Regulating Spam in Hong Kong and Malaysia: Lessons From Other Jurisdictions

 

Rebecca Ong
Lecturer, School of Law, City University of Hong
lwong@cityu.edu.hk

 

Abstract

The Internet has evolved from the days of mere academic and research network to a tool of modern communication. The Internet offers unlimited potential business opportunities. It has enabled commercial transactions to be inexpensively transacted on a global basis with ease and convenience. ‘Information kiosks’ (websites) providing information on the latest and trendiest products and services at the most competitive price are easily accessible to anyone with a computer connected to the network. The interactive nature of the Internet also allows for business communication and transactions to be effectively concluded without the physical presence of either contracting parties. In fact, the single most apparent indication of the Internet’s impact on the commercial world is the highest number of registration in the domain name ‘.com’.¹

It is said that advertising concerns ‘effective customer communication of a company’s product (service)’.² The marketing and promotion of one’s products and services has always been an integral part of business and is seen as an increasing business expense.³ Advertisements started to appear as part of Internet services mainly as banners in websites accessed to by Internet users and these were generally accepted by them. However, it has become commonplace for users to receive directly via the e-mail, product and service information from companies and individuals. The nature of the Internet allows these e-mail messages to be sent to millions of users, anytime, anywhere within seconds. What annoys users, however, is the frequency and the volume of such advertisements.

The problem of spamming persists and is expected to swell exponentially as it is not until recently that governments have taken a ‘hands on’ stand to spamming. This article intends to look at the menace of spamming and the shortcomings of the various legislations which have recently been promulgated in Australia, the United States and the United Kingdom in an attempt to address the issue. Firstly, the article explains what is spam and how it affects the Internet community and the Internet as a whole. Secondly, it looks at the varied responses of the Internet community and possible causes of action that have arisen to deal with spam. Thirdly, the article examines whether the legislations recently enacted have addressed the elements that represent the problem of spamming such as the identification of the sender of a spam message and the issue of bulk messaging. Bulk messaging is an important element in the regulation of spam as it is the volume of such e-messages sent that is the core of the matter. Fourthly, it evaluates various measures such as opt in/opt out mechanism adopted by Australia, the United States and the United Kingdom and the effectiveness of such measures in their attempt to stop spam in its tracks. Fifthly, the article examines the position in Hong Kong and Malaysia with respect to the deficiencies in the common law and the existing legislation in facing the challenge of 21^st century junk mail. Finally, the article proposes that only a global solution to a global problem is an appropriate and adequate measure in any attempt to regulate spam.

Keywords: Commercial Advertising, Internet Service Providers (ISPs), Realtime Blackhole Lists (RBLs), Personal Data (Privacy) Ordinance, Hong Kong ISP Association, Spam Bill 2003, Controlling the Assault of Non Solicited Pornography and Marketing Act of 2003, Senate Bill 186, EU Directive on Privacy and Electronic Communications, Privacy and Electronic Communications (EC Directive) Regulations 2003.

This is a refereed article published on: 22 August 2005.

Citation: Ong, 'Regulating Spam in Hong Kong and Malaysia: Lessons From Other Jurisdictions Assessing’, 2005 (1) The Journal of Information, Law and Technology (JILT). <http://www2.warwick.ac.uk/fac/soc/law2/elj/jilt/2005_1/ong/>.

1. Introduction: What then is Spam?

Although spam has been commonly defined as ‘unsolicited commercial e-mail’, arguably it should refer to ‘unsolicited bulk e-mail’ because it is the volume of the e-mail that causes much concern. Spam originated when two lawyers, Lawrence Canter and Martha Siegel posted an advertisement about their services for obtaining US green cards to 6,000 usenet newsgroups. Thousands replied by sending flaming e-mails back to the legal firm which had its own e-mail address thus swamping the firm’s ISP.

Spamming is the activity of sending copies of the same message through the use of e-mails or short message service (SMS).⁴ These messages are normally not requested by the recipient nor are they consented to by them. Spam can be sent to newsgroups or to individuals. Newsgroup spamming involves sending an identical copy of the message to every newsgroup. Spamming does not discriminate between recipients. Anyone who possesses an e-mail address including young children can be victims of spam.

Commercial Advertising

Most spam is nothing more than commercial advertising. An online survey recently conducted showed that of the spam received, 80% were ‘Get Rich Schemes’, 75% were unsolicited advertising, 70% were spam received in respect of selling miscellaneous products such as Viagra or other sexual enhancement drugs, 67% were pornography or adult material and 61% were network marketing, multilevel marketing, pyramid marketing.⁵ Spam can be equated to the junk mail or message sent by post, telephone (tele-marketing) or by fax. Consumers have generally tolerated such forms of direct marketing, and on a few occasions may have found such advertisements, informative and beneficial. If spam is regarded as an electronic version and the equivalent of real world junk mail, why then do users find it annoying and are offended by it?⁶

---

Table I - Percentage of home users annoyed by spamming

 

 

---

2. Objections to Spam

In an online survey conducted by the Malaysian National ICT Security and Emergency Response Centre (NISER), 41.2% of the respondents stated that more than 30% of e-mails received in their private e-mail account were junk e-mail.⁷ In another survey by Internet Service Providers (ISPs) in Hong Kong, published by the Hong Kong Anti-Spam Coalition, it was reported that 50% of all e- mail received in Hong Kong was spam. From the surveys conducted, it is apparent that the main objection to spam is the cost and time spent in dealing with it.⁸ A great amount of time is spent by Internet userssifting through the numerous emails in order to separate genuine electronic mails from junk. In addition users not entitled to a free connection or a flat fee connection, will need to pay for connection time. The study by Hong Kong Anti Spam Coalition reported that spam wastes 6.5 minutes per employee per day and with 44% of the workforce connected to the Internet, this ‘spam absenteeism’ is costing Hong Kong $13 per employee a day or about $6 billion per year.⁹ The deluge of spam may overload the user’s inbox hence preventing the receipt of legitimate e-mails. Spam also increases the cost to the user in terms of increased storage capacity.

2.1 Effect on ISPs

ISPs are also facing a serious and unnecessary financial burden as a result of spamming. Currently, ISPs find monitoring 15 - 20 million electronic mails a day (with the numbers expected to increase if no law is in place), an onerous and difficult task. Without doubt, spam increases the overall management costs of ISPs. This is seen in terms of network and server congestion, increasing demand for faster and larger bandwidth, attending to customers’ (users’) complaints and the time spent to eliminate or to reduce the problems. Netcom, an ISP reports that spam increases the cost of support by 15% -20%, administration by 20%, disk space by 15% and overall equipment costs by 10%-15%.¹⁰ In addition, immense damage is done to the ISPs’ reputation if the email services they provide are deluged with spam.

2.2 Effect on the Internet

In addition to the effect spamming has on users and ISPs, spamming also threatens the Internet as an efficient tool of communication. The sheer volume of junk mail transmitted daily congests the Internet and slows down both the e-mail services enjoyed by Internet users as well as other services. In Compuserve Inc v Cyber Promotions Inc, it was estimated that as a result of spamming, e-mails that should have been delivered in minutes were taking three days to arrive.¹¹

It costs very little to send spam. Unlike real world marketing, where advertisers pay for television and radio commercials, the cost of print advertising, the wages of telemarketers employed or at least the postage for sending junk mail by post, spammers ‘piggyback’ their spam on services provided by ISPs. As such, the real cost of spamming is borne by ISPs and their users in terms of increased bandwidth, increased server and storage capacity and the additional cost of installing anti-spam filtering devices. Because the cost to spammers is minimal, there is much more incentive for them to engage in the activity without being dissuaded by the grievances from the community and industry.

2.3 Privacy versus Cost

It has been suggested that one of the main objections to spamming is that a customer’s privacy is not protected and there is a need to preserve an individual’s his right to choose whether or not to receive such mail or information.¹² Indeed, in the case of Rowen v United States Post Office, the Supreme Court in the United States upheld a regulation granting the citizen the unfettered discretion to refuse to receive unwanted mail as a constitutionally permissible protection of individual privacy.¹³ Although this view is acknowledged, it is argued that the prime concern of e-mail service users and the ISP industry alike is the cost involved in terms of money and the time spent in reducing and eliminating the volume of spam received. Effectively this means that e-mail users and the ISPs are being made to pay for something they do not want or need in terms of time and expense.

Table II is a comparative study of the impact spam has on recipients and ISPs when sent via various mediums. The study confirms the costs spamming involves.¹⁴

---

TABLE II - A Comparative Analysis Of Spam Via Different Mediums

	Spam E-mail)	Spam (fax)	Spam (post)	Spam(telephone)
Impact on recipient	Time and cost accessing, deleting and filtering spam   Bandwidth and storage capacity is wasted. Security is compromised due to use of open relays that disguise the origin of the messages	Time and cost in terms of paper and ink used for fax print out Cost of sending message is borne by the spammer	No cost to the recipient - dispose of unwanted mail.   Cost of sending borne by the spammer	No cost to recipient - terminate the call.   Cost borne by the spammer
Impact on service provider	Strain on bandwidth and storage capacity	Positive-service is paid for by the spammer	Positive-service is paid for by the spammer	Positive-service is paid for by the spammer
Magnitude of the problem	Severe but no strain on the spammer	Less severe	Less severe	Less severe
Annoyance factor	Very high	Present but to a lesser degree	Present but to a lesser degree	Present to a greater degree as user forced to take the call
Identification of the offending party	Difficult due to the open architecture of the Internet	Easily traceable provided subscriber has caller line identification feature	Easily traceable	Easily traceable unless prepaid cards are used

---

3. Responses

3.1 Users’ Responses

Most Internet users would take no further action other than to delete the spam received immediately.¹⁵ There are others who would take more proactive measures such as taking steps to be removed from the spammers’ mailing lists (27%) and reporting the matter to the respective authorities (48%).¹⁶ Internets users may also resort to self help measures such as sending abusive e-mails to the spammers (what is known as flaming), or flooding spammers with hate mails and bounce mails.¹⁷ This action is seen as a form of rebuke from Internet users arising from a breach of acceptable conduct or practice amongst such users (netiquette).¹⁸ In fact netiquette, has been recognized by a Canadian court in the case of Ontario Inc v Nexx Online Inc as an acceptable code of practice thus allowing the ISP in that case to terminate the agreement it had with an active spammer on the ground that the spammer had breached ‘generally accepted netiquette’.¹⁹ This act of flooding servers with hate mail and bounce mail however justified would have the unintentional effect of swamping and overloading the servers of innocent ISPs since spammers commonly forge email headers and provide false return addresses.²⁰ It is difficult to commence any form of legal proceedings against spammers as they are difficult to trace. Even a reply to spammers requesting them to remove users from their list is dangerous and inadvisable as it only validates the user’s e-mail address for the spammers’ future use.

3.2 ISPs and Other Organisations’ Responses

ISPs are the spammers’ first point of contact and as such they have had the burden of monitoring the volume and the content of the spam thrust upon them. ISPs are regarded as self appointed ‘cyber-sherriffs’ and they have discharged their responsibility by establishing policies that prohibits mass advertising, block Internet connection from spam sites and implement filtering software.²¹ Other organisations have compiled Realtime Blackhole Lists (RBLs) and established anti-spam websites with the intention of educating and increasing public awareness as to the harmful effects of spam.²²

3.3 Possible Causes of Action

Spam has been dealt with in a variety of actions. Thus, spam sent in violation of the terms of an ISP’s agreement can give rise to an action in breach of contract.²³ A false and misleading subject line can attract liability under the Taiwan’s Trade Description Act or the United States’s False Trade Description Act. Trademark law can also be used if the e-mail falsely indicates the source and origin of the goods and services. In the US case of AOL v Prime Data Systems, a fake reply to address ‘aol.com’ was fraudulently used to send 130 million junk e-mails.²⁴ The court in that case awarded the sum of US$400,000 in damages for trademark infringement. An action in trespass to chattels was also raised and successfully argued in CompuServe Inc v Cyber Promotions and in America Online, Inc v National Health Care Discount, Inc.²⁵ Despite achieving a degree of success in the courts, it is clear that reliance upon the judicial process to regulate spamming will involve a long, slow and costly process. The outcome may also be uncertain as decisions are made on a case to case basis. With the exponential growth of spam in recent years, a law specifically tailored to regulate spam is required.²⁶

4. Hong Kong and Malaysia

4.1 Common Law Position

The common law was not designed to deal with the menace of spamming and there is no specific legislation in either Hong Kong or Malaysia that deals with the prohibition or regulation of spam. It is pertinent at this juncture to state that although the courts in the United States have extended the traditional boundaries of trespass to chattels to allow damages for the intrusion of one’s computer system and the protection of websites.²⁷ No doubt, these judicial decisions will serve as persuasive precedents for the courts in Hong Kong and Malaysia when deciding if the tort of trespass can and will be extended to spamming.

4.2 Legislation

Currently, there is no specific law in Hong Kong which is directed at prohibiting or regulating the sending of spam. The legislation closest to regulating the sending of spam is the Personal Data (Privacy) Ordinance.²⁸ Section 34(1) of the Ordinance provides

The point of contention here is whether a spammer can be regarded as a data user. A data user is a person who in relation to the personal data either controls the collection, holding, processing and use of the data.³⁰ ‘Processing’ includes amending, augmenting, deleting and rearranging the data by automated means or otherwise.³¹ Thus, it can be argued that a spammer who harvests e-mail addresses from newsgroups and ISP mail programs by use of e-mail harvesting software or purchases the address list, controls and uses the collection of data so as to be a data user within the Ordinance. In compliance with the Ordinance, a data user shall not do an act or engage in a practice that contravenes a data protection principle.³² It is clear that a number of data protection principles have been breached, namely: principle one - the purpose and manner of collection of personal data; principle three - the use of personal data; principle five - the information to be generally available and principle six - access to personal data. Victims of spamming have had their personal data unlawfully collected through harvesting software and traded as a result of unlawful sale of email address lists. Furthermore, they have not consented to the purposes for which the data collected has been put to use: that is for the purpose of spamming. Principle five and six requires organizations to be transparent with regard to their policies, the kind of data held by them and the purpose for which the data are held. In addition, organizations must provide access to data subjects to correct the data held. Spammers are elusive in nature. They tend to gain access to the Internet by abusing the often free of charge email accounts offered by service providers.³³ It is also possible for spammers to send e-mail from Internet cafes without having to enter into any form of contract with a service provider. Any spam sent by them will prove undetectable as it will invariably contain forged or false header addresses. Whilst a victim of spam can complain to the Commissioner who upon investigation will issue an enforcement notice requiring the data user to remedy the breach within a specified time and breach of which amounts to a criminal offence, the provision is meaningless as the problem of detecting and locating the spammer remains.³⁴

The other main issue under the Ordinance is whether an e-mail can be regarded as personal data. Personal data is defined as any data relating directly or indirectly to a living individual; from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and in a form in which access to or processing of the data is practicable.³⁵ The issue is whether an individual can be positively identified by an e-mail address used by him such as boyie001@pegasus.com. Without other identifying information about an individual, it is difficult to positively ascertain an individual’s identity.³⁶ As such, the above provision can be used against spam directed at a particular identifiable person. Notwithstanding that, it must be noted that in most cases, spam is not targeted at specific individuals. In line with this argument is the fact that direct marketing as defined in section 34(2) of the Ordinance requires the information that is sent to any person by inter-alia e-mail to be addressed to a specific person or specific persons by name. As argued above, in the case of spam, the e-mails are sent randomly, hence it is unlikely that an argument under the Ordinance would be successful.

In 2000, the ‘Anti Spam Code of Practice’ was issued by the Hong Kong ISP Association (HKISPA). The Code was a joint anti spam collaboration between HKISPA, the Office of the Telecommunications Authority (OFTA) and the Privacy Commissioner. The Code is mainly directed at members of the association and organizations providing Internet access and requires members to have in their ISP customer agreement a ‘Will Not Engage In Sending Spam’ clause.³⁷ Although ISPs can and most usually will include such an express clause, it is unlikely an ISP will be able to benefit from any contractual remedies for want of detecting the spammer.³⁸

As with Hong Kong, there is no specific legislation regulating spam in Malaysia. However, if spamming is seen as an abuse of network service and facilities then an argument can be raised under section 233 of the Communication and Multimedia Act 1998. Section 233 (1) provides

‘A person who (b) initiates a communication using any applications service whether continuously, repeatedly or otherwise, during which communication may or may not ensue with or without disclosing his identity and with intent to annoy, abuse, threaten or harass any person at any number or electronic address, commits an offence.³⁹

At first glance, this section seems to address some of the ingredients of spamming such as a communication without disclosure of identity, communicating with the use of an application service with intent to annoy, abuse, threaten or harass a user at his electronic address.⁴⁰ One questions, however, whether a victim of spamming is required to prove active and direct intention to annoy or whether it is sufficient to prove annoyance arising as a result of the activity. It will be difficult to argue that spammers intend to annoy, abuse, threaten or harass the user by sending unsolicited commercial e-mails although the majority of recipients do find spam very annoying.⁴¹ The fact that the section provides that ‘a communication initiated … whether continuously, repeatedly or otherwise …’ seems to indicate that a single communication made with the intention of annoying, abusing, threatening or harassing a person will constitute an offence. It is also apparent that ‘communication’ has also not been adequately defined in the Act to specifically target spam.⁴² As such, communication is not restricted to commercial communications but could include religious, political and other communications.

5. Can Spam be Canned?

It is the very nature and structure of the Internet being an ‘international networks of networks’ that does not lend itself to government intrusion and regulation. This has been acknowledged by the United States Internet Council in its Statement of Principles:

‘The Internet has flourished due in large part to the unregulated environment in which it has developed and grown. Voluntary codes of conduct, industry driven standards, individual empowerment, technological innovation and a market environment generally promise greater future success than does intrusive governmental regulation’.⁴³

As such, there has always been great reluctance to regulate the Internet and its activities as a whole. The approach until recently has been self regulatory with ISPs and the Internet community playing a major role. However, attention has been since drawn to anti-spam laws which have been recently passed in various jurisdictions.

6. Approaches in Australia, the United States and the United Kingdom

6.1 Australia

In Australia, the Spam bill 2003, an anti spam legislation was passed by the Federal government on December 2 2003. The Act refers to spam as ‘unsolicited commercial electronic messaging’.⁴⁴ To be considered spam, the message must have been sent without the express or inferred consent of the recipient.⁴⁵ Part 2 of the Act makes it illegal to send unsolicited commercial e-messages to or from Australia; or send any commercial e-messages to and from Australia unless they include accurate information about the individual or organization authorizing the sending of the message such as a physical or virtual address. The Act also requires a functional, clear and conspicuous unsubscribe facility to be included in the commercial e-message sent. In addition, the Act makes the supply, acquisition and use of harvesting software for the purpose of sending spam illegal. One striking feature of the Act is that it encourages and promotes the cooperation of the industry by welcoming their input in the development of industry codes of practice. These codes of practice are designed to ensure the responsible use and management of commercial e-messages. The Act and the industry codes will be enforced by the Australian Communications Authority (ACA) which is empowered to enforce undertakings provided by senders of commercials e-messages, issue warnings and infringement notices. Fines may also be imposed in lieu of court proceedings or the ACA may, if necessary seek court imposed penalties. The penalties under the Act will be assessed according to a sliding scale. For the first offence, an individual could be liable for up to a total of $44,000 for contraventions on a single day, while an organisation could be fined up to $220,000 in a day. Repeat individual offenders will be penalized up to a maximum of $220,000 for each day of spamming whilst for organisations, it will be up to $1.1 million a day.

The Spam Act is the result of a collaborative effort between the Australian government and the Australian Internet industry. It is also part of the Australian’s government ‘multilayered’ strategy being pursued which includes educational and public awareness programs, the development of industry codes and international cooperation. The National Office for Information Economy is entrusted with the responsibility of initiating and coordinating educational and public awareness programs with the sole purpose of educating and providing information on best practice for sending commercial e-messages. The Act is expected to come into force on 11 April 2004, 120 days after the Royal Assent.

6.2 United States of America

The United States of America has always been looked upon as providing the lead in regulations and policies concerning the Internet. With most spam originating from the United States, a tough regulatory stand against spammers would be welcomed by most jurisdictions. In fact, most states in the United States have enacted anti-spam laws.⁴⁶ The Federal ‘Controlling the Assault of Non Solicited Pornography and Marketing Act of 2003’ (CAN-SPAM Act) which pre-empts existing state laws was anticipated by many to provide the necessary lead against spammers came into effect on January 1 2004.

As compared to Australia’s Spam Act, the CAN-SPAM Act allows the sending of commercial e-mail messages to users who have not given their prior consent to such mailings nor had any pre-existing or current business relationship although it does require the sender to provide users with the opt out by sending a reply message or “other Internet based communication”. A user is required to opt out within 30 days of the e-mail sent of future e-mails from the sender. Once the user has exercised his right to opt out, the sender must within 10 days of the receipt of the opt out request, cease transmission of all commercial e-mails to the user.

Much of the impetus for the passing of the new Act came from intense pressure from businesses to pre-empt various state anti-spam laws, particularly California’s newly enacted anti-spam statute (known as Senate Bill 186) which also came into effect on January 1 2004.

California’s Senate Bill 186

Senate Bill 186 is a tough new law that goes beyond regulating the sending of spam. As with Australia’s Spam Act, the bill casts a wider net on other activities related to spamming such as prohibiting the harvesting of e-mail addresses for the purposes of sending spam or sending spam using a third party’s domain name without authorization. Sending spam using falsified or misrepresented header information or subject line information is also prohibited.⁴⁷ As compared to the Federal CAN-SPAM Act, Bill 186 prohibits the sending of any ‘unsolicited commercial e-mail advertisement’ either from California or to a California e-mail address unless the sender has prior to the sending of the unsolicited commercial e-mail advertisement, the addressees’ (users’) direct, opt in consent to receive such messages.⁴⁸ A breach of these provisions will result in substantial penalties being imposed with liquidated damages of US$1,000 for each unsolicited e- mail message to a total of US$1,000,000 for each incident in which similar messages are sent.⁴⁹ The recipient of such unsolicited commercial e-mail messages may also recover attorney’s costs and expenses should he decide to pursue the matter in the courts⁵⁰. In addition to paying damages to recipients, the senders may also have to pay damages of up to US$25,000 a day to e-mail service providers for breaching service providers’ policy of unsolicited commercial e-mail.⁵¹ Likewise, senders may also be liable for e-mail service provider’s attorney costs and expenses.⁵² Without doubt, such substantial financial penalties imposed will deter a spammer from sending an unsolicited commercial message in breach of the provisions and is seen as a positive move. A similar private right of action for recipients of commercial e-mail messages does not exist in the Federal CAN-SPAM Act.

Consent of the recipient seems to be a pre-requisite before a commercial e-mail can be sent without violating the provisions. In this respect, would clicking against a box provided, indicating whether the recipient agrees to the receipt of the e-mail message, be sufficient to amount to direct consent or does seeking direct prior consent mean seeking written prior approval? Seeking written approval from each and every prospective customer will be cumbersome and costly in terms of time and human resource; the cost of which will inevitably be passed on to consumers. However, it seems that strict compliance with this provision is required as a commercial e-mail is treated as unsolicited and hence falling foul of the provision if it is sent to a recipient with whom a company does not have a pre-existing or current business relationship and the recipient has not directly consented to receive the e-mail message from the sender. A business relationship is pre-existing or current if the recipient had made the first move in making enquiries or made any transaction either with or without consideration with regard to the sender’s products or has made a purchase and has provided his e-mail address.⁵³ It must be remembered that the recipient in a pre-existing or current business relationship must be afforded the means to opt out from receiving further commercial e-mail messages from the sender.

A unique feature of the CAN-SPAM Act is the creation of a ‘Do Not Spam’ registry. The registry will contain the e-mail addresses of persons who do not wish to receive spam. The effectiveness of such registry as a means to reduce spamming is questionable. As with the Australia’s Spam Act, it is noted that CAN-SPAM prohibits false or misleading lines or routing information, the harvesting of email addresses from websites and sending emails to automatically generated lists of addresses.

6.3 United Kingdom

In compliance with the EU Directive on Privacy and Electronic Communications, UK’s Privacy and Electronic Communications (EC Directive) Regulations 2003 became effective on December 11 2003.⁵⁴ Under the Directive, all unsolicited communications by e-mail are prohibited unless the recipient has previously consented to receiving such unsolicited communications.⁵⁵ The sender may send unsolicited communications to the recipient where he has obtained the recipient’s contact details during the course of a sale or negotiations for the sale of the same or similar products provided a valid return address enabling the recipient to opt out of receiving future unsolicited communications by e-mail is included.⁵⁶ In addition, senders are prohibited from disguising or concealing their identity when sending the unsolicited communications to recipients. The Regulation however has been criticized as only applicable to spam sent to individuals - it does not apply to business spam.⁵⁷ It is remarkable that such a distinction should be made between the two sectors. Spam is spam irrespective of which sector we are dealing with. Both individual spam and business spam consume bandwidth, increase storage capacity and put a strain on productivity. There is little evidence to support the argument that business spam results in less annoyance and enhances productivity.

7. Blue Print for Hong Kong and Malaysia

Hong Kong and Malaysia, along with many other countries, are considering regulatory measures to combat spam. The form the laws will take would depend on the approach Hong Kong and Malaysia intends to adopt: that is whether pro-active or re-active. A review of the approaches adopted so far will perhaps chart the course for Hong Kong and Malaysia respectively.

It is submitted that the first step in regulating spam is its definition. Adopting a similar definition to Australia and California would result in most e-mails, save those e-mails with absolutely no commercial content however small being treated as spam.⁵⁸ In its strict sense, a single e-communication from one individual to another offering for example the sale of his personal computer will be regarded as spam. Similarly too, an e-mail from one individual to another enquiring if that individual is interested in some part time contract work (the individual’s details obtained perhaps, in a local newspaper). What is crucial is to ensure that the definition prohibits unsolicited bulk messaging. The issue then raises the question ‘what is bulk messaging’? Should we quantify the number of messages that can be legally sent?⁵⁹ Apart from problems such as who will monitor compliance and how will such compliance be monitored, an intending spammer can always escape compliance by sending just one e-message below the requirement. It is suggested that this problem can be overcome by including in the drafting of the law a ‘substantially the same message rule’.⁶⁰ As in the real world where consumers constantly need to deal with junk mail in their daily lives, it is argued that consumers on line may tolerate a small amount of spam.⁶¹ However, it must be appreciated that any laws drafted must address the issue of random bulk e-mails. This is similar to the some fair dealing provisions in copyright law that allows a certain percentage of materials to be photocopied for private study or research purposes.

Since the traditional definition of spam is the sending of unsolicited electronic communications, it is obvious that a major part of regulating spam will involve ensuring that the electronic communication was either requested by the recipient or he had provided his direct consent prior to the sending of the electronic communication. An obvious and pro-business marketing strategy to this will be the opt in mechanism. An adoption of this mechanism respects the maturity and the freedom of consumers to make a choice on the receipt of such communications. This strategy using reverse psychology instills and promotes consumers’ confidence and trust in the businesses which will inevitably lead to a sustained growth in electronic commerce. In addition to adopting the opt in mechanism, it is imperative that certain acts such as the use of false and misleading headers and subjects lines, the sale, supply, acquisition and use of harvesting software for the purpose of sending spam should be prohibited and criminalized. All recipients of spam should have the right to commence legal proceedings against spammers as the damage is not restricted to ISPs. Penalties should be sufficiently severe to deter spammers and in this respect reference can be made to Australia’s Spam Act. Again and in reference to Australia, Hong Kong and Malaysia should take heed in adopting a combination of measures such education and public awareness programme. This will go far in creating awareness amongst e-consumers that they have a right to reject spam, how they can deal with spam and how they can report such incidences. A comprehensive code of practice amongst the industry players that is strictly adhered to will also be vital the combat against spam. Last but not least, it is also important that in the drafting of any legislation on spam, care be exercised that the no distinction is made between individual and business spam as in the United Kingdom’s Privacy and Electronic Communications (EC Directive) Regulations 2003 or indeed for that matter, whether spam originating from certain sectors or organsations should be exempted. Spam is spam not matter where it originates and to whom it is sent. The problem of bandwidth congestion and storage capacity still exists if this is not resolved.

7.1 Proposals

The measures described above whether adopted in total or in part by Hong Kong and Malaysia will have some effect on the uncontrolled proliferation of spam in these countries. Various other proposals have been made to deal with spam. G. Bacal and J. Wuammet (1996) for example have suggested the use of two mail box icons, one each for solicited and unsolicited mail.⁶² This enables unsolicited mail that has not been accessed within a certain time frame which is determined by the user to be automatically deleted. This proposal is flawed because it fails to address the concerns of bandwidth congestion and cost of increased storage.

A National Registry

Spam is increasing seen no longer as a mere source of local annoyance to users and ISPs but rather a disincentive to legitimate businesses. These businesses shy away from using the Internet as a medium of commercial communication for fear that their reputation may be tarnished by the deceptive practices of spammers. A proposal to ban spam altogether will redress this concern.⁶³ Banning spam will not only deal with fraudsters and those who abuse the Internet but will protect legitimate businesses keen on taking advantage of the e-mail as a marketing tool. The rights of consumers to decide what information they wish to receive and when it should be received is also protected. It is further proposed that perhaps in addition to the imposition of a general ban on unsolicited commercial e-mail, a national registry be established.

The national registry⁶⁴ will operate on a similar basis to that of the yellow pages where legitimate businesses are required to register upon payment of an annual fee. It will be necessary for valid business registration or company particulars to be provided for verification at the time of registration and thereafter on an annual basis. Registrants must also be clearly identifiable and contactable by ensuring the provision of valid contact details including e-mail addresses upon registration. To ensure that this provision is strictly complied with, it is proposed that the provision of false, inaccurate or misleading information be criminalized. The businesses and individuals are listed according to the products and services they offer. Users (consumers) will have access to this directory and with the assistance of a search engine will be able to locate a list of suppliers of the particular product or service the user has in mind. In addition, it is proposed that businesses and individuals registered with the registry be awarded a certification mark to certify that the business is not only a legitimate business concern but has complied with the policies and regulations of the registry. The certification mark can also be used as a form of identification to users. This is particularly useful in cases where registered businesses and individuals continue to ‘communicate’ with users after the users have opted out of further or future communication. A complaint can be filed with the registry and a warning issued if the problem persists. A heavy penalty will be imposed if the warning is not observed and on further breaches, the business or individual will be de-registered and not allowed to re-register for a certain period.

A Central Registry

Global consensus and cooperation will be required as to the form certification marks will take, management of the registries, the policies and regulation of the registries and enforcement measures. Perhaps a central registry taking the form of an international organization can be established with the purpose of establishing, managing and overseeing the registries and the certification system.

The central registry can be established and operated on the basis on ICANN.⁶⁵ What is required is a global consensus entity which can be entrusted with the responsibility of managing and supervising national registries. The proposal incorporates much of the regulatory measures such as opt out mechanism, the prohibition of false, misleading and deceptive addresses and information and a system of penalizing those in breach of the regulations. An international directory can be created from the list of nationally registered businesses providing users information of international providers of products and services. The origin of all commercial e-messages sent by registered businesses under scheme will be indicated by current two letter country code domain name.

The central registry proposal in effect reinforces the right of users to control the materials and information they wish to receive.⁶⁶ It also promotes responsible e-mail advertising and alleviates the concerns of the marketing industry of being associated with spammers and their deceptive practices. The registry presents legitimate businesses with an attractive option to be recognized as genuine business concern which respect the rights of the user consumer with the responsible use of the e-mail as a tool of product and service information.

7.2 The Way Forward

As noted, the definition of spam and the measures taken to regulate spam are varied. The harm caused by spam is not so much its content but its sheer volume.⁶⁷ Voluminous spam remains the main concern of individuals and businesses in terms of time and cost. Reducing spam volume should therefore be the primary objective of any spam regulation. Although it is acknowledged that technological devices such as anti spam filters and blocking mechanisms have proven useful in reducing spam, it is a reactionary measure to the spam problem.⁶⁸ A better approach would be to tackle spam at its source. This can best be done by making spamming illegal altogether. Indeed support for this approach can be seen in a poll conducted by Harris Interactive conducted in late 2002.⁶⁹ Also, since ISPs are the first point of contact in relation to e-communications, they will have the most control over its dissemination. As such, they will be required to be more responsible and vigilant in monitoring repetitious and voluminous e-messaging. Under the central registry proposal, ISPs will be required to reject commercial e-messages that do not bear the certification mark of the registry and have the matter reported.

8. Conclusion

Although, it is accepted that Australia, the United States and the United Kingdom have taken positive steps in promulgating their respective legislations in an attempt to regulate spamming such legislations are far from perfect.

The definition of unsolicited commercial e-mail advertisement as provided for in California’s Senate bill 186 is criticized as being ‘too general and wide’. Commercial e-mail advertisement has been defined to include any e-mail messages intended to promote or advertise goods or services.⁷⁰ With this definition, unless a user or potential customer has previously consented to or had given direct prior consent to the receipt of an e-mail message (such e- mail message could be routine marketing and promotional e-mails), the e-mail message will be regarded as commercial e-mail advertisements. An e-mail from the sender to a recipient to whom the sender is acquainted and whose message is a mere follow up communication with the recipient, perhaps after a trade exhibition will be caught under this definition. This provision displaces the objective underlining the regulation of spamming which is the activity of sending annoying bulk e-mail messages. It seems intent on regulating not only spam but also normal genuine business communications. This failure to address the issue of bulk e-mail messages is also seen in the Australian Spam Act. The Spam Act provides that a single e-mail targeted to a person will be regarded as spam as long as it contains some commercial content or connotations. This begs the question whether a sledgehammer is being used to crack a nut. As stated, the main objection to spam is the random sending of voluminous e-mails. The Act fails to address the core issue of bulk messaging but instead has taken the course of treating a single e-mail message as spam.

It should be noted that the Federal CAN-SPAM Act does not prohibit the sending of commercial e-mails but legitimizes it by allowing unsolicited commercial e-mails to be sent as long as each e-mail includes a function allowing the recipient to request that he receives no future mailings from the sender - an ‘opt out’ mechanism. With this mechanism, the spammer is required to provide clear information as to how to opt out and either a toll free number or an e-mail address for this purpose. The fact that recipients will need to reply to the e-mail provided to opt out of future mailings merely confirms that the recipient’s e-mail address is valid, accurate and current. Although, this mechanism is favoured by direct marketing firms, it is no secret that opt in approach is the better approach to adopt as far as consumers are concerned.⁷¹ Further, there are no guarantees that spammers would accede to the recipients’ request to opt out neither are there measures to ensure they do comply.

The argument for adopting an opt out mechanism also raises suggestions for the establishment of an e-mail preference system along the lines of the current telephone and mailing preference systems.⁷² The CAN-SPAM Act requires the FTC to develop a ‘Do Not Spam’ registry containing e-mail addresses of persons who do not wish to receive unsolicited commercial e-mails. The creation of a registry would normally require spammers to check the register before spamming. How frequently would spammers be expected to check the register and who again is to ensure compliance with the requirement? As with the argument against the adoption of opt out argument, the proposal of such a registry would be pointless.

An opt in mechanism on the other hand, is a mechanism most favoured by anti spam advocates as it focuses on the issue of prohibiting the sending of unsolicited commercial e-mails unless prior consent to such e-mails have been received by the sender. Consent includes either express consent or inferred from a pre-existing or current business relationship. Clearly, this represents a more sensible and responsible approach as it shifts the burden onto spammers to first seek consent. This mechanism thus reduces volume and congestion on the Internet which random and unrestricted mass e-mailings currently causes. It is proposed that although consent had been provided or inferred from pre-existing or current business relationship, the recipient should be allowed to retain the right to opt out of future mailings at any time.

Another concern of unsolicited commercial e-mails is the near impossibility of identifying the sender of such e-mails. It is necessary for unsolicited commercial e-mail to be able to identify the sender in the sense that the identity of the sender must be genuine and unambiguously identifiable. Valid e-mail addresses are also vital if only to ensure the workability of the opt out mechanism. It also ensures that spoofing, an activity that is frequently used to deceive recipients that the e-mail originates from a certain location does not take place. It is common for most anti-spam laws to prohibit the use of false or misleading subject lines or routing information or the use of invalid e-mail return addresses.⁷³ In this regard, one of the many regulations that the Federal Trade Commission under the CAN-SPAM Act is required to develop is to ensure clear and unambiguous subject lines. This is done by requiring the senders of unsolicited commercial e-mails to indicate in its subject line ‘ADV’ for advertising messages and ‘ADLT’ if the message contains sexually explicit material. However, this measure is seen as nothing more than a mere labeling exercise and although it may enable easier identification for purposes of e-mailing filtering, it does little in reducing downloading time and bandwidth congestion.

Although, it can be said that the Australian Spam Act is illustrative of the tough stand and commitment undertaken by the Australian government against spamming and it was enthusiastically welcomed as part of the solution to spamming, the Act has been severely criticized as ‘creating a special class of senders who are authorized to send spam relating to goods or services’.⁷⁴ The special class of senders are government bodies, political parties, religious organizations, charities or charitable institutions and educational institutions who in addition to being allowed to send spam, are also exempted from providing a functional unsubscribe facility in their commercial e-messages.⁷⁵ This results in legalising spam to certain sectors and clearly is a surprising deviation from the tough stand taken elsewhere in the Act. There is little legal basis to support the argument that a spam from a political organization for example is more acceptable and palatable to the users and consumes less time in reading, sifting and deleting the messages and consequently incurs less cost in connection fee and storage capacity. Even if the users are ‘privileged’ to receive spam from these organizations, users should be provided the right to opt out from receiving future messages from that special class of senders. This tendency to exclude a certain sector or group is also seen in United Kingdom’s Privacy and Electronic Communications (EC Directive) Regulations 2003. As explained earlier, business spam is excluded from the application of the Regulations.

However, notwithstanding the above flaws there are some positive measures under the various legislations. The establishment of a reward system as suggested under the CAN-SPAM Act is welcomed and it is seen as a proactive step in enforcement. Under the Act, the FTC is required to look into creating a reward system for informants whose information can lead to successful prosecution of spammers. Arguably, this is seen a positive move as it can replicate the success of the reward system practised by Business Software Alliance to informants of software copyright infringement.⁷⁶

Other positive measures include the right of private action and damages. The right of private action should be available to every individual who is a victim of spam. Although it is acknowledged that this may give rise to an increase of frivolous suits, the right to sue spammers should not be reserved to ISPs and government bodies. In addition to the right to sue, the financial penalties imposed must be severe to have a deterrent effect. So far this has been recognized and implemented in Australia’s and California’s anti-spam legislation. The penalties under the Australia’s Spam Act are assessed according to a sliding scale for repeat offenders. California’s Spam bill 186 goes a step further by entitling recipients of unsolicited commercial e-mail to recover their attorney’s costs and expenses. These measures speak volumes in returning consumers’ confidence in the system currently shaken by spammers.

The lack of a specific regulatory regime dealing with unsolicited commercial e-mail in Hong Kong and Malaysia means that the Personal Data (Privacy) Ordinance and the Communications and Multimedia Act 1998 will be resorted to respectively as the main point of reference in the control of spam. This means that, despite the shortcomings of the Ordinance and although no decision has been made at this stage, as to whether Hong Kong would adopt an opt-out or an opt-in mechanism, the former seems to be the de facto applicable system in respect of unsolicited commercial e-mails. If this is seen as the course Hong Kong will take, it is important to re-consider the position and weigh the gravity and the effect of ‘legalising’ spam.

As far as Malaysia is concerned, it is apparent that the Communications and Multimedia Act 1998 is not an appropriate or an adequate regulatory measure to combat spam.⁷⁷ Controlling spam is a global issue hence the experiences of other jurisdictions when drafting a law specifically targeted at spamming will be a positive step. The measures so far adopted by the United States of America, Australia and United Kingdom have encompassed a combination of either an opt out/opt in mechanism, a prohibition against false misleading subject lines and e-mail addresses, penalties and a bounty system. Although it is likely that the approach that will be adopted by Hong Kong and Malaysia would take a similar course, adopting a multilayered approach similar to that of Australia will be a positive step. The Australian Spam Act is refreshing and is welcomed as it retains the initiatives, efforts and continued contribution made by the Internet community and the industry alike. It is clear that any effective anti-spam measure that is considered for adoption by Hong Kong and Malaysia should include as its main ingredients, the use of the latest technology, public awareness and education programme, industry self regulation, tough laws and international cooperation.

While appropriate laws by themselves will not be sufficient to stop spam, it is a critical part of a solution. However, territorial based laws are restricted in their effectiveness. Any legislation

cannot be effective unless it is consistent and enforced by all countries. As with other issues affecting the Internet, what is ultimately required is a global approach to a global problem. The enforcement of any new law against overseas-based spammers will be dependent on the cooperation of other jurisdictions. As such, the proposal to ban unsolicited commercial e-communications will be a step forward if a national registry and a central international registry mechanism can be established allowing legitimate business communications. The establishment of such registries would be a step towards addressing the interests of the legitimate business concerns and the interests of the consumers alike.

Notes and References

¹ The ‘.com’ domain web hosts sites of commercial relevance and as at January 2003, the ‘.com’ domain has 21,336,063 registrations although it must be noted that not all the registrations are active. See www.caslon.com.au/dnssizesnote.htm

² Properly used, advertising contributes to the development and growth of a company’s product or service. See “A Practical Guide to Advertising” published by Advertising Association in conjunction with the Department of Trade and Industry at www.adassoc.org.uk/guide.html

³ See ‘First Quarter AdEx Findings Reveal New Adspend Growth Sector’ May 2000 at www.acnielsen.com/news/asiapacific

⁴ The trend of using short message service (SMS) as a tool of trade is on the increase. Doug Young (2004), ‘How Spammers Are Targeting Mobile Phones In Asia’, Technology- Reuters, February 2 2004 at http://story.news.yahoo.com/news?tmpl=story&u=/nm/20040203/tc-nm/telecoms_spam_dc_1

⁵ See Malaysian National ICT Security and Emergency Response Centre (NISER) online survey report on spamming issues, September 9 2003 at www.niser.org.my. The survey was conducted across 102 organizations and companies from government, finance, retail, manufacturing services and telecommunication sector and non governmental organizations .

⁶ ibid. Female internet users may feel offended and sexually harassed by the receipt of pornographic spam.

⁷ NISER reports that 54% of respondents received spam in both personal and company’s e-mail with 52% of the organization receiving between 10-50 junk e-mails per day.

⁸ 79% of respondents agree that spam costs significant time and money

⁹ ‘Junk e-mail costs $10 billion a year’, January 14 2004, South China Morning Post

¹⁰ Dern, D.P (1998), ‘Postage Due on Junk E-Mail: Spam costs Internet Millions Every Month’ Internet Week, 713, May 4 1998 at http://www.techweb.com/se/directlink.cgi

¹¹ C2-96-1070 (SD Ohio 24/10/96)

¹² ‘Discussion paper on Regulating Unsolicited Commercial Messages’ August 7 2003, Malaysia Communications and Multimedia Commission at http://www.mcmc.gov.my/spam/factsandfigures/paper.pdf

¹³ 397 U.S 728, 736 (1970)

¹⁴ See note 9 at page 8

¹⁵ 91% would delete the spam received: NISER online survey report.

¹⁶ See note 9

¹⁷ See Cyber Promotions, Inc v American Online, Inc, 948 F. Supp 546 (E.D. Pa. 1996) where America Online ‘bombed’ Cyber Promotions with their own unsolicited e-mail causing Cyber Promotion’s own access provider to become disabled.

¹⁸ Hambridge, S 1995, ‘Netiquette Guidelines’at www.iietf.org/rfc/rfc1855.txt

¹⁹ 1999 O.J 2246

²⁰ see note 21

²¹ See Bacal, G. S and Wuammet, J. (1996), ‘Net Commercialization Creates On-Line Conflicts, Bus. J. Pheonix, Dec.1996 at http://phoenix.bizjournals.com/phoenix/stories/1996/12/09/focus5.htm

²² RBL is created by a non profit organization, the Mail Abuse Prevention System (MAPS). The organization compiles a list of spam friendly sites via complaints by users. See also www.spamhaus.org, www.spews.org, www.spamcop.net and http://openrbl.org.

²³ See 127623 Ontario Inc v Nexx Online Inc, No C20546/99

²⁴ 97-1652-A, October 12 1998. See also Yahoo! Inc v World Wide Network Marketing, ND Calif No. C-99-20234, April 14 1999

²⁵ See also American Online, Inc v National Health Care Discount, Inc., 121 F. Supp.2d 1255. Trespass to chattels requires an overt act with the intent to interfere with a chattel in possession of another thereby resulting in actual damages to the chattel. Thus it is trespass to damage goods or destroy them or to use of such goods without permission. See Prosser and Keeton, Law of Torts, 5^th Edition

²⁶ A survey released by Gartner, a market research firm reported that 35%-50% of all e-mail received by individuals and corporations are spam. Lemos, R.(2002), ‘Spam could soon be majority of email’, August 30 2002 at

www.zdnet.com.au/news/business/html

²⁷ CompuServe Inc v Cyber Promotions Inc 962 F Supp 1015, ebay Inc v Bidder’s edge Inc C-99-21200. See also D.K Srivastava, ‘Trespass to Chattels: On the Internet’, Hong Kong Lawyer, November 2002

²⁸ Chapter 486, Laws of Hong Kong

²⁹ S. 34(2) defines ‘direct marketing’ as

a) the offering of goods, facilities and services;

b) the advertising of the availability of goods, services and facilities; or

c) the solicitation of donations or contributions for charitable, cultural, philanthropic, recreational, political or other purposes by means of

i) information or goods sent to any person by mail, facsimile transmission, electronic mail, or other similar means of communication where information or goods are addressed to a specific person or persons by name; or

ii) telephone calls made to specific persons.

³⁰ S.2 Personal Data (Privacy) Ordinance

³¹ ibid

³² S.4 Personal Data (Privacy) Ordinance

³³ See State of Washington v Heckel, 143 Wash. 2d 824 (2001) where the defendant has multiple accounts with the ISP to prevent termination of his account in breach of the ISP’s user agreement.

³⁴ S. 64 Personal Data (Privacy) Ordinance

³⁵ S.2 Personal Data (Privacy) Ordinance

³⁶ Although Gringras in his book seems to suggest otherwise. Gringas, ‘Laws of the Internet’, London, Butterworth, 1997 at pg 254

³⁷ Anti-spam Code of Practice at www.hkispa.org.hk/antispam/cop/html

³⁸ The anti-spam clause may be implied as a term of the agreement by reason of common business practice.

³⁹ S.233(3) Communications and Multimedia Act provides that a person who commits an offence under this section shall upon conviction be liable to a fine not exceeding ringgit fifty thousand or to a term of imprisonment not exceeding one year or to both and shall also be liable to a further fine of one thousand ringgit for every day during which the offence is continued after conviction.

⁴⁰ Applications service means a service provided by means of, but not solely by means of, one or more network services; s.6 Communications and Multimedia Act 1998

⁴¹ ‘Americans up in arms about spam’, January 6 2003, Harris Interactive at www.nua.ie/surveys/?

⁴² Communications is defined to means any communication, whether between persons and persons, things and things, or persons and things, in the form of sound, data, text, visual images, signals or any other form or any combination of those forms. See note 42

⁴³ U.S Internet Council, Statement of Principles, December 9 1996 West Legal News, 1996 WL 699285

⁴⁴ A message is considered a commercial electronic message where one of the purposes of the message is a commercial purpose; it need not be the sole or main purpose. A commercial electronic message includes the promotion of goods and services, business or investment opportunities and the linking of a website to the electronic message can be taken into account in deciding if the message is a commercial message.

⁴⁵ Consent can be inferred from the recipient’s behaviour, business or other relationship with the sender.

⁴⁶ California, Colorado, Connecticut, Delaware, Idaho, Illinois, Iowa, Louisiana, Missouri, North Carolina, Oklahoma, Pennsylvania, Rhode Island, Tennessee, Virginia, Virginia, Washington, West Virginia

⁴⁷ See §17529.4 and § 17529.5 Senate Bill 186

⁴⁸ §17529

⁴⁹ §17529.8(a)(1)(B),§17529.1(j)

⁵⁰ §17529.8(a)(2)

⁵¹ §§17538.45(f)(1)

⁵² §17538.45(f)(2)

⁵³ §17529.1(1)

⁵⁴ (2002/58/EC) which was approved on July 12 2002. Under the Directive, all Member States are required to enact national legislation by October 31 2003. The EC Directive was effective in Ireland on November 10 2003

⁵⁵ S.22(2) of the Regulations

⁵⁶ S.22(3)(a)(b)(c)

⁵⁷ S.22(1)

⁵⁸ §17529.1(c)

⁵⁹ Austria has quantified the sending of e-mail in bulk to more than 50 recipients. See § 107 paragraph 2 of the Telekommunikationsgesetz 2003

⁶⁰ See Adams, D. (2003), ‘New Spam Laws A Little Hit and Miss’, November 11 2003 at www.smh.com.au/articles2003

⁶¹ See ‘Americans Getting Used To Spam’, July 18 2003, TechWeb News at www.techweb.com/wire/story/TWB20030718S006

⁶² note 26

⁶³ Before the new Telekommunikationsgesetz 2003 or TKG 2003 (Austrian Telecommunication Act), Austria effectively banned sending e-mail in bulk for advertising purposes by granting protection against commercial e-mail under competition law as unfair competition and civil law , as a violation of privacy and property. See News: Austria ‘New Rules on Unsolicited Commercial Communication’, World Internet Report, 10/03 at page 25.

⁶⁴ This national registry is an improvised version of a two tiered registry system proposed by Cobos, S. (2003) in her article ‘A Two Tiered Registry System to Regulate Spam’, UCLA J.L & Tech. 5 (2003)

⁶⁵ Described as a non profit, private sector corporation formed by a broad coalition of the Internet’s business, technical and academic communities empowered with the responsibility for coordinating the management of the domain name system, the allocation of IP address space, the assignment of protocol parameters and the management of the root server system. See www.icann.org/general/htm

⁶⁶ See Berman, J. & Weitzner, D.J (1995) ‘Abundance and User Control: Reviewing the Democratic Heart of the First Amendment in the Age of Interactive Media’, 104 Yale L.J 1619, 1621 (1995)

⁶⁷ Although some spam are very offensive and can be sent to children and sensitive individuals.

⁶⁸ The increase in spam adds to the bottom line of anti-spam service provider companies. Brightmail, one such service provider which services Microsoft Network and Earthlink expects to double its email accounts scans to 200 million at the of 2002. The company’s products already screen more than two billion e-mails every month. Postini, another service provider has already processed its one billionth e-mail. See ‘Spam could soon be majority of e-mail’, report August 30 2002 at www.zdnet.com.au/news/business.htm

⁶⁹ 74% of 2,221 adults surveyed in the Harris Poll favoured making mass spamming illegal as opposed to 12% who oppose to such a move. See note 11.

⁷⁰ §17529.2

⁷¹ Response to Department of Trade and Industry’s Consultative Paper on Opt in Opt out Approach at www.euro.cauce.org/en/countries/html

⁷² This form of voluntary opt out mechanism has been adopted by the Direct Marketing Association. See also Ian Lloyd, ‘Legal Aspects of Information Society’, Butterworths, pg 272

⁷³ UK’s Privacy and Electronic Communications (EC Directive) Regulations 2003 effectively prohibits the disguising or concealing of a sender of unsolicited commercial e-mail identity.

⁷⁴ See Electronic Frontiers Australia Submission to Senate Committee Inquiry on Spam Bills 2003; www.efa.org.au/publish/html

⁷⁵ The bodies exempted from complying with the provisions of the Act are government bodies, political parties, religious organization, charities or charitable institutions and educational institutions based both in Australia and overseas.

⁷⁶ BSA is an organization dedicated to promoting the use of legal computer software, copyright protection and e-commerce. See www.bsa.org

⁷⁷ The Communications and Multimedia Act 1998 was passed with the principal purpose of fulfilling the need to regulate an increasingly convergent communications and multimedia industry. See www.mcmc.gov.my/mcmc/the_law/legislation