Speech by SCIT on "Tackling Spamming: Next Steps"
Following is a speech by the Secretary for Commerce, Industry and Technology, Mr John Tsang, at a luncheon organised by information and communication technology organisations today (February 24):
"Tackling Spamming: Next Steps"
Ladies and Gentlemen,
2. First of all, let me wish you all a prosperous new year of the Rooster. Like they say - "Spring is the best time to make action plans for the rest of the year". I am, therefore, hugely delighted to be able to share with you in the early days of the new spring our action plan in tackling spamming.
3. Spamming, as you all know well, is a problem that is affecting almost everyone in Hong Kong. It takes many forms, from junk fax to junk e-mail to junk voice or video messages on your fixed line or even your mobile telephone. And it will take on other forms as technology develops.
4. To individual consumers, spam is an intrusive nuisance that invades your personal privacy, breaches your IT security with virus and spyware, and transmits illicit contents - from pornography to illegal gambling services and even deceptive business practices.
5. To businesses, spam costs you money in the form of lost worker productivity and the need for network capacity upgrade and information security investment.
6. To e-marketers, spam creates the reactive need for computer users to install anti-spam systems that serve to block inadvertently legitimate messages, thereby reducing the effectiveness of e-marketing campaigns.
7. To telecommunications operators, particularly Internet service providers, spam adds to your operating costs, with additional server capacity to manage anti-spam systems and additional resources to handle customer complaints.
8. Without any doubt, spam has become the major 21st Century problem that affects all of us without any prejudice, and the only difference in treatment between spam victims lies merely in the degree of damage. Recognising the damaging effects of spam on our community, we launched a consultation exercise in June last year, with a view to ascertaining the size of the problem and soliciting views from all stakeholders on how the problem should be tackled. We received in total 42 useful submissions. I would like to take this opportunity to thank the authors of these submissions, and many of them are here today, for all their help in sharing with us their expert input on this very important subject.
Key Findings of Consultation and Latest Developments
9. The submissions confirmed that spam is an increasingly serious problem to Hong Kong adding substantial unnecessary costs to society.
10. Our study reveals that fixed telecommunications network service operators in Hong Kong received over 36 000 complaints on junk fax in 2004. That is an average of some 100 complaints a day.
11. On e-mail, the Hong Kong Internet Service Providers Association, which conducted surveys in October last year among 11 members serving over 90% of Internet users in Hong Kong, found that spam has risen to account for around 60% of all e-mails, with individual members experiencing as much as 90% of their e-mails being spam. The estimated costs of spam to Hong Kong Internet service providers is some HK$5.9 million a month, or some HK$71 million a year. That is certainly not a small sum for a competitive industry!
12. But the biggest costs come from the impact on businesses and consumers in terms of lost productivity. A rough industry estimate in January 2004 put the costs of spam to lost productivity in Hong Kong at a stunning HK$6 billion a year.
13. While there are talks and estimates about the costs of preventing and removing spam, online marketers have been complaining also that certain anti-spam measures have served to dilute their marketing efforts. Asia Digital Marketing Association, representing digital marketers in Asia, made reference to a research carried out by Jupiter Research which revealed that in 2003, marketers in the world lost nearly HK$1.8 billion, from spam filters blocking legitimate messages, and that the estimated costs of such measures to online marketers could go up to HK$3.3 billion by 2008.
14. Spam is certainly growing in numbers, changing its sources and forms as technology develops, and spreading to different applications as convergence begins to take shape in the new communications media environment.
15. According to an anti-spam organization, Spamhaus, spam could account for 95% of all e-mails sent by mid-2006. Spamhaus also warns that the source of incoming spam is changing fast, and Internet service providers are seeing far more spam coming directly from the major mail relays of other Internet service providers.
16. Other than e-mails, a recent study conducted jointly by the University of St. Gallen in Switzerland, and Intrado, a vendor of emergency communications services, with the cooperation of the International Telecommunication Union, the ITU, found that about 80% of mobile phone users worldwide have received spam on their mobile phones. Consumers and operators can expect the mobile spam problem to grow exponentially should the costs of sending such messages go down further.
17. Many mobile operators submit that spamming through Short Messaging Service (SMS) and Multi-media Messaging Service (MMS) is not yet a major nuisance in Hong Kong. However, given such a global trend, we need to maintain a close watching brief on whether this could become a more serious problem as the number of third generation mobile users grow and the attractiveness of SMS and MMS marketing campaign increases.
18. Ladies and gentlemen, there is no doubt in my mind that we need to step up our fight against spamming. Drawing on the views expressed in the submissions and the trend on recent developments, we intend to launch today a campaign entitled "STEPS" in fighting the spam epidemic. Let me explain to you what I have in mind.
Strengthening Existing Regulatory Measure
19. The first letter "S" stands for strengthening existing regulatory measures. In conjunction with relevant industry associations and service providers, we will start work in two areas. The first area is fax. There are already guidelines for fax advertisers, but some of them have ignored these guidelines and continued to spam recipients who have already put their fax numbers on the "not-to-call" list. We will work closely with fixed telecommunications network service providers to penalise such irresponsible marketing behaviour by reducing the timeframe required to cut off their access to telecommunications services, which is their means to send out fax advertisements.
20. The second area is SMS and MMS. We have already promulgated a Code of Practice for mobile network operators on the handling of inter-operator unsolicited promotional SMS. Given the potential growth of the problem involving operators participating in marketing campaigns, we plan to work with the industry to extend this code of practice to cover intra-operator unsolicited messages, such as location-based advertisements sent by our own service providers, so that the code will cover all SMS and MMS unsolicited promotional messages.
21. The second letter "T" stands for technical solutions. We can protect ourselves from spam to a large extent by adopting products with suitable technologies. For service providers, the adoption of such products will improve their services to subscribers and ease the load on their network equipment.
22. While we believe that we should not dictate or recommend individual products or solutions, we can help in the process by facilitating the industry, businesses and consumers to learn more about the latest developments and offerings. We will, therefore, collaborate with the industry in organising seminars, conferences and exhibitions to promote anti-spam technical solutions to all users.
23. The third letter "E" stands for education. Spammers' ultimate goal is for recipients to purchase the products or services on offer. It is, therefore, vital in the fight against spam that the recipients play their part in denying the spammers by not purchasing anything marketed through spam or, better still, not responding to spam at all.
24. To this end, we will work with industry organisations to develop an information campaign on spam to raise the level of awareness and provide accurate information and useful resources to consumers. We will also feature spamming as a topic in the Government's regular promotion and user education events and develop user tips for this purpose.
25. The fourth letter "P" stands for partnerships. By this we mean both local and international partnerships. In Hong Kong, many anti-spam measures need close cooperation among industry members, with the Government playing a coordinating and facilitating role.
26. One possible partnership is the development of a common blacklist to filter spam at the local Internet service provider level. Such a measure requires Internet service providers to share their existing blacklists and contribute information to update the common blacklist in future. We will work with industry organizations to facilitate the process and liaise with relevant authorities to ensure that the sharing of information in developing and maintaining the common blacklists would comply with relevant laws, such as the Personal Data (Privacy) Ordinance.
27. We will also work with industry organizations to develop codes of practice and best practice guidelines for combating spam to enable the Internet service providers with less resources to learn ways to improve their service to subscribers.
28. There is also a global dimension to spam since most spam do come from overseas sources. International partnerships are, therefore, vital in the control of the overall problem. A number of international organizations, such as APEC, OECD, ITU etc. are already developing joint mechanisms to deal with this problem, and Hong Kong will continue to take an active part in the process.
29. In addition, the Commerce, Industry and Technology Bureau will shortly become one of the Founding Signatories of a Multilateral Memorandum of Understanding on Cooperation in Countering Spam. This MoU will facilitate cooperation among Asia-Pacific signatories on many fronts in tackling the spam problem. We will continue to develop international partnerships and play a leading role in the fight against spam.
30. Last but not least, the fifth letter "S" stands for statutory measures. There are already many applicable provisions in existing legislation prohibiting activities that may support spamming.
31. For example, the Telecommunications Ordinance prohibits unauthorised access to computers by means of telecommunications. Actions such as hacking may be an offence under this Ordinance.
32. Under the Crimes Ordinance, if a spammer sends e-mail to a computer causing it to cease functioning, or in a manner which amounts to "misuse of computer", he may have committed an offence of criminal damage under that Ordinance.
33. If e-mails contain the Trojan programme, virus, hacking tools etc. that facilitate senders to gain access to a computer system without authority, he may have committed an offence under the Crimes Ordinance on "access to computers with criminal or dishonest intent".
34. If phishing e-mails are used as vehicles to deceive inadvertent victims, the sender may have committed an offence under the Theft Ordinance.
35. These statutory provisions are already there in our statute book but they are intended for the more serious, criminal nature of spam-related activities. They are not intended to regulate other spam-related activities such as e-marketing by individuals who simply take advantage of the Internet and other communications infrastructure as a low-cost marketing means, for which recipients and service providers have to bear the consequence of abuse.
36. We have taken a long, hard look at the different views contained in the submissions to the consultation, and we have also considered the potential adverse impact on legitimate e-marketing activities and the likely ineffectiveness of legislation against 95% of spam that comes from overseas. We have arrived at the conclusion that, on balance, it would be necessary to enact legislation to regulate spamming. Such a piece of legislation would prevent Hong Kong from becoming a safe haven sheltering illicit spammers. It would also facilitate cooperation with overseas jurisdictions with similar legislation in investigation and enforcement work against spammers.
37. We note that views in the submissions were divided on many aspects of legislation, for example,
- whether legislation should be technology neutral to cover all forms of spam, such as e-mail, SMS, MMS, fax etc.,
- whether the legislation should cover commercial spam only or all spam of unsolicited nature,
- whether the legislation should cover automatically generated voice and video electronic messages,
- whether the legislation should stipulate "opt-in" or "opt-out" requirement,
- whether the legislation should mandate e-mail header labelling requirements,
- whether the legislation should restrict e-mail address harvesting and other practices,
- whether the liability should be civil or criminal in nature,
- and more.
38. We have apparently a great deal more work to do. Many issues related to legislating against spam still need to be resolved. We have at this stage an open mind on the exact form and content of the legislation, but the key is to strike the right balance between the need to discourage spamming on the one hand, and to enable legitimate e-marketing activities to develop properly on the other. We hope to draw on the experience of jurisdictions with anti-spam legislation, including the recent lawsuits in the US, with a view to developing a balanced framework in Hong Kong.
39. Our aim is to work out a legislative framework which is largely acceptable to different stakeholders before we proceed to draft the legislation. We will engage representative stakeholder groups over the next few months for detailed and pragmatic discussions. We intend to introduce the full draft legislation into the Legislative Council some time next year. It is a difficult exercise, and I shall count on your full support in the process.
40. Ladies and gentlemen, I have outlined for you the outcome of the consultation exercise and our intended course of action. You will agree that as technologies develop, techniques used by spammers will only become more sophisticated. The recent development of spamware illustrates the evolving nature of this problem. Take the example of "Send-Safe". It is not only capable of setting up infected PCs, or so-called zombies, to send out spam. It is also capable of disguising their origin as e-mails sent out from zombies' Internet service providers, thereby fooling blacklist filters. Fortunately, we have not all gone over to the dark side. I take heart in the industry meeting the challenge and working on promising projects, such as the Penny Black project, that could fundamentally shift the spam equation by adding cost to spamming with the effective imposition of a "stamp" requirement.
41. This basket of measures that I have described under the "STEPS" campaign marks the beginning of our battle against spam, and the measures will no doubt need to evolve over time. Like computer virus, we may never be able to eradicate the problem. But we aim to contain it as far as possible. In this battle, we need the efforts from all quarters of our community. Our plan sets the scene for a partnership of Government, the ICT industry, the e-marketing industry and the community in a united front. In this, I see no difference in perspective. You are our allies, and I look forward to working closely with you all in controlling this 21st Century problem.
42. Thank you.