2008-09-01
Abstract
'Once bitten does not, it seems, make twice shy for spammers.’ Helen Martin, Virus Bulletin.
Copyright © 2008 Virus Bulletin
In July a man who sent more than 50,000 spam emails an hour and who has been a known spammer since 1999 was sentenced to 47 months in jail after pleading guilty to charges of fraud, spamming and tax evasion. He was also fined a little over $700,000.
Prosecutors had been hoping for a stiffer sentence and had requested Robert Soloway be sent to prison for nine years, taking into account both the scale of his spamming operations and the fact that he had previously been investigated for spamming activities. This led me to wonder, what is a suitable punishment for a convicted spammer?
Jeremy Jaynes, the first spammer convicted in a felony case in the US (in 2004), was sentenced to nine years in prison after he was found guilty of sending several million messages in a two-month period. Jaynes is said to have made $750,000 a month at the height of his activities, with a net worth of up to $24 million.
Jaynes’s case preceded the introduction of federal CAN-SPAM regulations, which allow for a judge to consider profits if financial damages are unclear, and in December 2007 Min Kim became the first convicted spammer to have his sentence lengthened due to high earnings from his spamming activities. The judge recommended that Kim should be imprisoned for 30 to 37 months rather than the 24 to 30 it would otherwise have been, because he had recorded profits of $250,000 from spamming.
While I abhor the activities of spammers and spend an infuriating amount of my time pressing the ‘delete’ button to rid my inbox of their issue – on occasion accidentally filtering out genuine messages due to a trigger happy (or fatigued) delete finger – I have to wonder whether they really pose such a significant danger to society that they should be locked up for years (while tax payers’ money keeps them warm, fed and watered).
Of course the sentencing of spammers is rarely straightforward. In many cases the crimes they are charged with are wider ranging than ‘just’ the contravention of anti-spam laws. Spammers are often involved in such other nefarious activities as ID theft, distribution of malware, money laundering and so on, all of which quite rightly increase the severity of their sentencing. But where straightforward spamming is concerned incarceration does almost seem an unnecessary use of resources – for criminals who apparently pose little physical danger.
Many have suggested that spammers should simply be punished financially – as one VB reader said ‘being locked in a financial prison is just as debilitating as jail but far less expensive to the tax payer’. There have been many lawsuits resulting in spammers being ordered to pay fines, but rarely to the extent that they render the spammer incapable of continuing their activities. In December 2003, NY Attorney General Eliot Spitzer said: ‘We will drive [spammers] into bankruptcy, and therefore others will not come into the marketplace to take their place’, yet five years on the marketplace is flooded with spammers.
The cases of Scott Richter and Sanford Wallace demonstrate that once bitten does not, it seems, make twice shy for spammers. Richter was sued by both Microsoft and the New York Attorney General in 2003, reaching a $40,000 settlement with the Attorney General and eventually agreeing to a $7 million settlement of the Microsoft case. Yet in 2007 Richter was back in court being sued by MySpace for more spamming activities (an arbitrator awarded MySpace $4.8 million in damages). Similarly, Wallace came to prominence as a prolific spammer in the mid 1990s, but in 1998 announced his retirement from the spamming business after facing lawsuits from AOL and CompuServe. Just last year MySpace sued Wallace for – you’ve guessed it – spamming and phishing activities.
Clearly financial penalties have not thus far proved a particularly strong deterrent, and I am left to conclude that there is indeed a need for spammers to face the prospect of a prison sentence – and for spammers such as Soloway, Jaynes and Kim to be held up as examples to send a firm message of discouragement to would-be spammers.
