SPAM

What is spam?

Spam is excessive and unwanted multi-posting of messages. This spam is sent through Usenet via email, or using some other mechanism. Spam is commercial in nature e.g. offering goods or services for sale, or trying to get you to visit a pay-for-use website. The criterion of spam is quantity not quality or content.

It includes-

1. Advertisements
2. Pyramid schemes (MLM)
3. Giveaways
4. Chain letters
5. Political emails
6. Stock market advice
7. One-time notices

Other definitions of spam-

1. Excessive multi-posting (EMP): Posting the same message 40 times to one news group is spam.
2. Excessive cross-posting (ECP): Posting the same message to 40 related newsgroups is spam.
3. Unsolicited commercial email (UCE): It involves sending a single message to one or more recipients, who have not requested the information.
4. Trolling: Trolling is the act of posting a deliberately provocative message with the express intent of starting a flame war. The message is often cross-posted to several newsgroups in order to increase the confusion.

How is spam sent?

Spam is sent from-

1. Individual computers that have been infected with a virus. They connect to the internet and download lists of email addresses and start sending an out spam.
2. Misconfigured email servers (open relay). Some people setup or reconfigure mail servers incorrectly and receive mail from anyone and then redeliver it. Spammers like these type of servers. These servers are usually on high speed internet connections so the spammer can send more spam quickly.

Some ISP's are spammer-friendly. They are willing to take payment to setup servers and even offer to change IP addresses when those IP's get blacklisted. Spammers may also buy mail server services from ISP's using stolen credit card details.

According to the Federal Trade Commission (FTC), the United States's consumer protection agency, spammers can compromise computers in several ways depending on what kind of internet connection one has. All computers connected to the internet are potential targets, but those with broadband connection are especially attractive to spammers because they are always on. Spammers scan the internet, searching for points of entry and then install hidden software that allows remote access to data and programs. That, in turn, allows the spammer to send message from Remote access software also which can be installed by a virus: a spammer sends email with a virus in the attachment. If one opens the infected attachment, a virus is released that install the hidden software. The person who sends the virus now can access the data and programs on your computer, or take over many computers and use to send spam. It can be very difficult to tell if a spammer has installed hidden software on a specific computer, but there are some warning signs. For example, you may receive emails accessing you of sending spam; you may find email messages in your "outbox" that you didn't send; or your computer is using more power than it has in the past to run the programs you use.

How do spammers get victims' addresses?

To send spam mail to Usenet is very easy. A list of Usenet newsgroups is readily available, and all a spammer has to do is getting posting. Email spammers collect the list of email addresses from someone else who has already collected them.

Some of the ways that email addresses are harvest-

1. By examining the headers and the contents of messages posted to Usenet.
2. By examining the contents of pages on the World Wide Web.
3. By setting up one or more web sites and tricking visitors into revealing their e-mail addresses.

The negative consequences of spam-

1. It consumes Internet resources. A spam will block mail servers, making all emails slow and burdening the ISP.
2. It reduces the effectiveness of reasonable advertising.
3. It raises costs for everyone who uses the Internet.
4. It exposes children to inappropriate material.
5. It wastes people's time.
6. This costs the world's economy billions of dollars per year in lost productivity.
7. It threatens the utility of email as a form of communication.

How to avoid spam?

Although it is difficult to stop, there are a few things that one can do to minimize the amount of spam he receives.

1. Use an email client that supports "DNS Blacklisting".
2. Only supply your email address to a company if it is absolutely necessary.
3. Do not enter contests. The only prize you might win is a mailbox full of spam.
4. Use two email accounts. Use one account for all, purchasing, newsletters, marketing lists, chat rooms. The second account should be for all personal use.
5. Do not unsubscribe from spam. Spam often contains an unsubscribe link. This link is there to get you to verify your address and usually gets you even more spam.
6. Don't give out other people's email address. Sometimes web sites will ask you to refer others to them. Do not do this unless you have permission from the addressee.
7. Don't forward chain letters. Spammers collect email addresses from them.
8. Spammers can obtain addresses by patrolling forums, white page sites, chat ooms, and bulletin boards. Try to keep your email address off the Internet.
9. Don't use your real address when posting to Usenet.

The commonest types of spam-

1. Adult content:-This category of spam includes offers for products designed to increase or exchange sexual potency, links to porn sites & advertisements for pornography etc. Innocent students and teenage people are mentally disturbed by these type of spam mails. They are easily loose their attention on their studies and they are using their loneliness to read like these mails. So by these mails they would loose many things in their life.
2. Health and medicine:-This category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements, non­ traditional medication etc. which can all be bought on-line.
3. Information Technology:-This category includes offers for low-priced hardware and as well as services for web site owners such as hosting, domain registration, web site optimization and so on.
4. Personal finance:-Spam which falls into this category offers insurance, debt reduction services, loans with low interest rates etc.
5. Education:-This category includes offers for seminars, training, and on-line degrees.
6. Political spam:- This category includes mudslinging or political threats from extremist and possible terrorists.

Types of spam filters-

We are flooded with information and too much of anything is useless. So, it is necessary to avoid it or filter it. The following are the some spam filters currently available.

1. False Positive:- False positive means the spam filter identifies a innocent message as spam.
2. False Negative:- False Negative means the spam filter fails to Identify a spam message as spam.
3. Ideal:- Ideal means the spam filter produces zero false positive and zero false negative. This is impossibility, but some filters set up correctly.

a. Content based filters-

It is a traditional type of filter. It simply analyses the message subject, headers, and content looking for kill words or phrase, or other indicators of spam. Over the years, spammers have been aware that their messages were being killed by these content filters and they creating more tricks to fool the content filters.

b. Bayesian filters-

Bayesian Filters are filters that are based on probability. Bayesian filters have to be trained from good and bad emails. During training they extract tokens and store them in a database when analyzing a new message is split into tokens and store them in a database when analyzing a new message, the message is split into tokens and each token is given a value according to the following criteria.

1. The frequency of the token in spam messages that the filter has been trained on.
2. The frequency of the token in good messages that the filter has been trained on.
3. The number of spam messages the filter has been trained on. The number of good messages the filter has been trained on.

Some current Bayesian based filters are returning very impressive detection rate with minimum false positive or false Negatives.

c. Whitelist / Blacklist filters-

These are very basic type of filters. But nowadays are rarely used, but are still used as part of an integrated filtering system. White list filters will not accept email from any address unless it is a list of known good email address. Blacklist filters will allow messages from any address unless the address is on a list of known bad sources. Blacklist can be stored and administered on a local system or referred via the internet. Blacklist available on the internet are referred to as real-time black hole list.

d. Challenge and Response filters-

Challenge and response filters are characterized by their ability to automatically send a response to an unknown sender asking them to take some further action to ensure their message will be received. This is often referred to as a Turing Test. Recent years have seen the appearance of some Internet services which automatically perform this Challenge and Response functions for the user and require the sender of an email to visit their website to facilitate the receipt of their message.

e. Community filters-

This type of filters work on the principal of communal knowledge of spam. These types of filters communicate with a central server. When a user receives a spam message, they simply mark it as spam. This information is posted to the central server where a finger print of the message is added to the database. When enough people have voted the message as spam, it will be blocked from user's inboxes in the future.

f. Server based filters-

These are usually only used in a corporate or business environment rather than in the home. All mails arrives at a center server where it is filtered by server based filter and Individual users collect their messages on their desktop from the central server.

Conclusion

It must be noted that the perfect spam filter has not been invented yet.

References-

http://www.stopspam.org/
http://www.mail-abuse.org/
http://www.spamcop.org/

The IT Act, 2000 - An Overview

Since times immemorial, man has always been motivated by the need to make progress and better the existing technologies. This has led to tremendous development and progress that has been a launching pad for further developments. Of all the significant advances made by mankind from the beginning till date, probably the most important of them is the development of Internet.

However, the rapid evolution of Internet has also raised numerous legal issues and questions. As the scenario continues to be still not clear, countries throughout the world are resorting to different approaches towards controlling, regulating and facilitating electronic communication and commerce.

The Information Technology Act, 2000 provides the legal infrastructure for E-commerce in India.

The Information Technology Act, 2000 as defined therein is “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic methods" of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Book Evidence Act, 1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of India Act, 1932 and for matters connected therewith or incidental thereto.”

Towards this end, the Act thereafter stipulates numerous provisions. The Act aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act further states that unless otherwise agreed, the acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. The Act purports to facilitate electronic intercourse in trade and commerce, eliminate barriers and obstacles coming in the way of electronic commerce resulting from the glorious uncertainties relating to writing and signature requirements over the Internet. The Act also aims to fulfill its objects of promoting and developing the legal and business infrastructure necessary to implement electronic commerce.

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person by the use of a public key of the subscriber can verify the electronic record.

Chapter-III of the Act details about Electronic Governance and provides inter-alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is-

1. rendered or made available in an electronic form; and
2. accessible so as to be usable for a subsequent reference.

This chapter also details about the legal recognition of Digital Signatures. The various provisions further elaborate on the use of Electronic Records and Digital Signatures in Government Agencies. The Act further talks of publications of rules and regulations in the Electronic Gazette.

Chapter IV of the Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provision for the issue or license to issue Digital Signature Certificates.

Chapter VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the Act.

Chapter IX of the Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer system etc. have been fixed as damages by way of compensation not exceeding Rs. 100,00,000/- to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.

There is a provision in Chapter X that envisage the Cyber Regulations Appellate Tribunal shall be an appellate body where appeals against the orders passed by the Adjudicating Officers shall be preferred. The said Tribunal shall not be bound by the principles of the code of Civil Procedure but shall follow the principles of natural justice and shall have the same powers as those are vested in a Civil Court. Against an order or decision of the Cyber Appellate Tribunal, an appeal shall lie to the High Court.

Chapter XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information which is obscene in electronic form, breach of confidentiality and privacy, misrepresentation, publishing Digital Signature Certificate false in certain particulars and publication for fraudulent purposes.

Hacking has been properly defined in Section 66 as, “Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.” Further for the first time, punishment for hacking as a cyber crime prescribed in the form of imprisonment up to 3 years or with fine that may extend to Rs. 2,00,000/- or with both. This is a welcome measure as hacking has assumed tremendous importance in the present day scenario. On previous occasions, the web sites of the Government have been hacked into but no legal provision within the existing legislation could be invoked to cover “hacking” as a cyber crime. It shall now be possible to try and punish hackers under section 66 of the IT Act, 2000.

The Act also provides for the constitution of the cyber Regulations Advisory Committee that shall advice the government as regards any rules or for any other purpose connected with the Act. The Act also has found schedules that amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872. The Banker’s Books Evidence Act, 1981, the Reserve Bank of India Act, 1934 t make them in tune with the provisions of the IT Act.

The IT Bill was tabled in Parliament in December 1999 and was referred to the Standing Committee on Science and Technology, Environment and Forests for examination and report. The Standing Committee examined the said IT Bill 1999 and proposed some stringent measures to further strengthen the legal infrastructure of the IT Bill 1999. The most positive aspect of the said report was that it recommended the insertion of the definition and punishment for "hacking".

Looking from an overall perspective, the Information Technology Act, 2000 is a laudable effort by the Government to create the necessary legal infrastructure for promotion and growth of electronic commerce. As on date, the judiciary in India is reluctant to accept electronic records and communications as evidence. Even email has not been defined in the prevailing statutes of India and is not an accepted legal form of communication as evidence in a court of law as of today. The IT Act, 2000 indeed is a step forward in this direction also.

From the perspective of the corporate sector, the IT Act 2000 and its provisions contain the following positive aspects: ­

(A) The implications of these provisions for the corporate sector would be that email would now be a valid and legal form of communication in our country, which can be duly produced and approved in a court of law. The corporates today thrive on email, not only as the form of communication with entities outsides the company but also email is used as an indispensable tool for intra company communication. Till now it has been seen that the corporates in their intra company communications on email have not been very careful in using the language in such emails. Corporates will have to understand that they shall need to be more careful while writing emails, whether outside the company or within as the same with whatever language could be proved in the court of law, sometimes much to the detriment of the company. Even intra company notes and memos, till now used only for official purposes, shall also be coming within the ambit of the IT Act and will be admissible as evidence in a court of law. A possible consequence of the same for a typical wired company would be that any employee, unhappy with a particular email communication, whether in personal or received in a official or personal capacity, may make the said email as the foundation for launching a litigation in a court of law. Further, when a company executive sends an email to another executive in the company with some defamatory or other related material and copies the same to others, there are possibilities that he may land in litigation in a court of law.

(B) Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Till now, the growth of Electronic commerce was impeded in our country basically because there was no legal infrastructure to regulate commercial transactions online.

(C) Corporates will now be able to use digital signatures to carry out their transactions online. These digital signatures have been given legal validity and sanction in the Act.

(D) The Act also throws open the doors for the entry of corporates in the business of being Certifying Authorities for issuing Digital Signatures Certificates. The Act does not make any distinction between any legal entity for being appointed as a Certifying Authority so long as the norms stipulated by the government have been followed.

(E) The Act also enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in the electronic form by means of such electronic form as may be prescribed by the appropriate Government. India is rapidly moving ahead in the field of electronic governance and it will not be long before governments start taking applications or issuing license, permit, sanction or approvals, by whatever name called, online. This provision shall be a great leveler as this will enable all kinds of companies to do a lot of their interaction with different government departments online, thereby saving costs, time and wastage of precious manpower.

(F) Corporates are mandated by different laws of the country to keep and retain valuable and corporate information. The IT Act enables companies legally to retain the said information in the electronic form, if-

1. the information contained therein remains accessible so as to be usable for a subsequent reference;
2. the electronic record is retained in the format in which it was originally generated, sent or received or in a format that can be demonstrated to represent accurately the information originally generated, sent or received;
3. the details, which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record electronic record record, are available in the electronic record.

(G) The IT Act also addresses the important issues of Security that are so critical to the success of electronic transactions. The Act has also given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the government at a later date. In the times to come, secure digital signatures shall play a big role in the New Economy particularly from the perspective of the corporate sector, as it will enable a more secure transaction online. In today's scenario, information is supreme. Information is stored on their respective computer systems by the companies apart from maintaining a back up. Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages not exceeding Rs.1,00,00,000. This penalty of damages apply to any person who, without permission of the owner or any other person who is in charge of a computer, computer system or computer network ­-

1. accesses or secures access to such computer, computer system or computer network;
2. downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
3. introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
4. damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
5. disrupts or causes disruption of any computer, computer system or computer network;
6. denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;
7. provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under;
8. charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network.

(H) Corporates in India can now take a sigh of relief as the IT Act has defined various cyber crimes and has declared them penal offences punishable with imprisonment and fine. These include hacking and damage to computer source code. Often corporates face hacking into their systems and information. Till date, the corporates were in a helpless condition as there was no legal redress to such issues. But the IT Act changes the scene altogether.

However, despite the overwhelming positive features of the IT Act, 2000 for the corporate sector, there are a couple of issues that concern the corporates regarding the Act.

1. The Act purports to be applicable to not only the whole of India but also to any offence or contravention there under committed outside of India by any person. This provision in section 1 (2) is not clearly and happily drafted. It is not clear as to how and in what particular manner, the said Act shall apply to any offence or contravention there under committed outside of India by any person. The enforcement aspect of the IT Act is an area of grave concern. Numerous difficulties are likely to arise in the enforcement of the said Act as the medium of Internet has shrunk the size of the world and slowly, national boundaries shall cease to have much meaning in Cyberspace.
2. The Act aims at promoting electronic commerce and it strangely excludes immovable property from the ambit of electronic commerce. It is also surprising that section 1(4) of the said Act excludes numerous important things from the applicability of the IT Act. The Act does not apply to(a) a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881; (b) a power of attorney as defined in section 1 A of the Powers-of­ Attorney Act, 1882; (c) a trust as defined in section 3 of the Indian Trusts Act, 1882; (d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called; (e) any contract for the sale or conveyance of immovable property or any interest in such property.
3. The Act does not touch at all the issues relating to Domain Names which is very important for Electronic Commerce. Domain Names have not been defined and the rights and liabilities of Domain Name owners do not find any mention in the law.
4. The Act does not deal at all with the Intellectual Property Rights of Domain Name owners. Contentious yet very important issues concerning Copyright, Trademark and Patent have been left untouched.
5. The Act talks about the use of electronic records and digital signatures in government agencies. Yet, it further says in section 9, that this does not confer any right upon any person to insist that the document in questions should be accepted in electronic form.
6. As Cyber law is growing, so are the new forms and manifestations of cyber crimes. The offences defines in the Act are by no means exhaustive. However, the drafting of the relevant provisions of the Act make it appear as if the offences detailed in the Act are the only Cyber offences possible and existing. For example, cyber offences like cyber theft, cyber stalking, cyber harassment and cyber defamation are not covered under the Act.
7. The Act talks of Adjudicating Officers who shall adjudicate whether any person has committed a contravention of any provisions of this Act of any rules, regulations, directions or order made there under. How these Adjudicating Officers will adjudicate the contravention of the Act has not been made clear or well defined. Further, it has also not been specified as to how the said Adjudicating Officers shall determine whether any contravention of the Act or any offence has been committed by any person out side India. Further, it is not clear as to what authority would these Adjudicating Officers have vis-à-vis persons out side India who have committed any cyber offences? No definitive procedure for adjudication by Adjudicating Officers has been exhaustively spelt out and the territorial jurisdiction of the said Adjudicating Officers and also the Cyber Regulations Appellate Tribunal has not been defined.
8. Section 55 of the Act states that no order of the Central Government appointing any person as the Presiding Officer of a Cyber Appellate Tribunal shall be called in question in any manner and no Act or proceeding before a Cyber Appellate Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution of a Cyber Appellate Tribunal. The said provisions is volatile of the Fundamental Rights of the citizens as are enshrined in Chapter III of the Constitution of India and the said provision is not expedient and is likely to be struck down by the courts. The Central Government cannot claim immunity in appointments to Cyber Appellate Tribunal, as the same is contrary to the spirit of the Constitution of India.
9. A cause of concern is that sweeping powers have been given to a police officer not below rank of the Deputy Superintendent of Police under Section 80 of the Act. No other related legislation in the world gives such unrestricted powers to any officer for the purpose of investigating and preventing the commission of a cyber crime. The powers given by the Act includes the power to .... enter any public place and search and arrest without warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this Act. This power has been given without any restrictions of any kind whatsoever and it is possible that the same may be misused and abused in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under Section 80 and companies will not be able to escape potential harassment.

All said and done, The Information Technology Act, 2000 is a great achievement and a remarkable step ahead in the right direction. The Act is a first step taken by the Government of India towards promoting the growth of electronic commerce so that Electronic Commerce can flourish in the country.