PROPOSED ANTI-SPAM LEGISLATION MODEL IN SINGAPORE: ARE WE LOSING THE WAR BEFORE EVEN STARTING THE BATTLE?
| Citation | (2005) 17 SAcLJ 747 |
| Date | 01 December 2005 |
| Published date | 01 December 2005 |
Unsolicited messages have grown into an intractable parasite on the underbelly of an otherwise effectual and vibrant electronic communications regime. There has been a sudden surge in the enactment of anti-spam laws globally within the last couple of years. On 25 May 2004, the Infocomm Development Authority of Singapore and the Attorney-General’s Chambers of Singapore jointly released a Consultation Paper on a Proposed Legislative Framework for the Control of E-mail Spam in Singapore. It is timely to consider the proposed anti-spam legislation model for Singapore in the light of such existing laws in other countries and their levels of effectiveness since their enactment in their respective jurisdictions. This article critically evaluates the suggested solutions contained in the Proposed Legislative Framework and makes some recommendations for changes to the model in order to render it a more powerful instrument to fight the problem.
1 Sender: UPIN20MINS4, Subject: MUL TI ORG ASM; Sender: MORTGAGEMAN4, Subject: Rates as good as 2.9%; Sender: Gilberto Kramer, Subject: RE: Account 5322E; Sender: warrenchik@smu.edu.sg, Subject: IT Support. Those were some of the electronic mail messages that appeared in my e-mail inbox in one morning. They are all examples of what we have come to recognise as “spam”, even the last message which ostensibly originated from this writer.1 Spam can sometimes be easily
identified, such as by their generic headings and subject matter; but they may also be deliberately deceptive, particularly if they are sent from a legitimate e-mail address hijacked for the purposes of spamming. On 25 May 2004, the Infocomm Development Authority of Singapore (“IDA”) and the Attorney-General’s Chambers of Singapore (“AGC”) jointly released a Consultation Paper on a Proposed Legislative Framework for the Control of E-mail Spam in Singapore (“the Consultation Paper”). Meanwhile, since 2002, a spate of anti-spam legislation was also released in many other countries. There are now more statistics on the global legislative trends as well as on how they have fared in combating spam. As it has been more than a year since the Consultation Paper has been issued, and a Spam Bill is expected to be introduced in Parliament soon, it is timely to revisit the Consultation Paper and to consider which of its proposals should be adopted as well as where changes should be made in order to make Singapore’s anti-spam legislation an effective one. In this paper, I will provide an overview of global anti-spam laws as a backdrop to the evaluation of the proposed model of anti-spam legislation in Singapore. I will then assess and analyse the effectiveness of the proposals in the Consultation Paper, taking into consideration Singapore’s aim to be an information technology and commercial hub. Finally, I will suggest what more should be done in order to truly deal with the worldwide problem effectively on the global scale.
2 The use of the term “spam” in relation to unsolicited e-mail messages is credited to a Monty Python sketch, set in a café where everything on the menu includes the infamous Spam luncheon meat
produced by the Hormel Foods Corporation.2 By analogy, it describes spam as something that is voluminous, difficult to avoid and which overwhelms other information.3
3 In the early days of its existence, spam was synonymous with uninvited solicitations sent through e-mail. Since then, the definition of the term has expanded to cover unrequested communications sent through various new information delivery methods due to advances in technology. Today, the general definition of spam is: “[The use of any] electronic communications medium to send unsolicited messages in bulk, indiscriminately — unlike sending to a selected group in normal marketing”.4 As stated, although the most common form of spam is still the delivery and receipt of unsolicited messages through e-mail (usually, but not necessary confined to commercial advertisements), there are now other avenues for spam to perpetuate and multiply. These include other electronic communications mediums such as the Short Messaging System (“SMS”), the Multi-Media Messaging Service (“MMS”), Instant Messaging (“IM”), online newsgroups and Internet telephony. In fact, it has even mutated with other forms of electronic communications mediums or information delivery systems into a second generation of mischief, for example, spam targeting search engines like “spamdexing”, “blog, wiki or guestbook spam” and “referer spam”.5
4 In the next part of this paper, I will introduce and compare the existing anti-spam legislation in the world today, particularly those from the US, the European Union (“EU”), the Commonwealth and Asia, and the approaches they have taken to tackle the problem. I will then consider the Consultation Paper produced in 2004 jointly by the IDA and the
AGC, in the light of the experiences in the countries or regions that have already enacted anti-spam laws. Last but not least, I will explain why and how, due to the nature of modern information and communications technology that have made spamming techniques more sophisticated and activities borderless, international legal and non-legal co-operation must be achieved in order to eliminate safe havens for spammers and for the fight to curtail spam to truly succeed.
“CAN-SPAM is little more than an instructional guide for how to keep pumping out millions of emails per hour while avoiding legal liability.”
Ray Everett-Church
ePrivacy Group
5 The Controlling the Assault of Non-Solicited Pornography and Marketing Bill (CAN-SPAM Bill) was introduced to the US Senate by Senators Conrad R Burns and Ron Wyden in April 2003.6 The final version of the legislation was approved by the Senate in November 2003 and by the US House of Representatives in December 2003. The CAN-SPAM Act of 2003 was signed into law by President George W Bush on 16 December 2003.7 It took effect on 1 January 2004.8
6 In short, the Federal Act requires “unsolicited commercial e-mail messages” to be labelled, although it is not required to be in any specific form, and to include opt-out instructions that shall include the sender’s real and valid physical postal address.9 It prohibits the use of deceptive subject lines and false headers and criminalises some other activities. Furthermore, the Federal Trade Commission (“FTC”) is authorised to establish a “do not e-mail” registry. However, the Act does not totally ban spamming activities; but rather, it takes a regulatory approach to the problem.10
7 The Act has been criticised as ineffective by academics and experts who argue that it “under-protects” and in fact endorses and legitimises spamming.11 For example, they point to the fact that because
of its enactment, State laws that require labels on unsolicited commercial e-mail messages or entirely prohibit such messages are pre-empted.12 However, it is to be noted that other provisions such as those that address false, misleading or deceptive messages, the use of private enforcement mechanisms and those that are not specific to e-mails, are not preempted and still operate at State level.13
8 As of 20 April 2005, 38 States have enacted anti-spam legislation.15 It is interesting that individual States continue to enact their own legislation after the CAN-SPAM Act has taken effect. It may be an indication that those States consider the Federal Act to be ineffective or inadequate to defeat the problem alone. It is certainly not a vote of confidence in the system put in place by the Federal Act. Whatever the case is, State laws can only complement the Federal laws, where they are not pre-empted, and they are as diverse as the individual States.
9 Most States have enacted anti-spam legislation to regulate the sending of unsolicited commercial e-mails in one of main two ways. Some require recipients to opt-in to such messages before they may be sent, while others allow them to be sent until recipients opt out using the opt-out information and procedure that the senders must make available. Most also specifically prohibit the use of false or missing routing information and other offences relating to the sending of such messages. They also have labelling requirements so that recipients of such messages can distinguish spam from personal e-mails and will also have an idea as to their contents even before opening the mail.16 The lack of consistency is, however, regrettable. Even more regrettable is the fact that even though the CAN-SPAM Act also prohibits the use of deceptive subject lines and false headers and generally requires such messages to be labelled, it does not require it to be in accordance with any standard form or method.17 Hence, there is a continued lack of uniformity in approach.
10 Even the application of the anti-spam legislation (ie its prescriptive reach) varies from State to State.18 For example, some of them apply only to messages sent from computers or Internet service providers (“ISPs”) located within the State while others apply to messages sent to State residents from outside the State (eg, if the sender has reason to know that the message is being sent to a State resident). This is unsatisfactory as spam is a borderless problem and an extremely porous network of legislation would only serve to allow ingenious spammers to seek out and take advantage of legal loopholes and to seek out safe havens to mount their operations. The problem is even worse when we look beyond the US and consider the inconsistencies between national anti-spam laws throughout the world as well as the lack of mutual legal assistance and law enforcement pacts.
11 Perhaps the reason for the North American approach is not so surprising if we look at its social...
To continue reading
Request your trial