[LINK] Economics of Spam
Tom Worthington
Tom.Worthington at tomw.net.au
Thu Nov 13 09:09:57 AEDT 2008
The paper "Spamalytics: An Empirical Analysis of Spam Marketing
Conversion", details how researchers hacked into a spam network to
measure its effectiveness
<http://www.blogger.com/www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdf>.
I was interviewed about it on ABC Radio yesterday "Spammers making a
profit": "<http://www.abc.net.au/pm/content/2008/s2418104.htm>. The
researchers suggest that Spam is not as profitable as previously
thought. My main concern was over the ethics and legality of the
research technique.
The researchers hacked into the "Storm" botnet network and monitored
how many messages were sent. They then set up two fake e-commerce web
sites to see how many people would click through the spam ads to buy
the products. They found only one in 12.5 million clicked through.
Based on this they suggested Spam is not very profitable. It seems a
reasonable conclusion and I suggested in the radio interview that the
people doing this could probably earn more from the effort involved
via legitimate e-commerce.
There are numerous research papers on the economics of Spam
<http://scholar.google.com.au/scholar?q=spam%20economics>. That spam
may not be as profitable as previously thought is interesting, but
does not necessarily lessen its appeal to criminals.
However, my main concern was the methodology of the research. It is
ethically and legally questionable for the researchers to hack into a
spam network. Like any citizen, when a researcher finds someone doing
something illegal, they have a responsibility to report that to the
appropriate authorities so it can be investigated and those involved
prosecuted. In this case the researchers do not appear to have done
that and instead monitored the network and even set up their own
e-commerce store to exploit it.
The researchers are from Dept. of Computer Science and Engineering,
Berkeley and University of California, San Diego. Those institutions
have ethical guidelines for research which the researchers should
have consulted before proceeding.
In the ethics section of the paper, the authors state: " First, our
instrumented proxy bots do not create any new harm" and "Second, our
proxies are passive actors and do not themselves engage in any
behaviour that is intrinsically objectionable; they do not send spam
e-mail, they do not compromise hosts, nor do they even contact worker
bots asynchronously. " and "Finally, where we do modify C&C messages
in transit, these actions themselves strictly reduce harm. Users who
click on spam altered by these changes will be directed to one of our
innocuous doppelganger Web sites.".
However, the authors do not address the issue of if they were taking
part in a criminal activity or if they should have reported the
criminal activities to the appropriate authorities. It seems a flawed
argument for the researchers to say their activities were no more
harmful than those being observed.
More in my blog: <http://www.tomw.net.au/blog/2008/11/economics-of-spam.html>.
Tom Worthington FACS HLM tom.worthington at tomw.net.au Ph: 0419 496150
Director, Tomw Communications Pty Ltd ABN: 17 088 714 309
PO Box 13, Belconnen ACT 2617 http://www.tomw.net.au/
Adjunct Senior Lecturer, Australian National University
More information about the Link
mailing list