Original URL: https://www.theregister.com/2003/12/10/uk_antispam_law_goes_live/

UK anti-spam law goes live

Will it work?

By John Leyden

Posted in Legal, 10th December 2003 15:39 GMT

Analysis New UK anti-spam laws coming into effect tomorrow will have limited effect in turning the tide in the fight against junk mail, according to lawyers and security experts.

Revised UK regulations will mean online marketers can send e-mail pitches and SMS messages only to consumers who have agreed beforehand to receive them, except where users are existing customers of a particular company. So, for consumers at least, the UK government is applying the 'opt-in' approach to regulating spam.

Corporations can still be approached 'cold' with email pitches but in these instances emails must have an opt-out clause.

The Office of the Information Commissioner will enforce the new regulations. Any breaches of enforcement orders issued by the Information Commissioner will be an offence liable to a fine of up to £5,000 in a magistrate's court, or an unlimited fine if the trial is before a jury.

That's an inadequate deterrent, according to critics such as Spamhaus, which compare the anti-spam laws to tougher anti-spam laws in countries like Italy. Italy has enacted tough anti-spam legislation that makes spamming a criminal offence punishable by up to three years in jail and heavy fines for persistent spammers.

Figures vary but AV firms like Sophos and MessageLabs have both warned that between a third to two-thirds of spam is sent from 'hijacked' computers, a factor which makes tracing and prosecuting spammers far more difficult.

Meanwhile lawyers argue the new UK regulations might do more harm than good.

David Marchese, partner at West End law firm Davenport Lyons, said: “Although the new law is very significant it will have more of an effect for responsible email marketing companies than it will for those who are irresponsible. It may even help irresponsible spammers by making people confirm live email addresses."

Disunited Europe

The revised UK rules put regulations outlined in the EC's Directive on Privacy and Electronic Communications onto the statute books in this country. The directive obliged individual EC member states to introduce anti-spam laws by October 31.

However nine member nations of the 15 country European Union have so far failed to adopt anti-spam legislation. France, Germany, Belgium, Finland, Greece, Luxembourg, the Netherlands, Portugal and Sweden all face possible court action unless they provide an explanation on their lack of progress within the next two months.

Austria, Denmark, Ireland, Italy, Spain and the UK have already taken steps to adopt the EU law, which also requires firms using cookies and similar internet tracking devices to "provide information" on their use and an opportunity for users to refuse to accept cookies.

Jamie Cowper, technical consultant at email specialist Mirapoint, welcomes laws to combat spam, but questions the effectiveness of the EU Directive.

"The effectiveness of the Directive is hampered by the fact that it allows various interpretations of the law across the individual member states. This soft 'opt in' approach effectively hamstrings any power that the Directive might have," he said.

"Email users should not expect to see a huge impact on the volume of junk email they receive as a result of this kind of fragmented legislation. In fact, the impact will be minimal."

Global problem needs global co-operation

Spam volumes have increased to account for half of all emails sent over the latter months of this year.

Mirapoint estimates that 60 per cent of UK junk mail originates from outside the UK and Europe, primarily from the USA and Asia. So it is important that the EU member states lobby for this issue to be addressed on a global scale.

Security firm CipherTrust supports this assessment by arguing that anti-spam legislation will become effective and enforceable only through international cooperation. But the US anti-spam law (the CAN-SPAM Act) take a soft stance on spammers by placing the onus on the recipient to opt out of unsolicited communications, which raise serious doubts about the possibility of reaching international consensus on the problem.

Nonetheless CipherTrust reckons only a three-pronged approach - combining legislation, user education and technology - will stand any chance of bringing the spam problem under control.

The company draws an analogy between car thieves and spammers.

"It is illegal to steal cars. Still, cars have locks and alarms. Likewise, it is illegal to send spam, but to protect an email inbox, anti-spam technology will be required," according to CipherTrust. ®

Related Stories

Congress passes anti-spam bill
US anti-spam laws 'will legalise spam'
UK Govt fouls up anti-spam plans, say experts
Dangerous Mimail variant knocks over anti-spam sites
Microsoft aims to 'shift the tide' in war on spam
The conspiracy against our in-boxes
The economics of spam
US man threatens anthrax attack on spammers