29 September 2011

Shrinkage

Last year I noted Vitomir Zepinic, the unsavoury man with a history of fake medical qualifications.

The ABC reports tonight on Dusan Milosevic, a former member of Serbia's secret service who has been jailed for posing as a psychologist.

Milosevic was reportedly paid over $1 million by Australian government agencies for more than 7,000 consultations between 1998 and 2009, including the Transport Accident Commission (TAC) and WorkSafe. His practice appears to have been reflected in at least one case, for example Cvetic v Sakata Rice Snacks Australia Pty Ltd & Cambridge Integrated Services (Vic) Pty Ltd
[2010] VCC 1468.

Gaynor J of the Victorian County Court said that Milosevic used false documents purportedly from the University of Belgrade to register as a psychologist in Victoria and NSW. Milosevic was then employed by WorkSafe and the TAC to counsel people injured in workplace and car accidents, without being qualified to do so. Exposure followed an attempt in 2008 to bill WorkSafe for services he claimed to have provided, despite being overseas at the time.

In August 2010 Worksafe stated that -
WorkSafe and the Transport Accident Commission allege Dusan Milosevic of Carlton, was not qualified to work as a psychologist in Victoria because fake documents were used to register with the Psychologists’ Registration Board in 1998.

The charges arise from his treatment of injured workers and people with injuries suffered in transport incidents.

Mr Milosevic is charged with 323 WorkSafe counts of obtaining property by deception and attempting to obtain property by deception.

The TAC has charged him on 34 counts of obtaining and attempting to obtain property by deception.

The alleged fraud against WorkSafe is $1,138,785.60 and the TAC $56,342.73.

Mr Milosevic has pleaded not guilty to all charges.

Pending a directions hearing in the County Court on 15 October, Mr Milosevic’s passport has been seized and he has been ordered to report to police three times a week as well as pay a $70,000 surety.

Magistrate Luisa Bazzani was told this week that Mr Milosevic’s Bachelors Degree and Masters Degree were fakes and differed on a number of key points with those issued by the University of Belgrade.

The head of student services at the university’s Faculty of Special Education and Rehabilitation, Gordana Sulejmanovic, told the court on Monday that Mr Milosevic’s Bachelors and Masters Degrees were not from her university.

Ms Sulejmanovic, who had worked at the University for 35 years and who was now responsible for issuing documentation confirming student achievements said:
• University records did not show a Dusan Milosevic enrolled at the university or having received Bachelors or Master’s Degree when he claimed to have been there
• key features of the Degrees such as national crests and words were missing;
• signatures of senior university officials were not those of the people in those positions
• special code numbers were incorrect.
Milosevic was considered to have exploited vulnerable patients and shown no remorse in a a "serious and flagrant breach".
The potential for harm in such professional relationships is great, hence the need for regulations.
He pleaded not guilty to two charges of using a false document, one count of obtaining advantage by deception, and 29 of obtaining property by deception. He was sentenced to five years and two months imprisionment, with a 2.5 year non-parole period.

Patent Monetisation

Reading 'The Giants Among Us', a paper by Robin Cooper Feldman & Thomas Ewing regarding 'patent monetisation'.

The authors argue that -
The patent world is undergoing a change of seismic proportions. A small number of entities have been quietly amassing vast treasuries of patents. These are not the typical patent trolls that we have come to expect. Rather, these entities have investors such Apple, Google, Microsoft, Sony, the World Bank, and non-profit institutions. The largest and most secretive of these has accumulated a staggering 30,000-60,000 patents.

Investing thousands of hours of research and using publicly available sources, we have pieced together a detailed picture of these giants and their activities. We consider first the potential positive effects, including facilitating appropriate rewards for forgotten inventors, creating a market to connect innovators with those who can manufacture their inventions, and most important, operating as a form of insurance – something akin to an Anti-Troll defense fund.

We turn next to the potential harmful economic effects, including operating as a tax on current production and facilitating horizontal collusion as well as single firm anticompetitive gamesmanship that can raise a rival’s costs. Most important, we note that mass aggregation may not be an activity that society wants to encourage, given that the successful aggregator is likely to be the one that frightens the greatest number of companies in the most terrifying way.

We argue that mass aggregators have created a new market for monetization of patents. It is vast, rapidly growing, and largely unregulated. We conclude with some normative recommendations, including that proper monitoring and regulation will require a shift in the definition of markets as well as a different view of corporations and their agents.
They argue that -
The market for monetized patents, which has been created through patent aggregators, should be understood as a massive, rapidly growing, and essentially unregulated market. It has grown up quietly, remaining under the radar as early entrants have garnered power and strength. Like any market, however, it should be monitored and regulated, with sovereign entities giving some thought to whether aspects of the market should be encouraged, tolerated, deterred, or outright forbidden.

Competition authorities, such as the Federal Trade Commission and the Department of Justice, are in the best position to address the activities of mass aggregators and the market for patent monetization. Establishing the rules for this market, however, will require a certain amount of reorientation in the conceptualization of innovation markets.

The most natural FTC/DOJ regulatory structures for analyzing the activities of mass aggregators are those in the context of licensing and acquisition activity. In licensing, the Agencies follow a set of basic principles that are applies to intellectual property licensing in general. These principles are that intellectual property is comparable to any other form of property and standard antitrust analysis applies, that intellectual property is not presumed to create market power, and that intellectual property licensing is generally procompetitive. The Agencies believe that problems arise, however, when a licensing arrangement harms competition among entities that would have been actual or likely competitors in the absence of the arrangement.

In analyzing intellectual property licensing agreements, the Agencies consider three basic markets that can be affected by anticompetitive licensing restrictions: goods markets, technology markets, and innovation markets. Goods markets, of course, are those related to final or intermediate goods and their close substitutes. When rights to intellectual property rights are marketed separately from the products in which they are used, the Agencies use technology markets to analyze competitive effects. Technology markets consist of the Intellectual Property that is licensed and its close substitutes.

Finally, licensing arrangements may have competitive effects on innovation that cannot be adequately addressed through goods or technology markets. Thus, the Agencies have identified a third type of market, innovation markets, which is defined as the research and development directed to particular new or improved goods or processes.

The Agencies do have particular guidelines for certain types of arrangements that may be relevant to the activities of mass aggregators, including guidelines on crosslicensing, pooling arrangements, and grant backs. Grant backs are licensing arrangements in which the license holder agrees to give the patent holder rights to any improvements on the invention.

In the case of pooling, for example, the guidelines note that exclusion from pooling arrangements can be anticompetitive if a) excluded firms can’t effectively compete in the relevant market and b) pool participants collectively poses market power in the relevant market. Similarly, grant backs may be found anticompetitive if they substantially reduce the licensee’s incentives to engage in research and development.

One should note, however, that these concerns are analyzed against a backdrop of the Agencies’ perspective that licensing is generally precompetitive.

In a 2011 report on The Evolving Intellectual Property Marketplace, the Federal Trade Commission took notice of increasing activity by what it called, 'patent assertion entities' or 'PAEs' in the information technology industry. In particular, the Agency noted the following:
Some argue that PAEs encourage innovation by compensating inventors, but this argument ignores the fact that invention is only the first step in a long process of innovation. Even if PAEs arguably encourage invention, they can deter innovation by raising costs and risks without making a technological contribution.
The report, however, notes the difficulty in distinguishing patent transactions that harm innovation from those that promote it, and rather than recommending antitrust action proposes various improvements in patent notice and remedies.

Although these are important considerations, a full analysis of the impact of mass aggregators requires identification of a different market. Even when Agencies think about separately marketed intellectual property rights or innovation markets, those categories are grounded in their relationship to a particular product market. Moreover, market power is measured in relationship to that product market.

When patent rights float unmoored from any underlying products on a large-scale, widespread manner such that they are traded and arbitraged, that activity begins to resemble a market of its own. This is the market we have been describing as the market for patent monetization. Viewed from this perspective, an entity could acquire market power in the market for patent monetization without necessarily holding a monopoly in any individual product markets. Considering only product, technology, and innovation markets could miss a fair amount of worrisome activity.

Another way to think about floating patent rights and anticompetitive effects is the following: One may not need a monopoly on patents in a particular product market to create negative effects in that market. Perhaps one simply needs a large enough group of all kinds of patents in combination with tough tactics or even just a reputation for tough tactics.

Moreover, the Agencies may need to reconsider the general principle that licensing is pro-competitive. In the context of a market for intellectual property rights floating separately from invention or production, that general principle may be less applicable. One has to take a much harder look at licensing when it has become such an expansive activity that is separated so far from the activity of introducing new technologies.

The same types of considerations should be used for reorienting the Agencies’ approach to acquisition of intellectual property rights. Section 7 of the Clayton Act requires that certain proposed acquisitions of assets be reported, which is interpreted as including patents. The FTC and DOJ may conduct a preliminary antitrust evaluation and decide whether to take enforcement action. Certain transfers of intellectual property rights and transaction that grant an exclusive license are analyzed by applying the principles and standards used to analyze mergers. Such transactions may have the effect of removing a participant from the market, in the same manner as a traditional merger would.

In any merger enforcement action, the Agencies will normally identify one or more relevant markets in which the merger may substantially lessen competition. Such market definitions focus solely on demand substitution factors, which are customers’
ability and willingness to substitute away from one product to another. Again, the traditional Agency focus in this inquiry would be on the market for the products that can be made by the patents that are being purchased, but not on the market for patent monetization itself. Such an inquiry would miss a wealth of potential anticompetitive conduct and consequences.

In short, competition agencies should think about a market composed of floating intellectual property rights as its own market, in order to capture the potential for harm and mischief. Courts also must be willing to understand and approach patent markets in this manner. Although the focus initially may be on patents in this market, it is possible over time it will become clear that the market for all intellectual property rights, including trade secrets and know-how as well as patents, should be considered.

Courts, agencies and government entities must also engage in doctrinal changes that will allow for the curative power of sunshine. As we encountered in trying to track the acquisition and litigation activity of the mass aggregators, many of the current doctrines in corporation and agency law allow aggregators to shield their identities from government view. The targets themselves may be unable to determine who the aggregator is, sometimes even when the parties are in litigation. The less appealing behavior described above is much easier to carry out in secrecy than in the light of day. We should consider changes that will bring such activities to light, making them easier to monitor and evaluate their individual and cumulative effects.
They conclude that -
The patent world is poised to undergo a change of astounding proportions. A system that has operated such that the vast majority of patents bring little or no return is shifting to a system in which a substantial number of patents will become traded and monetized, largely through a system of mass aggregators. The giants among us are undoubtedly changing the patent world. The question that remains is how.

One could argue that mass aggregators could potentially have positive effects. Mass aggregators might potentially ensure that the forgotten inventor receives the compensation due or could serve as a middleman to connect inventors with capital and expertise. Mass aggregators could also serve as litigation defense funds, providing Just-in-Time patenting and creating a powerful weapon stream that will deter troublesome infringement suits. Mass aggregators may also reduce troll activity by soaking up the supply of monetizable patents. The question, however, is whether the cure is worse than the disease.

In particular, the same market characteristics that have made let to the rise of troll activity are likely to plaque the activities of mass aggregators as well. Without changing the basic incentive structures of the patent system, mass aggregation will be no better than the current patent system at rewarding the deserving inventor and greasing the wheels of innovation while protecting diligent producing companies. Moreover, the activity of mass aggregation brings its own potential harms. Rather than contributing technological innovations, mass aggregators operate as a tax on current production, burdening existing products and potentially reducing future innovation and productivity.

In addition, characteristics of the market for patent monetization make it an excellent vehicle for anticompetitive behavior, including horizontal collusion and single firm or multi firm behavior that raises rivals’ costs. Most important, the basic business model of mass aggregation is troubling. The successful aggregator is likely to be the one that frightens the greatest number of companies in the most terrifying way. This may not be an activity that society wants to encourage.

These and other concerns suggest that mass aggregators and the market for patent monetization should not be allowed to flourish unchecked. The burgeoning market must
be properly monitored, regulated, and restricted so that the considerable risks associated with this activity may be fully contemplated and cabined.
The paper subsequently appeared [PDF] in Stanford Technology Law Review (2012) 1.

25 September 2011

No star

Watching emerging debate in the US about General Motors' privacy practice.

GM's OnStar subsidiary has announced changes [PDF] to its privacy policy. Some are anodyne; others cause raised eyebrows or sheer incredulity.

OnStar offers a GPS-based onboard navigation, maintenance and emergency service. The service is subscription based. Interestingly, Onstar has been criticised for plans to collect (and disseminate) vehicle data even from customers who discontinue the monthly subscription.

The updated privacy policy ostensibly gives GM the right to collect and share information that includes the customer's name, address, telephone and email address, billing information (including credit card number), vehicle identification number and make, vehicle model and year, and diagnostic information such as odometer readings. GM may collect "other information that you voluntarily provide to us (such as your language preference, your license plate number and/or your emergency contact information)". It may also collect
• information about crashes involving your Vehicle, including the direction from which your Vehicle was hit, which air bags have deployed, and safety belt usage;
• information about your use of the Vehicle and its features, such as whether you have paired a mobile device with your Vehicle;
• information about when your Vehicle’s ignition is turned on or off and when your fuel is refilled
Sharing? The revised policy goes beyond support for "law enforcement or other public safety officials", extending to "credit card processors and/or third parties we contract with who conduct joint marketing initiatives with OnStar". Those third parties apparently include roadside assistance companies, satellite radio providers and data management companies. Presumably some can integrate the information with data profiles that are subsequently provided to fourt parties, and away we go! Sharing includes "any third party, provided the information is anonymized", your Vehicle Maker, our affiliates, Vehicle dealers, third parties with whom we contract with to conduct joint marketing initiatives with OnStar, your fleet company and your rental company if you drive a rental Vehicle.

GM/OnStar regards the information as assets and may sell that information as part of the sale of some/all of the OnStar business.

Some information will not be shared -
If you use Hands-Free Calling minutes, we may obtain certain Customer Proprietary Network Information (CPNI) such as call detail records, the number of minutes purchased, the date minutes were purchased, the number of remaining minutes, and their expiration date.
OnStar reserves the right to sell anonymised location data to third parties "for any purpose". The fuzziness of the anonymisation is unclear, with critics quickly commenting that if a vehicle is consistently parked at a particular location at night it may be easy to infer an identity by matching the GPS information to the driveway or residential carpark and thence to other data, particularly in regimes where state vehicle registration agencies kindly sell registration data.

Egregiously, OnStar is reported to be planning to collect and share data from OnStar-equipped vehicles even if the vehicle's owner doesn't sign up for, or cancels, the monthly service. That makes a mockery of the notion of consent highlighted recently by the Article 29 Working Party in Europe. OnStar customers must specifically ask to opt out of the tracking service.
Unless the Data Connection to your Vehicle is deactivated, data about your Vehicle will continue to be collected even if you do not have a Plan. It is important that you convey this to other drivers, occupants, or subsequent owners of your Vehicle. You may deactivate the Data Connection to your Vehicle at any time by contacting an OnStar Advisor.
OnStar indicates that -
OnStar and its Service Providers may process and store information about you or your Vehicle in the United States, Canada, or other jurisdictions from which the Services or Data Connection will be provided and where the privacy laws may differ from those in the United States. Information may be available to government or its law agencies in the country where the data is processed or stored under a lawful requirement in that country.
Do not fear, however, as
Nothing is more important than the safety and security of you and your family. At OnStar, we apply that belief to every aspect of our business, including the protection of your personal information. You have a right to be confident your information is kept secure and to understand our privacy practices, specifically, what information we gather, with whom we share that information, how we use that information to make your driving experience safer and more convenient, and what we do to protect your information. We are committed to making your safety and the security of your information a priority.
That no doubt heartfelt commitment is highlighted by one explicit addition -
Supplemental Information for California Residents:

Your California Privacy Rights: California privacy law requires us to provide California residents with specific disclosures about our privacy practices, including telling you about the information we share with other third parties for their marketing purposes. You may request a copy of this information on an annual basis by contacting us.
We might ask why OnStar in aspiring to best practice doesn't systematically provide non-Californians with such data.

Bad privacy policy and worse marketing at GM.

Porous borders

In teaching I've had occasion to argue that anxieties about forgery of official identity documents are sometimes misplaced, given that it's possible to persuade an official to give or sell you the 'genuine' identifier.

Last week saw a minor media flurry, with reports that staff at the Australian High Commission in Colombo had sold visas or passports and that employees at the High Commission in Pretoria have stolen Australian passports - presumably the blank variety. We are assured that "the probability the passports were used for international travel is low", given that the passports were cancelled and the details were given to Interpol. The disclosure follows Freedom of Information requests by Fairfax journalists. (The relevant documents do not appear to be identified in the DFAT or Passports Office Freedom of Information Disclosure Log.)

Opposition foreign affairs spokesperson Julie Bishop stepped up to the national security soapbox, announcing that misbehaviour will not be tolerated -
The Department of Foreign Affairs must maintain the highest quality management system to ensure any corrupt or any inappropriate behaviour is detected and prevented. There must be a zero tolerance policy for such misconduct
A year ago The Daily Telegraph was similarly excited, announcing "Dramatic arrests over fake passport charges", with a breathless account -
A Post office clerk and a suburban mother allegedly masterminded a fake passport racket to bring illegal immigrants into Australia.

The false passports created at Fairfield Post Office were used by a people-smuggling ring to fly illegal immigrants directly into the country, police claimed.

Postal worker Lara Triglia, 35, and her alleged accomplice, Samira Al Kanani, 44, faced Parramatta Bail Court yesterday.

The women were dramatically arrested on Saturday night after police claimed their role in the racket was uncovered by a damning paper trail.

Lara Triglia, an unassuming 35-year-old clerk from Fairfield Post Office, was arrested in the middle of the night at the home she shares with her father.

Her alleged accomplice Al Kanani, of Mt Druitt, was arrested by Australian Federal Police at Sydney Airport as she tried to board a flight out of the country.

An investigation into the women began in April, after officials discovered people smugglers were using "corrupt Australia Post staff" to approve fraudulent passports and then going overseas to help immigrants skip the queue.

It is not known how the two met but the AFP will allege Ms Triglia, whose job as an interviewing officer was to meet applicants and check that photos and documents matched up, signed off on papers linked to Al Kanani and her family.

The fake applications allegedly included three that had Australian names but photographs of "unknown citizens".

Investigators checked a driver's licence photograph from the RTA and found the name on one passport and its accompanying photograph were of two different people. Phone records revealed the mobile number belonged to yet another person - Al Kanani's son.

But it was immigration records that allegedly gave the game away.

The passport, in the name of an Australian citizen, was never used to fly out of the country - just to fly in.

The whereabouts of the man who flew to Melbourne last month using those papers on the same flight as Al Kanani is unknown.

Another passport application was made in the name of Al Kanani's second son.

Yesterday the court was told investigators then set up a sting, ordering the Australian Passport Office to issue the fake papers.

When Al Kanani's daughter came to collect her "brother's passport" police tracked her to her car, where Al Kanani was sitting.

Police, who watched her movements for two weeks, swooped when Al Kanani allegedly tried to board a plane with the fake passport on Saturday night.

Yesterday Al Kanani appeared over video-link at Parramatta Bail Court in tears. Despite her dramatic arrest only hours earlier, Triglia calmly faced the court.
Tears, stings, dramatic arrests, unassuming suburban mother/criminal mastermind ... very tabloid. Ms Triglia was found guilty in District Court on a charge of making a false statement.

Offender Registration

The Victorian Law Reform Commission has released the 26 public submissions received in response to its 48 page Sex Offenders Registration: Information Paper [PDF] as part of its review regarding the registration of sex offenders. The Commission is due to deliver its final report to the Attorney-General on 4 November 2011.

The consultation exercise is on interest in relation to current debate about the state's Charter of Human Rights & Responsibilities, the management of serious offenders and the long-term criminalisation of sexting by minors.

The Paper for example noted that -
The Sex Offenders Registration Act imposes limits upon three rights recognised and protected by the Charter of Human Rights and Responsibilities Act 2006 (Vic) (the Charter). They are:
• the right to move freely within Victoria, enter and leave it, and choose where to live
• the right of every person not to have their privacy, family, home or correspondence arbitrarily
or unlawfully interfered with or their reputation unlawfully attacked
• the right to freedom of association with others.
The Charter permits limitations of rights that are reasonable and proportionate.4 One of the matters that may be considered when determining whether limits placed on a person’s rights are reasonable and proportionate is the rights of others. The Charter recognises the right of children to protection that is in their best interests and which they require as children.
The Commission commented that -
The Sex Offenders Registration Act establishes a mandatory and universal registration scheme that seeks to monitor the activities of child sex offenders when they return to the community after completing their sentences. The scheme is universal in two respects: it applies to all people convicted of sexual offences involving children and the same reporting requirements apply to all registered sex offenders. It applies to a very broad range of offences.

The courts do not have the power to determine which convicted sex offenders require monitoring or to devise individualised reporting requirements that seek to monitor the activities of a particular offender. Research indicates, however, that sex offenders do not re-offend more often than other serious offenders and that there are identifiable characteristics of 'high risk' offenders that could possibly be useful predictors of recidivism. The Commission will investigate whether some form of individualised judicial decision making about both inclusion in the Register and the content of reporting obligations is desirable.

The universal operation of the scheme has caused the Sex Offenders Register to grow very quickly, with more than 20,000 registrants anticipated in the first 30 years of the scheme.
The Paper asked -
Purposes

1. To what extent does the Sex Offenders Registration Act fulfil its stated purposes?

2. Should the Sex Offenders Register be a primary source of information to the Department of Human Services about child protection concerns?

3. Does the Sex Offenders Registration Act establish an effective scheme for monitoring the activities of convicted child sex offenders who are likely to re-offend?

Inclusion in the Sex Offenders Register

4. Should inclusion in the Sex Offenders Register be an automatic administrative consequence of a person being convicted of and sentenced for a Class 1 or Class 2 offence?

5. Should the court have a discretionary power to decide whether to order that a person who is convicted of some or all of the Class 1 or Class 2 offences be placed in the Sex Offenders Register?

What criteria should govern the exercise of any discretionary power?

6. Should an order placing a person in the Sex Offenders Register be a matter that the court can take into account when sentencing a person for a Class 1 or Class 2 offence?

7. Should it continue to be possible for a court to order that a person convicted of any offence be placed in the Sex Offenders Register if the court is satisfied that the offender poses a risk to the sexual safety of any other person?

Duration of reporting obligations

8. Should the duration of a registered sex offender’s reporting obligations continue to be automatically determined by a legislative classification of offences?

9. Should the court have a discretionary power to determine the length of the reporting period? What criteria should govern the exercise of any discretionary power?

10. Are the current provisions in the Sex Offenders Registration Act for suspending the reporting obligations of sex offenders adequate?

11. Should the Chief Commissioner of Police or some other statutory official have the power to apply to a court for an order extending a registered sex offender’s reporting obligations?

Content of reports

12. Should all registered sex offenders continue to have the same reporting obligations that are automatically determined by the legislation?

13. Should the court have a discretionary power to determine the content of a registered sex offender’s reporting obligations? What criteria should govern the exercise of any discretionary power?

14. Should the Chief Commissioner of Police have additional powers which would permit police officers to test the truth of any report provided by a registered sex offender? If yes, what should those powers be and in what circumstances should they be available?

Management, use and disclosure of information in the Register

15. Should the Chief Commissioner of Police have an express power to give some or all information in the Sex Offenders Register to CrimTrac for national law enforcement purposes?

16. Should the Chief Commissioner of Police have an express power to give some or all information in the Sex Offenders Register to the Secretary of the Department of Human Services for child protection purposes?

17. Should the Chief Commissioner of Police have an express power to give some or all information in the Sex Offenders Register to any other public body or official for any other purpose?

18. Should registered offenders continue to be required to report ‘unsupervised contact’ with a child? If so, should the legislation contain guidance about what is meant by this term? Should registered sex offenders be required to report 'unsupervised contact' with a child before it occurs rather than after it has occurred? If reporting were required in advance of contact, should it be before the first contact, a subsequent contact, or at any other point in time?

Protections for registered sex offenders

19. Are there adequate protections for registered sex offenders in the Act?

Accountability and review

20. Are the current accountability and review mechanisms in the Act adequate?

Management of other information about registered offenders

21. Should other government agencies be required or permitted by legislation to give the Chief Commissioner of Police information about a registered sex offender for inclusion in the Sex Offenders Register? If so, what type of information?

22. Should Corrections Victoria be required or permitted by legislation to give the Secretary of the Department of Human Services information about a sex offender that is acquired during any treatment programs undertaken by the offender when in custody or on parole?
The Paper noted that mandatory reporting by registered offenders includes the following information -
• name(s) by which they are known
• any other name(s) by which they have been known in the past, and the period for which they were known by that name
• date of birth
• address of each place they reside for at least 14 days (whether consecutive or not) in any 12 month period or, if homeless, the localities in which they can generally be found
• telephone number
• email address
• name and business address of internet service provider
• internet, instant messaging, chat room or other user names or identities used through the internet or other electronic communication services
• names and ages of any children with whom they usually live or have unsupervised contact for at least three days (whether consecutive or not) in any 12 month period
• employment details, including work under an employment contract, as a self-employed person or sub-contractor, any practical training as part of an educational or vocational course, or work as a volunteer or for a religious organisation, for at least 14 days (whether consecutive or not) in any 12 month period
• details of affiliations with any clubs or organisations that have child membership or child participation in their activities
• details of any motor vehicle they own or drive on at least 14 days (whether consecutive or not) in any 12 month period
• details of any existing or former tattoos or permanent distinguishing marks
• details of any requirement to register and report under corresponding sex offender legislation
• details of any periods of government custody since they were either sentenced or released from custody for the registrable offence
• if they travel interstate at least once a month on average, or plan to do so, the reason, frequency and destinations of the travel
• passport number and country of issue of each passport held.
In a cogent submission the Office of the Privacy Commissioner, the state agency that's more engaged than its national counterpart, highlighted several concerns regarding the Victorian regime.

The submission commented that -
Act silent on removal from the Register

It should be noted that there is a lack of clarity in the SOR Act as to when an offender’s information is removed from the Register. The Act does discuss the length of reporting obligations but is silent on any removal. Although the Chief Commissioner must destroy certain materials obtained from the offender, there is no requirement for the information to be deleted from the register itself.

This is a concerning feature of the SOR Act. Where a person becomes a registered sex offender and is required to report for 8 years, one would naturally expect that on conclusion of the period their reporting obligations cease and they are removed from the Register. The SOR Act does not provide for this, and does not direct the Chief Commissioner to remove the registered sex offender’s name from the Register once the reporting period ends.

It is of great importance that this anomaly be rectified, and the Act should be amended to ensure that once an offender’s reporting period ends, the individual’s name and all entries are removed from the Register. Similarly, all information concerning the person should similarly be removed from ANCOR.

2. Act silent on appeal rights against discretionary orders

The Act currently contains a court discretion (s 11(3)) to make an order requiring an offender to become a registered offender under the Act.

For those automatically included by virtue of the mandatory registration provisions of the Act, there are obviously no appeal rights. However, where a court has a discretion to impose reporting obligations, it appears that the decision of the court in this instance is not open to appeal. This appears to be an oversight, and is out of step with other jurisdictions (Tasmania, South Australia and Queensland) which treat the order to register as a sentence imposed on conviction and reviewable as such.

It is entirely possible that an offender, registered under the discretion of the court, would be able to appeal a decision utilising the inherent jurisdiction of the Supreme Court but this is not entirely clear. A better approach would be to institute a specific appeal ground (similar to the jurisdictions above) deeming the decision appealable as if a sentence imposed on conviction.

3. Collection of information from offenders should only be in accordance with the Act

The SOR Act defines what registrable offenders ‘must report’

It is entirely possible that Victoria Police may ‘over-collect’ information from offenders that is not required under the SOR Act. The offender, in a position of potential stress, may additionally volunteer information over and above what is required under the reporting provisions of the Act. but is silent as to collection of information outside the parameters of what must be reported.

In the New South Wales Ombudsman Report into operation of the NSW equivalent of the SOR Act, the Ombudsman detailed a system of collection occurring where police procedures directed the registering police officer to ‘try to obtain further information’. The report also indicates that few (only 18% of respondents) told them that they did not have to provide the additional information.

It should be made clear in the SOR Act that if additional information is sought from sex offenders, the offender be informed that provision of the additional information is optional. It is inappropriate to collect information outside of the set of information mandated by Parliament by using the position of relative weakness and purported compliance to obtain additional information.

I am unaware as to whether this is occurring in Victoria, but the fact that off-statute collection of information appears to have occurred in other jurisdictions is alarming. Legislative protection should be given to offenders to ensure that any collection of information outside that required by the SOR Act is truly voluntary and that offenders are informed as such.
Moreover -
4. No requirement to safeguard privacy when verifying information

... there is no requirement on Police, when checking the veracity of information reported by offenders, to take reasonable steps to protect the privacy of the registered offender so as to not inadvertently alert third parties that the individual is a registered sex offender.

This is problematic, as the protections contained in section 64 of the SOR Act could be potentially undermined if investigation into the veracity of offender provided information results in disclosure of the individual’s status as a registered sex offender.

It may be helpful to include a provision requiring police to take reasonable steps to ensure that the offender’s status as a registered sex offender is not disclosed when investigating compliance of reporting obligations. The requirement of reasonability should ensure that Police can properly investigate matters of non-compliance balanced against non-disclosure of the offender’s status. ...

6. Management, use and disclosure of other information about registered sex offenders

The Information Paper makes the point that other public entities (namely, Corrections Victoria and DHS) hold information about registered sex offenders that is not on the Sex Offenders Register, and is governed outside the scheme of the SOR Act. The Information Paper questions whether other agencies should be required or permitted to provide police with information about a registered offender for inclusion in the Register and whether Corrections Victoria should be permitted to provide information to the DHS that is acquired during treatment programs where the offender is on parole or in custody.

It should be questioned as to whether other organisations (such as Corrections Victoria or DHS) should be required to provide information for inclusion on the Register. This would somewhat change the nature of the Register – from a database containing the self-reported information of the Offender - to a larger generic database containing information sourced from various other areas.

However, if an organisation (such as Corrections Victoria or DHS) had serious concerns about an offender (including possible recidivism), it is entirely appropriate for that organisation to make those concerns known to the appropriate authority (such as Victoria Police). ... it may be that specific legislation pertaining to both Corrections Victoria (for example, the Corrections Act 1986) or DHS (for example, the Children Youth and Families Act 2005) contain secrecy or confidentiality provisions that limit disclosure of information above and beyond the limitations contained in the Information Privacy Act. If it is thought that amendment to such legislation to better enable disclosure from these agencies to Victoria Police is necessary, I would urge any amendment to take the form of the provisions in IPP 2 (in particular, IPP 2.1(d),(e) and/or (g)).

Where Victoria Police receives information from such agencies, it will effectively be a decision for Victoria Police as to how it manages such information. However, I would question whether adding the information to the Register would be helpful, or whether it is likely to create an unwieldy and difficult to manage Register. It may be appropriate for Victoria Police to record such information through its existing intelligence management systems, rather than adding information to the Register. However, such a question is one better determined by Victoria Police. I note that section 62(2)(g) of the Act does provide for Victoria Police to include ‘any other information that the Chief Commissioner of Police considers appropriate’ in the Register.

I would, however, caution against the adoption of wide information sharing powers contained in the Serious Sex Offenders (Detention and Supervision) Act 2009 (Vic).
The Commissioner concludes that -
The Sex Offenders Registration Act 2004 is a creation of a time when Victoria had not formally committed to the protection of human rights. As discussed above, the Act’s aims and goals are laudable and important. However, the failure to institute judicial discretion in deciding whether an offender will be subject to the registration and reporting provisions undermines the moral and ethical basis, and efficiency, of the Act’s obligations. The possibilities of unwarranted registrations, such as the example given in paragraphs 7-10, become probable. Resources are required to manage registration and reporting by offenders who pose little risk of recidivism.

From a privacy perspective, many aspects of the Tasmanian Act, with court discretion regarding registration, rights of appeal,and a more discretionary approach to the reporting period, would be worth adopting. Stronger protections for inter-jurisdictional sharing, clarification as to what ‘unsupervised contact’ means, clarification of removal from the register, better transparency as to Register oversight and clarification around information sharing (in line with privacy principles) are all recommended.

This review allows Victoria to consider an overhaul of the operation of the Act and ensure that it operates efficiently, effectively and provides protection to the community whilst simultaneously operating in a humane manner. Victoria has an opportunity to set an exemplary template for other states, territories and international jurisdictions to consider adopting in the area of sex offender registration statutes. As it currently stands, the Act is not a template for excellence.

Privacy Tort

The Australian Government has released its 65 page discussion paper [PDF] - comments by 4 November - on a statutory tort regarding serious invasions of privacy.

As foreshadowed in recent articles in Privacy Law Bulletin, the Government appears to be leaning towards the NSW Law Reform Commission model [PDF], with an explicit restriction to "serious" invasions of privacy in contrast to the Victorian Law Reform Commission's more nuanced conceptualisation in 2010 [PDF] of invasions of privacy per se.

In his introduction the Minister for Privacy and Freedom of Information comments that -
In May 2008, the Australian Law Reform Commission (ARLC) concluded a 28-month inquiry into the effectiveness of the Privacy Act 1988 and related laws as a framework for the protection of privacy in Australia. In its report, the ALRC made 295 recommendations for reform in a range of areas, including telecommunications, credit reporting information, health records, and privacy protection generally. The Government has responded to 197 of these recommendations.

One of the ALRC’s recommendations was that the most serious invasions of privacy could best be addressed through the introduction of a statutory cause of action for privacy. The Victorian and New South Wales Law Reform Commissions have also recommended a statutory cause of action for privacy.

In responding to the ALRC recommendation, the threshold question that must be asked is whether the introduction of a statutory cause of action for privacy is warranted. This is a particularly important question in light of a cause of action for privacy developing case-by-case in the Australian courts. If there is to be a statutory cause of action, how do we make sure it gets the balance right between the public interest in the right to privacy and other important public interests including freedom of expression? We cannot simply consider whether action is desirable without also considering how best to do it.
The paper accordingly asks -
1. Do recent developments in technology mean that additional ways of protecting individuals’ privacy should be considered in Australia?

2. Is there a need for a cause of action for serious invasion of privacy in Australia?

3. Should any cause of action for serious invasion of privacy be created by statute or be left to development at common law?

4. Is ‘highly offensive’ an appropriate standard for a cause of action relating to serious invasions of privacy?

5. Should the balancing of interests in any proposed cause of action be integrated into the cause of action (ALRC or NSWLRC) or constitute a separate defence (VLRC)?

6. How best could a statutory cause of action recognise the public interest in freedom of expression?

7. Is the inclusion of ‘intentional’ or ‘reckless’ as fault elements for any proposed cause of action appropriate, or should it contain different requirements as to fault?

8. Should any legislation allow for the consideration of other relevant matters, and, if so, is the list of matters proposed by the NSWLRC necessary and sufficient?

9. Should a non-exhaustive list of activities which could constitute an invasion of privacy be included in the legislation creating a statutory cause of action, or in other explanatory material? If a list were to be included, should any changes be made to the list proposed by the ALRC?

10. What should be included as defences to any proposed cause of action?

11. Should particular organisations or types of organisations be excluded from the ambit of any proposed cause of action, or should defences be used to restrict its application?

12. Are the remedies recommended by the ALRC necessary and sufficient for, and appropriate to, the proposed cause of action?

13. Should the legislation prescribe a maximum award of damages for non-economic loss, and if so, what should that limit be?

14. Should any proposed cause of action require proof of damage? If so, how should damage be defined for the purposes of the cause of action?

15. Should any proposed cause of action also allow for an offer of amends process?

16. Should any proposed cause of action be restricted to natural persons?

17. Should any proposed cause of action be restricted to living persons?

18. Within what period, and from what date, should an action for serious invasion of privacy be required to be commenced?

19. Which forums should have jurisdiction to hear and determine claims made for serious invasion of privacy?
It draws on recommendations in the Australian Law Reform Commission's For Your Information: Australian Privacy Law and Practice report -
Recommendation 74–1

Federal legislation should provide for a statutory cause of action for a serious invasion of privacy. The Act should contain a non-exhaustive list of the types of invasion that fall within the cause of action. For example, a serious invasion of privacy may occur where:
a) there has been an interference with an individual’s home or family life;
b) an individual has been subjected to unauthorised surveillance;
c) an individual’s correspondence or private written, oral or electronic communication has been interfered with, misused or disclosed; or
d) sensitive facts relating to an individual’s private life have been disclosed.
Recommendation 74–2

Federal legislation should provide that, for the purpose of establishing liability under the statutory cause of action for invasion of privacy, a claimant must show that in the circumstances:
a) there is a reasonable expectation of privacy; and
b) the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities.
In determining whether an individual’s privacy has been invaded for the purpose of establishing the cause of action, the court must take into account whether the public interest in maintaining the claimant’s privacy outweighs other matters of public interest (including the interest of the public to be informed about matters of public concern and the public interest in allowing freedom of expression).

Recommendation 74–3

Federal legislation should provide that an action for a serious invasion of privacy:
a) may only be brought by natural persons;
b) is actionable without proof of damage; and
c) is restricted to intentional or reckless acts on the part of the respondent.
Recommendation 74–4

The range of defences to the statutory cause of action for a serious invasion of privacy provided for in federal legislation should be listed exhaustively. The defences should include that the:
a) act or conduct was incidental to the exercise of a lawful right of defence of person or property;
b) act or conduct was required or authorised by or under law; or
c) publication of the information was, under the law of defamation, privileged.
Recommendation 74–5

To address a serious invasion of privacy, the court should be empowered to choose the remedy that is most appropriate in the circumstances, free from the jurisdictional constraints that may apply to that remedy in the general law. For example, the court should be empowered to grant any one or more of the following:
a) damages, including aggravated damages, but not exemplary damages;
b) an account of profits;
c) an injunction;
d) an order requiring the respondent to apologise to the claimant;
e) a correction order;
f) an order for the delivery up and destruction of material; and
g) a declaration.
Recommendation 74–6

Federal legislation should provide that any action at common law for invasion of a person’s privacy should be abolished on enactment of these provisions.

Recommendation 74–7

The Office of the Privacy Commissioner should provide information to the public concerning the recommended statutory cause of action for a serious invasion of privacy
The Victorian Law Reform Commission, as noted elsewhere in this blog, offered recommendations for a statutory cause of action -
22. There should be two statutory causes of action dealing with serious invasion of privacy caused by misuse of surveillance in a public place.

23. The first cause of action should deal with serious invasion of privacy by misuse of private information.

24. The second cause of action should deal with serious invasion of privacy by intrusion upon seclusion.

25. The elements of the cause of action for serious invasion of privacy caused by misuse of private information should be:
a. D misused, by publication or otherwise, information about P in respect of which he/she had a reasonable expectation of privacy; and
b. a reasonable person would consider D’s misuse of that information highly offensive.
26. The elements of the cause of action for serious invasion of privacy caused by intrusion upon seclusion should be:
a. D intruded upon the seclusion of P when he/she had a reasonable expectation of privacy; and
b. a reasonable person would consider D’s intrusion upon P’s seclusion highly offensive.
27. The defences to the cause of action for serious invasion of privacy caused by misuse of private information should be:
a. P consented to the use of the information
b. D’s conduct was incidental to the exercise of a lawful right of defence of person or property, and was a reasonable and proportionate response to the threatened harm
c. D’s conduct was authorised or required by law
d. D is a police or public officer who was engaged in his/her duty and the D’s conduct was neither disproportionate to the matter being investigated nor committed in the course of a trespass
e. if D’s conduct involved publication, the publication was privileged or fair comment
f. D’s conduct was in the public interest, where public interest is a limited concept and not any matter the public may be interested in.
28. The defences to the cause of action for serious invasion of privacy caused by intrusion upon seclusion should be:
a. P consented to the conduct
b. D’s conduct was incidental to the exercise of a lawful right of defence of person or property, and was a reasonable and proportionate response to the threatened harm
c. D’s conduct was authorised or required by law
d. D is a police or public officer who was engaged in his/her duty and the D’s conduct was neither disproportionate to the matter being investigated nor committed in the course of a trespass
e. D’s conduct was in the public interest, where public interest is a limited concept and not any matter the public may be interested in.
28. The defences to the cause of action for serious invasion of privacy caused by intrusion upon seclusion should be:
a. P consented to the conduct
b. D’s conduct was incidental to the exercise of a lawful right of defence of person or property, and was a reasonable and proportionate response to the threatened harm
c. D’s conduct was authorised or required by law
d. D is a police or public officer who was engaged in his/her duty and the D’s conduct was neither disproportionate to the matter being investigated nor committed in the course of a trespass
e. D’s conduct was in the public interest, where public interest is a limited concept and not any matter the public may be interested in.
29. The remedies for both causes of action should be:
a. compensatory damages
b. injunctions
c. declarations.
30. Costs should be dealt with in accordance with section 109 of the [Victorian Civil and Administrative Tribunal Act 1998 (Vic)].

31. Jurisdiction to hear and determine the causes of action for serious invasion of privacy by misuse of private information and by intrusion upon seclusion should be vested exclusively in the Victorian Civil and Administrative Tribunal.

32. These causes of action should be restricted to natural persons. Corporations and the estates of deceased persons should not have the capacity to take proceedings for these causes of action.

33. Proceedings must be commenced within three years of the date upon which the cause of action arose.