Issue 11: June 2004
Previous
editions
In this edition:
Countering spam (www.itu.int/spam)
1. Countering
spam: an overview
2. Spam is also on our mobile
phones
3. Digital Bridges Initiative
4. Related links
As
reported in the May issue of the ITU Strategy and
Policy Unit Monthly News Flash, ITU is organizing a WSIS
Thematic Meeting on Countering Spam* from 7 to 9 July 2004,
in Geneva, Switzerland. The meeting is open to ITU Member States and
Sector Members, Member States of the United Nations, international
organizations, WSIS-accredited non-governmental organizations and civil
society and accredited business entities. Discussion during the meeting
will be structured around five main themes: scope of the problem;
technical solutions; consumer and small business education and
awareness; legislation and enforcement; and international cooperation. Background information and
documents pertaining to the workshop and workshop are published on the
ITU website at: http://www.itu.int/spam
The
following articles further introduce the topic of spam, which is fast
becoming top priority issue for operators and service providers, users,
policy-makers and government regulators worldwide.
|
|
1. Countering spam: an overview
Unsolicited
e-mail (colloquially known as "spam") has grown to become a
problem for the majority of Internet users in the world. Although there
is no "silver bullet" solution that can completely eradicate
all spam, there are many solutions that can effectively reduce the
amount of spam that reaches end-users. Stakeholders
agree that a multi-pronged and cooperative approach to the problem is
clearly necessary.
There is little mystery to the burgeoning expansion of
spamming activity: if it has become such a widespread problem, it is
because it is financially profitable. Recent studies indicate that a
response rate as low as 1 response per 100'000 "spam" e-mails
sent, allows spammers to recover their costs. This is due to the low
start-up costs for spammers, and the marginal cost of sending spam,
which is virtually zero (it has been estimated that it costs just 0.05
US cents to send each e-mail). Furthermore, the Internet architecture,
based on Simple Mail Transfer Protocol (SMTP), is intrinsically
insecure, allowing spammers to operate anonymously and to evade law
enforcement. Last, but not least, in spite of widespread attempts to
increase consumer awareness of the risks involved in responding to
unsolicited e-mail offers over the Internet, there are still those who
do respond and lose money to spammers.
Aspects of effectively countering spam should therefore
include intervention to drive up the cost of spamming and to remove the
cloak of anonymity that spammers hide behind. Various legal and
technical measures, along with closer collaboration and exchange between
the public and private sectors, could greatly contribute to this.
Technical solutions
Technically
speaking, there are three different stages in the e-mail system where
measures to curb spam could be implemented: at the source, where e-mail
is sent out, at the destination, where the e‑mail is received, and
finally, at the end-user point (i.e. the e-mail clients themselves). At
each stage, various technical solutions are possible (see Figure 1).
Figure
1: Overview of anti-spam solutions |
|
|
- Rate
Limiting
- Authentication
- Payment
|
- Rate
Limiting
- Reputation
System
- Checksum
|
- Static
Filtering
- Adaptive
Filtering
- Reputation
System
|
The
lesson to be learnt from the spiraling "war" against spam at
the technical level is that technical measures need to be combined with
effective legal action. With this dual-track approach, such measures
could drive up the cost of spamming until it is either "too
risky" or no longer profitable for spammers.
Effective
enforcement of anti-spam laws
Implementing appropriate anti-spam legislation is
critical, therefore, in fighting spam. To date, there are fundamentally
two main legislative approaches that have been taken. The first of these
considers unsolicited commercial communications as an invasion of
individual privacy, and requires that the sender either obtain the
advance authorization of the recipient, or have an existing business
relationship with them. The second considers unsolicited marketing
messages as legitimate, as long as the recipient has the possibility of
opting out (i.e. to ask not to receive messages from a given company).
To date, several countries have established their own ad
hoc legislation to address spam. However, the enforcement rate is
still very low, and - whichever approach is used - pursuing spammers
remains too onerous in terms of cost and difficulty.
This largely because the vast majority of laws passed
to date can be defined as "sentiment laws" in the sense that
they convey a strong message about a community sentiment, but do not
foresee adequate preventative or enforcement measures.
For this reason, many commentators agree that laws
should focus on the tools prosecutors need to make
anti-spam laws enforceable. Next-generation legislation, it is argued,
must move beyond mere sentiment to real action. Where possible, new
anti-spam laws must decrease the costs faced by prosecutors and increase
the likelihood of success at trial. While legislation alone cannot
completely rid the world of the problem of spam, it can make a
substantial contribution.
"Curbing Spam via Technical
Measures: An overview" and "How to Craft an Effective
Anti-Spam Law", background papers will be soon available at http://www.itu.int/spam, and excerpts
to be presented at the meeting.
*
Organized as a candidate World Summit on the Information Society (WSIS)
Thematic meeting for the Tunis phase of WSIS in 2005. Designation of the
thematic event will be made by the WSIS process. More information on
WSIS is available at: http://www.itu.int/wsis.
2.
Spam
is also on our mobile phones
The problem of spam is not only affecting e-mail
services, but is growing to affect other kinds of electronic
communications, such as mobile messaging.
The use of messaging - from simple SMS to MMS and
e-mailing - has become widespread the world over, and the convergence of
mobile with Internet- and IP-based technologies (such as
third-generation mobile services and the wireless Internet) is raising a
host of possibilities for innovative applications and new modes of
interaction.
These developments have important implications as
regards the growth of spam. As the third generation of wireless networks
emerges, location-based advertising directed to mobiles will also grow,
raising privacy concerns, affecting reliability of services and their
future development. A number of mobile operators consider that mobile
spam will never extend to the same level as PC-based e-mail spam, as
mobile technologies - in contrast to the Internet - were not conceived
as an open network, and costs are precisely allocated.
These specificities of mobile certainly help to
diminish the major motives for spammers (the low cost of sending
thousands of e-mails and the anonymity of the spammer, ensured in the
case of standard e-mails by the difficulty of tracing senders). However,
two other factors have to be borne in mind where the risks for mobile
are concerned. First, in several countries, the receiving party pays for
messages sent over a mobile; second, the growing interaction between
Internet and mobile technologies is bringing problems that were hitherto
limited to the Internet.
In Japan, where the "receiving party pays"
system is used, it has been estimated that some 90 per cent of spam is
sent to mobile phones, consisting largely of advertisements for dating
websites. NTT DoCoMo, a major mobile operator in Japan, has experienced
significant problems owing to the fact that mobile messaging was
established with an open e-mail approach. The company is currently
studying solutions to help its customers, providing tools and filters to
block unsolicited incoming messages, as well as giving warnings to users
about dissemination of their addresses. They have even gone as far as
providing compensatory free messages, to cover unwanted messages
received in an effort to maintain customer satisfaction with their
services. Japanese legislators have addressed this issue and specific
measures are foreseen for unsolicited messages sent to mobile devices.
Problems with mobile spam have also been encountered
in the United States, where in many cases the receiver pays for SMS, and
open e-mail to SMS gateways still exist. During a recent conference on Messaging
Anti-Abuse, held in London in June 2004, it was reported the US
operator "Sprint" has to block up to three million messages a
day - a figure which may keep growing and which should certainly alert
others to the potential problems ahead.
Many direct marketers now consider that advertising
directed to mobile devices may be even more effective and successful
than e-mail marketing. Aware of the danger of mobile spam, some
marketing associations are developing codes of conduct, and hope that
the fear of spam will not hamper the potential of m-marketing and
m-commerce.
Generally, consumers appear to be more sensitive to
mobile spam because mobile devices are more personal, and closer to the
user. Mobile spam is considered as a greater invasion of privacy, and
its effect can be even more disruptive than computer spamming. For this
reason, operators are hesitant to launch services with increased
interactivity with the Internet; for fear that they may bring more spam
to mobiles. Mobile operators are, however, also active in trying to
address spam, for example by adopting self-regulation to try to
coordinate their actions and face the problem in a timely and effective
manner.
Yet, ironically most mobile
users have experienced messages from operators welcoming them to a new
network when they take their mobile phones abroad; typically with
solicitations to use tourist-directed services. To address the
above-mentioned concerns, and so as not to be outpaced by the rapid
evolution of services, legislation should be conceived to be
"technology neutral" and flexible enough to cover new kinds of
electronic communications.
The need for flexibility and coordination is obvious
when one considers that the content of mobile spam can vary, and the
definition of what it is - or it is not - has still to be established.
Deciding what constitutes legitimate, and what illegitimate messaging is
no mean feat, when one considers the range of content that has appeared
to date (content that is perhaps only the tip of the unsolicited
messaging iceberg). While advertisements for dating websites account for
a large proportion of unsolicited messages in Japan (around 80 per
cent), messages from operators advertising promotions and game prices
are common in a number of European countries. Italian mobile-owners even
recently received a message from the Presidency of the Ministry
reminding them to vote for European elections. Finally, the risk of
becoming a victim of mobile spam is perhaps higher than one may assume:
the gathering of mobile phone numbers is already under way by spammers.
For example, websites offering ring tones and logo downloads have
already become the target of mobile phone number harvesting. Again,
privacy is the primary concern here, but the negative impact of a drop
in efficiency and reliability of messaging services - whose success is
founded on their simplicity and moderate costs - is also a major issue
and now threatened by spam.
The background paper "Spam: A
threat to the Information Society" will soon be available
online at: http://www.itu.int/spam.
3. New Digital Bridges Initiative
ITU
and the Korean MIC sign a Memorandum of Understanding
Broadband
is flourishing in many economies, especially in East Asia. The Republic
of Korea's high-speed broadband penetration is nearing 80 per cent of
households and connection speeds have reached 40 Mbit/s (roughly 700
times faster than a dial-up connection). However, most people in the
developing world still have no access to even simple dial-up Internet
access. This vast inequality in access to information is creating an
information digital divide that threatens to slow the formation of a
truly global, inclusive information society.
The
International Telecommunication Union (ITU) and the Ministry of
Information and Communication of the Republic of Korea (MIC) have come
together to form a new partnership aimed at helping achieve the
internationally agreed goals of WSIS on bridging the digital divide.
This new and ongoing project will be called the Digital
Bridges Initiative and will provide new tools necessary to
measure the digital divide as well as policy and technical
expertise to help close the measured gaps. In addition it will provide a financial contribution to
promoting the success of WSIS.
The
main outputs of this venture will be as follows:
·
Creation
of a worldwide, authoritative, digital opportunity index;
·
A
new series of workshops, case studies, and official publications
focusing on technologies, policies, and best practices for bridging the
digital divide;
·
Analysis
of appropriate technologies aimed at narrowing the digital gap between
developed and developing countries;
·
A financial contribution
to WSIS.
By
working together and combining expertise and resources, ITU and MIC are
endeavoring to pursue a world where all can participate in, and benefit
from, the information society.
Further
information on the initiative will shortly become available at: http://www.itu.int/digitalbridges.
4. Related Links
For
a list of the authorities which deal with spam in different countries,
together with relevant legislation, please visit the new ITU website on
"World
authorities and laws regarding spam" (updated
regularly).
ITU
Activities on Countering Spam
ITU
WSIS Thematic Meeting on Countering Spam
Draft
Agenda for ITU WSIS Thematic Meeting on Countering Spam
ITU
Newslog on Spam
For
further information on Strategy
and Policy
Unit Monthly News Flash, please
contact: ITU Strategy and Policy Unit, International
Telecommunication Union, Place des Nations, CH-1211 Geneva 20
(Switzerland). Fax: +41 22 730 6453. E-mail: spumail@itu.int
. Website: www.itu.int/spu/
|
|