FTC To Host Spam Summit: The Next Generation of Threats and Solutions

The Federal Trade Commission will host a two-day public event, “Spam Summit: The Next Generation of Threats and Solutions,” in Washington, DC on July 11 and 12, 2007. The summit will bring together experts from the business, government, and technology sectors, consumer advocates, and academics to explore consumer protection issues surrounding spam, phishing, and malware.

Some e-mail filtering companies have reported that the amount of unsolicited e-mails they process has been rising. According to the reports, the increased volume of spam is coming primarily from botnets, which are networks of hijacked personal computers that spammers use to conceal their identities and send spam and viruses. In addition, the Commission’s recent investigations suggest that spam is being used increasingly as a vehicle for launching harmful downloads, such as phishing and malware. This type of malicious spam goes beyond mere annoyance to consumers – it can result in significant harm by shutting down consumers’ computers, enabling keystroke loggers to steal identities, and undermining the stability of the Internet.

As a follow-on to the Commission’s 2003 Spam Forum, the two-day public summit will analyze malicious spam, shifts in spamming incentives and tactics, strategies for protecting consumers and businesses, and countermeasures for stopping malicious spammers and cybercriminals.

Topics are expected to include:

• Defining the Problem: Earlier findings indicated that most spam was fraudulent, deceptive, and offensive. How has the nature of spam shifted? Is spam now being used for malicious and criminal purposes? Is this spam reaching consumers’ inboxes or being filtered by internet service providers’ filtering software?
• New Methods for Sending Spam: To what extent, if any, have email address harvesting, dictionary attacks, and open proxys been replaced by botnets, zombies, and spam that uses images instead of text as the primary methods of spam distribution?
• The Covert Economy: What are the financial incentives for malicious spammers? To what extent does stolen information, such as government-issued identity numbers, credit cards, bank cards and personal identification numbers, user accounts, and email
  addresses, play a role? What is the cost along the email chain to consumers, businesses, internet service providers, and networks?
• Deterring Malicious Spammers and Cybercriminals: What are the investigatory challenges faced by law enforcement as spammers mask their identities and use obfuscatory techniques? What are effective countermeasures?
• Emerging Threats: What emerging threats are occurring in media other than email including spam over instant messaging – SPIM – systems, spam over internet telephony – SPIT, and spam to mobile devices?
• Putting Consumers Back in Control: How can we empower consumers and businesses in the fight against spam and malware?
• Technological Tools for Keeping it Out of the Inbox: During the FTC’s 2004 E-mail Authentication Summit, co-hosted with the Department of Commerce’s National Institute of Standards and Technology, the FTC initiated efforts to spur the development and wide- scale adoption of domain level e-mail authentication. Where does the implementation of e-mail authentication stand? What are other key spam-reducing tools?
• Stakeholder Best Practices: What best practices should stakeholders adopt to reduce malicious spam and minimize its impact?

The event, which is free and open to the public, will be held at the FTC’s satellite building conference center, located at 601 New Jersey Avenue, N.W., Washington, DC. A government-issued photo ID is required for entry. Members of the public and press who wish to participate but who cannot attend can view a live Webcast of the summit on the FTC’s Web site. Pre-registration is not required.

The Commission invites interested parties to submit requests to be panelists. The requests should be submitted electronically to SpamSummit@ftc.gov on or before May 18, 2007. The Commission asks interested parties to include a statement detailing their expertise on the issues to be addressed at the summit and complete contact information. Panelists selected to participate will be notified by June 1, 2007.

Any person also may submit written comments on the topics to be addressed at the summit. Comments must be received on or before May 18, 2007. For further information about the Summit and for specific information on sending comments, participating as a panelist, the Summit agenda, and contact information, please consult the FTC Web site at
http://www.ftc.gov/bcp/workshops/spamsummit/index.shtml.

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot,
stop, and avoid them. To file a complaint in English or Spanish or to get free information
on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov/ftc/complaint.htm. The FTC enters Internet,
telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,600 civil and criminal law enforcement agencies in the U.S. and abroad.