The anti-spam Act, which also goes by the unexciting name of the Unsolicited Electronic Messages Act, could encourage computer users to update their security software.
Section 13 of the new law establishes computer infection as a legal defence to charges of spamming. But it places the burden of proof on the defendant.
The act, which was passed last week, says a person who sends spam — or causes spam to be sent — has a defence if they sent the message, or caused it to be sent, by mistake. Similarly, a defence exists if the message was sent without that person’s knowledge — for example, because of a computer virus or malicious software program.
However, the act adds, if someone wants to rely on this defence the onus of proof lies with them.
So-called botnets, consisting of thousands of compromised computers, are increasingly being used in spamming exercises, say security consultants (see page 21). And exploits that can be used for system penetration still regularly turn up even in mature operating systems and browsers, and require new patches.
A note of advice for consumers appended by InternetNZ to its announcement of the passage of the new law flags this issue, and adds “it is best to have in place antivirus and antispyware software.”
InternetNZ vice-president David Farrar says he “can’t recall the point being an issue with the select committee.” He suggests that, in practice, it’s unlikely a charge would be brought simply because an email came from a particular address. There would need to be some other evidence of involvement in a spamming exercise as well.
Commercial organisations will have six months to bring their electronic marketing into line before action can be taken under the anti-spam law. InternetNZ will be making an intensive effort during this time to educate organisations and customers on their responsibilities and rights under the new law, says InternetNZ communications officer Richard Wood.