If your inbox is anything like mine, it's been assaulted by
spam over the past few weeks. Rather frustratingly, the spam has
come from a legitimate email addresses within my contacts. Despite
multiple reminders from our IT department telling us to 'delete
delete delete', curiosity has certainly tempted me to click on
the link to see what all the fuss is about. It's raised the
question though, what exactly is spam? How have the wily cyber
spammer vigilantes got email into my inbox, and what punishment do
they face if caught?
The first thought is that these emails are spam, so the
Unsolicited Electronic Messages Act 2007 (UEMA) may apply. The
sections of that Act prohibit unsolicited commercial electronic
messages being sent by, or to, New Zealand held electronic
addresses, it also requires senders to ensure that commercial
electronic messages are sent with accurate sender information and a
working opt-out mechanism. This definition captures what we
commonly refer to as spam, such as those misleading emails you
receive with an odd subject line and a single link included.
From what the media is suggesting, it seems that a wily spammer
has hacked their way into the vaults of one particular email
platform provider and helped themselves to email addresses,
usernames and passwords. They have then (allegedly) logged in to
individual email accounts and sent spam to various contacts held by
the associated address book. The email address owner has had no
idea the messages have been sent. The account owner, it seems,
could face liability under the UEMA as the email came from the
email account that they control. UEMA's watchdog, the
Department of Internal Affairs did contemplate this situation, as
it included the 'I know nothing' defense in section 12. So
it seems the unsuspecting email account owner, luckily in this
case, is spared from liability.
What about the wily cyber spammer/hacker? What liability does
that person face? In addition to potential liability under the
UEMA, buried within the Crimes Act 1961 are the sections on
computer misuse, which prohibit access to a computer system for
dishonest gain and access to a computer system without
authorisation. The wily spammer has made two separate hacks in this
scenario, one into the email platform to take the email addresses,
usernames and passwords, and the second into the particular email
account to send the spam email. As such, both of these charges
could be pursued, with maximum prison time ranging from two to
Due to all sorts of reasons that are too complex to go into here
it would be unusual for the wily spammer to be located in New
Zealand. Proceedings under the UEMA or the Crimes Act would be
difficult if the suspect is located overseas. It would require
co-operation between countries and extradition. We have seen how
difficult this can be with the likes of Kim Dotcom and Julian
The privacy issues in this situation are concerning. As well as
the data that the wily spammer has accessed while within the vaults
of the email platform provider, the wily spammer may have also had
access to all of your personal information stored within your email
account. In my case, this would be flight details, hotel
reservations, insurance details and so on. Regardless of your
password strength, if the email platform provider lets you down
with poor security, then all is lost. I'm sure the Privacy
Commissioner will be a little concerned.
Overall, it seems spam is here to stay. Just like the rogue
flyer that makes it into your mail box despite your 'no
circulars' sign, spammers will (with time) find ways to
outsmart the latest IT security.
Ensuring that you use strong passwords, an email provider with a
good security track record and robust spam filters are essential
elements within your control to limit your risk.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Interplay of technologies such as social media, cloud, analytics and mobility is changing the way marketing is done and the digitally savvy consumer is targeted using various mediums at any time of the day and everywhere.
Gambling in India is regulated by the Public Gambling Act, which specifically prohibits public gambling and running or being in charge of a common gaming house.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).