Select Committee on Science and Technology Minutes of Evidence


Examination of Witnesses (Questions 400 - 407)

WEDNESDAY 24 JANUARY 2007

MR NICHOLAS BOHM, PROFESSOR IAN WALDEN AND MR PHIL JONES

  Q400  Baroness Sharp of Guildford: Do you think that the current UK anti-spam laws are adequate, and if not what should we do to improve them?

  Professor Walden: From a criminal perspective, which is an area I have been concerned with of late, some jurisdictions have criminalised not the sending of spam but actions related to spamming activities, but I think English law is currently sufficient. The Computer Misuse Act would be the most relevant legislation in most circumstances and I do not think the sending of spam per se is necessarily an area for criminal law, and I think the Data Protection Act and associated legislation is more suitable.

  Mr Jones: Just two quick points there. First of all, when you look at the way the Privacy and Electronic Communications Regulations apply to unsolicited emails, rather strangely they do not apply to unsolicited emails sent to a corporate subscriber, that is to a company or an organisation. That is slightly strange because the rules applying to phone calls and to faxes do apply to corporate subscribers. So first of all there is actually a mismatch between what people would traditionally think of as spam, the bulk sending, the indiscriminateness, but the way these regulations apply it distinguishes between the recipient, regardless of the content of the message. That is something which is within the DTI's purview. It does seem slightly odd. They did change the rules fairly recently relating to phone calls, so that would be a possibility.

  Q401  Baroness Sharp of Guildford: Does that explain why I get so much more spam and phishing on my parliamentary email than I do on my NTL one at home?

  Mr Jones: It may well do. It might be because it is also very easy to work out what parliamentary email addresses are. I think they follow a standard format. The other thing which is true is that because the rules are part of the package which applies to phone calls and faxes, the current rules treat them the same in terms of penalty. I am not saying it is impossible, but I think there would be some difficulty in deciding that one form of communication, regardless of its content, was inherently more heinous than another. So I think that would be quite a difficult balance to get right if you were to think of changing the law there.

  Q402  Baroness Sharp of Guildford: How many people in the UK actually send spam, and have there been any prosecutions at all?

  Mr Jones: We have not prosecuted anybody, for two reasons. First of all, we still get far fewer complaints about email than we do about phone calls and faxes, so the action we have taken thus far has been against serial abusers of the fax rules and the phone rules. That is the first point. The second point is that, as I said before, they would only commit an offence when they were subject to an enforcement notice and ignored it. The email complaints that we get at the moment, some of them are not valid because they are actually received by a corporate subscriber, and that I have already explained. Some of them are perfectly legitimate, where a UK company just sort of got things wrong, it had made a mistake, and that is fairly easily put right, but there are some from overseas and others which are good at hiding themselves. But as I say, at the moment the numbers of complaints we receive are much smaller than phone calls.

  Q403  Baroness Sharp of Guildford: I believe a lot of spam emanates from Eastern Europe, and so forth. Is much effort put into identifying the senders of spam?

  Professor Walden: Internet service providers have an incentive to try and address this issue, and again I think in terms of effective law enforcement we do need to look at Internet service providers working in co-operation with each other on an international basis to try and stop this sort of activity. I think the activity which we have seen to date has probably been most effective in that area.

  Q404  Baroness Sharp of Guildford: What about lottery spam and the advance fee fraud scheme? How much investigation is there of these and how much money is being recovered? Have you any idea?

  Professor Walden: I understand from a recent visit to the Serious and Organised Crime Agency that Nigerian 419 fraud has been one of their major areas of activity over recent years. Successfully? I do not have any information about.

  Baroness Sharp of Guildford: No. Thank you very much.

  Chairman: We are really running out of time, but if we can quickly just take the last question.

  Q405  Lord Harris of Haringey: In the USA many prosecutions of spammers have been undertaken as third party actions by AOL, Microsoft, or whatever. Is that possible in the UK, and what would be the arguments for and against doing so, going down that road?

  Professor Walden: With private prosecutions the general default rule under English criminal law is that private prosecutions are perfectly possible. Some legislation actually requires that the Information Commissioner or other regulatory authorities, or the DPP has to lead private prosecutions, but it would be possible under UK law.

  Q406  Lord Harris of Haringey: None of the legislation here, in terms that it might be used against spammers, has that requirement, that it has to be led by the Information Commissioner or that the Attorney-General has to personally sign it off, or anything?

  Professor Walden: I do not believe so. The DPP has the right to take over a private prosecution which has been commenced. For example, under the Computer Misuse Act I could bring a private prosecution.

  Mr Bohm: Some action taken, I think by private parties in America, may have been civil rather than criminal and may have relied on the fact that in the United States class actions are sustainable on a much more simple basis than they seem to be in the UK. I am not a litigation expert, but it does seem that some organisations have succeeded in bringing proceedings representing large numbers of those who have suffered. I think the difficulty where that is not possible is that each individual person who receives spam suffers a pretty small detriment and is not really likely to take action of a burdensome kind to pursue it beyond making a complaint, possibly, whereas if the rules about class actions or representative actions were easier and if the costs rules were different so that you did not have to pay costs when you lost, and indeed if you could recover something substantial when you won, then you might see a litigation solution to the problem. I did want to draw to the Sub-Committee's attention one aspect of spam which is not, I think, always given the attention it deserves, which is one of the consequences. With my volumes of spam I get statistics from my scanning service and I am getting about 40,000 a day at the moment, of which happily I do not see very many, but the result is that in order to trim that down to tolerable proportions—and it is rising steadily, a few months ago it was 20,000—the scanning or filtering which takes place necessarily risks false positives and although I am offered the false positives they can get that wrong. Email is therefore increasingly unreliable as a means of being sure that you have received a communication. It is a side-effect of spam and it is, funnily enough, a side-effect with potential legislative consequences because as the courts become more modernised and willing to rely on email and as other official channels begin to rely on electronic communications, the public at the other end of these are at risk of being told they are deemed to have received something because an email was sent to their last known email address three weeks before, and they simply have not succeeded in retrieving it from intolerable piles of filtered spam. So there is an awkward side-effect which points to a certain amount of need for caution as public services become more electronic. People's security is, in effect, affected because they are deemed to have received communications they have not received.

  Q407  Chairman: That opens up the question of how many filtering systems notify the sender that their message has been filtered out and not delivered.

  Mr Bohm: It assumes, of course, that the senders' systems are capable of noticing responses. Many people send messages, official bodies send messages out saying, "Do not reply. Your reply will not receive attention." Of course, if that bounces, the bounce will not receive attention. So it raises a quite complex delicate question about how these things ought to be done, and indeed where the risk ought to lie, but it is fairly dangerous for the individual to in effect be willing to be bound by emails addressed to them nowadays, given the environment we have.

  Lord Harris of Haringey: That raises quite important problems which we may want to follow up..

  Chairman: I think we should pursue this, yes. We have run out of time, Professor Walden and Mr Bohm. Thank you very much indeed. It has been a very useful session to us and if anything occurs to you that you think we should know, please write to us. Thank you very much.




 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007