Five of the respondents to the Federal Court action have failed to take necessary procedural steps, and the Court has agreed to ACMA’s application for default judgments.  After hearing evidence about the defaults and the original conduct, the Court has ordered:

• that parties including Mobilegate Ltd, Winning Bid Pty Ltd, Simon Anthony Owen, Tarek Andreas Salcedo and Glenn Christopher Maughan have breached the Spam Act and / or Trade Practices Act in various ways;
• that they be restrained from certain conduct, of the kind involved in the scam, for seven years; and
• the matter be re-listed for directions in relation to any penalty hearing as the above respondents on 18 September 2009.

The case against other respondents, who have defended the case, continues.

It seems that Optus pumped out 20,000 messages promoting its OptusZoo entertainment service, but didn’t identify itself as the responsible sender.  Instead, it just quoted sender identification ‘966’.  Recipients were apparently expected to work out that this meant ‘Zoo’ in keypad speak.  Of course, it could also mean ‘Yom’, ‘Zom’ or ‘Xon’.

According to ACMA, Optus has paid the penalty and advised that new compliance measures have been implemented that will ensure accurate sender identification is included in all future commercial electronic messages.

More comment soon.

Reading ACMA’s media release, we can see how Oxygen8 was at risk of action if it didn’t offer ACMA an undertaking – effectively the same as submitting to court injunctions.

But will somebody please explain why Oxygen8 agreed to some crazy promises ?

Injunctions should be precise

For practical purposes, an undertaking to ACMA or the ACCC should be treated as being subject to a court injunction.  When lawyers are advising a client on what to agree to, they should closely model their advice on the ways that injunctions are crafted.

One key rule is that they should be precise.  An injunction ought not say ‘Jack must be a good lad’ or even ‘Jack must drive his car lawfully’.  Too loose and broad is either (a) too onerous for the injuncted party or (b) unlikely to be enforced by a court.

And what has Oxygen8 agreed to ?

Remember, this arises from alleged involvement in Spam Act breaches.  Some halfwit has let the company agree, under pain of heavy penalty:

The Company undertakes to do, and to cause its employees and agents to do, the following:

• to comply with C628:2007 Telecommunications Consumer Protections Code …

Zounds!!!  That’s over 140 pages of Code and explanatory material.  There’s probably not a CSP in the country that’s 100% compliant, and even allowing that large parts of it won’t relate to Oxygen8′s activities, it’s a dreadful outcome to make so broad a promise.

Remember, the undertaking includes ‘to cause … its agents … to comply’.  How hard could that be ?  The best thing Oxygen8 has going for it is that the undertaking is so harsh a court might try hard to avoid enforcing parts of it.

If this was a court injunction, the judge would have a lot of questions as to why any mention of the TCP Code was appropriate in a Spam Act case.

It’s not the only instance

As if to prove that the reference to the TCP Code wasn’t a one-off moment of madness, the undertaking also commits to compliance with the Australian Standard for complaints handling.

If you ever read an Australian Standard, you’ll find they can be very broad and general.  That’s bad for a court injunction or enforceable undertaking.  It may seem like more work to draft an undertaking that states the precise steps to be taken, but when you come to comply it saves time, money and uncertainty.

The lesson

If you’re ever about to sign an enforceable undertaking to ACMA, you have already paid a hurtful amount in legal fees.  But for heaven’s sake, don’t just cave in and sign anything to put an end to it all.  Signing an unnecessarily broad undertaking is buying trouble and future expense.

The potent powers that these laws give the authority carry a moral obligation to educate as well as punish.  We’ve argued the point before, and now there’s another case where the Communications Authority’s communication isn’t as authoritative as it could be.

The Hyarchis case

It began with a media release that Hyarchis, a purveyor of low grade social networking sites and low value / high cost ‘premium’ mobile services, had been warned for spamming.  The entire detailed explanation of the warning wasn’t too detailed …

The Australian Communications and Media Authority has issued a formal warning to Hyarchis Company Limited for alleged breaches of the Spam Act 2003. The alleged breaches were in relation to the sending of commercial electronic messages by SMS, without the consent of the recipient.

Hardly a fulsome explanation.

Hyarchis debates the point

The good folkat iTnews then reported that Hyarchis’ local representative Peter Pichler scorned ACMA’s warning, claiming that an unknown third party had entered a random phone number in a Hyarchis social networking site registration form – three times.

That, said Pichler, is why three in fact unsolicited messages were sent to the number.  And Hyarchis had told ACMA that.

ACMA retorts

The iTnews story drew a response from ACMA …

ACMA received a number of complaints from consumers regarding the sending of SMS messages by Hyarchis Ltd allegedly without the consent of these consumers.

Following these complaints ACMA conducted an investigation into Hyarchis Ltd.

As part of the investigation Hyarchis made written submissions to ACMA in relation to the complaints and its compliance with the Spam Act 2003. ACMA assessed the evidence, including the submissions made by Hyarchis Ltd and found that there were reasonable grounds to believe that Hyarchis Ltd had sent commercial electronic messages without consent in contravention of section 16 of the Spam Act, which is a civil penalty provision.

ACMA issued a formal warning to Hyarchis Ltd on 31 October 2008. The warning set out the particulars of the contravention and ACMA’s view that, in relation to one electronic address (mobile number), Hyarchis had sent unsolicited commercial electronic messages in contravention of section 16 of the Spam Act. ACMA has not made a finding in relation to the other complaints received.

In issuing the formal warning, ACMA considered the submissions made by Hyarchis and formed the view that the electronic address in question was most likely entered into Hyarchis’ wesbite by an unknown third party. ACMA was satisfied that the electronic address was not entered by the electronic address holder of that electronic address, and therefore that consent had not been obtained by that electronic account holder.

Under the Spam Act, if the sender, or the person who caused the message to be sent, wants to rely on the consent of the electronic account holder, then they bear the evidential burden in relation to that matter. This means that they must adduce or point to evidence that suggests a reasonable possibility that they had consent to send the message. In this case, Hyarchis was able to point to evidence that an electronic address (mobile phone number) had been entered in to its website, but not that it had consent from the electronic account holder as required by the Spam Act.

ACMA has a number of enforcement options available to it when it has a reasonable belief that a contravention of the Spam Act has occurred. This includes the issue of a formal warning, the issue of an infringement notice or taking the matter directly to the Federal Court. The issue of a formal warning in this case is indicative of ACMA’s tiered approach to compliance with the Spam Act. It is the intention of the Spam Act to provide ACMA with a range of enforcement options depending on the circumstances and seriousness of the contravention. A formal warning enables ACMA to formally indicate its concerns about a contravention and allow for the company to take compliance action to prevent any future contraventions.

The content of the messages in question were:

Hey what are you up to? Im having a lazy Friday arvo.. feel like going out later tho – where are you right now? Hy arch is free message, stop 2 quit

AND

Hey what are you up to? Im having a lazy Saturday arvo.. feel like going to the pub later tho where are you right now? Hy arch is free message, stop 2 quit

It is ACMA’s view that the messages in question were commercial electronic messages in terms of the Spam Act because they were intended to offer a service and therefore elicit business.

The Spam Act prohibits the sending of unsolicited commercial electronic messages, except in certain limited circumstances In this case, ACMA formed the view that the messages did not fall within one of the exceptions to the general prohibition at section 16(1) of the Spam Act. In particular, Hyarchis did not provide sufficient evidence to demonstrate a reasonable possibility that the recipient had consented to receive the commercial electronic message from Hyarchis Ltd.

The Spam Act does not apply to messages that are purely factual as these are not ‘commercial electronic messages’ within the meaning of the Spam Act. It is feasible that a purely factual ‘confirmation’ message could be sent to a mobile number entered on to a website to verify consent of the electronic account holder.

ACMA encourages the use of double-opt in for subscription services, but reminds content providers that they must comply with all applicable laws, including the Spam Act.

It is ACMA’s policy to publicise enforcement action taken under the Spam Act to encourage compliance in the industry and in this case, to ensure greater levels of awareness that the Spam Act covers SMS messages.

But ACMA’s response invites some questions

• Why wasn’t more detail provided in the original announcement ? There’s a material difference between sending messages without the slightest basis, and failing to implement double opt-in.
• If Hyarchis had pleaded that a third party loaded up the addresses, and ACMA had accepted that, why wasn’t it acknowledged in the first place ? If ACMA’s case is that this still resulted in a suspected breach, fine. But it’s a different case.
• Why does a Google search suggest that there’s only one document on ACMA’s website that recommends double opt-in to business ? And that is an ageing guide prepared by ACMA’s predecessor.
• Why did ACMA rule out the possible application of sub-section 16(4) of the Spam Act – a message isn’t ‘guilty’ if it was sent by mistake ?

We’re not saying ACMA’s answer was wrong

But its explanation of what happened, and what it was thinking, were poor.

Many industry players watch carefully for information on how to stay on the right side of regulators like ACMA.  Bland announcements that someone was warned for sending messages without consent aren’t helpful.  Plenty more proactive statements of position would be.

Besides, the limited detail of the initial announcement opened the door for Hyarchis to ‘set the record straight’ and win sympathy that’s probably undeserved.  When an authority finds itself issuing a 752 word defence of a 44 word announcement, someone in the public relations team has some explaining to do.

ACMA is where ACCC was 25 years ago

Over time, ACCC has developed into a good communicator, focusing on proactive education and using infringements as opportunities to spread the compliance message, too.

ACMA needs to get on board the policy and education train.  There are many decent players in the marketing game, keen to understand ACMA’s positions.  If only the Authority would articulate them with more enthusiasm.

Hyarchis’ Australian representative Peter Pichler is reported as rejecting the warning, arguing that it arose out of an incident where a mischievous third party entered a bogus phone number on a Hyarchis social networking site.

The Hyarchis version of events

The report says it happened this way.  A prankster filled in a registration form on a Hyarchis site.  They used a made up mobile number like 123 123 123 (only an example) that happened to coincide with the actual number of a mobile subscriber.

The subscriber received a ‘please confirm’ message – three times, since the prankster entered it thrice – and reported the matter to ACMA which investigated and issued a warning.

According to the report, Pichler said ‘We’ve been slapped down for something really minor. When you Google our name this comes up. It’s not good. It’s an absolute over-reaction.’

CSP Central comment

ACMA’s powers under the Spam Act are pretty strong stuff, and the power to warn is a surprisingly dangerous one.  There’s no real opportunity to fight it in court, and no real public record of the ‘proven facts’.

Hyarchis and Pichler have asserted circumstances that warrant a response from ACMA.  Confidence in the process would be assisted by clarification from the Authority.  And, assuming there’s a powerful answer to Pichler’s complaints, he’s asked for it.

Hyarchis is a mobile content provider that operates a ‘ringtone club’ and some social networking sites.    It despatched SMS promotions to an Australian mobile user, without having consent to do so.

On this occasion, ACMA has used its discretion not to impose a penalty, but noted that penalties of up to $1.1 million per day can apply to repeat offenders.

The lessons:

• Promotional email, SMS, MMS, IM and any other similar messages are all regulated by the Spam Act.
• You can’t send them to Australians without actual or inferred consent.