The Hong Kong Government should be appreciated for its determination to combat spam.

It has conducted a public consultation on whether Hong Kong should have an anti spam legislation since 04/06; announced in 02/05 our multi pronged anti spam package of measures, the “STEPS” campaign, under which we will introduce such a legislation (the last “S” of “STEPS” stands for statutory measures); and the latest action being its revelation on 11/7/05 of the draft anti spam legislative framework (“Draft Framework”) for public discussion.

The writers have acted on behalf of certain local IT associations as legal advisers to respond to the Government throughout the above process and have studied the anti spam legislation of some major overseas jurisdictions, such as Australia, UK, US, S. Korea and Japan together with Singapore’s latest 05/04 Proposed Legislative Framework For the Control of E-mail Spam.

In summary, however, we find the proposed origin test to identify spammers and the weak and circular enforcement mechanism in the 11/7/06 Draft Framework to offer insufficient redress to spam victims.

As regards the origin test for UEMs (unsolicited electronic messages), the Draft Framework proposed that the anti spam legislation will apply to the act of sending UEM if the UEM initiator or his agent commissioned to send the UEM is “physically in Hong Kong”, irrespective of where the sending server is located or where the spammer targets.

The above test means that the spam initiators can cleverly avoid the Hong Kong anti spam jurisdiction if they arrange themselves and their agents not to be physically in Hong Kong. Under this arrangement, spam victims may continue to receive spam in Hong Kong. This test does not address a principal spam issue which must be to protect spam from being sent from or received in Hong Kong.

We are in favor of the Singapore’s origin spam test which is exactly on the spot ie where spam (*) is originating from or received in Singapore. Although where Hong Kong/Singapore business arranges for spam to be sent from overseas, both legislations may apply, Singapore’s proposal directly addresses the issue and it will enable their legislation to apply notwithstanding the overseas source of the spam. *: Form of spam for Singapore’s proposed legislation, like USA and Japan’s legislation, is limited to unsolicited commercial email only whilst Hong Kong has the broadest proposed coverage, even amongst the multi form spam definition jurisdictions of S. Korea, UK and Australia, to cover all unsolicited commercial electronic messages including fax, SMS/MMS and all messages generated by automatic means in addition to email.

The weak enforcement mechanism coupled with slim rights granted to spam victim set out in the Draft Framework are most disappointing for spam victims.

Specific enforcement and sanction for sending UEMs depend on which of the three groups of prohibited activities, categorized according to the degree of seriousness, the act falls into. OFTA (for the less serious Groups 1 and 2) and police for Group 3 (deliberate spamming with clear criminal intent) are the proposed enforcement agents.

Spam victims has no individual nor direct right to commence legal proceedings against spammers for sending UEMs which enforcement agents exclusively hold the golden key.

Therefore, the poor spam victims are left in a chicken and egg dilemma all beyond their control: their fundamental wish to seek relief from spammers cannot materialize until the Governmental enforcement agents, with no identified additional investigatory powers, resources or expertise under the Draft Framework, choose to pursue the spammers in court and if the court convicts the spammers. This can be too uncertain and too long a wait for many.

Unless with sufficient resources and investigatory powers, it is doubtful if the proposed enforcement agents, may it the police or OFTA, will be able to take up an active primary role in pursuing spammers. Hong Kong should consider setting up designated/special task force to combat spam e.g. Canadian Spam Task Force and Australia's Telecom Authority with wide investigatory powers.

The Government’s rationale is that victims generally do not have the resources to carry out investigations and bring actions to court. This is not the right reason to bar victims from being able to pursue spammers. We suggest the Government to consider the UK’s anti spam legislation where individual right to sue is granted or at least consider giving ISPs the right to sue spammers, which is supported by the USA, New Zealand and Singapore governments. We further suggest that spam victims should be given the right to apply to court for an injunction to stop the spamming activities. A person in breach of the injunction can be dealt with for contempt of court.

Our concern over the weak enforcement intensified because the above litigation arrangement is said to follow that in the Personal Data Privacy Ordinance which has sparing convictions to date.

With the suggested adoption of the “opt out” regime under the Draft Framework such that it is legal to spam until recipients request to stop but without giving direct right to bring action for spamming to victims and having regard to the fact that only about 5% of the spam emails originating from Hong Kong (source: 12/2003 HKISPA survey), there are legitimate concerns that the proposed anti spam legislation may not offer much help in combating spam in reality.