[LINK] RFI: Help re SPAM Privacy Laws

Roger Clarke Roger.Clarke@xamax.com.au
Mon, 17 Feb 2003 15:28:19 +1100

Maybe someone else can offer a better, or enhanced, answer to this question.

>I hope you can help me.  In [an Australian newspaper] last Saturday 
>I got an email address in regards to a company searching for a new 
>employee.  My letter to this company was to offer the opportunity to 
>service this company to supply a product that was stated in the ad 
>for the potential employee.
>This company came back in an email address saying that we are not 
>allowed to do this and that they will be redirecting this kind of 
>email to appropriate authorities including ORB.
>I'm not out to cause trouble, nor is my company, but I found your 
>web site with this contact email address.  Can you help?  I believe 
>that privacy laws have come into effect so private information can't 
>be sold and to protect private information, so how is something like 
>this supposed to be illegal if they printed their email address in 
>the newspaper in the first place?
>I am really wanting some confirmation that we havn't done anything 
>wrong in regards to privacy laws in this instance.  Also what is ORB?

As I understand it, the email-address you sent to is that of a 
company.  If so, then the privacy laws aren't in play, because the 
data of a company is not covered under privacy law.

(If the email-address is that of a person, including an 
unincorporated buiness enterprise, then you might well be in breach 
of the privacy law.  The purpose of their publication of the 
email-address seems to have been pretty clear, and the purpose for 
which you used it was pretty clearly not a purpose for which it was 
published.  That said, that law is such a huge mess that I doubt if 
anyone knows the answer to that question).

There is not, to my knowledge, any Australian law that renders spam 
illegal.  From the consumer's perspective, it would be nice;  but 
it's difficult to come up with a law that would be enforceable, and 
which wouldn't cause a huge amount of 'collateral damage'.  NOIE has 
been examining the question with care:

Because spam is rampant, ISPs have sought ways of protecting 
themselves and their clients.  This involves blocking known sources 
of spam.  This of course also involves considerable 'collateral 
damage'.  ORB has been one such collaboration.  It focusses on one 
particular problem:  ISPs that have a particular kind of security 
weakness which enables bulk spam to be sent through them.  ORB has 
copped a fair amount of flak (because of the collateral damage), and 
I think it's now operating from http://ordb.org/.  But there are 
several other services of consequence.

If the company reported you, and if the service you were reported to 
agreed that your ISP should be listed, then that ISP could find that 
mail being sent by *all* of its clients is blocked by large numbers 
of other ISPs.  They wouldn't be very happy (the clients *or* the 
ISP).  You might or might not be in breach of your ISP's usage policy 
/ terms of contract.  If your ISP was hotmail, or indeed any other 
service that has been known to enable abuses in the past, then the 
implications could be pretty substantial.

This is not advice, of course, nor a careful analysis;  just some 
quick reactions to your question.  It's not advice, not only because 
you didn't pay for it;  but also because I don't have time to keep up 
with, and document, all of what goes on in this area.  My page at:
remains useful, but would need a lot of work to bring it up to date.

Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                 Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke@xamax.com.au            http://www.xamax.com.au/

Visiting Professor in the eCommerce Program, University of Hong Kong
Visiting Professor in the Baker Cyberspace Law & Policy Centre, U.N.S.W
Visiting Fellow in Computer Science, Australian National University