Ministry of Economic Development Home| Contact MED|


Jump to Site Navigation Links
 
 
 

Links to this page were:

Section Subnavigation Links:

Legislative Issues


Discussion Document

IT and Telecommunications Policy Group Resources and Network Branch
[ Last Updated 14 October 2005 ]


39. The key legislative issues are:

  • Legislative scope - what types of messages should be regulated or prohibited and who should be covered?
  • The consent issue - should an "opt-in" or "opt-out" approach be adopted?
  • Transparency issues - should there be a requirement for electronic messages to:
    • Include accurate sender information?
    • Contain a functional unsubscribe facility?
    • Provide accurate header/subject information?
    • Provide labels if they are advertising or adult messages?
  • Privacy issues - should there be rules against the supply, acquisition or use of address-harvesting software and harvested-address lists?
  • Enforcement issues - what sanctions and/or remedies should be specified/available?

Legislative Scope

40. In determining what types of messages should be regulated or prohibited, a number of questions need to be answered. These are:

  • What message mediums should be caught by the legislation (e.g. email, short message services using mobile phones, faxes, telephones (telemarketing), physical mail delivery)?
  • Do the messages caught by the legislation have to be sent/conveyed to many recipients, and if so, how many?
  • Should he messages caught by the legislation be of a commercial advertising and promotional nature only or should other types of messages be caught? Should there be any exceptions?
  • Should the legislation extend to coverage of acts outside of New Zealand?

41. There is also the question of who should be covered by anti-spam legislation. Should it be just the sender of the message, or should the legislation also cover the "sponsor" of the message (normally the vendor of the product or service being promoted or advertised) and others knowingly a party to the sending of an unlawful message. In the case of telecommunications companies and Internet Service Providers, they are unwitting transmitters of spam and so the general approach in other countries is to exclude them from being covered.

42. The issue of what should constitute consent to the sending of a message will be addressed in the next section.

Message Mediums

43. The approach of the EU is to apply its legislation to fax, email and other electronic messaging systems such as SMS and MMS (Multi-media Messaging Service). Australia's legislation applies to "electronic messages", which also covers emails, faxes and other electronic messaging systems. It does not apply to voice calls. The United States spam legislation is limited in its coverage to electronic mail via the Internet (telemarketing is regulated separately).

44. Difficulties arise in extending the application of anti-spam legislation to traditional direct marketing mediums such as the delivery of material to a physical mailbox and the use of the telephone for telemarketing. The reason for this is that it is the marketer who bears the costs associated with the use of these message mediums, whereas in the case of electronic communications such as email via the Internet, it is the recipient and the recipient's ISP that bears the cost. In the case of Japan, it has a major problem with spam sent via text messages as the cost of such messages is borne by the recipient.

The Issue of "Bulk"

45. Spam messages are typically sent in bulk. The issue is whether or not legislation should address the "bulk" characteristic, and if so, how. The EU directive does not specifically address the bulk aspect of spam, but rather refers to electronic mail sent for the purposes of direct marketing. It would seem that the reference to direct marketing indirectly refers to email sent in bulk, although there may be exceptions.

46. In the Australian legislation the issue of bulk has been addressed in the penalty provisions rather than in the definition provisions, with more penalty points applying if a greater number of messages have been sent. In the United States legislation the offence provisions apply to the transmission of "multiple commercial electronic messages", where the term "multiple" means "more than 100 electronic mail messages during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic mail messages during a 1-year period".

47. The issue of bulk is primarily an issue for people or organisations who are attempting to solve or regulate spam because the concern relates to its collective impact. For the recipients of spam, however, the issue of how many other people may have received a message is generally irrelevant. For them it is the content of the message that is the issue of concern.

48. If individual to individual emails are to be classified as spam (as is the case in the Australian legislation), it would seem that this has the potential to catch emails from an individual who has maybe obtained another individual's email address as a result of an exchange of business cards and has initiated contact over a commercial matter such as an offer to supply goods or services. In this case the email could be described as both "commercial" and "unsolicited" in terms of the Australian legislation, unless consent to the sending of the email could be reasonably inferred.

49. While the above conduct would seem to be no different from sending a letter to the same effect, it is arguable that the sender should send an initial email asking the recipient if they would be interested in receiving this type of information first to expressly cover off the consent issue. While it may be possible to address this sort of situation in the definitions of "commercial" and "unsolicited", requiring that there be a bulk element to spam would be one solution.

What Types of Messages Should Be Caught?

50. Spam messages are typically commercial or promotional in nature. Their content nature may be defined narrowly (e.g. sent for the purposes of direct marketing - EU; the commercial advertisement or promotion of a commercial product or service - USA) to widely (e.g. to offer to supply goods or services, promote goods or services, advertise or promote a supplier of goods or services, offer to supply land or an interest in land, offer to provide or to advertise or promote a business opportunity or investment opportunity, assist or enable a person to dishonestly or deceptively take advantage of another person - Australia).

51. The Australian legislation expressly provides for exclusions from the types of messages caught by its rules. The specified exclusions are messages from government bodies, political parties, religious organisations and charities relating to goods or services supplied by them, and messages from educational institutions to students, former students or households of students or former students relating to goods or services supplied by them.

52. There would seem to be merit in adopting the wider approach taken by the Australian legislation as most people would consider messages as spam and undesirable if they were trying to entice people to participate in a scam just as much as if they were seeking to promote a product or service. The approach to exclusions appears to be based on the idea that there is a public interest in ensuring that certain types of messages with a social value should not be caught as spam.

Extra-Territoriality

53. Given that much of the spam received in New Zealand is sent from overseas, should anti-spam legislation extend to coverage of acts outside of New Zealand? While issues of enforcement and jurisdiction arise there would seem to be merit in adopting this approach, as has been done in Australia. In the Australian legislation it provides that it extends to acts, omissions, matters and things outside Australia and that it applies to commercial electronic messages that have an "Australian link". Messages having an "Australian link" include messages sent from overseas to Australian email account holders.

54. There can be situations where the New Zealand vendor of a product or service arranges for spam promoting or advertising that product or service to be sent from overseas. By providing that the legislation covers acts outside of New Zealand, the New Zealand vendor can then be prosecuted notwithstanding the overseas source of the spam (and assuming that they are covered - see below).

55. In relation to enforcement against persons overseas, this would require co-operation with the authorities from the country concerned. This has occurred with other New Zealand legislation however.

Who Should Be Covered

56. The sender of spam is not the only person who can be a party to the act of spamming. Often a vendor of goods or services will sponsor someone else to do the spamming for them. The Australian legislation has applied its legislation to not only the sender of the message but also those who cause the message to be sent, those who aid, abet, counsel or procure a contravention of the requirements and those who are in any way a party to such a contravention.

Questions for Discussion and Response

5. What message mediums should be caught by the legislation (e.g. email, short message services using mobile phones, Internet instant messaging, faxes, telephones (telemarketing), physical mail delivery)?

6. Do the messages caught by the legislation have to be sent/conveyed to many recipients, and if so, how many?

7. Should the messages caught by the legislation be of a commercial advertising and promotional nature only or should other types of messages be caught? Should there be exceptions and if so what should be exempted?

8. Should the legislation extend to coverage of acts done overseas? If so, what acts should be covered?

9. Should all parties involved in the act of spamming, such as the vendor sponsoring the spamming, be covered by the legislation? Should there be express exceptions such as for telecommunications companies and ISPs?

The Consent Issue - Opt-In or Opt-Out

57. One of the main characteristics of spam is that it is unsolicited and/or unwanted. To address this issue legislators have either provided that electronic commercial messages can only be transmitted if the recipient has expressly or implicitly consented to such transmission (opt-in), or that such messages cannot be transmitted if the recipient has already taken action to indicate to the sender that such messages are unwanted (opt-out).

Opt-In

58. The opt-in approach has been the approach favoured by those opposing spam and by the majority of legislators (e.g. EU, Australia). Some anti-spam groups favour a double opt-in approach whereby the recipient must respond in two different ways to indicate consent. The merit of the opt-in approach is that it places the onus on those wishing to send messages and is thereby more effective in addressing the spam problem. In addition many recipients of spam are reticent to respond with a message to not send any more messages as this can represent a confirmation of an address that leads to more spam.

59. Issues that arise with the opt-in approach are:

  • What conduct/relationships should amount to or be deemed to constitute implicit consent?
  • What is the scope of any opt-in assent?

60. The Australian legislation defines "consent" as meaning "express consent or consent that can reasonably be inferred from the conduct and the business and other relationships of the individual or organisation concerned". This definition does seem to create an area of uncertainty as to what conduct and relationships would result in there being a reasonable inference of consent.

61. The fact that two individuals know one another and have exchanged business cards including their email addresses may, of itself, not be enough to constitute inferred consent to the sending of an email about a "commercial" matter. The question is, is this too restrictive an approach or should the issue be dealt with by defining spam as being the sending of bulk messages, or the sending of messages by someone where the email address of the recipient was not given personally to the sender by the recipient or published? The Australian legislation provides that consent can be inferred from the fact that an email address has been published.

62. A further issue arises concerning the scope of any opt-in assent. If someone does respond to an email by opting in, the question arises of what this should authorise the sender to do. Should this mean that the sender can only send promotional material relating to the subject matter of the email responded to or should the sender be able to send messages relating to different subjects? Should the sender be entitled to pass your email on to other organisations? The approach of the Australian legislation seems to relate the issue of the scope of any "consent" to whether a particular message was expressly consented to or consent could reasonably be inferred.

Opt-Out

63. The opt-out approach has been supported by some direct marketing organisations on the basis that the Internet is a legitimate and efficient way of advertising and promoting goods and services to customers or prospective customers and that its members will respect any response by an individual indicating that they no longer wish to receive such email. The opt-out approach has been adopted by the United States in its CAN-SPAM Act of 2003.

64. The problems with the opt-out approach are:

  • It legitimises anyone sending emails to an individual's mailbox without any assent at all;
  • There is a concern that if an individual responds to a message with an opt-out response that they will confirm their address and end up receiving more spam;
  • It is seen as legitimising the sharing of email address lists by businesses with one another.

65. The above problems with the opt-out approach are seen by anti-spam groups as helping to make the spam problem worse rather than minimise it.

66. Based on the issues and arguments described above, the Government's current preference is towards an opt-in approach. However the Government is wanting feedback from interested groups on their views on this matter.

Questions for Discussion and Response

10. Should New Zealand adopt an opt-in, double opt-in or opt-out approach in legislating against spam? Why?

11. If an opt-in or double opt-in approach was to be adopted, what should amount to express consent and what actions and/or relationships should amount to inferred consent to the sending of a "commercial" electronic message?

12. How should the scope of any opt-in or double opt-in assent be framed?

Transparency Issues

67. Some of the transparency concerns that arise around spam are that the sender is not able to be identified by the recipient from the message, the message does not contain a functional unsubscribe facility, the header/subject information is misleading or inaccurate and there is no clear labelling that the message is of an advertising or adult nature. The lack of transparency associated with spam appears to be designed to avoid identification and detection and avoid anti-spam filter mechanisms.

68. The Australian legislation has specifically addressed the first two of these concerns by providing that a person must not send a commercial electronic message unless the message:

  • clearly and accurately identifies the individual or organisation who authorised the sending of the message; and
  • includes a statement to the effect that the recipient may use an electronic address set out in the message to send an unsubscribe message to the individual or organisation who authorised the sending of the message, and such electronic address is functional.

69. The United States legislation also addresses the concern over misleading or inaccurate header and subject information by providing that it is unlawful for a person to transmit commercial electronic mail messages with materially false header information and with a subject heading that is misleading as to the content of the message.

70. Another way of requiring transparency and to assist in the filtering of spam is to require messages of an advertising or adult nature to include a label such as ADVT (for advertising) and ADLT (for adult).

71. Requiring transparency for commercial electronic messages would seem to have merit as such transparency would assist in minimising the spam problem.

Questions for Discussion and Response

13. Should there be a requirement for commercial electronic messages to accurately identify the sender of the message? If so, what constitutes accurate identification (e.g. name and physical address, name and email address)?

14. Should there be a requirement for commercial electronic messages to include a statement to the effect that the recipient may use an electronic address set out in the message to send an unsubscribe message to the sender, and to ensure that such electronic address is functional?

15. Should there be a requirement that commercial electronic messages provide accurate header and subject information?

16. Should there be a requirement for the labelling of advertising or adult messages?

Privacy Issues - Address Harvesting

72. Address harvesting is the use of computer software to search the Internet for email addresses and then collect and compile those addresses. Spammers use address harvesting to obtain a list of addresses to send messages to. It does raise issues relating to privacy as in many cases the addresses obtained are from sources on the Internet where there was no intention that the addresses be available for any form of public use, such as chat rooms.

73. The Australian legislation sets out rules against the supply, acquisition and use of address-harvesting software and harvested-address lists in connection with the unlawful sending of electronic messages. The Australian approach has been adopted in order to ensure a comprehensive code against all aspects of a spammer's activities.

74. There is an argument that New Zealand's privacy legislation already provides adequate protection against the collection, transfer and use of electronic address information pertaining to an individual without their consent. However, the advantage of specific rules against address harvesting connected with spam activities is that it gives greater tools for enforcement against the actions of spammers and therefore assists to minimise the spam problem.

75. There are some problems involved in seeking to legislate against address harvesting. Address harvesting can be used for legitimate purposes and it can be difficult to determine whether the purpose of address harvesting software is legitimate or not. In addition, if the addresses being harvested are publicly made available on the Internet there is an argument that the sending of unsolicited email messages to those addresses is legitimate as any privacy rights have been forgone.

76. There is also the argument that the key problem with spam is the actual sending of spam messages rather than the collection of email addresses which, by itself, does not cause any harm.

Questions for Discussion and Response

17. Should anti-spam legislation include rules against the supply, acquisition and use of address-harvesting software and harvested-address lists in connection with the unlawful sending of electronic messages?

Enforcement Issues

77. The enforcement issues that arise around any anti-spam legislation concern who may bring an action, whether there should be criminal or civil penalties imposed, what should be the nature of those penalties and what types of remedies should be available.

Who May Bring an Action

78. The general approach to enforcement of anti-spam legislation has been to give a particular government agency primary responsibility for carrying out investigations and taking enforcement action. In Australia that agency is the Australian Communications Authority (ACA) and in the United States it is the Federal Trade Commission (FTC).

79. The approach of the Australian legislation is to give the ACA the right to bring actions for breach of civil penalty provisions and seek injunctions and undertakings while giving victims the right to join any action by the ACA to seek compensation. The approach of the United States legislation is to give the FTC the right to bring both criminal and civil actions while also giving rights to bring particular types of actions to State authorities and to the providers of Internet access services.

80. For individuals or firms that are the recipients and victims of spam, the resources necessary to carry out an investigation and bring court action are generally beyond them, hence the approach of other jurisdictions to assign primary responsibility for this to a government agency. In New Zealand, the agency best placed to take on this role is probably the Commerce Commission, which currently has the responsibility of carrying out investigations under and enforcing the Fair Trading Act. Other possibilities are the Police, Ministry of Consumer Affairs and Department of Internal Affairs.

81. The approach of the United States in giving rights of action to Internet Service Providers would seem to have merit as they can be affected by spam activities in a major way and are more likely to have the resources to take an action. In the United States, for example, four Internet Service Providers have recently taken action under the CAN-SPAM Act against six Internet marketers. There would also seem to be merit in giving victims the right to join actions for the purpose of seeking compensation.

Penalties and Other Remedies

82. Given the costs that spam can impose and the difficulties involved in carrying out a successful court action, the penalties able to be imposed under anti-spam legislation should be sufficient to be able to serve as a deterrent.

83. The penalty options include the imposition of a civil pecuniary penalty (e.g. Australia) and the imposition of a fine or a term of imprisonment (United States).

84. In terms of the amount of any penalty or fine, the New Zealand Fair Trading Act is one possible guide. Under that Act a contravention can result in a maximum fine of $60,000 for individuals or $200,000 for bodies corporate. The maximum penalties under the Australian Spam Act are quite substantial, being $220,000 for a single day's contraventions and $1.1m for further breaches.

85. A further issue is whether the penalty should be in the form of a civil pecuniary penalty or in the form of a fine and/or imprisonment as part of an offence provision. The Commerce Act, for example, imposes civil pecuniary penalties for contraventions of many of its provisions with the ability to seek damages for consequential loss as well as exemplary damages also included. The Fair Trading Act, on the other hand, provides that any person who contravenes specified provisions commits an offence and is liable on summary conviction to a fine.

86. One of the differences between taking the civil penalty approach and the criminal offence approach is that concerning the required standard of proof. For civil proceedings the standard is on the balance of probabilities while for criminal proceedings it is beyond reasonable doubt, which is a stricter standard.

87. Other possible remedies include the ability to seek injunctions against the actions of spammers as well as the ability of victims to seek compensation or damages and the ability to seek exemplary damages.

Powers of Investigation

88. Another issue is what powers should be given to the investigating authority. Under the Fair Trading Act and Commerce Act, for example, the Commerce Commission is given the ability to obtain search warrants to investigate possible contraventions of those Acts. These search warrants confer powers of entry, search, and seizure of evidence in the form of documents and goods. If enforcement is to be effective it would seem that there is merit in the investigating authority having the ability to obtain search warrants.

Questions for Discussion and Response

18. Who should be able to bring an action against an alleged spammer?

19. What agency should have the enforcement role under the legislation?

20. What should be the available penalties and remedies for breaches of anti-spam legislation and what should be the maximum fine or pecuniary penalty?

21. Should contraventions give rise to criminal or civil penalties?

22. Should the responsible enforcement agency be given the ability to obtain search warrants conferring powers of entry, search and seizure?


Back to Top



Jump to main page content.