From: [log in to unmask]
[mailto:[log in to unmask]] On Behalf Of CDT
Info
Sent: 14 March 2006 16:54
To: [log in to unmask]
Cc: CDT Policy Posts
Subject: Policy Post 12.05: Certified E-mail Plan Stirs Controversy

A Briefing On Public Policy Issues Affecting Civil Liberties Online
from The Center For Democracy and Technology

(1) Certified E-mail Plan Stirs Controversy
(2) AOL's Certified Mail Service Does Not Appear To Impede the Flow
of "Free" E-mail
(3) Certified E-mail Responds To Real Need; Continued Vigilance Necessary

----------------------------------------
(1) Certified E-mail Plan Stirs Controversy

In recent weeks, many in the nonprofit community have voiced alarm
over a plan by America Online (AOL), the nation's largest e-mail
provider, to offer paid, "certified" e-mail service to selected bulk
senders. Unions, consumer groups and public interest advocates formed
a coalition to oppose the forthcoming service, warning that certified
e-mail represents a first step toward a "tax" on e-mail
communication. That opposition has centered on the fear that by
creating a new class of e-mail senders who pay to have their messages
delivered, e-mail providers have started down a slippery slope toward
a two-tiered e-mail architecture. Opponents fear that under such a
structure, nonprofit speakers -- many of whose messages constitute
Constitutionally protected political speech -- will face a
deterioration in their ability to deliver messages if they can't or
won't pay for certified mail services.

CDT has long fought to preserve the free and open Internet, opposing
efforts to restrict content, to place undue financial, legal or
bureaucratic burdens on political speech, or to artificially limit
the ability of speakers to reach the sweeping audience the Internet
allows. CDT opposes any changes to e-mail architecture that would
impair the effectiveness of e-mail as an accessible communications
tool, particularly for senders in the political and nonprofit
communities. As such, CDT shares the underlying goal of the groups
opposing the certified mail services to forestall the emergence of a
"pay-to-play" e-mail environment.

However, CDT has a very different reading of the facts surrounding
this controversy. CDT does not believe the service will harm the
ability of non-paying senders to deliver messages to AOL customers.
CDT was troubled by initial media reports that AOL intended to
dismantle or scale back its existing "white lists," but the company
has publicly committed to maintaining those lists, which help to keep
messages sent by legitimate bulk e-mailers (including non-profit
senders) from being inadvertently trapped by AOL's spam filters. So
long as the white lists remain robust and intact, legitimate bulk
mailers that opt not to participate in the certified mail program
should see no degradation in e-mail deliverability.

Some critics of certified mail have gone a step further, conflating
it with the debate over "network neutrality." CDT believes that
certified mail and network neutrality are distinct and separate
issues, distinguished by significant differences relating to
competition, capacity and architecture. CDT is engaged in a series of
consultations regarding net neutrality, and intends to address the
issue separately.

Critics also have observed that certified mail will not help combat
spam. However, the program has been developed primarily as a way to
increase the security and trust level of e-mail, not as a
spam-fighting tool. Declining consumer trust in online safety and
security has emerged as perhaps the key factor preventing the
Internet -- e-mail in particular -- from reaching its full potential.
Internet users have been forced to treat e-mail messages
suspiciously; even those that purport to come from known and trusted
entities. This has hurt the ability of both commercial and nonprofit
e-mail senders to reach their audiences. Certified e-mail could be a
valuable tool in the fight against "phishing" schemes and other,
increasingly sophisticated forms of Internet fraud. The target market
for certified mail services appears to be legitimate and
well-established senders seeking to assure customers that the
messages they receive are genuine. That kind of authentication could
offer real benefits for both senders and recipients of transactional
e-mail and help to restore trust online.

Nor is the AOL/Goodmail service the only or first effort to enable
senders of e-mail to obtain some type of special certification or
treatment for their messages. Established examples include the Habeas
and Bonded Sender programs. Such programs may vary in their structure
and business models, but they share the characteristic of providing,
for a fee, participating bulk e-mailers with special treatment for
their messages. In addition, Yahoo! has said it is working with
Goodmail on a certified mail program of its own.

Paid certification services could cease to be benign should they
replace, rather than complement, white lists and other low- to
no-cost e-mail deliverability tools. The public interest and Internet
communities must remain vigilant against initiatives that erect new
price barriers that limit the ability of small and non-commercial
speakers to use the medium. For now though, e-mail providers should
not be discouraged from offering potentially useful anti-fraud tools,
so long as they remain committed to maintaining a high level of
service to non-participating senders.

----------------------------------------
(2) AOL's Certified Mail Service Does Not Appear To Impede the Flow
of "Free" E-mail

AOL's certified e-mail program will not be available to every sender
willing to pay the fee. Eligibility, much like eligibility for AOL's
white list programs, will be limited to bulk senders that have
demonstrated over time very scrupulous mailing and list-management
practices. In addition, in administering the program, Goodmail will
require that organizations submit to an extensive screening process
in order to participate. Thus spammers and unscrupulous marketers
will not be able to pay their way around AOL's spam filters.

Once cleared to participate, senders will obtain cryptographic tokens
from Goodmail that identify outgoing messages as "certified." Once
verified by AOL, mail marked with a token will bypass AOL's spam
defenses and be delivered directly to recipients' mailboxes, marked
with a special "Certified Email" icon. This icon will confirm to the
recipient that the message was sent by the identified sender.
Companies will pay less than a cent per message to use the service.

The target market for certified mail services will be large senders
of transactional messages. In recent years, banks, credit card
companies, e-commerce vendors and other organizations that rely on
e-mail for transactions, including some nonprofits, have been subject
to an increasingly sophisticated breed of online scams targeted at
their customers. In a typical phishing attack, an online criminal
sends massive amounts of spam e-mail forged to mimic legitimate
transactional messages. The messages direct recipients to cleverly
forged Web sites where they are prompted to divulge sensitive account
details.

The cryptographically verified certified mail messages should make it
possible for consumers to identify and trust the legitimate
transactional messages they receive from companies with which they do
business.

What's important from the standpoint of the larger Internet community
is that certified mail service will not replace AOL's two no-cost
deliverability tools: the white list and the "enhanced" white list.
The white list is a regularly updated list of bulk senders who meet
baseline standards for responsible mailing practices. Once cleared
through an application process, and so long as their messages do not
generate excessive complaint or bounce rates, organizations on the
white list are able send messages that bypass some of AOL's bulk mail
filters. White list senders receive feedback on the complaint and
bounce rates their e-mails generate, so they can determine when their
mailing lists or practices need improvement. Senders on the white
list that demonstrate exemplary mailing practices (as shown by very
low complaint and bounce rates) can qualify for inclusion on the
company's "enhanced" white list. Enhanced white list messages bypass
the same filters that certified mail messages will bypass, including
filters that disable links and images in the body of a message.

Critics have suggested that over time AOL will have little incentive
to invest in maintaining the white lists' effectiveness, so that
senders looking for reliable delivery gradually will be driven to use
the paid service. But incentives to maintain the white lists are
strong. The e-mail provider market is highly competitive, and to meet
the requirements of its subscribers, a provider must ensure that they
reliably receive all the messages they want. Thus, there is a
significant marketplace incentive for AOL to continue to maintain and
improve its white lists and other no-cost services that maximize the
delivery of wanted mail.

Certified mail probably won't make sense for all or even the majority
of bulk senders. Still, AOL and Goodmail have announced that the
service will be available to qualifying non-for-profit senders at a
deep discount (95 percent off commercial rates, according to
Goodmail). As long as this discount pricing structure is maintained,
it may help qualifying charities and nonprofits to build more trusted
e-mail relationships with donors and other constituencies. In
addition, AOL recently announced the launch of a new free service
that will permit non-profits that have their e-mailing practices
approved by a third party accreditation agency to obtain treatment
equivalent to enhanced white list senders.

----------------------------------------
(3) Certified E-mail Responds To Real Need; Continued Vigilance Necessary

It is important to acknowledge the risks associated with widespread
migration toward paid, certified e-mail. Low-cost, unfettered e-mail
distribution must be preserved, especially for those in the nonprofit
and public interest communities. But it is equally important that the
nonprofit community understand the very real threat that AOL and
other companies are seeking to address with the introduction of
certified e-mail products.

The rise of phishing and other dangerous Internet scams is measurably
eroding the trust that users have in e-mail and Internet
communication. In a 2005 study by AOL and the National Cyber Security
Alliance, 61 percent of respondents reported having been targeted by
a phishing attempt. Of those that were targeted, 70 percent thought
the phishing e-mail looked legitimate. In a 2005 survey by the Pew
Internet & American Life Project, 53 percent of people reported that
spam had made them less trusting of e-mail. This steady erosion in
trust affects every bulk e-mail sender in the world including
nonprofits, and won't be easily reversed. Left unchecked the decline
in user confidence will deal a far worse blow to Internet
communication than will any degradation of e-mail delivery. When
people don't trust their e-mail, the medium becomes useless as a tool
for discourse, as well as commerce.

CDT believes the AOL service does not pose a near-term threat to
non-paying bulk senders, but the concerns that certified mail may
represent the first step down a slippery slope toward a more closed,
cost-limited e-mail architecture call for ongoing scrutiny. Internet
advocates and the nonprofit community must actively work to ensure
that changes in market factors and business models don't lead to
major changes in the pricing structure of e-mail, which has
flourished as a low-cost way to reach millions of people.

The bad outcomes suggested by certified mail opponents are by no
means inevitable, even if certified mail and comparable pay services
succeed far beyond the expectations of e-mail service providers.
Market competition and an attentive Internet community are keys to
ensuring that providers maintain their no-cost deliverability
programs. In particular, CDT will watch closely to make certain that:

- Certified mail does not replace white lists and other tools that
help ensure that all conscientious bulk senders are able to reach
their audiences, without being subject to additional fees;

- Wherever possible, certified mail services are offered at a
discount or without cost to nonprofit senders to ensure that they too
can take advantage of more secure transactional e-mailing;

- Certified mail services are offered only to senders that have
demonstrated highly scrupulous sending practices, and not to those
seeking to buy their way past spam filters; and that

- Marketing materials do not characterize all non-certified e-mail
messages as "unsafe." E-mail users must be wary of potential scams,
but that need not mean deleting or ignoring all message that arrive
via the ordinary, non-paying e-mail architecture.

Global e-mail communication owes a great deal to the continued
innovation of the e-mail providers and ISPs who comprise the global
network. Within the context of preserving the essential openness and
low barriers to entry at the heart of the Internet, providers should
be given considerable leeway to develop new services with the
potential to improve the user experience. The certified mail service
proposed by AOL and Goodmail raises some issues that bear monitoring,
but it also offers significant potential benefits to organizations
seeking to build trust in a medium facing mounting risks.

----------------------------------------
Detailed information about online civil liberties issues may be found
at http://www.cdt.org/.

This document may be redistributed freely in full or linked to
http://www.cdt.org/publications/policyposts/2006/5.

Excerpts may be re-posted with prior permission of [log in to unmask]

Policy Post 12.05 Copyright 2006 Center for Democracy and Technology
_______________________________________________
http://www.cdt.org/mailman/listinfo/policy-posts

--
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.

The NorMAN MailScanner Service is operated by Information
Systems and Services, University of Newcastle upon Tyne.


====
This e-mail is intended solely for the addressee. It may contain private and
confidential information. If you are not the intended addressee, please take
no action based on it nor show a copy to anyone. Please reply to this e-mail
to highlight the error. You should also be aware that all electronic mail
from, to, or within Northumbria University may be the subject of a request
under the Freedom of Information Act 2000 and related legislation, and
therefore may be required to be disclosed to third parties.
This e-mail and attachments have been scanned for viruses prior to leaving
Northumbria University. Northumbria University will not be liable for any
losses as a result of any viruses being passed on.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************