June 2006

SPAM ACT 2003 (CTH) - FIRST SUCCESSFUL PROSECUTION

REVIEW OF SPAM ACT 2003 (CTH)

Operation of the Spam Act 2003 (Cth)

"Spam" is the term used to describe electronic "junk mail" that is sent without the recipient's express permission. It is a global problem that inhibits the efficient function of the internet and increases the costs incurred by both Internet Service Providers (ISPs) and internet users. In 2003, the National Office for the Information Economy (NOIE) [1] estimated that spam accounted for 20% to 35% of Australia's electronic messages. [2] Australia was one of the first countries to address the need to reduce spam by introducing the Spam Act 2003 (Cth) ( "the Act"). The Act is enforced by the Australian Communications and Media Authority (ACMA), who is responsible for investigating complaints made by individuals and organisations that receive spam.

Since the Act came into force in April 2004, there have been two significant developments. Firstly, in April 2006, ACMA successfully prosecuted its first case in the Federal Court under the Act: Australian Communications and Media Authority v Clarity1 Pty Ltd [2006] FCA 410 ( "the Clarity1 decision"). Secondly, in accordance with s.46 of the Act, the Minister for Communications, Information Technology and the Arts reviewed the operation of the Act two years after its commencement and tabled the resulting report in Parliament on 22 June 2006.

Provisions of the Spam Act 2003 (Cth)

Unsolicited commercial electronic messages

The object of the Act is to prohibit the sending of unsolicited commercial electronic messages ( "CEM") and to reduce Australia as a source of spam. [3] Thus, under s.16(1) of the Act, a person must not send or cause to be sent, an unsolicited CEM. Under ss 5 and 6 of the Act, an unsolicited CEM is an email, instant message, short message service (SMS) or multimedia message that offers, advertises or promotes goods, services, investment opportunities or interests in land. It must be sent from, or accessed, in Australia ( the "Australian link" requirement) to be caught by the Act. [4]

A single unsolicited CEM will contravene the Act and formal warnings, infringement notices, enforceable undertakings, injunctions, monetary fines or prosecution may result. However, such a CEM will not constitute spam if it includes accurate sender information under s.17 and contains a functional unsubscribe facility under s.18, that enables users to contact the sender and opt-out of receiving CEMs.

Electronic messages from government bodies, political parties, religious organisations, charities or educational institutions that promote their goods or services constitute "designated CEMs" and are exempt from the operation of the Act. [5] Electronic messages that contain factual information such as homepage links or business logos are also considered designated commercial electronic messages under the Act and do not constitute spam.

Messages are not prohibited if the recipient expressly or inferably consents to receiving them, the latter of which arises from their conduct or "business relationships". [6] Consent will not be inferred from the mere publication of an electronic address on the internet or in public, unless such publication is "conspicuous". Conspicuous publication occurs where publication of an electronic address is not accompanied by a statement requesting not to receive unsolicited CEMs, and the messages received are relevant to the work-related business, functions, duties, office, position or role of the recipient. [7]

Address harvesting

In addition, both address-harvesting software that searches the internet for and collects or harvests electronic addresses, and any resulting harvested-address lists, must not be supplied, acquired or used. [8] Formal warnings, infringement notices, enforceable undertakings, injunctions, monetary fines or prosecution may result from such contraventions.

Australian Communications and Media Authority v Clarity1 Pty Ltd [2006] FCA 410 ( The Clarity1 decision)

The Clarity1 decision which was handed down on 13 April 2006 was the first successful prosecution under the Spam Act for unsolicited CEMs by the regulator, ACMA. ACMA alleged that Clarity1 Pty Ltd (" Clarity1") sent over 270 million unsolicited CEMs to electronic addresses in both Australia and the United Kingdom that promoted business seminars and manuals. Nicholson J held that all but 182 of such messages contravened s.16(1) of the Act.

The fact that a significant proportion of the emails were sent to electronic addresses in the United Kingdom did not preclude them from contravening the Act, because they still satisfied the "Australian link" requirement in s.7 of the Act by being sent by a person who was physically present in Australia, using servers and devices located in Australia. [9]

Nicholson J also confirmed that the recipients of the emails did not inferably consent to receiving them simply because they did not utilise the unsubscribe facility provided. His Honour stated that "[t]he mere fact that Clarity1 sent a CEM to an electronic address and did not receive a response from the recipient does not provide a proper foundation for an inference of consent". [10] This is because it is common for recipients to delete or ignore spam without reading it, thus they may never become aware of the existence of the unsubscribe facility. This was compounded by the fact that Stealth Mail Master software was used to randomise the email header and disguise the true IP address of the sender, thus recipients may be reluctant to open these messages. [11]

Clarity1 Pty Ltd submitted that a "business relationship" upon which an inference of consent could be based under Sch 2 cl 2 of the Act arose between Clarity1 and the recipients of their emails. Nicholson J held that such a business relationship existed with 182 of the recipients, because they evinced an intention to trade by purchasing goods from Clarity1. Thus, the CEMs send to them did not constitute spam. His Honour also noted that a business relationship between a vendor and customer may be established in circumstances where it can be reasonably inferred that the customer "wishes to be kept aware of the business of the vendor…", unless the recipient evinces an intention to the contrary. [12]

The Court also held that Clarity1 had also used address-harvesting software to compile lists of electronic addresses from the Internet and also purchased harvested-address lists to distribute electronic messages, in contravention of ss 21 and 22 of the Act. Although software was used to compile the lists prior to the commencement of the Act, Nicholson J held that this did not preclude infringement.

A penalty for these breaches of the Act is yet to be imposed.

Report on the Spam Act 2003 Review

The Department of Communications, Information Technology and the Arts ( DCITA)'s recent review of the Spam Act, found that since April 2004, the proportion of spam originating in Australia had significantly decreased. In July 2004, just three months after the commencement of the Act, one well-known Australian spammer had left the country and many other major spammers had ceased their spamming operations. [13] To date, the ACMA has issued 10 formal warnings and 13 fines of more than $20,000 to businesses that have promoted their goods and services via email and SMS. More than 600 businesses have also been ordered to modify their existing email and SMS marketing strategies to conform to the Act. [14]

While conducting the review, the DCITA received 64 submissions from government organisations, consumers, industry bodies and general members of the public, with concerns about the operation of the Spam Act. These bodies particularly noted that electronic messages of a fraudulent and malicious nature are increasingly being distributed, as well as emails that carry viruses and Trojan horses. [15] Despite this, the DCITA recommended that the definition of "commercial electronic message" in s 6 should not be broadened to brand them as spam. They stated that "a range of complementary legislation is already in place" to regulate the distribution of these messages. This includes the Trade Practices Act 1974 (Cth) and Cybercrime Act 2001 (Cth). Furthermore, initiatives by the Australian Competition and Consumer Commission ( ACCC) such as the establishment of the Australasian Consumer Fraud Taskforce, are also in place to protect consumers against frauds and scams. [16]

The review also found that facsimile transmissions are increasingly being used to send spam, which currently do not constitute unsolicited CEMs under the Act. The DCITA proposed that additional industry and consumer consultation is necessary to determine whether the definition of "electronic message" in s 5 should be extended to incorporate this medium.

Although the review found that the majority of spam received in Australia originates overseas, the DCITA recommended that the "Australian link" requirement in s.7 remain unchanged. [17] Australia should instead enter into anti-spam agreements and "information sharing partnerships" with overseas anti-spam enforcement agencies to combat this global problem. [18]

To strengthen the operation of the Act, the DCITA stated that increased public awareness is also necessary. Educational activities should be developed that address the types of messages that constitute spam and the situations in which consent to receiving CEMs will be inferred. [19]

Complementary measures that minimise spam

Given the global nature of spam and the dynamic nature of the internet, it is evident that legislative measures alone are insufficient to minimise unsolicited CEMs. The Australian government recognised this when implementing the Spam Act, and developed a "multi-layered" strategy to address the problem, which consists of industry participation, education, technological measures and international cooperation.

In response, industry has recently developed two codes of practice to fulfil the objects of the Act. The Australian eMarketing Code of Practice establishes "comprehensive industry rules and guidelines for the sending of commercial electronic messages with an Australian link". [20] The Internet Industry Association Spam Code of Practice sets out how internet and email service providers will "address the sources of spam within their own networks" and requires that end-users be informed about how to minimise spam using filtering techniques. [21] Such filtering techniques have been implemented by both ISPs and end-users and are proving successful to reduce spam. In addition, the ACMA has developed the "SpamMATTERS" reporting and forensic analysis system, which end-users can install in their email programs, allowing them to click a special button that instantly deletes spam and reports it to the ACMA. [22] International cooperation is also being actively sought, particularly through the establishment of the Seoul-Melbourne Multilateral Anti-Spam Agreement, which comprises 12 internet and communications bodies from the Asia-Pacific that all aim to protect the information economy by "exchanging information on technical, educational and policy solutions to the spam problem". [23] Other jurisdictions have also enacted anti-spam laws, as did the United States in 2003 with the Controlling the Assault of Non-Solicited Pornography and Marketing Act ( " Can-Spam Act"), which is modelled on Australia's Spam Act.

Conclusion

The implementation of the Spam Act in Australia has been a positive step in minimising the burden imposed on both the Internet industry and Internet users as a result of voluminous unsolicited CEMs. As the Clarity1 decision demonstrates, the ACMA is actively enforcing the Act, which highlights the need for Australian businesses and organisations that market their goods and services via electronic messages to ensure they strictly comply with its provisions. This should also be complemented by both industry and international cooperation, protection via technological filtering mechanisms and greater public education about the importance of minimising spam.

For further information contact:

Stephens Lawyers & Consultants

Level 3, 530 Lonsdale Street

Melbourne VIC 3000

Phone: (03) 8636 9100

Fax: (03) 8636 9199

Email: stephens@stephens.com.au

Website: www.stephens.com.au

All Correspondence to:

PO Box 13286

Melbourne Law Courts

Melbourne VIC 3000

** Written by Sandi Montalto. Edited by Katarina Klaric

To register for newsletter updates and to send your comments and feedback, please email stephens@stephens.com.au

Subscribe/Unsubscribe