Enemies in the inbox

Anti-spam legislation usually falls into one of three categories: opt-in, opt-out and none at all.

Canada falls into the last category. To date, no laws have been passed to protect citizens and business from this growing problem.

“Canada is kind of sitting on the sidelines while

the battle is mostly being played out in the U.S. and Britain,” says Jesse Dougherty, director of development for Sophos plc, an anti-spam software company.

In October the U.S. Senate passed a bill by a vote of 97 to zero to outlaw spam and to set up a do-not-spam registry similar to the do-not-call list. Under the legislation, spammers could face million-dollar fines and jail time. The bill, however, would not render all spam illegal. It focuses on fraudulent and deceptive messages. This would affect messages with falsified return addresses and misleading subject lines. Pornography would also have to be properly labelled so filters could delete it.

Many individual states have passed their own laws. California, for example, won a US$2 million judgement on October 24 against a marketing firm for sending millions of unsolicited e-mail.

In September the British government passed a law making it illegal to send junk mail unless the recipient has opted in to receive such e-mail or is a customer. Fines for each breach are about US$8,000. The legislation covers personal e-mail only and does not prohibit unsolicited messages sent to corporate accounts.

Australia can be added to the list as well. Australia’s House of Representatives enacted legislation in September allowing for sanctions including warnings court-determined penalties, with a maximum of US$733,000 per day.

While Canada doesn’t have any spam-specific legislation, this doesn’t mean we don’t have any recourse. According to officials at the Office of the Privacy Commissioner of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) offers recourse in certain circumstances. If a spammer bought the mailing lists for the basis of the spamming, for example, he or she could face legal action. The act might also be relevant in terms of an organization using e-mail addresses for a new purpose other than that personal information was collected. If the spamming is excessive and it interferes with a business there may also be room for Criminal Code prosecution for mischief.

Dougherty says a lack of specific anti-spam legislation in Canada doesn’t concern him. What’s needed, however, is enforcement of current laws. He says if you have good anti-spam software then the spammer has to break the law in order to get by your filter.

“Generally you’ll find 70 per cent of spam is sent or relayed through a person’s machine, a high jacked machine, and they don’t even know it. That’s already trespassing, that’s already illegal,” Dougherty says. “To overrun your inbox will have to break already existing laws that are easily enforced.”

But Privacy Commissioner officials say enforcement is difficult under PIPEDA. The sender is often unknown or not easily verified. This can represent a serious obstacle in determining the application of the act as considerable time and expertise is required just to establish the sender’s identity. Even when a spammer’s identity is known the act’s provisions may still not be triggered if the sender is subject to a different jurisdiction. Another investigative challenge is that spammers are often fly-by-night operations, and they might relocate or effectively disappear before any action can be taken.

According to Pathway Communications’ Ashok Kalle most of the spam is sent from outside North America where no anti-spam laws exist. The president of the Internet service provider cites China, Eastern Europe and Korea as the prime culprits. Spam is costing businesses in the neighbourhood of $800 a year per employee, he says, but that may only be the tip of the iceberg. And this is where legislation becomes tricky.

Who do you go after in the case of sexually explicit e-mail? The sender? The sender’s ISP? Your ISP? Your company, if you receive it at work? Kalle says a number of sexual harassment lawsuits have been launched in the U.S. and it’s only time before the same happens in Canada.

Kalle says ISPs have two responsibilities. One is to prevent its users from sending spam, the other is to prevent it from reaching its customers. Technology isn’t perfect, however, and he says people don’t sue Canada Post or Bell Canada for threats via snail mail and the telephone.

Internet users have to take some of the responsibility for what they receive in the inboxes. People willingly submit their e-mail addresses for free things such as newsletters, e-mail updates and contest and giveaways.

“We’re getting the Internet we deserve in that we encourage a free market,” Dougherty says.

While there is no anti-spam legislation on the books, that could change in the near future. Liberal MP Dan McTeague and Conservative Senator Donald Oliver have both tabled private members’ bills. The key to any legislation, however, is the wording. Dougherty described the American law as being toothless because it places the onus on the user to opt out. Privacy Commissioner officials agree. The say opt out is a very weak form of consent and places responsibility on the wrong person.

Without legislation regarding spam and laws that aren’t being enforced, Dougherty says the best recourse is to talk to your ISP.

“If you want to get less spam, complain to your ISP. That will drive them to enforce more of what you want see done,” Dougherty says.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+