On March 6, 2003, in the midst of a growing public outcry against unsolicited computer email (“Spam”), Sen. Mark Dayton (D, MN) introduced S.563, the “Computer Owners’ Bill of Rights,” which was referred to the Senate Committee on Commerce, Science, and Transportation.

The following is the opening statement I would have read, had I been called as a witness to testify before the Committee during its initial hearing on S.563.

Thank you, Mr. Chairman, for the opportunity to address the Committee regarding S.563, the “Computer Owners’ Bill of Rights.” Senator Dayton’s bill would attempt to ensure standard levels of technical support for computer users and give users a standard, federally enforced way to “opt out” of receiving spam.

There is no doubt that the state of support available for consumer-level hardware and software is abysmal. It seems natural to establish a certain baseline of support that consumers can expect when they purchase computer equipment or software, just as there standards for safety in the automobile industry. Even if there is no enforced regulation of consumer technical support, guidelines regarding self-reporting of compliance with government-established standards might help consumers to make informed decisions when choosing which products to buy.

There is also no doubt that the amount of spam flooding Americans’ inboxes is growing unmanageable. A national registry of email addresses would seem to be a natural extension of the extremely popular National Do Not Call Registry. Currently consumers must opt-out of each marketer’s list separately, if they are even able to opt out at all.

Unfortunately, in my expert opinion Mr. Dayton’s bill, while well-intentioned, is unworkable. Unlike automobiles, computer hardware and software are used in such a multitude of ways that it is inadvisable to attempt to set forth rules about how they should be supported. Any guidelines are likely to quickly go out of date given the rapid evolution of computer technologies. Moreover it is unclear what the requirements will be for noncommercial software creators, such as the networks of volunteers that create the Linux operating system and the Apache web server. Support for this type of open-source software, despite its highly decentralized nature, is often quite good, but it is not clear how it could meet standards developed for commercial software organizations. Thus such standards might not only mislead consumers, but also hurt innovation in the open-source and free software sectors.

Of greater concern, however, is the feasibility of a national “do not spam” registry. Email does not work like telephone calls, and creating such a registry is not simply a matter of extending the Do Not Call Registry to cover email. First of all, email lacks the audit trail that phone calls have. Phone companies keep track of every call made for billing purposes, and can unambiguously determine if a telemarketing company has violated the terms of the Do Not Call Registry. This is emphatically not the case for emails. The most egregious spammers forge email headers to make this type of audit difficult or impossible. Though legitimate marketing organizations are unlikely to engage in these practices, legitimate organizations are not responsible for the bulk of spam. Moreover, just the existence of such a database might actually increase the flow of spam. If criminals successfully compromised the registry, illegal spamming organizations could be provided with a wealth of legitimate email addresses. Even if the addresses were encrypted, spammers could use the encrypted data to check the legitimacy of addresses harvesting from the Internet.

I hope that the Committee will avoid the temptation to subscribe to the quick fixes proposed by Senator Dayton’s bill. If however the bill does go forward, I would like to ask Mr. Dayton to consider two changes. First, I would like to see Section 3 of the bill amended to acknowledge the existence of noncommercial software organizations, and to clearly state that separate standards will be established for these organizations. Second, I would like to see a prohibition on the forging of email headers added to Section 5, to prevent the already widespread falsification that is likely to make a “do not spam” registry ineffective. Thank you for your time.