Spam Bounty

Last year, Larry Lessig and Representative Rep. Zoe Lofgren (D-San Jose) proposed a system of mandatory spam tags, i.e. something like mandatory use of [ADV] in the subject line and, as a method of enforcement, bounties for people who tracked down illegal spammers. Lessig liked the idea so much he offered to quit his job if the bill became law and didn’t substantially reduce spam. Now that’s a guy who believes in incentives!

Lessig won’t have to quit his job anytime soon, however. After studying the idea the FTC has recommended against bounties aimed at cybersleuths but they do allow that large bounties aimed at insiders could be useful.

Some of the FTCs objections are unclear. At one point they say that “potential informants who lack subpoena power, and who are not ‘insiders’ possessing personal knowledge of the spammer, are highly unlikely to possess or produce the kind of information deemed most useful to the Commission.” But elsewhere they say that cybersleuths “already provide useful information to the public for free, and may not be further motivated by the prospect of a monetary reward.” So which is it? Is the problem that the information provided by cybersleuths is not good enough or is it that the information is good but we already get it for free? Admittedly these sentences are not necessarily contradictory if one riffs on the distinction between the Commission and the public. It’s unclear to me, however, why the FTC resorts to speculation about the sort of information that cybersleuths can produce when some examples of what they have produced in the past would give us a better idea about what stronger incentives could accomplish.

The FTCs main objection is that they could not handle the resulting flow of mostly low-value information. The FTC already receives 300,000 forwarded spam-emails a day and doesn’t want a slew of further emails from bedroom bounty-hunters.

America’s Most Wanted, however, doesn’t offer rewards for the arrest of any criminal they offer rewards for ….America’s most wanted criminals. A spam bounty system could similarly limit the number of low-value tips by focusing rewards on the spammers responsible for the particular pieces of spam that went out to the most people – the FTCs database already has this information. Rewards could also be limited to sleuths offering specific information.

Large rewards for insiders are a good idea, Microsoft caught the author of the Sasser worm with help from bounties. I’d like to see some more research and experiment, however, before counting the cybersleuths out.

Addendum: More on real bounty hunters here.


Comments for this post are closed