Canada’s anti-spam legislation took effect at the beginning of the month, sparking a steady stream of critical opinion pieces calling it everything from an absurd solution to a mostly non-problem to “ludicrous regulatory overkill.” The criticisms generally boil down to three claims: spam isn’t a big problem, the law is ineffective because most spam originates outside Canada, and the law is overbroad because it targets legitimate businesses alongside fraudulent spammers. I think all three criticisms are wrong. This post addresses why spam is still a problem and how the law will help. A second post tomorrow tackles the broad scope of the law, arguing that it is better understood as privacy legislation that fairly apportions the costs associated with electronic marketing.
Spam is Still a Problem
As spam filters have improved, many apparently no longer see spam as a significant problem. Yet the data confirms that there is still an enormous amount of spam that comes at real cost. Recent estimates indicate that there are roughly 80 billion spam messages sent daily, meaning that spam represents more than 70% of all email traffic. While there are varying estimates on the economic cost of spam, a 2012 study by Rao and Reiley conservatively placed the cost at roughly $20 billion per year. Given that spammers bear little of the cost of their marketing and earn only a fraction of the costs back in revenue, the authors estimate that the cost of spam to consumers outweigh the social benefits by an order of 100 to 1.
The cost of spam extends far beyond the expense associated with filtering it, transferring it, downloading it, and deleting it. There are additional costs that extend to all businesses, since spam undermines consumer confidence in electronic commercial messages more generally, making them less likely to be opened, believed or acted upon. Spam filtering has become a necessity, but an unwanted effect is that it decreases the reliability of email, since false positives invariably lead to some legitimate messages ending up in the junk folder (which require users to spend time reviewing the spam or simply accept that some messages will not get reach their intended destination).
Further, fraudulent spam results in real harm, leading to actual consumer losses (studies indicate that billions are lost each year just from 419 scams). Despite all harms, until last week, Canada was one of the only major economies in the world without anti-spam legislation. In fact, the new Canadian law identifies 118 other countries with spam laws that address similar conduct.
The Effectiveness of the Law
Critics argue that since the majority of spam originates outside the country, the Canadian anti-spam law will be ineffective in curtailing spam that reaches Canadian in-boxes. It is certainly true that the law will not eliminate all spam. No law alone does and no one has ever credibly suggested otherwise. However, most analysis – including the 2005 National Task Force Report on Spam that had marketing and business representatives and unanimously recommended opt-in anti-spam legislation – has concluded that law is an integral part of the solution.
The notion that Canada can do little to address global spam so it should not bother with domestic anti-spam laws sounds oddly reminiscent of global warming critics, who similarly argue that Canada is responsible for a small fraction of greenhouse gases and therefore any Canadian emissions limitations will not have a significant impact on a global problem. Yet most now accept that everyone must do their part to preserve the real-space environment and the same is true for the online environment.
In fact, Canada’s role in global spam is larger than most might think. The Register of Known Spam Operations is a database of the world’s largest spamming organizations, identifying just over 100 groups responsible for 80% of all spam worldwide. The list currently identifies seven organizations based in Canada, making us the third largest home of spamming organizations in the world, behind only the United States and Russia. It is unclear why spamming organizations have chosen to establish themselves in Canada, though the longstanding absence of any anti-spam law may have been partly to blame.
What makes the list particularly remarkable is that we know where the organizations are (others such as Montreal’s Adam Guerbuez – who faced an $873 million judgement for spamming on Facebook – actively blog and promote themselves), yet have not had the legal tools to do much about it. In fact, organizations such as MAAWG, which brings together the global anti-spam and anti-spyware industry, has been supportive of the legislation specifically because it will allow for improved information sharing and global enforcement activities.
The effectiveness of the CRTC’s enforcement of the law remains to be seen, however, the experience elsewhere suggests that laws with tough penalties can reduce domestic-originating spam. Taking action against Canadian-based spammers would be a good start, but it only scratches the surface of the broader impact of the law. Beyond targeting the most harmful spam, the new law is fundamentally privacy legislation that seeks to recalibrate who bears the costs associated with the use of personal information in the digital environment. More on the privacy side of the law in a post tomorrow.