The Next Wave of ASEAN Consumer Protection in Telecommunications
Chinang Rai Province, Thailand
Hong Kong experience:
The“Do-not-call”movement (non-voice)
Ms. Connie Lau
Chief Executive
Hong Kong Consumer Council
Introduction
A constant challenge for consumer advocates over the years has been to protect consumers from intrusive and unwanted attempts by businesses that use telecommunications to advertise their products and make sales. The common refrain heard from consumers is“don' t call me, I' ll call you!”
Apart from the invasive nature of these attempts and their assault on privacy, it is often the case that while some are legitimate businesses that are merely seeking new marketing methods, a large number of them engage in misleading and deceptive conduct; or outright fraud. These unwanted messages cover faxes, SMS, prerecorded phone messages, and especially email messages.
In keeping with one of the claimed origins of the term, as 'Stupid Pointless Annoying Emails' , the common name for all unsolicited calls, not just emails, is now 'spam' . This term covers any unsolicited or indiscriminate bulk message sent electronically. Moreover, it covers not only commercial advertising , but also attempts to defraud consumers, or infect and hijack their computers.
According to a report in the New York Times this month, an estimated 94% of all email today is spam, which equates to over 100 billion messages every day. This figure is an increase on that calculated by other similar industry players in 2008 which came up with figures of around 79% to 85%.
Hong Kong Experience
Hong Kong has one of the most sophisticated and successful telecommunications markets in the world. And unfortunately, the emergence and growth of spam as aproblem has mirrored Hong Kong' s success in this sector. In fact, one industry player has claimed that Hong Kong was the most spammed region worldwide in 2008 with aspam ratio of 81%. According to the industry player, the spam ratio for Hong Kong reflected the percentage of spam emails received by their spam traps situated in Hong Kong before any spam filtering was applied.
Therefore, with the application of spam filtering measures by ISPs and users, the actual number of spam emails received by an email user in Hong Kong would be much lower than the figures reported by the industry player.
In addition, many international and regional companies have chosen Hong Kong as their communication hub and located their servers here while their offices are situated outside Hong Kong. Spam emails that pass through the communications hub in Hong Kong to other countries would therefore be counted as spam emails received in Hong Kong.
Nevertheless, the problem is still real, and challenges are ongoing. As a result, the Hong Kong Government has formed a special 'Anti-spamming Task Force' to coordinate the work of various agencies involved in the sector, including the telecommunications regulator OFTA, and the Hong Kong Consumer Council.
The measures that have been taken, and continue to be taken follow the principles identified in the Hong Kong Government' s campaign; called by the acronym 'STEPS' . The measures are:
S – Strengthening existing regulatory measures
T – Technical Solutions
E – Education
P – Partnerships
S – Statutory measures
Strengthening existing regulatory measures, and statutory measures
Hong Kong has introduced similar legislative responses to spam as found in other countries such as the UK, US and Australia. In Hong Kong the primary legislative response has been the 2007 Unsolicited Electronic Messages Ordinance (the Ordinance) . This requires senders of commercial electronic messages to
- provide clear and accurate sender information in the message;
- provide an unsubscribe facility and an unsubscribe facility statement in the message;
- honour unsubscribe requests within ten (10) working days after the request has been sent;
- not send commercial electronic messages to any telephone or fax number registered in a 'Do-not-call Register' starting from the tenth (10) working day of its registration, unless consent has been given by the registered user of the relevant telephone or fax number;
- not hide the calling line identification information when sending messages from telephone or fax numbers; and
- not send email messages with misleading subject headings.
In addition, the Ordinance also prohibits:
- the use of unscrupulous techniques to expand the reach of commercial electronic messages; and
- fraud and other illicit activities related to the sending of multiple commercial electronic messages.
However, as we all know, legislation by itself is not an answer. In large part, all it can do is serve as a standard of conduct for law abiding citizens. While this does have an effect of limiting behaviour, and a basis for consumers to enforce a 'do not call’preference, there are always those for whom the law is simply something to be avoided and for which loopholes can be designed. In addition, it might not always be clear as to what is legitimate and illegitimate marketing conduct, and how strict the law, and penalties should be. Much depends on the culture of the environment in which the law is introduced.
In Hong Kong, the telecommunications regulator administers a procedure whereby a sender believed to be contravening the Ordinance can be sent an advisory letter requiring the sender to observe the requirements under the Ordinance. The objective is to give the person an opportunity to rectify the situation, and may lead to an investigation. If a sender is found to have contravened the Ordinance a warning letter can be sent. Up to March 2009, OFTA had sent 71 warning letters, and only one of these has resulted in further action through the is suing of an enforcement notice directing the sender to stop the contravention, under threat of penalty.
In effect, unsolicited emails can also be a host up on which greater evils exist. The emails that give rise to most concern are those that invade privacy and attempt to defraud through misleading and deceptive conduct. Hong Kong’s existing laws regarding privacy and fraud are relevant here. However, as with most things, there is a constant need to maintain the relevance of various laws in the face of an ever changing environment.
A natural consequence of problems that emerge from the misuse of technology for improper business purposes, is the emergence of technical solutions from other businesses, at a price, to prevent those problems from occurring.
The industry has responded, and continues to respond through the development of various technical measures. For example, firewalls, anti-virus software and intrusion detection systems.
What we as consumer advocates can do, is to publicise information on technical developments through our newsletters and magazines and offer consumers objective assessment of the value of the technological solutions on offer. In this way, the free market can work effectively to keep pace with well informed demand for relevant products.
For example, the Consumer Council has published the results of tests conducted on 18 forms of internet security software, rating the products on protection performance, ease of use, management and resources, documentation, installation and uninstallation procedures. Interestingly, on protection performance, the test results showed that only 4 software could detect all the malware in the virus scan test, such as as trojan horses, worms and marcoviruses. This result only reinforced the fact that the industry is constantly playing a game of‘catch up’as viruses mutate and attempt to keep one step ahead.
One way to assist in the continuing development of protection measures is to facilitate the sharing of information on problems that are emerging, and the solutions that are being developed. Of course this should only be done in a way that does not compromise effective competition. In Hong Kong, the Government cooperates with industry and solution providers to promote anti-spam technical solutions and facilitate relevant work on research and development. For example, a dedicated website theme page has been developed to enable the public to learn more about the latest technical solutions .
The theme page lists a number of seminars and conferences that have been organised on the issue of spam, and provides handy links to technical papers that address spam and the various technical solutions that have been attempted.
Education
It is true of most problems faced by consumers that education is the primary means by which they can be protected from many of the perils they face in the marketplace. Education is just as important in the area of spamming.
Often, the biggest threats to consumers’own security is their naivety, and in some cases unfortunately, greed. Consumers might install the strongest firewalls, the best anti-virus software and the most robust intrusion detection systems, but will still fall prey to trickery by online thieves. This form of trickery where consumers are deceived into a false sense of security, or that they are recipients of good fortune, is sometimes referred to as‘social engineering .
It is unfortunate that many consumers today still ignore that old saying “if it sounds too good to be true, it probably isn't”. And despite continued warnings, they still ignore basic rules regarding password security.
As consumer advocates we have a duty to continually reinforce basic messages, and remind consumers that they also have a responsibility in this area, while keeping them updated on the latest scams that arise.
In this regard, the Hong Kong Government has launched a dedicated website, for those willing to learn more, which promotes public awareness on anti-spamming and tips and guidelines to tackle spam. The Government also broadcasts radio programmes to disseminate anti-spam messages, produces teaching materials for primary and secondary schools to educate youngsters , and arranges public exhibitions on the subject. The Consumer Council also has an extensive education function with regard to consumer protection, and contributes in this regard.
Partnerships
It is clear that no one country, nor one service provider can provide a solution to the issues that arise in relation to unwanted and hazardous electronic messages.
In 2006 the OECD issued an' Anti-Spam Toolkit' as the first step in a broader initiative to help all policy makers, regulators and industry players orient their policies relating to spam solutions, and to restore trust in the Internet and email .
The ITU has also called for a multi faceted approach to effectively fight spam, noting that prevention, consumer awareness, filtering techniques and national laws will be of little use if effective international cooperation is not developed.
In this regard, the ITU notes that international cooperation, which includes bilateral and multilateral agreements, has two objectives:
- to promote the adoption of appropriate and harmonized anti-spam legislation in countries which do not yet have it; and
- to encourage cooperation among countries, in order to tackle the problem of spam comprehensively and to ensure effective enforcement of applicable rules.
In the Asia Pacific Region, the Hong Kong Government' s Commerce Industry and Technology Bureau joined eleven agencies in the region in 2005, to become founding signatories of the 'Seoul – Melbourne Multilateral Memorandum of Understanding on Co-operation in Countering Spam'.
The purpose of the memorandum is to encourage closer cooperation among the signatories in minimising spam that originates or passes through each region, and that is being sent to end-users in the regions.
The signatories agree to encourage the exchange of information on technical, educational and policy solutions to the spam problem in accordance with the relevant laws and regulations of each region and on the basis of equality, reciprocity and mutual benefit.
Conclusion
While there is still a common refrain heard from consumers of“don't call me, I'll call you!”, there is also a much more vocal and desperate cry of “don't come in!”
This reflects the even bigger problem of criminals infiltrating computers and using networks of "borrowed" computers called 'botnets' .
These 'zombie computers' are infected with viruses that hand control of the computer to the criminals; and the infections are usually delivered via spam.
Internet pioneer Vint Cerf has reckoned that up to a quarter of all computers on the internet are already part of botnets, and their owners are unaware of this fact. For example, the 'Kraken' botnet in April 2008 consisted of 495,000 zombie computers capable of sending 9 billion spam messages a day. The amount of spam received each day varies as new botnets come online or are dismantled, or as criminals learn new tricks to try and fool spam filters.
One reason why these computer burglars are able to get inside is not only because consumers are not vigilant enough to maintain adequate software, or that criminals are one step ahead of the industry. Consumers who purchase pirated software are also unwittingly increasing the problem. One estimate has it that 50% of all pirated versions of Windows, for example, come with preinstalled Trojan horses .
There seems to be no end to the problem of spamming, and solutions from industry seem to be more of the same, i.e., developing even stronger firewalls. There are even calls for a completely new Internet to be built, based on a different platform that will be more amenable to constructing more efficient firewalls to prevent access to unwanted callers .
Our experience in Hong Kong has led us to believe that while there is a lot that government can do in providing legislative protection, education, and cooperation with other countries to coordinate government policies, the market for Internet services, software and spam filtering measures also has a major role.
To my mind, the amazing thing is that regardless of the ease by which threats are repeatedly made to the integrity of the Internet, the marketplace continually seems to find solutions; even if they are short lived.
As consumer advocates, who play an important function in maintaining the integrity of the free market, we have a role to make sure that the market works effectively so that solutions keep coming.