OECD Workshop on Spam - Brussels, Belgium - 2-3 February 2004

ANNOTATED PROGRAMME

For a PDF version of the Report of the Workshop, click here.

Day 1 - Monday, 2 February 2004

09.00-9.30 - WELCOME AND INTRODUCTION

• Commissioner Erkki Liikanen, Enterprise and Information Society, European Commission
• Mr. Herwig Schlögl, Deputy Secretary General, OECD
  

09.30-11.00 - SESSION 1: UNDERSTANDING SPAM

Session 1 Chair: Mr. Andrew Konstantaras, Internet Law and Policy Forum

Although spam has become an everyday feature of online life, there is no widely accepted definition of spam. Spam varies greatly in content, form and originating source. It ranges from advertisements for goods and services, to the promotion and distribution of adult content and illegal material, to solicitations for fraudulent schemes. As spam is carried over global networks it can originate from any country in the world where there is Internet access.

In Part 1 of this session, government, consumer and industry representatives will identify the common characteristics of spam in an attempt to improve our understanding of the problem. Specific questions to be addressed include:

1. What is spam and how does it differ from legitimate e-mail marketing?
2. What are the most common types of spam messages?
3. Who is sending spam and from where?
4. How do consumers perceive spam?

• Speaker 1: Mr. J. Howard Beales, III, Federal Trade Commission, United States
• Speaker 2: Mr. Patrick von Braunmühl, Federation of German Consumer Organisations
• Speaker 3: Mr. Charles A. Prescott, The Direct Marketing Association, Inc.

Panel discussion between the speakers above and the panellists below, moderated by the Session 1 Chair

• Panellist 1: Mr. Kazuyoshi Maekawa, Fujitsu Ltd.
• Panellist 2: Mr. Eric Walter, Office du Premier ministre, Direction du développement des medias, France

11.00-11.30 - Refreshment

11.30-12.30 - SESSION 1: UNDERSTANDING SPAM (continued)

Part 2 of this session will focus on current efforts to measure spam and its rate of growth. Such efforts are important in order to determine the effectiveness of anti-spam measures. This part of the session will outline existing approaches to measuring spam and evaluate their accuracy and reliability. It will also discuss whether more work in this area would be useful, keeping in mind the challenges posed by varying definitions of spam.

• Speaker 4: Mr. Enrique Salem, Brightmail
• Speaker 5: Mr. Jean-Marie Nivlet, Office du Premier ministre, Direction du développement des medias, France
  

Panel discussion between the speakers above and the panellists below, moderated by the Session 1 Chair

• Panellist 3: Mr. Isao Kasubuchi, Ministry of Economy, Trade and Industry, Japan
• Panellist 4: Mr. Duck-Kyu Joo, Korea Information Security Agency, Korea
  

12.30-14.00 - Lunch hosted by the European Commission

14.00 15.30 SESSION 2: ECONOMIC AND SOCIETAL IMPACTS OF SPAM

Session 2 Chair: Commissioner Mozelle W. Thompson, Federal Trade Commission, United States, Chair of the OECD Committee on Consumer Policy

Spam impacts all categories of Internet users, from individuals, to businesses and governments, as well as network administrators and service providers. It imposes significant costs, both economic and societal, on each of these categories. Every day users and network administrators waste valuable time managing and deleting unwanted messages. This results in lost productivity, higher access charges, and a drain on technical support services. Spam consumes resources, such as network bandwidth, storage space, and computing power, without compensation or consent. Spam also poses serious threats to network security and the reliability of Internet communications. It results in system crashes and is being increasingly used as a vehicle for the spread of computer viruses and worms. Furthermore, the content of spam is often illegal, fraudulent or deceptive, resulting in economic losses and distress to consumers. Finally, the practice of spamming and, in particular, the manner in which e-mail addresses are collected or sold raises a number of privacy concerns. Overall, these problems lead to a loss of consumer trust and confidence in the Internet online marketplace and negatively affect the growth of the digital economy.

This session will explore these and other costs associated with spam, keeping in mind the principles of consumer protection, privacy protection and network security, as set out in various OECD guidelines. Particular issues to be highlighted include:

1. The impact of spam on individual recipients.
2. The impact of spam in the workplace.
3. The impact of spam on critical infrastructures and network security.
4. The impact of spam on legitimate online marketers.
5. The broader impact of spam on trust and confidence in the Internet and the growth of the digital economy.

• Speaker 1:  Mr. Marc Rotenberg, Electronic Privacy Information Center
• Speaker 2:  Mr. Dimitri Ypsilanti, OECD

Panel discussion between the speakers above and the panellists below, moderated by the Session 2 Chair

• Panellist 1: Ms. Dorothea Zechmann, T-Online International AG
• Panellist 2: Mr. Gianluca Esposito, Council of Europe
• Panellist 3: Ms. Katarina de Brisis, Ministry of Trade and Industry, Norway
• Panellist 4: Mr. Jeremy Beale, Confederation of British Industry

15.30-16.30 - SESSION 3: TECHNICAL AND BUSINESS ASPECTS OF SPAM

Session 3 Chair: Mr. Brian Stewart, Permanent Delegation of Australia to the OECD

The very low marginal cost of sending bulk e-mail means that spammers can make a profit despite extremely low response rates. Relying on tools such as automatic harvesting programs and dictionary attacks, spammers have developed numerous ways to collect and/or guess e-mail addresses. In addition, by relying on technical measures such as false headers, mail relays, and spoofing, spammers can obscure their identities making them difficult to locate and to be held accountable.

This session will examine the mechanics of these new technologies and the business models of spam. Setting the scene for the following session, there will also be an introductory discussion of technical measures that can be taken to counteract spam.

Key questions to be addressed include: 

1. How do spammers obtain e-mail addresses?
2. How do spammers remain undetected?
3. How is a spam business conducted profitably?
4. How are changing technologies leading to new opportunities for spam (e.g. spam via SMS or instant messaging)?
5. How can new technologies and policies lead to opportunities to stop spam and increase trust in e-mail?

• Speaker 1: Mr. David Jevans, Anti-Phishing Working Group
• Speaker 2: Mr. Kenichi Mori, NTT DoCoMo, Inc.

Panel discussion between the speakers above and the panellists below, moderated by the Session 3 Chair

• Panellist 1: Mr. George Mills, European Coalition Against Unsolicited Commercial Email (EuroCAUCE)
• Panellist 2: Ms. Fran Maier, TRUSTe
  

16.30-16.45 - Refreshment

16.45-18.00 - SESSION 4: TECHNICAL SOLUTIONS

Session 4 Chair: Mr. Wonki Min, Ministry of Information and Communication, Korea, Chair of the OECD Working Party on Telecommunications and Information Services Policies

Closely related to the previous discussion, this session will explore what individuals, businesses and ISPs can do at the technical level to combat spam. Speakers will describe existing different technical solutions, such as filtering and blocking programs. They will examine the effectiveness of these solutions and discuss the possibility of future solutions, such as structural changes to e-mail. In particular, the following questions will be addressed:

1. What kinds of tools are currently available at the end user and ISP level?
2. How effective have these tools been to date and how could their effectiveness be improved?
3. What are the disadvantages and problems associated with these tools (e.g. costs, false positives)?
4. How can further development and use of these tools be encouraged?

• Speaker 1: Mr. Christian Rogan, MessageLabs Ltd.
• Speaker 2: Mr. Stephane Marcovitch, EuroISPA
• Speaker 3: Ms. Lori Friedman, AOL (UK) Ltd.

Panel discussion with above speakers, moderated by the Session 4 Chair

18.00-19.30 - Cocktail hosted by the European Telecommunications Network Operators' Association

Day 2 - Tuesday, 3 February 2004

08.30-10.45 - SESSION 5: REGULATION AND SELF-REGULATION

Session 5 Chair: Mr. Michael Geist, University of Ottawa

More and more OECD member countries have laws in place that directly or indirectly regulate spam. Specific anti-spam laws generally either impose labelling requirements; prohibit the transmission of bulk or commercial messages without the consent (opt-in or opt-out) of the recipient; or ban the use of “spamware”. In addition to regulatory approaches, a variety of self-regulatory measures are being put in place by industry groups. For example, a number of online marketing associations operate opt-out lists for users and have developed voluntary codes of conduct for their members based on permission-based marketing. Similarly, mobile telecommunication associations are implementing self-regulatory codes setting acceptable standards for marketing to wireless mobile devices.

This session will describe and discuss existing regulatory and self-regulatory efforts to combat spam, with particular attention to the international dimension of these measures. Specific questions to be addressed include:

1. What are the main elements of anti-spam laws and how successful have they been?
2. What other kinds of laws are being applied to spam (e.g. data protection and deceptive or unfair marketing laws)?
3. What kinds of self-regulatory programs are in place, and how successful have they been?
4. What are the main limitations of regulatory and self-regulatory measures, given the cross-border nature of the problem?

• Speaker 1: Mr. Lindsay Barton, National Office for the Information Economy, Australia
• Speaker 2: Ms. Patricia M. Sefcik, Department of Commerce, United States
• Speaker 3: Mr. Philippe Gérard, European Commission
• Speaker 4: Ms. Cristina Vela, European Telecommunications Network Operators' Association (ETNO)

Panel discussion between the speakers above and the panellists below, moderated by the Session 5 Chair

• Panellist 1: Mr. Petr Piskula, Ministry of Informatics, Czech Republic
• Panellist 2: Mr. Keiichiro Seki, Ministry of Public Management, Home Affairs, Posts and Telecommunications, Japan
• Panellist 3: Mr. Ken McEldowney, Consumer Action
• Panellist 4: Mr. Alastair Tempest, Federation of European Direct Marketing

10.45-11.00 - Refreshment

11.00-13.00 - SESSION 6: INTERNATIONAL LAW ENFORCEMENT CO-OPERATION

Session 6 Chair: Mr. André Longuet des Diguères, Direction Générale de la Concurrence, de la Consommation et de la Répression des Fraudes, France

Spamming is a global problem requiring a global solution. As e-mails can originate or be routed through servers around the world, national efforts to investigate and prosecute spammers are extremely difficult. Problems in locating spammers, establishing jurisdiction and enforcing remedies frustrate attempts to apply national anti-spam laws. In addition, the types of bodies responsible for enforcing anti-spam laws differ from country to country (e.g. data protection authorities, consumer protection agencies, telecommunication regulators, and criminal authorities). Effective international law enforcement is therefore difficult, but nonetheless essential to the success of any national regulatory measures.

This session will address international co operation efforts to enforce laws against spam. Particular issues to be addressed in this session include:

1. What steps need to be taken at the national level to facilitate more international law enforcement co-operation?
2. How can the varying types of competent authorities responsible for spam work effectively together?
3. How can international co-operation and information sharing between governments and the private sector be improved?
4. What lessons can be drawn from existing measures to enhance co-operation in related areas (e.g. cross-border fraud and cyber-crime)?

• Speaker 1: Mr. Hugh Stevenson, Federal Trade Commission, United States
• Speaker 2: Mr. Giovanni Buttarelli, Data Protection Authority, Italy

Panel discussion between the speakers above and the panellists below, moderated by the Session 6 Chair

• Panellist 1: Ms. Beatrice Delmas-Linel, Microsoft EMEA
• Panellist 2: Ms. Victoria Villamar, Bureau Européen des Unions de Consommateurs / European Consumers’ Organisation
• Panellist 3: Mr. Nam-cheol Kim, Ministry of Information and Communication, Korea
• Panellist 4: Ms. Marianne Åbyhammar, Swedish Consumer Agency, Sweden

13.00-14.30 - Lunch break

14.30-15.15 - SESSION 7: AWARENESS AND EDUCATION

Session 7 Chair: Ms. Susan Grant, National Consumers League

This session will examine how increased consumer and industry awareness, education and best practice use of electronic communications can minimise the impact of spam. The session will highlight initiatives to promote awareness among users and focus on practical steps users can take. In particular, it will consider:

1. How to reduce the amount of spam received.
2. How to appropriately and responsibly deal with spam once it is received.
3. What role governments, industry leaders and civil society should play in creating and widely disseminating anti-spam resources and educational guides.

• Speaker 1: Mr. Christopher Kuner, Hunton & Williams, International Chamber of Commerce

Panel discussion between the speaker above and the panellists below, moderated by the Session 7 Chair

• Panellist 1: Mr. Hubert van Breemen, Confederation of Netherlands Industry and Employers VNO-NCW, Chair of the Business and Advisory Committee to the OECD Task Force on Consumer Policy
• Panellist 2: Ms. Valerie Thompson, European Research into Consumer Affairs
• Panellist 3: Mr. Anthony Wing, Australian Communications Authority, Australia
• Panellist 4: Ms. Kristiina Pietikäinen, Ministry of Communications, Finland

15.15-16.00 - SESSION 8: EVALUATING CURRENT APPROACHES AND LOOKING AHEAD

Session 8 Chair: Mr. Bernd Langeheine, European Commission

No single solution to the problem of spam, whether of a technical, regulatory or self-regulatory nature, is likely to be successful on its own. A multi-dimensional approach is therefore needed to help eliminate spam.

 In this session panellists will examine what governments, businesses and consumers have been doing individually and collectively to address spam. Panellists will evaluate current approaches, identify shortcomings in these current approaches, and discuss possible improvements.

Panel discussion moderated by the Session 8 Chair

• Panellist 1: Ms. Jean Ann Fox, Consumer Federation of America
• Panellist 2: Mr. Joseph Alhadeff, Oracle Corporation, Chair of the Business and Advisory Committee to the OECD Task Force on Information Security and Privacy
• Panellist 3: Mr. Phil Jones, Information Commissioner’s Office, United Kingdom

16.00-16.15 - Refreshment

16.15-17.15 - SESSION 9: WHAT ARE THE NEXT STEPS?

Session 9 Chair: Mr. Peter Ferguson, Industry Canada, Canada, Chair of the OECD Working Party on Information Security and Privacy

This session will focus on the global dimension of spam with a view to determining next steps at the international level. Building on the discussions in their respective sessions, session chairs will consider:

1. The areas where globally coordinated action is most needed (e.g. research and information gathering; education and awareness; encouraging self-regulation and the development of interoperable technical solutions; international co-operation in enforcing national laws, or all of these) and how this can best be achieved.
2. The areas where solutions can be implemented most rapidly.
3. The role that international organisations, such as the OECD, can play in facilitating such co-operation.

Panel discussion moderated by the Session 9 Chair

• Session Chair 1: Mr. Andrew Konstantaras
• Session Chair 2: Commissioner Mozelle W. Thompson
• Session Chair 3: Mr. Brian Stewart
• Session Chair 4: Mr. Wonki Min
• Session Chair 5: Mr. Michael Geist
• Session Chair 6: Mr. André Longuet des Diguères
• Session Chair 7: Ms. Susan Grant
• Session Chair 8: Mr. Bernd Langeheine

17.15 - CLOSING

Mr. Takayuki Matsuo, OECD