In an effort to help protect children from spam containing adult oriented content (including alcohol, tobacco, pornography, and gambling), the State of Michigan Department of Information Technology has launched the Protect MI Child, an e-mail equivalent to the national Do Not Call List. As per the site, “It allows Michigan’s parents and schools to register e-mail addresses that children may access … Once an e-mail address has been registered, senders of e-mail messages that advertise or link to prohibited products or services are required to remove the address from their mailing lists within 30 days.” And e-mail is just the start, soon parents will be able to register instant messenger accounts and cell phone numbers and more.
It’s good to see the State of Michigan looking out for the welfare of our kids. Right? Well, not necessarily.
There is absolutely no evidence to suggest that spammers will pay attention to “do not spam” lists. The federal CAN-SPAM Act of 2003 has been in effect since January 1st, 2004, and I’ve not seen a significant reduction in SPAM volume in the past eighteen months, nor have I seen more spam messages starting to use legitimate headers and non deceptive subject lines (two of CAN-SPAMs main provisions). But more significantly, as more and more SPAM originates outside of the U.S., enforcing CAN-SPAM (and Protect MI Child) will be close to impossible. The truth is that all these laws convey is a false sense of security for some parents, and will do nothing to stop spam.
So, Protect MI Child is not going to help much, that’s a given. But can it hurt?
Actually, it can. Public registration for Protect MI Child begun on July 1st, 2005, and thus far close to 3,000 e-mail addresses have been registered. That number is expected to grow dramatically closer to the new school year. At some point there will likely be hundreds of thousands of legitimate e-mail addresses (and eventually IM addresses and cell phone numbers), each stored with the child’s birth month and year, parents’ name and address and e-mail, and more. Protect MI Child has put a lot of thought into the technology behind encryption and list scrubbing, and that’s great. But no data is ever as impenetrable as we’d like to believe it is. And with all of this information stored in one place, can you think of a better target for identity thieves? How long will it take until this database is hacked or stolen, and can we actually trust the government to ensure that this cannot and will not happen?
Protect MI Child, like CAN-SPAM, is “feel good” legislation, and will do nothing to actually help protect our children. But, unlike CAN-SPAM, Protect MI Child could actually expose children to more than just spam.

9 thoughts

  1. Good Point. This also set me thinking about compliance. This list would have to be downloaded and scrubbed, similar to the DNC list. If so I now have a perfect list with excellent demographic information for sale to anyone in the world, I see a booming business here!
    This ‘program’ is a typical politician response to a very big problem now only made worse.

  2. Much better thought out! (Seems your sabatical includes purging issues from your mind… you seem to be champaining lately… and it’s good to hear your thoughts)
    Another issue is how much of the spam we get comes from Michigan. This protects people in MI from issues in MI… but that is likely not effectual in the grand scope! It’s a feel good solution. It changes the percentage slightly but actually adds no safety. (They may write the legislation differently, but it won’t be finacially supportable! MI can’t manage it’s budget now.)

  3. Talk about can of worms. Unlike the National Do Not Call list. It is very hard (next to impossible) to determine if someone has another phone number.
    But what happens when a say a spammer checks against the list. Can we said email address verification!!!
    say I register me@thisdomain.com well a spammer could then deduce that there may be mymom@thisdomain.com and others. Since we have a habit of using similar email addresses ( and passwords) it stands to reason a simple spammer program could use the list to attempt to target mom and dads email addresses.
    Email addresses are too easily traceable and a system like this is not the way to approach. Just my 2 cents

  4. Not to mention Michigan will charge $0.007 per email checked (or $7,000 per million). What spammer will pay that fee? It seems to me they are just exposing (rather than protecting) children’s email addresses to spammers and whomever else wants to check their email list.

  5. solution: Whitelisting.
    The technology already exists and it works 100% – only accept Emails from known senders.
    Many companies provide this service, such as spamarrest.

Leave a Reply