Macquarie Journal of Business Law
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Macquarie Journal of Business Law |
|
PHILIP RELF[*]
Recently, Australia’s largest Internet Service Provider, BigPond, put out a press release stating that even though its spam filters were rejecting six million spam or virus-infected emails every day, it needed to boost its capability.[1]. A few weeks later, a man was arrested in the United States of America for allegedly sending one billion spam messages to AOL subscribers relating to online pharmacies.[2] Just a few years ago, no one could have envisaged the drastic effect spam would have, not just on the lives of those working within the Information Technology industry but on most of us, either at home or work, that use a computer connected to the Internet.
This paper takes an in-depth look at Australia’s new anti-spam legislation and seeks to clarify what the legislation means. Australia, like the rest of the world, failed to realise the huge implications of billions of unwanted electronic messages circulating the information highway. In fact, just as motoring highways become clogged up with too much traffic, so to has the information highway. The only saving grace is that the information highway can be extended to cope with extra traffic far more easily and at significantly less cost than its physical counterpart. Nevertheless, it all costs money, and the cost of wasted time, also in the billions of dollars, is now of such significant concern that governments around the world are about to act.
The Spam Act 2003[3] (‘Act’) came into full force in Australia on 10 April 2004. It is a federal Act of parliament and the culmination of five years of research and debate by government, government agencies and numerous industry bodies.
At the time of writing (July 2005) there has been no judicial consideration of alleged breaches of the Act.[4] There is therefore a distinct lack of judicial interpretation into certain provisions of the Act[5] and, as a result, this paper is essentially based upon the Act[6] itself, the second reading of the Spam Bill and the Bill’s Explanatory Memorandum, together with research and material from government agencies and other commentators, all of which have been appropriately cited.
That is not to say that the legislation has not yet had an effect. Several companies have had infringement notices issued against them, several undertakings are in effect and a Western Australian company has had computers seized as a result of the execution of a search warrant and is awaiting a hearing in the Perth Federal Court.
But despite the lack of judicial interpretation, the Act[7] is well drafted, succinct and extraordinarily clear in all but two areas. These two areas relate to the extended usage of the words ‘commercial’ and ‘consent’, which are examined in detail further in the paper.
The Act[8] has been introduced to enhance business efficacy, which is without question a worthy purpose, but it is the actual result of the legislation that far outweighs the underlying intent of its introduction. It is clearly easy to be critical, especially as the basis of the effectiveness of the legislation is its linking to the legislation of like minded States by treaty. South Korea was the first country to enter into a treaty with Australia to control spam and other Memorandums of Understanding have also been entered into. The success of the Act[9] therefore can be measured, to a certain extent, by the number of States that join with Australia to protect themselves against spam.
Most people think of spam as a reference to bulk messaging. However, spam can be a single, unsolicited, commercial electronic message.
The Act[10] makes no reference to spam constituting bulk messages. In fact, the Act[11] fails to define spam at all. Instead, the Act[12] refers to spam as ‘unsolicited, commercial, electronic messaging’.[13] ‘Electronic messaging’ includes email, instant messaging, SMS and other mobile phone messaging, but does not cover voice-to-voice communication by telephone or voice to an answering machine via the telephone. Section 6(7) of the Act[14] prescribes that the Regulations[15] may exempt a specific type of electronic message and section 2.1 of the Regulations[16] exempts facsimile messages. It is however not clear if unsolicited commercial electronic messages sent by email via a gateway to a fax machine would be an excluded message for the purpose of the Act,[17] although on the balance of probabilities it is likely that these messages will be excluded from regulation.
To be covered by the Act[18] the message must be commercial in nature – ie, a message offering a commercial transaction or directing the recipient to a location (eg, a website) where a commercial transaction can take place.
There are, of course, large numbers of commercial electronic messages that can be sent legitimately and only those that are sent without the prior consent of the recipient are considered spam.
When electronic messaging first became available it was heralded as an enlightened way for business efficacy. However, the sheer volume of unwanted email and unwanted messages is threatening the viability and efficiency of the entire electronic messaging system.
According to Adam Turner’s article in the Sydney Morning Herald on Tuesday, 17 February 2004,[19] spam will peak at 80% of all emails by 2007 and, in the month of January 2004, spam accounted for 60% of all emails. Turner believes this figure will stay the same until about 2010, at which time technological advancement should introduce systems that will bring about the decline of spam.
According to the National Office for the Information Economies Final Report of the NOIE Review of the spam problem and how it can be counted,[20] a European study in 2001 estimated that the worldwide cost of spam to internet subscribers could be in the vicinity of US$10 billion per year. In the same report, Star Internet, a large Internet Service Provider in the UK estimated that the cost to business in lost productivity as a result of spam is £326 (A$915) per employee each year. Erado’s 2002 white paper on spam, viruses and other unwanted content, estimates that the annual cost of spam per employee in the United States is around US$1,000 per annum. The report goes on to demonstrate that these costs are usually borne by the internet users (and/or employers) through increased download times and lost productivity. Spammers themselves, on the other hand, bear relatively small costs in sending messages.
One last point about the NOIE Final Report[21] is that the assumption is made that the average email is 5 kilobytes – therefore a gigabyte of spam represents over 200,000 individual messages. Based on these estimates, even small ISPs may be receiving more than 4 million spam messages a month, which is quite staggering.
If you could sum up what the Act[22] says in one sentence, it would simply be that unsolicited, commercial electronic messages must not be sent. In other words, commercial messages should only be sent to an address when it is known that the person responsible for that address has consented to receiving a message. In addition, the Act[23] bans address harvesting software and the use of harvested address lists.
The Act[24] requires that in the case of all commercial electronic messages, senders must accurately provide information about themselves and provide a functional way for the message recipient to indicate that he or she no longer wishes to receive messages from that sender in the future – ie, they wish to ‘unsubscribe’.
The Act[25] makes a conscious attempt to include mailing houses, advertising agencies, direct marketing consultancies and other businesses that assist companies with their marketing programs.
The Act[26] is very wide and states that:
Section 16(9)
A person must not:
(a) aid, abet, counsel or procure a contravention of subsection 1 [sending of unsolicited commercial electronic messages] or 6 [message must not be sent to a non-existent electronic address]; or
(b) induce, whether by threats or promises or otherwise, a contravention of subsection 1 or 6; or
(c) be in any way, directly or indirectly, knowingly concerned in, or party to, a contravention of subsection 1 or 6; or
(d) conspire with others to effect a contravention of subsection 1 or 6.
In addition, section 16(1)[27] states that a person must not send or ‘cause to be sent’ a commercial electronic message. It would be harder to find more broad-reaching provisions than these in any Act in Australia.
There is however the exception in section 16(10),[28] that a person does not contravene the ancillary contraventions described above simply because a person supplies a carriage service that enables an electronic message to be sent.
The ancillary contraventions also apply to section 17 of the Act,[29] which deals with the inclusion of accurate sender information in any commercial electronic message.
Section 18[30] (‘Commercial electronic messages must contain a functional unsubscribe facility’) is also worded in such a way that a person must not send or cause to be sent a commercial electronic message that does not include a functional unsubscribe facility. Once again, the ancillary contraventions are present.
The ancillary contraventions are also present when the Act[31] looks at utilising address harvesting software and utilising address lists obtained by address harvesting software.
Section 5 of the Act[32] defines the term electronic message.
The basic definition is that an ‘electronic message’ is a message sent:
(a) using:
(i) an internet carriage service; or
(ii) any other listed carriage service; and
(b) to an electronic address in connection with:
(i) an email account; or
(ii) an instant messaging account; or
(iii) a telephone account; or
(iv) a similar account.
The section goes on to note that email addresses and telephone numbers are examples of electronic addresses. Further notes attest to the fact that it is immaterial whether the electronic address exists or whether the message reaches its intended destination.
Finally, voice calls are noted as excluded messages.
The drafters of the Act[33] attempt to be clear when defining ‘commercial’, which is one of the two areas where the Act[34] starts to become interesting. The other interesting area involves the interpretation of ‘consent’. Section 6 of the Act[35] states that a commercial electronic message is an electronic message where, having regard to:
(a) the content of the message;
(b) the way in the which the message is presented; and
(c) the content that can be located using the links, telephone numbers or contact information (if any) set out in the message,
it would be concluded that the purpose or one of the purposes of the message is:
(d) to offer to supply goods or services; or
(e) to advertise or promote goods or services; or
(f) to advertise or promote a supplier or prospective supplier of goods or services; or
(g) to offer to supply land or any interest in land; or
(h) to advertise or promote etc.
The Act[36] has been drafted extremely broadly and almost every type of commercial element is caught.
The most important ramifications from this section, stated in the Explanatory Memorandum of the Spam Bill 2003[37] (‘EM’), are that:
if an electronic message does not come with any of the above paragraphs (ie, it does not have a commercial element) it will not be covered by this Act[38] even if it may ordinarily be considered to be spam.
For example, a virus that was sent to many electronic addresses which did not have a ‘commercial element’ as set out above, would not be a commercial electronic message for the purposes of the Act.[39] Similarly, an unsolicited message regarding weekend sporting activities which did not come within the above paragraphs would also not be covered by the Act.[40]
The EM[41] goes on to provide examples of commercial electronic messages as including:
Section 6(2) of the Act[42] states that it is immaterial whether the goods, services, land, interest or opportunity even exists.
Subsection 3[43] states that it is immaterial whether it is lawful to acquire the goods, services, land or interest or take up the opportunity. Subsection 4[44] says that the people referred to above may either be the individual or the organisation that sent the message or the person who authorised the sending of the message.
This is perhaps the most difficult part of the Act[45] to interpret.
There are two forms of consent:
(a) express consent from the person you wish to contact – a direct indication that it is acceptable to send the message or messages of a certain nature; and
(b) inferred consent – based on a business or other relationship with the person, and their conduct.
The Act[46] reserves an entire schedule (Schedule 2) for consent. The NOIE publication, Spam Act 2003 – A Practical Guide for Business,[47] is a useful guideline when it comes to the interpretation of this schedule. This publication says that consent may be inferred when the person you wish to contact has not directly instructed you to send them a message, but it is still clear that there is a reasonable expectation that messages will be sent. You may be able to reasonably infer consent after considering both the conduct of the addressee and their relationship with you. For example, if the addressee has an existing relationship with you and has previously provided their address, then it would be reasonable to infer that consent has been provided. Other examples of situations where consent may be inferred are:
(a) when purchasing goods or services, an addressee has provided their electronic address in the general expectation that there will be follow-up communications;
(b) when an addressee has provided their address with the understanding that it would be used in day-to-day transactions (such as on-line banking or business) and may be used for additional communications (eg, notification of related services or products); or
(c) on-line registration of a product warranty.
The NOIE publication states that if a business card was provided for work purposes then it would not be reasonable to infer that the addressee consented to receiving messages from you which are unrelated to their work.
The publication states that in such a case the Act[48] permits commercial electronic messages to be sent to the addressee, if the message relates to the addressee’s published employment function or role. By way of explanation, one would imagine if a plumber advertises his email address, it is not a breach of the Act[49] to send him offers of work or of plumbing supplies. It would, however, be a breach of the Act[50] to send an offer unrelated to the plumber’s work, such as relating to cheap pharmaceuticals. If the published address, however, is accompanied by a statement that it should not be used for such messages, such as utilisation of the phrase ‘no spam’, then it cannot be used to infer consent to a message being sent.
The Act and Schedule 2[51] provide several listed exceptions for sending unsolicited emails after an addressee has ‘conspicuously published’ their email address. These relate to the publishing of an address which enables electronic messages to be sent to:
(a) a particular employee; or
(b) a particular director or officer of an organisation; or
(c) a particular partner in a partnership; or
(d) a particular holder of a statutory or other office; or
(e) a particular self-employed individual; or
(f) an individual from time to time holding, occupying or performing the duties of a particular office or position within the operations of an organisation; or
(g) an individual or group of individuals from time to time performing a particular function, or fulfilling a particular role, within the operation of an organisation.
When a recipient of a message replies to the sender stating that they no longer want to receive any further commercial electronic messages at that electronic address, the withdrawal of consent takes effect at the end of the period of five business days beginning on (if the message was an electronic message) the day on which the message was sent or (if the message was sent by post) the day on which service of the message was effected or, in any other case, the day on which the message was delivered.
The Act[52] has devoted an entire schedule (Schedule 1) to ‘Designated Commercial Electronic Messages’.
There are three forms of designated commercial electronic messages. These are:
An electronic message is a designated Commercial electronic message if:
(a) Where a message consists of no more than factual information (with or without directly related comment) and any or all of the following additional information:
(i) the name, logo and contact details of the individual or organisation who authorised the sending of the message;
(ii) the name and contact details of the author;
(iii) if the author is an employee – the name, logo and contact details of the author’s employer;
(iv) if the author is a partner in a partnership – the name, logo and contact details of the partnership;
(v) if the author is a director or officer of an organisation – the name, logo and contact details of the organisation;
(vi) if the message is sponsored – the name, logo and contact details of the sponsor;
(vii) information required to be included by section 17[53]; and
(viii) information that would have been required to be included by section 18[54] if that section had applied to the message; and
(b) assuming that none of that additional information had been included in the message, the message would not have been a commercial electronic message; and
(c) the message complies with such other conditions as are specified in the Regulations.
In other words, a message is a designated commercial electronic message if it is purely factual and contains details of the sender and, interestingly enough, the name and logo and contact details of any sponsor. This appears to be somewhat of a breakthrough in as much as a purely factual message could incorporate a third party such as a sponsor and their logo and contact details in much the same way as the news or weather is frequently sponsored on the radio or television.
Clause 3 of Schedule 1[55] provides that an electronic message is a ‘designated commercial electronic message’ if the sending of the message is authorised by a government body, a registered political party, a religious organisation or a charity or charitable organisation, the message relates to goods or services, and the body, party or organisation is the supplier, or prospective supplier of the goods or services concerned.
The effect of this provision is that government departments and those other bodies mentioned are excluded from the prohibition on sending unsolicited commercial electronic messages in relation to its goods and services and are also excluded from the requirement to include a functional unsubscribe facility.[56] The purpose of the exclusion is to ensure that there are no unintended restrictions on government to citizen or government to business communications or any restriction on religious or political speech. It should be noted that the exclusions do not apply to individuals acting on their own behalf, for instance, if a minister promoted Tupperware or wines through electronic messaging, this exception simply would not apply. The EM[57] tells us that the relevant test is whether the relevant body authorised the sending of the message.
It should also be noted that the term ‘goods’ is used in this exclusion and, therefore, if a charity sends an electronic message relating to the supply of land then that would fall outside the exception.
One last point worth noting is that the exception only applies if the relevant body is the supplier or prospective supplier of the goods or services concerned. The EM[58] provides the example that the exception would apply where an anti-cancer organisation was promoting their own range of anti-cancer products, but would not apply if that same organisation simply promoted an event for a hamburger or supermarket chain where they received a proportion of the proceeds from a product or event.
Educational institutions are dealt with separately under clause 4 of Schedule 1.[59] ‘Educational institutions’ include pre-schools, primary schools, high schools, colleges, TAFE and universities. To be a designated commercial electronic message the sending of the message must be authorised by the relevant educational institution and the message sent by an educational institution will only come within the exclusion if:
(a) the relevant electronic account holder is, or has been, enrolled as a student in that institution and/or a member or former member of the household of the relevant electronic account-holder is, or has been, enrolled as a student in that institution;
(b) the message relates to goods or services; and
(c) the institution is the supplier, or prospective supplier, of the goods or services concerned.
The exclusion would include messages sent to students or former students regarding school fees, a message sent to families regarding a raffle at the school or a message sent to graduates of an institution regarding an up-coming post-graduate course. However, the EM[60] cites such things as invitations to students to attend a law conference held at a university which is sent to all lawyers, or invitations sent out, perhaps, to a particular postcode rather than to specific former students, would fall outside the exclusion.
It should be pointed out that whilst certain bodies are not subject to the Spam Act,[61] they are subject to the Privacy Act.[62] Where personal information is solicited, the individual from whom the information is solicited must be aware of the purpose for which it is being collected and the people to whom the information is likely to be disclosed. Therefore, if an email address is collected from a person with the intent that the email address is going to be used for the sending of spam, the owners of the email address must have disclosed their email address knowing that it was going to be used for marketing or for the purposes of spam and must have consented to this for it to be legitimate under the Privacy Act.[63] (Political parties and small businesses with a turnover under $3 million per annum are exempted from the Privacy Act.[64])
Section 17 of the Act[65] provides that any commercial electronic message, whether solicited or unsolicited, that has an Australian link,[66] must contain certain information, including information that clearly identifies the individual or organisation that authorised the sending of the message.
The EM[67] states that the purpose of this section is to limit the increasing number of senders of unsolicited commercial electronic messages who purposefully disguise the source of such mail by using false addresses, so as to encourage people to examine the message and prevent people from identifying the real sender. Therefore, as the requirement is to include ‘accurate’ sender information, any sender of a message that uses a ‘spoofing’ technique or a sender who deliberately hides their true identity will be contravening the Act.[68] Note also that the requirement for accurate sender information applies to all commercial electronic messages whether unsolicited or not. Therefore, those ‘designated commercial electronic messages’ which are exempt from the prohibition on sending unsolicited commercial electronic messages are not exempt from this requirement. Those institutions discussed above and senders of factual messages must include accurate sender information. This will ensure that these organisations are clearly accountable for the messages they send and enable the recipient of the message to contact the sender in the case of error or complaint.
It should also be noted that the accurate sender information refers to the organisation that authorised the sending of the message, not the mailing house or marketing consultancy that actually pushed the ‘send’ button.
The sender information must include information that accurately identifies an individual, such as the person’s correct name, or, if the sender is an organisation, the sender information would include that organisation’s Australian Business Number if it had one. The information must also include accurate information about how the recipient can readily contact the individual or organisation that sent the message. This could include a physical or virtual address.
Section 18 of the Act[69] prescribes that commercial electronic messages must contain a functional unsubscribe facility.
The section applies to all commercial electronic messages except ‘designated commercial electronic messages’ that have an Australian link. The purpose of this section is to ensure that recipients have the ability to choose whether they want to receive future correspondence from a sender or not.
Once again, the functional unsubscribe facility applies to the person who authorised the sending of the message, not the entity that actually pushed the ‘send’ button.
Examples of a functional unsubscribe facility would include a statement saying that ‘If you no longer want to receive notification, simply reply to this email with unsubscribe in the heading’ or ‘If you no longer want to receive these messages, please hit the unsubscribe button below’. In the case of an SMS message, the unsubscribe facility would simply say ‘If you no longer wish to receive messages from us, please contact us at this phone number or go to xyz website’.
It is a requirement that the statement is presented in a clear and conspicuous manner and a small statement hidden in the depths of a message would not satisfy this requirement.
Further, the electronic address given to unsubscribe to must be capable of receiving the unsubscribe messages for at least 30 days after the last commercial electronic message is sent. The EM[70] tells us this provision is intended to ensure that senders of messages do not avoid this requirement by constantly changing addresses. The electronic address must also have the capacity to deal with the number of possible recipients wishing to unsubscribe.
The concept of an ‘Australian link’ is crucial to the Act.[71]
The entire Act[72] only covers:
(a) commercial electronic messages originating in Australia and sent to any destination; and
(b) commercial electronic messages originating overseas and being sent to an Australian destination.
The link can be satisfied according to:
(c) where the message originates from, either through the person actually sending the message or the person authorising the sending; or
(d) where the message is accessed.
In other words, if the message originates in Australia, or the message sender or the person who authorised the sending is physically present in Australia when the message is sent, or the organisation’s central management and control is in Australia, or the server or local computer is in Australia from which the message is accessed, there is an Australian link.
The Act[73] provides several major defences including:
(a) consent;
(b) lack of an Australian link;
(c) mistake; and
(d) infringement of freedom of political communication.
Clearly, it would be a defence to say that the recipient had consented to the sender sending the message. However, as we have previously discussed, whether consent has truly been obtained is sometimes a difficult question to answer. As a result, it is by virtue of section 16(5)[74] that the sender of the message bears the evidential burden in proving they had consent from the recipient. The EM[75] tells us that the evidential burden requires the sender to adduce evidence that suggests a real possibility that consent was obtained. From a technical point of view, it should be necessary for the defendant to bear the initial burden in relation to proving consent, as they will have the relevant evidence showing consent from the relevant account holder. If the burden rested with the prosecution, the prosecution would have to prove a negative fact, ie, that there was not consent. This may only be possible where the relevant account holder has specifically withdrawn consent, or has requested no such messages.
It is also a defence if the sender did not know or could not have reasonably ascertained that the message had an Australian link. Therefore, if the email message was sent to a domain other than an Australian domain but was redirected to the recipient in Australia, the sender could not possibly have known, unless they had been informed, that the recipient was in fact in Australia. The same applies to SMS messages where the sender did not use a ‘61’ prefix and the message has simply been diverted from another location.
Interestingly, the requirement for an Australian link is important as far as mailing houses and marketing consultancies are concerned. With regard to this provision, the third party cannot rely on a statement from the person authorising the message. It simply would not be sufficient to avoid a breach to rely on the person who has authorised the sending asserting that none of the messages had an Australian link.
With regard to mistake, the most common mistake would simply be a mistyping of the recipient’s email address. Once again, the evidential burden of proving the mistake would rest with the sender.
Finally, the defence of infringement of freedom on political communication has been addressed previously by the discussion on designated commercial electronic messages. There could, clearly, be grey areas when it comes to determining a political communication or a communication from a religious or charitable organisation and this is where this defence would come into play.
Part 3 of the Act[76] provides rules about address harvesting software and the use of harvested address lists. The real target of this section is the use of address harvesting for ‘dictionary attacks’.
Section 19 of the Act[77] simply states that:
address harvesting software must not be supplied, acquired or used; and
an electronic address list produced using address harvesting software must not be supplied, acquired or used.
Evidently the provisions are broad reaching.
The Act[78] defines ‘address harvesting’ software as software that is specifically designed or marketed for use for:
(a) searching the internet for electronic addresses; and
(b) collecting, compiling or otherwise harvesting those electronic addresses.
A ‘harvest address list’ is defined in the Act[79] as:
(c) a list of electronic addresses; or
(d) a collection of electronic addresses; or
(e) a compilation of electronic addresses,
where the production of the list, collection or compilation is, to any extent, directly or indirectly attributable to the use of address harvesting software.
It should be noted that section 20 of the Act[80] is specifically aimed, once again, at direct marketing facilitators by bringing the right to use an address harvested list within the Act.[81]
Just as there is a requirement for an Australian link in respect of unsolicited commercial messages before the Act[82] applies, an Australian link is required before the Act[83] is applicable to the address harvesting provisions. An Australian link is established if the supplier is:
(a) an individual present in Australia at the time of supply or offer; or
(b) a body corporate or partnership that carries on business or activities in Australia at the time of the supply or offer; or
the customer is:
(c) an individual who is present in Australia at the time of the supply or offer; or
(d) a body corporate or partnership that carries on business or activities in Australia at the time of the supply or offer.
There is a provision in the Act[84] that a person will not contravene the Act[85] where they supply address harvesting software or harvested address lists, where the supplier has no reason to suspect that they will be used for spamming. In these circumstances, it is the prosecution that are required to prove this element.
The Australian Communications and Media Authority (the ‘ACMA’), formally the Australian Communications Authority, is the regulatory body charged with the administration and enforcement of the legislation, and it has many options open to it to enforce the Act.[86]
The ACMA may choose to simply issue a formal warning in cases where the breach is perhaps totally unintended and of little consequence.
Part 6 of the Act[87] enables the ACMA to accept formal administrative undertakings in appropriate circumstances rather than institute proceedings under Part 4 of the Act.[88] The ACMA is not precluded from taking action as well as obtaining an enforceable undertaking or pursuing the matter in court after an enforceable undertaking has been broken. However, it is likely that in most cases the ACMA will accept an undertaking instead of instituting proceedings. The enforceable undertaking provisions relate to both commercial electronic messages and address harvesting software and lists.
An example might be that the ACMA would accept an undertaking from a person that the person will not send any further unsolicited commercial electronic messages, that they will implement (or rectify) an appropriate unsubscribe facility or that they will verify their contact address database to eliminate addresses that may have been included from past harvesting activities.
If the person breaches an undertaking then the ACMA may apply to the Federal Court for an order. The Court may then:
(a) direct the person to comply with the terms of the undertaking;
(b) direct the person to pay the Commonwealth an amount up to the amount of any financial benefit the person has obtained;
(c) direct the person to compensate any other person who has suffered loss or damage as a result of the breach;
(d) any other order the Court considers appropriate.
In assessing the compensation for breach of an undertaking, the Federal Court may take into consideration the loss or damage attributed to the ability to carry on business, reputation and lost opportunities.
Part 5 of the Act[89] enables the Federal Court to grant injunctions in relation to a contravention. This part is based on Part 30 of the Telecommunications Act.[90] Injunctions are available for offences in relation to the sending of unsolicited commercial electronic messages or address harvesting software and address harvested lists.
Both positive and negative injunctions are possible. In other words, the Federal Court has the jurisdiction to grant an injunction restraining a person from engaging in certain conduct or, if in the Court’s opinion it is a better option, the Court will require a person to actively do something. The circumstances where injunctions would normally be granted would be in the case where the ACMA wished not only to require an order for payment of a penalty for a breach, but also sought an order which should prevent a person from contravening the provision in the future. An injunction may also be sought instead of a prosecution. For example, an injunction may be granted if the ACMA is of the view that a person has been involved in a minor breach of the Act[91] and wished to ensure they do not do so in the future.
There is also the provision in the Act[92] for the Federal Court to grant an interim injunction before the Court considers an application for a full injunction. The Federal Court, however, will not be able to require an applicant for an injunction under section 32, as a condition of granting an interim injunction, to give any undertakings as to damages.
Where the matter does go to court, the courts are able to impose very substantial fines. In the case of a body corporate, the maximum daily penalty is $1.1 million where the body corporate has a prior record for breaching the prohibition on sending unsolicited commercial electronic messages. For breaching the requirement to include accurate sender information or to include a functional unsubscribe facility or breaching the prohibition relating to address harvesting software, the penalty is a maximum daily penalty of $550,000.
Where the body corporate has no prior record, the corresponding figures are $220,000 and $110,000.
In the case of an individual, the maximum daily penalty is $220,000 for breaching the prohibition on sending unsolicited commercial electronic messages and $110,000 for breaching the requirement to include accurate sender information, a functional unsubscribe facility or breaching the prohibition on the use of address harvesting lists and software.
Where the individual has no prior record the daily amounts are $44,000 and $22,000 respectively.
Section 28 of the Act[93] enables the ACMA or a person who has suffered loss or damage as a result of contravention of a civil penalty provision to apply to the Federal Court for an order directing a person who has been found to have contravened the civil penalty provision to compensate a victim if the Court is satisfied that the victim has suffered loss or damage as a result of the contravention.
In those circumstances the Court must have regard to:
The compensation provisions are broad and the Court may take many matters into consideration. The Court could, for instance, take into consideration both the immediate costs the business has had to incur in dealing with being spammed, such as the time taken to delete messages, and the less common but potentially more serious circumstances such as where the volume of spam has prevented or degraded the ability of a business to function efficiently, potentially degrading their reputation.
There is, however, a six-year period of limitation in bringing the action from the date the damage occurred.
Section 29 of the Act[94] enables the Commonwealth to recover the financial benefits that a person has received as a result of a contravention of one or more of the civil penalty provisions. For example, if a person has received a financial benefit in the order of $1,000 from persons responding to a scam which the person has sent in contravention of section 16, then the Court may order that person to pay up to $1,000 to the Commonwealth. The order may be made on the application of the ACMA.
The Spam (Consequential Amendments) Act 2003[95] was introduced to Parliament at the same time as the Spam Act 2003[96] as an accompanying act. The Spam Act[97] contains measures designed to minimise Australia as a source of spam and minimise the receipt of spam for Australian end users and it contains quite severe civil penalties which are designed to enforce the Act.[98] The Spam (Consequential Amendments) Act[99] makes various amendments to the Telecommunications Act 1997[100] and the Australian Communications Authority Act 1997[101] to enable the ACMA to investigate and enforce the Spam Act[102] and to enable the development of relevant industry codes and standards relating to commercial electronic messages.
The ACMA has the power under the amended Telecommunications Act[103] to require an industry code to be developed. Failing the development of an industry code, the ACMA may, of its own volition, establish ‘standards’ which may be imposed upon those it deems necessary.
There is always a tention in Australia’s ‘free market’ environment between the promotion of free trade and a deregulated environment with the requirement for ethical considerations. Up until the 1960s and particularly in the 1960s, businesses in Australia had developed in such a way that commercial outcomes satisfactory to the shareholders were obtained almost at any cost. The Trade Practices Act[104] was introduced to enforce a certain level of ethical behaviour. In a way it supplanted and exceeded the powers of the relevant State based Sales of Goods Acts and brought home to businesses the fact that whilst successful outcomes are encouraged, and indeed required, these must not be obtained at the expense of individual consumers.
Today we have seen almost the same situation arise with issues relating to corporate governance. The Corporations Act[105] has until recently been unable to control from an ethical or moral standpoint the enormous tensions that directors have between controlling the businesses that they run and producing results satisfactory to the shareholders so as to maintain their employment. In a way this tension between business outcomes and ethical and moral behaviour has brought to the forefront the need for the control of spam.
In a free market society businesses are encouraged to advertise (subject to advertising standards) and market their products (subject to the trade practices and other acts) and one of the ways which businesses have found to be an effective and relatively inexpensive form of marketing has been through the use of commercial messaging. As a result, the government introduced the Spam Act.[106] However, the Spam Act[107] by itself is fairly general in its approach to certain aspects of its regulation and further clarification is no doubt required.
The ACMA has for some time been the regulatory body enforcing telecommunications in Australia. Now, following the amendments to the Telecommunications Act[108] by the Spam (Consequential Amendments) Act[109] a code has been developed which will regulate the ‘e‑marketing’ industry.
The amended Telecommunications Act[110] defines an e‑marketing activity that (paraphrased):
(a) is carried on by a person under contract or arrangement (other than a contract of employment); and
(b) consists of using commercial electronic messages:
(i) to market, advertise or promote goods or services, interests in land, business opportunities, where the first person is not the provider or prospective provider;
(c) consists of using commercial electronic messages to market, advertise or promote goods or services and:
(i) the person is the supplier or prospective supplier of the goods or services; and
(ii) the activity is the sole or principal means of marketing, advertising or promoting the goods or services.
It can be seen that the Spam (Consequential Amendments) Act,[111] in amending the Telecommunications Act,[112] will essentially regulate e‑marketing activities through a code. The amended Telecommunications Act[113] states that as soon as the code is ‘registered’ with the ACMA it may be enforced with the full force of the law.
The ACMA requested the Australian Direct Marketing Association to call together relevant industry bodies to formulate such a code, which it did and the code is now registered with the ACMA.[114]
These industry bodies included Qantas, the Australian Communications Authority, the Advertising Federation of Australia, the Australian Consumers Association, the Internet Industry Association, the Australian Competition and Consumer Commission, the Australian Retailers Association, the US E‑mail Marketing Association, the Office of the Information Economy and to some extent, the Australian Association of National Advertisers together with others.
The code, without doubt, provides additional clarity to the interpretation of the Act.[115] It consists of code rules, guidelines and a series of examples. The code goes further than the Act[116] and at the time of deliberation there was debate as to whether the code should include a ‘double opt-in’ requirement. Under a double opt-in requirement, a message originator would send confirmation to, a recipient following that recipient’s choice of opting in to receiving emails from a message originator. As we have seen, the requirement of the Act[117] is that a recipient opts-in or chooses to receive electronic messages from a message originator by advising the message originator of his or her intention or willingness to receive messages. The double opt-in standard requires a reply from the message originator confirming that the recipient has opted in. This double opt-in methodology is now incorporated within the code as an example of ensuring that express consent is obtained.
The code also provides clarity as to what constitutes ‘consent’, which is a difficult issue. This is not so much the case with express consent, but it is certainly the case with inferred consent and the code clarifies many issues regarding inferred consent. The Act[118] has been deliberately vague in terms of inferred consent, particularly when it comes to timing. Schedule 2 of the Act[119] states that consent that can be reasonably inferred from:
(a) the conduct; and
(b) the business and other relationships,
of the individual or organisation concerned.
This gives no indication of what sort of business relationship, the length of time it should be in existence, whether it should be on-going or, indeed, whether a relationship by its very nature must be on-going. The code aims to clarify this position with several relevant examples.
One question that at this stage cannot be answered, and probably will not be able to be answered until there has been some judicial clarification, is in relation to the purchase of goods. In a situation where a consumer has purchased either goods or services and, at the time of purchase, was required to provide an electronic address, can the provider of the goods or services infer consent as a result of the consumer’s purchase? Clearly there was a business relationship when the consumer made the purchase, but the Act[120] is silent on whether that relationship terminated the moment the consumer took possession of the goods or services. The Act[121] is helpful and does provide examples in relation to the purchase of computer software where there is an on-going requirement or expectation of software support, or perhaps the purchase of a motor vehicle where there may be subsequent recalls or notifications about service matters. However, in the day-to-day purchase of consumer goods where the provision of electronic addresses is becoming more commonplace, the Act[122] remains silent.
In research for this paper I have spent considerable time in discussions with the legal team at the ACMA and one of the problems the committee preparing the code faced was whether or not it should have introduced more onerous requirements in the code than appear in the Act.[123] It would, however, be much clearer for the code to stipulate a time, for example six months or three months or a period between one month and 12 months depending on the type of purchase, with perhaps a schedule of types of purchases, but this would mean that the code would extend beyond the scope of the Act[124] which was not the intention of the ACMA in requiring the code.
Another consideration that the committee deliberated on was the reference in the Act[125] to a ‘relevant electronic account holder’. This is important when it comes to giving consent, withdrawing consent or making an express statement denying inferred consent. The Act[126] states that these actions may be undertaken ‘by the relevant account holder’ or by ‘another person using the relevant account to send a message’. The question arises as to who is the relevant account holder. Whilst the Act[127] defines the relevant account holder, it defines it as meaning, in terms of e‑mail, ‘the individual or organisation who is responsible for the relevant account’. The problem that is posed to an organisation perhaps with two or three hundred staff members each with individual email addresses is whether an individual user is the relevant electronic account holder or whether that person is a member of the IT department. Perhaps it could even be the CEO or some other individual within the organisation. The question that arises in terms of consent is whether an individual can give consent on behalf of the entire company, or whether the individual can give consent only on behalf of his or herself. The question also applies in reverse as to whether a single member, perhaps a director of a company, who no doubt has the authority as far as the management of the company is concerned, has the authority to withdraw consent for all employees within the company when individual employees may have given individual consent.
A further matter addressed by the code is, as we have considered earlier, the meaning of the word ‘commercial’. In this regard the Act[128] and the EM appear to be inconsistent. Section 6 of the Act[129] appears fairly clear on the meaning of commercial and Schedule 1 deals with designated commercial electronic messages. In the case of a factual message, which we have seen falls within the definition of designated commercial electronic messages, the EM states that ‘clause 2 of Schedule 1 provides that an electronic message is a designated commercial electronic message if the message consists of no more than factual information with certain specified additional information’. It goes on to say that
this provision is designed to ensure that messages which may be seen to have some form of commercial element, but which are primarily aimed at provided factual information are not covered by the rules relating to commercial electronic messages.
This clearly suggests that where a message originator is sending a purely factual electronic message, a certain commercial element is allowed.
When reviewing Schedule 1 of the Act[130] there is no mention of any allowable commercial element. If a message consists of no more that factual information (with or without directly-related comment and any name, logo, contact details, sponsorship and any other information required by the Act[131] itself, the message is a designated message and will not be considered spam. The drafters of the code, therefore, had a difficult task in reconciling this apparent inconsistency between the EM and the Act.[132] Clearly, the EM is a guide only, although frequently referred to within the judicial arena for the purposes of interpretation.
The ACMA requested that this new code also included rules and guidelines covering e‑marketing to children. The Act[133] makes no reference to children and does not differentiate between spam to adults or children. Nevertheless, from an ethical point of view, marketing to children has recently come under the spotlight and has been criticised in several situations. The code, in relation to children, requires reasonable steps to be taken by a message originator to ensure that age-sensitive content is only sent to those who can legally use it. There are already in existence several codes relating to advertising to children, in particular, the Australian Association of National Advertisers code which is a self-regulatory code, although clearly overseen by the Advertising Standards Board. It is important to note with regard to this code that messaging to children will be covered by the law, as this code has been registered under the Telecommunications Act.[134]
Finally, the code deals with complaints. Whilst the Act[135] has a system of formal undertakings, infringement notices and the ability to bring matters to a hearing before a court, it fails to deal with any procedures relating to complaints. Under the Act[136] all actions must be initiated by the ACMA and that authority encourages individuals who have been subjected to spam to report it. The code requires that any message originator must comply with the Australian Standard 4269 which in itself requires that accurate records are kept and correspondence relating to complaints and details of remedial action are all maintained for a minimum of six months after the resolution of the complaint. This complaints handling mechanism enables companies to immediately take steps to remedy a situation and compensate a recipient of spam if necessary. In conversations with the ACMA, I infer that where message originators breach, in particular the code, but possibly also the Act[137] for the first time, the ACMA will be lenient where it believes that any breach has been unintentional. Perhaps in these circumstances, the ACMA will issue a formal warning and seek an undertaking from the message originator that it will not breach the Act[138] or code in the same way another time.
The Unites States has recently enacted the CAN-SPAM Act[139] which went into effect on 1 January 2004 as a federal act. This act was considered by some to have ‘rushed through’ congress to overtake proposed legislation that the Californian government was about to enact. The Californian act had more similarities to the Australian legislation than its federal counterpart and was considered tougher than the CAN-SPAM Act.[140] The US Government however wanted federal legislation as oppose to a myriad of state based acts with similar but not identical provisions. The federal legislation is enforced by the Federal Trade Commission (‘FTC’) in conjunction with the Justice Department and the state attorneys general and already the FTC has filed civil charges against a US based company, Phoenix Avatar and its officers for sending illegal spam selling bogus diet patches.
Unlike the Australian legislation, the US legislation carries criminal penalties of up to five years imprisonment and makes it a felony to use falsehood and deception to hide the origin of spam messages hawking fraudulent wares. In another case the FTC filed a civil action against an Australian company called Global Web Productions. This company allegedly sent 400,000 emails advertising diet patches and so called human growth hormone products that were purported to maintain a user’s appearance and ‘current biological age’ for 10 years. The products were found to have no hormone content and were of absolutely no use for the purpose for which it was claimed.[141] From these two cases it appears that the FTC is targeting spammers who attempt to sell bogus products. In Australia, the Act[142] by itself would not be able to achieve the same result although it would be quite conceivable if the ACMA worked in co-operation with the Australian Competition and Consumer Commission to obtain such a conviction.
There is another substantial difference between the two pieces of legislation. The Australian legislation is referred to as ‘opt-in’ legislation which, as explained previously, means that unsolicited commercial messages must not be sent without prior consent (expressed or implied). Each message sent also requires the sender to include a functional unsubscribe facility. However, the US legislation is known as ‘opt-out’ legislation which means that commercial electronic messages may be sent and continued to be sent until such time as the recipient advises the sender that he or she no longer wishes to receive the messages.
The US legislation has also mandated that a register be maintained with email addresses of entities and individuals that do not wish to receive any unsolicited messages at all. Once a recipient’s email address is placed on the register it is a strict liability offence for a message originator to send unsolicited messages to that address.
Finally, the US legislation requires the conspicuous labelling of sexually oriented material which is not a requirement of the Australian legislation.
In Europe the situation is far from clear. A study undertaken by the Institute of Information Law at the University of Amsterdam has revealed that the European anti-spam legislation, the Directive on Privacy and Electronic Communications (‘Directive 58’), has failed to deliver results. Directive 58 set a deadline of 31 October 2003 for each member state of the EU to adopt the EU anti-spam legislation. However only six countries have done so and Sweden is now in the process of introducing the legislation. A final warning has been sent to France, Belgium, Luxembourg, Germany, Finland, Greece, the Netherlands and Portugal and failure to respond within two months could mean that the European Court of Justice imposes fines on these states.
Directive 58 is slightly wider than the Australian legislation and sets EU-wide rules for the protection of privacy and personal data in mobile and fixed communications, including the Internet. Similar to the Australian legislation, it bans unsolicited email, or spam, throughout the EU but differently, it sets rules for installing cookies on users’ personal computers. Cookies are small files sent by a Web server and stored in a Web browser. They can be used to record browsing preferences or identify the visitor to the site which sent them. The Commission has stated that ‘this law is vital in that it will strengthen consumer confidence in e-commerce and electronic services’.
Regarding spam, the legal obligations in Directive 58 have been complemented by a series of actions to help enforce the EU ban on spam, presented in a Communication adopted in January. These actions focus on effective enforcement by member states, technical and self-regulatory solutions by industry, consumer awareness, and international cooperation. Regrettably, it appears that even after putting signatures to the EU legislation, the member states have now discounted its priority.
The EU legislation, like the Australian legislation is based on an ‘opt-in’ system which means that unsolicited commercial electronic messages must not be sent without prior consent. The EU legislation goes further in that it also deals with privacy and the length of time messages can be kept. In keeping with the US legislation, Directive 58 calls for a ‘do-not-spam’ register and requires message originators to cross check this list prior to sending a message. Subscribers to mailing lists must also be informed of the purposes of any published directory that includes their private information available for public use and subscribers may be able to withdraw from any directory free of charge. One of the main stumbling blocks is that many EU states maintain an ‘opt-out’ policy and powerful marketing lobby groups of substantial businesses are objecting to the changes as they fear it will impact on their sales and access to an inexpensive marketing medium.
It is clearly too early to tell whether any of the legislation will have much of an impact on the physical delivery of spam to or within Australia. It is accepted that the US is the largest producer of spam in the world and there is little that individual victims of US and overseas originating spam can do to lessen the onslaught, other than to implement an anti-spam strategy on their computer system, such as the use of mail filters and anti-spam software.
However, South Korea is also one of the world’s biggest producers of spam and Australia and South Korea are now parties to a treaty to enforce domestic spam legislation. This has been heralded as a major breakthrough in the fight against spam and a massive ‘win’ for the ACMA in its mission to produce real results that can be identified. There are also other Memorandums of Understanding in place with other countries including both the UK and the USA. The ACMA is also in talks with other countries and as soon as treaties are in place with a substantial number of spam producing countries so that a global legislative network exists, Australian recipients of spam will see substantial reductions in the amount of spam that they receive. Time will tell, but the initiative of the Australian government and the quality of the legislation itself puts Australia at the forefront of the world’s movement against spam.
[*] MComLaw, solicitor with Dibbs Abbott Stillman.
[1] Iain Ferguson, BigPond Rejects Six Million Spam E-mails a Day (2005) ZDNet Australia, <www.zdnet.com.au/news/security/0.2000061744,39191475,00.htm> 19 July 2005.
[2] Dawn Kawamoto, Suspected Spam King to Appear in Court (2005) ZDNet Australia, <www.zdnet.com.au/news/security/0,2000061744,39201056,00.htm>19 July 2005.
[3] Spam Act 2003 (Cth).
[4] Spam Act 2003 (Cth).
[5] Spam Act 2003 (Cth).
[6] Spam Act 2003 (Cth).
[7] Spam Act 2003 (Cth).
[8] Spam Act 2003 (Cth).
[9] Spam Act 2003 (Cth).
[10] Spam Act 2003 (Cth).
[11] Spam Act 2003 (Cth).
[12] Spam Act 2003 (Cth).
[13] Spam Act 2003 (Cth) s 16.
[14] Spam Act 2003 (Cth).
[15] Spam Regulations 2004 (Cth).
[16] Spam Regulations 2004 (Cth).
[17] Spam Act 2003 (Cth).
[18] Spam Act 2003 (Cth).
[19] Adam Turner, ‘Spam, laborious spam, to stay on the menu’, Sydney Morning Herald, Sydney, 2004, 1.
[20] National Office for the Information Economies, Final Report of the NOIE Review of the Spam Problem and How it can be Counted (2004) 8.
[21] Ibid.
[22] Spam Act 2003 (Cth).
[23] Spam Act 2003 (Cth).
[24] Spam Act 2003 (Cth).
[25] Spam Act 2003 (Cth).
[26] Spam Act 2003 (Cth).
[27] Spam Act 2003 (Cth) s 16(1).
[28] Spam Act 2003 (Cth) s 16(10).
[29] Spam Act 2003 (Cth).
[30] Spam Act 2003 (Cth) s 16(18).
[31] Spam Act 2003 (Cth).
[32] Spam Act 2003 (Cth).
[33] Spam Act 2003 (Cth).
[34] Spam Act 2003 (Cth).
[35] Spam Act 2003 (Cth).
[36] Spam Act 2003 (Cth).
[37] Explanatory Memorandum, Spam Bill 2003 (Cth).
[38] Spam Act 2003 (Cth).
[39] Spam Act 2003 (Cth).
[40] Spam Act 2003 (Cth).
[41] Explanatory Memorandum, Spam Bill 2003 (Cth).
[42] Spam Act 2003 (Cth).
[43] Spam Act 2003 (Cth) s 6(3).
[44] Spam Act 2003 (Cth) s 6(4).
[45] Spam Act 2003 (Cth).
[46] Spam Act 2003 (Cth).
[47] National Office of the Information Economy, Spam Act 2003 – A practical guide for business is a useful guideline (2004).
[48] Spam Act 2003 (Cth).
[49] Spam Act 2003 (Cth).
[50] Spam Act 2003 (Cth).
[51] Spam Act 2003 (Cth).
[52] Spam Act 2003 (Cth).
[53] Spam Act 2003 (Cth) s 17.
[54] Spam Act 2003 (Cth) s 18.
[55] Spam Act 2003 (Cth).
[56] Spam Act 2003 (Cth) s 18.
[57] Explanatory Memorandum, Spam Bill 2003 (Cth).
[58] Ibid.
[59] Spam Act 2003 (Cth).
[60] Explanatory Memorandum, Spam Bill 2003 (Cth).
[61] Spam Act 2003 (Cth).
[62] Privacy Act 1988 (Cth).
[63] Privacy Act 1988 (Cth).
[64] Privacy Act 1988 (Cth).
[65] Spam Act 2003 (Cth).
[66] Spam Act 2003 (Cth) s 7.
[67] Explanatory Memorandum, Spam Bill 2003 (Cth).
[68] Spam Act 2003 (Cth).
[69] Spam Act 2003 (Cth).
[70] Explanatory Memorandum, Spam Bill 2003 (Cth).
[71] Spam Act 2003 (Cth).
[72] Spam Act 2003 (Cth).
[73] Spam Act 2003 (Cth).
[74] Spam Act 2003 (Cth).
[75] Explanatory Memorandum, Spam Bill 2003 (Cth).
[76] Spam Act 2003 (Cth).
[77] Spam Act 2003 (Cth).
[78] Spam Act 2003 (Cth).
[79] Spam Act 2003 (Cth).
[80] Spam Act 2003 (Cth).
[81] Spam Act 2003 (Cth).
[82] Spam Act 2003 (Cth).
[83] Spam Act 2003 (Cth).
[84] Spam Act 2003 (Cth).
[85] Spam Act 2003 (Cth).
[86] Spam Act 2003 (Cth).
[87] Spam Act 2003 (Cth).
[88] Spam Act 2003 (Cth).
[89] Spam Act 2003 (Cth).
[90] Telecommunications Act 1997 (Cth).
[91] Spam Act 2003 (Cth).
[92] Spam Act 2003 (Cth).
[93] Spam Act 2003 (Cth).
[94] Spam Act 2003 (Cth).
[95] Spam (Consequential Amendments) Act 2003 (Cth).
[96] Spam Act 2003 (Cth).
[97] Spam Act 2003 (Cth).
[98] Spam Act 2003 (Cth).
[99] Spam (Consequential Amendments) Act 2003 (Cth).
[100] Telecommunications Act 1997 (Cth).
[101] Australian Communications Authority Act 1997 (Cth).
[102] Spam Act 2003 (Cth).
[103] Telecommunications Act 1997 (Cth).
[104] Trade Practices Act 1974 (Cth).
[105] Corporations Act 2001 (Cth).
[106] Spam Act 2003 (Cth).
[107] Spam Act 2003 (Cth).
[108] Telecommunications Act 1997 (Cth).
[109] Spam (Consequential Amendments) Act 2003 (Cth).
[110] Telecommunications Act 1997 (Cth).
[111] Spam (Consequential Amendments) Act 2003 (Cth).
[112] Telecommunications Act 1997 (Cth).
[113] Telecommunications Act 1997 (Cth).
[114] On 18 March 2005.
[115] Spam Act 2003 (Cth).
[116] Spam Act 2003 (Cth).
[117] Spam Act 2003 (Cth).
[118] Spam Act 2003 (Cth).
[119] Spam Act 2003 (Cth).
[120] Spam Act 2003 (Cth).
[121] Spam Act 2003 (Cth).
[122] Spam Act 2003 (Cth).
[123] Spam Act 2003 (Cth).
[124] Spam Act 2003 (Cth).
[125] Spam Act 2003 (Cth).
[126] Spam Act 2003 (Cth).
[127] Spam Act 2003 (Cth).
[128] Spam Act 2003 (Cth).
[129] Spam Act 2003 (Cth).
[130] Spam Act 2003 (Cth).
[131] Spam Act 2003 (Cth).
[132] Spam Act 2003 (Cth).
[133] Spam Act 2003 (Cth).
[134] Telecommunications Act 1997 (Cth).
[135] Spam Act 2003 (Cth).
[136] Spam Act 2003 (Cth).
[137] Spam Act 2003 (Cth).
[138] Spam Act 2003 (Cth).
[139] CAN-SPAM Act 2003 (USA).
[140] CAN-SPAM Act 2003 (USA).
[141] Net Spammers could be headed for prison, (2004), F2 Network, Australian Financial Review http://afr.com/articles/2004/04/30/108322455200.html 30 April 2004.
[142] Spam Act 2003 (Cth).
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/MqJlBLaw/2005/4.html