The Federal Trade Commission wants to crack down on spam zombie networks. But its call for Internet service providers to monitor their users has raised questions as to whether the request offers an opening to monitor e-mail content and not just spam activity.
The suggested measures, the FTC said in announcing so-called Operation Spam Zombies on May 24, include blocking common Internet e-mail ports where possible, using rate-limiting controls for e-mail relays, identifying computers sending atypical e-mail volume and determining if the machine is a zombie, quarantining the affected computer until the problem source is removed, and offering customers "plain language information" to keep their computers secure.
The FTC said it hopes the program leads to identifying likely spam zombies worldwide and the providers running the networks hosting them, the better to get corrective measures in place and fast. Some analysts, however, already think there could be trouble as well as relief coming out of such an effort.
Internet journalist Declan McCullagh, a longtime critic of spam and of excessive government regulation of the Internet, wondered the day before the FTC announcement whether governmental pressure on ISPs to monitor their users, "even well-intentioned," might raise critical questions.
"Will ISPs merely count the number of outbound e-mail messages, or actually peruse the content of e-mail correspondence?" McCullagh asked in a May 23 column. "E-mail eavesdropping is limited by the Electronic Communications Privacy Act in the United States, but what about other countries without such laws? If these steps don't stop zombie-bots, will the government come back with formal requirements instead of mere suggestions the next time around?
The FTC announcement came two weeks after a new Sober virus variant began slapping cyberspace silly with round after round of German and English language propaganda touting neo-Nazi messages and slogans. The commission said they have 35 government agencies in 20 countries joining up in an attack on the zombie networks.
They want to go after spammers—individuals and groups alike—who use software installed surreptitiously on unsuspecting users' home and business computers to flush the spam through them. The technique lets the spammers hide the real source of the spam and make it harder for authorities to track and trap them, and the owners of the victimized computers usually don't know that they've become spam conductors.
"Computers around the globe have been hijacked to send unwanted e-mail," said Lydia Parnes, director of the FTC’s Bureau of Consumer Protection, announcing the new campaign. "With our international partners, we’re urging Internet Service Providers worldwide to step up their efforts to protect computer users from costly, annoying, and intrusive spam ‘zombies'."
In addition to the FTC, the U.S. Commerce and Homeland Security departments are joining the effort. The government agencies around the world include those from Albania, Argentina, Australia, Belgium, Britain, Bulgaria, Canada, Colombia, Cyprus, Denmark, Germany, Greece, Ireland, Japan, Korea, Lithuania, Malaysia, Netherlands, Norway, Panama, Peru, Poland, Spain, Switzerland, and Taiwan, the FTC said.
The FTC campaign calls for teaching Internet service providers and other connection providers about zombie computers. The FTC and members of the so-called London Action Plan, a world network fighting spam, plus 16 more government agencies, will send letters to over 3,000 world ISPs urging them to learn and put protection in place for their users.
