250 likes | 460 Views
Untouchable?: A Canadian Perspective on the Anti-Spam Battle. October 2004. Michael Geist Canada Research Chair in Internet & E-commerce Law University of Ottawa, Faculty of Law. The Spam Myths. spam originates offshore the delete key the private sector law is powerless
E N D
Untouchable?:A Canadian Perspective on the Anti-Spam Battle October 2004 Michael Geist Canada Research Chair in Internet & E-commerce Law University of Ottawa, Faculty of Law
The Spam Myths • spam originates offshore • the delete key • the private sector • law is powerless • canadian anti-spam legislation
Outline • The spam problem • Three Phases of Dealing With Spam • Phase One - Spam as an Annoyance • Phase Two - The Three Anti-Spam Pillars • Phase Three - Getting Serious About Spam
Spam Growth • Estimated Cost - $10 - 87 Billion/year • 70% of email now spam • 90% of S. Korean email now spam • AOL - Blocking over 2 billion spam per day • 75% of spam now uses HTML • Profitability at response rate under 0.0001% • Brightmail estimates $250 million in profitability for spammers in 2003
Canadian Spam • 10 of the 200 spammers worldwide (Spamhaus ROKSO list) are Canadian • Top 200 spammers responsible for 90% of global spam • Sophos ranks Canada as top ten source of spam worldwide
The Spam Problem • Cost shifting • Privacy • Intermediary effects • Deception and fraud • Lost e-commerce confidence • Lost e-communication confidence
Phase One - Spam as an Annoyance • 1995 - 1999 • Anti-spam groups form • Sporadic legislative initiatives but emphasis on private sector leadership • Private sector legal tactics • Contract • Criminal • Trademark • Trespass • Private sector technical tactics - MAPS RBL, UDP • Public sector enforcement - FTC brings first action in 1998 • Spammers fight back with own suits
Phase One - Spam as an Annoyance The federal government believes that its current policy and legal frameworks will continue to foster strong Internet growth and development in Canada while at the same time dealing adequately with computer abuse and criminal activity. Spam is but one of the new elements emerging from increased Internet growth and development. The government believes that an appropriate mix of policies and laws, consumer awareness, responsible Internet industry stakeholders and technological solutions is the best and most appropriate way to deal with behaviour in the new and evolving on-line environment. The government believes that Canada has this right mix today but will continue to monitor developments and consider changes if they are required. - Industry Canada, 1999
Phase One - Spam as an Annoyance • Problem -- doesn’t work • Spam continues grow • Isolated private sector actions have limited deterrence value and are expensive • Inconsistent legislative proposals
Phase Two - The Three Anti-Spam Pillars • 2000 - 2003 • Spam problem worsens • Focus shifts to three pillars • Technology • Education • Legal Solutions
Phase Two - The Three Anti-Spam Pillars • Technology • Filters • Authentication • Problems: • Cost • False Positives (Solution worse than the problem) • Privacy • Spammer technological response
Phase Two - The Three Anti-Spam Pillars • Education • Educate businesses via industry codes • Educate consumers on how to respond to spam • Problems: • Lack of legal weight to codes • Bad actors • Inconsistent consumer messaging - opt-in vs. opt-out
Phase Two - The Three Anti-Spam Pillars • Legal Solutions • Global shift toward anti-spam legislation including US, Europe, Japan, South Korea, and Australia • Key provisions • Definitional issues • Private rights of action • Significant damages • Labeling requirements • Deceptive practices (headers, spoofing, etc.) • Email harvesting/Dictionary attacks • ISP immunity • Opt-out vs. opt-in • Do-not-spam lists • Commissioning spam
Phase Two - The Three Anti-Spam Pillars • Legal Solutions - Canada • Consider prospect for anti-spam legislation in 2003 • Focus on four main legislative solutions • PIPEDA • Criminal Code • Competition Bureau, Fair Practices Branch • Telecommunications Act
Phase Two - The Three Anti-Spam Pillars • PIPEDA • Email addresses as personally identifiable information • Respecting opt-outs • Harvesting email addresses • Accountability • Security
Phase Two - The Three Anti-Spam Pillars • Competition Act • Sections 51(1) and 74.01 - false or misleading representations for purpose of promoting product or service • Significant fines • Could target: • False or deceptive headers • Content of certain email • FTC focused on deceptive practice legislation
Phase Two - The Three Anti-Spam Pillars • Criminal Code • Section 380 -- fraud • Section 372(1) -- false messages • Section 342.1 -- fraudulently obtain computer service • Section 342.2 -- device for committing 342.1 • Could cover -- • Fraudulent spam • Unauthorized use of email servers • Email harvesting • Email harvesting software
Phase Two - The Three Anti-Spam Pillars • Telecommunications Act • Section 41 -- CRTC order prohibiting unsolicited communications • No action yet from CRTC but theoretically section appears to cover spam
Phase Two - The Three Anti-Spam Pillars • Problems • Enforcement challenges • Ineffective legislation • Unnecessary legislation?
Phase Three - Getting Serious About Spam • 2004 - ?? • Anti-spam activity is an enforcement problem… NOT a legal or technological problem
Phase Three - Getting Serious About Spam • The spam problem will get worse if nothing is done • Less email communication • Less e-commerce • More wireless spam • More IM spam (spim) • More phishing
Phase Three - Getting Serious About Spam • Resourcing anti-spam efforts • Follow the money • National anti-spam actions • Canadian-specific action plan • Multinational enforcement co-operation • Australia - S. Korea model • Operation Secure Your Server • International organizations • ITU • WSIS • OECD • Contemplating legislative alternatives
Michael Geist mgeist@pobox.com