Legally regulating spam

Due to limitless potentials and government's patronisation in line with the vision of 'Digital Bangladesh', burgeoning scale of ICT-based products and applications are regularly entering to the market. Though millions of Bangladeshis have been enjoying the benefits of various ICT products and applications both online and offline, they are simultaneously the potential targets of intruders in the name of digital marketing. With this, in the name of various promotions and services, the unwanted calls and SMSs from different corners, including the service providers, are genuine concerns in the peaceful enjoyment of citizen's constitutional right to life.

The word 'spam' is used to refer to these unwanted commercial messages and calls. In 1978, a marketing representative sent the first spam e-mail to about 400 people of US Advanced Research Projects Agency Network (ARPANET) containing the marketing information of a new computer. After that, spamming has turned to be an industry since when Internet was made available for the public. In 2005, more than two-thirds of all emails transmitted over the Internet were spam emails, today it is at least 70% of all emails which cost billions of dollars annually by way of productivity loss worldwide.

Marketing and promotional activities using e-mail addresses and phone numbers are preferable over print media as it is found to be cost effective since using this technique a wider community can be reached out by spending small or no amount of money. The first generation spams usually contained purely commercial messages, whereas recent spams frequently contain different kinds of spywares and malwares embedded in web links in message text or in attachments that may make the receiver a prospective victim of many other cybercrimes. Thus, the problems caused by spam can range from simple annoyances to significant security issues.

Though the business community enjoys the constitutional freedom of trade and business, circulation of spam is a clear violation of individual's constitutional and fundamental right to privacy. The severity and the extent of problems caused by spams both to users and organisations have compelled many countries to regulate them by way of specific law or by introducing amendments in the existing IT and telecommunication laws.

A cursory view of these laws will reveal that while sending spams is not prohibited entirely, unsolicited commercial message senders need to comply with some requirements before sending such emails and messages. Such requirements include provisions like message to be sent to anyone voluntarily willing to receive such message, i.e. message cannot be sent by purchasing the personal information like e-mail address or phone number of the receiver, clear information about the details of sender including physically located valid postal address, reflection of content of message in the subject line of the message, option to unsubscribe freely, prohibition on collection of other personal information, and implementation of the unsubscribe requests immediately, etc. Countries with the specific law on the personal information or data protection have introduced another innovative mechanism, i.e. 'Do Not Call Register' using which an individual can register her phone number and e-mail address to indicate her willingness and unwillingness to receive customised marketing calls or emails. Failing to comply with these requirements may lead to civil and criminal sanctions.

Section 54(1)(h) of the ICT Act, 2006 provides that generation of spams or sending of unwanted e-mails without the permission of the subscriber for the purpose of advertisement of goods and services is an offence for which a person can be punished with imprisonment for ten years or fine up to five lakhs taka. It can safely be doubted about the proper implementation of this provision as netizens have been receiving unsolicited messages every day. Absence of subsidiary legislation under the ICT Act of 2006 specifying the procedural and substantive aspects on spamming can be a reason behind such scenario.

The government has developed the Information Security Manual, based on International Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, which contains some isolated provisions on spam. However, this Manual is intended only for government unclassified systems and information. The government is also in the process of developing the E-Mail Policy, containing one single reference on spam, for the primary use of all government, semi-government, autonomous, semi-autonomous, and statutory organisation of Bangladesh excluding the national security organisations, law enforcement agencies, financial institutes and Bangladesh missions in abroad. Thus, it is evident that the inherent intentions to develop these documents are primarily to serve different purposes other than spam regulation.

As the country is approaching to celebrate the first decennial anniversary of 'Digital Bangladesh' vision, it is significant that the regulators consider to come up with some hard law rules or soft law guidelines. Bearing in mind that many enthusiastic technopreneurs and start-ups have been providing e-mail marketing solutions commercially, such an instrument on spam has the prospect to assist them to run their business in compliance with the legal rules and to protect the private individuals and organisations from receiving disturbing commercial emails, calls and messages simultaneously. Apart from introducing such legal instrument, it is important to run massive campaigns to make the individuals aware of their online usage behaviour as e-mail addresses are unintentionally shared while posting messages in group mails. Online security being crucial for ensuring 'Digital Bangladesh' and spams usually contain security breaching elements, these should be regulated. Without delay!

The writers are Senior Lecturer in Law and PhD Candidate, University of Malaya, Malaysia respectively.