By Gabriela Kennedy and Karen Tan
Between November 2000 and April 2002, the Office of the Telecommunications Authority ("OFTA") received a total of 53 complaints of e-mail spamming. The increase of e-mail spam has prompted the Legislative Council to examine the voluntary Anti-spam Code of Practice ("the Code"), adopted in February 2000, and check its adequacy in discouraging e-mail spamming in Hong Kong.
The concerns raised by the Hong Kong government echo international concerns regarding e-mail spamming. Spamming constitutes an invasion of Internet users' online privacy, and it may also increase the cost of accessing and using the Internet. Internet users who pay for their Internet access on a time basis are forced to spend more time online sifting through unsolicited e-mails and end up spending money in downloading e-mail spam. Another consequence of e-mail spam is that it ties up bandwidth and resources on computers and routes all over the Internet. E-mail spam can also disrupt a network and may cause mail servers to crash.
A number of countries have enacted or are planning to enact legislation dealing with email spamming. Under Article 13 of the Directive concerning the processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector Com (2000) 385 ("the Directive"), which has recently been agreed by the European Parliament, a harmonised opt-in approach for unsolicited commercial e-mail will be adopted throughout the European Community. The opt-in system will cover SMS messages and other electronic messages received on any mobile or fixed terminal. The Directive is expected to be formally adopted within a few months.
A number of Member States of the European Community already have legislation which requires opt-in procedures for direct marketing by e-mail. Such countries include Austria, Denmark, Finland, Germany, Greece and Italy. Other Member States, such as Belgium and Spain, are considering draft laws requiring opt-in procedures. When the Directive is adopted, all 15 Member States and European Free Trade Association Members, Norway, Iceland and Lichtenstein will be required to adopt enactment legislation.
In the United States, the draft "Controlling the Assault of Non-Solicited Pornography and Marketing Act" of 2002 ("the CANSPAM Act") (sic) proposes an opt-out system.
At present in Hong Kong, there is no law that prohibits the sending of e-mail spam. Instead, the government has encouraged the Internet industry to exercise self-regulation in tackling spamming. In February 2000, the Hong Kong Internet Service Providers Association ("HKISPA"), OFTA and the Office of the Privacy Commissioner for Personal Data ("PCO") issued the Code. The adoption of the Code is voluntary.
In March 2001, the HKISPA issued a revised anti-spamming code. The revised version of the Code has an extra statement declaring the Code an industry standard to be used by network operators and service providers in combating spam. The Code applies only to ISPs. Content providers are not required to adopt the Code. The rationale for this is that content providers will anyway need to rely on the services provided by ISPs in order to offer free e-mail services.
The Code requires ISPs to introduce provisions in their terms and conditions of service which forbid their customers from engaging in e-mail spamming activities. The Code provides that sanctions such as suspension of services should be imposed on any spammer who ignores such provisions.
Guidelines have also been issued under the Code. They are meant to assist ISPs in tackling e-mail spam in Hong Kong. Although the adoption of the Code is voluntary, to date almost all ISPs in Hong Kong have included terms in their contracts of service prohibiting subscribers from using the ISPs' services for spamming.
In light of a recent increase in e-mail spamming and various legislative developments at the international level, OFTA together with the PCO and HKISPA is conducting a review of the Code. The review is expected to be completed by the third quarter of this year.
Upon review, the Legislative Council may suggest legislation following international trends for an opt-in system or new guidelines and codes of practice against e-mail spamming. ISPs are likely to have to revise their anti-spamming provisions and their customer terms of service to incorporate such changes.
In the meantime, ISPs are free to adopt technical measures to combat spam. The Guidelines issued under the Code suggest, amongst other technical measures, that ISPs should deny outgoing TCP access to the Internet on port 25 (Single Mail Transfer Protocol ("SMTP")).
As of 5 June 2002, Netvigator, Hong Kong's largest ISP, has blocked outgoing mail using SMTP on port 25 by broadband connection (i.e. outgoing mail from second party e-mail SMTP services such as Yahoo! or hotmail) unless the outgoing mail box has been configured to "mail.netvigator.com".
The authors are Consultant and Trainee Solicitor respectively working in the Technology, Media and Telecommunications Group of Lovells, Hong Kong.