The European Spambox Project - Enforcement without borders. Rechtsanwalt Thomas Rickert Director Self-Regulation, eco ev

Transcription

1 The European Spambox Project - Enforcement without borders Rechtsanwalt Thomas Rickert Director Self-Regulation, eco ev

2 Partners: Supporters:

3 SpotSpam? SpotSpam is an international database project End user complaints from different countries are gathered Information stored in the database is made available for enforcement and threat assessment purposes SpotSpam works for all sorts of unlawful electronic communication

4 Why SpotSpam? We are facing an international problem / organised crime International co-operation could be improved Law enforcement should be strenghtened Spammers deserve some painful experiences Some jurisdictions require end-user complaints Phishing information on transactions / victims is important and needs to be gathered internationally

5 Spotspam - Mission Statement Facilitate evidence-gathering and exchange of information when legal action is taken against spammers and their beneficiaries Provide for an international source of information to monitor the the size of the problem Deter potential spammers

6 General idea National Spambox A National Spambox B National Spambox C Spotspam Plaintiff ISP Plaintiff Company Public Authority

7 Gathering Data National Spambox A National Spambox B National Spambox C Spotspam Plaintiff ISP Plaintiff Company Public Authority

8 How is data collected? Every user can report to SpotSpam! Report submission possible (after registration) via web interface or forward When reports are made the user can pick categories (including phishing) indicate whether a financial transaction has taken place or not Reporter has to confirm that he or she will only submit valid reports and to provide written statements later

9 How is data collected? Reporter has to tick box to confirm the purpose of the the use of data for legal action and to have read the privacy policy Confirmation is sent to all accredited e- mail-adresses National Spambox can decide only to forward pseudonymeous reports or mark them to be shared with public authorities only (which might be an interesting option for public authorities or entities outside the EU)

10 National Spambox? Who can operate a NSB? trustworthy parties / multiple NSBs per country possible Both public and private parties Why having NSBs? National partners increase trust to remove the language barrier in case users have questions

11 National Spambox? How to operate a NSB? Sign the NSB-Agreement You can either forward reports and remain the data controller or Just localise and use our reporting point out of the box (we would then be the data controller least effort required from you!)

12

13

14

15 Inside the Database National Spambox A National Spambox B National Spambox C Spotspam Plaintiff ISP Plaintiff Company Public Authority

16 What happens in the database? Reports are analysed Whois / IP lookups Screenshots of spamvertised websites are taken Where content identifyers flag priority cases, manual analysis is carried out and passed on to appropriate bodies proactively Keyword analysis and threshold-based analysis is carried out to find priority cases

17 General idea National Spambox A National Spambox B National Spambox C Spotspam Plaintiff ISP Plaintiff Company Public Authority

18 How and what data is made available? Sensitive Data including personal data (strong requirements) Non-sensitive data (without personal data) Periodic taylormade reports

19 How is sensitive data made available? Two different ways Subscription (based on the Data Request Agreement and Simplified Data Request Sheets Single request (based on the Data Request Form) Requests can be based on virtually all database fields

20 What is made available? SpotSpam refers requesting parties to users and relevant investigators SpotSpam is not storing documents on investigations but can point the requesting party to the investigator double work can be avoided Where pseudonymeous reports have been submitted, the requesting party is pointed to the appropriate National Spambox

21 Non-sensitive data Contractors can carry out standard queries on Message subject Sending address Spamvertized URL Hosting ISP IP address

22 Taylormade reports Contractors get periodic taylormade reports including information (excluding personal data) on cases in the database with relation to their country their trademarks their technical infrastructure

23 Status quo EC contract ends this month Prototype database has been implemented! Prototype National Spambox has been implemented! Operations manual is completed! Agreements between actors are completed SpotSpam will go live in the coming days

24 Interested? You can now participate as National Spambox Requesting Party Supporter You do not need to share data to receive data! MoUs on potential collaboration welcome

25

26 ENISA/TD/SP/06/0055

27 RA Thomas Rickert Director Self-Regulation Lichtstr. 43 h Köln Tel.: 0221 / Fax: 0221 / rickert@eco.de Web: