Centre considers law against spam through new legislation
The Indian government plans to introduce provisions in the Digital India Bill that would hold companies accountable for unsolicited commercial email and other electronic messages. The move aims to curb spam, which currently accounts for nearly half of all global emails. The provisions will likely include penalties for violations and may extend to communications sent over WhatsApp. The government is studying international laws but acknowledges that enforcement will be crucial in deterring spam. Filtering technologies have been the most effective means of combating spam so far.
The Union government is planning to include provisions that make companies liable for unsolicited commercial email and other types of commercial electronic messages, people familiar with the matter said, in what will be the first time the country legislates against the problem of unsolicited communications or spam.
The government is studying a number of international laws for the purpose, although these have mostly been ineffective in combatting the problem due to the spammers often operating outside of jurisdictions. The move, nonetheless, is likely to create a strong disincentive for Indian companies to send spam.
“The issue of unsolicited messages has not been addressed by the IT Act. The new Digital India Bill will aim to address the issue,” the official said, asking not to be named. The provisions will likely include penalties for violation, this person added.
Latest assessments by cybersecurity companies peg spam at close to half of all emails sent globally. According to a 2013 research paper published by the Institute of Electrical and Electronics Engineers, spam accounted for 10% of all emails sent in 1998. While this number dipped in the early 2010s due to improvement in spam filtering technologies by email providers, the problem has now resurged. In its latest assessment, cybersecurity firm Kaspersky found that 48.63% of all emails sent in 2022 was spam, and close to 30% of all spam originated in a single country: Russia.
According to an official familiar with the matter, the category of spam will be clearly defined in the law, which is still in its draft stages, and it could extend to communications sent over WhatsApp. “The draft is being finalised and categories of different electronic messages will be defined as the law is floated for public consultation. Email spam messages are one example, WhatsApp messages which too are electronically transmitted are also being considered. The issue of whether outside spam messages will be included will need extra modalities which are being considered,” the official added.
Among the laws the government is studying is Australia’s Spam Act from 2003.
To be sure, the Australian law, like the United States’s CAN-SPAM Act and Canada’s Anti-Spam Legislation (CASL) have been insufficient in combating the problem, with all of them drawn up prior to 2010.
These laws contain punitive measures on any entity established to be sending spam within their legal jurisdiction. For instance, the US law states that “each separate email in violation of the law is subject to penalties of up to $50,120, and more than one person may be held responsible for violations.”
That law also makes both the company, whose product is promoted in the message, and the company that originated the message, legally responsible. “Email that makes misleading claims about products or services also may be subject to laws outlawing deceptive advertising, like Section 5 of the FTC Act,” the US CAN-SPAM Act states.
The existing global regulations typically require senders to obtain explicit consent from recipients before sending commercial messages, provide clear opt-out mechanisms, and enforce penalties for violations.
Experts said legal punitive provisions for spam were much needed but added the crucial detail will be in enforcement. According to NS Nappinai, founder of Cybersaathi and a Supreme lawyer, “Introduction of such provisions to penalise spam would be most welcome. Enforcement of such provisions however would be the more important process. Mere laws have proven insufficient across jurisdictions. Demonstrable enforcement would only ensure possible deterrence.”
The only measures established to have worked against countering spam have been filtering technologies that detect legitimate email messages and those that fall within the wide umbrella of spam.
In 2019, the last time Google shared an update on the problem, the company said it was blocking 100 million spam messages from Gmail, which at the time had 1.5 billion individual and 5 million business users.