UK Home >  OUT-LAW News >  OUT-LAW Radio

Why the internet needs Spamhaus

OUT-LAW Radio, 21/09/2006

The man whose blacklists keep email out of your inbox talks to OUT-LAW Radio. Spamhaus founder Steve Linford talks about why he founded Spamhaus and what would happen if his lists didn't exist. Plus: Irish barrister TJ McIntyre talks about trying to have the EU's Data Retention Directive repealed.

A text transcription follows.

This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.

The following is the text spoken by OUT-LAW journalist Matthew Magee.

Hello and welcome to OUT-LAW Radio, the weekly podcast that keeps you up-to-date on all the twists and turns in the world of technology law.

Every week we bring you the latest news and in-depth features that help you to make sense of the ever-changing laws that govern technology today.

My name is Matthew Magee, and coming up on this week's show we talk to the man who says he keeps the world's email working by keeping spammers at bay, Steve Linford, founder of Spamhaus.

We also hear from an Irish lawyer who hopes to bring all of Europe's data retention laws crashing down.

But first, the news

  • gambling executives arrested in France had previously filed a case against France with the European Commission
  • terrorism is no excuse for privacy breaches, says European Data Supervisor
  • US Attorney General calls for data retention laws
  • Tesco loses right to Trademark

Bwin interactive, the company whose chief executives were arrested in France last week, had previously filed a formal complaint to the European Commission claiming that France's gambling laws conflicted with the EC Treaty.

Bwin made the complaint in March to the European Commission, company spokeswoman Karin Klein told OUT-LAW. The complaint claims that France's gambling monopoly breaches Article 49 of the EC Treaty which enshrines the freedom to provide cross border services

Terrorism and organised crime should not be used as excuses for passing laws which undermine people's privacy and data protection rights, according to the European Data Protection Supervisor. Existing laws do not need changed, he said.

Supervisor Peter Hustinx said that it is a misconception that protection of privacy and personal data holds back the fight against terrorism and organised crime and that current legislation is sufficient for law enforcement purposes.

The US Attorney General has asked Senators to pass a data retention law that would force  telcos and internet service providers to keep records of US citizens phone, email and surfing activity. Alberto Gonzales told a Senate panel that such a law would help to prosecute child pornographers.

Tesco has lost the right to a Europe-wide trade mark on the word 'metro'. The trade mark right for Europe has now passed to German retailer MIP Metro because Tesco did not submit a set of papers to the EI Trade Mark Authority.

Lee Curtis is a trade mark attorney with Pinsent Masons, the law firm behind OUT-LAW.

Curtis: "This decision is quite tough on Tesco because they obviously did have the prior UK registration, but they just got caught by a technicality".

That was this week's OUT-LAW News.

What would you do if a court in Illinois awarded a Judgment of $11.8 million against you? Phone your lawyer? Get out your chequebook and ask about an instalment plan? Or maybe just sob in the corner. If you are Steve Linford you do what you always do: add it to the pile and carry on regardless.

Linford is, by his own account, the man who keeps email going. Without his non-profit organisation Spamhaus and its offenders' list of spammers the world's email would grind to a halt he says.

Spamhaus keeps a huge list of IP addresses which are used for spamming. Most major internet service providers subscribe and are able to block this spam without you ever knowing it.

This makes Linford some pretty angry enemies. One just won that $11.8 million Judgment against Spamhaus. For Linford it is just the latest it a long line of suits.

SL : "It's one of the ever present law suits we have got against us. The spammers are constantly filing law suits against Spamhaus and never in the UK where we are based, but always in American Courts. The spammer files in his local Court, part of the filing says Spamhaus is a US business, doing business in this State, the Judge doesn't question it and he says well where are Spamhaus, why didn't they turn up to defend themselves?  They couldn't be bothered, ok so the Judgement – they owe you $2 million, and this sort of thing goes on and on.  Because we get this from all over the World, we don't defend ourselves in foreign Courts, we tell them all – if you want to sue us, come to Britain.

MM: And no-body ever has?

SL: No, none of them ever has, because Britain has loser pays."

If Linford's phone line seems a little crackly there is a good reason. After years running Spamhaus from a houseboat on the Thames in London, Linford recently moved to an island in the South Atlantic from where he runs the entire operation. Spamhaus is manned by volunteers, it is free to use, its inception was motivated by being extremely annoyed and it operates as a non-profit.

In contrast to whizz-bang commercial software or ham-fisted government attempts to stop spamming it seems such an unusual way to solve such a pressing problem: I asked Linford how big it now is, and how it all started.

"We have about 650 million users and they all use the system for free. It was initially all funded by myself and by a previous company that I ran, that was a company called Ultra Design which was simply a small internet service provider that in the mid-90s got absolutely flooded by spam and I decided to do something about, so for many many years I simply just funded Spamhaus myself."

Spam is a serious problem. IT security companies often estimate it at about 75% of the world's 30 billion a day messages, though Linford puts it at 90%. Research firm Ferris said that spam costs the world's business $50 billion a year. Linford makes some pretty grand claims for his small organisation. Without it, he says, email simply wouldn't work.

"Spam is over 90% of all email traffic on the internet, so the sheer volume of spam is massive and the only thing is that internet users don't normally notice because the vast majority of internet networks and service providers use our service so most users don't notice that they're not receiving very much spam. If we were to turn our service off one day the spam levels would literally bring the internet email system down."

All of this activity makes Linford some pretty vicious enemies. Alongside the growing bundle of multi-million dollar judgments against him – incidentally he has no idea how much is registered against Spamhaus worldwide – Linford has to deal with less legitimate attacks.

"We're the most attacked entity on the internet. The only thing standing between getting their spam into the user mailboxes is us. In 2003 the spammers released a series of viruses specifically just to attack us, and all the millions of machines were all then hammering our website to bring it down."

Linford is not striving to build a multi-billion pound business empire. Motivated originally by simple frustration he now has technical attacks, legal Judgments and presumably some pretty unpleasant emails to deal with every day. Without a big pay day looming, what is it that keeps him, and Spamhaus, going?

"The thing that drives Spamhaus is that there is no-body else able to do it. Governments have been extremely slow to follow up with anti-spam legislation which has created this huge problem.  Email is such an important communications system that it needs to be used without a constant flood of junk arriving in your mailbox every day."

So the next time you get an email offering you inappropriate medical procedures just think of all the ones that didn't reach you that day, thanks to one man far away in the South Atlantic ocean.

Irish data retention challenge

"If you imagine a world where somebody walked behind you and logged everywhere you went, everyone you talked to, every letter you sent and every telephone call you made, you wouldn't be very happy. Yet we already have that in place in the virtual world by virtue of Data Retention laws."

That was TJ McIntyre, an Irish barrister whose pressure group Digital Rights Ireland has just launched a legal challenge to Data Retention laws in Ireland. He is hoping to take the case to the European Court of Justice where he wants the EU's data retention directive wiped out.

Data retention laws are a controversial recent development. They force telecoms companies to retain records of all a user's phone, email and internet activity that can be accessed, under Court Order, by the Police. A vital anti-crime tool, say Police authorities, and anyone would agree. So what exactly are the dangers, I asked McIntyre:

"I think there are two real risks, one of them that the state  might mis-use the information. We have seen cases in Ireland where the Police Force, the Guarda have been found to have engaged in framing innocent people for murder, cases where they have been illegally accessing telephone conversations for political purposes, and we are obviously worried that this could happen here as well. But there is also private sector risk – this information is going to be held in databases spread out amongst different telcos, different internet service providers and there is a real risk that one crooked insider in any of these organisations, and it only takes one crooked insider that can access these huge databases, and sell the information to possible tabloid newspapers, private sectors or anybody, criminals, people who would like to engage in identity fraud or anybody who has an interest in knowing who you are and what you are doing".

McIntyre argues that the Irish law is unconstitutional. More, he claims that the European Directive runs counter to the European Convention on human rights. He wants to stop data retention laws across Europe.

"If we are successful, it will strike down the data retention directive and that will invalidate a lot of data retention laws across Europe.  If won't necessarily mean that national laws will be affected, but we are hoping that there will be a knock-on effect clearly a ruling on the human rights issues would be very persuasive for National Courts as well."

With Governments across Europe keen for greater powers in the aftermath of terrorist attacks in Madrid and London, McIntyre has a big job ahead of him, but in a fight that could change the law across the continent he is sure of his ground.

"It is very common, the argument here, which is that people have nothing to fear and if you have nothing to hide you have nothing to fear, and I suppose there is two responses to that, one is well if I have nothing to hide, then why are you monitoring me? Why are you not monitoring those people who have something to hide? And the second response is of course that everyone has a right to privacy and the right to privacy is more than just something to hide, it is the right to carry on your business without state interference and without the world knowing what you are doing."

That's all we have time for this week, thanks for listening.

Why not get in touch with OUT-LAW Radio? Do you have a legal problem you would like us to discuss on air? Do you know of a technology law story? We'd love to hear from you on radio@out-law.com.

Make sure you tune in next week; for now, goodbye

OUT-LAW Radio was produced and presented by Matthew Magee for international law firm Pinsent Masons.

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.