SPAM Policy Discussion Paper

4 December 2002

Summary – Labor’s Policy Objectives

General Objectives

	Create a workable policy for dealing with the problem of spam to the satisfaction of internet subscribers and online businesses.
	Develop a holistic approach to combat spam that draws on the policy tools of legislation, public education, co-operation with the internet industry, and co-operation with the international community.
	Develop a workable definition of “spam email” as a category of email that needs to be minimised, as opposed to acceptable online marketing.

Legislative Objectives

	Examine fully the effectiveness of existing legislation designed to combat spam.
	Examine possible legislative mechanisms to cut down the trade in email addresses.
	Examine the possibility of establishing a legal presumption that individuals are entitled to be free from unwanted email.
	Examine legislative methods that require senders of bulk emails to correctly identify themselves to recipients.
	Examine what remedies can be used to deter breaches.

Public Education Objectives

	Develop a public information program empowering internet users to take practical steps to defend themselves against spam.
	Build on any existing public education programs currently being offered.

Co-operation with the Internet Industry

Work with the Internet Industries to develop mechanisms at an industry level to reduce spam, building on existing practices currently employed by Internet Service Providers

International co-operation

	Ensure that Australia’s approach to combatting spam compliments efforts put forward in other legal jurisdictions.
	Work to establish an international framework to reduce spam from foreign sources

Introduction

Unsolicited, “junk” email, or “spam” has been a feature of the internet at least since it became a commercial medium. The first recorded incidence of spam occurred in 1994 when US law firm, Canter and Siegel, put out a mass advertisement for an immigration advocacy service they offered.

Broadly “spam” refers to an electronic mail message that is:

	Transmitted to a large number of recipients; where
	Most or all of the recipients have not requested those messages.

Spam is also called Unsolicited Bulk Email (UBE).

For the purposes of managing this issue, developing a workable definition of spam is very important. This is discussed in further detail in Appendix A.

As the internet has grown in terms of numbers of users, so has the incidence of spam. Once an occasional irritation, that many users could overlook, spam has now become the source of much frustration for many internet users. Some individuals put up with dozens of unsolicited bulk emails each day.

The most recent figures from the National Office of the Information Economy suggest that the Internet is available to a large number of Australians, with around 72% of the adult population having access (mostly at home or at work)[1], as well as 80% of small to medium enterprises.[2]

Certainly, as Internet take-up increases spam is being discussed both in the information technology, and the mainstream media. As the number of Australians establishing themselves online increases, so will the impact and relevance of spam.

As well as the perceived rise in spamming being reported in surveys and anecdotally in the media, a specific incident gave this issue prominence. That was the court case between Perth-based marketing firm, T3 Direct and Joseph (Joey) John McNicol. This will be discussed below, but the case highlights that the position of spam under the law is unclear. The legality of an resident of Australia to take steps to prevent “spammers” from undertaking what they find to be expensive and frustrating activity is uncertain.

In spite of these issues, the Coalition has been slow to address this problem. Until August 2002 the totality of the response had been to issue some voluntary guidelines relating to online direct marketing, and to assert that the incidental operation of existing Australian laws were enough to combat spam. Clearly this has not been the case, but it has been left to internet industry groups like the Internet Industry Association to try and develop their own codes of practice.

In June the Coalition’s credibility in this area was further damaged when the Office of the Federal Privacy Commissioner announced a formal investigation into a Government website for sending spam.[3] The investigation has yet to be concluded, but for an issue which requires co-operation with individuals, the internet industry and the international community, this does not help the Government’s standing.

In August the National Office for the Information Economy (NOIE) released an interim report on spam. That, almost four months after it was announced, the report was only an interim report was disappointing, and can be seen as more prevarication by the Coalition.

The report contained 15 draft recommendations on spam. These mainly involved encouraging internet industry bodies to take action and co-operating with the international community. These are not bad suggestions, but there is an argument that legislative change also needs to be implemented. The paper’s position on this was to better enforce the existing legislation, and to recommend the Government consider further legislation. Clearly more needs to be done in this area.

The costs of spam are hard to quantify, but they include the bandwidth and network costs of the transmission of spam, as well as productivity costs to businesses caused by time taken to open, read and react to such messages.

It should be noted that unlike normal “junk” mail, email “spam” costs nothing for the spammer to send. Instead the cost is borne by the receiver, either directly, as the longer download times, and higher download rates result in a larger bill from ISPs, or indirectly, as ISPs pass on the costs they pay for spam to their customers.

Therefore spam is being paid for by every internet user, whether or not they personally are receiving it.

This is on top of the frustration internet users face in receiving large amounts of unwanted, and sometimes offensive, email. Especially when this email overflows their mailboxes, causing legitimate emails to be “bounced” back to the sender.

While the exact figures in terms of extent and cost of spam may vary, it is clear that effective steps have to be taken to address the problem – something that has not occurred so far.

This discussion paper on spam will outline the extent of the spam problem, discuss existing measures that attempt to deal with spam, including the flaws in the current regime, and it will suggest alternative policy approaches to improve the effectiveness of the problem.

Outlining the spam problem

Extent of the problem

It is difficult to get accurate figures for the extent of spam (partly for issues relating to the definition of spam), but most accounts indicate that the incidence of spam is significant and increasing.

The NOIE interim report on spam cites figures which indicate that for 54% of US email users, spam accounted for 20% or more of all the email they received.[4] The Coalition Against Unsolicited Bulk Email in Australia (CAUBE) states that at the 1991 email addresses they surveyed, spam increased by a factor of 6 in 2001, equating to a doubling every four-and-a-half months.[5]

CAUBE also cites a Korean study that estimated that spam made up over one half of the average user’s mail each day.[6] While these figures may not be precise, the support the impression that in countries with a high number of internet users, spam is an increasingly significant issue.

	the worldwide cost to internet subscribers of spam is in the vicinity of A$16.8 billion a year; and
	the cost to business in lost productivity of spam is A$960 per employee each year.[7]

Even allowing for some over-estimation of these figures, the cost of spam to the economy is still a significant issue.

Specific problems raised by spam

Spam has several characteristics which specifically make it undesirable to internet users.

Illegal or offensive content

Owing to the ease of concealing an email’s origin, spam is the advertising medium of choice for advertisers of illegal (including criminal) activities, such as deceptive advertising, or even confidence tricks, or offensive content (such as pornography). Thus, the mass, undiscriminating distribution of this kind of anti-social material to the population at large is a problem.

Damage to e-commerce

Spam creates a bad reputation amongst people who might otherwise use the internet for commercial purposes. Stories of email scams generate the belief that e-commerce is unsafe, and by association trust in legitimate online vendors is eroded.

Cost

As discussed earlier, spam is having a significant cost on the internet economy. The vast majority of this cost is borne by receivers of spam, not spammers themselves.

Inconvenience

Even to people who routinely delete unwanted email, the constant bombarding of an email address by spam can be a nuisance. For some, spam outnumbers legitimate email. The time taken to sort through and delete such mail is added the time taken to download it, which on a dial-up connection can be significant.

Additionally, to those people who have limits on the amount of mail their email provider will hold for them, spam can often mean a full mailbox – meaning desirable emails get rejected. At this stage the value of having email at all is destroyed

Privacy

Privacy has a different relationship to spam than do the other issues raised here, because spam does not necessarily cause breaches of privacy, rather the widespread incidence of spam tends to represent a lack of good, enforceable privacy regulations.

Basically, spammers are only able to send unsolicited bulk email if they have lists of email addresses. This usually means that the spammer has obtained the email addresses, often through an unspecified method. The user is often unaware of how to remove their details from the spammer’s list, and may well be concerned that a purveyor of pornography or other offensive material may hold other personal details about them.

Often email addresses are collected and sold without the knowledge or consent of the owner. This usually indicates an in-principle breach of privacy for the owner of the address. Thus, as will be discussed later, a strong privacy regime can inhibit spam.

An example of this is the European Union, where Directive 95/46/EC of 24 October 1995 provides that personal data (which, crucially, includes email addresses) may not be processed unless it is collected fairly and for specified and legitimate purposes.[8] As a result, European email addresses tend to be less troubled by spam, because the trade in email addresses never occurs.

Email vigilantism

Frustration with spam has caused many internet users to strike out against spammers on their own. In fact, there is an argument that internet activists are mainly responsible for what little respite in spam has occurred. A common tool of the anti-spammer is the “blacklist” – a website which compiles lists of known spammers which others may then adopt to block all mail from those senders.

While useful in theory, these can have a number of flaws, the least of which being the unintended damage to innocent victims who appear on the list, despite not being spammers. This exact circumstance gave rise to the Joey McNicol case, where a direct marketing company took legal action against an individual who it alleged wrongly caused it to be blacklisted by such a site.

T3 Direct v Joseph John McNicol[9]

Perth based direct marketing company, T3 Direct, alleged that Mr McNicol sent an unfounded complaint to an online spam “blacklist”[10], claiming that T3 was sending spam. The company alleged that Mr McNicol “procured, induced, incited, persuaded, encouraged, organised, facilitated and/or advised” the owners and users of the blacklist to block emails from T3 Direct. Presumably, as a direct marketer this was detrimental to the business’s interests.

The case raised an important question for the law, which despite a ruling falling in Mr McNicol’s favour has yet to be resolved – is it unlawful for a resident of Australia to take steps to prevent what they find to be expensive and frustrating activity undertaken by senders of unsolicited bulk email? Currently there is no firm statement in the law one way or another, and this legal uncertainty raises a potentially difficult situation.

Mr McNicol won the case because the marketing company could not prove that Mr McNicol was responsible for its presence on the blacklist. The question of whether or not such an act would be unlawful does not appear to have been dealt with by the court.

It is clear that the law cannot remain silent on the issue of spam. Unless adequate legislation covering spam is put into place, blacklists will continue to operate unregulated, and spammers may be able to use the law to protect their activities in the face of outrage from the online community.

Existing responses to spam

Government responses

NOIE Interim Report

In August 2002, NOIE released an interim report on spam[11]. The report is a welcome step as it at least shows that the Government is attempting to address the problem. The report contained some useful new research and collated 15 draft recommendations on addressing the issue of spam.

The report is only an interim document. It does not reflect any final position by the Government. A final report is to be released for consideration by the Government at some time in January 2003.

The recommendations include internet industry self regulation, the education of internet users, and cooperation with the international community. These are positive steps that a Commonwealth Government can take.

However, the report arguably under-emphasises the potential of legislative reform. It suggests that existing criminal and consumer protection laws should be more proactively applied and enforced, but it is more hesitant about introducing new legislation. The relevant recommendations on this point are as follows:

“6. Regulatory agencies, in particular the Australian Competition and Consumer Commission (ACCC), Australian Securities and Investment Commission (ASIC) and the Office of the Federal Privacy Commissioner (OFPC), should be encouraged to fully apply existing laws to spam. Appropriate resources need to be allocated for this task. For example, section 52 of the Trade Practices Act includes provisions with potential to operate against spam that is misleading or deceptive such as spoofing and misleading privacy statements.

[…]

9. The current application of the National Privacy Principles (NPPs) to spam should continue to be clarified, in straightforward publicly available advice, as cases evolve.

10. The application of the Privacy Act to spam should be considered. The proposed review of private sector amendments of the Privacy Act may be an appropriate vehicle for this.

[…]

12. The Government should consider anti-spam legislative options in further detail, consulting with all interested parties, and focussing at this stage on the following options:

· An outright prohibition on the sending of unsolicited bulk electronic messaging;

· A requirement for greater transparency in the nature and origin of bulk electronic messaging;

· The creation of a new offence of using a carriage service to commit any Commonwealth offence.”[12]

The report correctly states that legislation is “no silver bullet”. However, this does not mean there would be no benefit to a well developed legislative structure that addresses spam and ensures that, where possible, the practice is discouraged. Legislation is a tool to inhibit a culture of spamming that clearly exists.

Addressing spam through the Privacy Act would be a good way to do this, but the mechanism for doing this following the foreshadowed review of the Act in December 2003[13], or 16 months after the publication of the report.

Guidelines

In May 2000, the Minister for Financial Services and Regulation, Joe Hockey, launched “Building Consumer Sovereignty in Electronic Commerce: A best practice model for business”. The document is intended to serve both as guidelines for businesses, and for industry codes. It states that

“23. For commercial e-mail:

23.1 Businesses should not send commercial e-mail except:

23.1.1 to people with whom they have an existing relationship; or

23.1.2 to people who have already said they want to receive commercial e-mail; and

23.2 Businesses should have simple procedures so that consumers can let them know they do not want to receive commercial e-mail.”

This is the only set of guidelines, regulations or legislation that specifically lays down instructions about email marketing. While it labels unsolicited commercial email as being unacceptable, it represents a “soft touch” approach; the actual extent that these guidelines act as a deterrent to spammers, and the impact that it has had on spam is unclear.

Legislation

Currently, there is no legislation specifically enacted to target spam. However, according to NOIE there are six Acts which can apply to spam[14]:

Privacy Act 1988 – Privacy Regulations

The Guidelines to National Privacy Principle 2(c), relating to direct marketing, states:

“This [privacy principle] allows organisations to use non-sensitive personal information for direct marketing where, among other things, it is impracticable to seek the individual’s consent and where the individual is told that they can opt out of receiving any more marketing from the organisation.

[…]

As the cost of emailing is negligible, ordinarily it will not be ‘impracticable’ to seek consent where an organisation chooses on-line methods of contact or communication. This means that generally an organisation could not rely on NPP 2.1(c) for techniques such as email marketing or SMS marketing.”[15]

The implication of this is that spam to an individual’s email address would not be permitted unless it is impractical to seek an individual’s consent, and the individual is given the choice to “opt out” of the arrangement.

Broadcasting Services Act 1992 – Content Regulation

The Broadcasting Services (Online Services) Amendment Act 1999 amended the Broadcasting Services Act 1992 to include an online content regulation scheme. Although the scheme covers web sites rather than email, any offensive internet content (that is, content classified R, X or Refused Classification (RC)) that is available at a web site to which spam directs recipients, may be the subject of complaint under the scheme.

Under the Act, anyone may complain to the Australian Broadcasting Authority (ABA) if they believe Australians can access prohibited or potentially prohibited online content using an Internet carriage service or that such material is being hosted in Australia by an Internet content host.

NOIE claims that the Act can be applied to a spammer who advertises pornography sites by requiring the ABA to issue a “take down” order for those sites. Presumeably the reasoning is that after the take down order is issued the pornography spammer would have no sites remaining to advertise.

Interactive Gambling Act 2001 – Online Gambling Regulation

According to section 61EA of the Interactive Gambling Act 2001, Interactive gambling service advertisements are not to be broadcast or datacast in Australia. Specifically, a person is guilty of an offence if:

“the person broadcasts or datacasts an interactive gambling service advertisement in Australia”[16]

In effect, this Act prohibits most email advertisements for online gambling which target Australian internet users. Complaints about such emails can be made to the ABA which manages a complaints mechanism.

Trade Practices Act 1974 – Deceptive and Misleading Conduct

Where email is used to make misleading claims about products, promote pyramid trading, or to induce payment for a non-existent good or service it is being used to breach the Trade Practices Act 1974 (TPA).

The Australian Competition and Consumer Commission (ACCC), responsible for enforcing the Act, is focussing some attention on electronic commerce, including (but not limited to) spam that breaches the TPA.[17]

Crimes Act 1914 – Menacing or harassing email

According to NOIE,

“section 85ZE of the [Crimes Act] makes it an offence to intentionally use an Internet carriage service to menace or harass another person or in such a way as would be regarded by a reasonable person as offensive. While Internet content is excluded from this provision, it would apply to all other uses of a carriage service such as e-mail.”[18]

Corporations Law – Unlicensed Financial Advisors

According to NOIE,

“Under the Corporations Law it is illegal to provide financial advice without a licence. ACCC evidence suggests that spam is currently being used to proffer financial advice often from unlicensed persons.”[19]

Industry responses

The internet industry has not always placed a high priority on combating spam, but as the incidence of spam, and the internet, has grown it has made an effort to discourage the practice.

For example, at one time, the Internet Industry Association (IIA) contained in its industry code of practice several provisions relating to spam. These included:

	A prohibition on spamming by internet service providers (ISPs), excepting when there is a pre-existing relationship with the recipient;
	The ability for recipients to “opt-out” of any email list where there is a pre-existing relationship;
	A requirement of an acceptable use policy (AUP) that prohibits spam;
	Provision for a working contact address for spam complaints;

Unfortunately, the IIA has abandoned its general draft Code of Practice in favour of a number of codes which cover specific issues. None of these include spam. However, the IIA has suggested that spam will be covered in it forthcoming Cybercrime Code of Practice, to be finalised this year.[20]

In the mean time, the legacy of the original effort is that several ISPs developed, and retain, AUPs that prohibit spam (see APPENDIX B). This demonstrates some industry commitment to spam, however, in terms of widespread industry participation, as well as the creation of minimum standards, there is room for improvement.

Flaws in the current legislative regime

Legislation

The principle flaw in the current legislative regime is that this legislation does not deal specifically with spam. Instead, it deals with some of the content contained in spam – pornography, gambling, and deceptive trade practices, or when spam breaches privacy requirements relating to the National Privacy Principles (specifically with National Privacy Principle 2(c) relating to direct marketing).

While there are limitations to what legislation can do to enforce any kind of practice on the internet, as far as spam is concerned it can still have its place as part of a holistic approach to addressing the problem. A strong legislative regime specifically addressing spam would be necessary for three reasons.

First to control spam where it is possible – in Australia. Obviously this would have no effect on spam arriving in Australia from overseas, but it would impact on Australia’s contribution. CAUBE estimates that 16% of global spam originates in Australia[21], and NOIE’s interim report suggests that 20% of large Australian ISPs receive the majority of their spam from within these shores.[22]

Conversely, Western Europe, which has very strong privacy and anti-spam legislation is not regarded as being the source of the majority of spam for any ISP. [23]

A strong legislative regime could also act as the basis for negotiations with the international community. The more global such legislation is, the more effective it would be.

Second, it would give spam a clear status under the law. This can lead to a court using existing principles of common law to decide that an individual who has acted to stop an organisation from spamming can be sued under third party torts law. This possibility will soon be explored in the Joey McNicol case.

Finally, legislation would also make it clear that spam, however it is defined (see Appendix A), is unacceptable conduct. As long as there is no firm legal statement on spam, the most recalcitrant spammers can ignore the protestations of the growing internet community, and claim that there is nothing wrong with spam. Strong legislation would make this claim unrealistic.

Specific failings of the existing legislation

Privacy Act 1988

National Privacy Principle 2(c) specifically states that “it will not be ‘impracticable’ to seek consent where an organisation chooses on-line methods of contact or communication”, leading to the conclusion that this principle does not allow direct marketing by email.

However, email direct marketers can argue that spamming is allowed under NPP 2(b), which states that

“This [principle] allows an organisation to use or disclose personal information for a secondary purpose if it has the individual’s consent. Consent to the use or disclosure can be express or implied. Implied consent arises where consent may reasonably be inferred in the circumstances from the conduct of the individual and the organisation. For example, it may be possible to infer consent from the individual’s failure to opt out provided that the option to opt out was clearly and prominently presented and easy to take up.”

The conclusion to be drawn from this is that a spammer who receives a individual’s email address can use it for a “secondary purpose” if consent can be implied by “the individual’s failure to opt out” as long as “the option to opt out was clearly and prominently presented and easy to take up” – for example the spam email contains a clear statement offering the ability to unsubscribe.

Unfortunately, the prevalence of spam has led many people to become suspicious of any kind of direct marketing. It is commonly accepted that to respond to spam in any way – even to “opt-out” – risks confirming to unscrupulous spammers that one’s email account is active, and therefore inviting more spam. This prevailing attitude could reduce the effectiveness of legitimate “opt-out” schemes.

In any case, the penalties for breaching Privacy Principles are hardly a deterrent. An investigation by the Federal Privacy Commissioner may take up to six months and may only result in an apology. In some cases compensation may be ordered.

Broadcasting Services Act 1992

The Broadcasting Services Act does not deal with spam at all. In so far as a person is sent unsolicited email referring to a pornographic site they can make a complaint about the site to the Australian Broadcasting Association. If the site is located in Australia ABA might then order the site to be taken down if it is found to contain objectionable material. However this would do nothing to prevent the site administrators from sending spam email.

Interactive Gambling Act 2001

This Act has a very narrow focus, only prohibiting email that advertises online gambling on an Australian web site, delivered to Australians. It would not apply in other situations.

Trade Practices Act 1974

As far as the issue of spam is concerned, the Trade Practices Act also suffers from having a narrow focus – only covering spam that is used to make misleading claims about products, promote pyramid trading, to induce payment for a non-existent good or service, or otherwise breach the Act. The ACCC, which enforces the Act, specifically states on its web site that it is not interested in unsolicited email “unless it involves conduct mentioned above” (ie breaches of the Trade Practices Act).

Addressing the Problem of Spam

Clearly there is no single solution that will solve a complicated, cross-jurisdictional issue like spam. A mix of complimentary policies is required. Part of the problem will be determining what that mix should be. Broadly there are three directions that can be taken:

	A light touch approach, where any unsolicited bulk email that is not blatantly offensive, illegal, or commercially misleading is acceptable, including to some extent unsolicited direct marketing. This arguably describes the current regime.
	A heavy touch approach, where bulk emails may only be distributed to consenting people
	A middle road, that would presumably allow some kind of regulated direct marketing system to mailing lists established for that purpose, but would prevent mass unsolicited emails.

It is clear that the third option is the most acceptable because the first is no solution, and the second is very difficult to implement.

Following are some suggested policy mechanisms that can be employed to combat spam. They are discussed under four major headings:

	Legislative changes
	Public information
	Co-operation with business
	International Co-operation

Legislative Changes

Whilst any legislative regime will have its flaws, particularly relating to the international incidence of spam, it nonetheless plays a crucial role in addressing the problem. It is important to have a strong regime in place to make it clear to the community that spamming is not good commercial conduct. Legislative reform could examine four possible outcomes:

Cut down the trade in email addresses. Basically the key driver for spam is the ease of obtaining email addresses. If some spam itself is to be believed, a CD with over 1 million email addresses can be bought for $US10. Measures which prevent the unregulated trade in email from occurring would go some way to nip the problem in the bud, and should be the basis of any anti-spam regime.

On-selling of email addresses to be prohibited without the consent of the owner (given to each new vendor).

Establish a basic legal presumption that individuals are entitled to be free from spam. This issue can be contentious, given that it can be interpreted as being opposed to the principles of freedom of expression. Often analogies are drawn between unsolicited email (ie spam) and unsolicited “real” mail (ie junk mail). However, this analogy does not hold, because the cost of junk mail is borne by the distributor of the mail, whereas the cost of spam is eventually borne by the user. Hence the user is entitled to take measures to prevent being spammed without fear of reprisal from spammers.
The source of unsolicted bulk emails must be clear to recipients. This is for two reasons. First so that recipients can respond to senders of unsolicited emails if they wish to be removed from the list; second so that legal action may be taken against spammers who don’t comply with the regime. The obvious problem with this is that by definition it can be difficult to track down anonymous and unscrupulous spammers. However, there are technical ways by which some falsification or anonymising techniques can be circumvented.
The remedies must be significant to deter breaches. Remedies should include a combination of:

	The law expressly does not recognise any right of any organisation to send unsolicited bulk emails (this does not necessarily prohibit the sending of these emails)
	Advertising and bulk emails must not be unsolicited. Individuals must “opt in” to any emailing list used for advertising purposes
	Individuals must be allowed to “opt out” of any emailing list used for advertising purposes
	Any individual or organisation is entitled to take steps to filter email from any business or individual, provided the owner of the email account has given their explicit consent.
	Any individual or organisation who suffers a loss from deliberate or reckless use of unsolicited bulk emails is entitled to claim compensation from the spammer to cover the loss.

	Bulk email advertisements required to be clearly identified as such in the subject heading
	Bulk email must clearly display the name, email and physical address of the distributor of the email and the vendors of the products advertised.
	The intentional obfuscation or falsification of internet domain header information, date or time stamps, originating email addresses or other email identifiers for the purpose of concealing the origin of any bulk email should be prohibited.
	“Spoofing”, or routing spam through innocent third parties to make it appear they are the distributors of spam, should be prohibited.

	Warnings
	Fines
	Compensation
	injunctions

Public Information

There is a great deal the public can do to defend themselves from spam, if they are adequately informed. The Government should set up a one-stop website offering free information about spam, including:

	Detailed self-help steps that can be used to minimise spam
	Freeware/shareware and commercial spam filters which have been rated for effectiveness
	information explaining the Government’s multi-pronged approach, including a description the current legislative regime

Cooperation with business

Much of the infrastructure used to distribute unsolicited bulk emails is owned in the private sector. Government needs to work with businesses operating in the internet industry to ensure that every stakeholder is concerned with the prevention of spam. Approaches could include:

	A set of “best practice” guidelines which will help ISPs minimise spam originating from their service or passing over their networks;
	Enforcement of these guidelines;
	An industry managed list of known spammers;
	An industry evaluation and rating program for spam filters – similar to the internet content filter evaluation system currently in place; and
	Co-operation between ISPs to neutralise spammers

International Cooperation

The cross border nature of the internet makes it obvious that no single nation can combat spam on its own. Even a flawless anti-spam legislative regime operating within a country’s borders will not affect spam originating from other countries. When the European Union installed its very tough anti-spam regime, it was immediately branded as ineffective, with critics pointing out that most spam comes from outside EU borders.

Governments must work together at an international level to successfully combat spam. It is important that Australia discuss the issue with other countries and work to ensure tough anti-spam measures are in place both in Australia and elsewhere.

Conclusion

The significant proportion of Australian internet users suffer considerably from the occurrence of spam. It is a significant inconvenience for many internet users, but more importantly it creates considerable cost for the internet industry as a whole. This is a cost which is eventually borne by internet users themselves, even if they do not experience spam themselves.

This cost is in addition to the many other negative effects of spam.

Labor feels that it is important to develop approaches to combat spam. This paper has been developed to promote discussion about this topic. Not all of the approaches listed would necessarily employed, and it may be that there are other policy options which do not appear.

Labor encourages constructive responses to this paper for the purposes of informing our final policy on this topic.

APPENDIX A – Defining “spam”

APPENDIX B – Sample Acceptable Use Policies

[1] National Office for the Information Economy, “The Current State of Play”, April 2002, p. 21; http://www.noie.gov.au/projects/framework/progress/ie_stats/CSOP_April2002/CSOP_April2002.pdf

[2] Yellow Pages, “E-Business Report – the Online Experience of Small and Medium Enterprises”, July 2002, p. 17; http://www.sensis.com.au/Internet/static_files/smeiypbibi_jul02.pdf

[3] Office of the Federal Privacy Commissioner, “Formal Investigation into Federal Government Web Site Commenced”, 12 June 2002; http://www.privacy.gov.au/news/media/02_10.html

[4] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002, p. 12, http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[5] Coalition Against Unsolicited Bulk Email, “Spam Volume Statistics”, http://www.caube.org.au/spamstats.html

[6] Coalition Against Unsolicited Bulk Email, “The Problem”, http://www.caube.org.au/problem.htm

[7] National Office for the Information Economy, “Spam – Frequently Asked Questions”, http://www.noie.gov.au/Projects/consumer/Spam/Info.htm

[8] Commission of the European Communities, “Unsolicited Commercial Communications and Data Protection”, 2001, p. 72; http://europa.eu.int/comm/internal_market/en/dataprot/studies/spamstudyen.pdf

[9] More details of this case can be found at the following sites: http://t3-v-mcnicol.ilaw.com.au/; http://winchester.ii.net/spamsuit/case/the_story.html; http://www.joeyfightsspam.org/

[10] “Spamming Prevention Early Warning System” (SPEWS);, http://www.spews.org/

[11] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002; http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[12] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002; pp 1-2; http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[13] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002; p. 34; http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[14] National Office for the Information Economy, “Spam – Frequently Asked Questions”, http://www.noie.gov.au/Projects/consumer/Spam/Info.htm

[15] The Office of the Federal Privacy Commissioner, “Guidelines to the National Privacy Principles”, September 2001; http://www.privacy.gov.au/publications/nppgl_01.html#npp21c

[16] Paragraph 61EA(1)(a), Interactive Gambling Act 2001.

[17] More information can be found on the following site: http://www.accc.gov.au/ecomm/access1b.htm

[18] National Office for the Information Economy, “Spam – Frequently Asked Questions”, http://www.noie.gov.au/Projects/consumer/Spam/Info.htm

[19] National Office for the Information Economy, “Spam – Frequently Asked Questions”, http://www.noie.gov.au/Projects/consumer/Spam/Info.htm

[20] Internet Industry Association, “The Canberra Connection, Newsletter of the Internet Industry Association”, April/May 2002; http://www.iia.net.au/news/020410.html

[21] Coalition Against Unsolicited Bulk Email, “The CAUBE.AU Spam Survey”; http://www.caube.org.au/survey.htm

[22] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002, p. 14; http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[23] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002, p. 14; http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[24] Coalition Against Unsolicited Bulk Email, “Definitions of Words We Use”, http://www.caube.org.au/whatis.htm

[25] Coalition Against Unsolicited Bulk Email, “Definitions of Words We Use”, http://www.caube.org.au/whatis.htm

[26] Coalition Against Unsolicited Bulk Email, “Definitions of Words We Use”, http://www.caube.org.au/whatis.htm

[27] National Office for the Information Economy, “Spam – Frequently Asked Questions”, http://www.noie.gov.au/Projects/consumer/Spam/Info.htm

[28] Coalition Against Unsolicited Bulk Email, “Definitions of Words We Use”, http://www.caube.org.au/whatis.htm

[29] Coalition Against Unsolicited Bulk Email, “Definitions of Words We Use”, http://www.caube.org.au/whatis.htm

[30] National Office for the Information Economy, “The Spam Problem and How it can be Countered – An Interim Report by NOIE”, 2002, p. 1, http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm

[31] Ozemail Pty Limited, “Acceptable Use Policy”; http://homesite.service.ozemail.com.au/about/policies/acceptableuse

[32] Telstra Corporation Limited, “telstra.com Terms of Use”, 1 June 2001; http://telstra.com/res/docs/Terms.asp

Share and Enjoy: