The final version of a paper commissioned by the ITU entitled A Comparative Analysis of Spam Laws: The Quest for a Model Law (PDF) has been released. The paper was authored by Derek E. Bambauer, John G. Palfrey, Jr., and David E. Abrams, Berkman Center for Internet & Society, Harvard Law School, for the ITU WSIS Thematic Meeting on Cybersecurity held in Geneva, 28 June - 1 July 2005.
Spam presents a significant challenge to users, Internet service providers, states, and legal systems worldwide. The costs of spam are significant and growing, and the increasing volume of spam threatens to destroy the utility of electronic mail communications.
The Chairman’s Report from the ITU WSIS Thematic Meeting on Countering Spam in July 2004 emphasized the importance of a multi-faceted approach to solving the problem of spam and named legal governance as one of the necessary means. Our paper focuses on the potential nature of the legal regulation of spam, specifically the importance of harmonizing regulations in the form of a model spam law. We agree with the Chairman that the law is only one means towards this end and we urge regulators to incorporate other modes of control into their efforts, including technical methods, market-based means, and norm-based modalities.
Spam uniquely challenges regulation because it easily transverses borders. The sender of a message, the server that transmits it, and the recipient who reads it may be located in three different states, all of which are under unique legal governance. If spam laws are not aligned in these states, enforcement will suffer because the very differences between spam laws may mean that a violation in one state is a permissible action in another. Moreover, spammers have an incentive to locate operations in places with less regulation, and the opportunity to states to create a domestic spam hosting market may engage them in a race to the bottom.
Harmonizing laws that regulate spam offers considerable benefits, insofar as a model law could assist in establishing a framework for cross-border enforcement collaboration. To those enforcing the regulation of spam, harmonization as a model law effort offers: clear guidelines, easy adoption, enhanced enforcement, stronger norms, fewer havens for spammers, and the increased sharing of best practices. If such regulators then agree that harmonization can aid legal regimes intent on curbing spam, they must initially address four critical tasks: defining prohibited content, setting default rules for contacting recipients, harmonizing existing laws, and enforcing such rules effectively. This legal approach must be concurrently matched by efforts that employ other modes of regulation, such as technical measures, user education, and market-based approaches.
Our analysis of existing spam legislation gathered by the ITU Strategy and Policy Unit evaluated these laws’ elements to determine whether they were commonly included or not, and whether provisions were uniformly implemented or varying when present. Our research documents seven instances in which extant laws strongly converge: a focus on commercial content, the mandatory disclosure of sender/advertiser/routing, bans on fraudulent or misleading content, bans on automated collection or generation of recipient addresses, the permission to contact recipients where there is an existing relationship, the requirement to allow recipients to refuse future messages, and a mix of graduated civil and criminal liability. Also documented are five key areas of disagreement which are vital to a harmonized spam law but which have evaded consensus thus far: a prior consent requirement for contacting recipients, a designated enforcer, label requirements for spam messages, the definition of spam (whether it is limited to e-mail communication, or includes other applications, such as SMS), and the jurisdictional reach of the system’s spam laws. Naturally, a harmonization effort must tackle and narrow these zones of divergence in order to succeed.
Spam laws, whether harmonized or not, are at best only part of the solution to the spam problem and must be developed in concert with technical, market, and norms-based tools if the scourge of spam is to be substantially reduced. Efforts to harmonize the legal regulation of spam can serve as one effective means to solving the unique challenges spam presents. A model spam law is possible to develop, despite the many differences among the world’s spam laws.