Code Breaking: A Bounty on Spammers
Modernizing Authentication — What It Takes to Transform Secure Access
According to Merriam-Webster's dictionary, a vigilante is "a member of a volunteer committee organized to suppress and punish crime summarily (as when the processes of law appear inadequate)." He or she is "a self-appointed doer of justice."
The Internet has had a long history of digital vigilantism, the most common being spam vigilantes. These well-meaning souls fight to rid the Net of unsolicited commercial e-mail, sent mostly by direct marketers eager to get your attention, whether you want it or not, at work and at home. Such groups attempt to fight these intrusions by building lists of sites that don't obey "proper" e-mail etiquette and then by organizing automated boycotts of the sites on the list. If your company's e-mail server finds itself on one of these lists, then a significant number of your e-mails will be routed into a virtual black hole.
If California Congressman Howard Berman has his way, soon these spam vigilantes will be joined by a new rank of lawless law enforcerscopyright vigilantes. In July, Berman, a Democrat, introduced a bill to deputize the recording industry and other copyright holders to help fight copyright violations. Through his bill, these vigilantes would be granted immunity from liability as they deployed tools to hack peer-to-peer systems that they "reasonably believe" violate copyright laws. Run a Morpheus server with content that recording industry executives think is theirs, and you may find your machine doesn't run much content at all.
Citizen involvement in any war on crime is not necessarily a bad thing. There's a long tradition of people helping cops, especially where cops are hard to find or fund. But somehow, the Internet always seems to use vigilantism in the worst possible way. Berman's idea is an extreme example, but it shares important features with spam vigilantism as well.
Both forms depend ultimately upon codethe ones and zeros of digital nervous systemsdoing the dirty work. The spam vigilantes first decide upon the spam policies they will require of e-mail servers across the Net. They then use tools to identify servers that violate their policies. Desperate e-mail administrators then subscribe to their list of policy-violating servers, and block e-mail from the servers on the list.
Once added to the list, there is no way to appeal the blocking or to fight such policies. Sometimes, the spam vigilantes offer people a way to appeal, but not always. Spews.org, for example, blocks without any appeal allowed. Its FAQ helpfully informs administrators who want to know "How one contacts SPEWS?" Answer: "One does not. SPEWS does not receive e-mailit's just an automated system and Web site."