Feeds

EU anti-spam laws are OK

'Spam is the last refuge of the lazy marketer'

  • alert
  • submit to reddit

SANS - Survey on application security programs

It's just over a month since new anti-spam legislation was introduced into the UK with almost universal condemnation that the new laws would have a limited effect in the fight against junk email.

The £5,000 fine for offenders has been branded by some experts as an "inadequate deterrent". And even those who've welcomed the new legislation - which is part of an EU-wide directive - doubt it will have any real impact on combating spam.

For although there is one EU anti-spam law, how it is interpreted and implemented is up to each individual European country. Earlier this week, for example, Denmark fined a telecoms hardware company a record £37,000 for sending fax spam.

In the UK, on the other hand, spammers can expect to receive fines of up to £5,000 if the case makes it to a Magistrates' Court. What's more, the process of bringing legal action against spammers is so cumbersome and clunky that it could be at least a year before anyone makes it inside a courtroom.

The Information Commissioner, the body charged with administering the anti-spam law in the UK, declined to reveal how many complaints it had received in the first month, except to say that it had "received a steady stream of complaints". In the UK at least, it comes as no surprise that some people simply don't believe the new anti-spam laws will work.

Nevertheless, there are some who believe the new legislation is a significant step forward in the right direction.

Joe McNamee, EU Policy Director from Political Intelligence, public affairs consultancy specialising in ICT, accepts that the new legislation "is not a complete answer to the problem of spam" and that there are plenty of issues that still need to be resolved. Despite the limitations, he's convinced that the new rules - that outlaw the sending of electronic communication to people unless they've agreed beforehand to receive them - deserve a better press.

"The new EU legislation is about far more than just email spam and the wider picture must be understood to make a fair appraisal of the legislation," he told The Register.

Here, he explains why: over to you, Joe.

"It would be fair to say that the introduction of new anti-spam legislation has not been well-received. Most, if not all, the articles I have read take the view that the legislation simply will not work. As far as I can see, there are three main arguments that keep being rolled out concerning much of the coverage. While it's much easier to be critical rather than constructive, I'm keen to give some balance to a debate that is at risk of being completely one-sided.

"In essence, critics claim the anti-spam law is unenforceable. They insist that the borderless nature of the Internet means that it is impossible to enforce regional or national legislation. While others throw up their hands in despair casting doubt on a law that covers an infringement that occurs almost always outside our jurisdiction.

The spam law is unenforceable

"Many argue that the spam law is unenforceable. But I want to clear up a key issue here. The recent legislation outlawing unsolicited commercial email is not a just a law on email spam - it is a law on all unsolicited electronic communications. Have you ever considered how much spam is received via SMS, MMS, etc? What's more, how much more spam could be sent via SMS, MMS etc, if safeguards weren't in place?

"For me, the issue of whether mobile spam should be addressed is beyond question - failure to regulate this would have serious consequences for the development of mobile marketing and would act as a disincentive to using mobile technology, thus seriously damaging the whole sector. This has been recognised by the mobile marketing industry itself, which supports the view that consumers must "opt-in" to all mobile messaging programmes.

"Faced with the huge difficulties presented by trying to frame any law on unsolicited electronic communications, legislators were presented essentially with three options:

"First, they could have ignored the problem and decided not to interfere in the issue. Clearly, this was not a realistic possibility and would have shown a real lack of political courage, leadership and forward thinking on behalf of legislators.

"Second, the new rules could have been devised that resulted in "technology specific" legislation, for instance, treating phone, fax, email, SMS, MMS, instant messaging (IM) etc in different ways. The problem is that such an approach would have made it impossible to adapt these new rules to convergence. For instance, how could this deal with cross-platform communications such as Instant Messaging to SMS communications or email to SMS, for example? What's more, with the time it takes for legislation to get from the drawing board to the statute books, it's likely that new technologies will have developed in the time it takes to create any technology specific legislation. The adoption of technology specific legislation is therefore not the answer.

"The third option, which is the one that Europe took, was to introduce legislation, which is "technology neutral". By that, I mean that it establishes principles for electronic communications generally, rather than referring to specific technologies. The idea is that the legislation should be "future proof" and not tied to individual communications methods. This is the approach of the European legislation which deals with mobile messaging, Instant Messaging, cross-platform communications AND email - rather than just email.

It's not just a European problem, the Internet is borderless

"Even if you accept that Europe was right to adopt a "technology neutral" approach in a bid to cover all electronic communications, there are still plenty of critics who say that spam isn't just a European problem because the Internet is, by its nature, without borders.

"According to some estimates, more than half of all spam originates from outside the EU way beyond the jurisdiction of the EU legislation. The point, argue critics, is that we're powerless to do anything about it on our own. If one assumes that the spam problem is never going to change in any way, then this is correct. However, what of the spam that does originate from within the EU - or could originate from within the EU if some sort of legislation was not in place?

"Necessity is the mother of invention and spam is the last refuge of the lazy marketer, more willing to abuse the medium, potential customers and email infrastructure than use a more acceptable means of communication. By removing the temptation of using the "lazy option" (spam) the new rules can only have the effect of pushing European marketers to greater innovation. There is no doubt that unsolicited email is counter-productive, consumer-unfriendly and, crucially, undermines the whole concept and credibility of email as a marketing tool. However, there are numerous perfectly legal forms of direct marketing still available within the EU. The advertising embedded in some free mailing lists is just one example. At least within the borders of the EU, email as a marketing tool can use the new rules to develop a new credibility and marketers can use this to develop original and innovative ways of using the array of legal online advertising options at their disposal.

"After all, under the old system (before the new rules were introduced) things were really confusing and messy. We had eight countries with "opt-in" and seven countries with "opt-out" approaches to spam, leaving consumers with no idea of whether the email marketing they received was legal, illegal or credible, and legitimate online marketers struggling to distinguish themselves from spammers.

"Now, we have a harmonised approach where the law is approximately the same in all EU countries, where the law is clear, where the "lazy option" is eliminated and marketers have both the legal certainty and incentive to develop new and innovative ways of marketing using messaging systems.

What's the point in a law which covers an infringement which is largely outside our jurisdiction?

"Even so, much of the debate surrounding the issue keeps coming back to the same core arguments - what's the point in a law which covers an infringement which is largely outside our jurisdiction?

"Well, Europe is the world's largest international trading bloc, soon to count 25 countries from Portugal to Estonia. The new legislation creates the most effective global example of best practice, enabling the EU to fight credibly for better spam laws elsewhere. Europe is the best-placed international trading bloc in the world to establish best practice and, thankfully, took the opportunity to do so.

"Critics of the new law also assume that a spam problem emanating from Europe was mysteriously never going to develop - an assumption that does not appear to have a very solid basis. Without harmonised and clear laws, lazy and/or unethical companies would always have the temptation to use spam.

"Of course, legislators could have just turned a blind eye to the problem, assume that it was never going to take hold in Europe, turn down the opportunity to establish global best practice and do absolutely nothing.

"Instead, they've pre-empted the problem of unsolicited electronic communications developing in Europe. Not only will this avoid the mobile marketing market from being damaged by the growth of mobile spam, the EU is also taking a stand for fair and responsible handling of the legal framework for marketing via electronic communications.

"As far as I can see, there is only one realistic option - and that's the one we have in place.

"There is no doubt that legislation is not a complete answer to the problem of spam. There is no doubt that issues such as jurisdiction are significant and problematic. But, the new EU legislation is about far more than this and the wider picture must be understood to make a fair appraisal of the legislation." ®

Related Stories

Danish spammer fined £37k
UK anti-spam law goes live

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.