190 likes | 310 Views
Spam laws in Australia and surveillance. Does our Spam Act stop Spam, or invite routine email surveillance at work?. David Vaile Executive Director Baker & McKenzie Cyberspace Law and Policy Centre Faculty of Law, University of NSW www.bakercyberlawcentre.org. Promise more than deliver?.
E N D
Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker & McKenzie Cyberspace Law and Policy Centre Faculty of Law, University of NSW www.bakercyberlawcentre.org
Promise more than deliver? • Internet: strange beast to regulate • ‘Cyberspace’ out there • Jurisdiction: none or too much? • Brave attempts to legislate • Good intentions and ingenuity • But often undermined by a flaw • Fails to deliver on promise • Side effects can swamp intended effects
Email surveillance and Spam • Spam threatens viability of email system • Legislation in 2003, each flawed • IT security seen as ultimate Spam solution • Workplace surveillance as the answer? • Threat to privacy of email • Misses the target • Won’t work • Erosion of trust, collateral damage • Undermine training, organisation intelligence
Spam threatens email’s viability • Spam is 2/3 of all email (Messagecare) • Technical load on infrastructure • Threat to trust, Internet social bonds • People begin to abandon email • Network effect declines • ‘Tragedy of the Commons’ (Catlett) • Market and technical failure
Some problems with real Spam • ‘Epidemic’ of asymmetric attacks • Sender is hidden • Sender is out of jurisdiction • Spam bots • Address harvesting • Hybrid worms with built-in mail servers! • Arms race, cheap technical advances • Eg, Anti-filtering content
A tale of 2003 Spam laws • Reaction to threat to Email system • California’s Spam law • US Federal ‘CAN-SPAM’ Act • Australian Spam Act • EU Directive (not covered) • Spot the crippling flaws…
Californian Spam laws of 2003 • Stricter legislation than Australia • Requires prior consent (‘Opt in’) • Can’t rely on ‘Unsubscribe’ • Unsubscribe is too late • ‘Private right of action’ • Anyone could have sued; but … • Overridden by CAN SPAM (federal)
US CAN SPAM Act 2003 • ‘Opt out’ not ‘opt in’ • Requires only: • Good return address • Honour opt out request • Over-rides Californian law • Weakens protection drastically • Triumph of Direct Marketers
Australia’s Spam Act 2003 • A different political balance • ADMA accepted ‘Opt in’ (unlike US) • Loopholes to drive a truck through? • Exempt bodies, Purely factual messages • Dragnet to catch slippery spammers • Single message can be Spam! • Harsh ‘search and seizure’ powers
Concepts • ‘Commercial electronic messages’ • Banned if not solicited • Explicit or implicit consent • Covers individual emails • Drastic fines for repeat offenders • Complex exemptions • Relationships relevant to the test
Enforcement of Spam Act • ACA under-resourced • ‘Softly softly’ policy • Target the extreme abusers • Liability net is wide and complex • Many offences not prosecuted • Wide discretion, uncertainty
Risk of Spam Act prosecution • Liability v. risk of prosecution? • Serious Offences • Huge Penalties • But ACA policy, resources • Intention needed for offence? • Practical risk of single message Spam • Difficult to frame legal advice
Problems of email at work • Complex Spam liability rules • Other legal issues • Viruses and security • Pornography etc. • Temptation to track everything?
NSW workplace surveillance law • Announced 30 March 2004 • Workplace surveillance already regulated • ‘Strict laws & protocols to restrict employer snooping on workers phone’ • Workplace Video Surveillance Act • To be amended to cover email, other tech. • Prohibits email surveillance • Without court order or consent • Challenges IT control, Spam monitoring
Issues • Industrial opposition to monitoring • Balance of interests • ‘Mutually respectable workplace’ • Privacy rights protected in a new sphere • See Privacy Acts Federal and State • Focus on consent
Bark worse than bite? • Act is not passed yet • Unclear real intention • Reduce secret surveillance • May just result in forced consent • Potential to be stricter - details! • Any practical effect? • Precedent for other safeguards?
Surveillance stops Spam? • Divergence of views • IT solution v people solution • What is the problem? • After the fact – too late • Not reveal the basis of exemptions • Inadvertent breaches of the Act
A better solution? • Trust and respect • Training and peer support • Sensible policies & goodwill • Cooperation with ACA, ACCC, TIO … • Complaint-based approach • Review marketing and PR • Seeking consent is good business
Conclusion • Spam law unintended consequences • Surveillance culture • New awareness of privacy • NSW anti-email surveillance law • Effective risk management • Low risk of prosecution • Better solution