Desperate to tackle the ever growing problem of unsolicited
commercial e-mail, Congress included a provision in the recent
CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography
and Marketing Act) requiring the FTC to look into the
practicalities and problems of a system that would reward members
of the public who helped in the tracking down of spammers.
The FTC has now completed its report, but its findings suggest
that any such system will have to be very tightly controlled.
The FTC has identified three hurdles involved in a spammer
bounty system: identifying and locating the spammer; developing
sufficient evidence to prove the spammer is legally responsible for
sending the spam; and obtaining a monetary award.
The FTC is firm in its belief that the persons most likely to
identify a spammer and provide evidence, what it terms "high-value"
information, would be whistleblowers or insiders – personal or
business associates of the spammers themselves. The reward system
should be limited to these individuals, says the report.
Some have suggested that so-called "cybersleuths" – persons with
above-average technical skill and knowledge of computers and the
internet – could track down spammers, but the FTC concludes that
this is not likely.
According to the report, cybersleuths may be able to employ
their talents and expertise to construct educated guesses linking
seemingly unrelated spam to a common source, but much of this
sleuthing is based on intuition, does not definitively identity the
spammer, and would not constitute admissible evidence in an
enforcement action.
The report further explains that because cybersleuths do not
have the power to issue or enforce subpoenas, in most instances
they would not be able to legally obtain and supply to the
Commission admissible evidence of a spammer's identity,
whereabouts, or level of illegal activity.
Insiders, says the FTC, are often privy to this kind of evidence
and would not need compulsory process to obtain it.
But insiders would have to balance the possibility of a reward
with a variety of factors before coming forward: the likelihood of
the information submitted actually being used, and whether the use
would result in a successful legal proceeding; whether they would
lose their own income; whether they would incur personal legal
liability for their own part in the scheme; whether they would lose
their anonymity; and whether they would become a target of
retaliation by the spammer.
"The Commission is unable to establish with any degree of
certainty the dollar amount that might be high enough to overcome
these countervailing considerations, but believes that reward
amounts in the range of $100,000, and in some cases as much as
$250,000 are reasonable estimates," says the report.
The rewards themselves would have to be paid out of agency
funds, warned the FTC, as it is unlikely that sufficient money
would be recovered from the spammers to pay for it.
