High-earning spammers face tougher sentences

More big-time spammers may find themselves doing longer stretches behind bars if a federal judge's first-of-its-kind sentencing decision in a Denver case becomes widely applied.

At issue in this case, which featured testimony from Microsoft anti-spam experts, was the thorny matter of determining the actual financial harm to ISPs done by a particular spammer over a particular period of time. When Congress enacted the CAN-SPAM Act of 2003 it anticipated this difficulty and included language allowing for a spammer's profits to be considered in sentencing when financial damages caused by his crimes could not reasonably be calculated.

Last month, U.S. District Judge Lewis Babcock accepted a Colorado prosecutor's contention that this case, the United States vs. Min Kim, represented just such a situation. Microsoft says this is the first time a judge has applied CAN-SPAM sentencing guidelines in this manner.

If not for the use of Kim's profits -- an admitted $250,000 -- as a sentencing determinant, the 24-year-old spammer would have faced a prison stint of 24 to 30 months instead of 30 to 37 months. Citing Kim's first-time offender status, Babcock sentenced him to the minimum 30 months called for in the more punitive range. While that may appear generous, it likely represented a 20% stiffer penalty over what Kim would have received absent the profit-based calculation; and, it could have opened the door for as much as 13 months additional time had he been a recidivist.

"We're excited by the court's ruling," says Aaron Kornblum, senior attorney with Microsoft’s Internet Safety Enforcement Team. "In cases where there's a large amount of profit being realized, there is now the potential for a significant increase in sentences."

Investigators found 7.5 million e-mail addresses on Kim's computer and he acknowledged having bought another 200 million back in 2004.  Drawing particular attention from the prosecutor and judge were Kim’s sophisticated measures employed to avoid first-line spam defenses, including proxy servers, falsified subject lines and the use of DarkMailer, all of which increase the level of countermeasures that ISPs must deploy and the expenses they incur.

None of which made quantifying Kim’s exact tab any easier. However, the man kept meticulous records of his spamming activities, which allowed that $250,000 profit figure to be readily apparent and available for use in sentencing.

Kim’s attorney, Virginia Grady, attempted to persuade the judge that his hands were tied by the inability to put an exact figure on the damage caused by her client and the inevitability of ISPs having to spend to fight spam.

"What evidence is there that this spam that was sent by this defendant caused loss?” Grady asked the judge, according to a 28-page transcript of the sentencing hearing. “And to answer that question we have to know whether the money spent for the new servers and the filters, and the like … would have been spent regardless of the spam encountered here. And I think the answer is pretty plainly, yes, it would have; and the reason for that appears obvious. Companies that sponsor e-mail will invest in building a better spam trap. And that I think amounts to the cost of doing business in this industry."

Babcock wasn’t buying the cost-of-doing-business business.

“The combination of the stipulated facts and the evidence that I received reflects that Mr. Kim is sophisticated with regard to the economic gain to himself through spamming,” he said. “Sophisticated to the extent that when he became blacklisted, he went to a proxy server, DarkMailer, and rendered his messages anonymous. Why? So as to beat the ISPs’ protective measures.” That combination makes it reasonable to presume that he knew he was causing financial harm, the judge said.

From that starting point, Kim’s own bookkeeping provided the numbers needed to put his sentence in a higher range.

Kim will begin serving his sentence by Jan. 7.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

Average Joe asks Bill Gates a priceless question.

BSA, software giants target little guys most often.

Fired Microsoft CIO lands new gig.

Can the geek press handle a Microsoft sex scandal?

Hacking for better grades gets 4 preppies bounced from elite school in Mass.

This year's "25 Geekiest 25th Anniversaries."

When the patient is a Googler and the doctor is a pompous jerk.

10 reasons you shouldn't believe in UFOs.

Cell phone jamming on the rise.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)