Spam or Anonymity: We Don't Have to Choose
With its new "Block 25" crackdown, South Korea has become the latest government to attack the spam problem with medicines worse than the disease. Unfortunately, while many may support this approach out of ignorance of the consequences, such mechanisms advance a much more pernicious desire for control shared by almost every government in the world.
In all the talk about spam, it's easy to lose track of a simple fact: Spam is a consequence of free, unauthenticated communication. The simplest solution to spam would be to somehow ensure that all communications are authenticated and traceable, which is the motivation behind ham-handed measures such as South Korea's. However, the availability of unauthenticated communication is also at the core of the Internet's role in facilitating dissent against governments around the world.
In other words, South Korea is betting that its citizens' annoyance about spam will outweigh their desire to communicate anonymously. They hope that the end of anonymity will be justified by the end of spam. But the bad guys are much more likely to find workarounds to remain anonymous while the average citizen becomes almost perfectly traceable.
That's pretty much been the experience of China. A formidable bureaucracy, technical infrastructure, and legal framework have developed to efficiently punish Chinese citizens who dare speak their minds. Yet somehow, for all this crackdown, China remains one of the world's great sources of spam. This, I fear, is where measures like South Korea's are leading.
What's most lamentable about all this is that it's so completely unnecessary. The spam problem is well under control using more sophisticated countermeasures; transmitted volumes remain huge, but companies like Mimecast have gotten very good at throwing away nearly all of the spam. This has been achieved by several techniques, but there are still quite a few plausible approaches that haven't even been tried. It's actually working pretty well, and getting better all the time.
Enforced authentication might be the last resort if we find ourselves drowning in a tide of spam and we've tried everything else. But we are nowhere near that situation today. I don't think that all advocates of enforced authentication are motivated by wanting to crack down on dissidents, but it is a highly likely side effect, and a good reason to try every other anti-spam mechanism first.