Unsolicited commercial e-mail (spam): integrated policy and practice

The internet offers a cost-effective medium to build better relationships with customers than has been possible with traditional marketing media. Internet technologies, such as electronic mail, web sites and digital media, offer companies the ability to expand their customer reach, to target specific communities, and to communicate and interact with customers in a highly customised manner. In the last few years, electronic mail has emerged as an important marketing tool to build and maintain closer relationships both with customers and with prospects. E-mail marketing has become a popular choice for companies as it greatly reduces the costs associated with previously conventional methods such as direct mailing, cataloguing (i.e. sending product catalogues to potential customers) and telecommunication marketing. As small consumers obtain e-mail addresses, the efficiency of using e-mail as a marketing tool will grow. While e-mail may be a boon for advertisers, it is a problem for consumers, corporations and internet service providers since it is used for sending 'spam' (junk-mail). Unsolicited commercial e-mail (UCE), which is commonly called spam, impinges on the privacy of individual internet users. It can also cost users in terms of the time spent reading and deleting the messages, as well as in a direct financial sense where users pay time-based connection fees. Spam, which most frequently takes the form of mass mailing advertisements, is a violation of internet etiquette (EEMA, 2002). This thesis shows that spam is an increasing problem for information society citizens. For the senders of spam, getting the message to millions of people is easy and cost-effective, but for the receivers the cost of receiving spam is financial, time-consuming, resource-consuming, possibly offensive or even illegal, and also dangerous for information systems. The problem is recognised by governments who have attempted legislative measures, but these have had little impact because of the combined difficulties of crossing territorial boundaries and of continuously evasive originating addresses. Software developers are attempting to use technology to tackle the problem, but spammers keep one step ahead, for example by adapting subject headings to avoid filters. Filters have difficulty differentiating between legitimate e-mail and unwanted e-mail, so that while we may reduce our junk we may also reduce our wanted messages. Putting filter control into the hands of individual users results in an unfair burden, in that there is a cost of time and expertise from the user. Where filter control is outsourced to expert third parties, solving the time and expertise problems, the cost becomes financial. Given the inadequacy of legislation, and the unreliability of technical applications to resolve the problem, there is an unfair burden on information society citizens. This research has resulted in the conclusion that cooperation between legislation and technology is the most effective way to handle and manage spam, and that therefore a defence in depth should be based on a combination of those two strategies. The thesis reviews and critiques attempts at legislation, self-regulation and technical solutions. It presents a case for an integrated and user-oriented approach, and provides recommendations

The regulation of unsolicited electronic communications (SPAM) in South Africa : a comparative study

The practice of spamming (sending unsolicited electronic communications) has been dubbed “the scourge of the 21st century” affecting different stakeholders. This practice is also credited for not only disrupting electronic communications but also, it overloads electronic systems and creates unnecessary costs for those affected than the ones responsible for sending such communications. In trying to address this issue nations have implemented anti-spam laws to combat the scourge. South Africa not lagging behind, has put in place anti-spam provisions to deal with the scourge. The anti-spam provisions are scattered in pieces of legislation dealing with diverse issues including: consumer protection; direct marketing; credit laws; and electronic transactions and communications. In addition to these provisions, an Amendment Bill to one of these laws and two Bills covering cybercrimes and cyber-security issues have been published. In this thesis, a question is asked on whether the current fragmented anti-spam provisions are adequate in protecting consumers. Whether the overlaps between these pieces of legislation are competent to deal with the ever increasing threats on electronic communications at large. Finally, the question as to whether a multi-faceted approach, which includes a Model Law on spam would be a suitable starting point setting out requirements for the sending of unsolicited electronic communications can be sufficient in protecting consumers. And as spam is not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations in order to combat spam at a global level.Mercantile LawLL. D

An Optimized Dynamic Process Model of IS Security Governance Implementation

The year 2011 has witnessed a lot of high profiles data breaches despite the availability of IS security and governance controls, frameworks, standards and models for organisations to choose from; and the technical advances made in intrusion prevention and detection. Taking this issue into account the objective of this paper is to identify and analyse the weaknesses in the IS security defences of organisations from a holistic perspective, and propose a dynamic IS security governance process model for the implementation of appropriate controls and mechanisms for optimised IS security. Optimization is achieved through the strategic overlap of security and governance frameworks implemented in a prioritized phased manner for efficiency and effectiveness in cost, time and effort. The paper starts with the analysis of data breaches to identify the weaknesses in the organisational information system. This is followed by the analysis of recommended requirements and dimensions of effective IS security architecture, IS governance, concepts and models to identify relevant frameworks used in IS security and governance. Thereafter, the best practices for implementing the model is evaluated and finally the frameworks and IS entities are integrated into an optimized Information Systems Security and Governance (ISSG) process model

Evaluation of Email Spam Detection Techniques

Email has become a vital form of communication among individuals and organizations in today’s world. However, simultaneously it became a threat to many users in the form of spam emails which are also referred as junk/unsolicited emails. Most of the spam emails received by the users are in the form of commercial advertising, which usually carry computer viruses without any notifications. Today, 95% of the email messages across the world are believed to be spam, therefore it is essential to develop spam detection techniques. There are different techniques to detect and filter the spam emails, but off recently all the developed techniques are being implemented successfully to minimize the threats. This paper describes how the current spam email detection approaches are determining and evaluating the problems. There are different types of techniques developed based on Reputation, Origin, Words, Multimedia, Textual, Community, Rules, Hybrid, Machine learning, Fingerprint, Social networks, Protocols, Traffic analysis, OCR techniques, Low-level features, and many other techniques. All these filtering techniques are developed to detect and evaluate spam emails. Along with classification of the email messages into spam or ham, this paper also demonstrates the effectiveness and accuracy of the spam detection techniques

Capital markets and e-fraud: policy note and concept paper for future study

The technological dependency of securities exchanges on internet-based (IP) platforms has dramatically increased the industry's exposure to reputation, market, and operational risks. In addition, the convergence of several innovations in the market are adding stress to these systems. These innovations affect everything from software to system design and architecture. These include the use of XML (extensible markup language) as the industry IP language, STP or straight through processing of data, pervasive or diffuse computing and grid computing, as well as the increased use of Internet and wireless. The fraud is not new, rather, the magnitude and speed by which fraud can be committed has grown exponentially due to the convergence of once private networks on-line. It is imperative that senior management of securities markets and brokerage houses be properly informed of the negative externalities associated with e-brokerage and the possible critical points of failure that exist in today's digitized financial sector as they grow into tomorrow's exchanges. The overwhelming issue regarding e-finance is to determine the true level of understanding that senior management has about on-line platforms, including the inherent risks and the depth of the need to use it wisely. Kellermann and McNevin attempt to highlight the various risks that have been magnified by the increasing digitalization of processes within the brokerage arena and explain the need for concerted research and analysis of these as well as the profound consequences that may entail without proper planning. An effective legal, regulatory, and enforcement framework is essential for creating the right incentive structure for market participants. The legal and regulatory framework should focus on the improvement of internal monitoring of risks and vulnerabilities, greater information sharing about these risks and vulnerabilities, education and training on the care and use of these technologies, and better reporting of risks and responses. Public/private partnerships and collaborations also are needed to create an electronic commerce (e-commerce) environment that is safe and sound.Environmental Economics&Policies,Insurance&Risk Mitigation,Financial Intermediation,ICT Policy and Strategies,Banks&Banking Reform

Information Waste on the World Wide Web and Combating the Clutter

The Internet has become a critical part of the infrastructure supporting modern life. The high degree of openness and autonomy of information providers determines the access to a vast amount of information on the Internet. However, this makes the web vulnerable to inaccurate, misleading, or outdated information. The unnecessary and unusable content, which is referred to as “information waste,” takes up hardware resources and clutters the web. In this paper, we examine the phenomenon of web information waste by developing a taxonomy of it and analyzing its causes and effects. We then explore possible solutions and propose a classification approach using quantitative metrics for information waste detection