First Spammer Convicted Under CAN-SPAM Law

eldavojohn writes "Spammer Jeffrey Brett Goodin has been convicted under the 2003 CAN-SPAM Act, the first person in the U.S. prosecuted successfully under the law. He is facing a sentence of up to 101 years in a federal prison after being found guilty of numerous illegal acts. According to prosecutors, Goodin was convicted on multiple counts in addition to the CAN-SPAM conviction, including wire fraud, unauthorized use of credit cards, misuse of the AOL trademark and attempted witness harassment. From the article: 'The law forbids e-mail marketers from sending false or misleading messages and requires them to provide recipients with a way to opt out of receiving future mailings. During trial, prosecutors presented evidence that Goodin used several compromised Internet accounts to send e-mails to America Online users. The e-mails appeared to be from the company's billing department and told customers to update their billing information or lose service.'"

Will it Make a Difference?

[BoRegardless]

I hope so but...

Given the creeps anywhere can run these scams outside of N. America, it just means other methods might work better.

We can start by having ISPs who know computers crunching out a 1000 emails at a time in the middle of the night get dumped off the Internet until the user gets a new hard drive or computer.

no tax evasion?

[User 956]

I'm surprised they didn't get him for tax evasion [msn.com], too. I mean, the IRS even requires that you pay taxes on stolen property.

Re:Over the top

[voice_of_all_reason]

When dealing with life sentence/death penalty, the crime has to scale well with murder. Here's why:

If you are in the process of commiting a crime (in this case intrawebs fraud), and know you will face 100 years in prison for getting caught, what's to stop you from killing anyone who gets in your way? Any other sentences would be inconsiquential. Hell, you might as well try and take down the police who attempt to bring you in. If you manage to get a few, it'd sorta be like a bonus.

CAN-SPAM

[Phroggy]

You know, the CAN-SPAM Act is often criticized on Slashdot and elsewhere as being toothless and full of loopholes. People think it's a worthless law, because spammers can easily get around it. I disagree. Let me explain.

First of all, what we really want to avoid is any law that inhibits our right to freedom of speech. It's very easy to write a definition of spam that is overly broad, and applies to legitimate messages as well. Let's assume for the moment that this would be a bad thing. I haven't heard any complaints that CAN-SPAM is flawed in this way.

The complaints are that CAN-SPAM doesn't go far enough. Spammers could simply change their spam to comply with the provisions of the law, and suddenly their unwanted junk is no longer technically "spam" in the eyes of the law. In theory, this may be true, but in practice, it's not happening. The law has been in effect for three years now, and spammers still aren't even bothering to pretend to comply with the law, they're just continuing to blatantly disregard it. This means that just about all the spam I get in my inbox (plus all the spam that I would have gotten in my inbox if I didn't have a whole pile of filters in place to block it) is clearly defined as illegal according to CAN-SPAM.

So why am I still getting all this spam? It's not because CAN-SPAM is a bad law. It's not because the spammers have found a loophole, or have changed their spam so it complies with the law. The problem is enforcement: the FTC and FBI don't have the resources to go after these guys. It's been three years, and they've only gotten one conviction.

Yes, some spammers are based outside the US, and while CAN-SPAM may still apply to them because they're sending spam to Americans, they're outside the jurisdiction of our law enforcement agencies. Several other countries have pledged their support in the International War On Spam(TM), but again, somebody has to actually track down the spammers so they can be arrested, and that's what's not happening.

So what's the solution? It's not to pass more laws making spam more illegal than it already is. The solution is for Congress to earmark funding for spam investigation and prosecution. They won't think of it themselves, so somebody has to tell them to do it. So, write to your Senators and Representatives, and tell them you want to see better enforcement!

Now, who's got that list of checkboxes?

Re:Over the top

[Zondar]

Someone needs to do a bit more tracking on this statistic. Like, how many of those were illegal immigrants? Before you start shaking your head, think about it...

Deterrence is a concept that relies on Party B being afraid of something Party A can do to it, and that whatever Party A can do is worse than the risk of committing the act. If Party B is already subject to Party C however, and the things that Party C can do to Party B are inherently worse than anything Party A can do... and/or if Party B is not fully aware of the consequences of his actions under Party A's rule (see cases of teenagers illegally smuggling drugs into countries with an insta-death penalty)... then deterrence is not nearly a factor.

For deterrence to stop me from doing something, I have to:

A) Be aware of the punishment
B) Be afraid of the punishment more than the status quo
C) Be marginally intelligent enough to understand the consequences and have no mental defects that affect your empathy

Deterrence in and of itself works. Otherwise you would eat poop and poisonous substances, you would go in the cookie jar every day, and you would kill people because they got in your way. Deterrence is a biological phenomenon (eating something that is either inherently noxious or made you sick), a reactionary phenomenon (see Pavlov's Dog experiments / rat experiments designed to teach with negative feedback), an a social phenomenon (if I injure this person, society will extract it's punishment from me).

Deterrence doesn't work in this case because it's better for a 'Mexican national' (lol... PC phrase) to escape the shithole known as Mexico, take his chances here in the US, AND GO TO PRISON than it is to stay in Mexico. Yep, you read it right! Our prisons are more attractive than living in Mexico in certain cases.

How the hell is deterrence going to stop that?!?

Re:minimum-security resort

[Eskarel]

Actually the federal prison is the nice one(in most states), in general fedearal penitentiary's(minimum or otherwise) are substantially less unpleasant than their state run equivilants. Part of this has to do with states trying to save cash on prisons, but it's also got to do with the kind of things that put you there. Murderers and rapists, in fact nearly all violent criminals are prosecuted by the state and incarcerated by the state. Federal offenses tend to be things like embezzlement, and other white collar crime(there are exceptions of course, violent crimes commited in certain places or to certain people are federal jurisdiction). That's not to say I'd want to spend time there, and unless youre rich and/or famous and can get a slap on the wrist sentence, it's not going to be a good time, but given the choice between state and federal, most folks would choose federal.

1 second per spam sent, plus per victim?

[billstewart]

Ok, so if it takes you 1 second to delete a spam, should we throw him in the slammer for 1 sec per spam he sent? With some spammers, that's 100 million spams, so ~1100 days or 3 years in jail just for annoying people.

But think about the number of people this spammer succeeded in ripping off - was it 100, or 1000, or 10000? Usually you'd spent less time in jail for stealing $1M from one person than $100 each from 10,000 people, or $1000 each from 1000 people, but at six months in jail per petty theft or 1 year per grand theft, he could easily be doing a lot of time.

Remember that this guy's a phishing thief, not just a pills-or-porn seller. How much time does he deserve for theft? If an average worker makes $50K/year, and the spammer makes $500K ripping off N victims, that's 100 person-years of honest labor he'd need to do just to pay them back for the value of their lost work time, not even counting the lost value by not having their money when they needed it. Should he only have to give back 1x what he stole, or pay more than that as compensation?