anti spam team case studies international training program bruce matthews manager, anti spam team...
TRANSCRIPT
Anti Spam Team Case Studies International Training Program
Bruce Matthews Manager, Anti Spam Team
Converging Services BranchACMA
Key points to understandAustralia’s Spam Act has number of key requirements• Messages must be ‘commercial electronic messages’• ONE message is sufficient – does not rely on ‘bulk’• Australian legislation is ‘OPT IN’ legislation, not ‘OPT
OUT’ – consent to receive the message must be ‘prior’ to the sending of the message
• Does allows the sending by a business when existing business relationship
Enforcement Options under Spam Act
1. Educational contact
2. Formal Warning Letters
3. Enforceable Undertakings
4. Fines
5. Prosecution in Federal Court
Complaints ProcessComplaint Received
No Action Possible – Eg. Outside of Act Scope
First / Minor Complaints
Multiple / Serious Complaints
Educational Contact
Formal action Refer to Investigations Team
1. Educational Contact
• ACMA seeks to assist legitimate companies to comply with the Spam Act
• If a complaint is the first lodged about the company, ACMA contacts the sender to:– Inform them of the Spam Act requirements
– Let them know there has been a complaint
– Give them general information to assist them to comply with the Act, and specific information to address complainant’s issue
• Over 900 companies contacted since 2004
2. Formal Warning Letters
• Similar to Educational Contact• Often used when a company makes serious errors in
Spam Act compliance in first use of e-marketing• 11 Formal Warnings issued since commencement of
Act
3. Enforceable Undertakings
• Permits company or individual to enter into agreement with ACMA about matters regulated by Spam Act
• If the company or individual then breaches the undertaking, they can be pursued in the Federal Court
• Used 6 times since commencement of Act
4. Fines
• ACMA has the ability to impose fines • Can only be used when there has been a clear breach• Often used when a new practice has emerged that is
in breach of the Act– Resultant publicity sends strong message to other relevant
businesses that may seek to use the same practice
• Fines have been issued to 5 companies/individuals
5. Prosecution in the Federal Court
• Only expected to be used for ‘professional’ spammers• Very long and resource intensive process• ACMA has only initiated one case in the Federal
Court to date, against Mr Wayne Mansfield and his company, Clarity1 (trading as Business Seminars Australia).
Business Seminars Australia / Wayne Mansfield
• BSA / Mansfield were at the time listed on Global spam watchdog Spamhaus.org as a top 200 known spam operation
• Prior to commencement of the enforcement provisions of the Act in April 2004, ACMA wrote to over 200 businesses to ensure they were aware of the requirements of the Act
• BSA / Mansfield received one of those advisory letters• BSA / Mansfield responded stating that they complied
with the Act
Business Seminars Australia / Wayne Mansfield
• Formal complaints and reports of spam from Business Seminars Australia and co trading company Maverick Partnership were lodged both before and after the commencement of the Act
• An investigation was commenced• Examination of emails identified that they were
clearly ‘commercial electronic messages as defined under the Act as they were advertising either business seminars or products sold by the company
The Investigation – in general
The investigation was resource and time consuming:• Witnesses were spread throughout Australia• Mansfield had previously taken court action against
an Anti Spammer –which Mansfield lost – but witnesses were reluctant to give evidence against him
• Complainant’s would often only forward one complaint of hundred’s that they received because ACMA did not have a user friendly reporting method– Now SpamMATTERS available for multiple reports
The Investigation – continued
• Being new legislation, it was important to ensure that the strongest possible case was presented
• This meant that on a number of occasions witnesses made three and four statements to update further UCEM that they received
• Mansfield was the Sole Director of Clarity1, the parent company of Business Seminars Australia and Maverick Partnership
The UCEM sent by Mansfield
Common traits of messages sent by Mansfield included• The use of a different yahoo.com or yahoo.com.au for
each email campaign• Different subject lines for each email• Often unsubscribe addresses that directed back to
servers overseas - often in China
The UCEM sent by Mansfield
• IP addresses not consistent with the alleged senders – Mansfield claims ‘rotating IP addresses’– ACMA believes compromised machines were used
• Whilst the content of the email clearly identified the sender, that was only apparent when the email was opened
• The use of different yahoo addresses prevented the recipients blocking particular email address
• The yahoo addresses were all registered by Mansfield but under vague details
The Investigation – BSA
• Formal notices under s.522 of Telecommunications Act 1997 were issued for BSA / WM to attend and produce documents in October 2004
Why section 522 Notices and not Search Warrants?
• Tactical decision made between investigators and legal. Neither way was right or wrong. Search Warrant had no power to require the answering of questions, wherein section 522 Notices did
Standard of Proof
• As the penalties were ‘civil’ penalties, the required standard of proof was ‘on the balance of probabilities’
• Investigators from commencement of investigation aimed for the higher criminal standard of ‘beyond reasonable doubt’ as far as possible
The section 522 process
• Service of notices were on both the company and the individual to maintain control of the process
• Notices had extensive requirement to produce documents including financial records
• Mansfield was totally co-operative during the interview, conducted in presence of his solicitor
• AMCA also had Legal Representative present• Interview conducted on triple deck simultaneous
recorder to ensure accuracy and expediency• Respondent given copy of tapes after interview
Referral to Australian Government Solicitor (AGS)• Brief of evidence reviewed by In-house legal team
and then referred to AGS in Perth• Complaints still continued to come in even after the
formal section 522 interview• AGS, in-house legal and investigators decided
because the breaches were ongoing to obtain search warrants under the Telecommunications Act
• Services of an external forensic investigation company was obtained to conduct the imaging of the computers and forensic analysis
Execution of Search Warrant
• Search warrant conducted in April 2005 on business premises of Clarity1 and Mansfield’s home address
• Mansfield present during search at business premises• Approximately 300 gb of data was imaged by the
forensic specialists from about 13 computers• Forensic investigators also accessed computer servers
run by Mansfield overseas under the powers of a Section 547J Telecommunications Act Access Order and took a snapshot of the contents of the sites
Prosecution of case - timelines
• July 2005 - Federal Court in Perth granted interim injunction
• August 2005 – Court granted interlocutory injunction• December 2005 – matter listed for two day hearing• Respondent requested adjournment at last moment as
he wanted to cross examine all ACMA witnesses and produce witnesses of his own. He also advised the court that his partner in the business was recovering from surgery and would not have sufficient time
Prosecution of case - timelines
• Court allowed adjournment till February 2006• Mansfield to lodge his witness affidavits by end of
December• Mansfield lodged nine affidavits with 8 basically
advising that whilst they did not give permission originally, they have attended his seminars or made a purchase of his products
Court Case
• Mansfield represented himself and Clarity1• Australian Govt. Solicitor represented ACMA• All ACMA witnesses gave evidence and were subject
to cross examination• Evidence given from witness box, by Video link for
most interstate witnesses, and one country Victoria witness by telephone conference
Court Case - continued
Defence relied on • ‘inferred consent’ particularly as witnesses had ‘conspicuously
displayed’ their email addresses on the web• Mansfield had obtained their address prior to commencement
of Act and had sent the recipients email telling them that if they did not wish to receive his mail to unsubscribe
• Mansfield lodged 8 of 9 affidavits into evidence and not objected to as they confirmed ACMA’s view of the law
Court Case - continued
• ACMA wished to examine one defence witness, previously Clarity1 System Administrator whom WM lodged an affidavit for. As WM was unable/declined to produce the witness the evidence in the affidavit was not admitted
• At conclusion of hearing Judge directed that written final submissions were to be lodged by both parties
• Note – The judge did indicate to Mansfield that normally he required final submissions at the conclusion of the evidence but as he represented himself, he decided on written submissions to give the respondent Mansfield time to prepare his submission
Determination of Court
On 13 April 2006, the Federal Court handed down the decision
Key Points• Both C1 and WM were in breach of both s.16
(sending UCEM) and s.21(use of harvested address lists)
• The judge found that in the respondent’s submissions there were a lot of assertions not based on any evidence by the respondent
Determination of Court - continued
• The legislation is OPT IN and respondent could not require a person to opt out
• The respondent sought to show consent by inference, but no evidence to support such inference
Awaiting Penalty decision
• The applicant and respondent have lodged their submissions on penalty (June 2006)
• There is a clear gap between what both parties believe is an appropriate penalty
• For a first offence for a business entity, the possible penalty can be up to $220,000 per day
• The Federal Court (as of 12 September 2006) is still to hand down their decision on penalty
