For the upcoming Global Symposium for Regulators (GSR) to be held in Hammamet, Tunisia, 14-15 November 2005, just before the second phase of the World Summit on the Information Society (WSIS), the ITU has released a paper by John Palfrey entitled Stemming the International Tide of Spam: a Draft Model Law, which will be presented at the GSR:
This discussion paper primarily takes up the question of what – beyond coordinating with technologists and other countries’ enforcement teams and educating consumers – legislators and regulators might consider by way of legal mechanisms. First, the paper takes up the elements that might be included in an anti-spam law. Second, the paper explores one alternative legal mechanism which might be built into an anti-spam strategy, the establishment of enforceable codes of conduct for Internet Service Providers (ISPs). Third, this paper also examines a variant of the legal approach where ISPs are formally encouraged by regulators to develop their own code of conduct. ISPs should be encouraged to establish and enforce narrowly-drawn codes of conduct that prohibit their users from using that ISP as a source for spamming and related bad acts, such as spoofing and phishing, and not to enter into peering arrangements with ISPs that do not uphold similar codes of conduct. Rather than continue to rely upon chasing individual spammers, regulators in the most resource-constrained countries in particular would be more likely to succeed by working with and through the ISPs that are closer to the source of the problem, to their customers, and to the technology in question. The regulator’s job would be to ensure that ISPs within their jurisdiction adopt adequate codes of conduct as a condition of their operating license and then to enforce adherence to those codes of conduct. The regulator can also play a role in sharing best practices among ISPs and making consumers aware of the good works of the best ISPs. While effectively just shifting the burden of some of the anti-spam enforcement to ISPs is not without clear drawbacks, and cannot alone succeed in stemming the tide of spam, such a policy has a far higher likelihood of success in the developing countries context than the anti-spam enforcement tactics employed to date.