Spam laws fail to measure up

Microsoft's civil case highlights shortcomings of anti-spam legislation

Microsoft has bypassed criminal anti-spam laws and reached an out-of-court settlement with a UK spammer after bringing a civil case against the man for breach of Hotmail terms and conditions.

Spam laws introduced in 2003 have yet to produce a single criminal prosecution, and critics say this case highlights the alternative routes businesses are having to take to combat the problem.

Figures from campaign group Spamhaus show almost 75 per cent of all email is now spam.

Microsoft told Computing it agreed a £45,000 settlement with Manchester resident Paul Fox after charging him with Trespass of Goods and breaching the Privacy and Electronic Communications Act, and Hotmail regulations.

Microsoft’s Paul Thomas says Fox’s spamming was widespread and sophisticated.

‘His campaign hit 70 Hotmail spam traps with over 250 emails a day,’ said Thomas. ‘We traced it based on the body of the email and header information, the URL and the web site involved.’

The Information Commissioner’s Office (ICO), which is responsible for spam enforcement, told Computing it has insufficient power to prosecute offenders.

James Ford, spokesman for Information Commissioner Richard Thomas, says most spam comes from overseas and falls outside the department’s jurisdiction.

‘The powers provided by the Privacy and Electronic Communications Act are not sufficient,’ he said. ‘We are in continuing discussions with the DTI to improve these powers.’

But Fox was using UK servers, and would have been criminally liable under UK law.

John Halton of law firm Cripps Harries Hall says criminal legislation is still important, even if spammers can be prosecuted by other means.

‘UK anti-spam legislation is a bit toothless,’ he said. ‘This would be a more immediate way of prosecuting him. There would not always be a contract as there was in the Microsoft case, so that’s why a general law is needed.’

Carole Theriault of security vendor Sophos said: ‘This is probably the easiest way Microsoft could have gone after this person.’

What do you think? Email us at [email protected]