Technorati
Quoted in TechNewsWorld
I've been quoted in a great article by Jack Germain in the online magazine, TechNewsWorld.com. The article, "Suckers for Spam: When Will They Ever Learn?" appeared in the December 4, 2008 issue.
Click HERE to read the article online.
Spam continues to be a vexing problem, and the CAN SPAM Act doesn't really help the situation. Arguably, it makes it worse...check out my comments in the article, which I copied below (with permission--thanks ECT Network!)
More on Spam in upcoming entries.....stay tuned.
----------------------
Suckers for Spam: When Will They Ever Learn?
By Jack M. Germain
E-Commerce Times
Part of the ECT News Network
12/03/08 4:00 AM PT
available at: http://www.technewsworld.com/story/65343.html?wlc=1228421893
The old adage about a sucker being born every minute is no less true among respondents to spam. Dishonest people have always been trying to make a fast buck by duping others into confidence scams, and the Web has give those people an easy way to communicate with more potential marks. However, modern-day scam artists may be capable of making a faster buck from a lot fewer suckers.
Just about everyone on the Internet hates spam. Yet spam lives on. How has such a universally despised phenomenon still managed to attract scammers, hackers and annoying hucksters who use it as a means to carry out business? Mostly, it's because enough people just keep clicking.
A recent study on spamming operations conducted by computer scientists from the University of California in Berkeley (Cal) and San Diego (UCSD) showed that spammers only need a response from one sucker out of every 12.5 million e-mails sent, usually by way of botnets and malware-infected computers. The study concluded that even a small response rate to a spam message can generate windfall profits.
"Spam works because suckers are still born every minute. People still pursue the dream of being somebody they are not. The want to acquire wealth they'll never get. The method for delivering the message is changed. That's all," Brad Gross, attorney in the Business Technology Law Practice Group and partner in the law firm of Becker & Poliakoff, told the E-Commerce Times.
Born to Click
Spam works because enough computer users are not aware of its dangers. Spam also works because many computer users are ignorant of Internet security practices.
"A certain percentage of people will always click on things. We've seen a lot of spam in the last two years lead to serious intrusions," Brian Dykstra, senior partner in the law firm of Jones Dykstra and Associates, told the E-Commerce Times.
Despite widespread public distaste for junk e-mail, the odds are still in a spammer's favor if he or she crafts the message right. Profitable spammers use highly sophisticated messages that pique recipients' curiosities. In addition, the messages are sometimes so cleverly designed to resemble real correspondence that unaware computer users are caught off guard, whether opening e-mail at home or in the workplace.
Spammers' Goal
"No matter how many times you tell workers not to click on links found in e-mail, a certain percentage of workers will still click," Dykstra said.
It only takes one office worker one click to give away access to the network. This is the aim of hackers, he cautioned.
In fact, it's easier for spammers to get access to sensitive information such as passwords and account numbers through enticing an e-mail recipient through spam than by hacking into the the corporate network by traditional means, he said.
Targeting Suckers
Dykstra's firm is involved in electronic evidence discovery and computer intrusion response. A vast majority of the computer intrusions going on right now involve phishing user groups via e-mail attachments or e-mail links to gain access to their computers or corporate networks, he explained.
"While some people do respond to the ever-popular cheap Viagra and Cialis adds, a lot of what we see is very targeted and repeated attacks on end-users," he said. "People always fall for repeated attempts."
Spam victims often get sucked into clicking for no other reason than the e-mail looks real and pertains to their work. Even when an e-mail recipient is aware of the spam threat, with some messages, it just seems like clicking makes sense.
"Spam is often very targeted to the receiver's specific work or social interests. If the e-mail fits their interest level, they click. I've seen some really believable e-mails," Christopher Ciabarra, security specialist at Network Intercept, told the E-Commerce Times.
Awareness Helps
Many people find it difficult to not click a link in an e-mail. Especially if the message is about an item of interest, the recipient clicks away, Ciabarra noted, adding that too many people just don't know any better.
Users who are at least partially aware of spam often fall into a false sense of safety. They think that having up-to-date anti-virus and anti-spyware products will protect them. They also think that e-mail filters block dangerous spam.
"Every time we build a fence [to protect against spam], the bad guys figure out how to get around it," said Ciabarra.
Getting Speared
"Spear phishing" is a term used to describe a very targeted spam attack. This highly focused e-mail barrage aims at workers in a particular organization or profession. The message looks authentic. For instance, an e-mail is sent to a group of researchers who would be unsuspecting of a news announcement on an upcoming conference.
The goal is always the same. The message is designed to get the recipient to click on a link or to respond with specific information. Ultimately, the click results in a malicious download -- perhaps a virus that infects the user's computer to reveal account numbers and passwords.
Dykstra's legal practice involved representing companies that have been accused of spamming as well as companies that have been the victims of spamming by others. These cases involved denial of service attacks and flooding e-mail inboxes, for instance.
"We are seeing a surge in other scams related to peoples' jobs, for instance, job seeking sites. Some spam messages look so real that workers are convinced it is from the company," Dykstra said.
No Click Training
Training programs for workers about the dangers of spam often reveal how prone some people are to falling victim. Some companies have conducted self-phishing experiments with a message sent by the in-house IT department to workers' inboxes.
The IT staff tracks who clicks on the bait in the message. The results are used to educate workers about spam, according to Dykstra.
At a company meeting, the results are divulged. Often, when repeat messages containing spam elements are sent to the same workers, the same workers are again the ones clicking on the spam.
When done the second time, the click rate is much lower -- often 10 to 15 percent of the workers, he said.
Legal Stuff
One reason that people respond to spam is that they receive so much of it. The potential threat from spam, aside from its annoyance, is masked by the fact that laws meant to prevent spam have in some cases made it easier for spammers.
When Congress passed the Can-Spam Act in 2002, it took power away from the 34 individual states that had regulations restricting spam and put it in the hands of the federal government, according to Gross.
"The Act makes it easier for spammers. Before the Act passed, for commercial e-mail, a company needed an attorney to analyze state law and get an opinion on what it can and can't do," he said.
The Can-Spam Act took away all state regulations, has only a handful of requirements and gives spammers almost carte blanche, said Gross.
For instance, a message cannot have false or misleading header information. Also, a message cannot have a deceptive subject line, and it must have an opt-out method.
To be legal, spammers must display their commercial address of the sender. However, if the e-mail is outsourced, the receiver doesn't know who the sender really is, Gross noted.
"None of these rules is difficult for spammers to meet," said Gross.
A Message to College Students: Your 1st Amendment Rights Have NOT Been Violated !!!
Now, let me say this: not all censorship is a violation of the First Amendment. (And anyone who tells you differently is trying to sell you something--most likely, his or her legal services.)
Case in point: Tennessee State University's recent decision to ban the JuicyCampus.com website from university-owned servers did not infringe anyone's First Amendment rights. Let me say that again, because you need to understand this: the state-owned university did NOT violate anyone's First Amendment rights by banning the JuicyCampus.com website from the university's web servers.
Yeah, I know---there are lots of pundits out there who are saying that the university's decision has "First Amendment implications", or that the university's decision is "troubling."
I say: Nonsense. Poppycock. Ridiculous. Just stop it. (How many other ways can I say it??) Those pundits are wrong.
First, some facts: JuicyCampus.com is the equivalent of an online bathroom wall in a campus pub. Visitors to the site can post anything they want about anybody they want, and all entries are categorized by college. According to the site, all entires are 100% anonymous--no registration, login or email verification is required of any visitor. (By the way--just because no login or email verification is required does not mean that everything is 100% anonymous. I was a former prosecutor of computer crime--I know some amazing computer forensic guys that can probably trace the entries back to their originating source.....but I digress.)
Tennessee University is a state-owned, public university. Last month, after receiving a complaint about the website from a concerned parent, the university decided to ban the website from its servers. Students who try to access the website through the university's Web server's now find that the site is blocked.
So, how come there's no First Amendment violation here? Isn't this censorship? (Answer: yes.) IIn fact, isn't this an example of content-based censorship--the most egregious type of censorshiip there is? (Answer: yes).
So what gives?
The first answer: First Amendment rights exist in public forums, not in private forums.
What's the difference between the two? Simply put, public forums are open to the public and/or are used for public communication; private forums aren't.
For years courts have held that a public university's computer servers are not "public forums", because they are only accessible to students and faculty--not the public at large. Since the servers are private forums, First Amendment rights are generally not implicated if the university decides to ban certain websites from those servers.
Is there an exception? Of course (there's always an exception): censorship in private forums is impermissible if the censorship is really a covert attempt to suppress a particular viewpoint and is unreasonable in light of the purpose of the forum.
But let's quickly analyze the exception so you'll see why it doesn't apply. First, the university had no "covert" purpose in banning the site. The university didn't ban JuicyCampus.com because of the views espoused by the site, or becasue the university wanted to suppress a particular viewpoint.
Second, regarding the "reasonableness" of the situation, consider this: Tennessee, like many states, has laws against cyber-bullying and cyber-stalking. (Check out Tennessee statute 39-17-315). JuicyCampus.com allows (perhaps encourages) people to bully others online, and to engage in cyber-stalking in an anonymous manner. Is it unreasonable for the university to try to protect its students from others who are using the university's Web servers to commit a criminal act? Of course not, don't be silly.
Want to learn more? Check out the case of Loving v. Boren (956 F.Supp. 953), or Putnam Pit, Inc. v. City of Cookeville (23 F.Supp.2d 822), or Faculty Rights Coalition v. Shahrokhi (2005 WL 1657116). Go ahead....you'll see I'm right.....
The second answer: We will call this answer the "Brad Theory", since no court has put it the following way: Internet access at a university is a privilege, not a right.
A privilege is a gift, revocable at will, and subject to restrictions. A right, however, is an entitlement, and can't be taken away without due process.
Students don't have the inalienable right to have Internet access through the university, nor do they have the right (statutory or otherwise) to be able to access any website they want through the university's servers. Instead, Internet access is a privilege granted to the students by the university--a gift, if you will. The university giveth the privilege, and the university can taketh away the privilege.
In sum, it's not a First Amendment thing--it's a privilege thing. You can't claim First Amendment protection in something that is a privilege. An analogy might help: if someone wrote "For a good time call XXXX" on a bathroom stall wall in a public university, would it be reasonable to say that the university can't paint over that graffiti without engaging in impermissible censorship? Of course not, because students don't have the right to draw on the university's bathroom walls. In my analogy, the stall walls are provided as a privilege--albeit a privacy-based privilege--and can be modified by the university at any time.
The same goes for the university's web servers. The university, no less than a private owner of property, has the right to preserve its servers for the use to which those servers are lawfully dedicated. Here, the servers were dedicated for academic uses only, and the university has the right to ensure that they stay that way.
You disagree? Think I'm wrong? Well, I'll gladly give anyone who wants it the privilege of debating me through this blog........
--A big "thanks" to my colleague Daniel Wallach, Esq., a truly excellent litigator and appellate attorney, who provided research for this entry..
Customs Regs and You: Protect Your Goods Here and Abroad!!
Are you worried about your goods being counterfeited here or abroad?
Is your labeling in compliance with FDA regulations?
If so, then you need to attend one of the roundtable discussions that my colleagues and I are providing for importers, exporters, customs brokers, freight forwarders---anyone who is involved in the shipping or manufacturing of goods in the U.S. or abroad.
The official brochure for the event(s) can be found HERE.
If you want to attend, or if you want more information, feel free to call me or drop me an email.
Hope to see ...<< MORE >>
** Update: New "No Fault Found" Think Tank Formed on LinkedIn
Click HERE or go to the following site to join the group:
http://www.linkedin.com/groups?about=&gid=1397237&trk=anet_ug_grppro
Click on the link above, join my think tank, and together we will figure out a solution to the problem---see you at LinkedIn !
Strippers and Trademarks and Video Games, Oh My!!
The makers of the popular video game, “Grand Theft Auto” successfully defended themselves in a California federal court earlier this month against a lawsuit brought by the owners of a strip club in East Los Angeles. (Strip clubs vs. computer geeks...now THAT’S a fight worth watching).
But putting aside video games and strippers for just a moment—indeed, only one moment—the case is an important example of how the First Amendment limits many of the rights held by trademark holders.
The “Grand Theft Auto” video game series, produced by Rockstar Games, is known for its “crass brand of humor, ...<< MORE >>
Warning: Your Website's Content May Be a One-Way Ticket to Anchorage.....
eWaste - Getting Serious About a Serious Problem
The 60 Minutes report, which you can check out HERE, points out that a great number of companies are merely shipping their eWaste to Asia, where lead, mercury, and other toxins from the eWaste seep into the groundwater and cause people to suffer grievous harm (to put it mildly). In the upcoming weeks I’ll be writing a number of articles about the eWaste issue. Actually, I already started on the topic--check out my article from last week, “Though Shall Go Green….”. In the meantime, let me point you to a great resource where you can read about the eWaste problem…. www.computertakeback.com : this is the site of a campaign that has a single purpose: to “protect the health and well being of electronics users, workers, and the communities where electronics are produced and discarded by requiring consumer electronics manufacturers and brand owners to take full responsibility for the life cycle of their products, through effective public policy requirements or enforceable agreements.” The site has started a campaign to convince television manufacturers to take back television sets that are headed for the trash bin after February 17, 2009—the date on which all U.S. television broadcasts go digital. Check out their campaign at www.takebackmytv.com.
eWaste is a problem---a HUGE problem. And as 60 Minutes recently pointed out, we're not even close to perfecting the "use-recycle-reuse" paradigm yet.
I'm also one of the leaders in a committee, started by CompTia, that's looking into issues involving Green IT. We're analyzing the issue from the legal perspective (that's my baby), as well as the industry perspective (some big names, such as Unison and Lexmark, are involved in the effort).
Our group recognizes that approximately half of U.S. technology companies demand Green IT initiatives; however, they face serious challenges in the implementation of these initiatives, including implementation costs, limited knowledge of the scope of such initiatives, and lack of resources (e.g., manpower, time) to implement the initiatives.
Stay tuned to follow our progress.
Also, if you're interested in more information on the issue, send me an email and I'll send you info while it's still "hot off the presses....."
Save Your Company - Audit Your Intellectual Property Now !
Competition? No. (Well, maybe competition is hurting your business, but that's not what I'm talking about).
The economy? Nope.
How about this thought: your company might not own any of the work product it produces on a daily basis. Wouldn't that be a problem for your company? Wouldn't that kill your company?
And when do you think you'll find out about your company's intellectual property woes: when things are going great, or when something goes wrong? (If you answered, "when things are going great", then call me immediately--I need to teach you a few things about business acumen.)
You don't want to find out that there's an underlying problem with your company's intellectual property when things are going wrong--thought that's almost always how it works out. At that point, it may be too late to correct things....
Never fear: the doctor is in. (That would be me.)
Over the years I have drafted a checklist for my clients to help them initially self-diagnose hidden IP problems that may be lurking in their companies. Now, I'm sharing that list with all of you. (You're welcome).
The following link will allow you to view and download the checklist: Business Audit Checklist
Read the checklist and think of how it applies to your company. If you have any questions, let me know.
The B&P Newsletters
July 2008: "iPod Synching About to be Zap-ped Out of Existence?"
October 2008: "Harry Potter Casts a Spell on Copyright Infringer"
Here's an interesting article from my partner, Peter Quinter, who specializes in U.S. Customs & Homeland Security issues. His article, from 2006 (but which is as relevant as ever), is about registering your trademarks with U.S. Customs.
November 2006: "Why Record Trademarks and Copyright with U.S. Customs?"
If you want to receive these newsletters as they are published (about once a month), send me an email at bgross@becker-poliakoff.com.
When Computing, Though Shall Go "Green".... and Happily Foot the Bill for It
You will "go green"...if not today, then tomorrow. If not tomorrow, then really soon...
And it will cost you. And you won't mind. (Huh?) That's right, you won't mind at all...
Read on...
There are two types of state laws requiring e-waste recycling:
Producer Responsibility laws, in which the producer (i.e., the company making the "stuff") is responsible for taking back its products and disposing or recycling them; and
Advanced Recovery Fee (ARF) laws, which require the consumer (i.e., you) to pay a fee, at the time of your purchase, which goes into a state fund used to pay for the cost of recycling.
Let’s ...<< MORE >>