12/05/2003 1:35am

By Bruce Slane, Privacy Commissioner

12 May 2003

Hon Paul Swain, MP
Minister of Communications
Parliament Buildings
WELLINGTON

Dear Minister

ANTI-SPAM LAWS

I write to lend my voice to others who have called upon the Government to consider the enactment of anti-spam laws.

I note that the report of the National Office for the Information Economy (NOIE) has recently recommended legislation banning unsolicited email - or spam - for Australia. In an area with such a cross-border dimension as this, there may be merit in remaining in step with Australia. The Australians are not, of course, alone in considering or having legislated against spam. The European Union has done so and the US Congress is reported to be considering doing so. At the end of March I had Dr Hyu-Bong Chung, Secretary General of the Korean Information Security Agency, address the Privacy Issues Forum at the Parliament Buildings in Wellington on anti-spam regulations in Korea. I attach a copy of the paper for your information. (pdf file)

Spam has been universally recognised as both a serious nuisance to individuals and a cost to business. It has been notoriously difficult to tackle effectively. Clearly passing a law to outlaw spam is insufficient of itself. Effective responses are likely to include a mix of technical requirements and controls and cooperative actions by governments, regulators and ISPs. However, the fact that law alone is not enough should not obscure the possibility that it may be a key part of a solution.

Spam can raise issues across traditional areas of law and regulation. Spam can cause consumer protection problems whereby millions of solicitations are made in the hope of attracting a few gullible individuals. Some spam is offensive to many people. The content of other spam is reasonably innocuous but people dislike the growing time taken up in downloading and deleting unwanted messages. Problems are posed for networks and businesses as well.

However, the particular reason that I add my voice to calls for effective responses to spam concerns information privacy. This typically involves using personal information provided for one purpose for another, the marketing purpose of spammers. The automated collection of email addresses through the use of 'spiders' and other automated means facilitates this. The Koreans have, in one part of their law, focused upon the 'harvesting' of email addresses from public spaces on the Internet. It is understood that deceptive practices are sometimes used in obtaining people's email addresses through 'front' web sites or by utilising emails sent in response to mailing list opt-off promises.

Many commentators have remarked on the explosive growth in spam. Spammers have also reacted promptly to various attempts to minimise their impact. Up until now, New Zealand has been able to make a virtue of the fact that spam generally originates somewhere else. However, there may be a risk that in the absence of a legislated response to spam that the spam business may be driven out of other jurisdictions and into New Zealand. A recent profile article in the New Zealand Herald about a New Zealand spammer suggested that he had commenced this line of work after his Russian partners found it more difficult to operate in Europe following EU regulation.

On a closing note, may I draw to your attention that I have issued the Telecommunications Information Privacy Code 2003. This will be publicly announced on Thursday but I enclose an advance copy with an explanatory paper for your information. Of passing relevance to the subject at hand, may I mention that I have included exceptions in the code directed towards supporting network operator responses to actions or threats that may compromise network or service security or integrity.

Yours sincerely

B H Slane
Privacy Commissioner