Untouchable?: A Canadian Perspective on the Anti-Spam Battle
Michael Geist
Canada Research Chair in Internet & E-commerce Law
University of Ottawa, Faculty of Law
October 2004
2
The Spam Myths
spam originates offshore the delete key the private sector law is powerless canadian anti-spam legislation3
Outline
The spam problem Three Phases of Dealing With Spam Phase One - Spam as an Annoyance Phase Two - The Three Anti-Spam Pillars Phase Three - Getting Serious About Spam4
Spam Growth
Estimated Cost - $10 - 87 Billion/year 70% of email now spam 90% of S. Korean email now spam AOL - Blocking over 2 billion spam per day 75% of spam now uses HTML Profitability at response rate under 0.0001% Brightmail estimates $250 million in profitability for spammers in 20035
Canadian Spam
10 of the 200 spammers worldwide (Spamhaus ROKSO list) are Canadian Top 200 spammers responsible for 90% of global spam Sophos ranks Canada as top ten source of spam worldwide6
The Spam Problem
Cost shifting Privacy Intermediary effects Deception and fraud Lost e-commerce confidence Lost e-communication confidence7
Phase One - Spam as an Annoyance
1995 - 1999 Anti-spam groups form Sporadic legislative initiatives but emphasis on private sector leadership Private sector legal tactics Contract Criminal Trademark Trespass Private sector technical tactics - MAPS RBL, UDP Public sector enforcement - FTC brings first action in 1998 Spammers fight back with own suits8
Phase One - Spam as an Annoyance
The federal government believes that its current policy and legal frameworks will continue to foster strong Internet growth and development in Canada while at the same time dealing adequately with computer abuse and criminal activity. Spam is but one of the new elements emerging from increased Internet growth and development. The government believes that an appropriate mix of policies and laws, consumer awareness, responsible Internet industry stakeholders and technological solutions is the best and most appropriate way to deal with behaviour in the new and evolving on-line environment. The government believes that Canada has this right mix today but will continue to monitor developments and consider changes if they are required.
- Industry Canada, 1999
9
Phase One - Spam as an Annoyance
Problem -- doesn00 work Spam continues grow Isolated private sector actions have limited deterrence value and are expensive Inconsistent legislative proposals10
Phase Two - The Three Anti-Spam Pillars
2000 - 2003 Spam problem worsens Focus shifts to three pillars Technology Education Legal Solutions11
Phase Two - The Three Anti-Spam Pillars
Technology Filters Authentication Problems: Cost False Positives (Solution worse than the problem) Privacy Spammer technological response12
Phase Two - The Three Anti-Spam Pillars
Education Educate businesses via industry codes Educate consumers on how to respond to spam Problems: Lack of legal weight to codes Bad actors Inconsistent consumer messaging - opt-in vs. opt-out13
Phase Two - The Three Anti-Spam Pillars
Legal Solutions Global shift toward anti-spam legislation including US, Europe, Japan, South Korea, and Australia Key provisions Definitional issues Private rights of action Significant damages Labeling requirements Deceptive practices (headers, spoofing, etc.) Email harvesting/Dictionary attacks ISP immunity Opt-out vs. opt-in Do-not-spam lists Commissioning spam14
Phase Two - The Three Anti-Spam Pillars
Legal Solutions - Canada Consider prospect for anti-spam legislation in 2003 Focus on four main legislative solutions PIPEDA Criminal Code Competition Bureau, Fair Practices Branch Telecommunications Act15
Phase Two - The Three Anti-Spam Pillars
PIPEDA Email addresses as personally identifiable information Respecting opt-outs Harvesting email addresses Accountability Security16
Phase Two - The Three Anti-Spam Pillars
Competition Act Sections 51(1) and 74.01 - false or misleading representations for purpose of promoting product or service Significant fines Could target: False or deceptive headers Content of certain email FTC focused on deceptive practice legislation17
Phase Two - The Three Anti-Spam Pillars
Criminal Code Section 380 -- fraud Section 372(1) -- false messages Section 342.1 -- fraudulently obtain computer service Section 342.2 -- device for committing 342.1 Could cover -- Fraudulent spam Unauthorized use of email servers Email harvesting Email harvesting software18
Phase Two - The Three Anti-Spam Pillars
Telecommunications Act Section 41 -- CRTC order prohibiting unsolicited communications No action yet from CRTC but theoretically section appears to cover spam19
Phase Two - The Three Anti-Spam Pillars
Problems Enforcement challenges Ineffective legislation Unnecessary legislation?20
Phase Three - Getting Serious About Spam
2004 - ?? Anti-spam activity is an enforcement problem00NOT a legal or technological problem
21
Phase Three - Getting Serious About Spam
The spam problem will get worse if nothing is done Less email communication Less e-commerce More wireless spam More IM spam (spim) More phishing22
Phase Three - Getting Serious About Spam
Resourcing anti-spam efforts Follow the money National anti-spam actions Canadian-specific action plan Multinational enforcement co-operation Australia - S. Korea model Operation Secure Your Server International organizations ITU WSIS OECD Contemplating legislative alternatives23
Untouchable?
24
What are we prepared to do?
25
Michael Geist
mgeist@pobox.com
download Untouchable?: A Canadian Perspective on the Anti-Spam Battle
