| PANIX/Public Access Networks Corp. 15 W. 18th St.; 5th Fl. New York, NY 10011 (212) 741-4400 (212) 741-5311 Contact: Simona Nass April 15, 1997 Secretary Re: Consumer Privacy 1997 -- Comment, P974807 (Session Two) Dear Sir/Madam: I submit this comment on behalf of PANIX/Public Access Networks Corp. I am also requesting the opportunity to participate in Session Two of the workshops, on Consumer Online Privacy and particularly on the subject of unsolicited electronic mail. This document addresses Unsolicited Electronic Mail, both generally and in terms of PANIX's specific experiences. Description of the Problem A. Definition Unsolicited Electronic Mail (hereinafter "UEM") is electronic mail sent to users of networked computer systems without any indication that such e-mail was desired and, often, with a reckless disregard for the strong likelihood that the recipients do NOT wish to receive such e-mail. B. Nature of Content UEM content is widely variable, covering both commercial and non-commercial content. Content can range from legitimate and illegitimate commercial solicitations, appeals for charitable causes and political advisories, to sexual advances, history revisionist rants, religious exhortations, pseudo-commercial invitations to view web pages, etc. C. Public opinion Public opinion regards the problem as an unwelcome intrusion into an environment in which users wish to control their use of their resources. The practice takes a toll both on users and Internet Providers. There is widespread resentment of the practice and particularly some of the shadier practices. The most benign of these are the strident subject lines such as "Urgent" or "Read this immediately." Also, most of the messages forge identifying mail header information to obfuscate the origin. Most point to non-existent addresses, but some point to uninvolved individuals or Internet Providers to make them the subject of complaints and harrassment instead of the true sender. News coverage is increasingly focusing on the issue. This includes television news segments (such as on ABC), print media and specialized media (publications for lawyers, airline in-flight magazines). There is also increased public discussion, such as on radio talk shows, electronc mailing lists, newsgroups, etc. D. Nature of the Problem Every user of public computer networks is aware of the issue of Unsolicited Electronic Mail. If they have not received UEM themselves, it it probably only a matter of time before they do. The number of people sending UEM is increasing, and the techniques used by the senders is becoming more sophisticated. The economics of Internet-based mail delivery are significantly lower than for other avenues of mass communication (such as telemarketing and bulk postal e-mail and printing costs for paper flyers/leaflets). Consequently, people sending mass e-mail can disregard the resentment generated by this technique and the risk that service on the account they used to send it will be terminated. For commercial perpetrators, if a million pieces of e-mail sent result in a single sale, it often amply justifies the cost of e-mailing. The resulting ill will is not considered relevant for organizations who are not marketing their reputation. They are simply out to exhaust the possibilities of a particular get-rich-quick scheme and do not care if they poison whatever name they are doing business under or e-mail address they are using. Continuity of contact information is generally unimportant to senders of UEM. Perpetrators blatantly violate the terms of service of their Internet providers and don't care if the provider cancels their account, since the mail is already distributed and lists alternate avenues of contact (such as phone number, street address or post office box, or alternate electronic means including web pages or different addresses). The near-zero cost of sending mass UEM also affects non-commercial content. Any individual who has diatribe, rant or manifesto they wish to distribute can do so. These individuals view their message as the important aspect and are not concerned with whether they offend the recipients by sending unwelcome e-mail or whether the will continue to be reachable on-line through the same electronic address. This is almost like a vanity press or distributing leaflets, with the significant distinction that content is forced on the audience. It must be noted that the economics have immense positive consequences, as well. They provide a convenient and inexpensive channel for near-instant transmission for professional, personal, and political communication. Much of the growth of the Internet can be attributed to this open atmosphere. E. Types of Networks Affected The practice is concentrated mostly on the Internet. However, it is also possible on other systems, including other types of network systems, as well as on local, non-networked computer bulletin board systems and internal corporate e-mail systems. Although this document concentrates on the Internet, most (if not all) of the issues discussed would similarly apply to other networks. Description of PANIX PANIX is one of the oldest providers of Internet access to the public. Founded in New York in 1988, we have been at the forefront of various technical and policy issues. We were first to publicize two serious security flaws. Our policy and procedural approaches have served as a model for sites across the Internet. Our staff and a number of our customers are very active on the issue of UEM, spam to newsgroups, etc. For example, we host the CancelMoose site (http://www.cm.org), which focuses on news abuses but also addresses the problem of unsolicited e-mail. Another customer maintains and distributes an index of news articles that violate news posting guidelines. Staff members are also involved with information clearinghouse projects about UEM. We now have 5 locations and a staff of approximately 25. While we are not as large as America On-Line and CompuServe, we are representative of a middle tier of Internet Service Providers (hereinafter "ISPs"). This set of Internet Providers has grown beyond the point where a single machine is sufficient to host all services for all users and has had to deal with complex network engineering issues that result from distributed servers. Description of Services and Customers We currently have approximately 6500 individual customers and over 1000 corporate customers. A variety of services are available to both types of customers. Most of the individual customers have IP accounts which give their machine a presence on the Internet. They are able to run graphical web browsers such as Netscape, POP-based mailreaders such as Eudora, and have access to a UNIX or menu-based shell account on our host machines. All accounts include e-mail and access to newsgroups, and an individual e-mail account is available for as little as $10/month or $100/year with no hourly charges. The majority of our corporate customers use our virtual web hosting and and e-mail services. A significant portion of individual account holders also have web pages on our servers. Magnitude of the Problem The problem of UEM is pervasive. Every user on our system is affected by it. For example, there have been several instances where an identical UEM message was sent to every single user on our system. If a user has not received UEM yet, it is probably only because their account was created recently. We average reports of approximately 20 different UEM campaigns daily. There are likely others that we do not hear about. An average length for messages is approximately 10,000 bytes. However, PANIX imposes no limit on size of e-mail messages, so they could be any length. It is not unheard of to have a particular message sent to 4,500 users on our system. However, the average count tends to be a couple of hundred. Several hundred customers use a filtering system PANIX provides (described later). Other customers use other solutions. It is not possible for us to provide an accurate count of what solutions users implement on their local machines. Indications we have received show that many users of the Eudora e-mail package, for example, use that package's filtering on their end. In fact, the availability of filtering is one of the key differences between the shareware and commercial versions of Eudora. Costs Resulting from UEM A. Users 1. Hourly costs from PANIX Most types of PANIX accounts do not incur hourly charges. The only exception is customers with UUCP feeds who use their UUCP connection to send/receive e-mail and news. Unfortunately, sites that retrieve information this way have to first download information before they can filter out the unwanted messages; they cannot filter out before downloading. 2. Time-based telecommunications costs Some of our customers are only charged a flat per-call charge for local calls. Most business customers do not have flat per-call billing. Users who are traveling or are based elsewhere also log into their accounts using long distance services or by connecting through another Internet site that may charge them hourly connection fees. 3. Time spent downloading, viewing and evaluating messages The user's phone connection is tied up while they are logged onto PANIX and they may not be able to use it for other things (such as voice calls on that line). Users who filter on their machine rather than on the PANIX servers (e.g. those using Eudora's filtering) first have to waste their time downloading something that will end up being deleted). Some POP-based mailreaders do not support filtering out unwanted mail at all and the user is forced to see it listed among their other mail and to have it take up space until they affirmatively act to delete it. 4. Disk space PANIX has a soft limit on the disk space user files and mail can occupy. This means users are allowed to temporarily exceed their limits. They can pay extra if they need more space. We will be changing our policy so they are automatically charged for storage in excess of their allotment. Other approaches Internet providers take include setting a hard limit on the total available for incoming mail, after which other messages the user may wish to receive are turned away with an error indicating that there is no room in the mailbox. In this circumstance, UEM can prevent a user from getting e-mail they do wish to receive. Users may also have their mail transferred to their own local site, where it takes up their own disk space rather than their Internet Provider's. Disk storage costs tend to be less expensive for Internet Providers due to economies of scale. B. ISPs 1. Staff time Staff time is required to answer questions and complaints received. Mail forgery increases the amount of time required to evaluate a given e-mail message and sometimes the number of complaints about UEM received. If faced with a valid complaint showing that UEM was sent from our system, we need to verify and take action against our user. We receive a fair amount of mail about UEM that did not come from our site but which the person complaining believes did originate with us. The person complaining may simply be mistaken (such as a typo that sends their complaint to us rather than to a similarly named provider). Or, the mail headers may reference our site in some way, such as if the mail happened to route through us as an intermediate hop on its travels or if the headers intentionally or mistakenly made the mail appear to originate from our site, or if an off-site sender used our SMTP port to send the UEM to other sites. A number of our users are active complainers of UEM and PANIX's position on these issues is also well known. As a result, we may be more subject to harassment by senders of UEM. Such attempts to harass have included forgeries that made messages appear to be sent by local users. A particularly egregious UEM message can generate hundreds of complaints. Furthermore, we spend extra time answering complaints from our users about UEM they received from elsewhere, essentially asking whether we can make it stop. (Of course we cannot stop people at other ISPs from sending UEM, but we still need to respond to the questions from our users.) We have created reference documents educating users about how to examine a message to determine its origin and where complaints are best directed. However, we still receive many complaints if a given UEM message is distributed to a large number of our users. Staff time is also spent maintaining our shared filters. PANIX wrote scripts (programs) to work with existing mail filtering technology so our users can benefit from our list of known perpetrators. Victoria Fike is the person who keeps the lists of known spammers for the shared filters. 2. Other Resources Other resources are also affected. The toll on our smtp port and system resources to process and deliver the messages are manageable given the volumes we're already processing; likewise bandwidth for transmission. Disk space is a more serious issue, especially for accounts whose users don't log in often and therefore keep mail around for a long time. We can assess the dollar value for the cost of UEM generally and any particular piece if necessary, and would be willing to research this issue further if the FTC requests. PANIX Approach A. Philosophy PANIX maintains lists of known senders of UEM as a service to our users. Nothing is filtered for them by default--they simply get all mail addressed to them. They have to opt in to have anything filtered. They can see exactly what would be filtered and control the level of filtering they want. There is no "stealth" filtering and we would avoid filtering without disclosing to our customers. The UEM problem becomes sufficiently bad that it presents a threat to our system (such as overflowing disk space and preventing users from getting other mail), we reserve the right to change our practice. However, we favor giving as much control to our customers as circumstances allow. B. Policy We were one of the earliest sites to implement Terms of Service prohibiting PANIX users from sending mass unsolicted e-mail or sending mail after someone asks not to be contacted again. We also do not permit opt-out mailing lists (mailing lists that subscribe someone without their having asked for it and then require affirmative action from the addressee to stop the continual flow of mail). Our mailing list server is set to confirm subscriptions to prevent people from being subscribed or unsubscribed against their will. Our policy does not distinguish between commercial and non-commerical UEM; both can be equally unwelcome and wasteful of the time of the the recipient. We verify and deal with complaints about abuses from our own system. We have received requests from other sites wishing to use our Terms of Service and we have negotiated arrangements to permit such use. C. Procedure Users can invoke a simple command to turn on the feature or their account. By default, users simply get all mail addressed to them. If they want any filtering, they have to opt in. They can choose one of several levels of PANIX filters. Or they can use tools available on the system to mix and match the specific filtering they desire. Or they can use tools of their own, which they run eithre on their local machine or from their shell accounts on our hosts. We have received requests for our filter information and have negotiated arrangements to permit other sites to use the filters we maintain. D. Contrast with Other Approaches Other providers have taken different approaches. America On-Line, for example, summarily implemented filtering in response to mail the site was receiving. Some providers do the filtering for their users without giving them a choice. We feel that is the ISP's prerogative, subject to whatever contractual terms may govern their relationship with their customers and how popular the customers may deem it. We prefer to give our customers choice over what, if anything, gets filtered out for them. Our customers seem to prefer it and we are committed to doing this as long as circumstances permit. Possible Solutions and Remedies A. Complain to perpetrator's Internet Provider to try to get their connection cut off: It's too easy for perpetrators to relocate. Also, there are providers that act as havens for such abuses. Even legitimate systems may not have the staff resources to deal effectively with complaints about their users. B. Blacklist sites (such as the Boycott Spam site and others) C. Refuse mail from sites that support UEM: One issue is whether that site has legitimate users or is just a rogue site that harbors UEM senders; contractual issues with customers would also be a factor. D. Refuse IP packets from sites that support UEM: If enough people do it, this can be an effective form of peer pressure. This is a drastic measure and can leave a site unable to talk to most people. While it has a side effect of retribution, it also prevents future mail from getting in from the same sender and deters others who would send UEM. E. Cookies, hashes and channels: Keep a list of acceptable addresses (hashed for efficiency); if you receive mail from another address, return a temporary password and asks them to re-send their message with that temporary password (this is all done without the recipient seeing the first go-around); if they are unable to return it, you don't see their mail. This is intended to weed out mail with bogus headers. This technology is only being discussed and has not yet been deployed to our knowledge. The downside is that there is an inherent delay in seeing mail even from friends if they are sending it from an uncustomary address. A slightly different idea is the idea of channels described by Robert Hall of AT&T Research, which essentially establishes different forms of aliases for your address and allows different prioritizing based on what alias a piece of e-mail was sent to. That way, people can write you from uncustomary addresses and still get through, and you can trace how someone obtained a particular alias variant based on who knew about it or where it was published. F. Mail software: The Pegasus mailer implemented a provision that puts in an X-Distribution header depending on the number of addresses a particular message is being delivered to ("moderate" if for 50-499 recipients, "bulk" if for 500-4999 recipients, "mass" if for more than 5000 recipients). This is not an option that the sender can customize and therefore is difficult to circumvent. Recipients can filter out mail based on the existence and setting of this header. G. Vigilante action: There are many creative solutions, and each of the following have been done: mailbombing, intrusion into a site and posting all the user passwords, setting a site's e-mail auto-replier into a loop so the machine crashes, generating fake yes responses to waste time, contacting a site's legitimate users to advise them that their site is about to get ostracized and not be able to communicate with other sites (hopefully that would pressure their provider to address complaints about abuses from their system). H. Voluntary Standards (e.g. Direct Marketing Association's): these are toothless against abuses; fly-by-night individuals or companies have no incentive to comply. I. Voluntary Self-Labeling standards: again, toothless and no incentive to comply. J. Third-party filtering schemes (based on labeling or address lists): Depends on the availability of the technology -- an open standard which does not require developers to license it and which allows evaluation of what is to be filtered out is a possibility if the technology is convenient enough; needs more research. K. Required labeling: The rogues won't comply anyway, and the well-intentioned organization that tried to comply but makes a mistake in choosing the right label or attaching it to the e-mail will incur sanctions. First Amendment implications need to be considered. L. Transaction charges (e.g. digital cash): government restriction on encryption issues could impede development; technology isn't ready and needs to be deployed; possibly a scheme where you don't see mail unless a certain amount is credited to your account, which you can refund if you choose or routinely not accept or give pre-mailing credits to those you want mail from. This would address unsolicited mass mailings. M. New legal requirements to provide unsubscribe (opt-out) and contact information: If the problem is mail repeated from the same site, it takes less effort to put them in your filter so mail from them is deleted before the user sees it than it does for a user to contact them and ask to be unsubscribed; this does nothing to address the problem of one piece of UEM from many different senders. And rogue senders won't comply, anyway. N. Legal Prohibitions against forgery: Mail headers are routinely altered for legitimate purposes; an unintentional error puts a legitimate sender at risk for liability. O. Court: Too costly for small-scale abuses, delay for anything other than expedited injunctive relief. Finding the perpetrator is also difficult if they forge header information and work out of a Post Office box. Furthermore, they would likely shelter their assets. P. International Nature of the Net: makes U.S. regulation or legislation ineffective. Assessment and Summary The problem of Unsolicited Electronic Mail is pervasive and disturbing. However, technical solutions have been developed and are in use which partially address the problem. Current technical solutions attempt to adapt to mutating techniques used by senders of such mail, but it is always a race to see how quickly recipients can respond. A technical solution that addresses the problem on a different level is needed. Other technical solutions have been suggested and need to be assessed. Regulating or legislating prematurely will reduce incentive for active research into technical solutions and could prevent a more optimal solution from being developed. Furthermore, the risks of improperly drafted legislation or regulation could chill communications and have Constitutional implications as well. And the effect of regulation or legislation would be ineffective against foreign senders or rogue senders who forge identifying information and don't have assets. Legislation and regulation should be avoided if at all possible and drafted specifically to address the problem in the most specific and narrowly focused ways possible. Given the unlikely effectiveness of legistlation or regulation and the incumbent risks, technical solutions should be given time to attempt to address the problem of Unsolicited Electronic Mail. Sincerely, /s/ Simona Nass |