SIP Sessions

SPIT: Not only annoying but also wasteful!

In my previous blog entry I discussed some of the possibilities of misusing SIP for generating and sending SPAM calls. This time I will discuss some of the risks incurred by such calls from a financial point of view as well as the legal possibilities for pursuing spammers based on these financial losses.

Spam mails are annoying. We have to check the content and delete them - wasting some seconds. SPIT calls will most likely be even more annoying as we will be alerted by the phone ringing possibly late at night and will have to listen to at least some of the transmitted message before classifying the call as SPIT.

However, except for being annoying, SPIT and spam do not cause significant financial harm to us. Looking at spam from a more global view, the financial harm caused by spam is actually significant. Employees spend several minutes a day deleting useless mails, companies need to buy anti-spam products and the administrators need to acquire the knowledge for fighting spam and for properly operate anti-spam software. The ISPs need to carry spam mails and often save them on their mail servers until they are retrieved by their subscribers. This requires additional processing power and memory and disk space as well bandwidth resources. While it is difficult to accurately estimate the total cost of spam, various resources estimate the overall costs to be anywhere between $2 and $10 billion (Source: see http://www.messagelabs.co.uk/).

This aspect of financial harm can be used as the basis for legally pursuing the spammers.

Actions based upon so called unjust enrichment could be granted when the defendant saves costs or increases his income by making use of other people's property without their consent. This is the basis upon which unsolicited faxes were prohibited. For email and VoIP, this argument is a bit more difficult to justify. In case where the recipient is using flat rate access then receiving spam does not incur any costs. If, however, the recipient pays for his Internet access per minute then receiving SPIT calls incurs some costs on him or her. In this case the unjust enrichment argument might still apply.

Not being the target of the unsolicited communication, the argument of unjust enrichment is not easily applicable by an ISP acting against a spammer.  In this case, Trespass to chattels has been alleged by service providers in some cases of spam. Trespass to chattels is committed when a person uses or intermeddles with another's personal property without authorization. In the case of a service provider this could mean the excessive use of bandwidth, memory and processing resources needed for handling the large number of SPIT calls.

Another approach for a service provider to protect itself against spammers is to indicate in their terms of usage contracts with their subscribers that any form of spam is prohibited and that the subscribers need to abide to netiquette rules. While not being an explicit law or regulation it is well established that starting unsolicited calls is contrary to the customs in the Internet. Based on this, a service provider can have the legal basis for terminating the subscription of a spammer.

So what does all of this tell us? There is some legal basis for a service provider to pursue a spammer. However, this basis is rather weak and could be interpreted differently by courts in different countries. Therefore, often raised suggestions that service providers are responsible for protecting their subscribers from spam and SPIT is not such a simple thing as some think. This gets even more difficult if we consider the various aspects of privacy that I will touch upon in the next blog.

By the way, if you are interested in more details about SPIT and security in relation to SIP in general, then I am happy to announce that our book titled "SIP Security" was just released last week. Check out http://www.sipsecurity.org/ for more information on the book.