1. Field
The invention relates to the field of communications. More specifically, the invention relates to security of communication information.
2. Prior Art
According to the Direct Marketing Association (DMA), in 2001 telemarketing accounted for $660 billion in sales. Consumer advocates estimate that more than 24 million calls are made daily by telemarketers (some households receive as many as 21 calls a week). In spite of their popularity with businesses, the telephone calls, which often interrupt people in their homes at inopportune times, are near the top of many consumers' lists of complaints. In addition to unwanted telephone calls, unsolicited commercial email (also known as “spam”) is reported to account for more than half of all email traffic, thus inundating consumers' inboxes. Recently, marketers have begun targeting instant messaging systems with unsolicited messages (known as “spim”) and mobile devices (such as mobile phones that accept Simple Text Messages (also known as “SMS”) messages, pagers, and personal digital assistant devices). It is clear consumers want a way to say “no” to these unwanted messages.
In January of 2004 the United States enacted 15 U.S.C. §§7701-16, known as the CAN-SPAM Act. The new law instructs the Federal Trade Commission (FTC) to study the implementation of a national no-spam registry. Such a registry is modeled generally after the FTC's very popular do-not-call list, which was created six months prior to the passage of CAN-SPAM. In addition to the Federal do-not-call list, state-level do-not-call lists have been passed by forty-two states: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Kansas, Kentucky, Louisiana, Maine, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Wisconsin, and Wyoming.
Do-not-call laws have been successful in stopping unwanted telemarketing calls according to reports from multiple states as well as initial analysis by the FTC. In addition, fines from these laws have generated substantial revenue for several states. Through the end of 2003, states had collected nearly $5 million in fines from violations of their do-not-call lists. Governments also generate revenue from assessing fees for marketers to access the do-not-call lists. For example, the FTC charges each marketer $29 per area code per year to a maximum of $7,375 for access to the Federal do-not-call list. Individual states have set their own fees to access their state-based lists. Once purchased by a marketer, the do-not-call lists are distributed as plain text files. Marketers face an additional burden of having to design a process to scrub their internal calling lists of the do-not-call list entries.
To provide this service for companies, technologies have been designed to ensure automatically do-not-call compliance. For example, U.S. Pat. No. 6,330,317, to Garfinkel, entitled “Call Blocking System,” describes a system that automatically blocks outgoing calls to consumers who appear on either a company's internal or legally-mandated external do-not-call lists. The system interacts with the company's telephone system and automatically stops calls to phone numbers in a do-not-call database before they are dialed.
In addition, U.S. Pat. No. 6,130,937, to Fotta, entitled “System and Process for Automatic Storage, Enforcement and Override of Consumer Do-Not-Call Requests,” describes a system and process for a company to manage do-not-call lists. The system described allows companies to store efficiently, update, and, when appropriate, override a do-not-call list. Under the described system, a do-not-call list contains the telephone numbers of individuals who have expressed a desire not to be contacted. The system integrates both the company's internal do-not-call list as well as any external lists, such as those mandated by the state and federal laws described above.
Unfortunately, the use of these patented technologies has illuminated a number of problems that arise when attempting to extend the idea of a do-not-call list to other do-not-contact systems such as email. In the case of the no-spam registry proposed under the CAN-SPAM Act, several technological critiques have been raised. First, unlike telephone numbers, email addresses are valuable in part due to their secrecy. Because the sender of an email message incurs minimal marginal costs with each email sent, if an exposed email address risks receiving a virtually unlimited amount of unsolicited email. If a no-spam registry is created, the list of email addresses cannot be distributed in plaintext in the way telephone numbers have been in the do-not-call context without risking expropriation and abuse by rogue marketers.
Second, marketers are subject to a “single point failure” if a central do-not-contact list system is disrupted. This specific concern was raised by the Direct Marketing Association and the Email Service Provider Coalition in their response to the FTC's request for public comments on a no-spam registry. Since, by law, marketers would have to rely on the system, if the single point were disrupted then marketers would have no mechanism for complying with the law. This is not a rhetorical concern as rogue spammers are suspected of intentionally having disrupted several other centralized anti-spam databases. For example, the MAPS and SPEWS Real Time Blocklist anti-spam services, while not no-spam registries, have been regularly subjected to so-called “Denial of Service” attacks. These attacks became so disruptive that SPEWS was permanently taken offline in August of 2003. Implemented using current do-not-contact technologies, a no-spam registry would be a likely target of similar attacks.
Third, a centralized implementation of a do-not-contact system creates legal problems for some marketers. If a marketer is required to turn over personally identifiable contact points of individuals on their contact list(s), there may be a chilling effect on individuals signing up for particular services. For example, if individuals know that a sender of taboo products is required to turn over their contact point identities to a central authority, they may be reluctant to purchase from or register with the vendor. Courts have found this is a violation of the First Amendment of the U.S. Constitution because the central authority's access to individuals' preferences effectively chills free speech. As a result, for contact points that include personally identifiable information (e.g., email addresses, instant message IDs, etc. . . . ), it is constitutionally mandated that there be a way to check against a no-contact registry without revealing the identities of the individuals on a sender's list. Current technology does not provide a mechanism to satisfy this requirement.
Finally, the do-not-call list has proven to be extremely “coarse.” There are only two possibilities for a registrant: a phone number is either on a particular list or it is not. If someone wants to continue to receive unsolicited telephone calls about a certain class of products (e.g., charities), but not another (e.g., phone service), they have no way to express that preference. As a result, the do-not-call law has been criticized by some for being under-restrictive, and by others as being over-restrictive. For message delivery systems like email, both marketers and registrants have expressed concern that these limited choices will not adequately account for individual user preferences.
While the example above specifically relates to email, the same problems will continue to arise as individuals and governments seek to control other electronic communications technologies. In any technology where the marginal cost of sending a message is virtually zero, existing do-not-contact solutions will not suffice. These additional communications technologies currently include: instant messaging, text messaging, paging, Voice Over Internet Protocol (VoIP), etc. Several others are likely to be developed over time. In addition, as the cost of making a telephone call decreases, similar problems are likely to appear in the telephone context.
Due to these criticisms, several commentators have suggested that it is not technically possible to implement a secure, reliable no-spam registry. This sentiment was echoed at Congressional hearings on the CAN-SPAM Act as well as by Timothy Muris, the chairman of the Federal Trade Commission (FTC).