Prosecutor Explains Why Spammer Sent to Slammer
During my opening statement, I explained to the jury that sending spam by itself is not a crime, but when you masquerade your identity, you violate Virginia's law that took effect in July 2003. Spammers run afoul of the law when they use another's IP or domain address without authority or create a fictitious IP or domain address.
11/10/04 4:00 AM PT
"Guilty" on all three counts was the finding of the Virginia jury on November 3 in the nation's first felony spam prosecution. The greatest shock was when the jury returned a sentence of nine years against Jeremy Jaynes when many on the jury did not even know what spam was prior to the eight-day jury trial. The result has prompted debates on electronic message boards and other media outlets around the world.
Jeremy Jaynes, who ran his spam operation under the alias "Gaven Stubberfield," was one of the top 10 worst spammers in the world when he was arrested in December 2003, according to spamhaus.org. He was most notably known for his bestiality-porn spam and the alleged footage of adult film star Jenna Jameson and pop icon Britney Spears making out. This alleged footage was used to lure traffic to an adult Web site via his spam operation.
So What Is Spam?
Spam is commonly referred to as unsolicited bulk e-mail, and for those who have e-mail accounts, you surely have seen it on a daily basis. These advertisements flood your inbox and cause you to constantly hit the delete button; at times accidentally deleting the e-mails of friends and family. The name spam comes from the Monty Python slogan spam, spam, spam, spam, spam, spam, spam, etc. because it keeps coming and there is nothing you can do about it.
So Why Is This Crime?During my opening statement, I explained to the jury that sending spam by itself is not a crime, but when you masquerade your identity, you violate Virginia's law that took effect in July 2003.
Every computer on the Internet has a unique identifying number called an Internet Protocol address, or simply an IP address, which is similar to a telephone number. You can determine the originator of an e-mail as it contains a unique IP address and domain of the sender. Domains are letters or characters for an IP address that we, as humans, can remember. Most commercials now refer you to their telephone number or their domain name like www.aol.com.
Spammers run afoul of the law when they use another's IP or domain address without authority or create a fictitious IP or domain address. It is no different than using someone else's credit card to purchase goods or services.
One of the victims in the case, America Online, an Internet service provider (ISP), explained that it received between 1.5 billion to 2.5 billion pieces of spam e-mail a day, and its filters block between 70 and 80 percent of this e-mail.
Filters are like electronic security guards that look for known IP and domain addresses and other fingerprints previously associated with spammers. To evade these filters, spammers masquerade as others in order to reach the consumers. This is the main motive behind the falsification.
My theme for this case was "to remember that sending spam is like sending mail with postage due, as somebody else is paying the cost of your advertisement." It was clear that the ISPs that hire numerous investigators to determine the source of the spam and maintain employees to adjust the filters to keep the spam from reaching its customers are forced to maintain more than twice the amount of infrastructure, as almost 70 to 80 percent of all e-mail is spam. However, most importantly, they incur the loss of good will caused by all of the spam consumers see in their inbox.
Of course, the spammers pay a minimal cost to send the spam, as there is no charge to send e-mail, at least for now, as there is with postal mail. It was very clear at the end of our case that everybody but the defendants were paying for this spam.
So why did this defendant get nine years in jail?
I really doubt that many criminal trial juries would be too outraged for big corporate victims who lost profits because of spammers. We realized that while the ISPs are victims in these cases, the most sympathetic victims are the citizens who were ripped off.
We focused on the e-mail messages that the defendant peddled. He sent a history-eraser program marketed to cover your tracks when you have been looking at pornography over the Internet at work, a penny stock picker as the sure crystal ball to pick the right stock, and our main emphasis was the Federal Express refund processor.
He marketed the refund processor as a product for US$39.95 that would allow you to make as much as $75.00 per hour. If the product was so great, then why was he not doing it himself, I rhetorically asked the jury. If you do the math, this would be about a $12,000 per month income, and not bad for sitting around the house doing nothing.
As we prepared for cross examination of his witnesses and closing arguments, we finally figured it out. He sold this product to about 12,000 to 17,000 people a month, accruing $400,000 to $700,000 in sales per month. We then discovered that between 15 and 33 percent of all of the purchases were charge backs. For those who have worked in retail, this is equivalent to 3 out of 10 customers returning the merchandise you sell.
By the way, it is not easy to successfully charge back a purchase. As we read the complaints, we noticed that the customers had to contact a credit card fulfillment company on the opposite side of the country from where the defendants lived to try to get a refund. This company basically told them tough luck and that there are no refunds. If the victims really wanted their $39.95 back, they could then go through the round robin telephone machine at their credit card company to try to talk to a real person. If they persisted and reached a real person, they were told they needed to fill out an affidavit to get the charge back.
The numbers of charge backs clearly represented a small number of the victims of this fraud. When we read the affidavits, we noticed common themes: unauthorized transaction, double swipe, merchandise not received, and merchandise not as described. We knew that this was the key point to argue in sentencing.
Were They Really Victims?
So who would buy these products anyway?
As we read the complaints, we also noticed a common personality of those who bought this processor. They were on a fixed income or hard times. They knew that they should not have bought the product but decided that they would take a chance. Believe it or not, the defense attorney argued that greed cuts both ways and the victims got what they deserved because they were trying to get rich quick. Needless to say, this did not go over well with the jury. Especially when on rebuttal, I condemned that statement and showed he was arguing that his client had a right to exploit the victims.
Beyond a Reasonable Doubt
The biggest question we get is how we proved that the e-mail was unsolicited without bringing in one witness to testify that they did not request the e-mail. We tossed this issue around for almost a year but finally came up with the idea of bringing in an expert to make this decision based on the tactics the defendants used to circumvent the filters. Legitimate bulk e-mailers would not attempt to masquerade their identity to get their message to their customers.
We called in Dr. John Levine, who holds a B.A. and Ph.D. in Computer Science from Yale. Most significantly, Levine is one of the co-authors of a top selling computer book entitled Internet for Dummies. He also co-authored E-mail for Dummies as well as numerous other books associated with computers and e-mail. He was able to give his expert opinion that the e-mail sent was not legitimate solicited e-mail because of the numerous masquerades and attempts by the defendants to hide the origin of the e-mail.
The other elements were relatively easy to prove, and the defense attorneys focused on this element in their opening statements, stating that we could not meet this burden. They appeared to be shell shocked when Levine took the stand. Additionally, the defendant possessed the entire stolen America Online client database that contained more than 84 million e-mail addresses as well as 700 million other e-mail addresses on digital media storage devices. However, these points seemed minor after Levine testified.
Old Crime in New Technology?
During the case, we constantly reminded the jury that technology advances but crime is always the same. The spammers are just the modern-day fraudulent snake oil salesmen. In the old days, they would travel town to town and sell you a product that would cure all, but when you went to get your money back, they had moved to the next town.
Technology advanced with the telephone and the fraudulent snake oil salesmen became a breed of telemarketers. Then in the 1980's, the fax machine advanced technology and allowed us to send documents in real time around the world with the touch of a button. Then those same fraudulent snake oil salesmen used this technology to peddle their poison. Your fax machines are tied up with snake oil when you need to use the fax, and when you get to work, you discover the snake oil ads have used all of your paper overnight.
Then the Internet came along -- what a great advance of technology. We can communicate in real time with our loved ones and business partners around the world without paying that long distance telephone bill. We can even communicate with soldiers on the battlefield. Along with the good technology comes the snake oil salesmen. The Internet is their dream technology as they can prey on the world's population with e-mail accounts to peddle their snake oil with literally no cost.
Only time will tell whether this prosecution will make a difference in the amount of spam that annoys us on a daily basis. Hopefully, this verdict will let those would-be spammers think twice before they hit that send button.
Russell E. McGuire is a 1996 distinguished military graduate from the Virginia Military Institute in Lexington, Virginia, and a 1999 cum laude graduate of the Thomas M. Cooley Law School. He currently serves as an assistant attorney general in the Computer Crime Unit of the Office of the Attorney General of Virginia and as a Special Assistant United States Attorney for the Eastern District of Virginia. Previously, he served as an assistant commonwealth attorney for the City of Richmond and assistant professor of Criminal Law & Procedure at Virginia Union University..