Feeds

UK anti-spam law goes live

Will it work?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Analysis New UK anti-spam laws coming into effect tomorrow will have limited effect in turning the tide in the fight against junk mail, according to lawyers and security experts.

Revised UK regulations will mean online marketers can send e-mail pitches and SMS messages only to consumers who have agreed beforehand to receive them, except where users are existing customers of a particular company. So, for consumers at least, the UK government is applying the 'opt-in' approach to regulating spam.

Corporations can still be approached 'cold' with email pitches but in these instances emails must have an opt-out clause.

The Office of the Information Commissioner will enforce the new regulations. Any breaches of enforcement orders issued by the Information Commissioner will be an offence liable to a fine of up to £5,000 in a magistrate's court, or an unlimited fine if the trial is before a jury.

That's an inadequate deterrent, according to critics such as Spamhaus, which compare the anti-spam laws to tougher anti-spam laws in countries like Italy. Italy has enacted tough anti-spam legislation that makes spamming a criminal offence punishable by up to three years in jail and heavy fines for persistent spammers.

Figures vary but AV firms like Sophos and MessageLabs have both warned that between a third to two-thirds of spam is sent from 'hijacked' computers, a factor which makes tracing and prosecuting spammers far more difficult.

Meanwhile lawyers argue the new UK regulations might do more harm than good.

David Marchese, partner at West End law firm Davenport Lyons, said: “Although the new law is very significant it will have more of an effect for responsible email marketing companies than it will for those who are irresponsible. It may even help irresponsible spammers by making people confirm live email addresses."

Disunited Europe

The revised UK rules put regulations outlined in the EC's Directive on Privacy and Electronic Communications onto the statute books in this country. The directive obliged individual EC member states to introduce anti-spam laws by October 31.

However nine member nations of the 15 country European Union have so far failed to adopt anti-spam legislation. France, Germany, Belgium, Finland, Greece, Luxembourg, the Netherlands, Portugal and Sweden all face possible court action unless they provide an explanation on their lack of progress within the next two months.

Austria, Denmark, Ireland, Italy, Spain and the UK have already taken steps to adopt the EU law, which also requires firms using cookies and similar internet tracking devices to "provide information" on their use and an opportunity for users to refuse to accept cookies.

Jamie Cowper, technical consultant at email specialist Mirapoint, welcomes laws to combat spam, but questions the effectiveness of the EU Directive.

"The effectiveness of the Directive is hampered by the fact that it allows various interpretations of the law across the individual member states. This soft 'opt in' approach effectively hamstrings any power that the Directive might have," he said.

"Email users should not expect to see a huge impact on the volume of junk email they receive as a result of this kind of fragmented legislation. In fact, the impact will be minimal."

Global problem needs global co-operation

Spam volumes have increased to account for half of all emails sent over the latter months of this year.

Mirapoint estimates that 60 per cent of UK junk mail originates from outside the UK and Europe, primarily from the USA and Asia. So it is important that the EU member states lobby for this issue to be addressed on a global scale.

Security firm CipherTrust supports this assessment by arguing that anti-spam legislation will become effective and enforceable only through international cooperation. But the US anti-spam law (the CAN-SPAM Act) take a soft stance on spammers by placing the onus on the recipient to opt out of unsolicited communications, which raise serious doubts about the possibility of reaching international consensus on the problem.

Nonetheless CipherTrust reckons only a three-pronged approach - combining legislation, user education and technology - will stand any chance of bringing the spam problem under control.

The company draws an analogy between car thieves and spammers.

"It is illegal to steal cars. Still, cars have locks and alarms. Likewise, it is illegal to send spam, but to protect an email inbox, anti-spam technology will be required," according to CipherTrust. ®

Related Stories

Congress passes anti-spam bill
US anti-spam laws 'will legalise spam'
UK Govt fouls up anti-spam plans, say experts
Dangerous Mimail variant knocks over anti-spam sites
Microsoft aims to 'shift the tide' in war on spam
The conspiracy against our in-boxes
The economics of spam
US man threatens anthrax attack on spammers

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.