Currently, there are several different approaches to fighting spam, including:
- Technological: anti-spam software (e.g., Vircom, GFI, Symantec, etc.)
- Associative: associations of private interests such as ISPs and large corporations; the most recent example being ASTA (Anti-Spam Technical Alliance), formed by AOL, Yahoo, Microsoft, British Telecom, Comcast and Earthlink
- Legislative: many countries are now issuing their own legislation governing the use and misuse of electronic communications
Today I’ll talk about the legislative approach: what it actually represents, along with its status, limitations and weaknesses.
Let’s first remember that the Internet is only 40 years old, having been created for the ARPANET project in the US in 1970. At the time, the network connected only 13 computers at a speed of 50 Kbps. With the IPv4 addressing system in use today, we have a potential of 4.2 billion addresses and will soon run out! The new IPv6 system will support a much larger number of addresses (2128 – about 3.4.1038). Given the Internet’s dizzying speed of evolution in the past 40 years, it’s difficult to believe that legislation can keep up.
The United States created the CAN-SPAM Act in January 2004 (Controlling the Assault of Non-Solicited Pornography and Marketing). When you look at the content and distribution of today’s spam, you can see that this definition must be reviewed. Although the law provides severe penalties for offenders, it has little-to-no effect on spammers. The latter, in fact, know they are operating illegally and rely on technology to operate in the shadows.
Australia created its own SPAM Act in 2003, which introduced a law requiring consent for email exchange. The European Union has an equivalent law, called 2002/58/EC.
Government agencies from most developed countries have begun to monitor and enforce anti-spam regulations. The telecommunications industry, consumer protection agencies, and police are all involved in the application of these regulations.
Now let’s examine some of the factors that affect this approach:
Inconsistency
The French Criminal Code, for example, contains specific sanctions against spammers: ‘The collection of personal data in a fraudulent, dishonest or illegal way is punishable by 5 years imprisonment and 300 000 € (Article 226-18 of the Criminal Code).
But the spread of spam continues not because of the weakness of sanctions, but because of inconsistent application of laws.
According to the European Union website (Reference: IP/09/1487 Date: 08/10/2009):
‘The analysis of more than 140 cases prosecuted in 22 EU countries showed considerable differences in the number of prosecutions in the country and imposed sanctions. The most numerous lawsuits were launched in Spain (39 cases), Slovakia (39 cases) and Romania (20 cases). The highest financial penalties were applied in the Netherlands (€ 1,000,000), Italy (€ 570,000) and Spain (30 000 €). However, in some countries, such as Romania, Ireland and Latvia, spammers have been fined lightly, from a few hundred to several thousand.’
In the US, the complexity of the CAN-SPAM Act and related exceptions makes it virtually non-applicable to real cases. Therefore only 1% of spam sent met its criteria in 2003, according to Grant Gross, IDG News January 13, 2004, PCWorld.
Resources
It’s almost Utopian to think that we have sufficient resources – both human and material – to identify and stop every spammer in every corner of the world. Look how complex, time consuming and frustrating it has been to combat botnets, and other organized, automated, multi-pronged criminal attacks.
Multilateralism
Spam is a global phenomenon without borders. Even if we had the resources and technical means to catch the criminals, we should address the issue of multilateral agreements. How do we sentence a Romanian who sends spam to an Australian and other parts of the world?
Several questions remain unanswered, and we cannot fully address them because the Internet’s history is really just beginning. We will continue to analyze the struggle of spam legislation in future posts.
References:
http://www.ddm.gouv.fr/article.php3?id_article=600
http://www.7-dragons.com/portail/internet/histoire-internet.php
http://www.pcworld.com/article/114287/is_the_canspam_law_working.html
Leave a Comment