Nature of the spam offence and investigation process needs Government clarification
Monday 23rd June 2003
The Internet Services Providers’ Association (ISPA UK) has highlighted concerns about the processes used to trace and prosecute spammers and the resources the Authorities are willing to commit to such investigations. The views were expressed in ISPA’s generally supportive submission to the UK consultation on the Privacy and Electronic Communications Directive, the new European law that regulates bulk unsolicited commercial email and other forms of electronic unsolicited commercial communications.
ISPA would like the Department for Trade and Industry to consider how organizations and individuals breaking the new law will be investigated and the action they will face. The Government should clarify whether the act of disseminating bulk unsolicited commercial communications contrary to the Directive will be a criminal or civil offence. The nature of the offence will determine the type of investigation to be pursued by the Authorities and the action to be taken against those who break the law. Furthermore, Government should consider the resource allocation for such investigations.
If the Government determines that sending illegal bulk unsolicited commercial communications is a civil offence then ISPA believes that a clearer framework governing the disclosure of data in relation to the investigation of such offences will be needed. However, if the Government determines that it should be a criminal offence, then the processes set out in the Regulation of Investigatory Powers Act (RIPA) should apply.
Criminal investigations should comply with RIPA
RIPA was introduced to create a single framework to regulate access to communications data by law enforcement agencies for the purpose of criminal investigations only. If it is determined that the sending of illegal electronic unsolicited commercial communications constitutes a criminal offence, ISPA believes that any disclosure of data to assist the investigation should be in line with RIPA requirements and involve the appropriate authorities including the Information Commissioner.
ISPA questions whether the authorities will commit sufficient resources to investigate incidents of spam using the RIPA processes.
Investigating civil offences
A clearer framework for investigations is needed if sending spam is deemed to be a civil offence.
ISPA is concerned that without proper and effective regulation, any requirements to disclose source data for purposes connected with the investigation of civil offences could be too far reaching. The privacy of innocent individuals could be compromised if investigations are conducted on any email sender by claiming they were sending spam.
The need for effective spam laws
Jessica Hendrie-Liaño, Chair of the ISPA Council said, “ISPA believes that an effective legal framework is necessary in order to take action against persistent spammers. Such a framework would reinforce the Internet industry’s self-regulation and the action already taken by many Internet users to limit spam.”
She continued, “ISPA opposes the sending of emails without due regard for applicable law or in contravention of a service provider’s terms and conditions. Spam can be irritating, often offensive and is time consuming for recipients to download and work through. Spam saps ISPs’ valuable bandwidth, can compromise the integrity of a network and affects the performance of mail servers. Combating spam costs ISPs very significant amounts of time and money.”
- ends -
Notes to Editors
For further information, please contact the ISPA Press Office. Email: pressoffice@ispa.org.uk Tel: 020 7340 4535
ISPA
The Internet Services Providers’ Association (ISPA) was established in 1995 as a trade association to represent providers of Internet services in the UK. ISPA promotes competition, self-regulation and the development of the Internet industry. For a list of members or other information about ISPA, please consult the website: http://www.ispa.org.uk
The Privacy and Electronic Communications Directive
The Privacy and Electronic Communications Directive supersedes and updates other laws that relate to electronic unsolicited commercial communications.
The Directive makes the privacy rules that apply to phone and fax services applicable to email and use of the Internet. The Directive sets conditions on the use of traffic, location and subscriber data and regulates the use of communications networks for unsolicited direct marketing by phone, fax, email and SMS.
The Privacy and Electronic Communications Directive clarifies how companies can use mass dissemination of email. Sending bulk unsolicited commercial e-mail (UCE) is prohibited, with limited exceptions. Companies can send UCE to existing customers and selected users that have explicitly consented to receive the information. However the sender must enable the recipients to opt-out of any future unsolicited communications.
The Privacy and Electronic Communications Directive clarifies how companies can use mass dissemination of email. Sending bulk unsolicited commercial e-mail (UCE) is prohibited, with limited exceptions. Companies can send UCE to existing customers and selected users that have explicitly consented to receive the information. However the sender must enable the recipients to opt-out of any future unsolicited communications.
The Privacy and Electronic Communications Directive is due to be incorporated into UK law by October 2003.