Forgot your password?
typodupeerror
Spam

UK Anti-Spam Laws Criticised 88

Posted by michael
from the self-help dept.
stripyd writes "The Guardian has an article about the ineffectiveness of British anti-spam regulations. Asside from the limited penalties, the Office of the Information Commissioner have yet to actually hand out a fine. From personal experience, the OIC aren't good at answering email on queries regarding the law, their web site, or suggestions that the current procedure of tracking down, printing out and mailing off (with a stamp!) a five-page pdf form to report miscreants be streamlined. The form itself is good for a few yuks, until you remember your taxes are paying for it to be outsourced to private sector hosting."
This discussion has been archived. No new comments can be posted.

UK Anti-Spam Laws Criticised

Comments Filter:
  • Better in Belgium (Score:5, Interesting)

    by Halo1 (136547) <jonas.maebeNO@SPAMelis.ugent.be> on Sunday June 13, 2004 @05:12AM (#9412020) Homepage
    Here we can mail spam sent by Belgians (or spamvertising Beglian website) to the economical inspection, and they do investigate (they even called me once for more information). Foreigners getting Belgian spam (not many of those, I guess) can report them as well, fwiw. Their address is inspec dot eco at mineco dot fgov dot be
    • by ControlFreal (661231) * <niek@bergboer.COLAnet minus caffeine> on Sunday June 13, 2004 @06:00AM (#9412143) Journal

      In The Netherlands, you can report spam on-line as well at the Spam Klacht (lit.: "spam complaint") website. This is an official website of the OPTA organization, which monitors and control telecommication in The Netherlands. Note that the link to the Spam Klacht website is even an SSL link.

      • by Animaether (411575) on Sunday June 13, 2004 @08:19AM (#9412399) Journal
        SpamKlacht website [spamklacht.nl]

        I read through some of the tidbits there, and it appears to be setup pretty well. And it appears our legislation is very nice too... "opt-in" conditions including
        - If it's a checkbox form, then the user has to check it - it can't be pre-checked for the user.
        - The opt-in description is not allowed to be 'vague' where "I hereby give permission for company X and partners to send me e-mail" is declared 'vague' enough.
        - You cannot implicitly re-use old contact lists such as those acquired from other companies or through company take-overs; one has to first contact the user again and ask them if it's okay to establish a NEW relationship. Only if the user agrees to this they can start to 'spam' again.

        However, I was also quite baffled to find that the OPTA :
        1. Excludes all these rules when it is spam sent to a company.
        2. Excludes all these rules when it is spam sent to a fax machine!

        Now #1 I could rationalize if I tried hard.
        #2, however, is just ridiculous. Apparently it is not illegal as it was at some point judged to be the same as 'colportage' (door-to-door sales). yish. I can only hope that at least there's a law against sending a looped-back black fax :/
    • just let spammers pick it up and report themselves :-P

      here goes: inspec.eco@mineco.fgov.be [mailto]

      Maybe this would generally be a cool idea: post honeypot-addresses all over the net, and cause spammers to spam people who CAN and WILL do something about that...
    • Their address is inspec dot eco at mineco dot fgov dot be

      Good job you didn't include the address in plain text, you wouldn't want them to get the spam before you sent it :)

  • Limited scope (Score:5, Informative)

    by pjt33 (739471) on Sunday June 13, 2004 @05:13AM (#9412025)
    It's not just limited penalties: it's also limited scope, in that the only spam prohibited is spam to personal addresses. I actually get more spam to my work address than my personal addresses, and am rather unamused by this... cop-out. ("Loophole" isn't quite the right word, because it's intentional).
  • Especially since it's not even being enforced.
  • .. they are using the loopholes to threaten Spamhaus with potentially devastating legal action if it continues to name them as spammers and block their mass mails targeted at business addresses.

    Is there any such thing as a British libertarian? :P

    As for the site, it says nothing about the Reg 22 in question, a search only finds the same letter in Word [amaze.co.uk] format. However it does look like they spent a pretty penny on their web designer. That's more comforting to the public than enforcing the law, I guess.

    • As for the site, it says nothing about the Reg 22 in question

      Here's the Information Commissioner's Guidance on Regulation 22 [informatio...ner.gov.uk] (you have to scroll down to p.24 of the pdf). What, you expected something accessible from that bunch of clowns? Think again...
    • If it's the one I think it is, it's part of an EU directive. There's details of it here [dti.gov.uk], the chapter relevant to spam is here [dti.gov.uk] , albeit in .doc format. I've only had a chance to skim but the legislation seems to be mostly aimed at legitimate businesses who have over-zealous customer newsletter runs, rather than preventing mass mailing spammers. I have to say, though, that the form linked in the article is completely asinine.
      • scratch that, was thinking of the wrong one. sorry!
      • by prandal (87280)
        Therein lies your first lesson in international law - how to implement a European Union directive in such a way as to follow the letter of the law but with no real intention to do anything serious about the problem the Directive is supposed to be addressing.

        British politicians and lawmakers are just like politicans anywhere - totally cynical bastards with their own agendas.
    • "Is there any such thing as a British libertarian? "

      Aye, over here!

      >:(
      • And over here too! But I should qualify that by saying the the British concept of libertarianism may well be very different from that of the gun-toting Yankee crazies.
    • Is there any such thing as a British libertarian? :P

      not really, after the people of the uk had to live through several years of laissez-faire capitalism in the guise of thatcherism and have realised how soul destroying an experience it is. however, the uk does have the liberal democrats who are like; well, libretarians + democrats, i.e., the best of both worlds
  • I did not realize that spammers took themselves this seriously. And spam-gangs? What is this world(wide web) coming to?
    • Re:Death threats??? (Score:3, Interesting)

      by Sv-Manowar (772313)
      People getting into the internet thinking there is easy money even after the boom, and spamming can be lucrative if done well. Its a risky game, but if some play it right the rewards are huge
    • Re:Death threats??? (Score:1, Interesting)

      by Anonymous Coward
      I've been investigating them for almosst 2 years now.
      I cannot say how I know this, without blowing my ONLY contacts I have with this "Underworld".

      I CAN say this... the "Russian Mafia" is throwing in a huge pile of cashola to fund smart Russian and E European programmers who write the likes of SOBIG and other nasties lurking out there.

      Tracing this activity is almost inpossible. With the mechanisms in place today, it's impossible to probe a box to see what it's 'listening' to.

      There are ways to detect '
  • Reason... (Score:4, Interesting)

    by vchoy (134429) on Sunday June 13, 2004 @05:31AM (#9412074)
    "Asside from the limited penalties, the Office of the Information Commissioner have yet to actually hand out a fine."

    Most of the spam offences are committed outside of the UK. I consider this a localised solution to a global problem.
    • I consider this a localised solution to a global problem.

      Coming to think about it, I don't think solution was a good word to use. The laws still would not 'STOP' or stamp out spamming. I should of said...'deterrent' instead.
      • Re:Reason... (Score:3, Insightful)

        Oh, come off it! This isn't a 'deterrent,' or a 'solution,' localised or otherwise. It's not even any use as a 'fig-leaf.' It's just an embarrasment. The UK Government looked at the problem, and waved its hands in the air, and decided to do nothing effective. Luckily, in the Office of the Information Commissioner, they had the perfect enforcer (ha!) ready to do their bidding.
    • See it as an attempt to clean up your own neighbourhood. I don't see anything wrong with that idea (whether the implementation of that idea is good, is another question obviously).
  • by evilandi (2800) <andrew@aoakley.com> on Sunday June 13, 2004 @05:32AM (#9412076) Homepage
    And this compares to the highly successful anti-spam laws of which country, exactly? (Disclaimer: I have a vested interest, I the anti-spam development manager at MessageLabs)
  • by lewko (195646) on Sunday June 13, 2004 @05:35AM (#9412088) Homepage
    Laws are useless unless they are enforced. There is no deterrent if would-be lawbreakers know they either won't get caught, or if caught, won't be significantly punished.

    It's therefore relevant in planning anti-Spam legislation that the legislators consider how they can follow up on whatever laws they draft to make them more than a 'toothless tiger'.
  • British spam (Score:5, Interesting)

    by CdBee (742846) on Sunday June 13, 2004 @05:37AM (#9412094)
    "Get your online next-day tea supplies here"
    "How to understand Americans - get the guidebook!"
    "Sizzling Shots of the Queen - Join today!"

    It all gets rather too much at times.

    More seriously, I'd say in the UK we have more trouble with semi-legitimate opt-out marketing than pure spam, almost all of which seems to come from the USA (yes, re earlier story, particularly Comcast and the baby-Bells)

    There are so many sites in UK cyberspace geared towards getting email addresses for "free newsletters", and any club or association seems to want to send emails with a bare minimum of content and masses of advertising added. This I see as an attempt to legitimise spam, rather than mass-mailing, people are paying asociations and clubs to sell their products for them. Affiliate programs suck, and so many firms have been founded to do just this in the UK.

    How many times must I tell them? I already have enough Tea.
  • Maybe they got their code logic wrong:

    if (potentialSpam.EmailAddress.endsWith(*.uk))
    {
    id(potentialSpam.PotientialSpammer);
    fine(potentialSpam.PotientialSpammer.potentialSpam mer);
    }
    else
    {
    System.out.println("Does not concern us, processing next message...");
    }

    Just J/king
  • Policy conflict... (Score:5, Insightful)

    by cardpuncher (713057) on Sunday June 13, 2004 @06:01AM (#9412148)
    It's quite amusing that while on the one hand expecting ISPs to keep e-mail logs for several years for "security" purposes, another branch of the same government is ensuring that those logs are so full of spam-related noise that it would be infeasible to analyse them in most practical cases.

    Of course, anti-spam legislation is only effective against "legitimate" slimeball businesses. And at present, their contribution is minimal compared to criminal slimeball businesses. The latter cannot only be addressed by technical fixes, after which point legal solutions may have a chance of working.
  • What's the point? (Score:4, Insightful)

    by neilmoore67 (682829) on Sunday June 13, 2004 @06:01AM (#9412149)
    The sad thing is that however strong and well supported the laws are by the community, it's probably not going to make one bit of difference to the amount of crap an individual receives. For a start, UK laws can't stop foreign spammers. Secondly, they are likely to be difficult to enforce even if we know who the culprits are. We have drug laws and anti-terrorism laws in Britain, but does that mean that they are no longer a problem? I think not. IMHO the best way to avoid spam is to take precautions and get some good filters.
    • Re:What's the point? (Score:5, Informative)

      by Andy_R (114137) on Sunday June 13, 2004 @07:06AM (#9412271) Homepage Journal
      Actually, I've found the threat of the law to be quite effective in cutting down the spam that I get. I have quite often I've mailed the head of legitimate organisations that have spammed me because some random 3rd party has mistakenly signed up an address in my domain to their lists, and got some pretty grovelling replies.

      I'm just about to send of my first dozen forms to the OIC, and as with any UK government department, all you need to do to get action is threaten them with their own regulatory body to get action.

      Also, I've picked my targets carefully, some big names that have ignored written warnings.

      Top of my hit list are:

      xmr3.com (uk bulk mailer that pretends it's legitimate)

      Yahoo.co.uk (those adverts at the top and bottom of yahoogroups mails are illegal, but Yahoo think they are above the law)

      Ticketweb.co.uk (claim that every time you buy from them they have thr right to start samming you again)

      - Andy_R
      • Ticketweb.co.uk (claim that every time you buy from them they have thr right to start samming you again)

        They do. IIRC, the law excludes e-mails sent to prior customers.
  • by gilgongo (57446) on Sunday June 13, 2004 @06:02AM (#9412152) Homepage Journal
    > From personal experience, the OIC aren't good at
    > answering email on queries regarding the law

    My personal experience was going to their site to look for guidelines on the use of cookies and the collection of anonymous data. Finding lots of "guidelines" about stuff (which are basically extracts of legal documents it seems), but nothing that seemed relevant, I mailed them my question. Three weeks later I got a reply, which was at least relevant, if amazingly long and almost as confusing as the other stuff on their site that I couldn't undertand either.

    They've got a hell of a long way to go in my opinion. During the trial of Ian Huntely, the police even admitted they were confused about the DPA! What hope is there for the rest of us?

    • During the trial of Ian Huntely, the police even admitted they were confused about the DPA! What hope is there for the rest of us?

      I've no clue. All I can say on this matter is, it's actually pretty simple. A 4 hour training session ought to be enough to get people to understand it, so if the police, or anyone else, has data-handling employees who don't understand it, then they're not providing enough training.
      • Yes, but the devil's in the detail. In the court case, the police said they'd deleted Ian Huntely's files (containing records of him being accused of assaulting minors I think) because of the DPA's stipulation that personal data should only be kept only "for a long as necessary."

        On a course, a teacher will say that data should only be kept for "as long as necessary." The student will ask "How long is that?" and the teacher will say "It depends on the data, the reason it's being kept, and the intended use o
  • ... but I'd call it a "media question bounce" law.

    That is, when some story comes up about spam and a govt. official is interviewed, they can point to the spam law being passed.

    See also Data Protection Act, Freedom of Information Act.

  • by BillsPetMonkey (654200) on Sunday June 13, 2004 @07:08AM (#9412275)
    Is a paper tiger. It was designed that way. You only really find this out when you try to invoke the Data Protection Act 1998 against a data conroller company, and find that it's not designed to protect you, it's designed to safeguard companies holding your data from you.

    The reason the UK spam laws are weak is not a coincidence either. The UK government uses the electoral register to sell your data (regardless of whether you "opt out") to third party marketing companies to get revenue.

    It's not freedom of information as you might know it, it's a case of "do as I say, not as I do".
    • The UK government uses the electoral register to sell your data (regardless of whether you "opt out") to third party marketing companies to get revenue.

      How do you know?

    • by jeremyp (130771) on Sunday June 13, 2004 @10:14AM (#9412820) Homepage Journal
      The UK government uses the electoral register to sell your data (regardless of whether you "opt out") to third party marketing companies to get revenue.

      This is a lie. It's not even maintained at the national level, but at the district council level. By law, anybody can see a copy of the register (under supervised conditions) and certain companies are allowed to use the register for restricted purposes. For example, credit agencies can use it to verify your address. It is illegal for them to pass the data on to anyone else or use it for any but a set of restricted purposes.

      The editted version of the register may be bought by anybody, but you can opt out of that. See here [electoralc...ion.org.uk] for more details.

      • > This is a lie. It's not even maintained at the
        > national level, but at the district council
        > level.

        Agreed - the OP was talking through his bottom, although it's a very widely held belief in the UK - I know lots of people who refused to sign the electoral roll duing the Poll Tax years because of this.

        However, the government's proposed identity card system and the accompanying *centralisation* of just about all citizens' data (electoral and otherwise) could bring about the theft/abuse of such dat
      • Hahaha.

        This is the biggest lie of them all. I stand by my original comment.

        MBNA Credit is a credit company. They also sell credit cards. There's a loophole as wide as goatse for them to abuse their privilige. Do you want me to send the junk mail I get from these companies since signing the electoral register? It can be arranged ....
        • If you have evidence that they have been using the electoral roll to do marketing campaigns you should report them to the Government because they would be breaking the law.

          However, getting lots of junk mail does not constitute evidence. There are any number of sources they could have got that info from.
    • The UK government uses the electoral register to sell your data (regardless of whether you "opt out") to third party marketing companies to get revenue.

      I don't believe this is true. You can pay for an electronic copy of the electoral register, but I believe this has the opt-out parties removed.

      You can inspect the official register and your local council office, which doesn't have the opt-out parties removed, but you can't buy a copy of this version, as far as I'm aware.

      Besides, it's quite clear why the
      • OK, there's a lot of misunderstanding about this. The edited register cannot be sold without the authorisation of the local council. But if you happen to be an "approved" subscriber to this information (ie. you happen to be MBNA Europe or a number of other data controllers), you will have free access to the information regardless of whether voters have opted in or out.

        Yeah, it's an uncomfortable reality. Because the illusion of censure on your own information is important, but it's completely non-existent.
  • until you remember your taxes are paying for it to be outsourced to private sector hosting.

    They, probably, need a paper complaint because they can't prosecute without it -- law enforcement is backwards that way -- justices still wear gowns, for crying out loud! Given that, hosting the PDF through the private company is almost certainly cheaper for the taxpayers.

All warranty and guarantee clauses become null and void upon payment of invoice.

Working...