Tomorrow is the last day to tell the National Consumer Commission what you think of the absurd notion that the Direct Marketing Association of South Africa (DMASA) should run the opt-out database mooted in the Consumer Protection Act to protect consumers against unwanted direct marketing.
Those of us who actually use the Internet learnt 15 years ago that the last thing you want to do is ask a spammer to stop spamming. All that does is confirm that you're receiving their spam. The anti-spam clause in the ECT Act - section 45 - is fatally flawed because that is exactly what it requires. It permits a spammer to spam you, and only requires it to stop once you complain.
Needless to say, in the nine years of its existence, the ECT Act has never protected South African Internet users from spam.
Worse, it has led to some really strange legal boilerplate peddled by lawyers to companies. There are many examples of almost-identical disclaimer copy on Web sites, and this page on the Foschini Web site is typical. Note how it instructs you not to use Foschini's contact information to contact Foschini, unless Foschini first contacts you. Note how it tells you that if you do, contrary to the disclaimer, your e-mail will be considered to have been received only if the company doesn't ignore you. Note how it completely breaks the Internet by prohibiting so-called “deep-linking” without the company's “written consent”. Imagine not being allowed to link to a news story or a product for sale online, but having to go to the home page first.
In fact, even linking to Foschini's terms and conditions is, according to Foschini's terms and conditions, a violation of Foschini's terms and conditions. Whichever lawyer wrote this trash and peddled it to half the South African Web sites online ought to be disbarred for stupidity.
This kind of absurdity is what happens when government bureaucrats try to regulate the Internet.
The latest doomed attempt to solve the spam problem is a new regulation under the Consumer Protection Act. The National Consumer Commission has proposed to allow the DMASA to operate a national opt-out database designed to protect users from unwanted direct marketing.
I've written before about the rank incompetence of the organisation, which has been gazetted as the preferred provider to provide an opt-out database service. If having e-mailed its entire database of ID numbers and contact details to hundreds of direct marketers doesn't prove that it lacks the first clue about online security, it has since had to apologise for getting its Web site infected with malware. Identity thieves are all over the DMASA, like flies on a cowpat.
Even linking to Foschini's terms and conditions is, according to Foschini's terms and conditions, a violation of Foschini's terms and conditions.
Ivo Vegter, ITWeb contributor
Besides being demonstrably clueless, the idea that an association intended to act in the interests of direct marketers should protect consumers from direct marketing is patently ridiculous. The conflict of interest is so obvious, one wonders how anyone thought it would be a good idea to appoint the fox pack leader to guard the wide open henhouse.
Since only direct marketers are likely to visit its Web site, and direct marketers are the only ones supporting the idea, the DMASA placed a poll on its home page, asking whether you support the National Consumer Commission's appointment of the DMASA as your online protector from spam. Turn your anti-virus software to “paranoid”, and go here to vote the idea down. At the time of writing, it appeared that mine was the only vote against. Ten bucks says a negative result makes the poll vanish without a trace.
Then contact the National Consumer Commission (details below) to register your displeasure. Do so now, because tomorrow is the last day for public comment.
Perhaps propose that instead of the DMASA, a competent technology start-up such as TrustFabric is appointed instead. It already has a system in place, which it describes as “advanced vendor relationship management”. A company has to ask for your permission to access your contact details, and you get fine-grained control over how participating companies should contact you. It also allows you to update your contact details in one convenient place, so you don't have to notify dozens of companies when your address, phone number or e-mail address changes.
Notably, TrustFabric doesn't ask for your ID number when you register. Why would anyone need that? Including an ID number, as the widely published DMASA database does, is entirely unnecessary for the stated purpose, and greatly increases the security risk of maintaining an opt-in or opt-out database.
The TrustFabric system is already getting rave reviews. Digital marketing expert Fred Roed wrote about it after a talk at a Cape Town technology get-together, and influential entrepreneur Tyler Reed calls it South Africa's most ambitious start-up ever.
Also, unlike the DMASA, which asks for identity numbers on an unsecured connection, TrustFabric uses secure http for its site. If the National Consumer Commission has even the most basic grasp of online security, that oversight alone should disqualify the DMASA.
I have tested the DMASA's opt-in site, its opt-out site, and TrustFabric's far more useful service. TrustFabric thought it might be worthwhile to verify that the e-mail addresses and telephone numbers I supplied were, in fact, mine. Smart. The DMASA's opt-out site did that too, but its opt-in site did not, which means anyone could give DMASA permission to spam anyone else. Both DMASA sites require an ID number. For the opt-out database, any valid ID number will do. For the opt-in site, any ID number at all, valid or not, works. Worse, it gets sent over an unsecured connection open to snooping by identity thieves.
Conclusion: despite being embarrassed over its incompetence in leaking its opt-out database to the public, the DMASA's system remains wide open to abuse. The National Consumer Commission should be investigating the DMASA for aiding and abetting online fraud. It should be a crime for incompetents to lure unsuspecting consumers into such dangerous behaviour online.
By Monday, it will be too late to complain. E-mail the National Commissioner of the National Consumer Commission, care of Prudence Moilwa, at pmoilwa@thedti.gov.za(quoting reference number NCC/EOI/0003), and tell the bureaucrats all of this. You have until tomorrow, 29 July, to stop this farce from becoming law.
PS: The poll on the DMASA site surged from 17% "no" to 94% "no" in just three hours. However, this overwhelming result isn't why the DMASA should not be appointed to manage the opt-out database. The real reason is that the poll is wide open to manipulation and abuse, once again demonstrating the DMASA's inability to cope with even simple technical matters.
PPS: The DMASA has been caught red-handed manipulating its own poll results. When the "no" vote reached 94%, at about 13:00 yesterday, the sample size must have been several hundred. Imagine my surprise when, checking back a few times around 18:00, the site reported 9%, 17%, 48% and 17% in quick succession. This is impossible without deliberate manipulation of the data. Unfortunately for the DMASA, there's a log of the results, right up to the original poll's deletion at 17:13 yesterday: http://pastebin.com/nbrLjN93. At the time, the "no" vote stood at 96%. Yet only 13% voted "no" according to the "official" result: http://dmasa.org/poll_past.php.
* Editor's note: The DMASA has since stated it did not fiddle with the voting results, but that a rogue element entered false automatic votes to skew the poll. It says it will take action against the perpetrator.