International Spam Enforcement Cooperation
On October 11, 2004, government and public agencies from 27 countries responsible for enforcing laws concerning spam met in London to discuss international spam enforcement cooperation. At this meeting, a broad range of spam enforcement agencies, including data protection agencies, telecommunications agencies and consumer protection agencies, met to discuss international spam enforcement cooperation. Several private sector representatives also collaborated in parts of the meeting.
Global cooperation and public private partnerships are essential to spam enforcement, as recognized in various international fora. Building on recent efforts in organizations like the Organisation for Economic Cooperation and Development (OECD) and the OECD Spam Task Force, the International Telecommunications Union (ITU), the European Union (EU), the International Consumer Protection Enforcement Network (ICPEN), and the Asia-Pacific Economic Cooperation (APEC), the Participants issue this Action Plan. The purpose of this Action Plan is to promote international spam enforcement cooperation and address spam related problems, such as online fraud and deception, phishing, and dissemination of viruses. The Participants also open the Action Plan for participation by other interested government and public agencies, and by appropriate private sector representatives, as a way to expand the network of entities engaged in spam enforcement cooperation.
- The participating government and public agencies (hereinafter “Agencies”), intend to use their best efforts, in their respective areas of competence, to develop better international spam enforcement cooperation, and intend to use their best efforts to:
- Designate a point of contact within their agency for further enforcement communications under this Action Plan.
- Encourage communication and coordination among the different Agencies that have spam enforcement authority within their country or region to achieve efficient and effective enforcement, and to work with other Agencies within the same country or region to designate a primary contact for coordinating enforcement cooperation under this Action Plan.
- Take part in periodic conference calls, at least quarterly, with other appropriate participants to:
- Discuss cases.
- Discuss legislative and law enforcement developments.
- Exchange effective investigative techniques and enforcement strategies.
- Discuss obstacles to effective enforcement and ways to overcome these obstacles.
- Discuss undertaking, as appropriate, joint consumer and business education projects addressing problems related to spam such as online fraud and deception, phishing, and dissemination of viruses. Such projects could include educational efforts addressing conditions facilitating the anonymous delivery of spam, such as the use of open relays, open proxies and zombie drones.
- Participate as appropriate in joint training sessions with private sector representatives to identify new ways of cooperating and to discuss spam investigation techniques.
- Encourage dialogue between Agencies and appropriate private sector representatives to promote ways in which the private sector can support Agencies in bringing spam cases and pursue their own initiatives to fight spam.
- Prioritize cases based on harm to victims when requesting international assistance.
- Complete the OECD Questionnaire on Cross border Enforcement of Anti Spam Laws, copies of which may be obtained from the OECD Secretariat.
- Encourage and support the involvement of less developed countries in spam enforcement cooperation.The participating Agencies intend to keep information shared in the context of this Action Plan confidential when requested to do so, to the extent consistent with their respective laws. Similarly, the participating Agencies retain the right to determine the information they share under this Action Plan.
- The participating private sector representatives (whether as a group or through its members) intend to use their best efforts to develop public private partnerships against spam and to:
- Designate a single spam enforcement contact within each organization, who would coordinate with spam enforcement agencies on requests for enforcement related assistance
- Work with other private sector representatives to establish a resource list of individuals within particular sectors (e.g., Internet service providers, registrars, etc.) working on spam enforcement.
- Participate as requested and appropriate in segments of the periodic conference calls described in paragraph A.3 above for the purpose of assisting law enforcement agencies in bringing spam cases. (Because some calls will be focused solely on law enforcement matters, private sector representatives will participate only in selected calls.) In these conference calls, the participating private sector representatives intend to use their best efforts to:
- Report about:
- Cases involving spam or related matters.
- New technology and trends in email and spam.
- New ways of cooperating with Agencies.
- Obstacles to cooperation with Agencies and within the private sector.
- General data on spam and on line fraud as an early warning mechanism for Agencies.
- Assist as appropriate in training sessions on subjects such as the latest spam investigation techniques to help Agencies in investigating and bringing spam cases.In order to prevent inappropriate access to information, a private sector representative may be excluded from participating in all or a portion of the periodic conference calls described above if a participating Agency objects.
- Report about:
- Work cooperatively with Agencies to develop the most efficient and effective ways to frame requests for information. For this purpose, each participating private sector representative intends to use best efforts to compile written responses to the following questions:
- What kind of information do you provide about potential spammers to domestic law enforcement agencies and under what circumstances?
- What kind of information would you provide about potential spammers to foreign law enforcement agencies and under what circumstances?
- How do you recommend that spam enforcement agencies submit requests for assistance to you?
- In order to begin work pursuant to this Action Plan, the U.K. Office of Fair Trading and the U.S. Federal Trade Commission intend to use best efforts to:
- Collect and disseminate information provided pursuant to this Action Plan, including points of contact, notifications from new Participants of their willingness to endorse this Action Plan, and responses to questionnaires, in cooperation with the OECD.
- Set up the conference calls mentioned in paragraph A.3.
- Provide a contact for further communications under this Action Plan.The participating Agencies expect that this procedure may be modified at any time.
- This Action Plan reflects the mutual interest of the Participants in the fight against illegal spam. It is not intended to create any new legally binding obligations by or amongst the Participants, and/or require continuing participation.Participants to this Action Plan recognize that cooperation pursuant to this Action Plan is subject to their laws and their international obligations, and that nothing in this Action Plan requires the Participants to provide confidential or commercially sensitive information.Participants in this Action Plan intend to use best efforts to share relevant findings of this group with the OECD Spam Task Force and other appropriate international groups.This Action Plan is meant to be a simple, flexible document facilitating concrete steps to start working on international spam enforcement cooperation. It is expected that the collective work program under this Action Plan may be refined, and if necessary changed by the participants, as new issues arise.Additional Agencies, and private sector representatives as defined below, may endorse and take part in this Action Plan as long as no Agency that has endorsed this Action Plan objects.”Private sector representatives” invited to participate in this Action Plan include financial institutions, Internet service providers, telecommunications companies, information security software providers, mobile operators, courier services, commercial mail receiving agencies, industry membership organizations, consumer organizations, payment system providers, credit reporting agencies, domain name registrars and registries, and providers of alternative dispute resolution services.
Presentation on the London Action Plan
by Wout de Natris
at the Council of Europe in Strasbourg
June 12, 2007