Can laws block spam?

White paper looks at the ability of laws to stop spam

The long view of security strategies for your network.

I just read a new white paper from Montreal-based Vircom, developer of Modus secure messaging products, on recent international anti-spam legislation efforts.

Entitled, “Can Laws Block Spam?” the paper quotes five experts on spam: Lindsay Barton, manager of online policy at the National Office for the Information Economy of Australia; Anne Mitchell, president and CEO of the Institute for SPAM and Internet Public Policy; Michael Osterman, principal of Osterman Research (and author of Network World’s Messaging Newsletter); Troy Rollo, chairman of the Coalition Against Unsolicited Bulk Email in Australia and executive director of the International Coalition Against Unsolicited Commercial Email; and Neil Schwartzman, editor and publisher of spamNEWS and chair of the Canadian Coalition Against Unsolicited Commercial Email.

The paper analyzes the CAN-SPAM Act in reasonable detail, but I have already pointed readers to that legislation and analyses of its weaknesses.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I just read a new white paper from Montreal-based Vircom, developer of Modus secure messaging products, on recent international anti-spam legislation efforts.

Entitled, “Can Laws Block Spam?” the paper quotes five experts on spam: Lindsay Barton, manager of online policy at the National Office for the Information Economy of Australia; Anne Mitchell, president and CEO of the Institute for SPAM and Internet Public Policy; Michael Osterman, principal of Osterman Research (and author of Network World’s Messaging Newsletter); Troy Rollo, chairman of the Coalition Against Unsolicited Bulk Email in Australia and executive director of the International Coalition Against Unsolicited Commercial Email; and Neil Schwartzman, editor and publisher of spamNEWS and chair of the Canadian Coalition Against Unsolicited Commercial Email.

The paper analyzes the CAN-SPAM Act in reasonable detail, but I have already pointed readers to that legislation and analyses of its weaknesses.

More interesting here is the analysis of the European Community Directive on Privacy and Electronic Communication Regulation 2003. This legislation provides for opt-in (not opt-out) restrictions on sending bulk e-mail. Much as with fax messaging, no one may initiate e-mail marketing without prior permission or prior business relationship - and there must be an easy way to refuse future junk e-mail at the time of initial data collection about an individual. In addition to enforcement actions initiated by the Information Commissioner in law courts, victims of spam may also sue for damages of up to £5,000 in cases heard before a judge (unlimited damages if heard before a jury). However, critics point out that the law does not regulate business-to-business spam, including spam sent to employees via their business e-mail addresses.

Another section covers the Australian Spam Act of 2003, which includes not only e-mail spam but also SMS junk messages. This law also advocates opt-in, in contrast with the U.S. approaches that depend on opt-out methods. There are clauses dealing with accurate origination addresses and restrictions on harvesting e-mail addresses automatically. Penalties are potentially much higher than in the U.S. or in Europe.

Although the Australian law has many admirable features, it founders on the reef of international spam. As commentators note in the white paper, national laws will inevitably fail to control spam sent from outside their borders. According to a U.N. Conference on Trade and Development report on the origins of spam in 2003, the sources of spam were:
* 58.4% U.S.
* 5.6% China
* 5.2% U.K.
* 4.9% Brazil
* 4.1% Canada
* 21.8% Other

On a side note, I have been receiving the most amazing junk e-mail from China lately - ads in comically bad English for everything from inflatable dolls the size of buildings to industrial flooring components and chemicals. Given that China has one-quarter of the world’s population and an economy that is growing at about 10% per year, this trickle bodes very badly for the future of our inboxes.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.