EU Legislation No Match for Spam

Critics call the European Union's regionwide legislation to stop spammers fundamentally flawed, so European ISPs and government agencies are resorting to other tactics.

The European Union is introducing regionwide legislation to stop spammers, but even the most enthusiastic member states are not expecting prosecutions any time soon.

Spam is a serious and growing problem in Europe, just as in the United States, and faces the added problem that while European users receive comparable levels of spam to those in America, most of that junk e-mail doesnt originate locally, making the culprits harder to prosecute. The United States is by far the biggest generator of spam, according to figures released this week by security firm Sophos, originating nearly 43 percent of junk e-mail; South Korea, in second place, accounts for only about 15 percent. Germany, France, Spain and the U.K. are also in the top 10, but each sends less than 2 percent of the worlds spam, according to Sophos.

/zimages/6/28571.gifSpam costs and volumes soar despite new laws. Read about it here.

Nevertheless, the EU introduced an anti-spam directive in July of last year, requiring that each member state implement it as national law by October 2003. So far, the directive has not been a success, receiving little support from member states. As of this spring, six months after the deadline, more than half of the EUs member states hadnt yet implemented the law, the offending countries including Germany, France, Belgium, Netherlands, Greece, Portugal, Luxembourg and Finland. Critics charge that the directive is fundamentally flawed in that it allows member states too much leeway in how they choose to implement it.

The U.K. was one of the first countries to bring in its own version of the EUs Privacy and Electronics Communication Directive, in the form of a law that took effect at the end of last year. In some ways, the UKs law is more stringent than legislation elsewhere: Unlike the United States CAN-SPAM act, for example, it requires users to explicitly give their permission to receive an e-mail, unless they are an existing customer.

However, the law only protects personal e-mail addresses, giving no relief to office workers. And the U.K. government agency in charge of enforcement has said that it doesnt expect to mount any prosecutions this year, due to lack of funding and a circuitous enforcement procedure.

The U.K.s Information Commissioners Office said it cannot force a spammer to immediately cease and desist, meaning suspects are free to continue spamming while an investigation takes its course, a process that could take months. And business awareness of the law is low: In a Pitney Bowes survey carried out four months after the law took effect, half of the companies in the telecoms, publishing, banking, insurance and retail sectors were found not to have implemented opt-in procedures.

The law may be doing more harm than good so far. The Spamhaus Project, a pioneering U.K.-based anti-spam organization that maintains a blacklist of known spammers, said spammers appear to have relocated to the U.K. in the wake of the new law, and are actually using it to threaten the project. Spamhaus founder Steve Linford said in June that spammers are now claiming that the law means he has no legal right to block their messages.

U.K. politicians have already called for the law to be overhauled, but the Department of Trade and Industry said it wont consider a review until the law has "bedded in" for several months. "I believe that this legislation needs to be looked at again if Britain isnt to become a pariah nation amongst the global e-community," said Michael Fabricant, the opposition Conservative partys minister for economic affairs, in a speech earlier this year.

Next Page: ISPs resort to other tactics.