Hard battle lies ahead to shut the lid tightly on e-mail spam
February 22, 2001
IN THe low-tech days of Monty Python, serving Spam presented a gastronomic dilemma and junk mail came through the post. Not any more. Receiving unsolicited, or "spam" e-mails costs business millions of pounds every year, according to a study for the European Commission.
Spam is on the increase and no internet user is immune to the threat of attack. Even internet giants such as AOL have suffered at the hands of rogue assaults.
So what is being done to tackle the problem?
The UK has no specific legal provision for controlling unsolicited e-mail. At present it is regulated through various EU directives which restrict organisations’ ability to send direct marketing spam.
Meanwhile, mischievous spam e-mails, including those sent in bulk to slow down or cripple business activity, are yet to be tackled by legislation.
However, Britain must meet the requirements, by next January, of an E-Commerce Directive which stipulates that ISPs are not liable for the content of e-mails where they play a passive role as a "mere conduit" of information. This is arguably the current position in the UK, but it is the case that once illegal activity is brought to the attention of an ISP, it must take appropriate action or be prepared to face the consequences.
This point was highlighted in a case against Demon Internet last year, when the courts did not look favourably on the company’s lack of immediate response when alerted to defamatory material posted on a website which it hosted.
It is notoriously difficult to pin down perpetrators, not least because most spam originates in the USA. As a result, ISPs are probably best able to tackle the problem on a practical basis because they are generally the first to be informed of attacks.
They also have the technical expertise to deal with unsolicited e-mail. Furthermore, a service provider can bring action against a spammer if it can prove monetary loss because an attack resulted in a failure to provide clients with internet access.
Trademark infringement actions have also been used as the basis on which to crackdown on spam. AOL recently sued successfully for trade mark infringement when a spammer sent out 130 million junk e-mails with a reply-to address "aol.com".
The person behind the scam was ordered to pay AOL $400,000 compensation for loss of business and having to deal with the deluge of unsolicited messages. AOL is currently suing pornographic website owner and operator Cyber Entertainment for sending junk mail to its members.
While Cyber is apparently operating a no-spam policy, it is accused by AOL of encouraging website operators to send unsolicited promotional e-mails.
Data protection legislation could provide another method of regulation in the UK. Here, data controllers must obtain the consent of individuals before processing personal information, such as e-mail addresses, and they are obliged to register with the Information Commissioner.
Failure to do so may result in a claim for compensation by any individual adversely affected. If a spammer can be considered a data controller, then use of recipients’ e-mail addresses could be a breach of data protection legislation.
But, as the identity of the spammer is usually not known, it is unlikely that a recipient could take action. As a result, the benefit of this route of redress is limited and reinforces the difficulties facing victims. Many ISPs are proactive in absorbing the costs of dealing with problem spam and it is possible they have realised the best solution is technical rather than legal.
The combined efforts of providers protecting their customers by building junk mail blocks and website owners initiating their own security measures, can minimise the risk of sites being hijacked by spammers. This is particularly relevant at a time when the advent of commerce on mobile phones is heralding the prospect of m-junk and highlighting the need to tackle head on the issue of spam.
Leigh Lawrie is a solicitor specialising in intellectual property and information technology with Shepherd & Wedderburn.
Leigh Lawrie, emailtoday.com