News

Second Reading Speech on the Spam Control Bill 2007 
Posted on Thursday, April 12, 2007 - 10:00 PM

Second Reading Speech on the Spam Control Bill 2007 by Dr Lee Boon Yang Minister for Information, Communications and the Arts in Parliament on Thurssay, 12 April 2007.

The test of the speech is below:

1. Mr Speaker, Sir, I beg to move, “That the Bill be now read a Second time”.

Introduction

2. Sir, digital communication is now an integral part of our lives, both at work and at home. We use email and sms routinely. For an increasing number of Singaporeans, email and sms are default modes of communication. They are personal, convenient, fast and offer global reach. These advantages also bring along a problem in the form of unsolicited emails and even sms-es. This problem arises when large amount of emails are sent indiscriminately, a practice known as “spamming”, causing network congestion, inundating users’ inboxes and impeding the effectiveness of email and mobile messages as instantaneous communication channels. Most of us would have received some form of unsolicited commercial electronic messages or “spam” either through email or mobile telephone messages.

3. The Infocomm Development Authority of Singapore (IDA) carried out a study1 in November 2003 and found that email spam caused Singapore users about $23 million in productivity loss. Users are burdened with the time-consuming task of separating the wheat from the chaff. The study further revealed that each of the three major local internet service providers (or ISPs) received close to 5,000 spam-related complaints a month. The users interviewed perceived email spam as the second most important concern after computer viruses. This concern has not changed over time.

4. However in this digital age, email and mobile messages are also important means of business communication for reaching external stakeholders such as customers and suppliers. In particular, electronic messages offer direct marketers an important and cost-effective means of reaching out to potential customers on a large scale. It is an important avenue for companies wanting to The study done in 2003 is only on email, not mobile market their products or services directly and cheaply to potential consumers.

Approach adopted

5. Sir, spam is clearly an emergent global problem. In the process of formulating our response to address the spam issue here in Singapore, my Ministry has carefully studied the approaches adopted in various major benchmark jurisdictions including the US, the EU, the UK, Australia, Japan and South Korea. We note that even among the more advanced countries there is currently no standard solution.

6. In addressing the spam issue, many countries have realised that several measures have to be deployed. We are no different from countries that have taken steps to deal with spam ahead of us. We also need a multi-pronged approach including public education, industry self-regulation, international collaboration and last but not least legislation.

7. Sir, users can play a part in dealing with the spam problem by installing anti-spam filters and firewalls on their personal computers to filter out undesirable spam and to prevent spammers from turning vulnerable computers into spamming machines.

8. On the industry action front, IDA has worked with the Singapore Infocomms Technology Federation (SiTF) on public education efforts to raise public and industry awareness on spam and how to mitigate its impact. Industry-wise, IDA is also working with the ISPs to set up self-regulation frameworks and the Direct Marketing Association of Singapore (DMAS) to formulate anti-spam and email marketing guidelines.

9. In the area of international collaboration, in 2004, Singapore joined 26 countries in an exercise to reduce the flow of spam internationally. Currently there are ongoing informal international collaborations between ISPs to address spamming incidents. 10. To strengthen the multi-pronged approach to combat spam, IDA conducted extensive public consultations in 2004 and 2005 with both the industry and the public on the proposal to enact legislation to deal with spam. A total of 90 responses were received during the two public consultations. These public responses provided the support and contributed input for MICA to formulate the Spam Control Bill before the House today.

Spam-Specific Legislation

11. Sir, besides the importance of public education and industry efforts to curb spam, an anti-spam legislation is needed to discourage the proliferation of email and mobile spam. Members of the House may ask whether we need such legislation when we already have the Computer Misuse Act and Telecommunications Act. These existing laws govern serious and malicious offences such as denial-of-service attacks and severe disruptions to telecommunications infrastructure. The typical volume of email and mobile messages generated by spammers usually do not result in such severe breakdown of services. Hence existing laws are not appropriate instruments to use against spam. A more focussed approach is needed to signal that spamming is socially unacceptable and to preserve Singapore’s status as a trusted infocomm hub for businesses and consumers.

12. I must however emphasise that this Bill is not a magic bullet to eradicate all spamming activities overnight. The IDA’s 2003 study showed that 4 out of every 5 spam received locally originates overseas. Our laws would thus only have a limited effect in addressing this problem. However, this does not mean that we should do nothing. By putting in place this spam control legislation, my Ministry is not only acting to deter international spammers from exploiting Singapore’s world-class telecommunications infrastructure as a base for spamming, but we are also stating clearly and unambiguously that Singapore is ready to address the global problem of spam in concert with other advanced infocomm nations of the world.

Details of the Bill

Defined Scope

13. Sir, please allow me now go into the details of the Bill. The Spam Control Bill seeks to prevent local spammers from abusing direct marketing mechanisms. The Bill sets out basic requirements for legitimate direct electronic mass marketing, and provides civil recourse for any affected persons against illegal spam with a Singapore link. A Singapore link exists, as stated in Clause 7 of the Bill, when for instance the message originates in Singapore, or if the recipient of the message is physically in Singapore.

14. Apart from email messages, the scope of the Bill also covers SMS (Short Message Service) messages and MMS (Multimedia Messaging Service) messages sent to a mobile telephone number. Given that the mobile telephone in today’s context is a personalised device, mobile spam can be more intrusive than email spam. This was made quite clear during the public consultation on spam. Fortunately, mobile spam is currently not a major problem in Singapore. However, consumer complaints have arisen from time to time to suggest that this channel could potentially be abused. Today, we have very high mobile phone penetration rate in Singapore and the likelihood that the economics of sending SMS and MMS in bulk for marketing purposes may become increasingly cost-effective in the future. This suggest that we should address the problem of mobile spam proactively. The inclusion of mobile spam within the scope of this legislation aims to promote the responsible use of mobile messaging services and stave off the undesirable proliferation of mobile spam in the future.

Definition of spam

15. Part I of the Bill defines spam. A message is “spam” when it is an unsolicited commercial electronic message sent more than 100 times, with the same or similar subject-matter, during a 24-hour period, or more than 1,000 times during a 30-day period, or more than 10,000 times during a one-year period.

16. In setting the threshold figures cited above, there is a need to balance the concerns of the individual consumers versus legitimate marketing needs of businesses. Although on the individual basis, users are unlikely to receive this volume of spam within the period stipulated, collectively, at the ISP or organisational server level, the threshold figures do represent practical levels for intervention if warranted. This is also in recognition that while an individual user can simply ignore and delete spam messages in his inbox, the ISPs and organisations may incur costs to handle a huge volume of spam on a regular basis.

Proposed spam control measures

17. An opt-out approach is adopted under the Bill as it balances the need of companies and marketers to send unsolicited messages for business reasons. An opt-in approach was also considered by my Ministry but this was not adopted because of industry feedback received during public consultation which indicated that it would impose an additional burden on legitimate businesses, especially SMEs, while not significantly improving the situation for spam recipients. This is because most of the email spam we receive originates from overseas. Total prohibition of unsolicited messages disadvantages our local direct marketers and businesses without eradicating the spam problem or effectively stopping foreign spammers.

18. In order to balance between consumer interests and industry needs the Bill will require that each message contains a valid unsubscribe facility, an ‘<ADV>’ label to mark it out as an advertisement, accurate header information or subject titles and functional contact details of the sender. These requirements are stated under the Second Schedule of the Bill.

19. The unsubscribe process has been structured to be consumer-friendly so that even individuals who receive small volumes of spam have a means of recourse, without resorting to legal action. The Bill makes it mandatory for senders to allow recipients to unsubscribe via the same medium through which the spam was received. This ensures that unsubscribing from spam can be done easily and conveniently by replying to an email or SMS.

20. The sender is also prohibited from making the unsubscribe request a paid service. Likewise, the information contained in the unsubscribe request cannot be disclosed without the prior consent of the individual. Upon receipt of the unsubscribe request, the sender has 10 business days to cease sending further unsolicited messages to the individual concerned.

Dictionary Attacks & Address Harvesting

21. Clause 9 of the Bill strictly prohibits the use of Dictionary Attacks and Address Harvesting Software to send spam. Spammers use such methods to generate or obtain large numbers of email addresses and mobile telephone numbers. In doing so, they can cause disruption to the recipient organisations, such as ISPs, operators of email servers and mobile telephone service providers. These recipient organisations may incur substantial costs to receive and process the huge volume of spam messages. Hence such methods are strictly disallowed.

Legal Action under the Bill

22. Part IV of the Bill describes the legal action that can be taken by affected parties against spam sent in contravention of any requirement in the Bill. Aggrieved individuals or companies may be awarded an injunction, damages or statutory damages. Statutory damages of up to $25 per message sent and not exceeding $1 million in total could be imposed. If the plaintiff is able to prove that he suffered greater loss, he could opt to sue for actual damages instead. In addition, the court may order the defendant to pay the plaintiff’s legal costs and expenses resulting from the proceedings.

23. Members may ask why my Ministry has chosen not to make spamming a criminal offence. Notwithstanding the inconveniences that spam brings, spammers generally do not act with malicious intent. Furthermore, in the international best practices which my Ministry had studied, no other jurisdictions have criminalised the act of spamming per se. While some overseas spam legislation may contain criminal provisions, these are primarily linked to criminal offences committed online. For instance, the US treats spam with fraudulent intent as criminal acts. In Singapore, spam sent with a fraudulent or malicious component that results in a denial of service is also criminalised under the Computer Misuse Act. The Spam Control Bill should not be viewed in isolation, but rather, as an addition to our total legislative framework against technology abuses.
Other Provisions

24. Part V of the Bill empowers the Minister to amend any Schedule by an order published in the Government Gazette. This would allow for an expeditious modification of guidelines relating to the unsubscribe facility and labelling requirements when required. The Bill also provides for the industry groupings to self-regulate by issuing codes of practice with the approval of IDA.

25. The First Schedule of the Bill exempts from the regime authorised messages sent by the Government or a statutory body during a public emergency, in the public interest or in the interests of public security or national defence. This provision ensures that essential public messages during a time of crisis may be transmitted effectively and expeditiously without being impeded by legislation, in the interests of public safety and well-being. This mirrors similar provisions found in the Telecommunications Act and the Broadcasting Act.

Conclusion

26. Sir, the Spam Control Bill is aimed at reducing the spam problem in Singapore and preventing spammers from abusing our world-class communications infrastructure to turn Singapore into a spammers’ haven. Spam is an issue that transcends national borders requiring international collaboration to effectively curb this abuse. This Bill represents Singapore’s efforts in doing our part as a member of the global community to address the spam issue.

27. This Bill taken together with on-going public education and concerted industry efforts to address the spam problem as well as our other laws on technology abuses will contribute to a holistic approach to address this growing problem.

28. Sir, I beg to move.