Embed
Email

GARBAGE IN EMERGING MEDIA AND REGULATION OF UNSOLICITED

Document Sample
GARBAGE IN EMERGING MEDIA AND REGULATION OF UNSOLICITED
Shared by: kylemangan
Stats
views:
18
posted:
8/21/2009
language:
English
pages:
11
BACKGROUND MATERIAL



SESSION - I



Defining SPAM: Identifying the Economic, Technical and Legal Problems



1. Spam –Definition



1.1 The most common definition of spam is “unsolicited commercial email”. This

definition however limits itself to messages that are commercial in nature and

consequently excludes many types of messages that could be considered as

spam. Unsolicited messages that apparently do not promote any commercial

activity are left out of the ambit of this definition.



1.2 CAN-SPAM Act

In the United States, the CAN-SPAM Act is premised on this approach and

defines the expression “commercial electronic mail message” to mean “any

electronic mail message the primary purpose of which is the commercial

advertisement or promotion of a commercial product or service (including

content on an Internet website operated for a commercial purpose)”.



The CAN-SPAM Act further clarifies that a ‘transactional or relationship’

message does not come within the ambit of the term ‘commercial electronic

message’. The said Act defines “transactional or relationship message” to

mean “an electronic mail message the primary purpose of which is:



(i) to facilitate, complete, or confirm a commercial transaction that the

recipient has previously agreed to enter into with the sender,

(ii) to provide warranty information, product recall information, or safety

or security information with respect to a commercial product or

service used or purchased by the recipient,

(iii) to provide (a) notification concerning a change in the terms or features

of, (b) notification of a change in the recipient’s standing or status

with respect to, or (c) at regular periodic intervals, account balance

information or other type of account statement with respect to, a

subscription, membership, account, loan, or comparable ongoing

commercial relationship involving the ongoing purchase or use by the

recipient of products or services offered by the sender

(iv) to provide information directly related to an employment relationship

or related benefit plan in which the recipient is currently involved,

participating, or enrolled,

(v) to deliver goods or services, including product updates or upgrades,

that the recipient is entitled to receive under the terms of a transaction

that the recipient has previously agreed to enter into with the sender”.



1.3 The Australian Spam Act, 2003

In Australia, the Spam Act, 2003 has adopted a like approach and defined a

“commercial electronic message” to mean “an electronic message, where,

having regard to:

(a) the content of the message; and



1-1

(b) the way in which the message is presented

(c) the content that can be located using the links, telephone numbers or

contact information (if any) set out in the message; it would be concluded

that the purpose, or one of the purposes, of the message is

(d) to offer to supply goods or services;

(e) to advertise or promote goods or services;

(f) to advertise or promote a supplier, or prospective supplier, of goods or

services;

(g) to offer to supply land or an interest in land;

(h) to advertise or promote land or an interest in land;

(i) to advertise or promote a supplier, or prospective supplier, of land or an

interest in land;

(j) to offer to provide a business opportunity or investment opportunity;

(k) to advertise or promote a business opportunity or investment opportunity;

(l) to advertise or promote a provider, or prospective provider, of a business

opportunity or investment opportunity;

(m) to assist or enable a person, by a deception, to dishonestly obtain property

belonging to another person;

(n) to assist or enable a person, by a deception, to dishonestly obtain a

financial advantage from another person;

(o) to assist or enable a person to dishonestly obtain a gain from another

person; or (p)

(p) a purpose specified in the regulations.”





1.4 Unsolicited Bulk Email



Another common definition of spam is that it is unsolicited bulk email. This

definition categorizes messages based on the number of recipients to whom it

is addressed. In this regard, while stipulating what constitutes “bulk”, some

legislations attempt to specify a precise number whilst many do not. Even in

cases where a specific number has been prescribed under State laws in the

United States, the precise number varies from anything more than 2 messages

in case of Idaho, to 500 in case of Kansas and 1000 in case of Louisiana.



1.5 OECD Approach



The OECD adopts a definition that combines the elements of both the above

approaches. It defines spam as “unsolicited and unwanted commercial

electronic messages or emails that are sent to large numbers of people.”1



1.6 Characteristics of Spam



The NOIE2 Report states that spam messages usually share one or more of the

following characteristics:



(a) Sent in an untargeted and indiscriminate manner, often by automated

means;



1

Report of Directorate for Science, Technology and Industry, OECD.

2

National Office for the Information Economy, Australia

2-2

(b) Includes or promotes illegal or offensive content;



(c) Purpose is fraudulent or otherwise deceptive;



(d) Sent in a manner that disguises the sender;



(e) Does not offer a valid and functional address to which recipients may

respond, in particular, for opting out of receiving further unsolicited

messages.



The manner in which spam is disseminated also differs significantly from case

to case. Broadly, spam falls within one of the following categories –



(a) Usenet Spam – Messages sent to multiple Usenet or other newsgroups.

Usenet spam robs users of the utility of newsgroups by flooding them with

unsolicited advertising.



(b) Email Spam – Messages targeting individual users through email messages

direct to their addresses.



(c) Wireless Spam – A relatively new form of unsolicited electronic messages

is spam sent by text messages to mobile phones.



In view of the above there is a need for an agreed definition of spam so as to examine

its impact and permit evaluation of potential measures that may be adopted to counter

it.



2. Magnitude of the Spam Menace



2.1 To date, no significant statistics have been compiled regarding incidence of

spam in India. Estimates indicate that there were approximately 5 million

internet users in India in 2003, nearly all of whom would have been faced by

the problem of spam at some time or the other. However, in absence of

specific data reliance may be placed on surveys conducted in foreign

jurisdictions. Such surveys would suffice as a reference point for India given

that the Internet renders geographical divides meaningless. Spam uniformly

affects users on the Internet across the globe regardless of territorial borders.



2.2 Available data from various jurisdictions indicates that the incidence of spam

is rapidly increasing. The CAN-SPAM Act includes the following finding of

the United States Congress: “The convenience and efficiency of electronic mail

are threatened by the extremely rapid growth in the volume of unsolicited

commercial electronic mail. Unsolicited commercial electronic mail is

currently estimated to account for over half of all electronic mail traffic, up

from an estimated 7 percent in 2001, and the volume continues to rise…”



2.3 Brightmail Inc., a business specializing in anti-spam software and services,

has estimated that spam accounts for 20% of all email messages sent. The







3-3

Gartner Group has estimated that 35% of all business messages received are

spam, and that this figure is likely to touch 50% by 2005.3



2.4 Microsoft MSN and Hotmail together block an average of 2.4 billion spam

messages every day. In a civil action initiated in the United States by America

Online (AOL) against spam, AOL averred that it receives around two billion

emails on a daily basis, of which spam filters installed by the ISP block over

one billion. This figure is ten times higher than what it was in 1999. Data

released by Postini, a spam-blocking filter program that monitors over a

billion emails per month, reveals that the amount of spam is doubling

approximately every five months.



2.5 The NOIE Report notes that as per the findings of the survey conducted by

CAUBE4, Australia spam increased six times in volume in 2001 alone. The

NOIE Report further cites a 300% increase in spam from 2001 to 2002.



2.6 This dramatic increase is attributable in part to the increase in the penetration

of the Internet across users worldwide. In case of a developing country like

India with very low Internet penetration levels at present, there is an imminent

likelihood of spam growing at exponential rates over the coming years.



3. Effects of Spam



3.1 General impact of Spam



The United States Congress, after extensive deliberations on the impact of

spam, decided to incorporate the following findings in the CAN-SPAM Act

which succinctly sets out the effects of spam:



“…(3) The receipt of unsolicited commercial electronic mail may result in

costs to recipients who cannot refuse to accept such mail and who incur costs

for the storage of such mail, or for the time spent accessing, reviewing, and

discarding such mail, or for both.



(4) The receipt of a large number of unwanted messages also decreases

the convenience of electronic mail and creates a risk that wanted electronic

mail messages, both commercial and noncommercial, will be lost, overlooked,

or discarded amidst the larger volume of unwanted messages, thus reducing

the reliability and usefulness of electronic mail to the recipient.



(5) Some commercial electronic mail contains material that many

recipients may consider vulgar or pornographic in nature.



(6) The growth in unsolicited commercial electronic mail imposes

significant monetary costs on provides of Internet access services, businesses,

and educational and nonprofit institutions that carry and receive such mail, as

there is a finite volume of mail that such providers, businesses, and institutions

can handle without further investment in infrastructure.



3

The NOIE Report at 9.

4

Coalition Against Unsolicited Bulk Email

4-4

(7) Many senders of unsolicited commercial electronic mail purposefully

disguise the source of such mail.



(8) Many senders of unsolicited commercial electronic mail purposefully

include misleading information in the messages’ subject lines in order to

induce the recipients to view the messages.



(9) While some senders of commercial electronic mail messages provide

simple and reliable ways for recipients to reject (or ‘opt-out’ of) receipt of

commercial electronic mail from such senders in the future, other senders

provide no such ‘opt-out’ mechanism, or refuse to honour the requests of

recipients not to receive electronic mail from such senders in the future, or

both.



(10) Many senders of bulk unsolicited commercial electronic mail use

computer programs to gather large numbers of electronic mail addresses on

an automated basis from Internet websites or online services where users must

post their addresses in order to make full use of the website or service…”



On the basis of the above findings, the United States Congress determined

that:



“(1) there is a substantial government interest in regulation of commercial

electronic mail on a nationwide basis;



(2) senders of commercial electronic mail should not mislead recipients as

to the source or content of such mail; and



(3) recipients of commercial electronic mail have a right to decline to

receive additional commercial electronic mail from the same source.”



3.2 Impact on Consumers



3.2.1 Among the direct impacts of spam are the inconvenience and costs incurred by

the users for the amount of time they spend online, either reading or

downloading their email messages. Additionally, for those recipients who

have limits on the amount of mail permitted to be stored by their ISP, spam

often creates full mailboxes, which may result in legitimate messages being

rejected. A study conducted by the European Union in 2001 estimated the

worldwide cost of spam to Internet users to be in the range of US$ 10 billion

annually.5



3.2.2 Equally significant are issues relating to invasion of privacy and the fact that

spam is widely regarded as an intrusive nuisance by most users. The ease with

which spammers can access databases of email addresses (known as address

harvesting) of users as well as personal information, without the knowledge or

consent of the users or the website owner, highlights the need to protect the

privacy of the users.



5

Commission of the European Communities Unsolicited Commercial Communications and Data

Protection: Summary of Study Findings, 2001.

5-5

3.2.3 The fact that a high percentage of spam often has illegal or offensive content

or involves confidence tricks and scams is a matter of considerable concern

especially in view of the fact that recipients of such spam may often be

minors. Spam exposes users to additional risks as in many cases the messages

may be fraudulent or deceptive in nature.



3.3 Impact upon Businesses



3.3.1 Businesses suffer due to spam on account of the investments they are required

to make in order to filter out and counter spam. It is also perceived that spam

is adversely impacting e-commerce by eroding the confidence of consumers in

the Internet being a medium for safe and secure transactions.



3.3.2 Spammers sometimes alter the subject line of a message or the address from

which it appears to have been sent in order to create the impression that the

message has originated from a legitimate business. For the business so

targeted, this results in a loss of reputation and goodwill since consumers

mistakenly believe that the business concerned is sending spam. In fact,

businesses have been compelled to initiate legal proceedings against

spammers in order to prevent such damage to their reputation.



3.3.3 Ironically, one area of concern for businesses is the filtering software

employed by ISPs in an attempt to counter spam. In many cases, consumers

have willingly subscribed to certain services or to receive information or

updates from genuine businesses. However, messages sent by such businesses

to the recipients who have expressly consented to receive them are often

confused by the filters installed by ISPs as being spam and therefore, blocked.



3.4 Impact on ISPs’



3.4.1 Spam is an area of concern for ISPs not merely because it uses up large

amounts of available bandwidth on the network and storage space on servers

but more importantly because it upsets customers and increases the technical

support costs. In light of the available data that estimates spam to account for

more than half of all message traffic, it follows that ISPs are presently bearing

the costs for infrastructure that in the absence of spam, would not be required.

To compound their problems, ISPs are required to continually make further

investments to upgrade existing infrastructure to cope with the escalating

threat.



3.4.2 Other negative impacts of spam on ISPs include costs incurred on account of

incorporating internal measures to counter spam, for instance, by way of

filtering programs.



3.4.3 Owing to the fact that spammers often generate random email addresses, many

of the recipients to whom spam is sent are non-existent. In order to avoid the

deluge of undelivered messages that would normally be sent to the sender,

spammers do not disclose a genuine email address and rely instead on a fake

or substitute one, often that of an ISP. This results in a substantial amount of

email traffic getting diverted to an ISP.

6-6

3.5 Impact and Concerns for Regulatory Authorities



3.5.1 In addition to what has been stated above, spam is a major concern for

regulatory and law enforcement agencies worldwide for reasons of public

welfare. Due to the attraction that the sender’s identity can be easily disguised

in a spam message, spam is fast becoming a popular medium for advertising

illegal or immoral activities as well as disseminating offensive content. Seen

in light of the enormous reach of the Internet as a medium for mass

communication and the increasingly significant role it has come to play,

widespread and indiscriminate distribution of such socially harmful content is

a matter of grave and urgent concern.









7-7

BACKGROUND MATERIAL



SESSION - II



Containing Spam through integrated measures



1. Technological Solutions



1.1 Technological solutions are a primary means of addressing the problem of

spam. Anti-spam technologies can be implemented at the desktop, server or

ISP level, and are available through software packages as well as software

services. Though there are presently several such solutions on the market,

there is no single approach to blocking spam. Success depends on facts and

circumstances and often a multi-layered technology solution approach.



1.2 Desktop/Server Solutions



Some of the solutions commonly used at the server or desktop level include –



(i) Blacklist Services – Blacklist services involve a database of known

spamming IP addresses. Before delivering an email, the ISP or the

software programme in question checks the address of origin against

those in the database. If a match is found, it is presumed that the

message constitutes spam and is therefore not delivered.



(ii) Whitelist Services - Whitelist services tackle the problem in exactly

the opposite manner to Blacklist services. The Whitelist database

comprises of a list of addresses that are “legitimate” or “safe”. Any

message originating from an address other than those listed is

presumed “unsafe”. Whitelist services are often coupled with a

“challenge and response” system. In the event that the message

originates from an unknown sender, the system automatically sends an

email to the address of origin, seeking a confirmation message. In the

event that a subsequent confirmation is received, the system assumes

that the sender is a legitimate concern (and not an automated

“spambot”) and permits the message to be delivered.



(iii) Linguistic text analysis and Heuristic Engine based filters – Filters are

possibly the most common method of dealing with spam. Filters

comprise of algorithms that analyse the message and determine the

likelihood of it being a spam message. Those that test positive are not

delivered to the recipient. Filtering algorithms normally use linguistic

analysis or statistically derived heuristics to determine the nature of a

message. Linguistic tools permit filters to conduct Boolean searches

based on content and combinations of words or phrases. Heuristic

engines on the other hand use statistics and certain established thumb

rules to analyse content and determine whether the message is spam or

not.





8-8

(iv) Networked Vigilance – Networked vigilance refers to a recent

initiative involving the creation of a centralized database of spam that

is continually updated by submissions from contributing sites and

users. The underlying concept is that a mail server can compare mail

messages it receives with the centralized database to see whether the

said messages have been entered as spam.



1.3 Internet Service Provider/Internet Gateway Solutions



It is estimated that employing anti-spam practices at the Internet gateway can

block up to 40% of incoming spam messages which can reduce the costs of the

expensive message analysis techniques. Measures include6:



(i) Address Harvesting Defense - Monitoring connections to the Internet

mail gateway in order to recognize and block address harvesting

attacks.



(ii) Anti-Spoofing Rules - Spammers often attempt to deliver messages

addressed from the recipient's domain on the assumption that most

domains will "whitelist" their own mail, allowing it to pass through

unchecked. This type of address spoofing can be prevented by

carefully checking the origin of the messages.



(iii) SMTP Authentication/Transport Layer Security (TLS) - Enables

enterprises to tightly restrict access to their Internet gateways by

authenticating users using usernames and passwords



(iv) DNS checks - Verifies domain names by use of DNS lookups. This

represents a relatively quick and easy technique to block spammers

from delivering their messages.



(v) DNS-based Real-time Blacklists - Prevents messages originating from

suspect IP addresses from being delivered.



(vi) In addition, some email service providers and ISPs are considering

future solutions based on electronic proof based approaches involving

virtual “stamps” that notify that an email sender has expended some

sort of resources for every email that they send. At the core of such

approaches is the concept that the solution for spam lies in changing

the economic incentive for sending it.



1.4 Changing Spam Requires a Flexible Solution



To ensure effectiveness, and to consistently maintain the same, anti-spam

solutions need to be continually monitored, tuned and modified, as necessary,

to meet the evolving challenges of spam management. Such monitoring seeks

to ensure adaptability of the solution in view of 7-





6

www.sendmail.com/products/antispam_pr.shtml

7

www.sendmail.com/products/antispam_pr.shtml

9-9

(i) Spam changes – It has been estimated that a new spam message or

technique is created every one to three days.



(ii) Enterprises have different concerns about spam - Given individual

corporate policies with respect to the use of language in email,

offensive content filters should be customized to a particular

enterprise's needs.



(iii) Different Enterprises Have Different Legitimate Email Characteristics

- Identifying characteristics of legitimate email are different from

enterprise to enterprise, and even between different job functions

within an enterprise.



2. Legislative/ Regulatory



2.1 Features of an effective legislation



In order to effectively address the problem, without disrupting existing

commercial relationships, a successful anti-spam legislation should seek to

allow consumers to receive email from trusted senders, while allowing them to

block unsolicited or unwanted spam. Effectiveness of any legislation would

have to be judged in terms of its ability to:



(i) Decrease the volume of spam



(ii) Lower costs to consumers, ISPs, service providers and

businesses, who currently bear bandwidth, storage and software

costs associated with spam, as well as the associated

productivity losses and technical support costs



(iii) Greater consumer control over whether and how to receive,

filter or delete messages



(iv) Broader commercial adoption and enforcement of email best

practices



(v) Minimal disruption of pre-existing commercial relationships

between businesses and consumers.



3. International Cooperation-



3.1 Anti-spam initiatives are often ineffective due to problems in identifying

spammers and the lack of extra-territorial jurisdiction. Any national legislation

will initially focus on the enforcement of locally sourced spam.



3.2 The Government should work with multilateral and bilateral bodies to develop

international guidelines and coordination mechanisms to attain a degree of

uniformity in the policy approach to the anti spam drive and the adoption of

international best practices. This would include awareness campaigns with

participation of national consumer groups and self-regulatory groups. The

Government should work along with bodies like the OECD and APEC to



10-10

develop international guidelines and cooperative measures which aim to

reduce the total volume of spam, apply the opt-in principle where practicable,

eliminate false and misleading subject and header lines and provide end users

with information on anti-spam measures.



3.3 Enforcement of penalties relating to overseas sourced spam will be

problematic until a suitable international framework is in place. It will also

ensure that there is an appropriate enforcement regime to deal with overseas

spammers as soon as multilateral arrangements are in place.



4. Conclusion



In view of the above discussion, certain broad conclusions can be made out

regarding spam and the need to take steps to address the problem.



So far, spam has forced governments and private players to take immediate

steps to remedy the situation. Though little consensus exists on what

constitutes spam and the best way to address it, it is generally agreed that there

is no one approach that can comprehensively solve the problem.



Given the magnitude of the problem and its simultaneous impact on several

interest groups, adopting a multi-pronged approach may be the only viable

solution to the problem. Such multi-pronged strategy may include

technological solutions, self-regulation, industry best practices, creating

awareness and legislative/regulatory solutions.



Even those countries that have implemented legislative and regulatory

measures recognize that such measures alone are inadequate to mitigate the

situation. Such countries now plan to implement further measures to

supplement the regulatory framework. International businesses are urging

governments to adopt balanced legislative approaches as part of a toolkit of

possible ways to combat spam.



At present India does not have a law on spam. The Information Technology

Act, 2000 is silent on the issue, and other Indian laws do not appear to deal

with the problem either. In keeping with the proposition of a multi-pronged

approach, it India too may consider adopting a layered strategy comprising of

technological solutions, appropriate self-regulatory measures, consumer

awareness campaigns, legislative measures and guidelines for international

cooperation.







___________________________________________________________________________



Note: The views expressed are of FICCI IT Committee members. For more information please

contact Mr. Tabrez Ahmad, Sr. Asstt. Director – IT at tabrez@ficci.com









11-11


Related docs
Other docs by kylemangan
European Commission Insurance Solvency II
Views: 32  |  Downloads: 5
Consumer Assistance Training Online
Views: 3  |  Downloads: 0
STATISTICS
Views: 61  |  Downloads: 5
Pivots
Views: 3  |  Downloads: 0
Final2008Summer_SFC Newsletter.indd
Views: 20  |  Downloads: 0
By registering with docstoc.com you agree to our
privacy policy

You are almost ready to download!

You are almost ready to download!