Something went terribly wrong with South Africa's spam laws.Its landmark legislation, carefully drafted in 2002, is somehow doing nothing at all to stop spam and causing more and more unexpected headaches. It seems South Africa might be better off with no spam laws at all.
After round tables, papers, drafts, and debates, South Africa passed the Electronic Communications and Transactions Act in summer 2002. This law was designed to handle all problems with electronic data, including government Internet-based services, cryptography, digital signatures, public Internet access, and much more. (A summary, including other requirements, is here). The ECT Act regulates spam in Chapter VII, § 45. Unsolicited commercial messages are not illegal, but they must contain an opt-out and disclose where they obtained address information came from on request. If a "customer" opts out, a "sender" must not send any further messages, subject to a fine or jail time less than twelve months.
Since this law's introduction, it seems little has actually been done to stop spammers. South Africa has publicized some convictions for fraudulent spam using government officials' names to gather money in "Nigerian" styled schemes. These cases were ongoing for four years, and it is not even clear that the ECT Act was needed to convict these spammers since their fraud was so obviously banned under common law. Another large victory for South Africa was catching two notorious
hackers that had hacked into bank accounts. The ECT Act is more relevant to this kind of crime, though not the spam regulations, obviously.
So where are the spammers this law should have stopped?
It seems the ECT Act is fraught with problems. Though it regulates "unsolicited commercial messages," only "messages" has a clear definition. The receiver protected is a "consumer," also undefined, and the requirements of a satisfactory opt-out are unclear. Perhaps worst of all is the lack of clarity of "sender," which could hold ISPs liable for what is sent. There has been no pilot litigation probably due to this amazing level of vagueness and the expense of bringing spammers to trial. Other parts of the ECT Act are more clear. Forged headers and DoS attacks are much more clearly prohibited, but there has been no pilot litigation in this area either.
As if not catching spammers it intended weren't bad enough, it seems the ECT Act also restricts filtering. Some suggest that the laws protecting data relays only apply at an ISP level. ISP silent filtering of e-mail is treated like censorship, violating the Bill of Rights and the ECT Act. Even if this was the intent of the law, as written it could also stop filtering by businesses. Some lawyers claim filtering another person�s mail at any level violates the Act. Mydoom hit South Africa hard, and its only hope was business filters and educated users. Even with this much filtering, many servers could not handle e-mail with attachments, devastating South African businesses. Without even business level filtering, South Africa could be very vulnerable to viruses. Also, with little governmental action in South Africa or other countries, it seems filtering might be the best current remedy. Though no litigation has started on this topic, the ECT Act might take away spam-prevention measures and fail to punish spammers.
Since the laws, there has been some blacklisting of South African ISPs for dynamic IP addresses, though South Africa remains an unranked spammer. There has been one victory in South Africa, outside the ECT Act, which must be mentioned. Mobile phone providers have privately joined to make a code regulating SMS spam. The providers require an opt-in to receive messages. They established a website to make complaints, find out more about senders, and block networks or individuals, which seems to be working quite well without the so-called help of South African law.
For other countries, see the Spam Laws Worldwide Index.