Feeds

Good Spam: Bad Spam

Report from the OECD workshop floor

  • alert
  • submit to reddit

Security for virtualized datacentres

The world+dog is ganging up against spam with the US and UK governments and the European Commission this week all urging multinational co-operation and action in the fight against spam. Prompting this flurry of press release activity was a workshop convened in Brussels by the OECD to discuss ways of halting the spam tsunami. Monika Ermert attended the workshop on behalf of The Register. Here is her report.

EC Commissioner Erkki Liikanen this week issued a call to action in the "battle against spam, which we must not lose". In his opening remarks at a two-day OECD conference on Spam in Brussels, Liikanen declared that spam is a global problem that "requires global action. If we want to combat spam effectively, efforts made in the European Union and other regions of the world must be echoed by similar efforts at the international level, not only by governments but also businesses and consumers."

Co-operation, yes; but co-operation on what? The OECD conference shows all too clearly that there is a faultline in the huge international anti-spam coalition being assembled. Countries and their agencies remain divided over The Big Question: should spam be fought by opt-in or opt out?

Target-rich

Many of the spammers that the US government is prosecuting "violated 72 laws", said Hugh Stephenson from the US Federal Trade Commission (FTC). The agency has successfully brought 55 spammer cases to court, all investigated before the CAN-SPAM Act with its opt-out principle was enacted on January 1.

An FTC study showed that most spam mails are in one way or another fraudulent, by falsifying header information, disguising the sender's identity or trying to lure recipients to criminal get-rich-quick schemes. Spam prosecutions therefore, according to the FTC is such a "target-rich field", that the anti-spam fighters should go for cooperation, instead of debating legal differences.

However, many European member states see themselves as victims of the more liberal opt-out principle, even after they have implemented the opt-in regime. European member states have to transfer opt-in into national legislation in compliance with the European Data Protection Directive.

"France is more an importer of spam," said Eric Walter from the Direction for Media Development at the Office of the French President. "We do have French spammers, and we try to prevent them from growing. But our main concern is, what can we do about is English spam, which we do not know where it comes from."

At least 80 per cent of spam originates from the US, claim European representatives such as Kurt Einzinger, general secretary of Internet Service Providers Austria (ISPA). With opt-out spam, numbers still could continue to rise, warned George Mills of EuroCAUCE (European Coalition against Unsolicited Email).

"If only one per cent of the 23 million companies in the US start to play opt-out in their marketing activities European companies need to have a fulltime employee to do the opt-out procedures," he said.

Opt-In-Out

This could become even more of a nightmare scenario if one looks at the spam load conveyed by mobile operators in Asia. In Japan, 90 per cent of the spam already goes to mobile phones, the conference was told.

Philippe Gerard, presenting the European's Commission's thinking on spam, said the Community wanted to tackle all unsolicited mail, not just fraudulent spam. Only last week, the EC published a Communication to pressure member states not only to transfer the directive in national laws, but also to apply strong enforcement with financial and even criminal sanctions.

Some member states have implemented harsh fines and penal laws against spammers; in Italy, spammers can go to prison. And in Denmark last month a convicted spammer was ordered to pay a fine of €50,000, Liikanen noted. But many member states say the task to bring cases against spammers is burdensome.

The Commisson recommends that member states open email "spam boxes" to receive complaints from the public. But few have complied - they fear they will simply be swamped by the sheer mass of complaints that would flood in. (The FTC estimates that it receives 300,000 spam complaints every day.)

"Enforcement faces huge problems," says Marianne Abyhammar of the Swedish Consumer Agency. She urged co-operation within Europe and with other countries. On this point the international Anti-Spam workshop again converges. Co-operation in investigation and legal enforcement is critical according to all participants of the OECD conference.

Lindsay Barton of the Australian National Office for the Information Economy (NOIE) presented the concept of a memoradum of understanding(MoU) between his agency and the Korean Information Security Agency (KISA) - notwithstanding the fact that Australia follows the opt-in philosophy while Korea plumps for opt-out.

All other methods

Korea, with its large number of broadband customers, is viewed as a haven for spammers using servers of innocent users for their mass mailings, but has seen high fines for illegal spam. This MoU could be a model that Australia apply to other bilateral pacts in the anti-spam war. The FTC this week rallied a group of more than 30 agencies from all over the world for its Secure your Server Campaign, announced this week.

Phil Jones of the UK Information Commissioner's Office said his office was already in talks with the FTC to co-operate on spam. The Office is to enforce the new British anti-spam legislation. So far he has received dozens, rather than hundreds of complaints.

When this comes to the point where fraudulent cases are handled properly and only the issue of opt-in and opt-out remains, "we will be in a much better situation as we are right now," according to Jones After all, he says, quoting a former Israeli prime minister: "Countries behave reasonably when they have exploited all other methods." ®

Related stories

EC draws line in spam sand
EU anti-spam laws are OK
Feds seek input on spammer sentencing
CAN-SPAM means we can spam
UK anti-spam law goes live

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.