1 / 27

Spam and E-Security

Spam and E-Security. Bruce Matthews Manager, Anti-Spam Team International Training Program 11 September 2006. Chronology – Spam & the Australian Government. 2002 – Australian Government commences review into problems caused by spam, and potential solutions

clancy
Télécharger la présentation

Spam and E-Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spam and E-Security Bruce Matthews Manager, Anti-Spam Team International Training Program 11 September 2006

  2. Chronology – Spam & the Australian Government • 2002 – Australian Government commences review into problems caused by spam, and potential solutions • April 2003 – Report delivered. Recommended five part strategy, including enactment of legislation • December 2003 – Legislation enacted - Spam Act 2003 • April 2004 – Act becomes enforceable • June 2006 – Report into 2-year review of Act delivered. • No changes to Act recommended.

  3. Five-Part Strategy • Strong enforcement of the Spam Act 2003 • Education and awareness activities • Industry measures • Developing technological solutions and spam-monitoring processes, and • Working internationally to combat spam

  4. Anti-Spam Team

  5. 1. Legislation – Spam Act 2003 • Regulates ‘commercial’ electronic messages only • advertising, promotional, marketing messages • ‘phishing’, Nigerian scams • viruses or harassment messages (if no commercial component) are not regulated by the Act • ‘Technology neutral’ • Covers emails, SMS, MMS, instant messaging • Voice calls and fax currently excluded

  6. 1. Legislation – Spam Act 2003 All commercial electronic messages require: • The consent of the recipient; • Accurate sender information; and • An unsubscribe facility. PLUS: • Address harvesting software and lists prohibited.

  7. 1. Legislation – Spam Act 2003 • “Opt-in” regime – therefore need consent of recipient before sending • Differs from US and other jurisdictions, which are opt-out • Spam Act recently reviewed – June 2006 • Act effective against spammers in Australia • Balances interests of consumers & businesses in legitimate e-marketing • No changes to legislation therefore recommended

  8. 1. ACMA Enforcement of Legislation Under the Spam Act 2003, ACMA is empowered to: • receive complaints about spam (over 2,000 each year); • impose and enforce penalties; • search premises and seize equipment where the Act is breached; and • prosecute offenders in the Federal Court.

  9. 1. ACMA Enforcement of Legislation Complaint Trends

  10. 1. ACMA Enforcement of Legislation Complaint Trends - SMS • Formal complaints are increasingly about SMS spam • Act is ‘technology neutral’ but written for email • SMS messages have 160 character limit: • No meaningful information about consent can be provided • ‘Sender’ is often altered • Unsubscribe facility often omitted • Mobile premium services now account for over 60% of SMS complaints

  11. ACMA Enforcement of Legislation Complaints Process

  12. ACMA Enforcement of LegislationEnforcement Actions • Over 900 companies/individuals directed to comply with the Spam Act– including formal warnings to 11 companies/individuals • Enforceable undertakings accepted from 6 companies/ individuals • Fines issued to 5 companies/individuals • One successful prosecution in the Federal Court

  13. 2. Education and awareness • ACMA aims to increase awareness of spam legislation among consumers & the business & internet industries, by: • providing consumers and businesses with information on how to reduce the amount of spam they receive; • informing businesses that send commercial electronic messages about the requirements the Act places on them, and providing information on how they can avoid sending spam; and • informing internet service providers (ISPs) about their obligations under the Act.

  14. 3. Industry liaison • A cooperative approach is vital to combating spam. ACMA is working in partnership with industry bodies in the following ways: • The e-marketing industry developed a Code of Practice that ACMA registered in March 2005. • The internet industry developed the Internet Industry Spam Code of Practice. It came into effect 16 July 2006. • Both Codes are available on the ACMA website.

  15. 3. Industry liaisonE-Marketing Code of Practice • Developed by marketing and advertising industry bodies • Provides: • specific guidance to the e-marketing industry on compliance with the Act • alternative complaint handling mechanisms • best practice guidelines for e-marketing • Code is strongly supported by the e-marketing industry, currently with 49 signatories

  16. 3. Industry liaisonInternet Industry Spam Code of Practice • Internet Industry Spam Code of Practice December 2005 (the Spam Code) • The Spam Code came into effect on the 16 July 2006 • Applies to all ISPs and Email Service Providers (ESPs) including international ISPs and ESPs • international ESPs treat reports from Australian consumer no less favourably than reports from end users in the country where the ESP is located

  17. 3. Industry liaisonInternet Industry Spam Code of Practice Among other things, the Spam Code requires ISPs/ESPs to: • Have a reasonably prominent link on their home page to a spam information page, which must contain information prescribed by the code • Provide to ACMA 24 hour contacts for spam issues. Currently 33 ISPs have supplied details covering over 90% of Australian end users. • There is an example of an ‘Acceptable User Policy’ statement contained in code

  18. 4. Technological solutions & monitoring • Working in partnership with industry and other government bodies. • ACMA is pursuing the development of effective technological solutions and security measures to reduce spam, as well as monitoring national and global patterns of spamming activity. • The SpamMATTERS system is a key part of this activity.

  19. 4. Technological solutions & monitoring -SpamMATTERS • SpamMATTERS (SM) is a reporting and forensic analysis system developed to help fight spam • The reporting element of SM can be downloaded from the ACMA website as a ‘plug-in’ to either Microsoft Outlook or Microsoft Outlook Express • The plug-ins are free and designed to enable email users to easily report spam to the ACMA • SM can simultaneously delete spam & report it to ACMA • These reports enable ACMA to take enforcement action against Australian spammers and advise overseas countries of spammers operating in their jurisdiction

  20. 4. Technological solutions & monitoring -SpamMATTERS • SpamMATTERS currently has over 100,000 submitters • ACMA has received around 8 million spam emails from submitters since the launch on 30 May 2006 • SpamMATTERS has sorted the spam received into around 1200 discrete campaigns. • Spam is trending away from porn to phishing and fraud type emails. • Phishing emails are becoming increasingly common and sophisticated.

  21. 5. International cooperation • The Australian government is at the forefront of establishing and strengthening spam-reduction arrangements with other countries. • Major ACMA international cooperative arrangements include: • Seoul-Melbourne Spam MoU • London Action Plan • Significant engagement with APEC-TEL and ITU

  22. 5. International cooperationSeoul-Melbourne Spam MoU • Cooperation in anti-spam regulatory frameworks and policies, technical and educational solutions, enforcement support, intelligence exchange, and industry collaboration. • 12 member organisations from 10 economies, all of which are government and/or agencies with government-related functions. • Members are from Asian and Australasian countries • ACMA chairs and provides secretariat support

  23. 5. International cooperationLondon Action Plan (LAP) • Focus is: effective enforcement, law enforcement developments, effective investigative techniques and enforcement strategies, obstacles to effective enforcement, joint consumer and business education projects, joint training sessions, and private sector initiatives and collaboration. • 61 members, including government, industry associations and suppliers. Members are in Europe, America, and Asia.

  24. E-Security • Spam emails are increasingly for malicious purposes, such as e-security compromises • Compromised computers are also the source of a high proportion of spam • ACMA accordingly takes an active role in spam-related e-security issues • ACMA has also developed a software package to reduce the amount of compromised computers operating on Australian networks

  25. E-SecurityAustralian Internet Security Initiative (AISI) • The AISI is a database to collect information on compromised computers. • Compares IP address of compromised computer to a list of IP addresses of Australian ISPs • Advises relevant ISP with a compromised computer on their network of the IP address, for ISP to inform customer and liaise with customer to fix • ISP can disconnect customer but to ACMA’s knowledge this has not happened to date.

  26. E-SecurityAustralian Internet Security Initiative (AISI) • AISI has been tested with 6 ISPs to date. • Trial has demonstrated how effective the AISI is, with all trialling ISPs wishing to continue with the AISI • Extension of trial of ISI is expected in October 2006, in conjunction with DCITA – around 35 ISPs to participate • ACMA will be contacting ISPs before October to ask them to participate

  27. Anti-Spam Team Current Issues • Major investigation of email spammer initiated through information provided by overseas regulator • ‘Missed call’ marketing practices • SMS spam - particularly mobile premium services and interaction with Spam Act • Incorporation of SpamMATTERS data into AST processes

More Related