• Home

  • Documents

  • Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email...
19
Spam laws in Spam laws in Australia and Australia and surveillance surveillance Does our Spam Act stop Does our Spam Act stop Spam, or invite routine Spam, or invite routine email surveillance at email surveillance at work? work? David Vaile Executive Director Baker & McKenzie Cyberspace Law and Policy Centre Faculty of Law, University of NSW www.bakercyberlawcentre.org

Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Embed Size (px)

Citation preview

Page 1: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Spam laws in Australia Spam laws in Australia and surveillanceand surveillance

Does our Spam Act stop Spam, Does our Spam Act stop Spam, or invite routine email or invite routine email surveillance at work?surveillance at work?

David VaileExecutive Director

Baker & McKenzie Cyberspace Law and Policy CentreFaculty of Law, University of NSW

www.bakercyberlawcentre.org

Page 2: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Promise more than deliver?Promise more than deliver? Internet: strange beast to Internet: strange beast to regulateregulate

• ‘‘Cyberspace’ out thereCyberspace’ out there• Jurisdiction: none or too much?Jurisdiction: none or too much?

Brave attempts to legislate Brave attempts to legislate • Good intentions and ingenuityGood intentions and ingenuity

But often undermined by a flawBut often undermined by a flaw• Fails to deliver on promiseFails to deliver on promise• Side effects can swamp intended effectsSide effects can swamp intended effects

Page 3: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Email surveillance and SpamEmail surveillance and Spam Spam threatens viability of email systemSpam threatens viability of email system Legislation in 2003, each flawedLegislation in 2003, each flawed IT security seen as ultimate Spam solutionIT security seen as ultimate Spam solution Workplace surveillance as the answer?Workplace surveillance as the answer? Threat to privacy of emailThreat to privacy of email Misses the targetMisses the target

• Won’t workWon’t work• Erosion of trust, collateral damageErosion of trust, collateral damage• Undermine training, organisation intelligenceUndermine training, organisation intelligence

Page 4: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Spam threatens email’s viabilitySpam threatens email’s viability Spam is 2/3 of all email Spam is 2/3 of all email (Messagecare)(Messagecare)

Technical load on infrastructureTechnical load on infrastructure Threat to trust, Internet social bondsThreat to trust, Internet social bonds

• People begin to abandon emailPeople begin to abandon email• Network effect declinesNetwork effect declines

‘‘Tragedy of the Commons’ Tragedy of the Commons’ (Catlett)(Catlett) Market and technical failureMarket and technical failure

Page 5: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Some problems with real SpamSome problems with real Spam ‘‘Epidemic’ of asymmetric attacksEpidemic’ of asymmetric attacks Sender is hiddenSender is hidden Sender is out of jurisdictionSender is out of jurisdiction Spam botsSpam bots

• Address harvestingAddress harvesting• Hybrid worms with built-in mail servers!Hybrid worms with built-in mail servers!

Arms race, cheap technical advancesArms race, cheap technical advances• Eg, Anti-filtering contentEg, Anti-filtering content

Page 6: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

A tale of 2003 Spam lawsA tale of 2003 Spam laws

Reaction to threat to Email systemReaction to threat to Email system California’s Spam lawCalifornia’s Spam law US Federal ‘US Federal ‘CAN-SPAM’ ActCAN-SPAM’ Act Australian Australian Spam ActSpam Act EU Directive EU Directive (not covered)(not covered)

Spot the crippling flaws…Spot the crippling flaws…

Page 7: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Californian Spam laws of 2003Californian Spam laws of 2003

Stricter legislation than AustraliaStricter legislation than Australia Requires prior consent (‘Opt in’)Requires prior consent (‘Opt in’)

• Can’t rely on ‘Unsubscribe’Can’t rely on ‘Unsubscribe’• Unsubscribe is too lateUnsubscribe is too late

‘‘Private right of action’Private right of action’• Anyone could have sued; but …Anyone could have sued; but …

Overridden by CAN SPAM (federal)Overridden by CAN SPAM (federal)

Page 8: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

US CAN SPAM Act 2003US CAN SPAM Act 2003 ‘‘Opt out’ not ‘opt in’Opt out’ not ‘opt in’ Requires only: Requires only:

• Good return addressGood return address• Honour opt out requestHonour opt out request

Over-rides Californian lawOver-rides Californian law Weakens protection drasticallyWeakens protection drastically Triumph of Direct MarketersTriumph of Direct Marketers

Page 9: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Australia’s Spam Act 2003Australia’s Spam Act 2003 A different political balanceA different political balance ADMA accepted ‘Opt in’ (unlike US)ADMA accepted ‘Opt in’ (unlike US) Loopholes to drive a truck through?Loopholes to drive a truck through?

• Exempt bodies, Purely factual messagesExempt bodies, Purely factual messages Dragnet to catch slippery spammersDragnet to catch slippery spammers

• Single message can be Spam!Single message can be Spam! Harsh ‘search and seizure’ powersHarsh ‘search and seizure’ powers

Page 10: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

ConceptsConcepts ‘‘Commercial electronic messages’Commercial electronic messages’ Banned if not solicitedBanned if not solicited Explicit or implicit consentExplicit or implicit consent Covers individual emailsCovers individual emails Drastic fines for repeat offendersDrastic fines for repeat offenders Complex exemptionsComplex exemptions Relationships relevant to the testRelationships relevant to the test

Page 11: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Enforcement of Spam ActEnforcement of Spam Act ACA under-resourcedACA under-resourced ‘‘Softly softly’ policySoftly softly’ policy Target the extreme abusersTarget the extreme abusers Liability net is wide and complexLiability net is wide and complex Many offences not prosecutedMany offences not prosecuted Wide discretion, uncertaintyWide discretion, uncertainty

Page 12: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Risk of Spam Act prosecutionRisk of Spam Act prosecution Liability v. risk of prosecution?Liability v. risk of prosecution? Serious OffencesSerious Offences Huge PenaltiesHuge Penalties But ACA policy, resourcesBut ACA policy, resources Intention needed for offence?Intention needed for offence? Practical risk of single message SpamPractical risk of single message Spam Difficult to frame legal adviceDifficult to frame legal advice

Page 13: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Problems of email at workProblems of email at work Complex Spam liability rulesComplex Spam liability rules Other legal issuesOther legal issues Viruses and securityViruses and security Pornography etc.Pornography etc. Temptation to track everything?Temptation to track everything?

Page 14: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

NSW workplace surveillance lawNSW workplace surveillance law

Announced 30 March 2004Announced 30 March 2004 Workplace surveillance already regulatedWorkplace surveillance already regulated

• ‘‘Strict laws & protocols to restrict employer Strict laws & protocols to restrict employer snooping on workers phone’snooping on workers phone’

Workplace Video Surveillance ActWorkplace Video Surveillance Act To be amended to cover email, other tech.To be amended to cover email, other tech. Prohibits email surveillance Prohibits email surveillance

• Without court order or consentWithout court order or consent Challenges IT control, Spam monitoringChallenges IT control, Spam monitoring

Page 15: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

IssuesIssues Industrial opposition to monitoringIndustrial opposition to monitoring Balance of interestsBalance of interests ‘‘Mutually respectable workplace’Mutually respectable workplace’ Privacy rights protected in a new Privacy rights protected in a new

spheresphere See See Privacy ActsPrivacy Acts Federal and State Federal and State Focus on consent Focus on consent

Page 16: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Bark worse than bite?Bark worse than bite? Act is not passed yetAct is not passed yet Unclear real intentionUnclear real intention Reduce secret surveillanceReduce secret surveillance May just result in forced consentMay just result in forced consent Potential to be stricter - details!Potential to be stricter - details! Any practical effect?Any practical effect? Precedent for other safeguards?Precedent for other safeguards?

Page 17: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

Surveillance stops Spam? Surveillance stops Spam? Divergence of viewsDivergence of views IT solution v people solutionIT solution v people solution What is the problem?What is the problem? After the fact – too lateAfter the fact – too late Not reveal the basis of exemptionsNot reveal the basis of exemptions Inadvertent breaches of the ActInadvertent breaches of the Act

Page 18: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

A better solution?A better solution? Trust and respectTrust and respect Training and peer supportTraining and peer support Sensible policies & goodwillSensible policies & goodwill Cooperation with ACA, ACCC, TIO …Cooperation with ACA, ACCC, TIO … Complaint-based approachComplaint-based approach Review marketing and PRReview marketing and PR Seeking consent is good businessSeeking consent is good business

Page 19: Spam laws in Australia and surveillance Does our Spam Act stop Spam, or invite routine email surveillance at work? David Vaile Executive Director Baker

ConclusionConclusion

Spam law unintended consequencesSpam law unintended consequences Surveillance cultureSurveillance culture New awareness of privacyNew awareness of privacy NSW anti-email surveillance lawNSW anti-email surveillance law Effective risk managementEffective risk management Low risk of prosecutionLow risk of prosecution Better solutionBetter solution


EK Ch 17: Power laws and rich-get-richer phenomena (with an application of Web Spam detection Spam, Damn Spam and Statistics ) Spam, Damn Spam and Statistics

EK Ch 17: Power laws and rich-get-richer phenomena (with an application of Web Spam detection Spam, Damn Spam and Statistics ) Spam, Damn Spam and Statistics

Documents
Spam Overview. What is Spam? Spam is unsolicited email in the form of: Commercial advertising Phishing Virus-generated Spam Scams E.g. Nigerian

Spam Overview. What is Spam? Spam is unsolicited email in the form of: Commercial advertising Phishing Virus-generated Spam Scams E.g. Nigerian

Documents
Handling Spam in Postfix. Computer Center, CS, NCTU 2 Nature of Spam Spam UBE – Unsolicited Bulk Email UCE – Unsolicited Commercial Email Spam There

Handling Spam in Postfix. Computer Center, CS, NCTU 2 Nature of Spam Spam UBE – Unsolicited Bulk Email UCE – Unsolicited Commercial Email Spam There

Documents
Anti-Spam Spam Manager User Guide - Symantecimages.messagelabs.com/.../AntiSpam_SpamManagerUserGuide.pdf · Spanish Swedish About Spam Manager Spam is unwanted email, often promoting

Anti-Spam Spam Manager User Guide - Symantecimages.messagelabs.com/.../AntiSpam_SpamManagerUserGuide.pdf · Spanish Swedish About Spam Manager Spam is unwanted email, often promoting

Documents
Doctor Spam

Doctor Spam

Documents
Detecting Spam and Spam Responses

Detecting Spam and Spam Responses

Documents
Sarah Vaile Recovery Cymru 02920 227 019 sarah@recoverycymru.org.uk

Sarah Vaile Recovery Cymru 02920 227 019 [email protected]

Documents
David Vaile Cyberspace Law and Policy Community, UNSW Law Faculty d.vaile@unsw.edu.au

David Vaile Cyberspace Law and Policy Community, UNSW Law Faculty [email protected]

Documents
Spam and Anti Spam Techniques

Spam and Anti Spam Techniques

Technology
Spam spam spam spam spam SPAM 15 mei 2008 Geert Dewaersegger

Spam spam spam spam spam SPAM 15 mei 2008 Geert Dewaersegger

Documents
Spam Filter

Spam Filter

Technology
Clustering Spam MIT Spam Conference 2008 Phil Tom

Clustering Spam MIT Spam Conference 2008 Phil Tom

Documents
Spam and Anti-Spam By Aditi Desai Yousuf Haider. Agenda Introduction Purpose of Spam Types of Spam Spam Techniques Anti spam Why Spam is so Easy Anti

Spam and Anti-Spam By Aditi Desai Yousuf Haider. Agenda Introduction Purpose of Spam Types of Spam Spam Techniques Anti spam Why Spam is so Easy Anti

Documents
Spam, Spam and More Spamcs5480/notes/spam-lecture-11-Sep-07.pdf · Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst ... • Recipient MTA Filter • TXT dns record on a domain

Spam, Spam and More Spamcs5480/notes/spam-lecture-11-Sep-07.pdf · Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst ... • Recipient MTA Filter • TXT dns record on a domain

Documents
Vaile Crisurilor Nr. 5

Vaile Crisurilor Nr. 5

Documents
CASL vs CAN-SPAM - Canada’s Anti‐Spam Law

CASL vs CAN-SPAM - Canada’s Anti‐Spam Law

Business
Spam Assassin

Spam Assassin

Documents
Exposición Spam

Exposición Spam

Technology
Getting frustrated with Spam; tips to Spam it

Getting frustrated with Spam; tips to Spam it

Technology
Spam Spam Spam Spam

Spam Spam Spam Spam

Documents
Spam Clustering

Spam Clustering

Technology
Telmex Spam

Telmex Spam

Documents
Sendmail Sendmail Advanced Anti-Spam Filter Advanced Anti-Spam

Sendmail Sendmail Advanced Anti-Spam Filter Advanced Anti-Spam

Documents
Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa ... Verdel.pdf · Als er iets is dat ik geleerd heb in de afgelopen 23 jaar waarin ik onderwijs heb mogen genieten, dan

Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa ... Verdel.pdf · Als er iets is dat ik geleerd heb in de afgelopen 23 jaar waarin ik onderwijs heb mogen genieten, dan

Documents
Computer Security Biometrics Digital Watermarking Document Security Video Surveillance Computer Virus Spam Filtering Web-server Log-files Encryption Artificial

Computer Security Biometrics Digital Watermarking Document Security Video Surveillance Computer Virus Spam Filtering Web-server Log-files Encryption Artificial

Documents
SPAM over Internet Telephony - andreas.schmidt.novalyst.deandreas.schmidt.novalyst.de/docs/SPAM over Internet Telephony_edi… · Title: SPAM over Internet Telephony Author: RashAdmin

SPAM over Internet Telephony - andreas.schmidt.novalyst.deandreas.schmidt.novalyst.de/docs/SPAM over Internet Telephony_edi… · Title: SPAM over Internet Telephony Author: RashAdmin

Documents
Uberveillance Ubiquitous online surveillance and computer science – ethical and legal issues David Vaile Co-convenor, Cyberspace Law and Policy Community

Uberveillance Ubiquitous online surveillance and computer science – ethical and legal issues David Vaile Co-convenor, Cyberspace Law and Policy Community

Documents
Michele Michelotto - Padova spam, spam, bacon and spam (convivere con lo spam) Castiadas - Maggio 2004 Michele Michelotto, Fulvia Costa

Michele Michelotto - Padova spam, spam, bacon and spam (convivere con lo spam) Castiadas - Maggio 2004 Michele Michelotto, Fulvia Costa

Documents
David Vaile Co-convenor Cyberspace Law and Policy Community

David Vaile Co-convenor Cyberspace Law and Policy Community

Documents
Spam presentation

Spam presentation

Software