The FTC would like to change that, however. In April, the FTC asked Congress for changes to the FTC Act that would allow it to pursue those who aided and abetted in fraud, which would allow it to go targets such as bad actor ISPs who have helped fraudulent businesses.
Congress has already granted the FTC a similar authority to go after brokers who knowingly provide lists to telemarkerters, said Steven Wernikoff, a staff attorney with the FTC. "It's hard to see why people who facilitate fraud via the Internet should get a pass," he said.
The structure of cybercrime operations has morphed in recent years and will need to be prosecuted more like long-running Mafia investigations than one-off actions against individual spammers, observers say.
"Ultimately, the problem is that we're still in the process of building a mature cybercrime enforcement process," said Jon Praed, a founding partner of Internet Law Group, who has litigated against spammers on behalf of major companies such as Verizon Online and AOL. "Criminal prosecutions require a lot of resources and prosecutors are unlikely to go after someone unless they know they're going to get a conviction."
Praed would like to see the companies that are affected by spam work together to go after the criminals. He would like to see companies share information about bad actors and bring more civil actions against spammers and their enablers. If companies could keep cybercriminals from using legitimate businesses, they could change the fundamental economics of the spam industry, and make it too expensive for many players.
"All those bad guys need enabling services," he said. "They're not flying on the criminal airlines. They're buying their computers from reputable sources. They're using off-the-shelf business software, and they use credit cards and cell phones just like you and me. That means corporate America collectively holds a tremendous amount of information about the bad guys in its own hands....but it isn't using that information to stop this illegal activity."
He added, "Good companies are starting to realize they can reduce costs and attract customers by being more proactive against cybercrime."