THE CHRONIC PLIGHT OF SPAMMING IN INDIA
This blog is authored by Sasmitha Kumaravadivel a final year law student at Law Centre, University of Delhi.
The origin of the word ‘SPAM’ is from luncheon meat consumed during and after WWII. Due to the undesirable nature of the food, the acronym was used by computer experts in the United States as an analogy for identifying mass mailings as ‘spam’ in the year 1994. The term caught on and it has been in use ever since to describe the transmission of unsolicited commercial messages to a large number of recipients through e-mail, instant message, internet posting, messages in user groups or forums etc. These messages are mostly sent to facilitate fraud such as phishing, identity theft, password theft and more.
Spamming in India became prevalent after the widespread use of Transmission Control Protocol/Internet Protocol (TCP/IP) based connections which led to the increase in internet usage and the availability of e-mail addresses. Non-accountability and lack of strict barriers are the main reasons for the boom in commercial spamming, particularly in real estate, banking and finances, holiday timeshares, insurance, etc. The COVID-19 pandemic facilitated a favorable ground for malware senders, whereby the spam attack increased to 85% as of July 2020 further making India, the fourth biggest malware sender in the world. Usage of smart phones and the internet is intensifying day-by-day with the simultaneous surge in criminal activities. There is a complete lack of legislation in India to prevent spamming and it is neither categorized as a crime which makes the users vulnerable to fall prey to such immoral activities.
Spamming through Various Forum
1· SMS: The bulk of spam menace is created by SMS from the telecommunication companies (telcos) to their subscribers. It was only in the year 2020, the Telecom Regulatory Authority of India (TRAI) issued directions to the telcos to be mandatorily registered under the Telecom Commercial Communications Customer Preference Regulation (TCCCPR), 2018 in order to send SMS to their subscribers. However, the majority of the telcos are either unregistered or expired and yet sending unsolicited messages to everyone by simply changing the header or code.
2· Calls: From 2011 to 2019, over 1.8 million telemarketers have been disconnected through the efforts of the Union, and yet these calls have been recurring. The registry of Do Not Call (DNC) service for the subscribers to control the telemarketing calls they want to receive, is yet another futile attempt of the TRAI. Thousands of crores of financial disincentives are being imposed upon the telcos for failing to prevent Unsolicited Commercial Communications (UCC) by the TRAI but it has not stopped the spam calls from the telemarketers.
3· WhatsApp: There are many websites that have indexed the option of ‘Click to Chat’ which once clicked, automatically opens a chat on WhatsApp without the need to save the particular number on their contact list. This allows the spammers to access the personal details of the user and abuse them furthermore.
4· E-mail: E-mail marketing in India grew in a very short time frame due to the absence of operating costs. Spammers obtain software that is easily available on the internet, harvest a list of e-mail addresses, and send them emails through third party servers. When users open such mail, they are exposed to numerous risks including but not limited to, registration at unscrupulous sites (e.g. pornography), a threat to privacy (e.g. password, mobile number, bank account details), damage to IT security (e.g. targeting government officials at ISRO, MEA, Nuclear scientist), a harvest of e-mail addresses in one’s contact, viruses from attachments, etc. Such damages occur within seconds even though the users’ primary aim is to delete the junk mail. Various personal and political turmoil resulting from these disruptions.
A long-lasting solution to the above problems is legislation that entails all the aspects of spamming. The Supreme Court has incessantly observed that the Right to privacy is a much-valued fundamental right in India and therefore, it is the duty of the State to protect the right from being abused.
Should it be considered as Crime?
Spam mail may not be considered junk mail because, in the former category, the receiver has to bear the operating costs from internet service providers. Indian PCs are mostly operated with outdated and/or pirated software making the systems extremely vulnerable to malware infections and virus-generated spam. The Delhi High Court restricted McCoy company by a hefty penalty for sending unauthorized and unsolicited e-mail to VSNL through a first of its kind order inthe year 2004. Until today, spam mail or the resultant data loss are considered a tortious act in India, whereas many countries around the world have criminalized spamming through various anti-spam laws.
As an attempt to resolve the spamming problem in India, the legislature came up with Section 66A of the Information Technology (Amendment) Act, 2008 which punishes the sender with three years of imprisonment for dishonest e-mails. Though the provision did not explicitly mention spamming, phishing or pharming, it was a genuine attempt to keep a check on spamming in India. Law enforcement agencies began to misuse this provision by wrongfully convicting the general public for expressing their opinions. The Supreme Court thereafter struck down the provision as ‘unconstitutional’ in Shreya Singhal v. Union of India.
There is a lack of straightforward legislation on anti-spamming but the perpetrators could still be prosecuted under different legislations and rules which regulate the illegitimate content circulated in the internet and provide punishment for fraud or misrepresentation. For example, Section 79 of the IT (Amendment) Act, 2008, the Intermediary Guidelines Rules, Sections 292, 469, 499, 503 of the Indian Penal Code, 1860, and the Indecent Representation of Women (Prohibition) Act, 1986 are some of the most widely used laws in this arena to punish extreme violence. Despite the abovementioned provisions, the nonexistence of a well-defined anti-spam law ties the hands of the judiciary from providing justice to the victims.
Spam e-mail may contain a virus or trojan horse that may install itself into the computer of the user, thereby exposing their information to cybercriminals. The origin of ‘bad’ ISPs is from India, Brazil, West Africa, and Vietnam, in that order. These cybercrime activities are concentrated in those countries which are not a party to multilateral agreements or lack specific legislation prohibiting these activities. Differentiating what constitutes spam mail as offensive is a herculean task, despite which the time is ripe for India to criminalize the act of spamming by taking inspiration from countries different countries around the world. Austria and Italy outlawed spamming in their respective countries back in the year 1999. CAN-SPAM Act of the United States, Spam Act of 2003 of Australia, Unsolicited Electronic Messages Act, 2007 of New Zealand, Consumer Protection (Distance Selling) Regulations, 2000, of the United Kingdom and Directive on Privacy and Electronic Communications of the European Union are some of the other legislations and regulations controlling spam.
An individual’s privacy in cyberspace has to be the prime concern of legislation. Spamming must be considered an illegal act. The establishment of the Indian arm of Coalition Against Unsolicited Commercial E-mails enhances the efforts of the government to combat spamming in India. The draft National E-commerce policy mentions the development of a legal framework to regulate the UCC.
The government has proposed to introduce a new digital intelligence unit (DIU) to deal with complaints regarding UCC and coordinate with the law enforcement agencies, telecom operators and financial institutions to investigate any pesky call/SMS and/or deviation from the rules. The TRAI has introduced distributed ledger technology (DLT) for the telcos, financial institutions, telemarketing companies and government agencies to link with each other for the purpose of enabling transparency in the management of the records and keep a check on the pesky spams. Individual efforts by platforms such as WhatsApp, wherein the use of AI algorithm to protect the user information and curb
spam messages is inspired.
Blocking spam e-mail, messages and calls have not been successful at all. Other modern anti-spam technologies are expensive and unaffordable by the netizens. Recovering data and securing personal information have become repetitive actions with increased time, cost and legal problems. Technology develops every day and to lay down legislation that encompasses future developments too, could be irreconcilable. Nevertheless, legislation and regulatory measures to protect individual interests are inevitable.