and haul you away faster
> than I can send out your e-mails."  But then he'd have no business at all!

Wallace may be prosecuted, I think it would be wrong if he was. Even if 
you believe that Wallace does something that is unethical you must admit 
that if he were succesfully prosecuted it would send the message that a 
form of speech can be legislated against and prosecuted in court.

> I'm not trying to claim that Mr. Wallace does or does not have the right to
> speak to us.  I simply want to point out that there is real monetary loss
> to the real victims of his spamming.

Yes, but they can prevent this monetary loss. To give another flawed but 
illustrative paradigm you might come up to me in the street and say "give 
me your money", if I refuse and you hit me and take my money you have mugged 
me, if I refuse and continue walking, and you take no violent action against
me, you have done nothing wrong.

I admit what Wallace does is unpleasant, but it is not immoral or 
unethical from my point of view. If you could not prevent the monetary 
loss caused by his speech then I would think differently, but you can, 
and that is the bottom line.

        Datacomms Technologies data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: FC76DA85
     "Don`t forget to mount a scratch monkey"