1 / 29

Key points to understand

Anti Spam Team Case Studies International Training Program Bruce Matthews Manager, Anti Spam Team Converging Services Branch ACMA. Key points to understand. Australia’s Spam Act has number of key requirements Messages must be ‘commercial electronic messages’

Télécharger la présentation

Key points to understand

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Anti Spam Team Case Studies International Training ProgramBruce Matthews Manager, Anti Spam TeamConverging Services BranchACMA

  2. Key points to understand Australia’s Spam Act has number of key requirements • Messages must be ‘commercial electronic messages’ • ONE message is sufficient – does not rely on ‘bulk’ • Australian legislation is ‘OPT IN’ legislation, not ‘OPT OUT’ – consent to receive the message must be ‘prior’ to the sending of the message • Does allows the sending by a business when existing business relationship

  3. Enforcement Options under Spam Act • Educational contact • Formal Warning Letters • Enforceable Undertakings • Fines • Prosecution in Federal Court

  4. Complaints Process

  5. 1. Educational Contact • ACMA seeks to assist legitimate companies to comply with the Spam Act • If a complaint is the first lodged about the company, ACMA contacts the sender to: • Inform them of the Spam Act requirements • Let them know there has been a complaint • Give them general information to assist them to comply with the Act, and specific information to address complainant’s issue • Over 900 companies contacted since 2004

  6. 2. Formal Warning Letters • Similar to Educational Contact • Often used when a company makes serious errors in Spam Act compliance in first use of e-marketing • 11 Formal Warnings issued since commencement of Act

  7. 3. Enforceable Undertakings • Permits company or individual to enter into agreement with ACMA about matters regulated by Spam Act • If the company or individual then breaches the undertaking, they can be pursued in the Federal Court • Used 6 times since commencement of Act

  8. 4. Fines • ACMA has the ability to impose fines • Can only be used when there has been a clear breach • Often used when a new practice has emerged that is in breach of the Act • Resultant publicity sends strong message to other relevant businesses that may seek to use the same practice • Fines have been issued to 5 companies/individuals

  9. 5. Prosecution in the Federal Court • Only expected to be used for ‘professional’ spammers • Very long and resource intensive process • ACMA has only initiated one case in the Federal Court to date, against Mr Wayne Mansfield and his company, Clarity1 (trading as Business Seminars Australia).

  10. Business Seminars Australia / Wayne Mansfield • BSA / Mansfield were at the time listed on Global spam watchdog Spamhaus.org as a top 200 known spam operation • Prior to commencement of the enforcement provisions of the Act in April 2004, ACMA wrote to over 200 businesses to ensure they were aware of the requirements of the Act • BSA / Mansfield received one of those advisory letters • BSA / Mansfield responded stating that they complied with the Act

  11. Business Seminars Australia / Wayne Mansfield • Formal complaints and reports of spam from Business Seminars Australia and co trading company Maverick Partnership were lodged both before and after the commencement of the Act • An investigation was commenced • Examination of emails identified that they were clearly ‘commercial electronic messages as defined under the Act as they were advertising either business seminars or products sold by the company

  12. The Investigation – in general The investigation was resource and time consuming: • Witnesses were spread throughout Australia • Mansfield had previously taken court action against an Anti Spammer –which Mansfield lost – but witnesses were reluctant to give evidence against him • Complainant’s would often only forward one complaint of hundred’s that they received because ACMA did not have a user friendly reporting method • Now SpamMATTERS available for multiple reports

  13. The Investigation – continued • Being new legislation, it was important to ensure that the strongest possible case was presented • This meant that on a number of occasions witnesses made three and four statements to update further UCEM that they received • Mansfield was the Sole Director of Clarity1, the parent company of Business Seminars Australia and Maverick Partnership

  14. The UCEM sent by Mansfield Common traits of messages sent by Mansfield included • The use of a different yahoo.com or yahoo.com.au for each email campaign • Different subject lines for each email • Often unsubscribe addresses that directed back to servers overseas - often in China

  15. The UCEM sent by Mansfield • IP addresses not consistent with the alleged senders – Mansfield claims ‘rotating IP addresses’ • ACMA believes compromised machines were used • Whilst the content of the email clearly identified the sender, that was only apparent when the email was opened • The use of different yahoo addresses prevented the recipients blocking particular email address • The yahoo addresses were all registered by Mansfield but under vague details

  16. The Investigation – BSA • Formal notices under s.522 of Telecommunications Act 1997 were issued for BSA / WM to attend and produce documents in October 2004 Why section 522 Notices and not Search Warrants? • Tactical decision made between investigators and legal. Neither way was right or wrong. Search Warrant had no power to require the answering of questions, wherein section 522 Notices did

  17. Standard of Proof • As the penalties were ‘civil’ penalties, the required standard of proof was ‘on the balance of probabilities’ • Investigators from commencement of investigation aimed for the higher criminal standard of ‘beyond reasonable doubt’ as far as possible

  18. The section 522 process • Service of notices were on both the company and the individual to maintain control of the process • Notices had extensive requirement to produce documents including financial records • Mansfield was totally co-operative during the interview, conducted in presence of his solicitor • AMCA also had Legal Representative present • Interview conducted on triple deck simultaneous recorder to ensure accuracy and expediency • Respondent given copy of tapes after interview

  19. Referral to Australian Government Solicitor (AGS) • Brief of evidence reviewed by In-house legal team and then referred to AGS in Perth • Complaints still continued to come in even after the formal section 522 interview • AGS, in-house legal and investigators decided because the breaches were ongoing to obtain search warrants under the Telecommunications Act • Services of an external forensic investigation company was obtained to conduct the imaging of the computers and forensic analysis

  20. Execution of Search Warrant • Search warrant conducted in April 2005 on business premises of Clarity1 and Mansfield’s home address • Mansfield present during search at business premises • Approximately 300 gb of data was imaged by the forensic specialists from about 13 computers • Forensic investigators also accessed computer servers run by Mansfield overseas under the powers of a Section 547J Telecommunications Act Access Order and took a snapshot of the contents of the sites

  21. Prosecution of case - timelines • July 2005 - Federal Court in Perth granted interim injunction • August 2005 – Court granted interlocutory injunction • December 2005 – matter listed for two day hearing • Respondent requested adjournment at last moment as he wanted to cross examine all ACMA witnesses and produce witnesses of his own. He also advised the court that his partner in the business was recovering from surgery and would not have sufficient time

  22. Prosecution of case - timelines • Court allowed adjournment till February 2006 • Mansfield to lodge his witness affidavits by end of December • Mansfield lodged nine affidavits with 8 basically advising that whilst they did not give permission originally, they have attended his seminars or made a purchase of his products

  23. Court Case • Mansfield represented himself and Clarity1 • Australian Govt. Solicitor represented ACMA • All ACMA witnesses gave evidence and were subject to cross examination • Evidence given from witness box, by Video link for most interstate witnesses, and one country Victoria witness by telephone conference

  24. Court Case - continued Defence relied on • ‘inferred consent’ particularly as witnesses had ‘conspicuously displayed’ their email addresses on the web • Mansfield had obtained their address prior to commencement of Act and had sent the recipients email telling them that if they did not wish to receive his mail to unsubscribe • Mansfield lodged 8 of 9 affidavits into evidence and not objected to as they confirmed ACMA’s view of the law

  25. Court Case - continued • ACMA wished to examine one defence witness, previously Clarity1 System Administrator whom WM lodged an affidavit for. As WM was unable/declined to produce the witness the evidence in the affidavit was not admitted • At conclusion of hearing Judge directed that written final submissions were to be lodged by both parties • Note – The judge did indicate to Mansfield that normally he required final submissions at the conclusion of the evidence but as he represented himself, he decided on written submissions to give the respondent Mansfield time to prepare his submission

  26. Determination of Court On 13 April 2006, the Federal Court handed down the decision Key Points • Both C1 and WM were in breach of both s.16 (sending UCEM) and s.21(use of harvested address lists) • The judge found that in the respondent’s submissions there were a lot of assertions not based on any evidence by the respondent

  27. Determination of Court - continued • The legislation is OPT IN and respondent could not require a person to opt out • The respondent sought to show consent by inference, but no evidence to support such inference

  28. Awaiting Penalty decision • The applicant and respondent have lodged their submissions on penalty (June 2006) • There is a clear gap between what both parties believe is an appropriate penalty • For a first offence for a business entity, the possible penalty can be up to $220,000 per day • The Federal Court (as of 12 September 2006) is still to hand down their decision on penalty

  29. Further information ACMA webpage on spam www.spam.acma.gov.au

More Related