The liberalisation of the telecommunication market, together with the growth of the Internet, driven by private players and being largely unregulated, contributed to the shaping of the actual information society, in which all stakeholders — governments, private companies, civil society and users — have a role to play and can contribute to its development.
Issues such as spam and cybersecurity are affecting public and private players, and therefore there is a common interest in preserving the availability and reliability of communication tools to promote the development of the digital economy. While the objective is shared, there could be conflict in the way it is achieved. Governments follow public policy objectives, and their involvement is essential to set far-reaching goals and elaborate a comprehensive anti-spam strategy. However, legislative instruments alone are not always effective and their mechanisms can be too rigid to address the rapidly evolving spam (and malware) landscape. Industry players are well placed to undertake concrete and timely actions.
Although it is a business reality that some activities cannot be justified from a competitive business perspective, certain incentives would help to ensure that companies align themselves with the interests of the wider community.
There are different approaches which could be used to fill this gap, from a government-led regulatory approach, whereby the regulator sets the rules, imposing certain responsibilities on private companies, such as for example the obligation to apply security practices, to the more market-led approach where private operators autonomously decide their level of involvement and participation. In the middle there are a variety of possibilities, which include the approaches undertaken by several OECD governments, focusing on the establishment of appropriate regulatory and enforcement frameworks, and using general policy tools to encourage industry participation.
The public and private sectors have found a number of diverse and innovative ways to co-operate:
governments seek the involvement of private sector entities, as well as non-governmental bodies, in the discussion of comprehensive anti-spam strategies and activities. The objectives of strategic partnerships are usually to improve networking, awareness raising activities and information sharing. More operational partnerships also contribute to education, development (and application) of best practices and exchange of information and data on cross-border spam cases. In addition, as the various efforts taking place at national and international levels shows, partnerships are a fundamental tool to improve communication, understanding of reciprocal needs, expectations and problems, and therefore allow further co-operation and mutual involvement.
Examples of public-private partnerships currently dealing with the problem of spam include, for example, the Australian ACMA, which worked with the Internet Industry Association (IIA) in order to develop codes of conduct for ISPs and online direct marketers.86 The Canadian Task Force on Spam included representatives from private and public sectors, civil society and academia,87 who jointly contributed to the elaboration of a series of recommendations and best practices to fight spam. France, with its project "Signal Spam"88 put together public authorities and private players to develop a system to simplify the signalling of spam by users and standardise spam processing and analysis in order to improve efficiency and co-ordination of anti-spam actions.89 At EU level, the “SpotSpam” initiative funded under the EU Safer Internet Plus Programme aims to facilitate evidence gathering and exchange of information
where legal action is taken against a spammer, and to provide a supranational source of information to monitor spam complaints.90
On the operational side, the London Action Plan (LAP),91 created in October 2004, is currently particularly active and counts an increasing number of participants from public and private sectors. The activities of the LAP include regular (tri-monthly) conference calls among the different members to discuss new initiatives against spam, share information and best practices, as well as one-time initiatives on a specific subject, as for example the “spam sweep day”, which involved authorities from different countries, and the “zombies project”92, recently launched (see Element III: industry-driven initiatives). One of the objectives of the group is to facilitate contact between enforcement agencies, promote information exchange in cross-border actions, and increase the co-operation with ISPs and other private operators.
Private-public partnerships in the field of spam are necessary to promote interaction and co-operation between the two players, especially considering the wide array of stakeholders involved and their different needs and backgrounds. Relying only on legislation to impose obligations on private players would not be effective unless combined with other measures. As an example, laws cannot keep up with technical change. Best-practices, if widely applied, can be effective combined with legal and other measures. In this context, strategic partnerships, such as those taking place with the different task forces created at national and international levels, are a fundamental tool to improve communication, understanding of reciprocal needs, expectations and problems, and therefore allow further co-operation and mutual involvement.
For the partnership to be successful and achieve concrete results, which will then be put into practice by the different stakeholders, it seems therefore that the following elements93 are necessary:
• Commitment and real contribution of all parties; ownership of the end product.
• A well-defined objective and timeframe.
• One (or more) leaders, who put more resources and effort into the project.
• National partnerships that feed into international initiatives and partnerships, to complement and harmonise solutions.
• Rather than duplicating effort, when possible, partnerships should build on existing trusted relationships and representative bodies.
The OECD Spam Task Force is in itself a co-operative partnership, bringing together representatives from different sectors and a large number of countries. The Task Force set its objectives, which are strategic, involving the creation of an information network between different players, but also operational, as the group aims at the production of a policy Toolkit which should help the definition of comprehensive anti-spam strategies at the national and international levels. At the same time, however, the involvement of the private sector needs to be increased and widened, and governmental players should develop a sense of ownership of the result of this work, which will constitute an important message to all stakeholders, in OECD as well as non-OECD economies, on the necessity to combat spam and malware, the best applicable solutions, and the effort put into this endeavour by OECD players.94
The OECD Council Recommendation on Spam Cross-Border Enforcement Co-operation specifically encourage governments to cooperate with businesses, industry groups and consumer groups in the pursuit
in order to efficiently enforce the legislation, reduce the incidence of inaccurate information about holders of domain names,95 and overall to make the Internet more secure.
The Task Force also encouraged the development of best common practices for e-mail marketing and for ISPs. Best practices were elaborated by a cross-sectoral group of private players, and are attached as annexes to this report (Annexes II and III). Last but not least, measurement of spam is an important instrument which could be developed only with the intervention of private sector operator, but that would assist policy makers and authorities to evaluate the impact of their regulatory initiatives and enforcement efforts. In the framework of the Task Force work, the MAAWG developed the Email Metrics Program, which is mentioned in Element VII below.
Public-private sector co-operation is an element which underlies multiple anti-spam activities and initiatives, therefore the different initiatives have been dealt with in more detail in the relevant elements of this Report.