Unsolicited electronic mail or spam has increased dramatically in the past year and now accounts for approximately 50 percent of all e-mail messages across global networks.
Internet Service Providers (ISP) and corporate networks have been compromised by spam, which has clogged mail servers and wreaked havoc in e-mail deliveries. Bogus offers, including the "Nigerian" e-mail scams, have claimed many victims, and the art of "phishing" -- the act of luring unsuspecting customers of businesses, including banks, credit card and e-commerce providers, via e-mail to divulge personal information, account details and passwords using convincing, bogus Web sites that mimic the businesses' online presence -- have increased radically over the last year.
Apart from the annoyance and time factor, spam is disruptive and has created many economic costs for both ISPs and users, resulting in downtime, delivery delays, bandwidth and capacity issues, and increased Internet access charges. A recent European study estimates that spam costs businesses an average of A$900 per employee per year in lost productivity.
In Australia, the nation's new anti-spam legislation will come into effect on April 11, 2004. The period of grace allows time for businesses to scrutinise existing practices and policies and advise employees on the new requirements on electronic messaging. In practice, the implementation of sound database management techniques makes logical sense to collect and maintain consent or "opt-in" e-mail lists to comply with the legislation.
The main feature of the Spam Act is a general prohibition on the sending of unsolicited commercial electronic messages that have an Australian link -- subject to a few exemptions. With fines of up to $1.1 million a day for repeat corporate offenders, the law also prohibits the supply, acquisition or use of e-mail harvesting software or address lists.
In order to comply with the legislation, a commercial electronic message must satisfy three basic rules:
1. Must not be sent without the recipient's prior consent (express or implied).
2. Must include accurate sender information.
3. Must have a functional facility to allow the receiver to "opt-out" or to unsubscribe from future messaging.
The technology neutral definition of "electronic message" is drafted to take into account the convergence of technologies and media, and include:
It does not include voice calls from a standard phone service or facsimile messaging.
Certain types of unsolicited commercial electronic messages are exempted from the ambit of the legislation. These messages include:
a) Government bodies.
b) Registered political parties.
d) Religious organisations.
e) Educational institutions (messages directed to past and present students or members of their households).
The legislation will be administered by the Australian Communications Authority (ACA). The ACA has begun setting up a dedicated unit to enforce the new anti-spam law and will be working with the relevant industries to develop appropriate codes for registration, and to investigate spamming and ensure code compliance.
The ACA was also given powers to:
The Act also allows application to the Court for compensation for a victim who has suffered loss or damages as a result of spamming. The Court may also order the spammer to surrender any financial benefit that they have obtained from spamming.
The new legislation will probably do little to stop the flood of overseas spam but the compliance issues it imposes will be a new reality for businesses in Australia.
And, given that the bulk of spam is generated abroad, enforcement of the Australian legislation against foreign-based spammers will be dependent on the cooperation of other countries. On its own, the legislation will have little impact on spam. Co-operative relationships and multilateral arrangements with countries and international bodies will be one of the keys to its successes.
The United Kingdom and United States recently joined Australia to pass laws to combat spam. The US Congress overwhelmingly approved the federal spam legislation in December 2003, after more than six years of unsuccessful attempts to enact a law to control the tide of unsolicited e-mail. However, critics of the US federal legislation have argued that the "opt-out" approach has narrowed the ambit of the various US State initiatives. The State of California and Australia, for instace, have adopted the far reaching "opt-in" or consent required approach.
Seemingly, these emerging national and international initiatives will begin to turn the tide against spam, but only time will tell. In the interim, bogus scam e-mails including "Nigerian" letters continue to drown our e-mail boxes.
Anthony Wong is the director of AGW Consulting and information communication technology counsel at Aequitas Attorneys. He has a Master of Laws in Media, Communications and Technology from University of New South Wales and Bachelors of Law and Computer Science from Monash University. This article is intended to provide a summary of the subject matter covered. It does not purport to render legal advice. Readers should seek professional advice before applying the information to specific circumstances.
If you would like to become a ZDNet Australia guest columnist, write in to Fran Foo, Editor of Insight, at firstname.lastname@example.org.