N.B. CAUCE Canada and CAUCE participated in the development of these documents.

Best Practices Suggestions Document

Building upon the Definitions and Risk Model documents, the Best Practices document aims to expand past defining what behaviors and consent factors will currently make software potentially unwanted and to focus upon making the marketplace better. This document highlights the sorts of technological behaviors that limit the negative impact of potentially unwanted technologies.

HTML or PDF

Comments can be made at http://www.antispywarecoalition.org/comments/ or by sending email to asc_comments@cdt.org.

I recently published a couple of personal and business blog entries that may be of interest to the CAUCE community:

Trench Warfare in the Age of The Laser-guided Missile - a clarion call to de-silo and take the offensive
and
How the Sender Community Can Help Fight Spam

I encourage people to take a look at the following article by fellow Federal Task Force on Spam member Michael Geist:

Privacy breaches expose flaws in law
January 22, 2007
MICHAEL GEIST
http://www.thestar.com/Business/article/173418
-or-
http://www.michaelgeist.ca/content/view/1626/159/

Privacy took centre stage in Canada late last week as TJX Cos., the parent company of retail giants Winners and HomeSense, disclosed that as many as 2 million Canadian credit cards may have been accessed by computer hackers. Fewer than 24 hours later, the CIBC revealed that account information for 470,000 customers of its subsidiary Talvest Mutual Funds had been lost when a computer file went missing while in transit between company offices.

These two incidents, which follow a steady stream of similar security breaches in the United States, highlight the fragility of sensitive, personal information that is entrusted to Canadian businesses as well as the inadequacy of current Canadian privacy legislation.

Business groups have cautioned against privacy law reforms, yet as the risk of identity theft grows, the calls for change are likely to become more vocal.

In reply to a request for support coming from the co-chairs of the Messaging Anti-abuse Working Group's Senders Subcommittee for their draft Best Practices document, CAUCE Canada issued the following statement:

To whom it may concern,

Having reviewed the document at http://www.maawg.org/about/MAAWG_Senders_BCP, our comments are as follows:

We feel this additional point under Section 1 b) would be appropriate;

iii. Additional consideration must be reviewed for the secondary use of personally identifiable information, when considering contact outside of the original scope of consent provided by the email user,
while remaining in line with item 1 a) for each level of consent.

Additionally, we would be interested in co-sponsoring the document, pending final review of the edits made during the public consultation process.

Congratulations on an excellent piece of work.

Yours truly,

Neil Schwartzman
Chair, Board of Directors
CAUCE Canada: The Canadian Coalition Against Unsolicited Commercial Email

The following message was sent in response to ICANN's solicitation of public commentary regarding the concept of obfuscating WHOIS data:

CAUCE, the Coalition Against Unsolicited Commercial E-mail and CAUCE Canada are the leading North American grassroots anti-spam organizations. They are both members of many cross-industry groups including the London Action Plan and the Anti-Spyware Coalition . Both CAUCE and CAUCE Canada are accredited ICANN At Large Structures.

Spam and related misbehavior such as phishing and spyware take a heavy toll on Internet users. Networks large and small devote an ever-increasing part of their resources to anti-spam measures merely to keep their e-mail usable. Phishing and other online fraud cause direct damage to the users who are tricked into responding, and cause all Internet users to be less confident in the Internet and less willing to use it.

WHOIS has always been a key tool for both networks and law enforcement to track and shut down spammers and phishers. Both private and government investigators use it every day to track spammers. Even forged data, which is regrettably common in WHOIS, still allows skilled investigators to link domains to habitual spammers by way of patterns found in the data.

The vast majority of Internet users will never register a domain of their own, and are instead consumers of domains. We are primarily concerned with the interests of the non-registrant majority, but we recognize that some registrants do have privacy concerns, and believe that existing registrar anonymizing servers are adequate to protect them and do not put an unreasonable burden on registrants.

A change to WHOIS that allows criminals a further opportunity to obfuscate their activities by cloaking all WHOIS data will lead to increased levels of privacy violations of by way of spam, viruses and spyware. Removing WHOIS data might provide marginally more privacy to the relatively small number of individuals who register domains, at a disproportionate cost to Internet users at large. We oppose such a change.