A plea for an anti-spam coordination centre

As the Dutch government is on an ever tighter budget since the banksaving operations of 2008 it is merging enforcement and regulatory agencies at a fast pace. It is foreseen that OPTA will merge with the NMA (Competition Authority) and CA (Consumer Authority). Paul de Bijl, economist at the Central Planning Bureau, points in an article towards a media regulatory body, while the Dutch Data Protection Agency pleads for a merger with OPTA and the Media Commissioner. I plead for an anti-spam centre for the Netherlands that gathers data and coordinates between all the involved agencies.

OPTA and NMA merger
The idea of merging OPTA with the NMA is not new. I think it was in 2002 that a commission studied this topic. Important for OPTA, then, was independence from government as the state was still a shareholder of the incumbent company. It never came to a merger then. The idea as such has rational behind it. OPTA regulates the telecom market. The NMA most other markets.

Why an exception for telecoms? A big difference is that OPTA can regulate the market ex-ante, while the NMA studies the facts after complaints were filed. De Bijl makes it clear that the telecomsmarket may not yet be ready for ex-post regulation. Also the fact that the convergence of telecoms, media, Internet, telecommunication cables and airwaves has become so intricate that it does not make sense to exclude the Commissariat for the Media and the Telecom Agency (AT) from the discussions, says De Bijl.

What about spam enforcement
De Bijl’s contribution is only part of the picture. OPTA has several topics in it’s remit that have nothing to do with telecoms market regulation. An example is spam and malware enforcement. (There are other (privacy related) issues as well). Is this a topic that can expect prioritization at a competition agency? The same goes for topics of the Consumer Authority by the way. As the NMA is in between two and three times as big as the other two combined I very much doubt if priority will be given to these topics if a full merger is achieved. So, are there alternatives?

The fight against spam
Spam is only a means to an end. Either to sell something or on behalf of some crime or other. The choice not to put spam under the auspices of traditional law enforcement, i.e. the police, has proven a good one. Police is never able to give it the undivided attention it deserves. Most cases are (or may seem) not important enough to be given priority. OPTA battles spam and has set an example to the world as one of the four most successful anti-spam agencies.

However, spam is intricately entwined with data harvesting, misleading advertising, disseminating malware, counterfeit products, illegal drugs, fraud, etc., before it grows into botnets, cyber crime and perhaps terrorism or warfare. OPTA can only tackle a small portion of these examples, but they are the basis: spam and malware! All this implicates the involvement of several agencies and all with different authority. Next to that, not all enforcers can investigate or fine at a same level nor are able to gather intelligence in the same way. Enforcement is not as efficient as it can be. This needs thought also.

As these judiciary lines were once drawn more or less arbitrary, maybe the upcoming uprooting of all these agencies paves the way to seriously look at the best way to coordinate spam related issues, with a close tie-in to cyber crime. Hence the call for a coordination centre working for all the authorities involved.

When the Netherlands accepts a complaint system like Signal Spam, this could serve as the basis for this coordination centre as the data comes in at one point of entry: the Signal Spam data base. If the people manning this centre reach out to other sources as well, this will greatly benefit all (the merged, remaining) agencies. To my mind OPTA has the best track record by far, in fining as well as reaching out to other agencies, so could be a good starting point for thoughts on this centre.

The benefits of a spam coordination centre
The benefits are interesting enough to contemplate this solution. To name a few:

1. all complaints are compiled, analysed and assessed at one point of entry;
2. cross-checks can be made;
3. sending and content are no longer strictly divided;
4. coordination between agencies is dealt with;
5. coordination teams can be set up;
6. coordinated investigations and efforts become a reality;
7. a high order of efficiency is met with;
8. there is a single point of coordination with police and justice;
9. it has the overview and can prioritize for all concerned.

In order to be successful a more intricate and integrated effort is necessary. This idea could be a solution which makes The Netherlands safer from cyber crime.

Conclusions
Whatever comes out of these merger variations on offer it has to be clear that where spam and related enforcement is concerned:

1. all enforcers need teeth and stamina to hurt;
2. priorities may not be shifted to the biggest organisation’s interests;
3. slacking priorities mean the bad guys stand to win;
4. look into a coordination centre seriously.

The Netherlands is a highly digitalized country, which is used by spammers and cyber criminals to their maximum ability and profit. In order to fight them successfully, enforcement needs to be state of the art also. A spam coordination centre brings this a step closer.

Wout de Natris, De Natris Consult

Leiderdorp, 7 March 2011

Advertisements

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Botnets, Cyber crime, spam, Spam enforcement and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s