Penguin
Note: You are viewing an old revision of this page. View the current version.

The NewZealand government is currently requesting input on drafting new laws against Spam. The WLUG is uniquely placed to offer advice to the government on the issue of spam, as many of it's members are technically savvy about how the Internet? works and the rise of Spam, and the LUG is not affiliated any way with any commercial entity that is likely to want to taint the new law.

I propose that the WLUG makes a submission to the government about Spam legislation. To contribute, edit this page with your comments. While I don't think laws alone are going to stop spam, they a certainly a powerful tool against spammers and should be encouraged.

The request is available online: http://www.med.govt.nz/pbt/infotech/spam/ PLEASE read this before commenting on the questions below. The document is very well written and discusses the various issues.

The deadline for the submission is 30 June 2004

I hope that we can draft up a document based on the comments on this page.


http://www.med.govt.nz/pbt/infotech/spam/discussion/discussion-02.html

1. Do you consider spam to be an important issue? Has it significantly affected you in any way?

PerryLorier: Yes, it has reduced the utility of email, which is one of my primary means of communication. Also spammers have started sending penis enlargement spams from a domain I help administer which is used by a biopharmaceticals company that sell amongst other things, growth hormones. The spammers are not affiliated in any way with the real owners of the domain, and are causing considerable loss of good will.

zcat(1): My kids (7 and 9) would like to be able to exchange email with their friends at school, email stuff to kids TV, enter competitions, etc. I've set them up their own email addresses, but I see today they're starting to get viruses and I have no doubt that spam (much of it highly pornographic) will soon follow. Now I have to discreetly pre-screen their mail.

MatthiasDallmeier: Yes, it wastes my time and money. (By the way, the original meaning of "spam" is not really the same as junk e-mail, so we should probably not use that word.)

2. Do you think legislation has a role to play alongside other complementary measures?

PerryLorier: Yes. There are several promising technological solutions on the horizon such as SPF, CallerID?, Penny Black, however even if these are effective at wiping out email spam, there is still other types of spam, such as IM spam.

http://www.med.govt.nz/pbt/infotech/spam/discussion/discussion-03.html

3. Do you consider existing privacy protections in this area sufficient?

PerryLorier: As stated in paragraph 25 it is possible to trade email addresses that are considered to be publically available. This is causing people to actively conceal their contact information on the Internet, thus destroying one of it's most important uses, as a communications medium.

4. Do you agree that stand-alone anti-spam legislation is preferable to reliance on the Harassment Act?

PerryLorier: The harassment act does not seem to be applicable to Spam. In particular if it was to be enforced, it would be possible for spammers to easily bypass it by rotating through email addresses annually. Also, due to the sheer number of different spammers that are out there even if each spammer only sent you one email then you'd still be flooded with spam.

MatthiasDallmeier: Yes.

http://www.med.govt.nz/pbt/infotech/spam/discussion/discussion-04.html

5. What message mediums should be caught by the legislation (e.g. email, short message services using mobile phones, Internet instant messaging, faxes, telephones (telemarketing), physical mail delivery)?

PerryLorier: I believe that Spam is not limited to the mechanism that it's delivered by. While spam is generally considered to be a product of electronic communication, Spam is only a problem because the cost of sending the email is so low. If it was possible to send messages via some other medium at very low cost, those mediums would also fall victim to spam.

MatthiasDallmeier: All present and future message mediums should be covered, obviously.

6. Do the messages caught by the legislation have to be sent/conveyed to many recipients, and if so, how many?

PerryLorier: I believe that yes, part of what makes spam what it is is the fact that it is sent in bulk. I'd suggest that bulk email is email where you are sending on average more than 1 email every 10 seconds over any one hour period.

zcat(1): BULK and UNSOLICITED should be the only criteria, commercial makes no difference whatsoever. I would be just as annoyed if I was being sent religious, charity, or political bulk mail.

MatthiasDallmeier: I disagree with Perry and possibly also Bruce depending on the definition of "bulk", because it makes no difference to me how many recipients also received an unwanted message. Anyway, my answer to this question is a definite NO.

7. Should the messages caught by the legislation be of a commercial advertising and promotional nature only or should other types of messages be caught? Should there be exceptions and if so what should be exempted? Exempting from political parties, religious groups and charities seems to not solve the problem. Spam would still be spam if I was being spammed by religious groups.

PerryLorier: It is not the content of the emails which is a problem, it is the number of them that cause the issue. Waking up and finding another 50 emails that are irrelevant to me if they are commercial in nature or not is my problem.

8. Should the legislation extend to coverage of acts done overseas? If so, what acts should be covered?

zcat(1); 'follow the money' - If the the spam benefits a New Zealand 'entity', it should make no difference that they hired some kid in Romania to send their mail via hacked Chinese servers. The same applies if a New Zealander organises the spamming on behalf of an overseas client. And I personally feel that it should also apply if a New Zealander, through lack of appropriate care and computer maintenence, allows their computer to become a 'spam relay' for someone else..

9. Should all parties involved in the act of spamming, such as the vendor sponsoring the spamming, be covered by the legislation? Should there be express exceptions such as for telecommunications companies and ISPs?

PerryLorier: Yes, all parties involved should be covered. I don't believe ISP's or telecommunications companies should be excepted, especially as these are the groups that are technologically the most able to perform spamming.

MatthiasDallmeier: Yes, all parties involved should be covered. Telecommunications companies and ISPs should be required to act on abuse complaints to avoid being held liable for the actions of their customers, but unless they are knowingly hosting spammers, sending spam themselves, or running open servers they cannot really be held responsible.

10. Should New Zealand adopt an opt-in, double opt-in or opt-out approach in legislating against spam? Why?

PerryLorier: Opt-out is unlikely to work as spammers have used "Opt-out" approaches to harvest valid email addresses, and users are reluctant to use it even if it is available due to the risk of recieving even more spam. Opt-in has issues with viruses or malicious people forging email and subscribing you to spam without your consent. Double opt in seems to be the only reliable way of determining peoples true intentions.

MatthiasDallmeier: Double opt-in, because it is the only way to ensure that someone does in fact want to be "spammed". Opt-in could be abused by third parties. Opt-out would be equivalent to allowing spam and therefore a complete waste of time.

11. If an opt-in or double opt-in approach was to be adopted, what should amount to express consent and what actions and/or relationships should amount to inferred consent to the sending of a "commercial" electronic message?

12. How should the scope of any opt-in or double opt-in assent be framed?

zcat(1): Double-opt-in only. The 'confirm' message should contain information that identifies the sender, clearly traces the web form submission or message which invoked it (IP address, mail headers, etc), and lists the name, origin, and purpose of the mailing list. It should not contain anything else that could be considered 'advertising'.

13. Should there be a requirement for commercial electronic messages to accurately identify the sender of the message? If so, what constitutes accurate identification (e.g. name and physical address, name and email address)?

PerryLorier: This should be a requirement for all commercial communications that they have obvious and accurate sender information. Commercial or not, it should be illegal to send mail as someone you are not.

14. Should there be a requirement for commercial electronic messages to include a statement to the effect that the recipient may use an electronic address set out in the message to send an unsubscribe message to the sender, and to ensure that such electronic address is functional?

15. Should there be a requirement that commercial electronic messages provide accurate header and subject information?

PerryLorier: Yes.

16. Should there be a requirement for the labelling of advertising or adult messages?

PerryLorier: Adult material should be labelled obviously as such and should be labeled in a way that can be detected by software for filtering purposes for younger children.

zcat(1): This shouldn't be necessesary. My children should not be recieving anything that they didn't explicitly subscribe to. I'm fairly sure they didn't sign up anywhere for hot oral sex and penis-enlargement emails, so I shouldn't HAVE to filter those out.

MatthiasDallmeier: I would tend to agree with Bruce on that one. Without UCE this is not an issue and such a requirement would only confuse matters. There might or might not be a need for such a requirement independent of anti-spam legislation and not limited to e-mail only though.

17. Should anti-spam legislation include rules against the supply, acquisition and use of address-harvesting software and harvested-address lists in connection with the unlawful sending of electronic messages?

PerryLorier: Yes. Publishing an email address on a website should not be an open invitation to email it with things that are unrelated to the page that it was posted on.

MatthiasDallmeier: Yes, e-mail addresses should never be passed on to anyone without the expressed permission of their owner...

18. Who should be able to bring an action against an alleged spammer?

MatthiasDallmeier: Anyone who is actually affected by their action.

19. What agency should have the enforcement role under the legislation?

20. What should be the available penalties and remedies for breaches of anti-spam legislation and what should be the maximum fine or pecuniary penalty?

PerryLorier: Can we suggest mandatory death penalty?

zcat(1): seconded.

SamJansen: I believe it should be a criminal offense. The penalty should range from a fine (perhaps thousands of dollars) to a short-term prison sentence; in the order of a few months.

MatthiasDallmeier: A ban from connecting to the Internet.

21. Should contraventions give rise to criminal or civil penalties?

22. Should the responsible enforcement agency be given the ability to obtain search warrants conferring powers of entry, search and seizure?

SamJansen: Yes. This really needs to be the case.

zcat(1): Since spammers are an exceptionally low-life form of psychopath, it is felt by many that they may try to 'frame' legitimate mailing lists in order to hurt honest retailers in competition, draw attention away from themselves, or merely confuse the whole issue of legitimate vs. unwanted commercial mail. Any agency investigating spam needs to be aware that spammers are often completely devoid of normal human ethics.