Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Spam Bill 2003

Bill home page  


Download WordDownload Word


Download PDFDownload PDF

2002-2003

 

 

THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA

 

 

 

 

 

HOUSE OF REPRESENTATIVES

 

 

 

 

 

 

 

 

SPAM BILL 2003

 

 

 

EXPLANATORY MEMORANDUM

 

 

 

 

 

 

 

 

 

 

 

(Circulated by the authority of the Minister for Communications, Information Technology and the Arts, Senator the Hon. Richard Alston)



 

SPAM BILL 2003

 

OUTLINE

 

The Spam Bill 2003 (the Bill) sets up a scheme for regulating the sending of commercial electronic messages.  The main penalty provision prohibits the sending of unsolicited commercial electronic messages (commonly referred to as spam), but the Bill also contains rules regulating the sending of general commercial electronic messages, regardless of whether or not they are unsolicited.  The Bill is accompanied by the Spam (Consequential Amendments) Bill 2003 (the Spam Consequentials Bill) which makes various amendments to the Telecommunications Act 1997 (Telecommunications Act) and the Australian Communications Authority Act 1997 (the ACA Act) to provide for an appropriate regulatory framework for the ACA to investigate complaints relating to commercial electronic messages and to enforce the scheme, and to enable the development of relevant industry codes and standards relating to commercial electronic messaging. 

 

The Government is concerned that the exponential growth of what is commonly referred to as spam is threatening the effectiveness and efficiency of electronic communication.  Spam is the commonly used term for unsolicited commercial electronic messages, mainly e-mail, but also including other forms of online and mobile messaging.  It is an international problem affecting the efficient operation of Internet telecommunications networks and imposing costs on end-users. 

 

After wide public consultation the National Office for the Information Economy (NOIE) released a report on the issue on 16 April 2003.  Based on this report the Government is pursuing a series of measures to deal with the problem, including legislation.

 

The proposed framework contained in the Bill is aimed at reducing Australia as a source of spam, minimise spam for Australian end-users and extend Australia’s involvement in worldwide anti-spam initiatives.

 

The Government recognises that legislation alone will not result in an immediate or dramatic reduction of the spam problem, but it is an important element of the framework, both in practice and perception.  To complement these legislative measures, the Government will also be conducting an information campaign focussing on spam issues which will target user and business communities.  The campaign will be coordinated by NOIE, in conjunction with government, industry and other bodies.

 

The Government also recognises that spam is fundamentally an international problem which can only be fully addressed through international cooperation and coordinated action.  The Government will continue to participate and actively contribute to international anti-spam initiatives.

 

The main elements contained in the Bill are:

 

·          a prohibition on sending unsolicited commercial electronic messages which have an Australian link.  The penalty provision is aimed at messages which are sent from Australia or from overseas to Australia;

 

·          a prohibition on sending commercial electronic messages which have an Australian link unless they include accurate information about the individual or organisation who authorised the sending of the message;

 

·          a prohibition on sending commercial electronic messages which have an Australia link unless they include a functional unsubscribe facility;

 

·          a prohibition on the supply, acquisition or use of address-harvesting software or a harvested-address list;

 

·          a civil sanctions regime.  These prohibitions are civil penalty provisions, not criminal offences.  Breach of a provision may attract a substantial monetary penalty.

 

·          a tiered enforcement regime which provides for a range of enforcement measures to be initiated by the ACA, depending upon the seriousness of the breach of a penalty provision.  The enforcement measures available to the ACA include a formal warning, acceptance of an enforceable undertaking, or the issuing of an infringement notice.  The ACA may also apply to the Federal Court for an injunction or may institute proceedings in the Federal Court for breach of a civil penalty provision.  As well as ordering a person to pay a substantial monetary penalty, the Court may make an order to recover financial benefits that are attributable to the contravention of the civil penalty provision, or may order compensation to be paid to a victim who has suffered loss or damage as a result of the contravention.

 

The Spam Consequentials Bill which accompanies this Bill makes various amendments to the Telecommunications Act and the ACA Act to enable the effective investigation and enforcement of breaches of this Bill.  The main elements proposed in the Spam Consequentials Bill are:

 

·          a framework to enable industry to develop codes to deal with the sending of commercial electronic messages, based on Part 6 of the Telecommunications Act;

 

·          an investigation role and appropriate information gathering powers for the ACA to investigate complaints relating to breaches of the Spam Bill and regulations made under the Bill, based on Parts 26 and 27 of the Telecommunications Act; and

 

·          monitoring warrants to monitor compliance with the Spam Bill and regulations, and search warrant relating to breaches of the Spam Bill and regulations, based on Part 28 of the Telecommunications Act.

 

FINANCIAL IMPACT STATEMENT

 

Implementation of the regulatory and legal measures proposed in this Bill and the Spam Consequentials Bill will require an additional expenditure of $0.3M in the 2003-4 financial year, $1.5M in the 2004-5 financial year, and $1.6M in the 2005-6 financial year ie. a total of  $3.4M over this period which will be fully offset from within the Communications, Information Technology and the Arts portfolio and agreed with the Minister for Finance and Administration.  To establish an accurate baseline for the function, and to inform future proposals it is proposed to fund the ACA role initially only until June 2006.  Before October 2005 the funding and function will be reviewed. The NOIE-coordinated educational program will be funded from the existing NOIE budget.



 

REGULATION IMPACT STATEMENT

 

 

B.1 Problem or issue identification

Unsolicited electronic messages or "spam" are reaching plague proportions and growing exponentially.  It is causing immense frustration and reduced productivity for users, businesses and government agencies.  If left unchecked it will reach proportions which will threaten the viability of the internet as a reliable communications medium. A recent comprehensive review of the problem by the National Office for the Information Economy recommended a multi-layered approach to addressing the problem, including the implementation of specific anti-spam legislation.  A substantial proportion of the information in this Statement has been sourced from the NOIE Final Report.  Some of the data contained in the NOIE Report is already becoming dated, and has consequently been supplemented where possible by more recent figures.

 

BACKGROUND

What is spam?

Spam is the term now generally used to refer to unsolicited electronic messages, usually transmitted to a large number of recipients.  They usually, but not necessarily, have a commercial focus, promoting or selling products or services; and they share one or more of the following characteristics:

·          They are sent in an untargeted and indiscriminate manner, often by automated means;

·          They include or promote illegal or offensive content;

·          Their purpose is fraudulent or otherwise deceptive;

·          They collect or use personal information in breach of the Privacy Act 1988 National Privacy Principles (NPPs );

·          They are sent in a manner that disguises the originator;

·            They do not offer a valid and functional address to which recipients may send messages opting out of receiving further unsolicited messages.

Not all bulk e-mail is spam.  Bulk e-mail would probably not be generally regarded as spam if it:

·          Is sent to recipients who have previously dealt voluntarily with the sender before and, on the basis of that existing relationship, can reasonably be assumed by the sender to be prepared to accept messages of the type being sent;

·          Does not promote or include illegal content;

·          Is not deceptive in any way that breaches common law or statute law;

·            Does not collect or use personal information in breach of the National Privacy Principles.

While spam has increased in prominence in recent years, growing from a minor nuisance to a significant problem, its existence actually predates the Internet.  It has been the subject of discussion since at least 1975 [1] , with one of the first recorded instances of spam dating back to 1978, when the Digital Equipment Corporation (DEC) spammed ARPAnet [2] users about new DEC products.  Probably the first major commercial spamming occurred in 1994, when two lawyers posted a message advertising their services to several thousand newsgroups (message boards) on USENET, the world's largest online conferencing system.  The reaction to spam was overwhelmingly negative, although as an occasional nuisance and did not pose a real threat.  There were, even then, instances where spamming was used to maliciously interrupt services by overloading e-mail servers.  Spam is now at the point where it poses a threat to the future functionality of the internet.

A definition of spam

An agreed definition is important in making any anti-spam provisions effective.  Internet service providers (ISPs) and regulatory authorities need to be reasonably confident of this definition before they enforce their terms and conditions or any regulations or laws against spammers, as do legitimate direct marketers who want to ensure their activities remain both legal and ethical.

 

For the purposes of the proposal, spam is defined as unsolicited electronic messaging, regardless of its content.  This definition takes into account the bulk characteristics discussed above, and the opinions expressed in submissions to NOIE during the consultation process.  It is a deliberately technology neutral (insofar as is possible) definition which takes into account the convergence of technologies and media (eg SMS, MMS and 3G applications) and their potential for future spam growth.

 

What content does spam contain?

The previous chart suggests that pornography and ‘get rich quick’ schemes are the most dominant categories of spam.

 

MAJOR PROBLEMS CAUSED BY SPAM

User Confidence and Network Integrity

Today, the problem of spam has reached a point where it is having a significantly negative effect on users’ confidence in using e-mail.  There are clear signs of a deleterious impact on the performance of the global e-mail network with some commentators predicting that the continuing proliferation of spam could mean the end of e-mail as an effective form of communication.  The United States Direct Marketing Association, long-term advocates of using legitimate bulk e-mail as a form of direct marketing, acknowledge that e-mail is being threatened by spam and have recently expressed their support for legislative efforts to control the growth of spam [3] .

 

Spam poses several challenges to both Internet users and regulatory agencies. It is typically anonymous, indiscriminate and global.  With these characteristics spam has become a popular vehicle for promotions that can be illegal, unscrupulous or use tactics that would not be commercially or legally viable outside the virtual environment. Some of the key issues raised by spam include privacy, illegal/offensive content, misleading and deceptive trade practices and burdensome financial and resource costs.

 

Privacy

There are significant privacy issues surrounding the manner in which e-mail addresses and personal information are collected and handled.  It is not uncommon for address collectors to covertly harvest e-mail addresses from the Internet, as users visit certain sites, and buy and sell them in bulk without the knowledge or consent of the owner.

 

Content - pornography, illegal online gambling and unlawful trade practices

A report to the US Federal Trade Commission (FTC) estimates that roughly half of all unsolicited commercial e-mail contains fraudulent or deceptive content [4] .  There are obvious community and regulatory agency concerns with the illicit content of a considerable amount of spam - including those that promote pornography, illegal online gambling services, pyramid selling, get rich quick schemes or misleading and deceptive business practices.  The indiscriminate method of distribution is of particular concern as it is common for minors to receive spam that is pornographic, illegal or offensive.

 

Deceptive practices - ‘spoofing’

Spoofing is the forgery of an e-mail header so that the message appears to have originated from an entity or location other than the actual source.  Spammers may use spoofing to route spam through a reputable organisation in an attempt to entice recipients to open and respond to their messages.  There are significant costs to the victims in terms of damage to commercial reputation as well as time and resource costs in rectifying this damage.

 

Financial costs

The dollar cost of spam is inherently difficult to estimate, but the following provides some appreciation of the orders of magnitude involved.

 

A European Union study in 2001 estimates that the worldwide cost of spam to Internet subscribers could be in the vicinity of €10 billion (A$18.4bn) per year [5] .  A recent study from Ferris Research estimates that US companies alone lost US$8.9 billion (A$15.2bn) in 2002 and estimate that the cost of spam in Europe was US$2.5 billion (A$4.3bn) [6] .  According to figures from Star Internet, a large Internet service provider in the UK, the cost to business in lost productivity is estimated at £326 (A$915) per employee each year [7] . Surfcontrol [8] recently estimated that spam cost employers approximately $1 per spam received. Erado’s 2002 white paper on spam, viruses and other unwanted content estimates that annual cost of spam per employee is around US$1000 (A$1709) [9] .

 

These sorts of costs are usually borne by Internet users (and/or employers), through increased download times and lost productivity.  Spammers themselves, on the other hand, bear relatively small costs in sending these messages.  E-mail costs do not scale like sending surface mail or making telephone calls - the cost of sending out a million e-mails is not significantly more than the cost of sending out a hundred.  IBM’s Almaden Research Centre in 1998 estimated that it cost between $0.000082 and $0.000030 to send a single e-mail [10] , and data from the Global Internet Project site suggests that that it only costs the sender of spam 0.00032 cents to obtain one e-mail address [11] .  The extremely low cost of sending spam, meaning that even a ‘hit rate’ of below 1% can be profitable, is the biggest single factor leading to its growth.

 

 
Resource costs

 

The chart above shows that spam being received by ISPs is using significant amounts of bandwidth.

 

Assuming that the average e-mail size is 5 kilobytes [12] , a gigabyte of spam represents over 200,000 individual messages.  Based on these estimates, the table above indicates that even the small ISPs surveyed may be receiving more than 4 million spam messages a month, and that the medium-sized ISPs surveyed may be receiving up to six times as many.

What percentage of e-mail is spam?

Data released by Brightmail Inc, a business specialising in anti-spam software and managed anti-spam services, indicates that spam accounts for 20% of all e-mail.  Recently the Gartner Group has estimated that 35% of all inbound business messages are currently spam, and that this percentage will reach 50% by 2005 [13] .  At a May 2003 Federal Trade Commission (FTC) forum on spam AOL reported that the proportion of mail coming in to the US which was spam through its facilities had reached 70%.    

 

Where is spam coming from?

 
 

The chart above suggests that the majority of spam received by Australian ISPs originates from the United States.  However, the actual percentages shown may be misleading.  Research from the University of Maryland presented at the INET conference in June 2002 suggests that the US may be over-represented as a spamming origin because Eastern European and Asian spammers may be taking advantage of ‘open relays’ in the United States.  Open relays are essentially non-secure e-mail servers through which large volumes of spam can be routed, typically without the owner’s knowledge.

 

A 1999/2000 survey by the Australian based Coalition Against Unsolicited Bulk E-mail (CAUBE) estimated that Australia accounted for about 16% of all spam sent globally, [14] .  In recent discussions CAUBE has suggested this percentage (although not the total volume) may have decreased significantly in recent years as the volume of spam from other regions, such as Asia and Eastern Europe, has increased.   An increasing volume of spam is originating or being routed through the northern Asia, particularly China and South Korea, and the former Soviet states.

 

Western Europe was not regarded by any Australian ISP as being the primary source of spam, possibly because of relatively strong European privacy laws, which are currently being reinforced through an EU directive requiring a qualified opt-in for commercial e-mail.

 

How quickly is the volume of spam in Australia growing?

Whilst users will receive different quantities of spam depending on the availability of their e-mail addresses, Internet use and security awareness, there is evidence to suggest that the average incidence of spam received by Australian Internet users is growing rapidly.  CAUBE tracked the amount of spam received at their survey e-mail address and found that spam grew in volume by a factor of six in 2001 [15] .  Brightmail is reported to have detected a 300% increase in spam from 2001 to 2002 [16] .

 

Apart from indicating an increasing population of spammers, or more aggressive spamming, this growth may be partly attributable to increasing Internet penetration in Australia, as well as a possible increase in the duration and frequency of online sessions and consequently greater exposure of Internet users to spamming.

 

This is certainly reflected across Australia’s business sector.  According to the Australian Bureau of Statistics (ABS) Business Use of Information Technology Survey, Internet connectivity levels reached 72 % of all businesses at June 2002.  This was an increase of 167% since June 1998.

 

Data from the previous year’s ABS survey estimated that 26% of all online businesses in Australia reported using the Internet for marketing purposes.  This was a 221% increase over the June 1998 estimate and indicates that the demand for the specialist services of direct marketers will also increase as more and more businesses seek assistance in maximising the benefits of the Internet as a relatively inexpensive mass-marketing tool.

 

Why is regulatory intervention required?

At present there are;

Ø   a range of laws potentially relating to undesirable content of spam

Ø   relevant codes of practice from the Australian Direct Marketing Association, the Internet Industry Association and the Australian Communications Industry Forum, and

Ø   many technical anti-spam options available at the ISP, corporate and consumer level,

so why is anti-spam legislation necessary?

 

At the moment Australian-originated spam comes from individuals who are not members of the relevant associations and therefore not subject to the codes of practice.  The laws potentially covering spam content were not specifically designed to deal with spam and therefore applying them to this situation can involve significant cost (assuming the originator can be found) with an uncertain outcome.  The technical solutions to deal with spam can provide a significant reduction in the amount of spam individuals receive but it is at best an imperfect solution, and in no way alleviates the load of spam on the internet "backbone" before it reaches the recipients ISP. 

 

There is no sign or suggestion that the exponential growth of spam is going to slow or plateau in the foreseeable future.  With the sale of spamming kits now providing a significant element of the spammers’ income, and a number of large and emerging economies coming on-line, there is every expectation that spam will continue to increase at the current rate and not become self-limiting in the foreseeable future.  By the time it is reached, significant damage to the internet as a medium for communications and business could result.  Intervention is therefore considered necessary to protect the internet for the common good.

 

B.2 Specification of the desired objective(s)

1) Reduction of spam emanating from Australia - effective immediately from the introduction of the proposed legislation.  The reduction is expected to be substantial with the majority of benefit gained by the expiration of any “sunrise” provisions contained within the proposed package of measures.

2) Reduction of spam in Australia from other sources - progressively and gradually as international frameworks and agreements are developed, implemented and enforced.  It is likely to take some time (years) before the full benefits from these arrangements, in Australia or internationally, are realised.

 

B.3 Identification of options

Option 1 - Retention of the status quo

In the existing environment there are a number of elements which play some role in influencing spam, spamming and the user experience of spam these include the existing codes of Conduct/Codes of Practice, existing legislative measures and existing technical measures.

 

Ø   Industry self-regulation

Some significant advances have been made in terms of industry self regulation and co-regulation.  For example the ADMA Direct Marketing Code of practice has provided an framework for ADMA members and their Agents to follow in undertaking direct marketing responsibly.  Organisations which follow the code generally don't spam, as it is permission-based.  The code only applies to ADMA members and their agents - it does not apply to all companies involved in direct marketing, so non-ADMA member companies can consequently spam with impunity, and some do.

 

Self-regulation is also being explored in the Internet Service Provider (ISP), content hosts, and e-commerce providers segment of the market - the Internet Industry Association (IIA) has developed a number of codes and draft codes which deal with a range of issues associated with spam such as privacy, cybercrime and content issues.  Approved codes apply to IIA members, but not all internet businesses are yet IIA members.  ISPs also have Acceptable Usage Policies (AUPs) which their customers must abide by.  The degree to which these AUPs address spam, and the vigour with which they are enforced, varies between ISPs.

 

The Australian Communications Industry Forum (ACIF) has a Code of Practice which covers SMS spam by telecommunications carriers.  The ADMA is currently drafting a code for mobile telecommunications content advertising eg via SMS, WAP, MMS and 3G services, which will complement the ACIF code.

 

Ø   Existing Australian legislative measures

The range of existing legislation with potential applicability to spam is summarised at Attachment A.  None of the existing measures was specifically intended to address spam or spamming, and despite the breadth of measures theoretically available they are rarely used to prosecute spammers, other than where there is a clear breach of consumer protection legislation eg the claims made for a product are demonstrably false.

 

Ø   Technical Solutions

There is a wide range of technical solutions available to users at every level from consumers through to corporates and ISPs, and these are summarised at Attachment B.  Although technical measures to combat spam are advancing the situation is akin to the situation in computer virus protection, with anti-spam advances being matched by new spamming techniques.  Indeed there is an increasing number of programs which provide both anti-virus and anti-spam protection.  Given the likely continuation of this dynamic tension, technical solutions are primarily included as part of the status-quo, with emerging technical solutions included as a separate option.

 

Option 2 - Anti-spam legislation

No existing legislation, including the amendments to the Criminal Code Act 1995 contained in the Cybercrime Act 2001 , was explicitly drafted to address the issue of spam.  Given significant gaps in the existing legislation one option is for government to introduce legislation specifically targeting the act of spamming, regardless of content. It is proposed that specific anti-spam legislation be developed which sets standards for commercial e-mail.  The proposed standards to be set by the legislation include:

(a) no commercial electronic messaging to be sent without the prior consent of the recipient except where there is an existing business relationship;

(b) all commercial electronic messaging to contain accurate details of the sender’s name and physical and electronic addresses.  Such messages from businesses must also include the Australian Business Number or Australian Company Number as applicable; and

(c) all commercial electronic messaging to contain a functional “unsubscribe” facility which must be responded to within a reasonable timeframe (by default 1 week), except where there is a requirement for ongoing electronic communication due to a continuing business relationship or a contractual requirement.

 

The legislation, to be administered by the Australian Communications Authority (ACA) would also prohibit the sale, supply or use of software for the primary purpose of electronic address collection, list generation or the use of lists generated thereby - sometimes referred to as “address harvesting” or “dictionary attacks”.  This would have no impact on existing permission-based lists used by businesses.

 

Exceptions will apply to protect currently accepted government, business and commercial practices, such as government to consumer messages, and commercial messages to publicly advertised addresses where the approach is specifically related to the addressees' employment function.  The proposed legislation will not adversely impact on-line marketing to bona fide existing customers. 

 

The legislation and the ACA would also facilitate and support the development of Industry Codes by the IIA, ADMA and others, which complement and are consistent with the legislation, including (where relevant) features such as:

·          requiring ISPs to make available to retail clients filtering options from an approved schedule of spam filters;

·          encouraging members to publicise spam filtering options and products and participate in their evaluation;

·          requiring code members to ensure their servers are configured appropriately and to take action to close down open relay servers; and

·          requiring code members not to send spam and to take due care to prevent their facilities being used for the purposes of sending spam.

 

Option 3 - Educational Programs - industry and consumer

As spam is a comparatively recent problem the understanding of it is uneven in the user community (at all levels) both in terms of the nature and extent of the problem and in terms of best practice in:

·          preventing e-mail addresses from becoming targets for spam;

·          implementing filtering technologies;

·          how not to spam when direct marketing online; and

·          how to protect computer resources and prevent them being vulnerable to being exploited by spammers (eg open relays).

User groups, filtering technology companies, industry associations, NetAlert and NOIE, are currently beginning to implement some awareness raising through their websites, public seminars, announcements and articles. (Because of the emergent state of this strategy it is not included under the status quo). This has had increasing success as the magnitude of the problem permeates the public and corporate consciousness.  This is accelerating through the significant press interest that the spam problem has recently generated.  Significant gaps remain however in the understanding with the problem, and there is a need for a more concerted and integrated information/education campaign, particularly at the consumer level.  This will need to be reasonably continuous until inroads are achieved against the problem. 

 

Option 4 - Multi-Layered Strategy (Preferred Option)

This option proposes the adoption of the strategy recommended in the NOIE Final Report on spam.  It involves the coordinated implementing of both Options 2 and 3 above and further leveraging this work to develop and implement international guidelines and cooperative mechanisms to address the international dimension of spam.  

 

Option 5 - Emerging Technical Solutions

In the longer term, a range of innovative strategies have been proposed to address the spam problem by developing a framework of proven identity.  For example it has been suggested that spam could be countered by setting an e-mail client to accept only messages signed with trusted digital certificates issued from a trusted public key infrastructure (PKI) service provider.  However, these systems will only become practicable with the wider implementation and use of digital certificates therefore it is not a viable option for consideration at this stage.

 

B.4 Assessment of impacts (costs and benefits) of each option

The current spam problem exists despite the existence of a number of the options listed above (existing legislation, industry self-regulation and co-regulation) and the costs/benefits of these options are therefore not examined individually.

 

Impact group identification

Small Business

 

Large Organisations

 

Direct-Marketing Businesses

 

Internet Service Providers (ISPs)

 

Consumers

 

Impact Analysis

Small Business

Option 1 - Retention of the Status Quo

Costs : Given the estimated average costs of spam of in excess of $900 per employee per year small business can experience considerable costs from spam.  Technical and filtering strategies can provide significant, but not complete, relief to small business and the cost of implementing these solutions will be comparatively low.  For some businesses the risk of false-positive events (where legitimate e-mail is mistakenly blocked or filtered out) will mean that they cannot risk using filtering technologies, and must consequently continue to bear the full cost of spam.  Individual small businesses will suffer significant damage and loss due to the exploitation of their computer resources and spoofing attacks by spammers.  For some small businesses, particularly the home office segment, the costs often extend beyond the purely financial as spam imposes a significant emotional cost (eg due to a fear of minors or spouses being exposed to offensive material in spam) on recipients.

Benefits :  By implementing readily available anti-spam strategies (such as selecting an ISP who provides spam-filtering and/or implementing filtering themselves) small business can significantly reduce the volume of spam it currently has to deal with, often by up to 80% with some vendors claiming greater than 95%.  Depending on the nature of their business not all small businesses may be able to avail themselves of this option.  The benefits if filtering would be spread across almost all small business which are online.

 

Option 2 - Anti-spam legislation

Costs: Targeted anti-spam legislation will not generally impose any significant cost on small business, as very few small businesses send spam, recognising the generally deleterious effect this has on customer perceptions.  For the vast majority of small businesses the proposed legislation will have zero impact in terms of a need for awareness or compliance.  Businesses communicating with their existing customer base (ie where there is an existing business relationship) will still be able to do so with the proviso that they adhere to the accuracy requirements in the proposed legislation.  At most this may require a template change at trivial cost.  Depending on their business model for attracting new customers, a small minority of businesses may face additional cost as “spam-vertising” will no longer be a valid approach.  This is an uncommon practice amongst Australian small business.  No hard figures are available on this but anecdotally it is estimated at perhaps 1-5%.

Benefits :  Anti-spam legislation should deliver both a short-term and long-term reduction in spam volumes, particularly for spam arising within Australia. The benefit from legislation alone would be small initially increasing very gradually over time.  The benefits of this for small business can include:

·          increased visibility and confidence in normal commercial messaging (both incoming and outgoing);

·          reduced spamming attacks (due to a greater likelihood of spammers facing prosecution); and

·          reduced employee/network stress due to spam.

 

Option 3 - Educational programs

Costs : User education (eg education of employees on not entering on-line "competitions" with work e-mail addresses) may reduce the cost of spam to business but not substantially, as many employee e-mail addresses are harvested and used without the consent or knowledge of the employee, or are generated through “dictionary” attacks.  The main cost (and benefit, discussed later) would accrue where as a consequence of the education program a business elects to enhance their anti-spam strategy, eg by implementing appropriate spam-filtering programs.  For most businesses the cost of this will not be substantial, and may be integrated with their anti-virus strategies.

Benefits : The benefits to small business of an education campaign for small business would accrue from better understanding of the options available and how to select and implement the technical or filtering strategy that best suits their business needs, and advice on how to market online without spamming.  With estimated costs in the order of $900/pa per employee due to spam significant benefit can be derived through an educated approach to the problem for businesses that have an online component.



 

Option 4 - Multi-layered Strategy

Costs: The costs to small business would be as the combination of those outlined in options 2 and 3 above, which will in the case of most businesses be extremely minor.

Benefits:   This strategy would provide both an immediate and a long-term reduction in spam volumes and leverage and enhance the benefits available though each element.   This would provide benefits to small business in the areas of: 

·          increased visibility and confidence in normal commercial messaging (both incoming and outgoing);

·          reduced spamming attacks (due to a greater likelihood of spammers facing prosecution);

·          reduced owner/employee/network stress due to spam;

·          enhanced consistency in terms of regulatory frameworks and adherence to them;

·          increased confidence in own online marketing strategy (where applicable); and

·          better decision making regarding appropriate anti-spam measures

 

Large Organisations

Option 1 - Retention of the Status Quo

The costs to most large organisations of spam is very significant and arises not only from the productivity cost of sorting through spam itself but also from the potential malicious code it contains and the legal liability it can be exposed to through not adequately protecting employees from offensive material.

The cost of implementing appropriate technical solutions may be significant, covering both software costs, network administrator resources and often hardware resources.     Most large organisations have appropriate in-house or contracted expertise to enable them to develop and implement an anti-spam strategy that will significantly reduce the spam load of both the organisation and individual employees.  The cost for implementing such technical solutions in large organisations is significant but is likely to occur regardless of any other options due to the significant risks the organisations are exposed to through spam.

Benefits : The benefits of implementing existing anti-spam technologies and strategies can be substantial both in terms of productivity improvement and in terms of risk reduction, depending on the nature of the organisation and the business sector (the imperative will be greater for more network dependant and online related business.

 

Option 2 - Anti-spam legislation

Costs: No significant costs are anticipated for general major organisations as a consequence of the proposed anti-spam legislation.  It is considered that such organisations will already be maintaining appropriate levels of accuracy and transparency in their communications and undertaking marketing on an opt-in basis in accordance with industry standards.

Benefits :  Anti-spam legislation should deliver both a short-term and long-term reduction in spam volumes, particularly for spam arising within Australia. The benefit from legislation alone would be small initially increasing very gradually over time.  The benefits of this for small business can include:

·          increased visibility and confidence in normal commercial messaging (both incoming and outgoing);

·          reduced spamming attacks (due to a greater likelihood of spammers facing prosecution);

·          a greater opportunity to initiate action to recover the costs of spam and spam attacks from spammers; and

·          reduced employee/network stress due to spam.

 

Option 3 - Educational programs

Cost: User education is likely to be a small relative cost to major organisations as the majority of the required materials are likely to be developed by third parties. 

Benefits : Appropriate user education can provide some benefit in terms of spam-load reduction by reducing the amount of inappropriate e-mail address distribution and list.

 

Option 4 - Multi-layered Strategy

Costs: The costs to business would be a combination of those outlined in options 2 and 3 above.  Depending on the organisation size, complexity, configuration and nature the potential cost of implementing technical solutions could vary substantially. It is not imposed by the proposed legislation, but simply by the desire to gain a business benefit.

Benefits:   This strategy would provide both an immediate and a long-term reduction in spam volumes and leverage and enhance the benefits available though each element.  This would provide benefits to small business in the areas of: 

·          increased visibility and confidence in normal commercial messaging (both incoming and outgoing);

·          reduced spamming attacks (due to a greater likelihood of spammers facing prosecution);

·          reduced employee/network stress due to spam;

·          enhanced consistency in terms of regulatory frameworks and adherence to them;

·          increased confidence in own online marketing strategy (where applicable); and

·          better decision making regarding appropriate anti-spam measures

 

Direct Marketing Businesses

Option 1 - Retention of the Status Quo

Cost: Under the status quo direct marketing businesses will suffer increasing marginalisation and reducing efficacy of their legitimate product due to the increasing proliferation of spam.  They also risk being blacklisted by anti-spamming organisations or their own ISP who may also fear being blacklisted internationally. 

Benefits : Spammers benefit from the existing environment which enables them to operate with comparative impunity, largely free from the requirement to conform with appropriate codes of practice or behaviour, to which other business conform. 

 

Option 2 - Anti-spam legislation

Cost: The costs to direct marketing businesses will consist of the need to review and possibly configure their direct marketing strategies to conform with the relevant legislation - ie that the persons they are electronically messaging already have an existing business relationship with them, or that they have actively chosen to receive such messages.  For companies which comply with the ADMA direct marketing code this may require some adjustment, depending on the permission regime they currently employ - many already work on a strict opt-in basis and are therefore already compliant. 

 

For direct marketing businesses which are not currently behaving responsibly (eg those that buy and use non-specific address lists of dubious relevance and/or parentage and who send messages indiscriminately) the costs will be significant.  They may choose to either cleanse or recreate their lists to only include those who have meet the criteria or revisit their business model. This group is a minute proportion of the overall business and marketing community.

Benefits : This would provide benefits to direct marketing businesses in the areas of increased visibility and confidence in normal commercial messaging (both incoming and outgoing) and in the customer base.  It should also reduce the amount of spam that these companies receive themselves.

 

Option 3 - Educational programs

Costs : ADMA currently provides significant education and training to ADMA members on direct marketing issues, and further education alone seems unlikely to cause and significant reduction in spam problems, as most spammers are not ADMA members.  The option exists for better public education of the holistic opt-out options offered by ADMA which may come at some cost to ADMA and indirectly therefore to ADMA members.

Benefits: The benefits to Direct marketing organisations of the strategy described above would be a small reduction in potential addressees with a potentially significant enhancement in consumer understanding and confidence.

 

Option 4 - Multi-layered Strategy

Costs: The costs to direct marketing businesses would be as the combination of those outlined in options 2 and 3 above, which will vary from business to business.  For example some businesses may have to choose to either cleanse or recreate their lists to only include those customers who meet the criteria or revisit their business model.

Benefits:   This strategy can provide both an immediate and a long-term reduction in spam volumes and leverage and therefore gradually restore the legitimacy and value of ethical on-line direct marketing.  It should also progressively increase the public understanding of the distinction between this activity and spamming, and restore confidence in the former.

 

Internet Service Providers (ISPs)

Option 1 - Retention of the Status Quo

Costs: The costs of implementing technical measures to minimise spam is significant for the ISP sector but is occurring rapidly in response to customer demand.  Many ISPs are already implementing spam-filtering and offering desktop-based spam-filtering options to customers, and most others are actively trialing filtering options. The IIA and members (including ISPs) are already examining the option of developing or enhancing their codes of practice to specifically deal with spamming issues.  There is no industry association, group or code which encapsulates all ISPs however, so any codes developed by the IIA will not impact all ISPs equally.

Benefits: None immediately identified.

 

Option 2 - Anti-spam legislation

Costs:  The proposed anti-spam legislation would complement the existing and proposed codes of practice and would not impose significant additional financial costs on ISPs beyond what would arise from the proposed code enhancements.

Benefits: By reducing the volume of spam generated in Australia, Australian ISPs will significantly reduce their risk of being black-listed internationally due to spamming which has occurred hitherto undetected form their facilities.  ISPs will also experience in the load of spam they must filter and field complaints about.  ISPs will also be better protected in taking action against spammers as the activity will be clearly unlawful.  ISPs have indicated they are looking for legislation to assist them in this regard.

 

Option 3 - Educational programs

Costs:  The base cost of education programs to individual ISPs will be comparatively small as many of the required materials will be either collaboratively developed or developed through third-party channels such as the IIA, AIIA, and NOIE.

Benefits: The benefits to ISPs of users effectively being able to understand the spam problem and take effective action to relieve themselves of a significant proportion of the spam load, should provide benefits to ISPs through a significant lowering of related help-desk calls  and complaints, and a reduction of "churn" as users either drop e-mail accounts that have become polluted or through simple frustration.

 

Option 4 - Multi-layered Strategy

Costs: The cost of implementing the multi-layered approach to spam is the combined cost of Options 2 and 3 above ie nil to significant.

 

Benefits: By reducing the volume of spam generated in Australia, Australian ISPs will significantly reduce their risk of being black-listed internationally due to spamming which has occurred hitherto undetected form their facilities.  ISPs will also experience in the load of spam they must filter and field complaints about.  In the longer-term, as international strategies take effect, it will have the effect of further reducing the spam-load coming into the country from overseas and consuming ISP resources.

 

Consumers

Option 1 - Retention of the Status Quo

Costs: The potential cost of retaining the status quo could be to significantly degrade the value and functionality of the internet both as a communications medium and as a conduit for commerce due to the negative impact spam is having on many consumers.  This arises from financial issues (bandwidth cost), time issues (taken wading through spam to get to legitimate e-mail), emotional distress issues (from being sent spam promoting rape sites, promotions for extreme pornography and bestiality, to name but a few), and the promotion by spam of financial and other scams. 

 

Consumers can implement existing filtering technologies either for free or at a small cost.  Many users, depending on their requirement, will find that using an ISP that does ISP-level filtering will also provide significant spam relief, effectively at no cost to the consumer.  For many consumers, particularly those responsible for minors, do not however find this degree of relief adequate.

Benefits:  None immediately apparent.

 

Option 2 - Anti-spam legislation

Costs: There is no apparent cost of anti-spam legislation for consumers.

Benefits:  Improved confidence in the medium and a reduced spam load. 

 

Option 3 - Educational programs

Costs: There is no apparent cost to consumers of anti-spam education, other than a minor time investment of their own choosing.

Benefits:  Better understanding of the problem, how to avoid it as much as possible and a reduced spam load through informed choices of anti-spam strategies. 

 

Option 4 - Multi-layered Strategy

Costs : Other than the cost of implementing optional filtering technology there are no identifiable costs to the consumer of this strategy. 

Benefits : Improved confidence in the internet as a communications and business medium.  The benefits to consumers of the both the technical regulatory and legislative strategies proposed are all expected to be positive, partially financially through reclaiming bandwidth, but also in reclaimed time and peace of mind.

 

Restrictions on competition

Nil effects anticipated.

 

Ecologically Sustainable Development

The degradation of the medium for legitimate online direct marketing has been sufficiently severe that some marketing strategy advisers are indicating to clients that they should revert to paper-based (eg mail, letterbox) marketing.  Rehabilitation of legitimate online direct marketing should see this trend reverse with consequent positive environmental impacts.

 

There is also expected to be an improvement in the human environment with a decrease in spamming activity - many consumers are afraid of opening e-mails, or of their children doing so, because of the potential content.  As anti-spam measures take effect this concern should dissipate.

 

B.5 Consultation

The consultation in developing the report has been protracted and extensive, involving over 50 submissions or consultations (including consumers, industry associations, consumer organisations, and commonwealth and state government bodies and agencies) and the publication of an interim report.

 

An interim report was published by NOIE in September 2002.  The responses to these consultations and submissions significantly contributed to the form and substance of the final report.  Many submissions were substantial and detailed bodies of work and summarising individual submissions would not do them justice.  Some of the organisations that provided submissions and/or were consulted directly include:

 

Australian Broadcasting Authority (ABA)

Australian Consumers Association 

Australian Competition and Consumer Commission (ACCC)

Australian Direct Marketers Association (ADMA)

Australian Federal Police (AFP)

Attorney-General’s Department (AGD)

Australian Privacy Charter Council (APCC)

Australian Securities and Investments Commission (ASIC)

AOL/7 Online Services

Coalition Against Unsolicited Bulk E-mail (CAUBE)

Centre for International Research on Communication and Information Technologies (CIRCIT)

Department of Communications, Information Technology and the Arts (DCITA)

Distributed Systems Technology Centre (DSTC)

Human Rights and Equal Opportunity Commission (HREOC)

Internet Industry Association (IIA)

Internet Society of Australia (ISOC-AU)

Office of the Federal Privacy Commissioner (OFPC)

Office of Small Business

Optus

OzEmail

Telstra

Treasury Department

Yahoo!

 

The submissions explored a diverse range of issues surrounding spam. A number of submissions from existing enforcement agencies provided detail of the aspects of spam to which their legislation does, or might, apply - these have been incorporated in the summary at Attachment A - while others sought to reinforce the legitimacy of permission-based marketing (which the proposed legislation would permit).

 

Apart from a small number of submissions that were generally against any form of internet regulation most submissions were clear that they felt that there was a significant problem which was not being addressed by the status quo, and they wanted it dealt with.  A number of submissions advocated an "opt-out" approach to spam, but this was not ultimately considered to be sustainable.  As a number of other respondents indicated ‘opt-out’ is effectively impractical due to the number of e-mails involved and the understandable reluctance of users to use the often suspect ‘unsubscribe’ options contained in them, and the rapid "identity changes" that spammers undergo.

 

A recurring theme of many of the submissions was a desire for a “tough legislation”, based on an opt-in approach, regardless of content - which one submission summarised as "…it is an issue of consent, not content."

 

Consultations continued during the drafting of the Spam Bill with key industry and community stakeholders to ensure that the final form of the legislation does not adversely impact legitimate and ethical businesses, and community groups.  These included ADMA, the IIA, CAUBE, Electronic Frontiers Australia, the Australian Information Industries Association, the Australian Chamber of Commerce and Industry, the Coalition of Small Business Associations, the Fundraising Institute of Australia, ISOC-AU, the Australian Consumers Association and others. After these consultations, including consideration of an exposure draft, the overwhelming response from these groups was one of the legislation having struck an appropriate balance, notwithstanding that each group felt that some minor changes would be beneficial.  These comments have been considered and are incorporated in the final Bill where appropriate. 

 

 

B.6 Conclusion and recommended option

Maintenance of the status quo is not a viable option given the grave consequences that may arrive in terms of consumer confidence, frustration and the potential degradation of the internet as a medium for communications and the common good.

 

Whilst the existing technical solutions and industry codes of conduct can provide some significant relief for the recipients of spam they do not address some of the more fundamental aspects of the problem, not least because the spamming organisations and individuals are not members of the relevant industry associations.  They also only deal with spam once it has arrived in-country and therefore do not deal with the problem of the infrastructure stress on the internet spam is causing. 

 

Both educational measures and legislation as options can contribute individually to dealing with the problem, but they do not provide the breadth of benefits and efficiencies of the preferred approach - the multi-layered approach. It is consequently recommended that this approach, as outlined in the NOIE report, including the development of specific anti-spam legislation, be implemented. Only through the implementation of strong anti-spam legislation can Australia effectively prevent spamming from within its shores and then work with other nations to develop a harmonised approach to dealing with spam at source.  The legislative approach proposed by Government is a strong approach, consistent with existing and emerging industry codes, which will reinforce existing measures, not conflict with them.  It is also consistent with the approach taken in most other countries to date. 

 

The proposed approach does not impose significant costs on business (large, small or medium), indeed the cost-impact for most business will be zero, particularly for small businesses, but can provide both short term and long-term benefits to all online businesses and general consumers.  Some initial impost is likely for some companies involved in direct marketing, whilst they move to best practice (eg ensuring their address lists are opt-in based or that an appropriate business relationship exists), but this will be short-term and provide long term benefits in terms of improved efficacy of direct online marketing as a channel.

 

B.7 Implementation and review

As new legislation in a new, and evolving, policy sphere it is proposed to initially fund the ACA to undertake the activity to June 2006 only, pending a review of the program before that time.  This will enable a good resource baseline to be established to inform future investment decisions.  The legislation penalty provisions will commence 120 days after the legislation receives Royal Assent.  This will ensure that persons or companies that currently unknowingly spam will be able to correct their behaviour without penalty. It is proposed to undertake a review of the legislation 2 years after the commencement of the penalty provisions.  The development of improved statistical baselines for spam trends has been proposed as part of the NOIE report and will be implemented in concert with the legislation and other measures outlined in the report.  This will enable a ready comparison of the spam trends both within Australia and vis-a-vis other countries.



Attachment A

 

Existing Legislation with Potential Applicability to Spam and Spamming Activities

 

Privacy and consent

At the present time there is no legislation specifically requiring a sender to obtain recipient’s consent prior to sending spam to that individual, either initially or on an ongoing basis.  Under the Privacy Act 1998 the collection of personal information from public sources may require an individual’s explicit consent, but this aspect of the legislation has not yet been tested.

 

There are several components of the Privacy Act, in particular the National Privacy Principles, that could be clarified and/or strengthened to better regulate the way in which spammers collect and use e-mail addresses:

 

·          The National Privacy Principles do not prevent a business from using personal information for the primary purpose for which it is collected.  Accordingly, if a spammer collects personal information from an individual or from anywhere else for the primary purpose of spamming the Privacy Act may not prevent the spammer from using this information in that way.  Also in these circumstances the spammer is under no legal obligation to give the recipient an opportunity to opt out, or to comply with such a request.

·          Where spammers are subject to the Privacy Act and they collect information about an individual indirectly, they will be required to take reasonable steps to make the individual aware of the details specified in National Privacy Principle 1.3.  However, in practice this rarely occurs either through ignorance or deliberate avoidance on the part of the spammer. In any event, there seems to be limited enforcement of the responsibilities under the Act.

·          The Privacy Act currently does not extend to many spammers, including those that send spam from overseas and small businesses that do not trade in personal information.

·          Where e-mail addresses do not contain an individual’s name they may not be regarded as personal information under the Privacy Act and therefore not covered by it.

·          Clarification may be needed as to what level of consent is required in the online environment - specifically, whether the National Privacy Principles require opt-out or opt-in for unsolicited commercial e-mail.  Any decision made on this should reflect the general awareness that replying to spam, as opt-out requires, may encourage more spam to be sent as the user's e-mail address has been confirmed as active.

 

The National Privacy Principles allow opt-out-based marketing in some circumstances, but the Federal Privacy Commissioner’s formal guidance on NPP 2.1 is that, in the context of online communications, the National Privacy Principles will generally require an opt-in model.  Conflicting priorities and resource constraints may limit the ability of the Federal Privacy Commissioner to target spam-based complaints in the immediate future.

 

Content and transparency

A number of existing legislative measures may be relevant in dealing with various types of spam:

 

·          The Interactive Gambling Act 2001 prohibits certain forms of online gambling services and the advertising of those services.

·          The Therapeutic Goods Act 1989 is effective in dealing with misleading therapeutic goods related content, where that content is hosted in Australia.  It is not effective in dealing with overseas-hosted content.  Most content of this type originates overseas.

·          The scheme for dealing with content on the Internet contained in Schedule 5 to the Broadcasting Services Act 1992 does not apply to ordinary e-mail.  It can however apply to the sites to which spammers are attempting to direct people, if these sites host prohibited content or potentially prohibited content as defined in Schedule 5.

·          The consumer protection provisions of the Trade Practices Act 1974 prohibit false and misleading claims about goods and services.  This legislation can also potentially apply to the issue of transparency in terms of falsified headers and false opt-out options.

·          Section 85ZE of the Crimes Act 1914 makes it an offence to use e-mail in a manner that is menacing, harassing or offensive: this could include sexually-related content.

 

Pornographic content and links

One of the most common and disturbing forms of spam is either pornographic images or links to pornographic sites, often accompanied by explicit descriptions of the images on offer.  Whilst often offensive to adults, this practice is even more irresponsible in that spammers have no regard to the age of the recipients and such spam is easily viewed deliberately or inadvertently by minors.

 

Schedule 5 to the Broadcasting Services Act 1992 (BSA) establishes a scheme to control illegal and highly offensive online content in Australia.  Under this scheme, any person can complain to the Australian Broadcasting Authority (ABA) if they believe Australians can access illegal or potentially illegal online content, including content attached to spam.

 

The online content scheme relies on the national classification guidelines administered by the Office of Film and Literature Classification, to determine which Internet content should acted upon.  If the ABA finds that the content involved is illegal, it requires sites either to be taken down or instructs filter makers to block the site.  The public complaints process administered by the ABA applies to Internet content including websites that are linked to spam.  However, the scheme does not extend to normal e-mail messages, including spam messages.

 

Misuse/abuse of computing resources

Even where spam contains no illegal or inappropriate content it can still cause damage to both individuals and organisations, and to the Internet as a whole, due to the massive amounts of messages and consequently bandwidth and computing resources that can be consumed.  This can be further compounded for the individual or organisation if they are spoofed, resulting in potentially significant costs and damage to reputation.

 

Where spammers suborn third party computing resources for spamming there are a number of criminal provisions or other legal remedies under the Criminal Code , which may be potentially available [17] :

 

·          Section 477.1 makes it an offence for a person to knowingly commit or facilitate the commission of unauthorised impairment of electronic communication to or from a computer by means of a telecommunications service.  This may apply to spam which is sent without authorisation and which overtaxes computer/Internet resources;

·          Section 477.2 makes it an offence to cause any modification of data held in a computer or impair the reliability, security or operation of such data, by means of a telecommunications service.  This may apply to spam which is sent without authorisation through third party servers, as is the case in many spoofing attacks;

·          Section 477.3 makes it an offence for a person to cause any unauthorised impairment of electronic communication to and from a computer by means of a telecommunications service, or to or from a Commonwealth computer, and where the person knows the impairment is unauthorised;

·          Section 478.1 makes it an offence for a person to knowingly cause any unauthorised access to or modification of restricted data [18] where the data is held in a Commonwealth computer, or is held on behalf of the Commonwealth, or the access or modification is achieved by the use of a telecommunications service;

·          Section 478.3 makes it an offence for a person to possess or control data with the intention of it being used in committing or facilitating the commission of an offence against Division 477 of the Criminal Code.

 



Attachment B

 

Existing Technical Approaches to Limiting Spam

 

Desktop PC users

Some users simply manually delete unsolicited e-mail from their inbox.  Other Internet users rely on the features of their operating system, virus protection or firewalls as a measure to control spam, for example by adding spammers to the ‘junk-senders’ list in their e-mail software.  Increasingly larger e-mail providers are providing their members with facilities to remove spam messages before they reach their inbox, by comparing them against a range of criteria and parameters, which are refined through client interaction. 

 

Spammers are resourceful in avoiding this type of detection by account hopping (changing to new e-mail accounts frequently) or by avoiding words commonly used in spam when drafting their message in order to bypass content filters and firewalls.  Increasingly spam messages are composed to capture the target group’s attention by the use of innovative subject lines and message text that entices the recipient to open the e-mail and/or visit a website.  Many Internet users protect the integrity of their private e-mail address by restricting its use, preferring to establish an anonymous e-mail address through a free e-mail service when communicating with the Internet user, newsgroups or chat rooms.

 

Business and ISPs

Increasingly Internet businesses and ISPs are turning to technical solutions to combat the problem of spam.  There are several types of technical tools that will assist in filtering or blocking unwanted e-mail messages.  Many businesses and Internet service providers are now using more robust tools that filter spam before it finds its way into corporate networks and onto the desktops of end users.

 

Filtering, anti-virus and firewall products use strategies including Bayesian logic to intercept spam.  These products may be applied either by ISPs or corporate networks at the level they receive mail (ie. message transfer agent (MTA) or message user agent (MUA)) or by end users.  An MUA interacts with a software e-mail browser to access, display and prepare messages on the user desktop.  An MTA is a program responsible for receiving, routing, and delivering e-mail messages.  MTAs receive e-mail messages and recipient addresses from local users and remote hosts, perform alias creation and forwarding functions, and deliver the messages to their destinations.  An MTA is sometimes called a mail transport agent, a mail router, an Internet mailer, or a mail server program.

 

System administrators can also close open relays to avoid having their e-mail server used to send spam.  According to the ISP Xmission [19] , a mail system needs to have two rules to be secure from being used as a relay:

 

·          It should accept only incoming mail that it delivers locally, based on e-mail address;

·          It should deliver only outgoing mail that originates locally, based on IP address.

 

The actual configuration settings will of course vary for different server types.  More detailed information on setting configurations for particular systems is at http://mail-abuse.o r g/tsi/ar-fix.html.

 

A related problem to open relays is open proxies, particularly open proxies on broadband connections. In this context a proxy is software that can be used on a ‘single computer’ Internet service (such as a dialup, cable or DSL connection) to allow other computers connected on a home network to get access to the Internet via the single computer that has direct access to the Internet service.  If a proxy is misconfigured so that it does not restrict who can use it - that is, it is open - it can be used by spammers to send spam, making it look like it came from the misconfigured computer.  This type of abuse doesn’t even leave telltale signs like open proxy abuse typically does.  This is something that the broadband service providers in particular need to deal with, possibly by scanning for open proxies themselves or blocking the ports normally used by open proxies.

 

Pressure has increasingly been placed on sites offering free web-based e-mail to take steps to counter spam. Free web-based e-mail offers potential spammers the ability to establish a web address freely and quickly - allowing multiple accounts to be created and making spammers difficult to pinpoint and effectively dealt with through filtering and blocking software or other measures.

 

It is however encouraging to see companies these free web-based e-mail services taking responsibility for the spam they both generate and attract.

 

For example, Hotmail has implemented an initiative to limit to 50 the number of addresses that a user can send a single e-mail to, and has also limited the amount of e-mails a user can send from an account to 100 per day. These moves are said to effect less than one percent of all Hotmail users - but will have a significant impact on the ability of spammers to use the service to send bulk e-mails.

 

Filtering

Filters are programs which block access to e-mail based either on a list of banned sites, or keywords and phrases.  Some also stop search engines from searching on unsuitable topics, and block access to newsgroups, chat rooms and e-mail.  They may either operate on a home computer or through an ISP.  Each filtering tool categorises differently based on their own set of metrics, so that as well as blocking inappropriate sites or content, may also block valuable and inoffensive sites, such as medical sites or e-mail which happen to contain words or phrases on banned lists. 

 

The AC Nielsen.consult survey of ISPs commissioned by NOIE in 2002 found that of the five largest ISPs in Australia, only one filtered for spam before their mail servers forwarded e-mail to customers.  One of the remaining four said it is active in encouraging its customers to employ filter products (provided through the ISP at a discounted price).

 

Of the smaller Australian ISPs, most employed filters before forwarding mail, but many did not filter for all spam.  This partly reflects the fact that filtering messages cost ISPs time and money and slow network performance, without reducing the number of spam messages being sent or the cost of bandwidth abuse and media storage.  Another general perception among ISPs is that filtering products are worthwhile using, at least at the consumer level, but are not always easy to design, configure or install in a manner which blocks spam without blocking wanted messages.  Spam is a dynamic problem and spammers are adept at overcoming filtering technologies.

 

‘Whitelists’ and ‘blacklists’ are forms of filtering used to manage spam by focusing on certifying legitimate e-mail sources.  This option includes the use of ‘approved sender lists’ or ‘do not e-mail’ lists.  They allow businesses and individuals to set permissions that allow e-mail only from approved sources or may be used in conjunction with a filtering option. 

 

Whitelists filter on the basis that a list of the addresses of people or businesses from whom you expect to receive e-mail is created, filtering out e-mail that is not from an address on the list.  A blacklist provides a list of IP addresses that can be used to filter out undesirable traffic.  Blacklists reject e-mail delivered from mail servers known (or believed) to send spam or where e-mail from a certain list of e-mail or specified text patterns is rejected or otherwise filtered.  Internet vigilantes have been known to use blacklists to target and disrupt the business of ISPs and others; essentially innocent parties who have been used by spammers.  Blacklists are not a reliable form of filtering, as they are not always accurate or reliably maintained.  Nor is there any real consistency in the checks applied (if any) by the often anonymous maintainers of these lists.  On occasions this has led to innocent parties being posted to a blacklist with no way of being able to clear their name or gain a de-listing.  Further information on spam filtering databases may be found at www.declude.com/JunkMail/Support/ip4r.htm and http://www.moensted.dk/spam.

 



 

ABBREVIATIONS

 

The following abbreviations are used in this explanatory memorandum:

 

ACA:                                      Australian Communications Authority

 

ACA Act:                               Australian Communications Authority Act 1997

 

Bill:                                         Spam Bill 2003

 

Crimes Act:                             Crimes Act 1914

 

Minister:                                  Minister for Communications, Information Technology and the Arts

 

NOIE:                                     National Office for the Information Economy

 

SMS:                                       short message service

 

Spam Consequentials Bill:      Spam (Consequential Amendments) Bill 2003

 

Telecommunications Act:       Telecommunications Act 1997

 

TPA:                                        Trade Practices Act 1974

 

 



 

 

NOTES ON CLAUSES

 

Part 1 - Introduction

 

Clause 1 - Short title

Clause 1 provides that the Bill, when enacted, may be cited as the Spam Act 2003 .

 

Clause 2 - Commencement

Clause 2 sets out when each of the provisions in the Bill will commence.  It provides that the following provisions will commence on Royal Assent:

·          clauses 1 to 14 of the Bill, and anything else not covered by the table.  These are the introductory provisions, including the short title of the Bill, these commencement provisions and the definitions (items 1 and 2).

·          clauses 42 and 47.  These clauses provide for the additional ACA functions and the regulation-making power (items 5 and 7).  This will enable an education program to be conducted about the scheme provided for in the Bill prior to any enforcement action being undertaken.

·          Schedule 2, the provisions relating to the concept of consent (item 9).  This concept of consent is relevant to the industry codes provisions in the Spam Consequentials Bill, which commence upon Royal Assent.

 

The following provisions will commence 120 days after Royal Assent:

·          Parts 2 to 6 (item 3).  These Parts relate to rules about sending commercial electronic messages and about address-harvesting software and harvested-address lists, the civil penalties provisions and the injunctions and enforceable undertakings provisions.  This delayed commencement will ensure that an education program can be conducted prior to the penalty provisions coming into effect.

·          clauses 41, 43 to 46 (items 4 and 6).  These are miscellaneous provisions. 

·          the provisions defining ‘designated commercial electronic messages’ and the infringement notice scheme provisions which are set out in Schedules 1 and 3.

 

Subclause 2(2) makes it clear that column 3 of the table contains additional information that is not part of this Bill.

 

Clause 3 - Simplified outline

 

Clause 3 provides a simplified outline of the Bill.  It is not a comprehensive statement of the measures contained in the Bill, but is designed to assist people in understanding the broad elements in the Bill.

 

It provides that the Bill, when enacted, will set up a scheme for regulating commercial e-mail and other types of commercial electronic messages.  The regulation of these types of messages is not confined to unsolicited commercial electronic messages (commonly known as spam).  Certain measures (such as commercial electronic messages being required to include sender information) will also apply to messages which are not unsolicited.  In particular the Bill provides that:

 

·          unsolicited commercial electronic messages must not be sent (see clause 16 of the Bill);

·          commercial electronic messages must include information about the person (individual or organisation) who authorised the sending of the message (see clause 17 of the Bill);

·          commercial electronic messages must contain a functional unsubscribe facility (see clause 18 of the Bill);

·          address-harvesting software must not be supplied, acquired or used (see Part 3 of the Bill) ;

·          an electronic address list produced using address-harvesting software must not be supplied, acquired or used (see Part 3 of the Bill); and

·          the main remedies for breaches of this Bill are civil penalties and injunctions (see Parts 4 and 5 of the Bill).

 

The outline also notes that the Telecommunications Act contains additional provisions relevant to commercial electronic messages.  Those provisions relate to industry codes and standards (Part 6), investigations by the ACA (Part 26), information-gathering powers of the ACA (Part 27) and enforcement by the ACA (Part 28).  These provisions are proposed to be amended by the Spam Consequentials Bill to apply to commercial electronic messages.

 

Clause 4 - Definitions

 

Clause 4 sets out the key definitions used in the Bill.  These definitions are discussed below.

 

ACA

 

The term ‘ACA’ is defined to mean the Australian Communications Authority.  Under this Bill and the Spam Consequentials Bill, the ACA is responsible for investigating complaints about the sending of unsolicited commercial electronic messages and taking appropriate enforcement action (see Parts 4 to 7 of this Bill which set out the various enforcement options available).

 

account

 

The term ‘account’ is defined to include a free account, a pre-paid account and anything that may be reasonably regarded as the equivalent of an account.  This term is used in the definition of ‘electronic message’.  An ‘electronic message’ for the purposes of this Bill is defined in clause 5 to mean a message sent using an Internet carriage service or other listed carriage service which is sent to an electronic address in connection with an e-mail account, instant messaging account, telephone account or a similar account.  For example an electronic message includes an e-mail message (which is sent using an Internet carriage service to an e-mail address) or an SMS message (which is sent using a listed carriage service to a mobile phone number).

 

This definition of ‘account’ is intended to put beyond doubt that messages sent to accounts such as free web-based e-mail accounts, which are free accounts, or to a pre-paid Internet account, come within the meaning of an account in this Bill.

 

The linking of the sending of a message to an electronic address which is connected with a particular account (relevant to that address) is intended to exclude messages sent to an Internet protocol address (for example, a message sent to retrieve a particular webpage) from the meaning of an electronic message, as they would not be being sent to an electronic address in connection with a particular account. A message sent to an IP address associated with an instant messaging service or web-mail account, would however be an electronic message for the purposes of the Bill.

 

acquire

 

The term ‘acquire’, when used in relation to goods or services, is defined to have the same meaning as in the TPA.

 

Subsection 4(1) of the TPA defines ‘acquire’ to include:

 

(a)                 in relation to goods - acquire by way of purchase, exchange or taking on lease, on hire or on hire-purchase; and



(b)                in relation to services - accept.

 

The meaning of the term ‘goods’, as defined in the TPA is discussed below under the definition of goods in clause 4 of this Bill.  It is an inclusive definition which would include software. 

 

The definition of ‘acquire’ is an inclusive definition which does not limit the ordinary meaning of the term.  It would cover the exchange of goods without any payment.  For example, if a person has downloaded software which is freely available on the Internet, then they have acquired the software for the purposes of this Bill. 

 

The term ‘acquire’ is used in clause 21 of the Bill.  This clause prohibits the acquisition of address-harvesting software and harvested-address lists for the purposes of sending ‘spam’.  The terms ‘address-harvesting software’ and ‘harvested-address list’ are defined in clause 4 (see discussion below).



 

address-harvesting software

 

The term ‘address-harvesting software’ is defined to mean software that is specifically designed or marketed for use for searching the Internet for electronic addresses (for example e-mail addresses or telephone numbers) and collecting, compiling, capturing or otherwise harvesting these electronic addresses.   Some commercial examples of this sort of software are Speed Email Extractor, Advanced Email Extractor and Xtreme Xtractor, although it should be noted that the retailers of some products specifically prohibit their use for sending spam.  Legitimate data-warehousing activities do not fall within the definition.

 

The term ‘use’ is given an extended meaning in clause 11 of the Bill to include use of a thing in isolation or in conjunction with other things.  Therefore if software is accompanied by other mechanisms which automate the process, this would fall within the definition of address-harvesting software.

 

Under this Bill the supply, acquisition or use of address-harvesting software is prohibited where it is intended to be used to send unsolicited commercial electronic messages in contravention of clause 16 (see Part 3 of the Bill).  This Part also prohibits the supply, acquisition or use of lists produced using address-harvesting software. The Bill prohibits the offer to supply address-harvesting software or harvested-address lists where they would be intended to be used in a contravention of clause 16.

 

agency

 

The term ‘agency’ is defined to include an armed force and a police force.  This term is used in the definition of a ‘government body’ in clause 4, which in turn is relevant to the various exclusions to the penalty provisions (as part of the definition of a ‘designated commercial electronic message’ in Schedule 1).  The definition is included to ensure that armed forces and police forces come within the meaning of a government body for the purposes of the Bill.  The definition is necessary, as these forces would not ordinarily come within the meaning of an agency.

 

Australia

 

The term ‘Australia’, when used in a geographical sense, is defined to include the external Territories.  These Territories include Norfolk Island, Cocos (Keeling) Islands and Christmas Island.  If this definition were not included then the term ‘Australia’ would not include Norfolk Island.

 

Examples of the use of the term ‘Australia’ are in clauses 7 (which sets out the meaning of an Australian link for the purposes of the Bill, which is relevant to the penalty provisions in Part 2 of the Bill), 14 (extra territorial application of the Bill), and Part 3 of the Bill (which sets out rules about address-harvesting software and harvested-address lists).

 

One of the effects of this extended definition is that a person is prohibited from sending unsolicited commercial electronic messages to Norfolk Island or from Norfolk Island (because it will come within the meaning of an Australian link).

 

Australian link

 

The term ‘Australian link’ is defined to have the meaning given by proposed section 7.  An Australian link is a key element in the penalty provisions in Part 2 which set out the rules about sending commercial electronic messages.  Only those commercial electronic messages which have an Australian link will be subject to the rules.

 

An Australian link in relation to a commercial electronic message is established by one or more of the following:

·          the message originates in Australia;

·          the person or organisation authorising the message is physically present (for individuals), or centrally managed (for organisations), in Australia when the message is sent;

·          the computer, server or device that is used to access the message is located in Australia;

·          the relevant electronic account holder (usually the recipient) is physically present (for an individual), or centrally managed (for an organisation), in Australia when the message is accessed.

 

Essentially an Australian link is established if the message originates in Australia and is sent to Australia or overseas, or if a message originates overseas and is sent to Australia.  Australia is defined to include the external territories (see above).

 

If a message cannot be delivered because the relevant electronic address does not exist (for example because the spammer used a dictionary attack to send the messages) then an Australian link is established if it is reasonably likely that the computer, server or device that would have been used to access the message if the electronic address existed, is in Australia.  For example if a spammer sent an e-mail message to an address within the .au domain that did not exist then it is reasonably likely that the computer that would have been used to access the message would have been located in Australia.

 

authorise

 

The term ‘authorise’, when used in relation to the sending of an electronic message, is defined to have a meaning affected by proposed section 8.

 

Proposed section 8 provides that if an individual authorises the sending of an electronic message and does so on behalf of an organisation then the organisation rather than the individual is taken to have authorised the sending of the message.  This will not apply in the case where an individual purports to act on behalf of an organisation but goes beyond his or her authority.  In this case the organisation will not be taken to have authorised the message.

 

In addition, if an electronic message is sent by an individual or organisation without being authorised by any other individual or organisation, then the first-mentioned individual or organisation is taken to authorise the sending of the message.  This concept of self-authorisation has been included to remove any argument that there has been no authorisation when an individual or organisation has sent a message on his or her own behalf.

 

The term ‘authorise’, in relation to the sending of an electronic message, is used in clause 17 (which requires commercial electronic messages to include accurate identification of the person or organisation who authorised the sending of the message), clause 18 (which requires commercial electronic messages to enable recipients to send an unsubscribe message to the individual or organisation who authorised the sending of the message), Schedule 1 (which defines designated commercial electronic messages as messages authorised to be sent by certain bodies and factual messages with certain additional information about the person authorising the sending), and in clause 3 of Schedule 2 to the Bill (which deals with users of an account who are authorised to consent on behalf of the relevant electronic account-holder).

 

business

 

The term ‘business’ is defined in clause 4 to include a venture or concern in trade or commerce, whether or not conducted on a regular, repetitive or continuous basis.  This definition has been included to make it clear that an electronic message would be a commercial electronic message where it includes an offer to provide a business opportunity even if the offeror is conducting a one-off or irregular commercial activity.

 

The term ‘business’ is used in the basic definition of commercial electronic message (in clause 6) and in Schedule 2 of the Bill (which defines the concept of consent).  The definition of a commercial electronic message includes an offer to provide a business opportunity or to advertise or promote a business opportunity or supplier, or prospective supplier of a business opportunity.  For the purposes of the Bill consent includes consent that can be reasonably inferred from a pre-existing business relationship (see subparagraph 2(b)(ii) of Schedule 2).

 

The settled legal meaning of carrying on a business’ is to conduct some form of commercial enterprise, systematically or regularly, with a view to a profit: Hyde v Sullivan [1956] SR (NSW) 113.  The definition of ‘business’ in clause 4 varies the ordinary meaning of ‘business’ so it is clear that, for the purposes of the Bill, it is not necessary to establish that a commercial enterprise is carried on in a regular or continuous manner.



 

carriage service

 

The term ‘carriage service’ is defined to have the same meaning as in the Telecommunications Act.  A carriage service is defined in section 7 of the Telecommunications Act to mean a service for carrying communications by means of guided and/or unguided electromagnetic energy.  The reference to the carriage of communications by means of ‘guided electromagnetic energy’ includes the carriage of communications by means of a wire, cable, waveguide or other physical medium used, or for use, as a continuous artificial guide for or in connection with the carrying of the communication.   The reference to the carriage of communications by means of ‘unguided electromagnetic energy’ includes communications by means of radiocommunications.

 

This term is used in clause 9 and in the penalty provisions (subclauses 16(10), 17(6) and 18(7)) to clarify that a person does not send or cause to be sent commercial electronic messages simply because the person supplies a carriage service that enables the message to be sent.  This means that carriage service providers (such as an Internet service provider) will not be in breach of the penalty provisions simply because they have supplied the service over which the message was sent.

 

civil penalty provision

 

This definition sets out those clauses in the Bill which are civil penalty provisions.  Civil penalty provisions are provisions which may attract a pecuniary penalty if breached.  The following provisions are civil penalty provisions:

·          proposed subsections 16(1), (6) and (9) which set out the rules relating to sending unsolicited commercial electronic messages;

·          proposed subsections 17(1) and (5), which set out rules relating to the requirement to include accurate sender information in commercial electronic messages;

·          proposed subsections 18(1) and (6), which require commercial electronic messages to include a functional unsubscribe facility;

·          proposed subsections 20(1) and (5), which prohibit the supply of address-harvesting software and harvested-address lists;

·          proposed subsections 21(1) and (3), which prohibit the acquisition of address-harvesting software and harvested-address lists;

·          proposed subsections 22(1) and (3), which prohibit the use of address-harvesting software and harvested-address lists; and

·          a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

Part 4 of the Bill sets out the penalties which apply for contravention of these civil penalty provisions, and the action which may be taken to recover these penalties.  In essence civil penalty provisions may attract pecuniary penalties (as set out in clause 25 of the Bill).  Criminal proceedings may not be brought against a person for breach of a civil penalty provisions (see clause 27 of the Bill).

 

commercial electronic message

 

The term ‘commercial electronic message’ is defined to have the meaning given by proposed section 6.  For the purposes of the Bill, whether an electronic message is a commercial electronic message will be determined by having regard to its purpose or one of its purposes as determined by the content of the message, the way it is presented and the content located at any associated links, such as links to other websites, or telephone numbers.  An electronic message is defined in clause 5.  The definition of a ‘commercial electronic message’ is discussed in more detail below under the notes to clause 6.

 

A commercial electronic message is one of the key elements of the penalty provisions in the Bill, which regulate commercial electronic messages.  It is central to the prohibition on sending unsolicited commercial electronic messages (see clause 16), requiring commercial electronic messages to include accurate sender information (see clause 17) and requiring commercial electronic messages to include a functional unsubscribe facility (see clause 18).  The amounts of the penalties are set out in clause 25.

 

consent

 

The term ‘consent’, in relation to the sending of an electronic message, is defined to have the meaning given by proposed Schedule 2 to the Bill. 

 

Consent may be express consent or implied consent.  If a person has a pre-existing business relationship or other relationship such as a family relationship, consent may be implied (subparagraph 2(b)(ii) of Schedule 2).  Implied consent may also be inferred from the conduct of the person.   The definition of consent is discussed in greater detail below in the notes to Schedule 2.

 

The concept of consent is a key element in the defence to the penalty provisions relating to the sending of unsolicited commercial electronic messages in proposed section 16.  Subclause 16(2) of the Bill provides a defence to the prohibition on sending unsolicited commercial electronic messages if the sender points to evidence that the relevant electronic account-holder consented to the sending of the message.  The effect of this defence provision is that a person may send another person commercial electronic messages where that other person has consented to receiving it.  It therefore enables persons to send commercial electronic messages to persons with whom they have a pre-existing business relationship.

 

data processing device

 

The term ‘data processing device’ is defined to have the same meaning as the Telecommunications Act.  Section 7 of the Telecommunications Act defines it as any article or material (for example a disk) from which information is capable of being reproduced, with or without the aid of any other article or device.

 

This definition is relevant to the infringement notice provisions in subparagraph 4(1)(c)(ii) of Schedule 3.

 

dealing with

 

The term ‘dealing with’, when used in relation to a commercial electronic message, is defined to include accessing the message, responding to the message or filtering the message.

 

This definition is relevant to clause 45 of the Bill which provides for the making of regulations in relation to giving effect to an international convention that deals with commercial electronic messages and/or address-harvesting software.  It means that any international convention which dealt with one or more aspects of commercial electronic messages (ie accessing, responding to or filtering messages) or address-harvesting software, could be given effect to under this regulation-making power.

 

designated commercial electronic message

 

The term ‘designated commercial electronic message’ is defined to have the meaning given by Schedule 1 to the Bill.

 

In essence, certain messages sent or authorised to be sent by government bodies, registered political parties, religious organisations, and charities, as well as certain messages sent or authorised to be sent by educational institutions are designated commercial electronic messages for the purposes of this Bill.  In addition certain factual messages are also designated commercial electronic messages.

 

The meaning of ‘designated commercial electronic message’ is discussed in greater detail below in the notes to Schedule 1 to the Bill.

 

The concept of a ‘designated commercial electronic message’ is relevant to the prohibition on sending unsolicited commercial electronic messages in clause 16 of the Bill, and the requirement for commercial electronic messages to contain a functional unsubscribe facility in clause 18 of the Bill.  Designated commercial electronic messages are exempt from clauses 16 and 18.  The effect of these provisions is that messages containing certain factual information and certain messages sent by government bodies, religious organisations, charities, registered political parties, or educational institutions are not required to contain unsubscribe facilities and their sending is not prohibited.  It is worthwhile noting that a lot of such messages would fall outside the meaning of a commercial electronic message as defined in clause 6 for the purposes of this Bill, even without a specific exemption, as they would not be commercial in nature. 



 

director

 

The term ‘director’ is defined to include a member of the governing body of an organisation.  This definition is included to ensure that the term ‘director’ is not limited to persons who have been appointed to the position.

 

The term ‘director’ is used in subparagraph 2(1)(a)(v) of Schedule 1 to the Bill (which relates to when a director of an organisation is the author of a factual message) and in subclause 4(2) of Schedule 2 to the Bill (which relates to when consent may be inferred from publication of an electronic address and refers to the circumstances in which a particular electronic address enables the public to send electronic messages to a particular director of an organisation).

 

educational institution

 

The term ‘educational institution’ is defined to include a pre-school, a school, a college and a university.  It is an inclusive definition, and does not preclude the inclusion of other institutions which would come within the ordinary meaning of educational institutions, within this definition.  This definition would include both private and public educational institutions.  For example it would include Bond University as well as Melbourne University, Catholic high schools and TAFEs.  It would not cover individuals who are conducting training courses on a particular subject matter, for example a person offering private French lessons.

 

This term is used in the definition of ‘designated commercial electronic messages’ in clause 4 of Schedule 1 to the Bill.  This clause provides that certain messages sent by educational institutions are designated commercial electronic messages.  This means that such messages are exempt from the prohibition in clause 16 of the Bill on sending unsolicited commercial electronic messages.  In addition such messages are not required to contain a functional unsubscribe facility (as required by clause 18 of the Bill).  The definition of designated commercial electronic messages is discussed in greater detail below under Schedule 1.

 

electronic message

 

The term ‘electronic message’ is defined to have the meaning given by proposed section 5. 

 

In essence an electronic message is a message sent using an Internet carriage service or other listed carriage service to an electronic address in connection with a particular account.  The terms ‘Internet carriage service’ and ‘listed carriage service’ are defined below in clause 4.  Some examples of electronic messages are e-mail messages and SMS messages.

 

This definition is discussed in greater detail below at clause 5.

 

The meaning of an electronic message is a key concept in the definition of a commercial electronic message, which is broadly an electronic message which has a particular ‘commercial purpose’ (see clause 6 of the Bill).  As discussed above, under the definition of a commercial electronic message, this definition in turn is critical in the penalty provisions in the Bill, which regulate commercial electronic messages.

 

employee

 

The term ‘employee’ is defined to include an individual who is in the service of an armed force, a police force or a religious organisation.  This definition has been included as members of the armed forces and police forces or religious organisations are not ordinarily considered to be ‘employees’.

 

This term is used in subparagraph 2(1)(a)(iii) of Schedule 1 to the Bill (which refers to the circumstance in which an employee of an organisation is the author of a factual message) and in subclause 4(2) of Schedule 2 to the Bill (which relates to when consent may be inferred from publication of an electronic address and refers to the circumstances in which a particular electronic address enables the public to send electronic messages to a particular employee of an organisation).

 

evidential burden

 

The term ‘evidential burden’ in relation to a matter, is defined to mean the burden of adducing or pointing to evidence that suggests a reasonable possibility that the matter exists or does not exist.  This is the same as the definition of an evidential burden in criminal matters (see subsection 13.3(6) of the Criminal Code ).

 

This term is used in the penalty provisions in subclause 16(5), 16(8), 17(4), 18(5) and 20(4), where the initial burden of pointing to evidence rests with the defendant, rather than the prosecution.

 

Federal Court

 

This term is defined to mean the Federal Court of Australia.  This term is used in Part 4 of the Bill.  Under this Part the Federal Court may order a person to pay a pecuniary penalty if the Court is satisfied that a person has contravened a civil penalty provision.  The rules regulating commercial electronic messages (ie prohibiting the sending of commercial electronic messages, the requirement to include accurate sender information in commercial electronic messages, the requirement to include functional unsubscribe facilities in commercial electronic messages and the prohibition on the supply, acquisition or use of address-harvesting software or lists generated from such), and any provision of the regulations declared to be a civil penalty provision are civil penalty provisions.  Under clause 26 of the Bill the ACA may institute proceedings in the Federal Court for the recovery of a pecuniary penalty. 

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).

 

Part 5 of the Bill provides for the Federal Court, on the application of the ACA, to grant injunctions in relation to contraventions of civil penalty provisions.

 

goods

 

The term ‘goods’ is defined to have the same meaning as in the TPA.

 

Section 4 of the TPA defines goods as including ships, aircraft and other vehicles; animals, including fish; minerals, trees and crops, whether on, under or attached to land or not; and gas and electricity.

 

This definition is relevant to the meaning of commercial electronic messages in clause 6 of the Bill.

 

The definition of goods is also relevant to the meaning of acquire or supply, which are relevant to the rules relating to address-harvesting software and harvested-address lists in Part 3 of the Bill.  Relevantly, in this context, goods would include software.

 

government body

 

The term ‘government body’ is defined to mean a department, agency, authority or instrumentality of the Commonwealth, State or Territory or of the government of a foreign country or of part of a foreign country (eg. a State or province of a foreign country).  The term ‘agency’ is defined above to include armed forces and police forces.

 

It includes a Commonwealth department, such as the Department of Communications, Information Technology and the Arts, a statutory authority such as the ACA and includes foreign government and authorities.  A part of a foreign country means, for example, one of the States of the United States of America.

 

The term ‘government body’ is used in the definition of ‘designated commercial electronic message’ in clause 3 of Schedule 1 of the Bill.  This is relevant to the exceptions to clauses 16 and 18 (the prohibition on sending unsolicited commercial electronic messages, and the requirement on including functional unsubscribe facilities in commercial electronic messages).  Certain messages sent or authorised to be sent by government bodies are exempt from these provisions.  The definition of commercial electronic messages is discussed in greater detail below under Schedule 1.



 

harvested-address list

 

The term ‘harvested address-list’ is defined to mean a list, collection or compilation of electronic addresses, where the list, collection or compilation was produced by using address-harvesting software to any extent (see definition of address-harvesting software above in clause 4).

 

Lists which consist primarily of addresses which have been collected using address-harvesting software, but which include some addresses which have been obtained from other means, will be included in this definition.

 

The definition does not cover lists which are compiled solely by means other than the use of address-harvesting software.  For example if electronic addresses are harvested from a source other than the Internet and compiled in a list then they do not come within this definition.  For example, the definition does not cover integrated public number databases which are not collected via the Internet.  It also does not cover manually created lists.

'Electronic address' is not defined in the Bill but includes e-mail addresses, telephone numbers and the like.

 

This term is relevant to the rules about address-harvesting software and harvested-address lists set out in Part 3 of the Bill, which prohibits the supply, acquisition or use of harvested-address lists for the purposes of contravening clause 16.

 

This definition covers lists produced before the commencement of this Bill.  Therefore a person must not supply, acquire or use a harvested-address list even if the list was produced prior to the commencement of this Bill.

 

international convention

 

The term ‘international convention’ is defined to mean a convention to which Australia is a party, or an agreement between Australia and a foreign country.  This term is used in clause 45 of the Bill which enables regulations to make provision for giving effect to an international convention that deals with commercial electronic messages and/or address-harvesting software.  The terms ‘commercial electronic message’ and ‘address-harvesting software’ are defined in clause 4.

 

The definition of international convention includes a treaty which Australia has signed and/or ratified.  It also includes other agreements between Australia and a foreign country. 

 

Australia is currently pursuing bilateral agreements on general cooperation between anti-spam agencies, for example between NOIE, the ACA and the Korea Information Security Agency (KISA).  Once a legislative basis has been provided and the Australian enforcement arrangements are in place, the focus will shift to agreements which will facilitate mutual investigations and enforcement activities.

 

Internet carriage service

 

This term is defined to mean a listed carriage service that enables end-users to access the Internet.  A listed carriage service is defined in clause 4 (see discussion below under the definition of ‘listed carriage service’).

 

Like the Telecommunications Act, the Telecommunications (Consumer Protection and Service Standards) Act 1999 , and the Interactive Gambling Act 2001 , the term ‘end-user’ is used in this Bill without being defined.  An end-user need not necessarily be a customer of an Internet service provider.

 

This term is relevant to the definition of an ‘electronic message’, which is defined in clause 5 of the Bill, and includes certain messages sent using an Internet carriage service.

 

investment

 

The term ‘investment’ is defined broadly to mean any mode of application of money or other property for the purpose of gaining a return (whether by way of income, capital gain or any other form of return). 

 

This term is used in the basic definition of a ‘commercial electronic message’ in clause 6 of the Bill, which includes messages which offer to provide investment opportunities or which advertise or promote investment opportunities or providers or suppliers of investment opportunities.  It is defined to ensure that offers to provide investment opportunities or to advertise investment opportunities may come within the meaning of a commercial message even if there is no guaranteed income return for the investment.  For example, an offer to buy land could come within the meaning of an investment opportunity, notwithstanding that there may be no direct income return for the investment of money, but may merely be an opportunity for a capital gain.

 

listed carriage service

 

This term is defined to have the same meaning as in the Telecommunications Act.  Section 16 of the Telecommunications Act defines a listed carriage service as:

 

·       a carriage service between a point in Australia and one or more other points in Australia;

·       a carriage service between a point in Australia and one or more other points, at least one of which is outside Australia; and

·       a carriage service between a point outside Australia and one or more other points, at least one of which is in Australia.

 

Subsection 16(2) of the Telecommunications Act provides that a ‘point’ includes a mobile or potentially mobile point, whether on land, underground, in the atmosphere, in outer space, at sea or anywhere else.  This would include, for example, points on vehicles, aircraft and ships.

 

Subsection 16(3) of the Telecommunications Act makes it clear that a point in the atmosphere, in or below the stratosphere and above Australia is taken to be in Australia.  Accordingly, a point on an aircraft above Australia is taken to be a point in Australia for the purpose of this clause. 

 

Subsection 16(4) of the Telecommunications Act provides that a point on a satellite that is above the stratosphere is taken to be a point outside Australia.

 

A ‘carriage service’ is defined in section 7 of the Telecommunications Act, see definition of ‘carriage service’ above in clause 4.

 

This definition of ‘listed carriage service’ is relevant to the meaning of an electronic message, which is defined in clause 5 of the Bill.  A listed carriage service would include an Internet carriage service or a mobile telephone service where such services involve a ‘point’ in Australia (as discussed above).

 

logo

 

The term ‘logo’ is defined to include a trade mark. 

 

This term is used in clause 2 of Schedule 1 to the Bill (which deals with factual electronic messages).  This clause enables messages containing factual information to include a logo identifying the authorised sender of the message, the author’s employer, or the message’s sponsor, without bringing it within the meaning of a commercial electronic message.

 

message

 

A message is defined broadly to mean any information whether in the form of text, data, speech, music or other sounds, visual images, or any other form or combination of forms.  This is similar to the definition of ‘communications’ in section 7 of Telecommunications Act.

 

It is defined broadly to ensure that messages which simply include a graphic (for example to attempt to get around filtering software) may still be included within the meaning of a commercial electronic message for the purposes of this Bill, notwithstanding that it does not contain any text.

 

This term is integral to the definition of an electronic message, which is defined to mean a message sent using a particular type of service to an electronic address (see clause 5 of the Bill).



 

mistake

 

The term ‘mistake’ is defined to mean a reasonable mistake of fact.  This term is relevant to the defences provided in subclauses 16(4), 17(3) and 18(4).  These provisions provide a defence to the rules prohibiting the sending of unsolicited commercial electronic messages, requiring commercial electronic messages to include accurate sender information, and requiring commercial electronic messages to include a functional unsubscribe facility, if the person sent the message, or caused the message to be sent by mistake.

 

This definition ensures that the defence is only available if the mistake was reasonable and it removes any possible argument that the defence is available if the person has made a mistake as to the law. 

 

organisation

 

An organisation is defined to include a body corporate, a partnership, a government body (as defined in clause 4 of this Bill), a court or tribunal and an unincorporated body or association.

 

This term is used in various provisions in the Bill, including clauses 7 (Australian link), 8 (authorising the sending of electronic messages), 17(1) (commercial electronic message must include accurate sender information), 18(1), (3) and (9) (commercial electronic messages must contain a functional unsubscribe facility), clauses 2 and 3 of Schedule 1 to the Bill (dealing with factual electronic messages and electronic messages sent by religious or charitable organisations), and clauses 2, 4 and 6 of Schedule 2 to the Bill (dealing with consent).

 

Paragraph 22(1)(a) of the Acts Interpretation Act 1901 provides that in any Act, unless the contrary intention appears, the word ‘person’ includes a body politic (such as a Commonwealth, State or Territory government) or a body corporate (such as a company or an incorporated association) as well as an individual.  To avoid the possibility of a court finding a contrary intention in the Bill, the Bill makes it clear that express references in the Bill to organisations do not imply that references in the Bill to persons do not include bodies politic or bodies corporate.

 

penalty unit

 

This term is taken to have the meaning given by section 4AA of the Crimes Act 1914 (Cth), which provides that in a law of the Commonwealth, unless the contrary intention appears, penalty unit means $110.  This term is used in clause 25 (maximum penalties for contravention of civil penalty provisions) and clause 5 of Schedule 3 (amount of penalty under the infringement notice scheme).



 

person

 

A person is defined to include a partnership.  A person would also include individuals as well as bodies politic or corporate (as provided for in paragraph 22(1)(a) of the Acts Interpretation Act 1901 ).

 

The note to this definition provides that section 585 of the Telecommunications Act sets out rules relating to the treatment of partnerships.  Section 585 of the Telecommunications Act will also apply to this Bill, by virtue of proposed amendments to this section by the Spam Consequentials Bill.

 

Section 585 of the Telecommunications Act (as amended by the Spam Consequentials Bill) will provide that this Bill applies to a partnership as if the partnership were a person, with some changes.  Namely, obligations that would be imposed on the partnership are imposed instead on each partner, but may be discharged by any of the partners, and any breach of this Bill that would otherwise be committed by the partnership is taken to have been committed by each partner who aided, abetted, counselled or procured the relevant act or omission or was in any way knowingly concerned in or party to the relevant act or mission.

 

This has the effect that if a partner in a partnership breaches the penalty provisions in the Bill, each partner who aided, abetted, counselled or procured, or was knowingly concerned in or was a party to the relevant act would be in breach. 

 

publish

 

The term ‘publish’ is defined to include publish on the Internet and publish to the public or a section of the public.  This term is used in the context of determining consent for the purposes of the Bill, see clause 4 of Schedule 2 to the Bill.  Clause 4 of Schedule 2 provides when consent may, or may not, be inferred from publication of an electronic address.  It provides that the mere fact that an electronic address has been published does not imply consent for the purposes of receiving unsolicited commercial electronic messages under this Bill. 

 

This definition ensures that the meaning of publish cannot be limited to electronic addresses published in hard copy and not on the Internet.  Nor can its meaning be limited to addresses published to the public broadly.  It includes publication to a limited or restricted audience, for example on a subscription based web page.  Therefore publication of an electronic address includes where an e-mail address has been published on the Internet, either on a restricted section of the Internet (for example on a subscription service website) or on a generally accessible place on the Internet.



 

registered political party

 

This term is defined to mean a political party, or branch or division of a political party, that is registered under the Commonwealth Electoral Act 1918 , or a State or Territory electoral law.

 

The term ‘registered political party’ is used in the definition of ‘designated commercial electronic message’ in clause 3 of Schedule 1 of the Bill.  This is relevant to the exceptions to clauses 16 and 18 (the prohibition on sending unsolicited commercial electronic messages, and the requirement on including functional unsubscribe facilities in commercial electronic messages).  Messages sent or authorised to be sent by registered political parties are exempt from these provisions.  This definition has been included so as to avoid persons who are not legitimately considered to be political parties attempting to take advantage of the exemption.

 

relevant electronic account-holder

 

The relevant electronic account-holder in relation to the sending of an electronic message to an electronic address means the person (either an individual or an organisation) who is responsible for the relevant account (either e-mail account - in the case of an e-mail messages, an instant messaging account - in the case of an instant message, a telephone account - in the case of a telephone number, or any other relevant account).

 

For example, this may be the individual or organisation who has paid for the relevant account (for example Koala Kites Pty Ltd for an e-mail account for its employees) or the person who initiates the account for free accounts such as provided by a free web-based e-mail service).

 

This term is relevant to the concept of consent which is defined in Schedule 2 to the Bill.  The rules relating to the sending of commercial electronic messages set out in clause 16 (prohibiting the sending of unsolicited commercial electronic messages) do not apply where the relevant electronic account-holder has consented to the sending of the message.  It is also used in the context of establishing an Australian link in clause 7 of the Bill.

 

send

 

The term ‘send’ is defined to include an attempt to send.  This clarifies that the concept of ‘send’ does not require a person to have received the message.  A message has been sent regardless of its successful receipt or otherwise.

 

The concept of ‘send’ is central to the penalty provisions in Part 2 of the Bill which broadly prohibit the sending of unsolicited commercial electronic messages (clause 16), prohibit the sending of commercial electronic messages unless they include accurate sender information (clause 17), and prohibit the sending of commercial electronic messages unless they contain a functional unsubscribe facility (clause 18).

 

This definition is included to ensure that a person will be in breach of these provisions even if they have not been successful in sending the message (for example because the server was down, an electronic address did not exist, or the recipient does not receive the message).

 

The term is also used in the basic definition of an electronic message in clause 5.  Subclauses 5(2) and (3) of this definition reinforce that a message may be sent regardless of whether an electronic address exists, and regardless of whether or not a message reaches its intended destination.

 

It is clarified in clause 9 that a person does not send an electronic message, or cause it to be sent, merely because the person provides a carriage service that allows the message to be sent.

 

services

 

The term ‘services’ is defined to have the same meaning as in the TPA.

 

Section 4 of the TPA defines services as follows:

services includes any rights (including rights in relation to, and interests in, real or personal property), benefits, privileges or facilities that are, or are to be, provided, granted or conferred in trade or commerce, and without limiting the generality of the foregoing, includes the rights, benefits, privileges or facilities that are, or are to be, provided, granted or conferred under:

                     (a)  a contract for or in relation to:

                              (i)  the performance of work (including work of a professional nature), whether with or without the supply of goods;

                             (ii)  the provision of, or the use or enjoyment of facilities for, amusement, entertainment, recreation or instruction; or

                            (iii)  the conferring of rights, benefits or privileges for which remuneration is payable in the form of a royalty, tribute, levy or similar exaction;

                     (b)  a contract of insurance;

                     (c)  a contract between a banker and a customer of the banker entered into in the course of the carrying on by the banker of the business of banking; or

                     (d)  any contract for or in relation to the lending of moneys;

but does not include rights or benefits being the supply of goods or the performance of work under a contract of service.

 

The concept of ‘services’ is used in clause 6 of the Bill which sets out the basic definition of commercial electronic messages.  Paragraphs 6(1)(d) to (f) include messages which offer to supply services or advertise or promote services or suppliers or prospective suppliers of services.



 

software

 

The term ‘software’ is defined to include a combination of software and associated data.

 

This term is used in the definition of address-harvesting software (see discussion above) and in Part 3 of the Bill which sets out rules about the supply, acquisition and use of address-harvesting software and harvested-address lists.

 

standard telephone service

 

The term ‘standard telephone service’ is defined in clause 4 to mean the same as the definition of the term in the Telecommunications (Consumer Protection and Service Standards) Act 1999 .  The definition of ‘standard telephone service’ includes voice telephony and another form of communication that is equivalent to voice telephony that would be required to be supplied to the end-user in order to comply with the Disability Discrimination Act 1992 .

 

The definition of standard telephone service includes mobile telephone services.

 

This term is used in the definition of ‘electronic message’ in clause 5.  Messages sent by way of a voice call made using a standard telephone service are excluded from the meaning of an electronic message for the purposes of this Bill (subclause 5(5)).

 

supply

 

The term ‘supply’ is defined to have the same meaning as in the TPA, when used in relation to goods or services.

 

Section 4 of the TPA defines ‘supply’ as follows:

supply , when used as a verb, includes:

                     (a)  in relation to goods—supply (including re-supply) by way of sale, exchange, lease, hire or hire-purchase; and

                     (b)  in relation to services—provide, grant or confer;

and, when used as a noun, has a corresponding meaning, and supplied and supplier have corresponding meanings.

 

When supply is used in relation to land it is defined to include transfer.  This definition is included as the term ‘services’ is limited under the definition of section 4 of the TPA to rights, benefits, or facilities occurring in trade or commerce (see discussion of definition of services above in clause 4).  In O’Brien and Another v Smolonogov and Another (1984) 53ALR107 the Federal Court found that the private sale of land does not occur in trade or commerce.  Therefore it would not be a supply of a service under the TPA.  This definition of supply in relation to land is therefore necessary to ensure that it includes the private sale of land (which would not be included in the meaning of a service, as it has not occurred in trade or commerce). 

 

When supply is used in relation to an interest in land it is defined to include transfer or create.

 

The term ‘supply’, in relation to goods or services, and in relation to land or an interest in land is used in the definition of commercial electronic messages in clause 6 of the Bill.  Paragraphs 6(1)(g) to (i) include messages which offer to supply land and or an interest in land, or which advertise or promote land or an interest in land, and or a supplier of land or an interest in land.

 

The concept of ‘supply’ is also relevant to the rules relating to the supply of address-harvesting software and harvested-address lists.  Clause 20 prohibits a person supplying or offering to supply address-harvesting software or harvested-address lists where they are intended to be used to send commercial electronic messages in contravention of clause 16.

 

The term ‘supply’ when used in relation to software (which is a good) includes an exchange for no money.

 

use

 

The term ‘use’ has a meaning affected by clause 11 of the Bill.  Clause 11 of the Bill gives an extended meaning of ‘use’.  It provides that unless the contrary appears, a reference in this Bill to the use of a thing is a reference to the use of the thing either in isolation or in conjunction with one or more other things.   This clause is based on section 24 of the Telecommunications Act.

 

An example of a provision of the Bill which uses this term is clause 5, which provides that an electronic message is a message sent using an Internet carriage service or other listed carriage service to an electronic address.

 

Clause 11ensures that it is clear that a customer would be considered to use an Internet carriage service to send a message even if the customer uses the Internet carriage service in conjunction with another listed carriage service.

 

voice call

 

The term ‘voice call’ is defined in clause 4 to mean a voice call within the ordinary meaning of the expression, or a call that involves a recorded or synthetic voice or an equivalent call to a voice call for a person with a disability.  The reference to an equivalent call to a voice call for a person with a disability has been included to ensure that it is clear that use of the National Relay Service and a teletypewriter by hearing impaired persons is considered to be a voice call for the purposes of the definition of ‘voice call’.

 

This term is used in the definition of ‘electronic messages’ in clause 5.  Messages sent by way of a voice call made using a standard telephone service are excluded from the meaning of an electronic message for the purposes of this Bill (subclause 5(5)).

 

Clause 5 - Electronic messages

 

Clause 5 defines an ‘electronic message’ for the purposes of the Bill.  This term is a key element in the penalty provisions.  Part 2 of the Bill sets out various rules applying to the sending of commercial electronic messages that have an Australian link (see discussion above at clause 4 for the meaning of an ‘Australian link’).  Clause 16 prohibits the sending of commercial electronic messages that have an Australian link (subject to various exemptions), unless there is prior consent.  Clause 17 prohibits the sending of a commercial electronic message that has an Australian link unless it includes accurate sender information.  Clause 18 prohibits the sending of commercial electronic messages that have an Australian link (subject to various exemptions) unless the message includes a functional unsubscribe facility. 

 

The definition of an ‘electronic message’ is also relevant to the penalty provisions in Part 3 of the Bill, which prohibit the supply, acquisition or use of address-harvesting software or an electronic address list produced using such software where it is intended to be used in connection with the sending of commercial electronic messages in contravention of clause 16 of the Bill.

 

The definition of an electronic message has two parts to it.  The first part of the definition relies on the message being sent using a particular types of carriage service, an Internet carriage service or any other listed carriage service.  The terms ‘message’, ‘sent’, ‘Internet carriage service’ and ‘listed carriage service’ are defined in clause 4 of the Bill. 

 

A message which includes solely text, or solely graphics or a combination of these may be included in the definition of an electronic message (see definition of ‘message’ in clause 4 of the Bill).

 

Messages may come within this definition even if they use the relevant carriage service in conjunction with another service (see extended meaning of use in clause 11 of the Bill).  For example an e-mail message may be sent using a standard telephone service and an Internet carriage service.

 

The second part of the definition in subclause 5(1) requires the message to be sent to an electronic address in connection with a particular account.  The term ‘electronic address’ is not defined for the purposes of the Bill but the note to this subclause provides that e-mail addresses and telephone numbers are examples of electronic addresses. 

 

The most common examples of electronic messages would be e-mail messages and SMS messages, but there is likely growth into new technologies such as Multimedia Messaging Services (MMS).

 

To come within the meaning of an electronic message, the message must be sent to an electronic address which has a connecting account, for example an e-mail account in the case of e-mail or a phone account, in the case of SMS messages.  This means that a message sent to an Internet Protocol address to recover a web page would not be an electronic message for the purposes of this Bill as the electronic address (ie the IP address) is not connected with a particular account.  A message sent to an IP address associated with an instant messaging service or web-mail account, would however be an electronic message for the purposes of this.

 

An ‘account’ is defined in clause 4 of the Bill to include a free account and a pre-paid account.  This removes any doubt that a free account, such as a free web-based e-mail account, would come within the meaning of an account.  Therefore an e-mail message sent to a free web-based e-mail account would come within the meaning of an electronic message for the purposes of this Bill.  An account is also defined to include a pre-paid account.  Therefore if a person has a pre-paid mobile phone account (for example a pre-paid SIM card) then an SMS message sent to a person with this pre-paid phone account would also come within the meaning of an electronic message for the purposes of this Bill.

 

Subclause 5(2) makes it clear that a message can still come within the meaning of an ‘electronic message’ for the purposes of the Bill, even if the electronic address to which the message was sent does not exist.  This is designed to ensure that messages sent to random addresses (a common technique used by spammers) can still come within the meaning of an ‘electronic message’ for the purposes of this Bill even if the addresses do not exist.  For example a spammer may use a dictionary attack to send spam messages.  This involves the person choosing random addresses (for example acollins@hotmail.com, bcollins@hotmail.com, ccollins@hotmail.com etc) and sending messages to these addresses, without knowing whether they are valid addresses.  For the purposes of this Bill, such a message can come within the meaning of an ‘electronic message’ even if these addresses do not exist.

 

Subclause 5(3) makes it clear that a message can come within the definition of an ‘electronic message’ for the purposes of this Bill even if the message fails to reach its intended destination.  This is reinforced by the definition of ‘send’ in clause 4 of the Bill which includes ‘attempt to send’.  For example, this means that if a technical failure prohibits the message from reaching its destination, or if a filter ensures that the message does not reach its destination, this will not affect the message’s ability to be classified as an ‘electronic message’ for the purposes of this Bill.  The mere fact of attempting to send a message will bring it within the meaning of an ‘electronic message’ for the purposes of this Bill.

 

Certain messages, which would ordinarily come within the meaning of an ‘electronic message’ are specifically excluded from the definition for the purposes of the Bill.  Subclause 5(5) excludes voice calls made using a standard telephone service from the meaning of an ‘electronic message’.  The terms ‘voice call’ and ‘standard telephone service’ are defined in clause 4. 

 

This means that telemarketing (that is voice to voice calls over the telephone) is not an electronic message and is therefore not covered by this Bill.  Similarly if a voice message is left on a phone answering machine, this would be excluded from the meaning of an ‘electronic message’ (as a voice call is defined in clause 4 to include a recorded or synthetic voice). It would also exclude Voice Over IP (VOIP) where telephone calls can be made using an Internet connection. 

 

It is possible that messages could be excluded from the meaning of an ‘electronic message’ for the purposes of the Bill by regulation (see subclause 6(7)).  The regulation-making power in subclause 6(7) enables regulations to provide that a specified kind of electronic message is not a commercial electronic message.   This power is intended to be used as a reserve power to cover future technologies if necessary. 

 

Clause 6 - Commercial electronic messages

 

Clause 6 of the Bill sets out the basic definition of a commercial electronic message for the purposes of the Bill.

 

This term is a key concept of the Bill, whose primary purpose is to set up a scheme for regulating commercial electronic messages.  As with the definition of ‘electronic messages’, this term is a key element in the penalty provisions of the Bill (see discussion below in relation to Part 2 of the Bill which sets out various rules applying to the sending of commercial electronic messages that have an Australian link).

 

The definition of a commercial electronic message is broadly based on whether or not the electronic message has a ‘commercial purpose’.  The meaning of an ‘electronic message’ is set out in clause 5 (see discussion above).  The purpose of the message is to be determined by having regard to the content of the message, the way in which the message is presented, and the content that can be located using the links, telephone numbers or contact information (if any) set out in the message.  For example, if the message itself contains nothing of a ‘commercial nature’, but it provides a link to a web page which is ‘commercial in nature’ then this will be a commercial message for the purposes of this Bill.  A common example of this is much of ‘porn spam’ which may not include any commercial element in the actual message, but the message will include a link to a web page which is offering to supply goods or services. 

 

It is sufficient for the purposes of this clause if one of the purposes of the message is a commercial purpose; it need not be the primary or sole purpose of the message.

 

What amounts to a ‘commercial purpose’?

 

Paragraphs 6(1)(d) to (p) set out the various purposes which would bring a message within the meaning of a ‘commercial electronic message’ for the purposes of the Bill.

 

It includes the following purposes:

 

·          to offer to supply, advertise or promote goods or services, or a supplier, or prospective supplier, of goods or services (paragraphs 6(1)(d) to (f)).  The terms ‘goods’, ‘services’ and ‘supply’ are defined in clause 4 of the Bill.  A common example of messages which would be covered by this definition are messages which offer to supply or which advertise ‘pharmaceutical type’ products.  It would also cover messages advertising gambling services;

·          to offer to supply, advertise or promote land or an interest in land or a supplier, or prospective supplier, of land or an interest in land (paragraphs 6(1)(g) to (i)).  This would cover messages which advertise real estate.  The term ‘supply’ in relation to land or interest in land is defined in clause 4 of the Bill;

·          to offer to provide, advertise or promote a business opportunity or investment opportunity or a provider or prospective provider, of a business opportunity or investment opportunity (paragraphs 6(1)(j) to (l)).  This would, for example, include stock market promotions and scams;

·          to assist or enable a person, by deception, to dishonestly obtain property belonging to another person (paragraph 6(1)(m));

·          to assist or enable a person, by deception, to dishonestly obtain a financial advantage from another person (paragraph 6(1)(n)).  This would cover certain scam spam messages such as that commonly known as the Nigerian bank scam, where a person purports to have access, with your assistance, to funds currently tied up in a bank account or trust fund;

·          to assist or enable a person to dishonestly obtain a gain from another person (paragraph 6(1)(o));

·          a purpose specified in the regulations (paragraph 6(1)(p)).  This regulation-making power has been included as a reserve power to enable regulations to be made to cover types of commercial electronic messages which would ordinarily be considered to be spam but which are not covered by the above purposes.  This is a reserve power that would enable regulations to be made at a later date if a particular type of message became apparent which was not covered by this definition.

 

If an electronic message does not come within any of the above paragraphs (ie it does not have a ‘commercial element’), it will not be covered by this Bill even if it may ordinarily be considered to be spam.  For example, a virus which was sent to many electronic addresses, which did not have a ‘commercial element’, as set out in paragraphs (1)(d) to (p) above, would not be a commercial electronic message for the purposes of this Bill.  Similarly an unsolicited message regarding weekend sporting activities which did not come within paragraphs (1)(d) to (p) would not be covered by this Bill.

 

Examples of commercial electronic messages

 

The following paragraphs set out examples of messages currently in existence which would be covered by the definition of a commercial electronic message in this Bill.

 

Some common examples are:

·          offers for credit and mortgage arrangements;

·          offers for computer goods including software and hardware;

·          promotions of pornographic websites or services;

·          Nigerian scam e-mail;

·          get-rich-quick schemes;

·          pharmaceutical and health related product promotions;

·          health and other insurance promotions;

·          stock-market promotions.

 

Subclause 6(2) provides that a message will still be considered to be a ‘commercial electronic message’ for the purposes of this Bill even if the goods, services, land, interest or opportunity, described in paragraphs 1(d) to (l) do not exist.  Therefore if a person is seeking to sell land which does not exist then the message could still be classified as a ‘commercial electronic message’.

 

Similarly, it is immaterial whether it is lawful to acquire the goods, service, land or interest or to take up the opportunity for the purposes of paragraphs 1(d) to (l) (subclause 6(3)).  For example a message offering to supply a prohibited pharmaceutical would still come within the meaning of a ‘commercial electronic message’ for the purpose of this Bill, notwithstanding that the supply of such a pharmaceutical is not legal.

 

Subclause 6(4) is included to avoid doubt that the persons mentioned in subparagraphs (1)(f), (i) and (l) to (o) may be the individual or organisation who sent the relevant message or authorised the sending of the message.  This subclause has been included to avoid any argument that the person mentioned cannot be the sender or authoriser of the message.

 

Subclause 6(5) makes it clear that the purposes specified in paragraphs (1)(d) to (p) are to be read independently of each other.  That is, a message does not have to have all the purposes set out in these paragraphs.  It may come within the meaning of a commercial electronic message if it has one or more of these purposes.

 

It is possible to exclude specified kinds of electronic messages from the meaning of a commercial electronic message for the purposes of this Bill by regulation (subclause 6(7)).  This regulation-making power is designed to be used as a reserve power to give certainty to industry if it is unclear whether or not a particular type of message would come within the meaning of a commercial electronic message for the purposes of this Bill.  This power would enable regulations to specify the content or the type of service used to send a message for the purposes of excluding the message from the meaning of a commercial electronic message.

 

The ability to include messages with a certain purpose within the meaning of a commercial electronic message is provided for in subparagraph 6(1)(p).

 

Subclauses 6(8) to (10) provide that expressions used in paragraphs (1)(m) to (o) of this clause have the same meanings as in sections 134.1, 134.2 and 135.1 respectively of the Criminal Code

 

Section 134.1 of the Criminal Code provides for the offence of obtaining property by deception (the purpose specified in (1)(m)).  Subsection 134.1(3) defines the circumstances in which a person will be taken to have ‘obtained’ property.  These circumstances are where a person (the ‘first person’):

 

(a)                 obtains ownership, possession or control of property for himself or herself or for another person; or



(b)                enables ownership, possession or control of the property to be retained by himself or herself; or



(c)                 induces a third person to pass ownership, possession or control of the property to another person; or



(d)                induces a third person to enable another person to retain ownership, possession or control of the property; or



(e)                 subsections 134.1(9) or (10) of the Criminal Code applies.

 

Section 134.2 of the Criminal Code provides an offence of obtaining a financial advantage by deception (the purpose specified in 6(1)(n)) and section 135.1 of the Criminal Code provides an offence of dishonestly obtaining a gain (the purpose specified in 6(1)(o)).  The way in which the courts interpret these provisions will be relevant to the interpretation of paragraphs 6(1)(m) to (o) of the Bill.

 

Clause 7 - Australian link

 

Clause 7 sets out when a ‘commercial electronic message’ has an ‘Australian link’ for the purposes of this Bill.  A ‘commercial electronic message’ is defined in clause 6 of the Bill (see discussion above).

 

The concept of an ‘Australian link’ is a key element of the penalty provisions in Part 2 of the Bill.  The rules about sending commercial electronic messages set out in Part 2 (ie that unsolicited commercial electronic messages must not be sent, that commercial electronic messages must include sender information, and that commercial electronic messages must contain a functional unsubscribe facility), only apply to commercial electronic messages that have an ‘Australian link’.

 

Essentially these rules are intended to apply to:

·          commercial electronic messages originating in Australia and sent to any destination; and

·          commercial electronic messages originating overseas and being sent to an Australian destination.

 

They are not intended to apply to spam originating overseas and not sent to an Australian destination.

 

A link can be established according to:

a)       where the message originates from, either through the person actually sending the message or the person authorising the sending (see paragraphs 7(a) and (b)); or

b)       where the message is accessed (see paragraphs 7(c) and (d)).

 

Clause 7 sets out when an ‘Australian link’ will be established.  It provides that a commercial electronic message has an Australian link if:

 

·          the message originates in Australia;

·          the message sender or person who authorised the sending is physically present in Australia when the message is sent, or if an organisation has sent the message, the organisation’s central management and control is in Australia;

·          the computer, server or device that is used to access the message is located in Australia;

·          the relevant electronic account-holder is physically present in Australia when the message is sent (if it is an individual), or the relevant account-holder is an organisation that carries on business or activities in Australia when the message is sent.

 

A link is also provided for if the message cannot be delivered because the relevant electronic address does not exist (see paragraph 7(e)).  This is necessary as a person may breach the provisions relating to sending commercial electronic messages even if the message is sent to a non-existent address (see subclause 16(6)).  In such a case there could be no Australian link established under the rules set out in paragraphs 7(c) and (d) as there would be no relevant electronic account-holder.  Where an address does not exist the relevant link will be established if it is reasonably likely the computer, server or device that would have been used to access the message is located in Australia, assuming that the address did exist.  For example this test could be satisfied if an e-mail message was sent to an address in the dot au domain.

 

An Australian link will be established if any one or more of these links is established.

 

The following sets out examples of when the sending of a message will have an Australian link and therefore potentially come within the scope of this Bill:

·          the person (whether an Australian resident or not) sending the electronic message is physically present in Australia when the message is sent and uses a server located in Australia.  This will be covered regardless of where message is sent to (Australia to Australia or Australia to overseas, this is covered by paragraph 7(b));

·          the person (whether an Australian resident or not) sending the electronic message is physically present in Australia when the message is sent and uses a server located overseas.  This will be covered regardless of where the message is sent to (Australia to Australia or Australia to overseas, this is covered by paragraph 7(b));

·          a person (whether an Australian resident or not) present in Australia when the electronic message is sent commissions a third party outside of Australia to send the message.  This will be covered regardless of where the message is sent.  (Australian using a third party - Australia to Australia or Australia to Overseas, this is covered by paragraph 7(b));

·          a person outside Australia when the electronic message sent commissions a third party present in Australia to send a message.  This is covered regardless of where the message is sent (Australian third party - Australia or Overseas, this is covered by paragraph 7(b)); and

·          an electronic message sent from an overseas location (eg person sending spam is located overseas and uses a server located overseas) is sent to a person who accesses the message while in Australia (Overseas to Australia, this is covered by paragraph 7(d)).

 

For example, if a spam message is sent to a resident of the United States at a free web-based e-mail address, this message will have an Australian link for the purposes of this Bill if the US resident is holidaying in Australia at the time he or she accesses this message.  It may be noted however, that it is unlikely that the sending of such a message would be successfully prosecuted as subclause 16(7) of the Bill provides a defence to the prohibition on sending unsolicited commercial electronic messages with an Australian link if the person sending the message did not know and could not with reasonable diligence have ascertained that the message had an Australian link.

 

The following are examples of messages that will not be covered by the prohibition as there will be no Australian link:

·          the person sending the electronic message is an Australian resident (currently outside Australia) and uses a server located overseas and the message is sent to an Australian resident who accesses the message while outside Australia (overseas to overseas);

·          the person sending the electronic message is not an Australian, uses a server located outside Australia and sends a message to a person located outside Australia (overseas to overseas);

·          an electronic message originates overseas, automatically transmits through a relay server that is physically located in Australia, and is received in an overseas location (overseas to overseas).

 

For example if a spam message is sent to an Australia resident’s e-mail account in the dot au domain, but the Australian accessed the message while he or she was holidaying outside Australia then an Australian link will not have been established and the message will not come within the scope of this Bill.

 

‘Australia’ when used in the geographical sense is defined in clause 4 to include the External Territories, and consequently includes Norfolk Island.

 

Clause 8 - Authorising the sending of electronic messages

 

Clause 8 provides for the circumstances in which the sending of electronic messages will be taken to be authorised for the purposes of the Bill.

 

Proposed subsection 8(1) provides that if an individual authorises the sending of an electronic message and does so on behalf of an organisation then the organisation rather than the individual is taken to have authorised the sending of the message.  An organisation is defined in clause 4 of the Bill. 

 

For example if a Qantas employee authorises the sending of a message in the course of his or her employment then Qantas the organisation will be taken to have authorised the sending of the message for the purposes of the Bill.  This will not apply where a person purports to send a message on behalf of an organisation but goes beyond his or her authority.  In this case the organisation will not be taken to have authorised the message for the purposes of the Bill.  This attribution of authorisation to the organisation rather than the individual is necessary to ensure that the functional unsubscribe message and the information identifying the person who authorised the sending of the message refer to the organisation rather than the individual.  This ensures that if a particular individual employee in an organisation leaves then the sender information or unsubscribe is not affected.

 

Proposed subsection 8(2) provides that if an electronic message is sent by an individual or organisation without being authorised by any other individual or organisation, then the first-mentioned individual or organisation is taken to authorise the sending of the message.  This has been included to avoid any argument that self-authorisation does not amount to authorisation, that is an argument that an individual or organisation cannot authorise something on his or her or their behalf.  The effect of this provision is that if Joe Bloggs sends a message on his behalf (and no one else has authorised its sending) then Joe Bloggs is taken to have authorised the sending of the message for the purposes of this Bill.

 

The term ‘authorise’, in relation to the sending of an electronic message, is used in paragraph 7(b) (dealing with ‘Australian link’) and clause 17 (which requires commercial electronic messages to include accurate information identifying the person who authorised the sending of the message) and clause 18 (which requires commercial electronic messages to include an unsubscribe facility to enable a person to send an unsubscribe message to the person who authorised the sending of the message).

 

Clause 9 - Sending of electronic messages - carriage service providers

 

Clause 9 provides that for the purposes of this Bill a person does not send an electronic message, or cause an electronic message to be sent, merely because the person supplies a carriage service that enables the message to be sent.

 

This provision has been included to avoid any doubt (subclause 9(2)).

 

This provision has been included to avoid any argument that a carriage service provider (for example an Internet service provider) could be in breach of the prohibitions relating to sending commercial electronic messages (in clauses 16, 17 and 18) simply because they have supplied the carriage service by which the message has been sent.  They are not deemed to have sent or caused the message to have been sent for the purposes of this Bill.  This is analogous to a postal situation where the person who writes a letter and posts it is considered to have sent the letter, not the postman.  In an electronic situation the person who has sent the message is the person who composed the message or hit the ‘send’ button, not the provider of the carriage service over which the message was relayed.

 

The mere fact of supplying the service to send the message will not amount to an ancillary contravention (for example aiding and abetting, see subclauses 16(10), 17(6) and 18(7)).  However, if a carriage service provider actively participated in sending a message in breach of clauses 16 to 18 (for example if they advertised their services to encourage spammers) then they may be in breach of the ancillary provision prohibiting a person to be knowingly concerned in or aiding and abetting a contravention (see subclauses 16(9), 17(5) and 18(6)). 

 

Clause 10 - Continuity of partnerships

 

This clause provides that for the purpose of this Bill, a change in the composition of a partnership does not affect the continuity of the partnership.  This means for example that if one partner leaves a partnership, any obligations or rights of the remaining partners are not affected.

 

Clause 11 - Extended meaning of use

 

Proposed section 11 of the Bill gives an extended meaning of use.  It provides that unless the contrary appears, a reference in this Bill to the use of a thing is a reference to the use of the thing either in isolation or in conjunction with one or more other things.   This clause is based on section 24 of the Telecommunications Act.

 

As discussed above in the definition of ‘use’ in clause 4, an example of a provision of the Bill which uses this term is clause 5, which provides that an electronic message is a message sent using an Internet carriage service or other listed carriage service to an electronic address.

 

Clause 11 ensures that it is clear that a customer would be considered to use an Internet carriage service to send a message even if the customer uses the Internet carriage service in conjunction with another listed carriage service.

 

Clause 12 - Crown to be bound

 

Subclause 12(1) means that the Bill binds the Crown in the right of the Commonwealth and each of the State and Territories.

 

Subclause 12(2) provides that the Bill does not make the Crown liable to a pecuniary penalty or to be prosecuted for an offence.

 

Subclause 12(3) provides that the protection in subclause (2) does not apply to an authority of the Crown.  This means that an authority of the Crown, for example a statutory authority such as the ACA may be liable to a pecuniary penalty or to be prosecuted for an offence under the Bill. 

 

Clause 13 - Extension to external Territories

 

Clause 13 provides that the Bill extends to every external Territory.  The external Territories include Norfolk Island, Christmas Island and the Cocos (Keeling) Islands.

 

Clause 14 - Extra-territorial application

 

Clause 14 provides that, unless a contrary intention appears, the Bill extends to acts, omissions, matters and things outside Australia.  The penalty provisions in Parts 2 and 3 are extra-territorial in their application, see discussion below for Parts 2 and 3.

 

Part 2 - Rules about sending commercial electronic messages

 

Part 2 sets out the principal penalty provisions in the Bill.  These are civil penalty provisions.  Part 4 and Schedule 3 of the Bill set out the penalties which apply for contravention of these civil penalty provisions and the action which may be taken to recover these penalties.

 

Clause 15 - Simplified outline

 

Clause 15 sets out a simplified outline of Part 2 of the Bill to assist readers.  It is not designed as a comprehensive statement of the provisions in Part 2.  It is simply a broad overview.

 

Clause 15 outlines the prohibitions and requirements set out in Part 2 which are as follows:

 

·          unsolicited commercial electronic messages must not be sent;

·          commercial electronic messages must include information about the person (individual or organisation) who authorised the sending of the message;

·          commercial electronic messages must contain a functional unsubscribe facility.

 

Clause 16 - Unsolicited commercial electronic messages must not be sent

 

Clause 16 prohibits the sending of commercial electronic messages where there is an Australian link, subject to various exceptions, unless there is prior consent.

 

Subclause 16(1) provides that a person must not send, or cause to be sent, a commercial electronic message that has an Australian link and is not a designated commercial electronic message.  The following terms, which are discussed elsewhere in these notes, are relevant to the interpretation of subclause 16(1): the definitions of ‘message’ and ‘send’ in clause 4, ‘electronic message’ in clause 5, ‘commercial electronic message’ in clause 6, ‘Australian link’ in clause 7 and ‘designated commercial electronic message’ in Schedule 1.

 

This penalty provision would cover the person who actually sent the message (ie by hitting the send button or dialling the relevant telephone number), the author of the message (who caused the message to be sent), or another person who authorised the message to be sent (even if they got a third party to send it on their behalf).

 

However in the case where a person’s computer has been hijacked and a spammer is sending messages in contravention of clause 16 without the computer owner’s knowledge, or where a virus has infected a person’s computer and results in the sending of messages in contravention of clause 16, then the computer owner would not be ‘sending’ the message in contravention of clause 16.  The generally accepted meaning of the term ‘send’ involves some knowledge and initiation on behalf of the ‘sender’.  The penalty attaches to the person, not the hardware (for example the computer or mobile phone).  Therefore, while a person’s hijacked computer may have ‘sent’ the message the person themselves would not have sent or caused the message to be sent.

 

Similarly a carriage service provider who supplies the carriage service for sending the message would not themselves be sending the message or causing the message to be sent.  Clause 16 would not cover persons who merely transmitted the message without any knowledge or involvement in its content.  For example an Internet service provider who simply transmits an e-mail message which contravenes this clause would not be found to have sent or caused to have sent the message.  To avoid any doubt as to this, clause 9 of the Bill specifically provides that a person who merely supplies a carriage service that enables a message to be sent does not themselves send, or cause the electronic message to be sent.

 

Under paragraph 16(1)(a) the sending of the message will only be prohibited if it has an Australian link.  The meaning of an Australian link broadly refers to a message which is sent from Australia or is accessed in Australia.  Its meaning is discussed in greater detail under clause 7.

 

Under paragraph 16(1)(b), a ‘designated commercial electronic message’ is exempt from clause 16.  This means that the sending of unsolicited electronic messages containing certain factual information and the sending of certain commercial electronic messages by religious organisations, charities or political parties and certain messages from educational institutions is not prohibited.  The meaning of ‘designated commercial electronic message’ is discussed in greater detail below under Schedule 1.

 

A separate provision prohibits the sending of messages to a non-existent electronic address (see subclause 16(6)).

 

Defences

 

There are three defences to this prohibition:

·          if the relevant electronic account-holder consented to the message;

·          the person could not reasonably have known that the message had an Australian link; or

·          if the message was sent by mistake.

 

Subclause 16(2) provides a defence to the prohibition on sending unsolicited commercial electronic messages with an Australian link if the sender proves that the relevant account-holder consented to the sending of the message.  The effect of this defence provision is that a person may send another person commercial electronic messages where that other person has consented to receiving them.  The term ‘relevant electronic account-holder’ is defined in clause 4.  The concept of ‘consent’ is defined in Schedule 2 of the Bill.  It is discussed in greater detail below under Schedule 2.

 

The sender of the message bears an evidential burden in relation to proving consent (see subclause 16(5)).  An evidential burden requires the person to adduce evidence that suggests a real possibility that the matter exists or does not exist (see definition in clause 4).  Consent may be demonstrated by a person establishing a pre-existing business relationship with the person to whom the message was sent.  It is necessary for the defendant to bear the initial burden in relation to proving consent as he or she will have the relevant evidence showing consent of the relevant electronic account-holder.  If the burden rested with the prosecution it would have to prove a negative fact, that is that there was no consent.  This may only be possible where the relevant account-holder has specifically withdrawn consent, or has requested no such messages.

 

Subclause 16(3) of the Bill provides a defence to the prohibition on sending unsolicited commercial electronic messages with an Australian link if the person sending the message did not know and could not with reasonable diligence have ascertained that the message had an Australian link.

 

The sorts of factors which may indicate an Australian link could be:

·          that the electronic message was being sent to an electronic address in the dot au domain or dot oz domain, or had a +61 prefix in the case of telephone numbers;

·          the person had expressly informed the sender that they were in Australia.

 

If a person wishes to rely on this defence they will bear the evidential burden in relation to that matter (see subclause 16(5)).  That means that the defendant (ie the sender of the message or the person who has caused the message to be sent) must adduce or point to evidence that suggests that they did not know that the message did not have an Australian link.  For example a person may argue that by sending an e-mail message to a free web-based e-mail address (eg acollins@hotmail.com), he or she could not with reasonable diligence have ascertained that the message had an Australian link.  If the defendant does this, then the prosecution would then need to disprove that the defendant did not know and could not with reasonable diligence have ascertained that the message had an Australian link.

 

It is necessary that this burden rest with the defendant as their knowledge or otherwise of whether the message had an Australian link is peculiarly within the knowledge of the defendant.

 

If a person is sending a message on another person’s behalf then he or she must be satisfied himself or herself that the message has no Australian link to avoid breaching clause 16.  It would not be sufficient to avoid a breach to rely on the person who has authorised the sending asserting that no one of the messages had an Australian link.  The sender himself or herself would have to point to evidence that there was no link.

 

Subclause 16(4) provides a defence if the person sent the message, or caused the message to be sent by mistake.  For example if a person mistakenly types a name when sending a commercial electronic message and sends the message to ksmith@bigpond.com.au instead of lsmith@bigpond.com.au (who has consented to receiving the messages) then they will not be in breach of subclause 16(1).  The evidential burden of proving the mistake would rest with the defendant (see subclause 16(5)).

 

Subclause 16(5) provides that a person relying on the defences in subclauses 16(2), (3) and (4) bear an evidential burden.  An evidential burden is defined in clause 4.  This is consistent with the default burden of proof which is applied by the Criminal Code to criminal offences (see subsection 13.3(6) of the Code).

 

Message not to be sent to a non-existent electronic address

 

Subclause 16(6) prohibits a person sending, or causing to be sent, a commercial electronic message to a non-existent electronic address if the person did not have reason to believe that the electronic address existed; and the electronic message has an Australian link and is not a designated commercial electronic message.  This prohibition is aimed at covering the common technique of spammers of sending unsolicited commercial electronic messages to random addresses even if the addresses do not exist.  For example a spammer may use a dictionary attack to send spam messages.  This involves the person choosing random addresses (for example acollins@hotmail.com, bcollins@hotmail.com, ccollins@hotmail.com etc) and sending messages to these addresses, without knowing whether they are valid addresses.

 

Subclause 7(e) specifically sets out the meaning of an Australian link if the message is sent to a non-existent electronic address.  The meaning of designated commercial electronic message is discussed in greater detail under Schedule 1.

 

Similar to the prohibition in subclause 16(1), subclause 16(7) provides a defence if the person did not know and could not with reasonable diligence have ascertained that the message had an Australian link.  The defendant bears an evidential burden of proving this matter (see discussion above in relation to subclause 16(5) for the meaning of an evidential burden).

 

Ancillary contraventions

 

As well as the main penalty provisions of sending an unsolicited commercial electronic message (in subclauses 16(1) and (6)), subclause 16(9) provides that a person who:

 

·       aids, abets, counsels or procures a contravention of subclause 16(1) or (6); or



·       induces a contravention of either of these provisions; or



·       is in any way, directly or indirectly, knowingly concerned in, or party to, a contravention of either of these provisions; or



·       conspires with others to effect a contravention of either of these provisions;

 

will be taken to have contravened a civil penalty provision (see subclause 16(11)).

 

These ancillary contravention provisions are the same as those in subsection 68(2) of the Telecommunications Act which relate to a civil penalty provision.  They are similar to the offences in Part 2.4 of the Criminal Code (aiding and abetting and conspiracy) which provide for the extension of responsibility in criminal offences. 

 

Subclause 16(10) specifically provides that a person does not contravene these ancillary provision merely because the person supplies the service which enables the message to be sent.

 

Penalties

 

Subclause 16(1) provides that subclauses 16(1), (6) and (9) are civil penalty provisions. 

 

Part 4 of the Bill provides for pecuniary penalties for breaches of these civil penalty provisions.  If the Federal Court is satisfied, on the application of the ACA, that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (see clauses 24 and 26 of the Bill).  

 

Clause 25 of the Bill sets out the maximum penalty payable.  The amount will depend on:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times; and

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act).

 

The concept of a prior record for which a person is liable for a larger penalty is discussed in greater detail below under clause 25.

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times. 

 

Body corporate or individual with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of subclauses 16(1), (6) or (9) will be 100 penalty units, currently $11,000 (subparagraph 25(3)(a)(i)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be 20 penalty units, currently $2,200 (subparagraph 25(4)(a)(i)).

 

Body corporate or individual with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of subclauses 16(1), (6) or (9) will be 500 penalty units, currently $55,000 (subparagraph 25(5)(a)(i)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record will be 100 penalty units, currently $11,000 (subparagraph 25(6)(a)(i)).

 

Ceiling amount - body corporate or individual with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day for subclauses 16(1), (6) or (9) will be 2,000 penalty units, currently $220,000 (subparagraph 25(3)(b)(i)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record, will be 400 penalty units, currently $44,000 (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate or individual with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions of subclauses 16(1), (6) or (9) on a particular day will be 10,000 penalty units, currently $1.1 million (subparagraph 25(5)(b)(i)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record, will be 2,000 penalty units, currently $220,000 (subparagraph 25(6)(b)(i)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Ancillary orders

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).

 

Clause 17 - Commercial electronic messages must include accurate sender information

 

Clause 17 provides that any commercial electronic message, whether solicited or unsolicited, that has an Australian link must contain certain information, including information that clearly identifies the individual or organisation that authorised the sending of the message. 

 

This provision is designed to limit the increasing number of senders of unsolicited commercial electronic messages who purposefully disguise the source of such mail by using false addresses, so as to encourage people to examine the message and prevent people from identifying the real sender.

 

The prohibition applies to all commercial electronic messages, whether unsolicited or not.  Therefore those ‘designated commercial electronic messages’ (defined in Schedule 1), which are exempt from the prohibition on sending unsolicited commercial electronic messages, are not exempt from this requirement.  This means that message from government bodies, religious organisations, charities, educational institutions and factual messages must include accurate sender information.  This will ensure that these organisations are clearly accountable for the messages they send and enable the recipient to contact the sender in the case of error or complaint.

 

A ‘commercial electronic message’ is defined in clause 6 of the Bill and ‘Australian link’ is defined in clause 7.

 

What must a message include?

 

·          the message must clearly and accurately identify the individual or organisation who authorised the sending of the message.  For example if an organisation gets a third party to send out messages on their behalf, the message must clearly identify the organisation on whose behalf the message is being sent.  Examples of information which accurately identifies an individual would include the correct legal name of the individual or organisation and an Australian Business Number (ABN) (where applicable);

·          the message must also include accurate information about how the recipient can readily contact that individual or organisation.  For example this could include a physical or virtual address.

 

Paragraph 17(1)(c) enables regulations to specify other conditions that the information contained in the messages must comply with.  This power is intended to be used as a reserve power to ensure that the information required to be included is appropriate to the particular technology.  For example it would enable regulations to specify a particular type of sender identification which must be included for a particular type of electronic message, for example the required information may be different for SMS messages (which have a limited number of characters) than it would be for e-mail messages.

 

To ensure that persons do not try and avoid easy identification, a safeguard is provided in paragraph 17(1)(d) that the information must be reasonably likely to be valid for at least 30 days after the message is sent.  If an e-mail address was provided as the relevant contact details and the address could not be accessed due to temporary technical difficulties, this would not mean that the information provided contravened paragraph 17(1)(d).

 

These requirement of the message are elements of the penalty provision which must be proven by the prosecution in the case of any proceedings.

 

Defences

 

Subclause 17(2) provides a ‘reasonable diligence’ defence if the person did not know and could not with reasonable diligence, have ascertained, that the message had an Australian link.  As discussed above in relation to clause 16, the sorts of factors which may indicate an Australian link could be:

·          that the electronic message was being sent to an electronic address in the .au domain or .oz domains, or with a +61 prefix in the case of telephone numbers;

·          the person had expressly informed the sender that they were in Australia.

 

As with the ‘reasonable diligence’ defence in subclauses 16(3) and (7), and the defence of mistake in subclause 16(4), if a person wishes to rely on this defence they will bear the evidential burden in relation to these matters (see subclause 17(4)).  An evidential burden requires the person to adduce evidence that suggests a real possibility that the matter exists or does not exist (see definition in clause 4).  That means that the person must adduce or point to evidence that suggests that they did not know that the message did not have an Australian-link.  For example a person may argue that by sending an e-mail message to a free web-based e-mail address (eg acollins@hotmail.com), he or she could not with reasonable diligence have ascertained that the message had an Australian link.  If the defendant does this, then the prosecution would then need to disprove that the defendant did not know and could not with reasonable diligence have ascertained that the message had an Australian link.

 

It is necessary that this burden rest with the defendant as their knowledge or otherwise of whether the message had an Australian link is peculiarly within the knowledge of the defendant.

 

Subclause 17(3) provides a defence if the person sent the message, or caused the message to be sent by mistake.  For example if a person mistakenly types a name when sending a commercial electronic message and sends the message to ksmith@bigpond.com.au instead of lsmith@bigpond.com.au (who has consented to receiving the messages) then they will not be in breach of subclause 17(1).  The evidential burden of proving the mistake would rest with the defendant (see subclause 17(4)).

 

Subclause 17(4) provides that a person relying on the defences in subclauses 17(2) and (3) bear an evidential burden.  An evidential burden is defined in clause 4.  This is consistent with the default burden of proof which is applied by the Criminal Code to criminal offences (see subsection 13.3(6) of the Code).

 

Ancillary contraventions

 

Subclause 17(5) provides for the same ancillary contraventions as in subclause 16(9).  That is, as well as the main penalty provision of sending a commercial electronic message without accurate sender information, subclause 17(5) provides that a person must not:

 

·       aid, abet, counsel or procure a contravention of subclause 17(1); or



·       induce a contravention of this provision; or



·       in any way, be directly or indirectly, knowingly concerned in, or party to, a contravention of this provision; or



·       conspire with others to effect a contravention of this provision.

 

As discussed above in relation to subclause 16(9), these ancillary contravention provisions are the same as those in subsection 68(2) of the Telecommunications Act which relate to a civil penalty provision.  They are similar to the offences in Part 2.4 of the Criminal Code (aiding and abetting and conspiracy) which provide for the extension of responsibility in criminal offences.

 

Subclause 17(6) specifically provides that a person does not contravene these ancillary provision merely because the person supplies the service which enables the message to be sent.

 

Penalties

 

As are the penalty provisions in clause 16, the penalty provisions in clause 17 (subclauses 17(1) and (5)) are civil penalty provisions (see subclause 17(7)). 

 

Part 4 of the Bill provides for pecuniary penalties for breaches of these civil penalty provisions.  If the Federal Court is satisfied, on the application of the ACA, that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (see clauses 24, 25 and 26 of the Bill).  

 

Clause 25 of the Bill sets out the maximum penalty payable.  The amount will depend on:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times; and

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act).

 

The concept of a prior record for which a person is liable for a larger penalty is discussed in greater detail below under clause 25.

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times. 

 

Body corporate or individual with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of subclauses 17(1) or (5) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)).

 

Body corporate or individual with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of subclauses 17(1) or (5) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record will be 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)).

 

Ceiling amount - body corporate or individual with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day for subclauses 17(1) or (5) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record, will be 200 penalty units, currently $22,000 (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate or individual with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions of subclauses 17(1) or (5) on a particular day will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record will be 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Ancillary orders

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).

 

Clause 18 - Commercial electronic messages must contain a functional unsubscribe facility

 

Clause 18 provides that all commercial electronic messages, except ‘designated commercial electronic messages’, that have an Australian link must contain a functional unsubscribe facility.  This requirement is included to ensure that recipients can opt out of future communications.

 

While many senders of commercial electronic mail will already provide such an opt out mechanism, a relatively common feature of spam is that senders provide no legitimate opportunity for a recipient to opt out of receiving future messages.

 

This requirement on commercial electronic messages to contain a functional subscribe facility does not apply to designated commercial electronic messages.  Designated commercial electronic messages are defined in Schedule 1 of the Bill and essentially include messages sent by governments, charities, religious organisations, and educational institutions and factual messages.  The definition is discussed in greater detail below under Schedule 1.

 

Such messages are exempt from this requirement because they are exempt from the prohibition on sending unsolicited commercial electronic messages in clause 16.  Therefore, if a recipient had requested to be unsubscribed from a message from a government body, then there would be no requirement for the body to act on this unsubscribe, as they are entitled to send unsolicited commercial electronic messages under clause 16.

 

An Australian link is defined in clause 7 of the Bill and is essentially a message which originates in Australia or is accessed in Australia.  Its meaning is discussed in greater detail above under clause 7.

 

What must a message include?

 

Paragraphs 18(1)(c) to (g) set out the conditions that the message must comply with.

 

Paragraph 18(1)(c) provides that the message must include a statement to the effect that the recipient may use an electronic address set out in the message to send an unsubscribe message to the individual or organisation who authorised the sending of the message, or a statement to similar effect.  The meaning of ‘unsubscribe message’ for the purposes of this clause is set out in subclause 18(9).  It is an electronic message to the effect that the relevant electronic account-holder does not want to receive any further commercial electronic messages or a message to similar effect.  The functional unsubscribe facility must allow a message to be sent to the authoriser of the message, not necessarily the sender.  For example, if an organisation gets a third party to send out messages on their behalf, the message must include an address which enables the recipient to send an unsubscribe message to the organisation itself, not the third party who sends the message.

 

The following sets out examples which would satisfy this requirement:

·          in the case of an e-mail message - a statement that says ‘if you no longer want to receive notification simply reply to this e-mail’;

·          in the case of an e-mail message - a statement that says if you no longer want to receive these messages please hit the unsubscribe button below;

·          in the case of an SMS message - please ring this number if you no longer want to receive these messages, or please register at this website if you no longer wish to receive these messages.

 

Paragraph 18(1)(d) requires that the statement is presented in a clear and conspicuous manner.  A message which contained an unsubscribe statement in tiny print hidden in the depths of a message would not satisfy this requirement.

 

In addition the electronic address must be reasonably likely to be capable of receiving unsubscribe messages for at least 30 days after the commercial electronic message is sent (paragraph 18(1)(e)).  This provision is intended to ensure that senders of messages do not avoid this requirement by constantly changing ‘addresses’.  Electronic addresses which are not capable of receiving the messages in this timeframe because of temporary technical problems could still be considered to be reasonably capable of receiving messages.

 

The electronic address must also have the capacity, reasonably calculated, in light of the number of recipients of the commercial electronic message, to enable it to receive the full expected quantity of reply messages from such recipients (subparagraph 18(1)(e)(ii)).

 

Paragraph 18(1)(f) provides that the unsubscribe electronic address set out in the message must be legitimately obtained.  This aims to ensure that the address used has not been falsified or misappropriated, for example by inserting a valid address belonging to a third party who has not consented to its use.

 

In addition, paragraph 18(1)(g) provides that the regulations may specify any conditions that the electronic address must comply with.  This would enable, for example, regulations to require unsubscribe facilities to be easily accessible and low cost or no cost (for example a 1800 freecall number) so that people cannot set up unsubscribe requirements which required recipients to ring an overseas number at a high cost to unsubscribe.

 

These requirements are elements of the penalty provision that the prosecution would be required to prove in any proceedings.

 

It is intended that if a recipient follows the steps set out in the electronic message for opting out of the further receipt of messages, (for example, by replying to the ‘address’ provided in the commercial electronic message), the recipient will be deemed to have ‘unsubscribed’ from the receipt of further electronic messages from that sender. 

 

If a sender refuses to honour the recipient’s request to unsubscribe (and continues sending messages) then the sender would be in breach of the penalty provision prohibiting the sending of unsolicited commercial electronic messages (see discussion above in relation to clause 16).

 

Defences

 

Subclause 18(2) provides a ‘reasonable diligence’ defence if the person did not know and could not with reasonable diligence, have ascertained, that the message had an Australian link.  As discussed above in relation to clauses 16 and 17, the sorts of factors which may indicate an Australian link could be:

·          that the electronic message was being sent to an electronic address in the .au domain or .oz domain, or had a +61 phone number prefix;

·          the person had expressly informed the sender that they were in Australia.

 

As with the ‘reasonable diligence’ defence in subclauses 16(3) and (7), and 17(2), and the defence of mistake, in subclauses 16(4) and 17(3), if a person wishes to rely on these defences they will bear the evidential burden in relation to these matters (subclause 18(5)).  An evidential burden requires the person to adduce evidence that suggests a real possibility that the matter exists or does not exist (see definition in clause 4).  That means that the person must adduce or point to evidence that suggests that they did not know that the message did not have an Australian-link.  For example a person may argue that by sending an e-mail message to a free web-based e-mail address (eg acollins@hotmail.com), he or she could not with reasonable diligence have ascertained that the message had an Australian link.  If the defendant does this, then the prosecution would then need to disprove that the defendant did not know and could not with reasonable diligence have ascertained that the message had an Australian link.

 

It is necessary that this burden rest with the defendant as their knowledge or otherwise of whether the message had an Australian link is peculiarly within the knowledge of the defendant.

 

Subclause 18(3) provides that subclause (1) (ie the requirement to contain a functional unsubscribe facility) does not apply to the extent to which it is inconsistent with the terms of a contract or other agreement between the individual or organisation who authorised the sending of the message and the relevant electronic account-holder. 

 

For example if an existing contractual arrangement required the sending of updated information then the messages would not be required to contain a functional unsubscribe facility.  Situations where this might arise would include;

·          where there is an ongoing contract between organisations such as might exist between a business and their telecommunications provider; or

·          where an individual has agreed to receive goods or services at a reduced cost or free in exchange for agreeing to receive commercial electronic messages.

 

As with subclause 18(2), the defendant bears an evidential burden of proof in relation to this matter (subclause 18(5)).  The meaning of an evidential burden is discussed above.  The defendant will be in the best position to point to evidence of any contractual or other arrangement which exists between him or herself and the relevant account-holder.

 

Subclause 18(4) provides a defence if the person sent the message, or caused the message to be sent by mistake.  For example if a person mistakenly types a name when sending a commercial electronic message and sends the message to ksmith@bigpond.com.au instead of lsmith@bigpond.com.au (who has consented to receiving the messages) then they will not be in breach of subclause 18(1).  The evidential burden of proving the mistake would rest with the defendant (see subclause 18(5)).

 

Subclause 18(5) provides that a person relying on the defences in subclauses 18(2), (3) and (4) bear an evidential burden.  An evidential burden is defined in clause 4.  This is consistent with the default burden of proof which is applied by the Criminal Code to criminal offences (see subsection 13.3(6) of the Code).

 

Ancillary contraventions

 

Subclause 18(6) provides for the same ancillary contraventions as in subclause 16(9) and 17(5).  It provides that a person must not:

 

·       aid, abet, counsel or procure a contravention of subclause 18(1); or



·       induce a contravention of this provision; or



·       in any way, be directly or indirectly, knowingly concerned in, or party to, a contravention of this provision; or



·       conspire with others to effect a contravention of this provision.

 

As discussed above in relation to these provisions, these ancillary contravention provisions are the same as those in subsection 68(2) of the Telecommunications Act which relate to a civil penalty provision.  They are similar to the offences in Part 2.4 of the Criminal Code (aiding and abetting and conspiracy) which provide for the extension of responsibility in criminal offences.

 

Subclause 18(7) specifically provides that a person does not contravene these ancillary provision merely because the person supplies the service which enables the message to be sent.

 

Penalty

The prohibition on sending a commercial electronic message without a functional unsubscribe facility, in contravention of subclause 18(1) and the ancillary contraventions (in subclause 18(6)) are civil penalty provisions (see subclause 18(8)).

 

As discussed above in relation to clauses 16 and 17, Part 4 of the Bill provides for pecuniary penalties for breaches of these civil penalty provisions.  If the Federal Court is satisfied, on the application of the ACA, that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (see clauses 24, 25 and 26 of the Bill).  

 

Clause 25 of the Bill sets out the maximum penalty payable.  The amount will depend on:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times; and

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act).

 

The concept of a prior record for which a person is liable for a larger penalty is discussed in greater detail below under clause 25.

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times. 

 

Body corporate or individual with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of subclauses 18(1) or (6) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)).

 

Body corporate or individual with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of subclauses 18(1) or (6) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record will be 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)).

 

Ceiling amount - body corporate or individual with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day for subclauses 18(1) or (6) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record will be 200 penalty units, currently $22,000 (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate or individual with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions of subclauses 18(1) or (6) on a particular day will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record will be 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Ancillary orders

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).

 

Subclause 18(9) sets out what an unsubscribe message is for the purposes of applying clause 18 to a commercial electronic message where the message is authorised by an individual or organisation.  It provides that an unsubscribe message is an electronic message to the effect that the relevant electronic-account-holder does not want to receive any further commercial electronic messages from or authorised by that individual or organisation, or an electronic message to a similar effect.



 

Part 3 - Rules about address-harvesting software and harvested-address lists

 

Often unsolicited commercial electronic messages are sent to recipients using electronic addresses which have been collected without the owner’s explicit consent.  For example, many spammers use address lists electronically harvested from public sources, such as web pages or newsgroups.

 

Part 3 sets out rules about address-harvesting software and harvested-address lists which are designed to prohibit illegitimate uses of such software and lists.  This Part is designed to prohibit what is sometimes referred to as ‘address-harvesting’ so as to minimise ‘dictionary attacks’.  The generally indiscriminate nature of addresses collected using such software and lists is a major contributing factor to the annoyance that spam causes, and the use of dictionary attacks can significantly degrade the ability of a business to trade and communicate online.

 

Clause 19 - Simplified outline

 

Clause 19 sets out a simplified outline of Part 3 of the Bill to assist readers.  It is not designed as a comprehensive statement of the provisions in Part 3.  It is simply a broad overview.

 

Clause 19 outlines the rules about address-harvesting software and harvested-address lists which are provided for in Part 3.  They are as follows:

 

·          address-harvesting software must not be supplied, acquired or used; and

·          an electronic address list produced using address-harvesting software must not be supplied, acquired or used.

 

Clause 20 - Address-harvesting software and harvested-address lists must not be supplied

 

Clause 20 generally prohibits a person from supplying or offering to supply address-harvesting software, a right to use address-harvesting software, a harvested-address list, or a right to use a harvested-address list, where the supplier or the customer is in Australia at the time of the supply or offer and where the software or list is intended to be used for sending spam in contravention of clause 16. 

 

An offer to supply ensures that a person who made an offer which was not accepted could be contravening clause 20. 

 

‘Supply’ is defined in clause 4 of the Bill.  When used in relation to goods or services it has the same meaning as in the TPA.  In addition to its ordinary English meaning, it covers sale, exchange, lease, hire or hire-purchase of the software or list.  Therefore, for example, a person who provided the software to a friend to use at no cost could still come within the meaning of supplying the software.

 

The terms ‘address-harvesting software’ and ‘harvested-address list’ are defined in clause 4 of the Bill.  A harvested-address list includes a list which was produced prior to the commencement of the Bill.

 

To come within this prohibition there must be some link to Australia, either through the supplier or the customer.  The relevant ‘link’ is provided for in paragraphs 20(1)(e) and (f).  Paragraph 20(1)(e) provides that the supply to a customer is prohibited if the supplier, in the case of an individual, is physically present in Australia at the time of the supply or offer, or in the case of a body corporate or partnership, that carries on business or activities in Australia at the time of the supply or offer.  Alternatively paragraph 20(1)(f) provides that a link is established if the customer, in the case of an individual is physically present in Australia at the time of the supply or offer, or in the case of a body corporate or partnership, that carries on business or activities in Australia at the time of the supply or offer.

 

The note to subclause 20(1) provides that section 585 of the Telecommunications Act deals with the treatment of partnerships. 

 

Item 82 of Schedule 1 to the Spam Consequentials Bill has the effect of applying the partnership provisions in section 585 to the Spam Act 2003 and regulations under that Act.  Section 585 will provide that the Spam Bill applies to a partnership as if the partnership were a person, with the following changes:



·       obligations that would be imposed on the partnership are imposed instead on each partner, but may be discharged by any of the partners;

 

·       any breach of a civil penalty provision in the Spam Bill that would otherwise by committed by the partnership is taken to have been breached by each partner who:

 

     -      aided or abetted, counselled or procured the relevant act or omission; or

 

     -      was in any way knowingly concerned in, or party to, the relevant act or omission (whether directly or indirectly and whether by any act or omission of the partner).

 

Subclause 20(2) provides that the prohibition on supplying address-harvesting software or harvested-address lists if the supplier had no reason to suspect that the customer, or another person, intended to use the address-harvesting software or the harvested-address list, in connection with sending commercial electronic messages in contravention of clause 16 of the Bill.  The effect of this provision is that a person may supply such software or harvested-address lists where the supplier has no reason to suspect that it will be used for spamming on contravention of clause 16.

 

The prosecution is required to prove this element. 

 

Defences

 

Subclause 20(3) of the Bill provides a defence to the prohibition on supplying address-harvesting software and harvested-address lists if the person sending the message did not know and could not with reasonable diligence have ascertained that the customer was physically present in Australia at the time of the supply or offer (in the case of an individual) or a body corporate or partnership that carried on business or activities in Australia at the time of the supply or offer.

 

The sorts of factors which may provide a defence in respect of subclause 20(3) could be:

·          if a web transaction has expressly prohibited sale of the software to customers in Australia

·          the supplier has queried whether the customer was a resident in Australia, and received a reply stating that they were not.

 

If a person wishes to rely on the defence in subclause 20(3), they will bear the evidential burden in relation to that matter (see subclause 20(4)).  An evidential burden requires the person to adduce evidence that suggests a real possibility that the matter exists or does not exist.  That means that the defendant (ie the supplier) must adduce or point to evidence that suggests that they did not know and could not with reasonable diligence have ascertained that the customer was in Australia at the time of the offer or supply.  The defendant, may for example point to evidence that they prohibited the supply of software or lists to customer in Australia.

 

Ancillary contraventions

 

Subclause 20(5) provides for the same ancillary contraventions as in subclause 16(9), 17(5) and 18(6).  It provides that a person must not:

 

·       aid, abet, counsel or procure a contravention of subclause 20(1); or



·       induce a contravention of this provision; or



·       in any way, be directly or indirectly, knowingly concerned in, or party to, a contravention of this provision; or



·       conspire with others to effect a contravention of this provision.

 

As discussed above in relation to these provisions, these ancillary contravention provisions are the same as those in subsection 68(2) of the Telecommunications Act which relate to a civil penalty provision.  They are similar to the offences in Part 2.4 of the Criminal Code (aiding and abetting and conspiracy) which provide for the extension of responsibility in criminal offences.

 

Penalty

The prohibition on supplying or offering to supply address-harvesting software or a harvested-address list, in contravention of subclause 20(1) and the ancillary contraventions (in subclause 20(5)) are civil penalty provisions (see subclause 20(6)).

 

As discussed above in relation to clauses 16, 17 and 18, Part 4 of the Bill provides for pecuniary penalties for breaches of these civil penalty provisions.  If the Federal Court is satisfied, on the application of the ACA, that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (see clauses 24, 25 and 26 of the Bill).  

 

Clause 25 of the Bill sets out the maximum penalty payable.  The amount will depend on:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times; and

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act).

 

The concept of a prior record for which a person is liable for a larger penalty is discussed in greater detail below under clause 25.

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times in respect of a court action. 

 

Body corporate or individual with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of subclauses 20(1), or (5) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)).



 

Body corporate or individual with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of subclauses 20(1) or (5) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record will be 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)).

 

Ceiling amount - body corporate or individual with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day for subclauses 20(1) or (5) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record will be 200 penalty units, currently $22,000 (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate or individual with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions of subclauses 20(1) or (5) on a particular day will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record will be 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Ancillary orders

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).



 

Clause 21 - Address-harvesting software and harvested-address lists must not be acquired

 

Clause 21 generally prohibits a person from acquiring address-harvesting software, a right to use address-harvesting software, a harvested-address list, or a right to use a harvested-address list where the person is in Australia at the time of the acquisition, and the person intended to sue them in connection with the sending of a commercial electronic message in contravention of clause 16.

 

‘Acquire’ is defined in clause 4 of the Bill.  When used in relation to goods or services it has the same meaning as in the TPA.  In addition to its ordinary English meaning, it covers acquiring by way of purchase, exchange, lease, hire or hire-purchase of the software or list.  Therefore, for example, a person who acquired the software from a friend for no cost, or as “freeware” could still come within the meaning of acquiring the software. 

 

The terms ‘address-harvesting software’ and ‘harvested-address list’ are defined in clause 4 of the Bill.  This includes lists produced prior to the commencement of this Bill.

 

To come within this prohibition there must be some link to Australia through the acquirer.  The relevant ‘link’ is provided for in paragraphs 21(1)(e) and (f).  Paragraph 21(1)(e) provides a person must not acquire the software or list if, in the case of an individual, they are physically present in Australia at the time of the acquisition, or in the case of a body corporate or partnership, that carries on business or activities in Australia at the time of the acquisition.

 

The note to subclause 21(1) provides that section 585 of the Telecommunications Act deals with the treatment of partnerships. 

 

Item 82 of Schedule 1 to the Spam Consequentials Bill has the effect of applying the partnership provisions in section 585 to the Spam Act 2003 and regulations under that Act.  Section 585 will provide that the Spam Bill applies to a partnership as if the partnership were a person, with the following changes:



·       obligations that would be imposed on the partnership are imposed instead on each partner, but may be discharged by any of the partners;

 

·       any breach of a civil penalty provision in the Spam Bill that would otherwise by committed by the partnership is taken to have been breached by each partner who:

 

     -      aided or abetted, counselled or procured the relevant act or omission; or

 

     -      was in any way knowingly concerned in, or party to, the relevant act or omission (whether directly or indirectly and whether by any act or omission of the partner).

 

Subclause 21(2) provides that the prohibition on acquiring address-harvesting software or harvested-address lists if the person did not intend to use the address-harvesting software or the harvested-address list, in connection with sending commercial electronic messages in contravention of clause 16 of the Bill.  The effect of this provision is that a person may acquire such software or harvested-address lists where the person is intending to use it for legitimate purposes and is not intending to use it for spamming in contravention of clause 16.  For example a charity or political party may acquire such software or lists to use in sending commercial electronic messages, which they are not prohibited from sending under clause 16 (see discussion in clause 16 on exception for designated commercial electronic messages, and the discussion under Schedule 1 which sets out the meaning of a ‘designated commercial electronic message’ for the purpose of the Bill).

 

Ancillary contraventions

 

Subclause 21(3) provides for the same ancillary contraventions as in subclauses 16(9), 17(5), 18(6) and 20(5).  It provides that a person must not:

 

·       aid, abet, counsel or procure a contravention of subclause 21(1); or



·       induce a contravention of this provision; or



·       in any way, be directly or indirectly, knowingly concerned in, or party to, a contravention of this provision; or



·       conspire with others to effect a contravention of this provision.

 

As discussed above in relation to these provisions, these ancillary contravention provisions are the same as those in subsection 68(2) of the Telecommunications Act which relate to a civil penalty provision.  They are similar to the offences in Part 2.4 of the Criminal Code (aiding and abetting and conspiracy) which provide for the extension of responsibility in criminal offences.

 

Penalty

The prohibition on acquiring address-harvesting software or a harvested-address list, in contravention of subclause 21(1) and the ancillary contraventions (in subclause 21(3)) are civil penalty provisions (see subclause 21(4)). 

 

As discussed above in relation to clauses 16, 17, 18, and 20, Part 4 of the Bill provides for pecuniary penalties for breaches of these civil penalty provisions.  If the Federal Court is satisfied, on the application of the ACA, that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (see clauses 24, 25 and 26 of the Bill).  

 

Clause 25 of the Bill sets out the maximum penalty payable.  The amount will depend on:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times; and

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act).

 

The concept of a prior record for which a person is liable for a larger penalty is discussed in greater detail below under clause 25.

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times in the case of a court action. 

 

Body corporate or individual with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of subclauses 21 (1) or (3) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)).

 

Body corporate or individual with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of subclauses 21(1) or (3) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record will be 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)).



 

Ceiling amount - body corporate or individual with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day for subclauses 21(1) or (3) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record, will be 200 penalty units, currently $22,000 (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate or individual with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions of subclauses 21(1) or (3) on a particular day will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record, will be 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Ancillary orders

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).

 

Clause 22 - Address-harvesting software and harvested address lists must not be used

 

Clause 22 generally prohibits a person from using address-harvesting software or a harvested-address list in connection with sending commercial electronic messages in contravention of clause 16, where the person is in Australia at the time of the use. The generally indiscriminate nature of addresses collected using such software and lists is a major contributing factor to the annoyance that spam causes, and the use of dictionary attacks can significantly degrade the ability of a business to trade and communicate online.  Most list will be readily identified as they will include addresses which are placed on the internet but never actively used nor visible to ordinary users, and exist primary to identify the product of automated harvesting activities.

 

Clause 11 of the Bill gives an extended meaning to the term ‘use’ to provide that use of a thing includes use of the thing either in isolation or in conjunction with one or more other things. 

 

The terms ‘address-harvesting software’ and ‘harvested-address list’ are defined in clause 4 of the Bill.

 

To come within this prohibition there must be some link to Australia through the person using the software or list.  The relevant ‘link’ is provided for in paragraphs 22(1)(c) and (d).  Paragraphs 22(1)(c) and (d) provide that the use is prohibited if the person, in the case of an individual, is physically present in Australia at the time of the use, or in the case of a body corporate or partnership, that carries on business or activities in Australia at the time of the use.

 

The note to subclause 22(1) provides that section 585 of the Telecommunications Act deals with the treatment of partnerships. 

 

Item 82 of Schedule 1 to the Spam Consequentials Bill has the effect of applying the partnership provisions in section 585 to the Spam Act 2003 and regulations under that Act.  Section 585 will provide that the Spam Bill applies to a partnership as if the partnership were a person, with the following changes:



·       obligations that would be imposed on the partnership are imposed instead on each partner, but may be discharged by any of the partners;

 

·       any breach of a civil penalty provision in the Spam Bill that would otherwise by committed by the partnership is taken to have been breached by each partner who:

 

     -      aided or abetted, counselled or procured the relevant act or omission; or

 

     -      was in any way knowingly concerned in, or party to, the relevant act or omission (whether directly or indirectly and whether by any act or omission of the partner).

 

Subclause 22(2) provides that the prohibition on using address-harvesting software or harvested-address lists does not apply if the person uses the address-harvesting software or the harvested-address list, other than in connection with sending of commercial electronic messages in contravention of clause 16 of the Bill.  The effect of this provision is that a person may use such software or harvested-address lists when it is not in connection with sending commercial electronic message in contravention of clause 16.

 

For example, a message from a government body which is not subject to the prohibition in clause 16 may be sent where the electronic addresses have been collected via address-harvesting software or harvested-address lists.



Ancillary contraventions

 

Subclause 22(3) provides for the same ancillary contraventions as in subclause 16(9), 17(5), 18(6), 20(5) and 21(3).  It provides that a person must not:

 

·       aid, abet, counsel or procure a contravention of subclause 22(1); or



·       induce a contravention of this provision; or



·       in any way, be directly or indirectly, knowingly concerned in, or party to, a contravention of this provision; or



·       conspire with others to effect a contravention of this provision.

 

As discussed above in relation to these provisions, these ancillary contravention provisions are the same as those in subsection 68(2) of the Telecommunications Act which relate to a civil penalty provision.  They are similar to the offences in Part 2.4 of the Criminal Code (aiding and abetting and conspiracy) which provide for the extension of responsibility in criminal offences.

 

Penalty

The prohibition on using address-harvesting software or a harvested-address list, in contravention of subclause 22(1) and the ancillary contraventions (in subclause 22(3)) are civil penalty provisions (see subclause 22(4)).

 

As discussed above in relation to clauses 16, 17, 18, 20 and 21, Part 4 of the Bill provides for pecuniary penalties for breaches of these civil penalty provisions.  If the Federal Court is satisfied, on the application of the ACA, that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (see clauses 24, 25 and 26 of the Bill).  

 

Clause 25 of the Bill sets out the maximum penalty payable.  The amount will depend on:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times; and

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act).

 

The concept of a prior record for which a person is liable for a larger penalty is discussed in greater detail below under clause 25.

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times in the case of a court action.. 

 

Body corporate or individual with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of subclauses 22(1) or (3) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)).

 

Body corporate or individual with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of subclauses 22(1) or (3) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii)).

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record will be 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)).

 

Ceiling amount - body corporate or individual with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day for subclauses 22(1) or (3) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record will be 200 penalty units, currently $22,000 (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate or individual with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions of subclauses 22(1) or (3) on a particular day will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)).

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record, will be 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Ancillary orders

 

In addition to an order for payment of a pecuniary penalty under clause 24 of the Bill, the Federal Court may make certain ancillary orders.  The Court may direct a person to compensate a victim, where the person has suffered loss or damage as a result of the contravention of a civil penalty provision, or may direct that a person pay to the Commonwealth the amount of the financial benefit the person has obtained from breaching the provision (see clauses 28 and 29).

 

Part 4 - Civil penalties

 

Part 4 deals with pecuniary penalties that are payable for contraventions of the civil penalty provisions of the Bill.  Clause 4 of the Bill sets out those provisions that are civil penalty provisions.  They are contained in clauses 16, 17 and 18, which set out rules about sending commercial electronic messages, clauses 20, 21 and 22 which set out rules about address-harvesting software and harvested-address lists, and a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

Part 4 is based on Part 31 of the Telecommunications Act.

 

Clause 23 - Simplified outline

 

Clause 23 provides a simplified outline of Part 4.  It is a general guide that is designed to assist readers.  The outline provides that:

 

·                 pecuniary penalties are payable for contraventions of civil penalty provisions;

·                 proceedings for the recovery of penalties are to be instituted in the Federal Court;

·                 the Federal Court may make ancillary orders:

a) directing the payment of compensation of a victim of a contravention of a civil penalty provision; and

b) directing the payment to the Commonwealth of an amount up to the amount of any financial benefit that is attributable to a contravention of a civil penalty provision.

 

The note to this provision provides that Schedule 3 sets up a system of infringement notices relating to contraventions of civil penalty provisions.



 

Clause 24 - Pecuniary penalties for contravention of civil penalty provisions

 

If the Federal Court is satisfied that a person has contravened a civil penalty provision, it will be able to order the person to pay the Commonwealth such pecuniary penalty as the Court determines to be appropriate (subclause 24(1)).

 

The following are civil penalty provisions (as defined in clause 4):

 

·       subclauses 16(1), (6) and (9) relating to sending unsolicited commercial electronic messages;



·       subclauses 17(1) and (5), relating to commercial electronic messages including accurate sender information;



·       subclauses 18(1) and (6), relating to commercial electronic messages including a functional unsubscribe facility;



·       subclauses 20(1) and (5), 21(1) and (3) and 22(1) and (3), relating to supplying, acquiring and using address-harvesting software and harvested-address lists; and



·       a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

In determining the pecuniary penalty, the Court will be required to have regard to all relevant matters including:

 

·       the nature and extent of the contravention;



·       the nature and extent of any loss or damage suffered as a result of the contravention;



·       the circumstances in which the contravention took place; and



·       whether the person has previously been found by the Court in proceedings under the Act to have engaged in any similar conduct.  This would not enable a Court to take into account previous infringement notices given to the defendant, as these are not proceedings under the Act; and

 

·       if the Court considers that it is appropriate to do so - whether the person has previously been found by a court in a foreign country to have engaged in any similar conduct.  This would enable the Court to take into account any findings of courts in other countries which has similar anti-spam laws.  However, if the prohibited behaviour is significantly difficult, then the Court may decide not to take such findings into account (subclause 24(2)).

 

Clause 25 - Maximum penalties for contravention of civil penalty provisions

 

Subclause 25 sets out the maximum pecuniary penalty payable for breaches of the civil penalty provisions. 

 

The following are civil penalty provisions (as defined in clause 4):

 

·       subclauses 16(1), (6) and (9) relating to sending unsolicited commercial electronic messages;



·       subclauses 17(1) and (5), relating to commercial electronic messages including accurate sender information;



·       subclauses 18(1) and (6), relating to commercial electronic messages including a functional unsubscribe facility;



·       subclauses 20(1) and (5), 21(1) and (3) and 22(1) and (3), relating to supplying, acquiring and using address-harvesting software and harvested-address lists; and



·       a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

Subclause 25(1) sets out that the maximum penalty payable will depend upon:

·          whether or not the person has a prior record, that is whether or not they have previously been found by the Court to have breached the particular provision.  The ratio between a maximum penalty payable for a person with no prior record and a person with a prior record is five times;

·          whether or not the breach is by a body corporate or an individual.  The maximum penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the maximum penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act); and

·          the nature of the contravention (contraventions of the main penalty provisions in subclauses 16(1), (6) or (9) attract a higher maximum penalty than contraventions of other civil penalty provisions).  The maximum penalty payable for a breach of clause 16 is double that payable for a breach of the other penalty provision.

 

Prior record

 

Subclause 25(2) sets out what amounts to a prior record for the purposes of determining the maximum penalty payable by a person for a civil contravention.  Where a person has been found by the Federal Court to have contravened a particular civil penalty provision they will be found to have a prior record if they contravene the same penalty provision after the day in which the Court has made an order in relation to the first contravention, and they will be liable for an aggravated penalty. 

 

For example if a person has sent a message to 1,000 recipients in contravention of subclause 16(1) on a particular day (and consequently is liable for 1,000 contraventions of subclause 16(1)) then he or she is liable to a maximum pecuniary penalty for this 24 hour period, equal to the amount that may be ordered for 20 contraventions.

 

This aggravating penalty for a prior record will not come into effect until after the Court has found that a person has contravened a particular provision.  For example, if a person has contravened subclause 16(1) on Monday and then contravenes the same provision the next day, he or she will not be subject to an aggravated penalty for the contravention on the Tuesday, unless the Court had by the Tuesday made a finding that they were in breach of the penalty provision on Monday.

 

If a person has been given an infringement notice in relation to an alleged contravention of a civil penalty provision, this does not amount to a prior record.  A prior record is only established from a previous court finding.

 

Daily ceilings for penalties

 

A daily ceiling for penalties has been set that may be charged for all contraventions against a particular provision that have occurred in one day.  This has been included to ensure that a meaningful penalty may be charged for a single contravention without causing an unrealistically large penalty payable for multiple contraventions.  For example, there are reported cases of dedicated spammers sending millions of unsolicited commercial electronic messages each day.  Without a ceiling amount for daily contraventions, such a spammer could potentially be liable for a million contraventions.  The ratio between the penalty payable for a person for single contravention and the ceiling amount is 20 times. 

 

Summary of maximum penalties

 

Body corporate with no prior record

 

The maximum pecuniary penalty payable by a body corporate with no prior record for each contravention of:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be 100 penalty units, currently $11,000 (subparagraph 25(3)(a)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii));

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii));

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be 50 penalty units, currently $5,500 (subparagraph 25(3)(a)(ii)).

 

Individual with no prior record

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with no prior record will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages) - 20 penalty units, currently $2,200 (subparagraph 25(4)(a)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii));

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - 10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists)  -10 penalty units, currently $1,100 (subparagraph 25(4)(a)(ii)).

 

An additional maximum penalty is provided for bodies corporate and individuals who have a prior record (as described above under subclause 25(2)).

 

Body corporate with prior record

 

The maximum pecuniary penalty payable by a body corporate with a prior record, for each contravention of:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be 500 penalty units, currently $55,000 (subparagraph 25(5)(a)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii));

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be 250 penalty units, currently $27,500 (subparagraph 25(5)(a)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be 250 penalty units, currently $27,500  (subparagraph 25(5)(a)(ii)).

 

Individual with prior record

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record, will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages) - 100 penalty units, currently $11,000 (subparagraph 25(6)(a)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii));

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - 50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) -50 penalty units, currently $5,500 (subparagraph 25(6)(a)(ii)).

 

In addition, a ceiling penalty amount has been set that may be charged for all contraventions against a particular provisions that have occurred in one day (see discussion above).

 

Ceiling amount - body corporate with no prior record

 

The maximum ceiling amount payable for a body corporate with no prior record, for contraventions on a particular day:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be 2,000 penalty units, currently $220,000 (subparagraph 25(3)(b)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii));

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be 1,000 penalty units, currently $110,000 (subparagraph 25(3)(b)(ii)).

 

Ceiling amount - individual with no prior record

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with no prior record, will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages)- 400 penalty units, currently $44,000 (subparagraph 25(4)(b)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - 200 penalty units, currently $22,000 (subparagraph 25(4)(b)(ii));

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - 200 penalty units, currently $22,000  (subparagraph 25(4)(b)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) -200 penalty units, currently $22,000  (subparagraph 25(4)(b)(ii)).

 

Ceiling amount - body corporate with prior record

 

The maximum ceiling amount payable for a body corporate with a prior record, for contraventions on a particular day:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be 10,000 penalty units, currently $1.1 million (subparagraph 25(5)(b)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii));

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be 5,000 penalty units, currently $550,000 (subparagraph 25(5)(b)(ii)).

 

Ceiling amount - individual with prior record

 

The corresponding maximum ceiling amount payable for contraventions of these provisions by an individual with a prior record, will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages) - 2,000 penalty units, currently $220,000  (subparagraph 25(6)(b)(i));

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii));

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) - 1,000 penalty units, currently $110,000 (subparagraph 25(6)(b)(ii)).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Clause 26 - Civil action for recovery of pecuniary penalties

 

The ACA will be able to institute a proceeding in the Federal Court for the recovery of a pecuniary penalty referred to in clause 24 (subclause 26(1)).

 

A proceeding must be bought within 6 years of the contravention (subclause 26(2)).

 

Subclause 26(3) makes it clear that the Federal Court may direct that two or more proceedings under subclause 26(1) may be heard together.

 

Clause 27 - Criminal proceedings not to be brought for contravention of civil penalty provisions

 

This clause provides that criminal proceedings will not be able to be brought for a contravention of a civil penalty provision.

 

Clause 28 - Ancillary orders - compensation

 

Clause 28 enables the ACA or a person who has suffered loss or damage as a result of a contravention of a civil penalty provision to apply to the Federal Court for an order directing a person who has been found to have contravened a civil penalty provision to compensate a victim if the Court is satisfied that the victim has suffered loss or damage as a result of a contravention of a civil penalty provision.

 

Subclause 28(2) sets out those matters that the Court may have regard to in determining whether a person has suffered loss or damage as a result of a contravention of clause 16 (relating to sending an unsolicited commercial electronic message) and in assessing the compensation.  They include:

·                 the extent to which any expenses incurred by the victim are attributable to dealing with the messages;

·                 the effect of dealing with the messages on the victim’s ability to carry on business or other activities;

·                 any damage to the reputation of the victim’s business that is attributable to dealing with the messages;

·                 any loss of business opportunities suffered by the victim as a result of dealing with the messages; and

·                 any other matters that the Court considers relevant.

 

These matters which the Court may take into consideration are very broad and would enable the Court, for example, to consider both the immediate costs a business has had to incur in dealing with being spammed, such as the time taken to delete messages,  but also the less common but potentially more serious circumstances, such as where the volume of spam has prevented or degraded the ability of a business to function efficiently, potentially degrading their reputation. 

 

An ancillary order for compensation may be made by the Federal Court even if they have not made an order to pay a pecuniary penalty in respect of the contravention, under subclause 24(1) (see subclause 28(3)).

 

As with a proceeding under clause 26, an application for an ancillary order must be made within 6 years of the contravention (subclause 28(4)).

 

Clause 29 - Ancillary orders - recovery of financial benefit

 

Clause 29 enables the Commonwealth to recover the financial benefits which a person has received as a result of a contravention of one or more of the civil penalty provisions.

 

Clause 29 provides that the Federal Court may make an order directing a person who has been found to have contravened a civil penalty provision to pay to the Commonwealth an amount up to the amount of the financial benefit the person has obtained that is reasonably attributable to the contravention.  The order may be made on the application of the ACA (subclause 29(1)).

 

For example if a person has received a financial benefit in the order of one thousand dollars from persons responding to a scam which the person has sent in contravention of clause 16, then the Court may order that person to pay up to one thousand dollars to the Commonwealth.  This is similar to the principle behind the proceeds of crime for criminal offences. 

 

An ancillary order for recovery of a financial benefit may be made by the Federal Court even if they have not made an order to pay a pecuniary penalty in respect of the contravention, under subclause 24(1) (see subclause 29(2)).

 

As with a proceeding under clauses 26 and 28, an application for an ancillary order must be made within 6 years of the contravention (subclause 29(3)).

 

Clause 30 - Schedule 3 (infringement notices)

 

Clause 30 provides that Schedule 3 has effect.  Schedule 3 sets up a system of infringement notices relating to contraventions of civil penalty provisions.  It is anticipated that such notices could be given where the ACA is of the view that there has been a minor breach which could be adequately dealt with by way of an infringement notice, instead of initiating Court proceedings.

 

Part 5 - Injunctions

 

Part 5 enables the Federal Court to grant injunctions in relation to contraventions or proposed contraventions of the Bill.

 

This Part is based on Part 30 of the Telecommunications Act.

 

Clause 31 - Simplified outline

 

Clause 31 provides a simplified outline of Part 5 to assist readers.  It provides that Part 5 enables the Federal Court to grant injunctions in relation to contraventions of civil penalty provisions.

 

The following are civil penalty provisions (as defined in clause 4):

 

·       subclauses 16(1), (6) and (9), dealing with sending unsolicited commercial electronic messages;



·       subclauses 17(1) and (5), dealing with commercial electronic messages including accurate sender information;



·       subclauses 18(1) and (6), dealing with commercial electronic messages including a functional unsubscribe facility;



·       subclauses 20(1) and (5), 21(1) and (3) and 22(1) and (3), dealing with supplying, acquiring and using address-harvesting software and harvested-address lists; and



·       a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

Clause 32 - Injunctions

 

Restraining injunctions

 

If a person has engaged, is engaging or is proposing to engage, in any conduct in contravention of the Act, the ACA will be able to apply to the Federal Court for an injunction to restrain the person from engaging in the conduct.  If, in the Federal Court’s opinion, it is desirable to do so, the Court will also be able to require the person to do something (paragraph (32(1)(b)).

 

Performance injunctions

 

If a person has refused or failed, or is refusing or failing, or is proposing to refuse or fail, to do an act or thing and the refusal or failure was, is or would be a contravention of the Act, the ACA will be able to apply to the Federal Court for an injunction requiring the person to do that act or thing (subclause 32(2)).

 

It is anticipated that injunctions could be used in addition to a civil proceeding under Part 4 of the Bill, where the ACA wished not only to require an order for payment of a penalty for a breach, but also wanted an order which could prevent a person from contravening the provision in the future.  Alternatively, an injunction may be sought instead of a prosecution.  For example, if the ACA is of the view that a person has been involved in a minor breach of the Bill and wishes to ensure that they do not do so in the future. 

 

Clause 33 - Interim injunctions

 

Grant of interim injunction

 

Provision is also made for the Federal Court to grant interim injunctions before the Court considers an application for an injunction (clause 33(1)).

 

No undertaking as to damages

 

The Federal Court will not be able to require an applicant for an injunction under clause 32, as a condition of granting an interim injunction, to give any undertakings as to damages (subclause 33(2)).

 

Clause 34 - Discharge etc of injunctions

 

This clause provides that the Federal Court may discharge or vary an injunction granted under Part 5.

 

Clause 35 - Certain limits on granting injunctions not to apply

 

Restraining and performance injunctions

 

The power of the Federal Court to grant an injunction restraining a person from engaging in conduct (restraining injunction) or requiring a person to do an act or thing (performance injunction) will be able to be exercised whether or not:

 

·       it appears to the Court that the person intends:



-      to engage again, or continue to engage, in conduct of that kind; or



-      to refuse or fail again, or to continue to refuse or fail, to do that act or thing;



·       the person has previously engaged in conduct of that kind or has previously refused or failed to do that act or thing.

 

Clause 36 - Other powers of the court unaffected

 

The powers conferred on the Federal Court under Part 5 will not limit any other powers of the Court, whether conferred by the Bill or otherwise.

 

Part 6 - Enforceable undertakings

 

Part 6 of the Bill relates to enforceable undertaking which a person may give to the ACA.  This Part is based on section 87B of the TPA.

 

This permits the ACA to accept formal administrative undertakings in appropriate circumstances, rather than instituting proceedings under Part 4 of the Bill.  This Part does not preclude the ACA instituting proceedings against a person who has given such an undertaking for a breach of the Bill.  However, it is likely that in most cases the ACA will accept an undertaking instead of instituting proceedings.

 

Clause 37 - Simplified outline

 

Clause 37 provides a simplified outline if Part 6 to assist readers.  It provides that a person may give the ACA an enforceable undertaking in connection with a matter relating to commercial electronic messages or address-harvesting software.  The term ‘commercial electronic message’ is defined in clause 6 of the Bill and ‘address-harvesting software’ is defined in clause 4.

 

Clause 38 - Acceptance of undertakings

 

The ACA may accept a written undertaking from a person in relation to commercial electronic messages or address-harvesting software.

 

Subclause 38(2) provides that a person may withdraw or vary an undertaking at any time, but only with the consent of the ACA.

 

For example the ACA may accept an undertaking from a person that they will not send any further unsolicited commercial electronic messages, that they will implement (or rectify) an appropriate unsubscribe facility or that they will verify their contact address database to eliminate addresses that may have included from  past harvesting activities. 

 

It is anticipated that the terms of an undertaking relating to an alleged contravention of a civil penalty provision would bear a clear relationship with the contravention and would be proportionate to the contravention.

 

Clause 39 - Enforcement of undertakings

 

Clause 39 provides for the enforcement of undertakings where a person is in breach of an undertaking.

 

If a person breaches an undertaking then the ACA may apply to the Federal Court for an order. 

 

If the Court is satisfied that a person has breached a term of the undertaking then it may:

·                 direct the person to comply with the term of the undertaking;

·                 direct the person to pay the Commonwealth an amount up to the amount of any financial benefit the person has obtained that is reasonably attributable to the breach;

·                 direct the person to compensate any other person who has suffered loss or damage as a result of the breach (clause 40 sets out the matters to which the Court may have regard in assessing any loss or damage and the appropriate compensation);

·                 any other order that the Court considers appropriate (paragraph 39(2)(d)).

 

These orders are similar to those ancillary orders the Federal Court may make in relation to proceedings for breach of a civil penalty provision (see clauses 28 and 29).

 

Clause 40 - Assessment of compensation for breach of undertaking

 

This clause sets out the matters which the Federal Court may take into account in determining loss or damage and appropriate compensation if the Court has found that a person has breached a term of an undertaking relating to the sending of a commercial electronic messages.

 

Subclause 40(2) sets out those matters that the Court may have regard to in determining whether a person has suffered loss or damage as a result of a breach of a term of an undertaking and assessing the compensation.  They are:

·                 the extent to which any expenses incurred by the victim are attributable to dealing with the messages;

·                 the effect of dealing with the messages on the victim’s ability to carry on business or other activities;

·                 any damage to the reputation of the victim’s business that is attributable to dealing with the messages;

·                 any loss of business opportunities suffered by the victim as a result of dealing with the messages; and

·                 any other matters that the Court considers relevant.

 

These matters which the Court may take into consideration are very broad and would enable the Court, for example, to consider both the immediate costs a business has had to incur in dealing with being spammed, such as the time taken to delete messages,  but also the less common but potentially more serious circumstances, such as where the volume of spam has prevented or degraded the ability of a business to function efficiently, potentially degrading their reputation.

 

These are the same as those matters which the Court may have regard to under subclause 28(2) in to in determining whether a person has suffered loss or damage as a result of a contravention of clause 16 (relating to sending an unsolicited commercial electronic message) for the purposes of ordering compensation to the victim. 

 

Part 7 - Miscellaneous

 

Clause 41 - Formal warnings - breach of civil penalty provisions

 

This clause enables the ACA to issue a formal warning if a person contravenes a civil penalty provision (as defined in clause 4). 

 

It is intended to enable the ACA to formally indicate its concerns about a contravention of a civil penalty provision.  It may, for example, be issued in relation to minor contraventions where a simple warning is likely to suffice to cause a change in behaviour.  However, in the case of a serious, flagrant or recurring breach, the ACA may decide to take action under Part 4 without giving a prior formal warning.

 

The issuing of a formal warning does not prevent the ACA from initiating proceedings under Part 4 of the Bill for contravention of a civil penalty provision.

 

Clause 42 - Additional ACA functions

 

Clause 42 provides that the ACA’s functions include:

·          to conduct and/or co-ordinate community education programs about unsolicited commercial electronic messages and address-harvesting software, in consultation with relevant industry and consumer groups and government agencies;

·          to conduct and/or commission research into issues relating to unsolicited commercial electronic messages and address-harvesting software;

·          to liaise with regulatory and other relevant bodies overseas about co-operative arrangements for the prohibition or regulation of unsolicited commercial electronic messages and address-harvesting software.

 

These functions form part of the ACA’s ‘telecommunications’ functions, which are set out in section 6 of the ACA Act (see item 42 of Schedule 1 to the Spam Consequentials Bill, which inserts proposed subparagraph 6(j)(ib) to include functions conferred on the ACA under the Spam Act in its telecommunications functions).

 

The conferring of these functions on the ACA does not in any way limit the executive powers of the Commonwealth.  This provision simply enables the ACA to carry out certain functions.  It is possible for the executive government to also carry out these functions in relation to unsolicited commercial electronic messages.  Paragraph 42(a) specifically envisages that the ACA will conduct and co-ordinate community education programs about commercial electronic messages in consultation with government agencies (for example NOIE), as well as relevant industry and consumer groups.

 

Clause 43 - Operation of State and Territory laws

 

Clause 43 provides that the Bill is not intended to exclude or limit the operation of a law of a State or Territory to the extent that that law is capable of operating concurrently with the Bill.

 

While there are currently no State and Territory laws specifically regulating commercial electronic messages, this clause has been included to ensure that any State or Territory law that is capable of operating concurrently with the Bill is not affected by the Bill in this regard.

 

Clause 44 - Implied freedom of political communication

 

Clause 44 provides that this Bill does not apply to the extent (if any) that it would infringe any constitutional doctrine of implied freedom of political communication.



Clause 45 - Giving effect to international conventions

 

Clause 45 provides that the regulations may make provision for and in relation to giving effect to an international convention that deals with commercial electronic messages and/or address-harvesting software.

 

This provision has been included as it is anticipated that Australia will enter into multilateral arrangements with other countries concerned about the regulation of spam.   This will enable regulations to be made giving effect to these agreements once in place.

 

The term ‘international convention’ is defined in clause 4 to mean a convention to which Australia is a party, or an agreement between Australia and a foreign country.   An international convention may mean a treaty which Australia has signed and/or ratified.  It also includes other agreements between Australia and a foreign country. 

 

‘Commercial electronic message’ is defined in clause 6 of the Bill and ‘address-harvesting software’ is defined in clause 4 of the Bill.  The meaning of these terms is discussed in greater detail above under these clauses.

 

Subclause 45(2) specifically provides that the regulations may vest the Federal Court with jurisdiction in a matter arising under the regulations, may prescribe penalties (up to a maximum of 50 penalty units (a penalty unit is currently $110, so it would be a maximum of $5, 500 for offences against the regulations), or declare that a specified provision of the regulations is a civil penalty provision for the purposes of the Bill.

 

Clause 46 - Review of operation of Act

 

Clause 46 provides a review provision.  It provides that within two years of the commencement of this provision (that is, two years starting from 120 days after Royal Assent, see item 6 of the table in clause 2 of the Bill) the Minister must cause a review of the Spam Bill to be conducted.  The review is to consider the operation of:

·          the Spam Bill;

·          the Telecommunications Act to the extent to which that Act relates to the Spam Bill;

·          Part 6 of the Telecommunications Act (which deals with industry codes and standards) to the extent to which Part 6 broadly relates to commercial electronic messaging.

 

A report must be prepared and tabled in each House of Parliament within 15 sittings days of its completion (subclauses 46(2) and (3)).

 

Clause 47 - Regulations

 

Clause 47 is a general regulation-making power.  It provides that the Governor-General may make regulations prescribing matters required or permitted to be prescribed by this Bill or necessary or convenient to be prescribed for carrying out or giving effect to the Bill.

 

Numerous provisions throughout the Bill set out certain things that the regulations may provide for.  For example paragraph 6(1)(p), subclause 6(7), clause 45, clauses 2(1)(c) and 5 of Schedule 1,clause 5 of Schedule 2, and clause 4(1)(f) of Schedule 3.

 

Schedule 1 - Designated commercial electronic messages

 

Schedule 1 sets out the meaning of a ‘designated commercial electronic message’ for the purposes of this Bill.  ‘Designated commercial electronic messages’ are exempt from the prohibition on sending unsolicited commercial electronic messages (in clause 16 of the Bill), and the prohibition on sending commercial electronic messages unless they have a functional unsubscribe facility (in clause 18 of the Bill).  These messages will still be subject to the requirement to include accurate sender information (see clause 17) where they fall within the meaning of a commercial electronic message.

 

In essence there are four categories of ‘electronic messages’ which are ‘designated commercial electronic messages’ and excluded from certain rules relating to the sending of such messages.  They are:

 

·          messages which contain primarily factual information;

·          messages sent by government bodies, political parties, religious organisations or charities;

·          certain messages sent by educational institutions; and

·          messages specified in the regulations.

 

Clause 1 - Object

 

Clause 1 of Schedule 1 provides that the object of Schedule 1 is to define the expression ‘designated commercial electronic message’.  The notes to this clause point out that designated commercial electronic message must comply with clause 17 (ie the requirement that commercial electronic messages must include information about the individual or organisation who authorised the sending of the message), but that they are exempt from clauses 16 and 18 (prohibiting the sending of unsolicited commercial electronic messages and the requirement to provide a functional unsubscribe facilities).

 

Clause 2 - Factual information

 

Clause 2 of Schedule 1 provides that an electronic message is a designated commercial electronic message if the message consists of no more than factual information with certain specified additional information.

 

This provision is designed to ensure that messages which may be seen to have some form of commercial element, but which are primarily aimed at providing factual information are not covered by the rules relating to commercial electronic messages in clauses 16 and 18 of the Bill.  Many firms and organisations provide newsletters and updates of this type which are of benefit to sections of the general or business community and it is not intended to prevent this beneficial activity.

 

The following are examples of messages which would come within this exclusion:

 

·          an electronic message from a private law firm which includes an information sheet outlining the effects of a particular court decision.  At the bottom of sheet the law firm may have the firm name, address, contact details and logo.  Of itself this message could be seen to be commercial in nature as ultimately the message is designed in some way to promote the interests of the private law firm. However the messages primary intent is to provide factual information;

·          an electronic version of a neighbourhood watch newsletter which is sponsored by the local newsagent (see paragraph (1)(vi));

·          an electronic newsletter from the local chamber of commerce which is sponsored by one of their members (see paragraph (1)(vi));

·          an e-mail message promoting a birdwatching enthusiasts’ website with a link to the website, where the website provides purely factual information relating to birdwatching but is sponsored by a commercial entity (see paragraph (1)(vi)).

 

Paragraphs 2(1)(a)(i) to (viii) set out the additional information which may be included in a message.  It includes:

 

·          the name, logo and contact details of the author, the individual or organisation who authorised the sending of the message, the author’s employee, the partnership (where the author is a partner in a partnership), the organisation (where the author is a director or officer of an organisation), or the sponsor of the message (where the message is sponsored);

·          accurate information identifying the person or organisation who authorised the sending of the message (as required to be included by clause 17);

·          an unsubscribe message (ie information that would have been required to be included by clause 18, if that section had applied to the message).

 

Paragraph 2(1)(b) of Schedule 1 is included to ensure that a loophole is not created to enable certain commercial messages which include factual information to come within this exclusion.  It provides that a message is only a designated commercial electronic message if the message would not have come within the meaning of a commercial electronic message (as defined in clause 6) if the additional information had not been included.  The following are examples of messages not covered by this exclusion because they would be covered by the definition of a commercial electronic message in clause 6:

 

·          an electronic message which states that television sets are all 20 percent off a major retailer this week with a link to the retailer's website, or the contact details for the retailer.  While this message may contain purely factual information (ie it is in fact true that all television sets are 20% off this week) it falls outside this exclusion as the factual information would have brought the message within the meaning of a commercial electronic message (under clause 6);

·          an electronic message which states that all the girls whose photos appear at a particular site are over 18 years of age would not be covered by this exclusion.  While the statement may be factual it falls outside this exclusion because the message comes within the meaning of a commercial electronic message;

·          a message discussing erectile dysfunction and containing a link to a site where viagra is sold would likewise fall outside this exclusion as the link has brought the message within the meaning of a commercial electronic message (under clause 6) except for this exception.

 

Paragraph 2(1)(c) of Schedule 1 enables regulations to specify other conditions which must be satisfied before a message can come within this exclusion.  This regulation- making power is intended to be a reserve power to be used if necessary to ensure that organisations do not attempt to come within this exclusion for messages which are clearly not intended to be excluded from the scope of this Bill. 

 

Clause 3 - Government bodies, political parties, religious organisations and charities

 

Clause 3 of Schedule 1 provides that an electronic message is a ‘designated commercial electronic message’ if the sending of the message is authorised by a government body, a registered political party, a religious organisation, a charity or charitable organisation, and the message relates to goods or services, and the body is the supplier, or prospective supplier of the goods or services concerned.

 

This clause is broadly intended to exclude messages sent by governments, registered political parties, religious organisations and charities from the prohibition on sending unsolicited commercial electronic messages, and the requirement to contain a functional unsubscribe facility.  This aims to ensure that there is no unintended restriction on government to citizen or government to business communication, nor any restriction on religious or political speech.

 

A ‘government body’ is defined in clause 4 of the Bill.  It means a department, agency, authority or instrumentality of the Commonwealth, State, Territory or of a foreign government or a government of part of a foreign country.  The term ‘registered political party’ is also defined in clause 4.  This minimises the risk of persons attempting to come within this exemption by arguing that they are a political party, for example because they are a collection of individuals who believe in the same political ideas.  The term ‘religious organisation’ is to have their ordinary meaning.  A religious organisation would not include a person who argues that they believe in an ‘unknown’ god of healing.  The term ‘organisation’ implies a level of structure and organisation, rather than simply a collection of individuals with similar beliefs. 

 

The terms ‘charity’ and ‘charitable organisation’ are to be given their ordinary meaning.  However, it is noted that the Treasurer has released an exposure draft of a proposed Charities Bill which, if enacted, would provide a legislative definition of both a charity and charitable purpose which would apply to all Commonwealth law, replacing the existing common law interpretation.  The current exposure draft of the Charities Bill provides a core definition of a charity or charitable institution or other kind of charitable body based on the entity being not-for profit with a dominant charitable purpose, with some exceptions, for the public benefit.

 

It may be noted that many of the messages sent by such bodies and organisations are likely to fall outside the meaning of a commercial electronic messages and therefore not be subject to this Bill anyway.  For example, messages sent out by the Australian Electoral Commission (a government body) relating to enrolment and voting information would not be a commercial electronic message as it does not have a ‘commercial purpose’.

 

However in other cases, it may not be so clear whether or not the message has a commercial element.  For example where a church sends an electronic message relating to an upcoming fete, without a specific exclusion, it may come within the definition of a commercial message as it may be seen as advertising goods, and this exclusion has been provided to prevent undue or unforseen adverse consequences to the charitable sector.

 

Local government often provides services on a fee-for-service basis which are essential to the community, but electronic messaging about them might potentially be restricted, but for this exclusion.

 

This restriction on political parties does not apply however to individuals acting on their own motion within government, religious or charitable organisations.  For example if a Minister promoted tupperware or wine futures through electronic messaging, this exception would not apply.

 

This exclusion covers messages sent on behalf of these bodies or organisations.  For example if a charity contracted a third party to e-mail messages relating to its op shop then these messages would be covered by the exclusion.  The relevant test in clause 3 is if the relevant body authorised the sending of the message.

 

Not all messages sent by government bodies, registered political parties, religious organisations and charities, will be exempt from clauses 16 and 18.  If the message does not relate to goods or services, then it does not come within the meaning of as commercial electronic message (see paragraph 3(b)).  The term ‘goods’ is defined in clause 4.  For example, if a charity sent an electronic message relating to the supply of land then this would fall outside the exception. 

 

The exclusion is also limited by paragraph 3(c).  This paragraph provides that the exception only applies if the relevant body is the supplier or prospective supplier of goods or services concerned.  For example it would apply where an anti-cancer organisation was promoting their own range of anti-cancer products, but would not apply if they simply promoted an event from a hamburger or supermarket chain, where they receive a proportion of the proceeds from a product or event.

 

Clause 4 - Educational institutions

 

Clause 4 of the Bill provides that an electronic message is a ‘designated commercial electronic message’ if the sending of the message is authorised by an educational institution and certain conditions apply.  An ‘educational institution’ is defined in clause 4 of the Bill.  It includes a pre-school, primary school, high school, college, TAFE and university.

 

A message sent by an educational institution will only come within this exclusion if:

·          the relevant electronic account-holder is, or has been enrolled as a student in that institution;

·          a member or former member of the household of the relevant account-holder is, or has been, enrolled as a student in that institution;

·          the message relates to goods or services; and

·          the institution is the supplier, or prospective supplier, of the goods or services concerned.

 

The term ‘relevant electronic account-holder’ is defined in clause 4.

 

The following are examples of messages which would come within this exclusion:

·          an electronic message sent to students and former students regarding a school fete;

·          an electronic message sent to students and their families regarding a raffle the school was running;

·          an electronic message sent to graduates of an institution regarding upcoming postgraduate courses.

 

The following are examples of messages which would not be covered by this exclusion and consequently would be subject to clause 16 and 18 of this Bill:

·          an invitation to attend a law conference held at a university which is sent to all lawyers;

·          an electronic message sent to random addresses, or addresses with a specific postcode, rather than former students, by a private university advertising its courses or events.

 

Clause 5 - Regulations

 

Clause 5 sets out that the regulations may provide that a specified kind of electronic message is a designated commercial electronic message for the purposes of this Bill.  This regulation-making power has been included to ensure that if there are any unintended consequences of this Bill, regulations may be made to take messages which would not ordinarily be considered to be spam outside the scope of the Bill.  The effect of providing that a message is a designated commercial electronic message for the purposes of the Bill would be that a message would be exempt from the prohibition on sending commercial electronic messages (in clause 16) and the requirement to include a functional unsubscribe facility in the message (in clause 18).

 

Schedule 2 - Consent

 

Clause 1 - Object

 

Clause 1 sets out the object of Schedule 2, which is to set out the basic definition of consent when used in relation to the sending of an electronic message.  The concept of consent is a key element in the penalty provision in the Bill which prohibits the sending of unsolicited commercial electronic messages (see clause 16).  Subclause 16(2) provides that a contravention of subclause 16(1) does not happen if the relevant electronic account-holder consented to the sending of a message.

 

Schedule 2 sets out:

·          the basic meaning of consent;

·          rules relating to the authorisation of users of accounts consenting on behalf of the relevant electronic account-holder;

·          rules relating to when consent may be inferred from the publication of an electronic address, and

·          when withdrawal of consent takes effect.

 

Clause 2 - Basic definition

 

Clause 2 of Schedule 2 sets out the basic definition of consent for the purposes of this Bill.  Essentially consent can be express consent (paragraph 2(a)) or ‘inferred consent’ (paragraph 2(b)).

 

Express consent would cover when a person has specifically requested the sending of messages from the sender.  For example, the following are examples of what would amount to providing explicit consent:

·          the person has subscribed to the sender’s electronic advertising mail list;

·          the person has ticked a box in information provided to the person which consents to future electronic receipt of advertising material;

·          the person has specifically requested such material (either verbally or in writing) from the sender;

·          a person has voluntarily entered into an agreement to have their electronic address provided to third-parties for marketing purposes.

 

Paragraph 2(b) also makes it clear that certain conduct or relationships can give rise to an ‘inferred consent’.  It provides that consent includes consent that may reasonably be inferred from the conduct and the business and other relationships of the individual or organisation concerned.

 

For example if the person has an existing business relationship with the sender and as part of that relationship has knowingly and directly provided an electronic address to the sender, then it would be reasonable to infer that the person has consented to receiving commercial electronic messages from the sender.

 

The following are examples where it is possible that consent may be inferred:

·          in undertaking a purchase of goods or services the account-holder has provided an electronic address, except if in the circumstances a reasonable person would not expect to receive future messages.  For example if the recipient had merely provided the address for market research purposes then it would not be reasonable to infer that the person had consented to receiving commercial electronic messages from the sender;

·          an electronic address is provided with the expectation (or as a requirement) that it will be used in transactions, and may be used for additional communications (eg. online banking/online business);

·          online registration of a product/warranty;

·          the account-holder hands over a business card containing their electronic address to a commercial entity except if in the circumstances a reasonable person would not expect to receive future messages.  For example if the account-holder had provided the business card for work purposes then it would not be reasonable to infer that the person consented to receiving future commercial electronic messages from the sender which were not related to their work.  For example a public relations manager might reasonably expect to receive press releases announcing new products or promotions, but not a list of the weekly grocery specials.

 

In addition to inferring consent from a person’s conduct, it is possible to infer consent from the business and other relationships of the individual or organisation concerned.

 

The following are given by way of examples of the types of relationships from which consent may be reasonably inferred:

·          the account-holder purchased goods or services which involve ongoing warranty and service provisions.  For example if a person purchased a car which has a three year warranty from a dealer, then you can reasonably infer consent to receiving associated electronic messages from the dealer relating to the ongoing warranty and service of the car;

·          shareholders may reasonably infer consent to receive electronic messages from the company from which they hold shares, and the broker through whom they bought them;

·          magazine/newspaper subscriber;

·          subscriber to a service (including phone contracts);

·          registered user of online services;

·          utility/rate payers (is in a business relationship with utility company/ government body);

·          subscribers to information/advisory services;

·          financial members of a club;

·          professional association members;

·          frequent flyer/buyer club;

·          bank account holder;

·          superannuation subscriber;

·          purchasing a software license;

·          employer/employee;

·          business/contractor.

 

In addition to a pre-existing business relationship, consent may be inferred where another relationship, such as a family relationship exists.  For example if a person owns a nursery and sends an e-mail message advertising a sale of the goods at the nursery to their family and friends then, notwithstanding that a recipient may not have expressly consented to receiving such a message, consent may be reasonably inferred in this circumstance because of the relationship between the sender and the recipient. 

 

However consent will not always be inferred where there is a pre-existing relationship between a person and a business.  For example if a person:

·          purchases a t-shirt or groceries from a shop;

·          attends a concert, performance or movie;

·          uses a brand of ubiquitous software;

·          or makes a purchase or transaction as an anonymous entity;

then it would not be reasonable to infer that the person consented to receiving commercial electronic messages from the relevant shop or business simply because there was some pre-existing connection between the two parties.

 

The extent of the person’s consent will also depend on what can be reasonably inferred from the conduct and the relationship.  The extent of the consent will be a question of fact to be considered according to each particular set of circumstances.

 

If a person can establish that the relevant electronic account-holder has consented to the sending of the message (for example through establishing a pre-existing business relationship), then he or she will not be in breach of clause 16 (see subclause 16(2)).  The defendant bears the evidential burden of establishing consent (see subclause 16(5)).  This is discussed in greater detail under clause 16.

 

Clause 3 - Users of account authorised to consent on behalf of relevant electronic account-holder

 

Clause 3 of Schedule 2 in effect enables a person sending a message to an electronic account holder to assume that any consent, withdrawal of consent or refusal of consent has been authorised by the relevant account-holder.

 

Subclause 3(1) provides that if a person other than the relevant electronic account-holder uses the relevant account to send an electronic messages about consent, withdrawal of consent, or refusal of consent, that person is taken to have been authorised to send that message on behalf of the relevant account-holder. 

 

A relevant electronic account-holder is defined in clause 4.  It is defined to mean in effect the person (individual or organisation) who is responsible for the address. 

 

This is relevant to the penalty provision in clause 16 which provides that the prohibition on sending commercial electronic messages does not apply if the relevant electronic account-holder consented to sending the message.  Therefore if a person other than the person responsible for the account (for example a friend or family member using another person’s account) sends a message consenting to receiving commercial electronic messages from David Jones, then David Jones can act on sending the account-holder commercial messages.  This will be taken to have been authorised by the person responsible for the account.  A person can rely on this as a valid consent for the purposes of subclause 16(2).  The relevant electronic account-holder can of course withdraw this consent at a later date if he or she is not happy to receive such further messages.

 

This provision is necessary because it would be impractical for a sender of a commercial electronic message to verify that the sender of a message relating to consent from an electronic account was in fact the relevant account-holder.

 

Subclause 3(2) clarifies that this does not by implication limit the circumstances in which a person other than the relevant electronic account-holder may consent, withdraw consent or refuse consent on behalf of the relevant electronic account-holder.  This provision has been included to avoid doubt that subclause (1) may be read as limiting the ways in which a person may consent on behalf of another.  There may be other valid ways for a third party to consent on the relevant account-holder’s behalf.

 

Clause 4 - When consent may be inferred from publication of an electronic address

 

Subclause 4(1) makes it clear that for the purposes of this Bill, the mere fact that a relevant electronic address has been published does not mean that a person can infer that the relevant electronic account-holder consents to receiving commercial electronic messages.

 

Publish has been defined in clause 4 to mean publish on the Internet and publish to the public or a section of the public.  For example if a person places their e-mail address on a web page which is not generally available to the public such as a chatroom, or a subscriber webpage then it cannot be inferred that the ‘owner’ of the e-mail address has consented to receiving commercial electronic messages.

 

Similarly if a person’s address has been harvested from a public resource such as the Internet or the yellow pages, it cannot be inferred that consent has been given to receive commercial electronic messages. 

 

Exception - conspicuous publication

 

Subclause 4(2) of Schedule 2 provides an exception to the rule that consent may not be inferred from publication of an electronic address.

 

If a person has conspicuously published their work related electronic address that person is taken to have consented to receiving commercial electronic message to that address, so long as the messages are relevant to the relevant job function, and the person has not specifically provided that they do not wish to receive commercial electronic messages.

 

The consent will only be inferred if:

·          the electronic address is a work related address (paragraph 4(2)(a));

·          the address has been conspicuously published (paragraph 4(2)(b));

·          it would be reasonable to assume that the address was published with the relevant individual’s or organisation’s consent (paragraph 4(2)(c));

·          the publication does not specifically exclude consent (paragraph 4(2)(d)).

 

The consent is only to receive messages relevant to the person’s employment or role (paragraphs 4(2)(e) to (g)).

 

Paragraph 4(2)(a) sets out the types of electronic address covered by the exception:

·          an employee’s electronic address (for example jane.bloggs@noie.gov.au) ; or

·          the electronic address of  a particular director or officer of an organisation.  A director is defined in clause 4 to include a member of a governing body of an organisation.  This definition ensures that non-appointed directors are covered by this definition;

·          a partner’s address;

·          the electronic address of a particular statutory office holder (for example, chairman@aca.gov.au);

·          the electronic address of a self-employed individual (for example, a mobile phone number for Joe Bloggs, plumber);

·          the address of a person holding a particular office or position (for example recruitmentmanager@noie.gov.au);

·          the electronic address relating to a role performed by an individual or group within an organisation (for example, customerservice@telstra.com).

 

Paragraph 4(2)(b) requires that the electronic address has been conspicuously published. As discussed above, ‘publish’ has been defined in clause 4 to mean publish on the Internet and publish to the public or a section of the public.  This ensures that a narrow meaning cannot be attributed to publish.  It includes both hard copy publishing (for example in books or journals), as well as publishing on the Internet.  It also includes publishing to a limited audience (for example chatrooms) or to the public as a whole (for example in a generally available magazine).

 

Paragraph 4(2)(c) requires that it is reasonable to assume that the relevant employee, director, officer, partner, office-holder, self-employed individual or organisation agreed to the publication of the electronic address.  This means that if it is reasonably evident that an address has been  published without agreement of the relevant person then consent cannot be inferred.  For example if a list of e-mail addresses was published on a website or in an article by a spammer, it would not constitute consent for those individuals whose addresses were published to be sent unsolicited commercial electronic messages.

 

Paragraph 4(2)(d) provides that consent cannot be inferred from publication of an electronic address where the publication is accompanied by a statement to the effect that the relevant electronic account-holder does not want to receive unsolicited commercial electronic messages at that address, or a similar statement.  Statements such as “No spam”, “No UCE” (no unsolicited commercial e-mail) or “No junk mail” would all suffice for this purpose.

 

Paragraphs 4(2)(e) to (f) limits the consent which may be inferred in these circumstances to messages that are relevant to the relevant job or position.  For example if a recruitment officer for a mining company has published his or her electronic address then this would amount to inferred consent to receive messages relevant to recruitment related issues (ie messages relating to the function or role of recruitment manager).  However it would not amount to consent to receive messages relating to mining. 

 

For example if an employee of a private law firm published an article analysing the implications of a particular court decision in the Australian Law Journal and included their work e-mail address at the end of the article, assuming that they have not stated that they did not wish to unsolicited commercial electronic messages to that address, then they will be taken for the purposes of this Bill to have consented to the sending of such messages which are relevant to the legal subject matter.

 

Clause 5 - Regulations about consent

 

Clause 5 enables regulations to be made that set out the circumstances in which the consent of a relevant electronic account-holder may and may not be inferred.

 

This regulation-making power is intended to be used as a reserve power to remove any uncertainties in interpretation if necessary or to cover circumstances which would reasonably be considered to amount to inferred consent which may not yet be apparent.

 

Clause 6 - When withdrawal of consent takes effect

 

Clause 6 sets out when the withdrawal of consent takes effect for the purposes of this Bill.

 

Clause 6 applies where:

·          one or more electronic messages have been sent to the relevant electronic account-holder’s electronic address.  ‘Electronic message’ is defined in clause 5 and ‘relevant electronic account-holder’ is defined in clause 4 of the Bill;

·          that account-holder has consented to receiving the messages to that address.  The concept of ‘consent’ includes express or inferred consent;

·          an individual or organisation authorised the sending of those messages to that address.  The concept of ‘authorised’ is discussed in clause 8 for the purposes of the Bill; and

·          the relevant account-holder has sent a withdrawal of consent message.

 

When this withdrawal of consent takes effect depends upon the way in which the withdrawal message was sent.  If the withdrawal message is an electronic message (for example an e-mail message or an SMS message), the consent is withdrawn five business days after the day on which the message was sent (paragraph 6(1)(e)). 

 

If the message withdrawing consent is sent by post then the withdrawal of consent takes effect five business days after the day on which service of the message was effected.  That is five business days after the day on which the letter would be delivered in the ordinary course of post (see section 29 of the Acts Interpretation Act 1901 which provides that in the absence of a contrary intention, in the case of service by post, service will be effected at the time at which the letter would be delivered in the ordinary course of post) (paragraph 6(1)(f)).

 

If the message withdrawing consent is not an electronic message and is not sent by post then the withdrawal takes effect on the day on which the message was delivered (paragraph 6(1)(g)).  This provision has been included to cover delivery by hand and to ensure that if future technology enables a message to be sent another way, then the consent would take effect five days after the message’s delivery.

 

‘Business day’ is defined in subclause 6(2) as the day that is not a Saturday, Sunday or public holiday.  It is possible that the place from which a message is sent (for example the United States) and the place to which it is sent to (for example Australia) will have different public holidays.  Paragraphs (2)(a) to (c) are included to clarify to which locality’s business days the paragraphs are referring.

 

If the message is an electronic message (as defined in clause 5), for example an e-mail message or SMS message, then the relevant days to be measured are in terms of the place to which the message was sent.  For example if a message was sent from the United States to Australia, then the five business days is measured according to five business days in Australia.

 

If the message was sent by post then the relevant days to be measured are also in terms of the place to which the message was sent (paragraph (2)(b)).

 

If the message is not an electronic message and is not sent by post then the relevant days are to be measured in accordance with the place where the message was delivered.

 

Schedule 3 - Infringement Notices

 

Clause 1 - Object

 

This clause sets out the general object of Schedule 3, which is to set up a system of infringement notices for contraventions of civil penalty provisions.  Infringement notices will enable a more efficient means of dealing with minor contraventions as an alternative to instituting court proceedings for breach of a penalty provision.

 

Clause 4 defines the civil penalty provisions.  They are:

·          proposed subsections 16(1), (6) and (9) which set out the rules relating to sending unsolicited commercial electronic messages;

·          proposed subsections 17(1) and (5), which set out rules relating to the requirement to include accurate sender information in commercial electronic messages;

·          proposed subsections 18(1) and (6), which require commercial electronic messages to include a functional unsubscribe facility;

·          proposed subsections 20(1) and (5), which prohibit the supply of address-harvesting software and harvested-address lists;

·          proposed subsections 21(1) and (3), which prohibit the acquisition of address-harvesting software and harvested-address lists;

·          proposed subsections 22(1) and (3), which prohibit the use of address-harvesting software and harvested-address lists; and

·          a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

Clause 2 - Definitions

 

This clause sets out the definitions which are used in Schedule 3 of the Bill.

 

authorised person

 

An authorised person is the Chairman of the ACA, or a member of the ACA staff who is appointed in writing as an authorised person for the purposes of this Schedule (under clause 9 of the Schedule).

 

The definition of an authorised person is cental to the scheme of issuing infringement notices.  Only an authorised person can issue infringement notices under clause 3 of the Schedule.

 

civil contravention

 

This is defined to mean a contravention of a civil penalty provision.  Clause 4 of the Bill defines a civil penalty provision.  They are:

·          proposed subsections 16(1), (6) and (9) which set out the rules relating to sending unsolicited commercial electronic messages;

·          proposed subsections 17(1) and (5), which set out rules relating to the requirement to include accurate sender information in commercial electronic messages;

·          proposed subsections 18(1) and (6), which require commercial electronic messages to include a functional unsubscribe facility;

·          proposed subsections 20(1) and (5), which prohibit the supply of address-harvesting software and harvested-address lists;

·          proposed subsections 21(1) and (3), which prohibit the acquisition of address-harvesting software and harvested-address lists;

·          proposed subsections 22(1) and (3), which prohibit the use of address-harvesting software and harvested-address lists; and

·          a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

An infringement notice can be given when an authorised person has reasonable grounds to believe that a person has committed one or more civil contraventions (see clause 3 of Schedule 3).

 

infringement notice

 

The term ‘infringement notice’ is defined as an infringement notice given under clause 3.

 

Clause 3 - When an infringement notice can be given

 

This clause sets out when an infringement notice may be issued.  It provides that an infringement notice may be issued by an ‘authorised person’(the Chairman of the ACA or an appointed ACA staff member, see definition in clause 2), if he or she has reasonable grounds to suspect that a person has contravened a civil penalty provision in the Bill (see clause 2 above for definition of civil penalty provisions).

 

An infringement notice must be given within 12 months of the day that the contravention is alleged to have happened (subclause 3(2)).

 

Subclause 3(3) provides that this clause does not authorise the giving of two or more infringement notices to a person in relation to contraventions of a particular civil penalty provision that allegedly occurred on the same day.

 

Clause 4 - Matters to be included in an infringement notice

 

Clause 4 sets out the matters which must be included in an infringement notice.  In particular it provides that an infringement notice must:

·          set out the name of the person to whom the notice is given, that is the person who has allegedly contravened the civil penalty provision;

·          set out the name of the authorised person who gave the notice.  It is anticipated that as a matter of administrative practice the authorised person would sign the notice;

·          set out brief details of each of the alleged contraventions, or include the details on a data processing device (defined in clause 4 of the Bill) in electronic form which accompanies the notice.  It must include the date of when the contravention is alleged to have occurred and the particular provision that was allegedly contravened (see subclause 4(2));

·          set out that the Federal Court will not deal with the matters in the alleged contraventions if the penalty is paid to the ACA within the notified period (either 28 days after the notice is given or longer, if an extension of time for payment is granted by the ACA);

·          explain how the penalty may be paid;

·          set out any other matters (if any) which are specified in the regulations.

 

Subclause 4(2) sets out that the notice must include the date of the contravention and the civil penalty provision that was contravened, as part of the brief details about the alleged contravention (under paragraph (4)(1)(c)).  This does not limit the details which may be included under this paragraph.

 

Subclause 4(3) provides that information cannot be included in a data processing device (under subparagraph 4(1)(c)(ii)) unless, at the time that the notice was given, it was reasonable to expect that the information would be readily accessible so as to be useable for subsequent reference.  A data processing device is defined in clause 4 of the Bill.  This provision ensures that if the infringement notice is accompanied by a data disk, for instance, that contained details of the alleged civil contraventions, that the contained data would have to be in a readily readable form, or accompanied with a program that would make the data readily readable.

 

This clause does not in any way limit the operation of the Electronic Transactions Act 1999 (subclause 4(4)).

 

Clause 5 - Amount of penalty

 

Clause 5 sets out two tables indicating the pecuniary penalties payable under an infringement notice.  The first table deals with notices given to a body corporate and the second table deals with notices given to an individual.

 

The following are civil penalty provisions (as defined in clause 4) for which an infringement notice may be payable:

 

·       subclauses 16(1), (6) and (9) relating to sending unsolicited commercial electronic messages;



·       subclauses 17(1) and (5), relating to commercial electronic messages including accurate sender information;



·       subclauses 18(1) and (6), relating to commercial electronic messages including a functional unsubscribe facility;



·       subclauses 20(1) and (5), 21(1) and (3) and 22(1) and (3), relating to supplying, acquiring and using address-harvesting software and harvested-address lists; and



·       a provision of the regulations that is declared to be a civil penalty provision in accordance with paragraph 45(2)(c).

 

The penalty payable will depend upon:

·          whether or not the breach is by a body corporate or an individual.  The penalties for bodies corporate are five times that for an individual.  This is consistent with criminal offences which provide for the penalties for corporations to be five times that for an individual (see subsection 4B(3) of the Crimes Act);

·          the nature of the contravention (contraventions of the main penalty provisions in subclauses 16(1), (6) or (9) attract a higher penalty than contraventions of other civil penalty provisions).  The penalty payable for a breach of clause 16 is double that payable for a breach of the other penalty provision; and

·          whether the notice relates to a single alleged contravention, between one and fifty alleged contraventions, or more than 50 alleged contraventions.  The penalty payable for more than 50 alleged contraventions is 50 times that for a single contravention. 

 

Summary of penalties

 

Body corporate for single alleged contravention

 

The pecuniary penalty payable by a body corporate for a single alleged contravention:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be 20 penalty units, currently $2,200  (item 1 of table 1);

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will be 10 penalty units, currently $1,100  (item 4 of table 1);

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be 10 penalty units, currently $1,100  (item 4 of table 1); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be 10 penalty units, currently $1,100  (item 4 of table 1).

 

Individual for single alleged contravention

 

The corresponding pecuniary penalty payable for contraventions of these provisions by an individual for a single alleged contravention will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages) - 4 penalty units, currently $440 (item 1 of table 2);

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - 2 penalty units, currently $220 (item 4 of table 2);

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - 2 penalty units, currently $220 (item 4 of table 2); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) - 2 penalty units, currently $220 (item 4 of table 2).

 

An additional penalty is provided for bodies corporate and individuals where the infringement notice relates to between one and fifty alleged contraventions.



 

Body corporate - 1-49 alleged contraventions

 

The pecuniary penalty payable by a body corporate where the notice relates to more than one but fewer than fifty contraventions:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be the number obtained by multiplying 20 times by the number of alleged contraventions (item 2 of table 1);

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will the number obtained by multiplying 10  times by the number of alleged contraventions (item 5 of table 1);

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be the number obtained by multiplying 10 times by the number of alleged contraventions (item 5 of table 1); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be the number obtained by multiplying 10 times by the number of alleged contraventions (item 5 of table 1).

 

Individual - 1-49 alleged contraventions

 

The corresponding maximum pecuniary penalty payable for contraventions of these provisions by an individual with a prior record, will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages) - the number obtained by multiplying four times by the number of alleged contraventions (item 2 of table 2);

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - the number obtained by multiplying two times by the number of alleged contraventions (item 5 of table 2);

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - the number obtained by multiplying two times by the number of alleged contraventions (item 5 of table 2); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) - the number obtained by multiplying two times by the number of alleged contraventions (item 5 of table 2).

 

Body corporate - 50 or more alleged contraventions

 

The penalty payable for a body corporate where the notice relates to 50 or more contraventions:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages), will be 1,000 penalty units, currently $110,000  (item 3 of table 1);

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) will be 500 penalty units, currently $55,000 (item 6 of table 1);

·                 subclause 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) will be 500 penalty units, currently $55,000 (item 6 of table 1); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) will be 500 penalty units, currently $55,000 (item 6 of table 1).

 

Individual - 50 or more alleged contraventions

 

The corresponding penalty payable for an individual where the notice relates to 50 or more contraventions will be:

·                 subclauses 16(1), (6) or (9) (prohibition on sending unsolicited commercial electronic messages) - 200 penalty units, currently $22,000 (item 3 of table 2);

·                 subclauses 17(1) and (5) (requirement to include accurate sender information in commercial electronic messages) - 100 penalty units, currently $11,000 (item 6 of table 2);

·                 subclauses 18(1) and (6) (requirement to include a functional unsubscribe facility in commercial electronic messages) - 100 penalty units currently $11,000 (item 6 of table 2); and

·                 subclauses 20(1) and (5), 21(1) and (3), and 22(1) and (3) (prohibition on supplying, acquiring and using address-harvesting software and harvested-address lists) -100 penalty units currently $11,000 (item 6 of table 2).

 

A penalty unit is defined in section 4AA of the Crimes Act.  It is currently $110.

 

Clause 6 - Withdrawal of an infringement notice

 

This clause provides for an authorised person (the Chairman of the ACA or an appointed ACA staff member, see definition in clause 2 of this Schedule), to withdraw an infringement notice that has been given to a person in relation to a contravention of a civil penalty provision (subclauses 6(1) and (2)).  The withdrawal notice must be in writing.

 

A withdrawal of a previously issued infringement notice may be considered for example where further evidence has come to light since the issuing of the infringement notice to suggest that a person has not contravened a civil penalty provision, or alternatively that further evidence suggests that the breach is more serious than initially believed and consequently would be more appropriately dealt with by a court rather than an infringement notice.

 

This withdrawal notice may be given by someone other than the authorised the infringement notice in the first instance.

 

If an infringement notice is withdrawn after the penalty specified in the notice has already been paid, then the Commonwealth is liable to refund this amount.  Section 28 of the Financial Management and Accountability Act 1997 provides for the appropriation of the Consolidated Revenue Fund for the purposes of paying such a refund.

 

Clause 7 - What happens if the penalty is paid

 

If a person has been given an infringement notice and the penalty has been paid in accordance with the notice, and the infringement notice has not subsequently withdrawn, then any liability of the person for the alleged contravention is discharged (subclauses 7(1) and (2)). 

 

The ACA cannot institute proceedings under Part 4 of this Bill for any alleged contravention of a civil penalty provision which has already been dealt with by way of an infringement notice (subclause 7(3)).

 

Clause 8 - Effect of this Schedule on civil proceedings

 

Clause 8 specifically provides that nothing in this Schedule:

 

·          requires an infringement notice to be given in relation to an alleged civil contravention.  The decision whether or not to issue an infringement notice is at the discretion of the authorised person;

·          affects the ability of a person to have court proceedings brought against them under Part 4 if the person does not comply with an infringement notice, an infringement notice is not given to a person, or an infringement notice is withdrawn;

·          limits the Federal Court’s discretion to determine the amount of a penalty to be imposed on a person who is found in proceedings under Part 4 to have committed a civil contravention.

 

Part 4 of the Bill sets out the penalties which apply for contravention of civil penalty provisions, and the action which may be taken to recover these penalties.  In essence civil penalty provisions may attract pecuniary penalties (as set out in clause 24 of the Bill).  Criminal proceedings may not be brought against a person for breach of a civil penalty provisions (see clause 27 of the Bill).

 

Clause 9 - Appointment of authorised person

 

This clause enables the ACA to appoint, in writing, a member of the ACA staff as an authorised person for the purposes of Schedule 3.  An authorised person is able to issue infringement notices under this Schedule, under clause 3, and may withdraw notices (clause 6). 

 

In addition to those staff specifically appointed as authorised persons under this clause, the Chairman of the ACA is an authorised person for the purpose of this Schedule (see definition of an authorised person in clause 2).  He or she is automatically considered an authorised person without any need to be appointed as such under clause 9.

 

Clause 10 - Regulations

 

This clause provides that the regulations may make further provision in relation to infringement notices.  A general regulation-making power is provided in clause 47 of the Bill.

 




[1] http://rfc.sunsite.dk/rfc/rfc706.html

[2] ARPA, the Advanced Research Projects Agency, was created in 1958 as part of the US Department of Defense.  ARPAnet enabled scientists and the military to share computer resources and collaborate on research projects.  It was the network that formed the basis for the Internet.

[3] http://www.the-dma.org/cgi/disppressrelease?article=354++++++

[4] Report to the Federal Trade Commission of the Ad-hoc Committee on Unsolicited Commercial E-mail. http://www.cdt.org/spam

[5] Commission of the European Communities Unsolicited Commercial Communications and Data Protection: Summary of Study Findings January 2001 page 9 (Note: all currency conversions undertaken on 31 January 2003).

[6] “Spam Control: Problems and Opportunities”: http://www.ferris.com/offer/spam.html#report1. See also http://www.internetnews.com/IAR/artcle.php/1564761.

[7] http://www.star.net.uk/about/about_press_1001_1.asp.

[8] http://www.surfcontrol.com/resources/Anti-Spam_Study_v2.pdf

[9] http://www.erado.com/ Erado%20Border%20Services%20White%20Paper.pdf

[10] www.almaden.ibm.com/cs/k53/pmail/pmail.ppt

[11] http://www.gip.org/publications/pa p ers/Spam061802.as p

[12] Estimates of the average size of an e-mail vary but are commonly in the range of 2 to 10 kilobytes.

[13] See www.easylink.com/services_north_america/ 1_5_boundary.cfm

 

[14] http://www.caube.org.au/australia.ht m

[15] http://www.caube.org.au/spamstats.html

[16] http://www.newsfactor.com/perl/story/20447.html

[17] For reasons of clarity and brevity the five sections of the Criminal Code discussed in this report have been paraphrased.  These sections in their original form are available at http://scaleplus.law.gov.au/html/pasteact/3/3486/0/PA000070.htm

[18] Restricted data is defined as data held in a computer and to which access is controlled by an access control system

[19] http://www.xmission.com/help/e-mail/relays.html