Updated Broadcast Privacy Guidelines

ACMA has released an update of its Privacy guidelines for broadcasters, which "provide an overview of how ACMA assesses complaints by listeners or viewers that allege breaches of the privacy provisions" in the broadcast codes developed by industry under the self-regulatory regime.

The September 2016 update reflects

•  amendments to codes of practice since 2011
• new case studies of key ACMA privacy investigation decisions over the past five years 
• references to personal information and
• clarification of  ACMA’s approach to consent, material in the public domain, and children’s privacy.

The Guidelines were introduced in 2005 with the expectation that they would "increase general awareness of privacy obligations under the codes of practice and assist broadcasters to better understand these obligations". They were last revised in December 2011, the first comprehensive review since introduction. The review considered ACMA’s investigations from 2005 to 2011, amendments to broadcasting codes of practice, developments in case law, and qualitative and quantitative community attitudinal research commissioned by ACMA.

The 2016 review elicited a mere seven submissions, from the ABC, ASTRA, CRA, Derek Wilding, Free TV, OAIC and SBS (ie 5 out of seven were from broadcasters).

The guidelines state

Introduction—balancing privacy and public interest

Privacy protections specific to broadcasting are set out in the various broadcasting codes of practice that are developed by industry and registered by (or, in the case of the national broadcasting codes, notified to) the ACMA.

These guidelines are intended to: > increase general awareness of the privacy obligations under the various broadcasting codes > assist broadcasters to better understand their privacy obligations under these codes.

The guidelines do not deal with unlawful, unethical or distasteful journalistic practices. Nor do they deal with federal or state privacy and privacy-related laws. They provide general guidance in relation to code privacy obligations and do not vary the terms of any particular broadcasting code of practice. Examples used in these guidelines are illustrative only.

Privacy is a matter of enduring relevance to the community.

While digital technologies and social media may be changing the ‘privacy environment’ and presenting challenges that legal experts have grappled with in recent times , the community continues to value privacy safeguards in broadcasting.

The various broadcasting codes of practice can be found on the ACMA website. Their privacy provisions reflect the balance that should be struck between the media’s role in informing the public and an individual’s expectation of privacy.

Some codes offer express privacy protections only in the context of news and current affairs broadcasts. Other codes offer privacy protections for all broadcast content. Some codes also provide that a complaint about privacy can only be made by the person (or a representative of the person) who considers their privacy was intruded upon.

The precise privacy obligations to which each broadcaster is subject will depend on the terms of the applicable code. The outcome of any investigation will depend on the facts and context of the particular broadcast. A potential breach of code privacy provisions may be investigated by the ACMA in the exercise of its discretion. This will generally occur when:

• a code privacy complaint has been made to a broadcaster in accordance with the applicable code 

• the broadcaster has not responded within 60 days or the complainant considers the broadcaster’s response inadequate 

• a complaint is then made to the ACMA.

The general principle

Generally, the codes protect against the broadcast without consent, of material that:

•  relates to a person’s personal or private affairs or private life —for example, by disclosing their personal information; or 

• invades a person’s privacy or intrudes into their private life—for example, by intruding upon their seclusion; unless it is in the public interest to broadcast the material.

Investigation steps

When investigating the alleged breach of a code privacy provision, the ACMA will consider the elements of a breach:

• Was a person identifiable from the broadcast material? 

• Did the broadcast material disclose personal information, or intrude upon the person’s seclusion in more than a fleeting way?

If the answer to both of the above questions is yes, then there is a potential breach of code privacy provisions. The ACMA will then consider:

• Was the person’s consent obtained—or that of a parent or guardian? 

• Was the broadcast material available in the public domain? 

• Was the invasion of privacy in, and proportionate to, the public interest?

If the answer to any of these is yes, then there may be no breach found. Identifiable person For the codes to be breached, a particular person must be identifiable from the broadcast. That person can be a private individual or a public figure. A person is identifiable if, from the broadcast (including audio or visual material), the person’s identity is apparent or can reasonably be ascertained. Pixelation of a person’s face will not necessarily be sufficient to de-identify that person—for example, where they are identifiable from other details in the broadcast.

For examples, refer to case studies 1, 2, 5, 7 and 8 in the Appendix.

Personal information

Personal information can include a person’s residential address or telephone number, facts about a person’s health, genetic or biometric information, information about personal relationships and domestic or family life, personal financial affairs, sexual activities, and sexual orientation or practices. It can also include information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, criminal record and other sensitive personal matters.

This information need not be secret or confidential in order to be private.

Personal information will usually be factual in nature. However, it may include opinions based on facts or presented as if based on facts—for example, an opinion on a person’s sexuality, religion or health status, or an expert’s prognosis of a person’s health or welfare.

For examples, refer to case studies 2, 5 and 7 in the Appendix.

Seclusion

A person’s seclusion may be intruded upon where: > they would have a reasonable expectation that their activities would not be observed or overheard by others; and > a person of ordinary sensibilities would consider the broadcast of these activities to be highly offensive. Depending on the circumstances, this may include everyday activities and it will usually include sexual activities. The invasion should be more than fleeting. It is possible for this to occur in a public space.

For examples, refer to case studies 3, 8 and 11 in the Appendix.

Consent

If consent is obtained prior to the broadcast of private material, then the consenting person can have no expectation of privacy in relation to that material. When given,

consent should be voluntary, informed, specific, current and given by a person with legal capacity and an understanding of the use to which the material will be put.

Consent can be express, such as when obtained in writing. It can also be implied; for example, where a person is a willing participant in an interview. If the affected person’s consent to broadcast private material is obtained by deception, it is not true consent.

Consent to the broadcast of material that would invade privacy or intrude into a person’s private life may be withdrawn before it is first broadcast, if in all the circumstances it is reasonable to do so.

The use of material that has been surreptitiously obtained will be an indicator that the person has not (at least at the time the material was obtained) consented to the broadcast. Consent to the use of such material can be obtained after recording but before broadcast.

The absence of an objection will not automatically be taken to constitute consent.

Consent to an interview concerning an individual’s personal affairs or private life may not amount to consent to the use in a broadcast of additional personal information or of material intruding upon their seclusion—for example, material not disclosed in the interview that has been obtained without consent or for a different purpose.

For examples, refer to case studies 4, 5, 8 and 11 in the Appendix.

Material in the public domain

Using material that is already in the public domain will generally not be an invasion of privacy.

This may include the use of material obtained from online or social media sites where there are no access restrictions. However, the absence of access restrictions, while an important consideration, may not be determinative. Account will be taken of the nature of the material and the context in which it has been published.

The relevant content may be of a nature that indicates it has been put in the public domain without the affected person’s knowledge or consent—for example, material that is inherently offensive and appears to have been uploaded by someone other than the affected person.

Using material that has previously been disclosed by a person on a confidential basis, or to a limited or closed circle of recipients, may be an invasion of their privacy. Its private nature may be implied, even if there was no express request to keep it confidential.

For examples, refer to case studies 9 and 11 in the Appendix.

Children and people in vulnerable circumstances

Code privacy provisions apply to material used in a broadcast that concerns people in vulnerable circumstances, as well as children.

Vulnerable circumstances may be intrinsic (for example, where a person has a disability or difficulty communicating in English) or situational (for example, where a person is bereaved or has been involved in a distressing event).

The Commercial Television Industry Code of Practice 2015 expressly requires that special care be taken in the use of material concerning a child. ‘Child’ is defined in that code to mean a person under the age of 15.

Where broadcast material concerns both an adult and a child, code privacy obligations and public interest considerations may be assessed separately for the adult and the child.

Subject to the relevant code, a parent or guardian’s express consent should be obtained before using material that invades a child’s privacy. Parental consent alone will not always be sufficient for a broadcaster to comply with its code privacy obligations.

Even where consent is obtained, there may be circumstances where a person of ordinary sensibilities would consider the use of material that invades a child’s or vulnerable person’s privacy to be highly offensive.

In each case, careful account should be taken of the nature of the material proposed for use and the potential consequences of its use. Broadcasts concerning child welfare or protection may be in the public interest. Such material will require careful consideration of the justification for, and, as applicable, the extent of any intrusion into the private life of a child.

In reporting on public interest issues concerning the activities, actions or behaviour of another party, such as a child’s parents, the use of material disclosing the child’s personal information or intruding upon the child’s seclusion should be proportionate to the particular public interest issues raised in the broadcast.

For examples, refer to case studies 6, 7 and 9 in the Appendix.

Public figures

Public figures such as politicians, celebrities, prominent sports and business people and those in public office do not forfeit their right to privacy in their personal lives.

However, it is accepted that public figures will be open to a greater level of scrutiny of any matter that may affect the conduct of their public activities and duties. For an example, refer to Case study 8 in the Appendix.

Public interest

The broadcast of personal information or material that invades privacy, without consent, will not breach the codes if there is a clear and identifiable public interest in the material being broadcast. The public interest is assessed at the time of the broadcast.

Whether something is in the public interest will depend on all the circumstances, including whether a matter is capable of affecting the community at large so that the audience might be legitimately interested in or concerned about what is going on.

Public interest issues include:

• public health > national security 

• criminal activities 

• corruption 

• misleading the public 

• serious anti-social behaviour 

• politics 

• government and public administration 

• elections 

• the conduct of corporations, businesses, trade unions and religious organisations.

Not all matters that interest the public are in the public interest.

Any material that invades a person’s privacy in the public interest should directly or indirectly contribute to the public’s capacity to assess an issue of importance to the public, and its knowledge and understanding of the overall subject. The information disclosed should be proportionate and relevant to those issues, and not include peripheral facts or be excessively prolonged, detailed or salacious.

Whether an invasion of privacy or intrusion into a person’s private life is justified in the public interest will generally depend on the public interest matters raised in the broadcast.

In the case of public figures, the broadcast of material that invades the person’s privacy may be in the public interest if it raises or answers questions about any of the following:

• the person’s appointment to or resignation from public office 

• e person’s fitness for office 

• the person’s capacity to carry out his or her duties 

• conduct or behaviour that contradicts the person’s stated position on an issue.

However, disclosure is unlikely to be in the public interest if it is merely distasteful, socially damaging or embarrassing.

For examples, refer to case studies 1, 3, 6, 7, 8 and 11 in the Appendix.

Broadcast Co-Regulation and the Finkelstein Review

The Australian Communications and Media Authority (ACMA) has released a 'Consolidated Report' regarding its Contemporary Community Safeguards Inquiry, a nice example of never grab a hot potato if you can flick it into tomorrow.

The inquiry is concerned with "matters that should be addressed in contemporary broadcasting industry codes of practice", including privacy. The stated intention is  "to ensure that codes of practice are fit for purpose in a converging media environment".

ACMA indicates that it

has now decided to defer further work on the inquiry and to publish this report, so that the evidence it captures can immediately inform the broader conversation about the future of broadcasting regulation in Australia, as well as the industry code reviews due to be undertaken.

The Consolidated Report states

ACMA’s disposition in conducting the inquiry was to produce guidance which is evidence-based and supportive of the minimum level of regulatory intervention necessary to achieve the desired aim. That is, regulatory intervention that is appropriate and proportionate in all the circumstances. In this regard, while commenced prior to the current government’s deregulation agenda, the inquiry is wholly consistent with it.

It does not provide "specific guidelines for future codes of practice reviews" (i.e. the outcomes expected at the beginning of the inquiry) and as you might expect does not echo the Finkelstein or Leveson inquiries.

It is assumed under the co-regulatory regime embodied in the Broadcasting Services Act 1992 (Cth) that the industry groups representing television and radio broadcasting licensees will develop codes that apply to the broadcasting operations in those sector. The codes must be developed in consultation with ACMA, taking into account relevant ACMA research. ACMA can only register a code where it is satisfied, among other things, that the relevant code provides appropriate 'community safeguards'.

ACMA indicates that the report "summarises the consultation undertaken during the inquiry and provides a high-level overview of the directions emerging from that process", including -

• ‘first principles’ analysis of the enduring concepts, which could or should be reflected in contemporary broadcasting codes
• consultation on the Contemporary community safeguards inquiry—Issues paper, which examined the existing code requirements and the extent to which they aligned with the identified enduring concepts
• seven 'Citizen conversations forums' on relevant topics
• economic research about the market for broadcasting content in Australia and the industry-identified costs of the code requirements 
• community research exploring contemporary citizens experiences of, and expectations about, broadcasting content
•  reviewing the existing information in this area, including the work of complementary reviews and inquiries. 

There is supposedly "a high level of consensus about the enduring concepts and core matters that should be reflected in contemporary broadcasting codes", which -

• are "strongly correlated" with what the Broadcasting Services Act 1992 (Cth) indicates broadcasting codes ‘may address’. 
•  should continue to enable public interest considerations to be addressed in a way that does not impose unnecessary financial and administrative burdens on broadcasting service providers 
• should be sufficiently flexible to accommodate new technology and a changing media environment. 

In what at times reads as a parody of Yes Minister ACMA advises that

Taking these and other applicable matters into account, the ACMA is of the view that there is strong support and a solid rationale for code-based contemporary community safeguards relevant to:

• enabling adults to make informed decisions about accessing content based on their personal tastes and preferences 

• preventing the broadcast of certain content that prevailing community standards indicate should be prohibited 

• enabling parents and carers to protect children in their care from inappropriate or harmful content 

• accuracy, impartiality and transparency in certain factual material 

• the transparency of advertising and promotional practices 

• the appropriate balance between program material and advertising/promotional material 

• fair treatment and privacy 

• the provision of reliable consumer information about the mechanisms available for accessing content 

• emergency information 

• the provision of minimum requirements for Australian music 

• complaints-handling systems and information. 

Alan Jones can sleep soundly.

The report notes that

There is a lower level of consensus around how these matters should be ‘operationalised’ in codes. For example, it is easy to agree that codes should protect children, but harder to agree how that might most appropriately be done and whether different broadcasting platforms, models and genres logically suggest different (and tailored) methods. There is no doubt that there is scope and support for rationalisation, simplification and adaptation to changes in media markets and practices. As indicated above, further consideration will need to be given to such matters in the context of industry code reviews.

There is no indication of how and when the reviews will be "progressed", as Sir Humphrey might say, and whether the exercise will be superseded by broader changes to competition (e.g. lessening of ownership restrictions) and media policy.

In discussing privacy aspects of the co-regulatory regime,  comprehensively weighted towards broadcast interests, the report states -

Submissions to the inquiry indicated widespread community and industry support for safeguards relating to the broadcast of material that discloses personal information or intrudes on a person’s seclusion. The CBAA said:

Community radio stations exist to meet their relevant community interest and, through the guiding principles, have committed to promote harmony and diversity. Based on this, and widespread public support for rules about privacy it is appropriate that the Codes continue to include privacy protections for the public. 

However, submissions also stressed the fundamental importance of ensuring that there is an appropriate balance between respecting the privacy of individuals and the right of the public to be informed on matters of public importance, and the essential role which the ‘public interest’ test plays in this context. Submissions suggested that the ‘public interest’ test used in the codes should be clearer and could be enhanced. The Australian Privacy Foundation submitted:

It is essential that the qualification [on the privacy protections provided by the codes] be upgraded to ensure that not only does a public interest exist, but also that it is of sufficient significance that it outweighs the individual's privacy interest. The operative words could be amended simply by appending those words to the expression ‘unless there is a public interest’. However, alternative formulations could achieve the level of protection that is needed, provided that they implement the Proportionality Principle.

Industry submissions questioned the need for privacy requirements to be expanded to program genres beyond news and current affairs. However, citizen and public interest advocacy groups supported expansion of the code provisions to ensure that an individual’s right to privacy is safeguarded across all program genres. 

There was support across submissions for public figures being afforded the same privacy protections as other citizens, although submissions acknowledged that some public roles may lead to a greater likelihood that the broadcast of private information would be in the public interest

The report goes on -

Previous ACMA community research on privacy included two complementary qualitative and quantitative research studies—Australians’ views on privacy in broadcast news and current affairs and Community research into broadcasting and media privacy. This research explored community perspectives about privacy issues that arise in broadcast news and current affairs programs and radio competitions. It found that citizens believe it is very important for broadcasters to safeguard a person’s privacy, especially in the context of news and current affairs programs. Citizens identified certain situations as being very intrusive invasions of privacy. However, the qualitative component also identified a spectrum of views about the balance to be struck between respecting individuals’ privacy and informing the public about matters of public importance. Key criteria used by citizens included the relevance of the personal material to the story, whether consent is given, and the character of the person involved. It was apparent that individuals consider a range of circumstances and assess on a case-by-case basis the interplay of issues. 

The qualitative CCSi community research showed that, for the most part, there is no strong community consensus on what constitutes an invasion of privacy by a broadcaster. However, regardless of age and overarching attitudes, the majority of participants felt that individuals, in theory, should have a right to privacy in the broadcasting context. This right to privacy was something which participants felt should be ‘guaranteed’, other than in specific circumstances. Participants largely assumed that broadcasters should, and do, seek consent to broadcast private information in most cases. 

This right to privacy was assumed by participants to be guaranteed in general observational footage where a story might have a negative impact for those involved in the program, for example, obesity or gambling. Participants tended to assume that consent to broadcast footage used in observational documentaries had been sought by broadcasters. It was also expected that broadcasters would have sought consent from anyone who is directly involved in the program, for example, someone interviewed. Similarly, there was an expectation among group participants that social media photos (for example, profile pictures) should not be used by broadcasters in a way that might damage an individual’s reputation. Participants assumed broadcasters had sought the individual’s consent. 

Focus group participants did not appear to have a broad framework within which to consider possible situations or scenarios that were discussed during the groups. They tended to assess each case individually without having clearly defined ‘rules’, but they highlighted some of the factors they would use to consider each instance. An example given by participants of content that they considered as invading privacy included stories about neighbour disputes (for example, chopping down a neighbour’s tree), especially where the stories did not illuminate something which the public would benefit from knowing. Without a broader public purpose, these stories were felt by participants to be largely sensational and not in the public interest, with the potential to harm the reputations of those involved.

'Regulating journalists? The Finkelstein Review, the Convergence Review, and News Media Regulation in Australia' by Terry Flew and Adam Glen Swift in (2013) 2(1) Journal of Applied Journalism & Media Studies 181-199 comments

This paper identifies two major forces driving change in media policy worldwide: media convergence, and renewed concerns about media ethics, with the latter seen in the U.K. Leveson Inquiry. It focuses on two major public inquiries in Australia during 2011-2012 – the Independent Media Inquiry (Finkelstein Review) and the Convergence Review – and the issues raised about future regulation of journalism and news standards. Drawing upon perspectives from media theory, it observes the strong influence of social responsibility theories of the media in the Finkelstein Review, and the adverse reaction these received from those arguing from Fourth Estate/free press perspectives, which were also consistent with the longstanding opposition of Australian newspaper proprietors to government regulation. It also discusses the approaches taken in the Convergence Review to regulating for news standards, in light of the complexities arising from media convergence. The paper concludes with consideration of the fast-changing environment in which such proposals to transform media regulation are being considered, including the crisis of news media organisation business models, as seen in Australia with major layoffs of journalists from the leading print media publications.

The authors argue

Around the world, there are two major forces driving changes in media policy, which both have significant implications for news media industries and journalism as a professional practice. First, there is the question of how to revise media laws in the context of convergence, where the rationales that underpin platform-specific regulations are challenged by the availability of the same or similar content across multiple media platforms. The proposition, for instance, that broadcast media should be more extensively regulated than print is challenged when all content is available online, and where established media companies are developing cross-platform content available across the full range of digital devices, both in order to more effectively compete with each other, but also with the ICT and social media giants such as Apple, Google, Microsoft, Amazon and Facebook. Reviews of broadcasting, telecommunications and other legislation to meet the challenges of media convergence have been, or are being, undertaken in the United Kingdom, Canada, Japan, South Korea, Taiwan, and Australia (ACMA, 2011a). 

Second, there has been a renewed concern with media ethics, and the conduct of journalists and the news organisations they work for. This emerged most dramatically in the United Kingdom in 2011 as it became apparent that the hacking into private phone calls extended not only to celebrities, footballers, politicians, and members of the British Royal family – allegations that had been made for some time – but to relatives of deceased British soldiers, victims of the 2005 London bombings and, most damningly, the family of murdered schoolgirl Milly Downer. Public outrage immediately put intense scrutiny upon News International and its owner, Rupert Murdoch, and led to the closure of the 168-year-old popular tabloid News of the World. This proved to be insufficient to quell public anger, and in July the British Prime Minister David Cameron announced that a public inquiry would to look into phone hacking and police bribery by the News of the World, while a separate inquiry would consider the culture and ethics of the wider British media, chaired by Lord Justice Leveson. The Leveson Inquiry, which has been conducted in a highly public manner, has put under the spotlight the effectiveness of print media self-regulation in the U.K., as Leveson declared that the Press Complaints Commission had failed to safeguard ethical standards and the public interest (Cathcart, 2012). 

This paper considers both the challenges of media convergence and the question of media regulation in relation to ethical standards in the context of two Australian media inquiries that commenced in 2011 and were concluded in 2012. The first was the Convergence Review, established by the Gillard Labor government to ‘review the operation of media and communications legislation in Australia and to assess its effectiveness in achieving appropriate policy objectives for the convergent era’ (Convergence Review, 2012, p. 110). Established by the Minister for Broadband, Communications and the Digital Economy, Sen. Stephen Conroy, the independent Convergence Review Committee was asked to ‘propose an alternative structure [for media regulation] that would encourage continued innovation and protect citizens’ interests in an age of convergent communication’ (Convergence Review, 2012, p. 110), in the context of Labor’s ambitious National Broadband Network (NBN) scheme, aiming to provide high-speed broadband services to over 90 per cent of Australian homes and businesses by 2017. 

The second review was the Independent Media Inquiry into the Media and Media Regulation, which was established in September 2011, in the wake of the Leveson Inquiry in the U.K. and concerns about standards in the Australian print media. This inquiry was chaired by the Hon Ray Finkelstein QC – and its final report is commonly referred to as the Finkelstein Review – assisted by Matthew Ricketson, Professor of Journalism at the University of Canberra. Like the Convergence Review, it was conducted with the support of the Department of Broadband, Communications and Economy (DBCDE). Its Terms of Reference required it to consider:

a) The effectiveness of the current media codes of practice in Australia, particularly in light of technological change that is leading to the migration of print media to digital and online platforms; 

b) The effectiveness of the current media codes of practice in Australia, particularly in light of technological change that is leading to the migration of print media to digital and online platforms; 

c) The impact of this technological change on the business model that has supported the investment by traditional media organisations in quality journalism and the production of news, and how such activities can be supported, and diversity enhanced, in the changed media environment; Ways of substantially strengthening the independence and effectiveness of the Australian Press Council, including in relation to on-line publications, and with particular reference to the handling of complaints; 

d) Any related issues pertaining to the ability of the media to operate according to regulations and codes of practice, and in the public interest (Independent Inquiry into the Media and Media Regulation, 2012, p. 13).

In addition to the Convergence Review and the Finkelstein Review, other reviews taking place that had some relevance to media policy included the Review of the National Classification Scheme undertaken by the Australian Law Reform Commission (ALRC, 2012), the development of a National Cultural Policy, and a review of copyright laws, also undertaken by the ALRC. But it was the Convergence Review and the Finkelstein Review that were most specifically focused on news media, whose recommendations had the most implications for the conduct of journalism in Australia, and which attracted the most diverse – and frequently divided – public commentary.

Convergence and other Reviews

We're still imbued by the deregulatory zeitgeist, judging by the 22 page interim report [PDF] of the Australian Government's Convergence Review, concerned with "the policy and regulatory frameworks that apply to the converged media and communications landscape in Australia". The review is independent of the concurrent Independent Media Inquiry being undertaken by Finkelstein and Ricketson.

In summary, the interim report (for public comment by early February) emphasises reduced regulation, recommending -

• a platform-neutral regulatory framework focused on the new concept of Content Services Enterprises
• a new independent regulator for communications in the digital economy
• removal of content-related licenses

The key recommendations are -

A platform-neutral regulatory framework focused on the new concept of Content Service Enterprises

The regulatory framework should centre on entities classified as ‘Content Service Enterprises’. The technology-neutral definition of a Content Service Enterprise would be set intentionally high and should include threshold criteria relating to the scale and nature of entities supplying content services.

A new independent regulator for content and communications in the digital economy

A new independent regulator for content and communications that operates at arms-length from government and industry. The regulator should have flexible powers to make rules within the principles and policy frameworks established by legislation.

Removal of content-related licenses

Content licences should no longer be required to provide a content service.

New diversity and competition arrangements

The minimum number of voices rule in a local market should be revised to include all Content Service Enterprises. This new rule could cover entities such as national newspapers, subscription television and online providers, where they qualify as a Content Service Enterprise.

A public interest test should be developed to ensure that diversity considerations are taken into account where Content Service Enterprises with significant influence at a national level are involved in mergers or acquisitions.

The new regulator should be given broad and flexible powers to issue directions and make rules in order to promote fair and effective competition in content and communications markets.

Reform of spectrum planning and allocation arrangements

The government should develop a common and consistent approach to the allocation and management of both broadcasting and non-broadcasting spectrum. This approach will separate most existing content-related obligations of broadcast enterprises from licenses to use spectrum.

New platform-neutral Australian content arrangements

All Content Service Enterprises that provide audio-visual content, whether linear or non-linear, should be required to support Australian content. This could be done by either:

• Committing a percentage of total program expenditure to producing specified Australian content, or where this is not practicable,
• Contributing to a converged content production fund.

Commercial free-to-air (FTA) television broadcasters will eventually fall under the Content Service Enterprises arrangements. Transitional measures for commercial FTA television broadcasters include:

• 55% Australian content quota on the main channel to continue in the interim
• Some increase in Australian sub quota content obligations should be flexibly applied to reflect the two additional channels each broadcaster currently operates without content requirements.

Promotion of local content and community broadcasters

Commercial FTA broadcasters using spectrum should continue to devote a minimum amount of programming to material of local significance. A more flexible compliance and reporting regime for this content should be implemented.
Community broadcasters and local content providers should be encouraged to explore innovative ways to deliver local content, including on new delivery platforms.

Reinforcing the role of public broadcasters

The ABC and SBS charters should expressly reflect their range of existing services, including online activities. This will give commercial operators increased certainty about the boundaries of public broadcaster activities. Australian content quotas should apply to public broadcasters.

The interim report could usefully be read in conjunction with Malcolm Turnbull's recent lecture on 'Politics, Journalism and the 24/7 News Cycle' [PDF] at Melbourne University's Centre for Advanced Journalism.

The Productivity Commission, sea-green incorruptibles all, has concurrently released a report on Identifying and Evaluating Regulation Reform [PDF].

The Commission was asked to -

1. examine lessons gathered in Australia and overseas in reviewing regulation, identifying regulatory reform opportunities and priorities, and evaluating regulation reform outcomes.

2. build on such lessons to analyse possible frameworks and approaches for identifying poorly performing areas of regulation and regulatory reform priorities, and both qualitative and quantitative methods for evaluating regulation reform outcomes

3. In proposing enhanced frameworks and approaches to identify poorly performing areas of regulation and regulatory reform priorities, and methods for evaluating reform outcomes, to

• seek public submissions and consult with interested parties as necessary
• have regard to any other relevant current or recent reviews commissioned by Australian governments’ and
• have regard to the assessment of the OECD in its 2009 Review of Regulatory Reform in Australia — Towards a Seamless National Economy that there is likely to be limited scope for gains to regulatory quality through a further tightening of existing processes.

Its report indicates that -

The regulatory system should ensure that new regulation and the existing ‘stock’ are appropriate, effective and efficient. This requires the robust vetting of proposed regulation; ‘fine tuning’ of existing regulations and selecting key areas for reform. It also requires that these be performed in a coordinated and cost-effective way, with political leadership a key factor in all this.

There is a range of approaches to reviewing existing regulation and identifying necessary reforms. Some are more ‘routine’, making incremental improvements through ongoing management of the stock; some involve reviews that are programmed, and some are more ad-hoc.

Designed for different purposes, the techniques within these three categories can complement each other, though their usefulness varies.

• Among ‘management’ approaches, red tape targets can be a good way to commence a burden reduction program. But ‘one-in, one-out’ rules have more disadvantages than advantages. Regulator practices can play a key role in compliance burdens, with scope apparent for improvement.
• Reviews embedded in legislation can usefully target areas of uncertainty. Sunsetting can help eliminate redundant regulation and ensure that re-made regulation is ‘fit for purpose’, but requires good preparation. Post implementation reviews, triggered by the avoidance of a regulation impact statement, are an important failsafe mechanism but need strengthening.
• Public stocktakes cast a wide net and can identify cross-jurisdictional and cumulative burdens. Reviews based on a screening principle, particularly the competition test, have been highly effective and could be extended. In-depth reviews are best for identifying options for reform in more complex areas, while benchmarking can point to leading practices.

Good design features vary for the individual techniques, but all require sound governance and effective consultation. For significant reviews, public exposure of preliminary findings is a key success factor.

While Australia’s regulatory system now has the necessary institutions and processes broadly in place, there remains scope for improvement in:

• prioritisation and sequencing of reviews and reforms — with greater attention paid to the costs of developing and undertaking reforms
• monitoring of reviews and the implementation of reforms
• advance information to achieve better focused consultations
• incentives and mechanisms for good practice by regulators — with a further review needed to identify the best approaches
• building public sector skills in evaluation and review.

Wrathful sheep?

Another day, another data breach. This time it' involves Telstra, which according to the SMH "faces the wrath of the Federal Privacy Commissioner after leaving customer details of potentially millions of customers exposed on the web including, reportedly, usernames and passwords". Oh dear, the fiercesome wrath of an arthritic and timid sheep, a creature whose wrath is so very scary that it's ignored by the telecommunications industry.

The customer information was supposedly exposed through a search page used by "Telstra customer service agents", apparently counterparts of the Vodafone dealer network highlighted here, here and here. The data was not encrypted, with Telstra relying on security by obscurity.

Telstra hastily tore down the site after it became aware of the breach late this afternoon but not before computer security experts showed that it could be used to access customer details including their account numbers, broadband packages, technician visits and, in some cases, their email’s usernames and passwords.

Media reports suggested credit check details were also accessible but that was not confirmed by Telstra. ...

Alarmingly, Telstra said it was unsure how many customers' details were potentially breached.

"(It's) unsure at this stage, it appears to be limited to bundled customers but we don't know how many," a Telstra spokeswoman said.

An update of last night's report states that -

Anyone who visits the page can search Telstra's customer database based on the customer's last name, account number, sales force ID or reference number.

They are then presented with detailed information outlining the customer's account number, what broadband plan they're on, what other Telstra services they're signed up to and notes associated with the customers' accounts including in many cases their usernames and passwords.

There are also other details about technician visits, SMS messages sent to private mobile numbers and credit check details ...

When informed of the site being accessible a Telstra spokeswoman said in a statement: "Telstra takes its customers' right to privacy very seriously and is taking immediate action to resolve this issue. We will investigate and keep our customers fully informed."

They later said: "We apologise to customers who may have been impacted by this issue. Telstra takes its customers privacy seriously".

So seriously, apparently, that it didn't anticipate an obvious problem.

Fear not, "The privacy commissioner had been made aware of the breach and a full investigation and report into the lapse would be prepared as soon as possible" and of course Telstra "would also move as quickly as possible to notify customers of the breach and maintain transparency around reporting details of the incident".

It's time to question notions of "reasonable practice" and hold telcos to a meaningful standard rather than simply excusing problems on the basis that 'everyone in the industry is doing it'. It is also time to consider regulatory incapacity.

In a subsequent ABC report the Australian Communications Consumer Action Network (ACCAN) commented that

a Telstra database with up to 1 million customers' personal details was left open for anyone to view.

"We wanted to test it and we did and sure enough it was readily available - things like passwords, the details of problems having or wanting to change bundles," she said.

"Basically any contact that you would have with the customer centre about your bundle was readily available for anyone to see."

Ms Davidson says it is "almost unbelievable" that Telstra could let the bungle occur.

"ACCAN have been speaking to Telstra. They are obviously taking it very very seriously and are investigating," she said.

"It is hard to imagine how an error of this magnitude has happened, has been allowed to happen for a company the size of Telstra, with the number of the customers they have."

In my initial comment on the Vodafone debacle I suggested that there were problems across the industry, rather than merely in one network. It is time for investigation by ACMA if the national Privacy Commissioner lacks the expertise, the resources, the legislative charter or merely the vision to examine what is going wrong.

The Commissioner does have the authority to conduct 'own motion' investigations, need not wait for complaints by members of the public and might usefully emulate Australian and overseas peers in actively examining what is going on. Both the Australian community and industry need more than a wrathful sheep, an animal that although well meaning has clearly not persuaded major corporations to move to best practice and has not inspired action through fear of its mighty "wrath".

Adding teeth to the TIO

The 39 page Modernising the TIO submission [PDF] from the Australian Communications Consumer Action Network calls for a modernisation of the Telecommunications Industry Ombudsman (TIO), ie the industry-funded non-government dispute resolution mechanism dealing with telecommunication service providers - including ISPs - under the national co-regulatory regime. The TIO was established in 1983

In essence, ACCAN argues that better resourcing of the TIO and an improved governance structure will provide the regulator with much-needed teeth and encourage effective action on behalf of consumers.

The submission was provided to the national Department of Broadband, Communications &the Digital Economy in connection with the review of the TIO scheme, ACMA's Reconnecting the Customer Inquiry and revision of the Telecommunications Consumer Protection Code (TCP Code) revision.

ACCAN is particularly critical of the "antiquated" dual governance structure. The submission comments that -

The original governance structure which remains today created two bodies, a Board and a Council. As noted in the joint submission by former Telecommunication Industry Ombudspersons, John Pinnock, Deirdre O’Donnell and Simon Cleary "this structure was modeled on the first industry ombudsman scheme in Australia ... and was subsequently adopted in insurance, financial complaints and energy ombudsman schemes in Victoria and NSW."

The dual structure established in 1993 remains today and limits consumer representation to the Council. The Board is appointed solely by its members (namely industry). There are no consumer representatives on the Board. Consumers are only represented on the TIO Council. The Board has the power to appoint or veto the appointment of key people, including the independent Chair(s) of the Board and Council and the Ombudsman and Deputy Ombudsman. While the Council can make recommendations as to whom should be appointed, the Board makes the ultimate decision.

The governance structure of the TIO may have worked when it was first established. However, ACCAN believes the TIO now needs a structure that is truly independent, establishes the scheme as a joint initiative of suppliers and customers and allows the scheme to respond quickly to the changing communications environment.

The submission features the following recommendations -

1. That the governance structure be amended to include equal representation of industry and consumer representatives.

2. The governance structure be amended to a unitary structure, with an independent Chair.

3. The TIO expand its jurisdiction to include pay TV.

4. That it be a standard practice for the TIO to collect demographical information about TIO users, including sex, age, ethnicity, disability, level of income.

5. That a base-line survey regarding TIO awareness and accessibility be conducted, with a follow up survey 3 years later.

6. The TIO increases awareness of their services by targeting the different media that different groups access, including local, regional, disability, ethnic, Aboriginal and community radio, television, newspapers, social media and websites.

7. The TIO raise awareness of their services amongst local community agencies, including women's centres, migrant resource centres, media organisations, Art Centres and other community organisations.

8. The TIO develops materials for some of the main Aboriginal and Torres Strait Islander language groups in Australia.

9. The TIO increases the amount of information available on its website and in hardcopy in different languages and alternative formats, including: Braille, HTML/RTF, Large print, easy English, Audio and Auslan.

10. That TIO materials, including on the website, must indicate that people can make complaints in person at TIO offices, via an interpreter. Contact details are provided to make an appointment.

11. The TIO promotes more widely the availability of the Telephone Interpreting Services to facilitate CALD consumers contacting the TIO.

12. The TIO expands its hours of operation until 8pm Monday- Friday, including accommodating time differences across Australia.

13. The TIO and Government include the active participation of young people pursuant to the United Nations Committee on the Rights of the Child, General Comment 12: The Right to be Heard.

14. The TIO and government undertake education with all consumers, including youth, about consumer rights to seek to prevent complaints arising in the first place.

15. The TIO’s website be redesigned to ensure information is easy to find and accessible to all.

16. TIO-published case studies be expanded, and an index of case studies, linked to position statements, be created and be available in print and on-line.

17. Where a significant systemic issue is identified as affecting a particular demographic, the TIO increase advertising about their services through the media that affected group(s) accesses.

18. The government promotes awareness about the TIO through its different departments including: as part of the settlement process for refugees, the citizenship test preparation for migrants and through Centrelink publications and Centrelink correspondence to those who receive Centrelink benefits.

19. That brochures outlining complaint options must be available in all suppliers’ stores, on their websites and on request.

20. Suppliers must prominently publicise the availability and accessibility of external process for resolving disputes in Supplier stores, on Supplier websites and on telephone-based customer information services.

21. Information about the TIO, including contact details should be included in communications from Suppliers to their customers, including, but not limited to: all contracts and billing documents, late notices, disconnection notices and other credit and debt collection activities.

22. The customer should be made aware of the TIO’s role in the complaint handling process from the earliest possible stage (not only after the customer expresses dissatisfaction).

23. Suppliers must provide customers with information about the TIO at the time the customer is told about the Supplier’s internal complaints process and at the time the customer is told about the final outcome of the internal process if the customer is not wholly satisfied.

24. The TIO scheme be described as the office of second resort and not an office of last resort.

25. At level 1 entry, the TIO contact the telecommunications provider directly in writing to inform them of a complaint and the telecommunications provider contacts the customer with the complaint directly within 48 hours.

26. The TIO should only close a Level 1 complaint when the customer indicates it is resolved.

27. The TIO should be empowered to “register” a complaint, refer it to the relevant member and ensure it is actioned by that member.

28. The TIO undertake research into the incidence of and circumstances whereby complaints are discontinued.

29. Introduce an SMS call back scheme to assist low-income consumers to contact the TIO.

30. Services assisting clients to access the TIO, including community legal centres, financial counseling services and other community groups, must be adequately funded for this work.

31. A full and proper review of the costing of level 1 complaints be undertaken with consideration on how to provide better financial incentives to improve IDR.

32. TIO should engage in general education campaigns with their members.

33. The TIO invite consumer advocates to identify and provide information to the TIO about systemic issues.

34. Service providers found in breach of their obligations be publicly named.

35. Additional and meaningful information about complaints be made publicly available at more regular intervals. ACCAN would like to see the following metrics:

• The number of matters escalated due to supplier non-response
• The percentage of cases successfully resolved disaggregated by TIO member
• The average time it takes a complaint to be resolved disaggregated by TIO member
• The likelihood of a customer having a complaint (complaint per 10,000 customers) disaggregated by TIO member

36. The Ombudsmen, with advice from the TIO Council should publish a public information policy to guide the availability of data to the public.

37. Members be charged per complaint issue.

38. A licensing process be introduced for all carriage service providers.

39. ACMA be given the powers to revoke a license for a breach of a TIO determination and/or any other serious breach.

40. The TIO be subject to a public independent review every five years.

41. A supplier should be named in a determination.

42. It should be mandatory for the TIO to refer non-compliance of a determination to ACMA.

43. A simpler, more cost effective, and quicker enforcement and penalty system needs to be put in place, where relevant breaches can be taken to the Federal Magistrates Court for determination.

44. Stronger consumer protections, including standards and changes in legislation should be made.

45. A standard regarding complaints handling be introduced.

46. The TIO or regulator be given the power to audit supplies’ internal complaint handling schemes to see if they are compliant with the relevant Australian Standard on complaints handling.

47. The TIO should be able to award consumers a financial sum payable by the supplier where the supplier has acted in breach of its consumer protection obligations.

.

Informed consent

The Australian Communications & Media Authority (ACMA) has released a 66 page report regarding Community research on informed consent [PDF].

The report -

presents the findings of qualitative research into community attitudes, perceptions and understandings of rights and responsibilities in relation to informed consent across a range of communication platforms. The research focused specifically on issues with consent and privacy relating to digital communications within a transactional context.

The document follows Community research into broadcasting and media privacy, another study for ACMA regarding "community perspectives about informed consent and privacy issues that arise in broadcast news and current affairs programs, radio competitions and the digital media context".

The authors of the current report comment that -

Informed consent, as a legal concept has various meanings, depending on the legislation and circumstances in which the term is used. While the research took into account the way that informed consent is defined in communications legislation and regulation, it was not intended to examine consumers understanding of the legal concept. Rather, the research specifically aimed to explore the consumer experience of providing informed consent in various situations and to understand community attitudes towards consent issues more generally.

This research will assist the ACMA when assessing issues that arise in the communications sector around obtaining consent for contract formation, subscriptions services and use of personal information. The research findings are also intended to provide the ACMA with a rich understanding of community perspectives when providing advice to industry, government and other stakeholders on related subjects.

The report is based on 14 discussion groups (six to eight people aged 18 years and over from metropolitan and regional areas in New South Wales, Victoria and South Australia) considering scenarios with "realistic situations involving giving consent", eg a financial agreement with a company in return for goods and services, provision of personal information in return for a service or potential gain (such as for surveys or competitions) and provision of "permission for others to make decisions or use their skills on their behalf, such as medical providers".

The objective was to explore attitudes in relation to communication services regarding -

• what 'informed consent' means

• perceptions of the opt-in process (opt-in/opt-out) across various technologies and services

• the decision-making process that is associated with providing informed consent and inferred consent, including the length of time for which consent is valid across a range of situations

• issues associated with giving consent and privacy issues, sharing information within organisations and with third parties

• providing consent on other people’s behalf eg parents for children

• common concerns consumers have across a range of products and services relating to informed consent

Key findings were -

‘Understanding’ and ‘comprehension’ of the agreement are essential to ensure ‘informed’ consent can be given
A number of factors relate to ‘understanding’ and whether a consumer feels they can give informed consent, including -

• understanding the terms and conditions

• accessible language being used

• information delivered in an accessible format and layout

• a non pressured environment

• feeling comfortable and able to ask questions if they do not fully comprehend.

Participants believed that informed consent relies upon both the company and the consumer having a thorough understanding of the situation. Thus, they believed that a company has a responsibility to provide the full information to the consumer. In turn, a company has a right to expect that, in order to feel informed, consumers have understood the information should they agree. Consumers also recognise they have a responsibility to understand the information to which they are agreeing.

Providing ‘consent’ versus ‘informed consent’
Consumers perceived there to be a clear difference between providing ‘consent’ and ‘informed consent’. They identified that they often gave ‘consent’ but claimed that in reality it was not always ‘informed consent’, as they defined it. This is because they often provided consent without a full understanding and comprehension of the terms and conditions of the agreement.

Perceptions of ‘risk’ affect people’s attitudes and behaviour as to whether they want to feel fully informed
Consumers readily admitted that they often chose not to read or listen to the terms and conditions, and, therefore, be fully informed. Many respondents provided examples of instances when they -

• scrolled to the end of the webpage without reading terms and conditions

• clicked the box without reading the offered information

• became distracted or bored and chose not to read blocks of text or listen to a salesperson.

In these instances, consumers felt comfortable that they had not informed themselves of the terms and conditions because they perceived few, if any, negative consequences relating to financial or personal details being compromised.

Yet in situations that appear more ‘risky, consumers endeavour to fully understand and comprehend the terms and conditions to ensure they are ‘informed’. These situations included

• when substantial finances are involved, particularly ongoing contracts with a set period of time where they want to know the ongoing and maximum costs

• when detailed personal information is required and there may be a risk of personal privacy being compromised

• when the brand or company are seen to be more ‘risky’ and there may be more to lose if they are unscrupulous.

Consumers recognise that companies often make it difficult for them to provide informed consent

Consumers recognise that it was not always easy to give informed consent.
In some instances, they believed that companies purposely make it difficult for consumers to comprehend the terms and conditions. Many reported instances where they did not provide informed consent, because -

• the language used made the terms and conditions inaccessible, with the use of legalese or technical, unfamiliar phrases

• there was too much information in the terms and conditions to comprehend at once, particularly when provided over the phone

• the environment meant they felt pressured or rushed.

Consumers have a real issue when they feel the option of choosing whether they want to provide ‘informed consent’ is taken away from them.

Generally, consumers accept they have a significant role to play in ensuring their consent is informed. They recognise they have a responsibility to understand the terms and conditions of the agreements they are consenting to. They believe they should have a right to make the choice to access and read the terms and conditions before providing consent or not.

The real concern arises when consumers feel they do not have a choice as to whether they can provide ‘consent’ or ‘informed consent’. Thus, it is when information is not provided by the organisation, or not provided in an accessible format, that consumers believed consent can never be informed. Consumers can feel disempowered in these situations as they feel the power lies in the hands of the organisation with which they are dealing.

Mobile Jamming

Last year I noted consultation by the Australian Communications & Media Authority (ACMA) regarding mobile phone jammers.

ACMA has now made a formal Declaration under the Radiocommunications Act 1992 (Cth) prohibiting the supply, possession and operation of jamming devices that "are likely to substantially interfere with public mobile telecommunication services (PMTS)", including 3G networks and equivalent services such as mobile WiMAX.

The Radiocommunications (Prohibition of PMTS Jamming Devices) Declaration 2011 under s190 of the Act replaces the mobile phone jamming prohibition made in 1999.

ACMA's 2010 review last year of the effectiveness of that prohibition found that although the prohibition of jamming devices remains necessary, updates to the prohibition were required to address technological change that has occurred since 1999.

ACMA chair Chris Chapman commented that -

In making the new prohibition, the ACMA notes the continued need for appropriate regulatory arrangements that protect PMTS from unwanted and potentially harmful interference. It is vital that people can access the emergency call service, as well as receive warning messages in times of emergency.

The new Declaration includes a definition of "PMTS jamming device" in order to clearly identify the types of prohibited devices. The exemption of on-board systems used to provide mobile communication services on aircraft has been retained.

Spam and Fax DNC

The Australian Communications and Media Authority (ACMA) has accepted an 11 page enforceable undertaking [PDF] from Virgin Blue Airlines under the Spam Act 2003 (Cth).

The undertaking follows an ACMA investigation into complaints alleging that the airline continued to send commercial email despite multiple attempts by recipients to unsubscribe from its mailing list. The Act, as noted in past posts on this blogs, requires commercial email to include a functional unsubscribe facility. Undertakings have been received in the past by enterprises such as Virgin Mobile (Australia) Pty Ltd, Commonwealth Securities Ltd and Vodafone Hutchison Australia Pty Ltd. They are a gentler regulatory mechanism than the penalties imposed by the Federal Court under the Spam Act, eg the $22 million penalties noted in December and August last year over egregious misbehaviour.

The enforceable undertaking - which includes payment of $110,000 - commits Virgin Blue to "a thorough overhaul and independent assessment of its email marketing practices". Virgin Blue acknowledged that it had "experienced problems" with its email marketing systems, leading to receipt by some previously unsubscribed consumers of new (and undesired) email.

ACMA Chair Chris Chapman commented that -

Businesses which market by email need to regularly test that the unsubscribe function in their messages is working properly. The Spam Act requires that a request from a consumer to be unsubscribed from commercial emails must be addressed. No further commercial electronic messages are allowed to be sent to the consumer five working days after an unsubscribe request is made.

Announcement - sound the trumpets, beat the drums - aside, the undertaking does not provide much to write home about (ACMA's guide to undertakings is online [PDF]). It was more than a year in the making. It features standard wording in 'sorry but no admission' mode and promises to try harder in future. Virgin Blue will engage an independent third party to "thoroughly assess its email marketing processes" and to implement any recommended changes. It will also provide training to relevant employees, establish a complaints handling policy, and audit 10 per cent of its email marketing campaigns monthly for a year.

Readers are reminded that closing date for submissions in response to ACMA's call for comment on the draft national standard for the fax marketing industry is 4 February 2011.

ACMA is seeking views on the proposal to require a destination sending number (a 'header line') on all marketing faxes as part of the fax marketing industry standard. Submissions in previous consultations proposed inclusion of the additional information to assist in reducing the number of complaints arising from faxes that were originally sent to numbers not on the Do Not Call Register being redirected automatically to numbers that are on the register.

Content regulation

National Attorney-General Robert McClelland and Minister for Home Affairs Brendan O'Connor have tasked the Australian Law Reform Commission with a review (to be completed by 9 December) of content classification "in light of changes in technology, media convergence and the global availability of media content".

The review will update the ALRC inquiry of 1991. In that report the ALRC recommended -

• There should be a national legislative scheme to deal with censorship issues. A federal Act should establish the administrative bodies and set out the procedures for classifying films and publications.
• A non-legislative code should contain the criteria for classification.
• The States and Territories should adopt classifications determined under the code and provide enforcement proceedings.

Implementation of the recommendations saw -

enactment of the Classification (Publications, Films and Computer Games) Act 1995 (Cth), providing for the classification of publications, films and computer games for the Australian Capital Territory and, through complementary State and Territory legislation, the basis of a national classification scheme.

The Broadcasting Services Act 1992 (Cth) was amended by the Broadcasting Services (Online Services) Amendment Act 1999 (Cth) to provide for censorship and classification of internet material and online services. Under that statute complaints regarding content can be made to the Australian Communications & Media Authority (ACMA), which can ask the Classification Board to classify the content consistent with the Classification (Publications, Films and Computer Games) Act 1995 (Cth) and the National Classification Code (2005). ACMA can require a host or service provider to stop or restrict access to certain content, depending on the classification it attracts.

In announcing the current review the Minister for Home Affairs commented that -

When the National Classification Scheme began, classifiable content and the way it was delivered to consumers was relatively static.

Today, films can be watched in a cinema, on DVD, on TV or downloaded. Many video games include significant film segments to tell stories, and some films have interactive content. The National Broadband Network will increase this ready access to classifiable content.

People, particularly parents, need a system of classification in Australia that allows them to make informed choices about what they wish to read, see and hear.

This important review will look not only at classification categories, but also at the whole classification system to ensure it continues to be effective in the 21st century.

The Attorney-General’s Department is seeking comments on the proposed terms of reference [PDF] for the review, with comments to be provided by the 28th of this month.

As might be expected, the preamble to the 'Review of Censorship and Classification' offers something for everyone, with the Ministers "having regard to" -

• the rapid pace of technological change in media available to, and consumed by, the Australian community
• the needs of the community in this evolving technological environment
• the need to improve classification information available to the community and enhance public understanding of the content that is regulated
• the desirability of a strong content and distribution industry in Australia, and minimising the regulatory burden
• the impact of media on children and the increased exposure of children to a wider variety of media including television, music and advertising as well as films and computer games
• the size of the industries that generate potentially classifiable content and potential for growth
• a communications convergence review, and
• a statutory review of Schedule 7 of the Broadcasting Services Act 1992 and other sections relevant to the classification of content

Moving on from genuflections to the divergent interest groups, the ALRC is to consider -

1. relevant existing Commonwealth, State and Territory laws and practices
2. classification schemes in other jurisdictions
3. the classification categories contained in the Classification Act, National Classification Code and Classification Guidelines
4. any relevant constitutional issues, and
5. any other related matter.

Smart Meters, Dumb Headlines

Elsewhere - more in sorrow than in anger (of course) - I've critiqued claims about the inevitable and imminent supremacy of broadband over powerline (BPL), aka powerline communication (PLC), as a mechanism for providing broadband to rural/urban consumers using plain old powerlines ... in other words the 'grid' that connects businesses, households and other entities to the power stations.

Those claims have on occasion been driven by commercial opportunism (nothing like good news to pump up a flaccid share price or buff a stodgy corporate profile), incomprehension or indifference on the part of the mass media and the tendency of 'citizen journalists' to drink the digital koolade. The reality is - and will remain - that although broadband (however defined) can be delivered via the conventional electricity grid, such delivery is fraught with difficulty and is not commercially competitive once steps are taken to deal with radio interference and other problems. (I've noted that is also possible to deliver the net via carrier pigeon or bongo drum ... both mechanisms are technically feasible but, how very strange, have not supplanted wireless, fibre or conventional copper.)

I can thus empathise with the following response to reports that a 'smart meter' trial in Liverpool (UK) will lead to householders enjoying broadband over the grid -

Will this minion of the undead ever get a stake in its heart. Please ... silver bullets, garlic, wooden stakes, holy water something! anything!!!

Small scale Australian trials, under the auspices of ACMA, of BPL have gone nowhere - typically distinguished by deliriously upbeat media releases (and equally uncritical reporting) followed by an embarrassing silence as implementation does not eventuate. Across the world BPL solution vendors have packed their kit and slunk away; urban and rural showpiece projects have fizzled (eg here).

BPL continues to be "the technology of the future ... and always will be" - bright forecasts, dim reality.

Data loss

The Sunday Age reports that

the personal details of millions of Vodafone customers, including their names, home addresses, driver's licence numbers and credit card details, have been publicly available on the internet in what is being described as an "unbelievable" lapse in security by the mobile phone giant.

Just another example of large-scale data loss, in a regulatory environment that features no meaningful penalties for poor practice on the part of data custodians?

The newspaper goes on to state that it -

is aware of criminal groups paying for the private information of some Vodafone customers to stand over them.

Other people have apparently obtained logins to check their spouses' communications.

The Sunday Age explains that -

Personal details, accessible from any computer because they are kept on an internet site rather than on Vodafone's internal system, include which numbers a person has dialled or texted, plus from where and when.

The full extent of the privacy breach is unknown but ... possibly thousands of people have logins that can be passed around and used by anyone to gain full access to the accounts of about 4 million Vodafone customers.

Professor Michael Fraser, the head of the Australian Communications Law Centre at the University of Technology, Sydney, said that it appeared to be a major breach of the company's privacy obligations and "unbelievably slack security".

"The fact you can look up anybody as easily as that seems to be a gross breach of privacy and resulting in an almost negligent exposure to criminal activity," said Professor Fraser, who also heads the Australian Communications Consumer Action Network.

A spokesman for Vodafone said yesterday the company had ordered an immediate investigation and review of security procedures. "Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password," he said.

"Any unauthorised access to the portal will be taken very seriously, and would constitute a breach of employment or dealer agreement and possibly a criminal offence."

"We will be conducting a thorough investigation of the matter with our internal security experts and will refer the matter to the Australian Federal Police if appropriate."

He said all passwords would be reset, and training and other procedures would be reviewed.

Well, he would say that, wouldn't he.

A post on the Vodafone site by Cormac Hodgkinson, Director of Customer Service and Experience, reads -

Vodafone customer data security

You may have seen recent media reports in relation to customer information – please be assured that Vodafone takes customer information and data security extremely seriously. Customer information is not 'publicly available on the internet'. Customer information is stored on Vodafone's internal systems and accessed via a secure web portal, accessible to authorised employees and dealers via a secure login and password.

Yours sincerely

That reassurance is problematical, given indications that a large number of Vodafone employees and dealers have access and that access is being misused. Exactitude about 'publicly available' look disingenuous if passwords are being passed around, sold or gifted to mates (and thence to mates of mates).

The Sunday Age comments that -

Because the customer database is not an intranet (internal company system) and instead on the internet, users with a password can log in to the portal from anywhere, then access any customer's information.

Vodafone retailers have said each store has a user name and password for the system. That access is shared by staff and every three months it is changed. Other mobile dealers who sell Vodafone products also get full access to the database.

Anyone with full access can look up a customer's bills and make changes to accounts. Limited access allows searching by name, which takes much longer and is more involved but can be just as effective when done correctly. "It's scary stuff in the wrong hands"

What is the response from the Office of the Information Commission, the new agency that includes the national Privacy Commissioner. Regrettably, it's same old, same old. The Sunday Age reports that -

Australian Privacy Commissioner Timothy Pilgrim said all organisations should take appropriate steps to secure the personal information of their customers or they risked breaching the Privacy Act.

"If an individual believes their privacy has been interfered with they should first contact the organisation responsible and if they are not satisfied with their response they can make a complaint to our office," Mr Pilgrim said.

He has backed the federal government's intention to give his office extra powers to impose penalties should he find a breach of the act.

The prospect of complaints to the Privacy Commissioner is underwhelming, given that entity's historic reluctance to take on major offenders, failure to publicly shame behaviour such as that noted here and questions about its policy analysis (eg the alarming PID 11 and 11A highlighted in Privacy Law Bulletin last year, that authorise large-scale - and ineffective - genetic fishing expeditions.)

Given what appears the scale of the data exposure and the possibility that some of Vodafone's competitors use similar systems (that may also have been compromised, to use another delightful bureaucratic euphemism) it would be appropriate for the Privacy Commissioner to initiate an own-motion investigation rather than waiting for the complaints to flood in or rather wanly complaining, yet again, that he needs more resources and more power. Public shaming - pungent, timely, pertinent - is a key mechanism for agencies ... a mechanism that offsets perceptions that agencies have experienced regulatory capture. The federal Commissioner would do well to adopt the forward-looking, positive and articulate approach taken by the Victorian Commissioner (OVPC).

It would also be appropriate for investigation by ACMA, the national telecommunications regulator. The co-regulatory scheme for telecommunications is founded on industry responsibility. In practice, both major telcos and the telco minnows have behaved - and continue to behave - in ways that call co-regulation into question.

Embraceable you

The Australian Communications & Media Authority (ACMA), the national telecommunications regulator, has reported that "Australians are embracing the digital economy, with big increases in the volume of data downloaded, time spent online and activities undertaken online".

That is the same message we've seen for a decade, but the latest data is interesting once yawns are stifled regarding yet another rendition of "most Australians today have access to the internet at multiple locations" and that "Australians are using the internet more intensively, going online more often for a much wider range of reasons".

ACMA indicates that as at June 2010 approximately 77% of the population 14 years and over had internet access at home. 66% had a broadband connection. Nearly 2.4 million people accessed the internet via their handheld mobiles during June 2010, up from 1.6 million during June 2009. ACMA's Communications Report 2009-10 [PDF] indicated that the total number of mobile services in operation (voice and data services) increased by 7% during 2009–10 to reach 25.99 million services at June 2010. Growth in mobile services was fuelled by an increase in the numbers of mobile wireless broadband services (datacard/dongle connected to a computer), up by 71% over the period to reach 3.46 million at June 2010.

28% of people 14 years and over were estimated to be 'heavy' internet users (ie online more than 15 hours a week) in June 2010, up from 14% during June 2005. A further 27% were considered medium users (between 7 and 15 hours a week) and 23% light users (up to 7 hours a week).

An estimated 155,503 terabytes of data were downloaded in Australia during the June quarter of 2010, compared to 99,249 terabytes during the June quarter of 2009. Online social networking supposedly continues to be a "major driving force in the increasing intensity of online participation, with 8.7 million Australians accessing mainstream social networking sites such as Facebook and YouTube from home during June 2010 alone, spending in total more than 41.5 million hours on these sites. 6 million people accessed "mainstream online news sites" from home during June 2010.

SMS Spam penalty

Australian telecommunications regulator ACMA has noted the $2 million penalty under the Spam Act 2003 (Cth) for the last respondent in Safedivert SMS spam scheme.

The Federal Court has today imposed $2 million in penalties against Scott Gregory Phillips in proceedings brought by ACMA regarding SMS spam, aka speam. That penalty is in addition to $22.25m imposed on seven other respondents last year in Australian Communications & Media Authority v Mobilegate Ltd A Company Incorporated in Hong Kong (No 2) [2009] FCA 887, bringing the total penalties to $24.25m.

Phillips, along with the other respondents, was involved in a complicated scheme involving creation of established fake dating website profiles to obtain the mobile phone numbers of genuine dating website users. Those numbers were then sent messages from people pretending to want to chat via a 'Safedivert' service about meeting and forming a relationship. Users who were unfortunate enough to be tricked by that identity scam were charged approximately $5 per message, with ACMA alleging that the scheme cost Australian mobile users over $4m from late 2005 until November 2008.

Logan J, in delivering judgment, indicated that -

The conduct was undoubtedly deliberate. IMP and its agent Jobspy, which employed IMP's modus of operation, engaged in concerted deception. Mr Phillips' involvement in the deception was at the most senior level. He was the controller of IMP.

ACMA chair Chris Chapman commented that -

The size of the penalties awarded in this case are an indication of how seriously the courts treat breaches of the Spam Act, which is very encouraging.

In cases such as this where the conduct was calculated, deceptive and had a detrimental effect on Australian phone users, the ACMA will not hesitate to use every available avenue to protect the consumer. This prosecution again demonstrates the commitment of the ACMA to ensure that individuals and companies comply with the Spam Act.

gummed by a mouton sauvage

The weakness of co-regulatory schemes in Australia (characterised, alas, on occasion, by regulatory capture) is evident in enforcement of corporate misbehaviour that resembles being gummed by a toothless, arthritic and myopic sheep.

The Australian Communications & Media Authority (ACMA), the national broadcasting and telecommunications regulator highlighted elsewhere in this blog, yesterday announced that two of the commercial tv networks had "breached licence conditions by advertising interactive gambling services" -

a number of Nine Network and Ten Networks’ licensees breached a condition of their commercial television broadcasting licences by broadcasting advertisements promoting interactive gambling services, in contravention of the Interactive Gambling Act 2001 (IGA).

"These are the ACMA's first investigations into advertisements prohibited under the Interactive Gambling Act", said ACMA Chairman, Mr Chris Chapman, "All providers of television, radio and datacasting services need to ensure sure they are fully aware of and comply with their obligations under the IGA".

The statute is not, as far as I am aware, invisible, so we might wonder why the licensees were not "fully aware" ... or perhaps just didn't care. ACMA's reports are online; one example is the PDF here.

The ACMA statement explains that -

'Interactive gambling services' include services that are often described as 'online casinos' and usually involve using the internet to play games of chance, or games of mixed chance and skill. Examples include roulette, poker, craps, online 'pokies' and blackjack. The IGA targets the providers of interactive gambling services and makes it an offence to provide certain services to a customer in Australia. It also prohibits the broadcasting and publication of advertisements for interactive gambling services.

Enter the ACMA sheep, red in tooth & claw!

ACMA adopts a graduated approach to compliance and enforcement and has taken into account that these are the first investigations relating to the broadcast of prohibited advertisements under the IGA. Both networks have agreed to measures intended to increase awareness of the IGA, including staff training and education. In this regard, the networks will provide periodic reports of this training to the ACMA.

Gambling is not illegal, something highlighted in a speech by Cardinal Pell, representative of an institution that critics such as Geoffrey Robertson QC persuasively argue has been systematically indifferent to a range of serious abuses and that, at best, can be excused on the basis of a profound lack of imagination.

The Cardinal is reported by the SMH as indicating that -

it might be somewhat hypocritical for the Catholic Church to condemn gambling outright, given the proliferation of poker machines in NSW Catholic clubs.

"I must confess I do feel a bit uneasy about that, but only a bit uneasy", he admitted. "Because culturally I'm an Irish Australian and we grew up gambling".

The Irish Australian Excuse does not, of course, apply to the wickedness known as same-sex love.

Cardinal Pell is reported as elaborating his statement -

Gambling in itself was not intrinsically wrong, he said. Only when it became an addiction, threatening the well-being of oneself and one's family, did it become a sin.

Warming to the forum's theme "God and Mammon: need or greed in the big end of town", Cardinal Pell said as far as the ethics of selling tobacco went, supplying adults who were aware of the risks and still chose to smoke was nothing to rush to the confessional about. And when quizzed about the ethics of selling arms, he hypothesised that global military contractors may in fact be acting on a moral imperative.

Andrew Undershaft, come on down!

ACMA has concurrently has directed mobile premium service providers AO Australia Online Pty Ltd (Australia Online) and Network Nine Australia Pty Ltd (Nine) to comply with industry rules or face hefty penalties in the Federal Court, after it found both companies breached the Mobile Premium Services Code (the code). More unawareness?

ACMA found that Nine breached the code by failing to advise of a helpline in
advertising two premium SMS competitions, Keno Million Dollar Comp and Moccona Competition.

ACMA's research shows that premium SMS competitions are popular with consumers, and the code requires that consumers be given information about who to contact if they have questions about a service', said ACMA Chairman, Chris Chapman.

Australia Online breached numerous provisions of the code, including failing to advertise the correct price and failing to state that the service was a subscription service. 'Providing clear and accurate information about the price, terms and conditions of a service is fundamental to doing business', said Mr Chapman. 'The ACMA will continue to pursue service providers who are not upfront with consumers about costs.'

The service providers will presumably continue to shake and shiver when the ACMA sheep growls, consoled of course by their revenue reports.

Complaints about premium SMS fell 90 per cent between September 2008 and September 2010, due to the code and other regulations put in place by the ACMA. While a direction to comply is the strongest action available to the ACMA in response to a breach of the code, the ACMA may request the Federal Court to impose penalties of up to $250,000 if a direction to comply is contravened.

From 3 November 2010, if a premium SMS provider does not comply with the code and causes significant detriment to consumers as a result, the ACMA also will be able to direct mobile phone companies to not charge consumers for the service in question.