Good Spam: Bad Spam
Report from the OECD workshop floor
The world+dog is ganging up against spam with the US and UK governments and the European Commission this week all urging multinational co-operation and action in the fight against spam. Prompting this flurry of press release activity was a workshop convened in Brussels by the OECD to discuss ways of halting the spam tsunami. Monika Ermert attended the workshop on behalf of The Register. Here is her report.
EC Commissioner Erkki Liikanen this week issued a call to action in the "battle against spam, which we must not lose". In his opening remarks at a two-day OECD conference on Spam in Brussels, Liikanen declared that spam is a global problem that "requires global action. If we want to combat spam effectively, efforts made in the European Union and other regions of the world must be echoed by similar efforts at the international level, not only by governments but also businesses and consumers."
Co-operation, yes; but co-operation on what? The OECD conference shows all too clearly that there is a faultline in the huge international anti-spam coalition being assembled. Countries and their agencies remain divided over The Big Question: should spam be fought by opt-in or opt out?
Many of the spammers that the US government is prosecuting "violated 72 laws", said Hugh Stephenson from the US Federal Trade Commission (FTC). The agency has successfully brought 55 spammer cases to court, all investigated before the CAN-SPAM Act with its opt-out principle was enacted on January 1.
An FTC study showed that most spam mails are in one way or another fraudulent, by falsifying header information, disguising the sender's identity or trying to lure recipients to criminal get-rich-quick schemes. Spam prosecutions therefore, according to the FTC is such a "target-rich field", that the anti-spam fighters should go for cooperation, instead of debating legal differences.
However, many European member states see themselves as victims of the more liberal opt-out principle, even after they have implemented the opt-in regime. European member states have to transfer opt-in into national legislation in compliance with the European Data Protection Directive.
"France is more an importer of spam," said Eric Walter from the Direction for Media Development at the Office of the French President. "We do have French spammers, and we try to prevent them from growing. But our main concern is, what can we do about is English spam, which we do not know where it comes from."
At least 80 per cent of spam originates from the US, claim European representatives such as Kurt Einzinger, general secretary of Internet Service Providers Austria (ISPA). With opt-out spam, numbers still could continue to rise, warned George Mills of EuroCAUCE (European Coalition against Unsolicited Email).
"If only one per cent of the 23 million companies in the US start to play opt-out in their marketing activities European companies need to have a fulltime employee to do the opt-out procedures," he said.
This could become even more of a nightmare scenario if one looks at the spam load conveyed by mobile operators in Asia. In Japan, 90 per cent of the spam already goes to mobile phones, the conference was told.
Philippe Gerard, presenting the European's Commission's thinking on spam, said the Community wanted to tackle all unsolicited mail, not just fraudulent spam. Only last week, the EC published a Communication to pressure member states not only to transfer the directive in national laws, but also to apply strong enforcement with financial and even criminal sanctions.
Some member states have implemented harsh fines and penal laws against spammers; in Italy, spammers can go to prison. And in Denmark last month a convicted spammer was ordered to pay a fine of €50,000, Liikanen noted. But many member states say the task to bring cases against spammers is burdensome.
The Commisson recommends that member states open email "spam boxes" to receive complaints from the public. But few have complied - they fear they will simply be swamped by the sheer mass of complaints that would flood in. (The FTC estimates that it receives 300,000 spam complaints every day.)
"Enforcement faces huge problems," says Marianne Abyhammar of the Swedish Consumer Agency. She urged co-operation within Europe and with other countries. On this point the international Anti-Spam workshop again converges. Co-operation in investigation and legal enforcement is critical according to all participants of the OECD conference.
Lindsay Barton of the Australian National Office for the Information Economy (NOIE) presented the concept of a memoradum of understanding(MoU) between his agency and the Korean Information Security Agency (KISA) - notwithstanding the fact that Australia follows the opt-in philosophy while Korea plumps for opt-out.
All other methods
Korea, with its large number of broadband customers, is viewed as a haven for spammers using servers of innocent users for their mass mailings, but has seen high fines for illegal spam. This MoU could be a model that Australia apply to other bilateral pacts in the anti-spam war. The FTC this week rallied a group of more than 30 agencies from all over the world for its Secure your Server Campaign, announced this week.
Phil Jones of the UK Information Commissioner's Office said his office was already in talks with the FTC to co-operate on spam. The Office is to enforce the new British anti-spam legislation. So far he has received dozens, rather than hundreds of complaints.
When this comes to the point where fraudulent cases are handled properly and only the issue of opt-in and opt-out remains, "we will be in a much better situation as we are right now," according to Jones After all, he says, quoting a former Israeli prime minister: "Countries behave reasonably when they have exploited all other methods." ®
Sponsored: Today’s most dangerous security threats