Penetrating the Zombie Collective: Spam as an International Security Issue
Authors
Andrea M. Matwyshyn
Assistant Professor of Law/ Executive Director, International Center for Automated Information Research, University of Florida, Affiliate, Centre for Economics & Policy, University of Cambridge. The wishes to thank Jennifer Hill and Abha Joshi who both contributed research to this article, and Cem Paya, Sharon Gordon, Lilian Edwards, and Jum Carroll for their insightful comments and critiques
Since the mid 1990’s, spam has been legally analyzed primarily as an issue of balancing commercial speech with consumers’ privacy. This calculus must now be revised. The possible deleterious consequences of a piece of spam go beyond inconvenient speech and privacy invasion; spam variants such as phishing and “malspam” (spam that exploits security vulnerabilities) now result in large-scale identity theft and remote compromise of user machines. The severity of the spam problem requires analyzing spam foremost as an international security issue, expanding the debate to include the dynamic impact of spam on individual countries’ economies and the international system as a whole. Spam creation is becoming a flourishing competitive international industry, generating a new race to the bottom that will continue to escalate. Although the majority of spammers reside in the United States and a majority of spam appears to originate in the U.S., spam production is being increasingly outsourced to other countries by U.S. spammers. Similarly, as U.S. authorities begin to prosecute, spammers are moving offshore to less regulated countries. Therefore, spam presents an international security collective action problem requiring legislative action throughout the international system. A paradigm shift on the national and international level is required to forge an effective international spam regulatory regime. Spam regulation should be contemplated in tandem with the development of data security legislation and closing pre-existing doctrinal gaps in contract, computer crime and jurisdiction law, harmonizing all these bodies of law simultaneously across the international system to form a coherent international data control regime.
