Anti-Spam Effort in Hong Kong - OFCA

Anti-Spam Effort in Hong Kong

An overview of our anti-spam activities

Tony Li

Assistant Director (Support)

Office of the Communications Authority

Hong Kong, China

7 October 2014

1

2

Hong Kong’s

Telecommunications Market

While a vibrant telecommunications market enables legitimate

e-marketing activities, it also attracts spammers.

3

Local Fixed Carrier Services

Fully liberalised – no limit on

number of licences

No specific requirement on network rollout or

investment 21 local carriers

Household penetration rate

103%

Fixed monthly charges for unlimited local calls

Fixed number portability

Choice of >2 carriers - 86.8% of

households

4

Fixed Broadband Services

Fully liberalised – over 200 Internet service providers

Technology neutral – xDSL, FTTB/FTTH, HFC

Up to 1 Gbps

Household penetration rate

83.1% Wi-Fi.HK: over 5,000

hotspots, incl. 2,200 APs at 442 govt premises

Over 28,600 public Wi-Fi hotspots and

growing

5

Mobile Services

Fully liberalised – 4 mobile network

operators

Technology neutral – GPRS/EDGE, WCDMA,

LTE-FDD, TD-LTE LTE Cat 4 – maximum

download speed 150 Mbps

Population penetration rate

238.6% Average mobile data usage – 884.3 Mbytes per 2.5G/3G/4G user

(Feb 2014)

Mobile number portability

4G LTE

6

Unsolicited Electronics Messages Ordinance (Cap 593) (“UEMO”)

非應邀電子訊息條例 (第 593章)

7

The UEMO

• Enacted 23 May 2007; effective 22 December 2007

• Enforced by the Communications Authority (supported by OFCA)

• Regulates commercial electronic messages (CEMs) only

• Technology neutral

• Opt-out regime

8

Scope of Application

• Electronic messages:

with a commercial purpose;

sent over a public telecommunications service; and

with a Hong Kong (HK) link sent from or received in HK

sent to a HK phone number (may be roaming)

sent by a HK company

• Exemptions – including person-to-person interactive communications

9

Rules about sending CEMs

• Accurate sender information

• Unsubscribe facility – unsubscribe request effective after 10 working days

• Not send to electronic addresses in Do-Not-Call (DNC) registers (except with prior consent)

• Emails – no misleading subject headings

• Calling line identification information – do not conceal

(www.dnc.gov.hk)

10

DNC Registers

• Population – about 7.23 million

• Number of domestic households – 2.42 million

Registered Phone Numbers

(August 2014)

Fax 752 442 Short Messages 668 568 Pre-recorded Voice Messages 1 251 454

Total 2 672 464

11

Enforcement Notices

• Penalty:

1st conviction: fine up to ~USD12,820

2nd and subsequent conviction: fine up to ~USD64,100

Continuing offence: further fine of ~USD128 per day

• Enforcement Notices – remedy contraventions within specified timeframes

• Non-compliance with Enforcement Notices – criminal offence

12

Prohibits address-harvesting and related activities

• Supply, acquire or use electronic address harvesting software or harvested-address lists

• Send multiple CEMs to electronic address obtained using automated means

• Use scripts or automated means to register for >5 e-mail addresses for sending multiple CEMs

• Relay or re-transmit multiple CEMs with intention to deceive or mislead on source

multiple CEMs: >100 CEMs in 24 hours or >1,000 CEMs in 30 days

• Penalty: Fine up to ~USD128,200

Imprisonment up to 5 years (except address-harvesting offences)

13

Prohibits fraud and illicit activities

• Access telecommunications device without authorisation to send multiple CEMs

• Initiate transmission of multiple CEMs with intent to deceive or mislead on source

• Falsify header information in multiple commercial emails

• Register for electronic addresses or domain names using information that falsifies identity of registrants

• False representations regarding registrants of electronic addresses or domain names

• Enforced by Hong Kong Police

• Penalty:

Fine determined by Court

Imprisonment up to 10 years

14

Handling of reports or complaints

• Strategy

targeted approach identify and take priority actions against major spammers

• Commence investigation if …

prima facie evidence of unscrupulous techniques to send large volume of CEMs

• “One stop shop”

Suspected fraud and illicit activities related to the sending of multiple CEMs – refer to Hong Kong Police if prima facie evidence

15

Enforcement statistics

No. of reports received No. of

warning letters issued

No. of enforcement

notices issued

No. of Prosecution Instituted

Fax Email Short Message

Pre-recorded

Voice Message

Others Total

2014 (YTD as of Aug)

233 328 440 144 93 1 238 35 1 1

2013 574 426 606 280 160 2 046 97 8 0

2012 809 567 464 688 101 2 629 66 6 0

2011 1 350 356 168 613 111 2 598 109 7 0

2010 1 774 436 262 532 101 3 105 174 1 0

2009 4 413 804 308 363 194 6 082 93 1 0

2008 6 127 1 092 477 699 397 8 792 67 0 0

Total 15 280 4 009 2 725 3 319 1 157 26 490 641 24 1

16

Latest Trends in Spamming

in Hong Kong

With advancements in technology,

it is increasingly difficult to fight cunning spammers.

17

Spamming with WhatsApp Messenger

• Design of WhatsApp Messenger – can add members to chat groups without consent

• “Hit and run” strategy – spammer forms a chat group from block of “sequential” phone numbers, sends CEM to group members and quits the group

• Difficult to investigate – used pre-paid SIM cards to register for WhatsApp account; used VoIP phone number for customer communication

• Alerted WhatsApp Inc. – breach of terms of service

18

Person-to-person marketing calls

• Exempted under UEMO

• Self-regulatory schemes by telecommunications industry, finance and insurance sectors, call centres

• Main requirements – call between 9:00am and 10:00pm; accept unsubscribe requests

• Smartphone apps – block calls or mute ringtone when called from phone numbers on blacklist from centralised database or entered by user