On Monday 14 February 2011 Signal Spam was presented in the Netherlands. The idea behind the day is that The Netherlands can copy the French system and thus have a spam reporting centre from which information is derived that the different stakeholders can use and respond to. Where are “we” after this meeting?
Signal Spam is, in short, a French public – private partnership that upholds a spam reporting database in which end users can report all forms of spam, suspicious looking unsolicited e-mails and unsolicited software. They register once with Signal Spam and add a plug into their e-mail program. With one click on the button they report the unsolicited messages to the database. Here analyses takes place on the aggregated data and information is linked. Reports on complaints and other data are sent to the different stakeholders. E.g., senders, vendors, ISPs, LEAs, banks, etc. They can take appropriate measures after receiving a report from Signal Spam. This can range from unsubscribing a recipient, to an investigation on breaches of the law or a public – private cooperation to disrupt the business of a foreign criminal organisation. Signal Spam is financed by the participating commercial parties, while privacy issues is over-viewed by the CNIL, the French data protection agency, who actively participates.
There is a greater implication to Signal Spam as spam messages are a major means that is used for criminal ends. Information gathered in the database could also be of use to botnet detection centres, cyber crime fighters and anti-terrorist organisations within and beyond Dutch borders. Thus it could be a layer in a national cyber security initiative.
Where are we after 14 February 2011?
Presentations were given from very divers angles. Despite the fact that senders, ISPs, banks, vendors and LEAs all have a different angle of interest on the Internet, it was quite clear that they have shared concerns and wishes. What I took back from the meeting was a sense of momentum in general. All parties present seemed to give of a message that something needs to be done, although it may not be clear exactly what. Next to that all are very much interested in a better information position from which to act. Despite the fact that the word “hostile” was used jokingly quite often, albeit with a serious undertone, it was quite clear that most in the room were looking for a way to trust each other. This could save cost and efforts in security all around. The proposition that empowering the end user could lead to information and aggregated data that will lead to a better information position for all was also commonly shared. In conclusion, this is a basis that justifies further investigation into Signal Spam adoption in the Netherlands.
Let’s not forget that The Netherlands has dropped out of the world wide spam top 10 from 2004 onwards coming from the number 3 spot in 2003. That identifiable Dutch language spam is not a common thing in mailboxes and that spam, at least for me, whether in my ISP mailbox or the international ones, is an exception. It led me to conclude that industry present in the room as a whole must be doing something right. Whether in subscriptions to and unsubscribing from lists, filtering and enforcing. This does not mean that we can’t better these efforts.
Signal Spam offers several possibilities. Data gathered will better the information position of all parties concerned. Senders receive instant reports on messages perceived as spam by end users. This makes it possible to check on false positives and for possible abuse. ISPs and vendors can match this information with and better their filters. ISPs receive information on possible infected IP addresses in their networks. Hosters receive information on security breaches from one of their customers. Banks are warned about fishing attacks. LEAs better their information position as they receive reports on breaches of the law and can thus prioritize better. In general the low hanging fruit will disappear fast because of these efforts. Should all this come to be, this could create the environment in which the sought after trust between partners in Signal Spam comes about and security costs go down.
There is a prerequisite to all this. It is necessary that the different stakeholders participate in this initiative and take it forward.
The way forward
The day ended non-committal. Most present shared the suggestion that the idea of Signal Spam was sound and deserved support if it was to be implemented. A first goal was achieved. Different stakeholders were together in one room and discussed their issues together.
So, what´s next? It looks like it would be a shame to let the momentum of the day seep away. There was a distinct enthusiasm to look into solutions, despite the (very) different, yes, also commercial, background.
An inventory of interested parties seems like a sensible next step, coupled to their wishes and concerns. This will make a next step feasible in which the compatibility of the stakeholders’ wishes is discussed and the form the organisation should have. Only then adoption comes into view and the question whether a new organisation is needed or it can be hooked on to an existing initiative or organisation.
But first the question “do parties concerned wish a Signal Spam (like) initiative implemented in the Netherlands?” needs to be answered by these parties. Only then will we get an answer whether Signal Spam takes off the Netherlands.
Wout de Natris
Leiderdorp, Tuesday 15 February 2011