In a sign that things are going to stay hot (and probably get hotter) for premium mobile service providers, ACMA has now launched Federal Court proceedings against Mobilegate Ltd (a Hong Kong company), Jobspy Pty Ltd, Winning Bid Pty Ltd and individuals associated with those companies for breaches of the Spam Act and Trade Practices Act.

According to ACMA’s media release, those companies allegedly sent unsolicited SMS messages (which fall under the ambit of the Spam Act) through a premium rate shortcode advertising a premium mobile service.  They are also alleged to have obtained contact details of users of dating websites by deception and tricked users into replying to SMS messages at a cost of up to $5 per message.

ACMA is asking the court to impose declarations, injunctions and penalties.  The maximum penalties for breaches of the Spam Act and Trade Practices Act are substantial, running into the millions.

We’ll keep an eye on this and keep you posted.

The potent powers that these laws give the authority carry a moral obligation to educate as well as punish.  We’ve argued the point before, and now there’s another case where the Communications Authority’s communication isn’t as authoritative as it could be.

The Hyarchis case

It began with a media release that Hyarchis, a purveyor of low grade social networking sites and low value / high cost ‘premium’ mobile services, had been warned for spamming.  The entire detailed explanation of the warning wasn’t too detailed …

The Australian Communications and Media Authority has issued a formal warning to Hyarchis Company Limited for alleged breaches of the Spam Act 2003. The alleged breaches were in relation to the sending of commercial electronic messages by SMS, without the consent of the recipient.

Hardly a fulsome explanation.

Hyarchis debates the point

The good folkat iTnews then reported that Hyarchis’ local representative Peter Pichler scorned ACMA’s warning, claiming that an unknown third party had entered a random phone number in a Hyarchis social networking site registration form – three times.

That, said Pichler, is why three in fact unsolicited messages were sent to the number.  And Hyarchis had told ACMA that.

ACMA retorts

The iTnews story drew a response from ACMA …

ACMA received a number of complaints from consumers regarding the sending of SMS messages by Hyarchis Ltd allegedly without the consent of these consumers.

Following these complaints ACMA conducted an investigation into Hyarchis Ltd.

As part of the investigation Hyarchis made written submissions to ACMA in relation to the complaints and its compliance with the Spam Act 2003. ACMA assessed the evidence, including the submissions made by Hyarchis Ltd and found that there were reasonable grounds to believe that Hyarchis Ltd had sent commercial electronic messages without consent in contravention of section 16 of the Spam Act, which is a civil penalty provision.

ACMA issued a formal warning to Hyarchis Ltd on 31 October 2008. The warning set out the particulars of the contravention and ACMA’s view that, in relation to one electronic address (mobile number), Hyarchis had sent unsolicited commercial electronic messages in contravention of section 16 of the Spam Act. ACMA has not made a finding in relation to the other complaints received.

In issuing the formal warning, ACMA considered the submissions made by Hyarchis and formed the view that the electronic address in question was most likely entered into Hyarchis’ wesbite by an unknown third party. ACMA was satisfied that the electronic address was not entered by the electronic address holder of that electronic address, and therefore that consent had not been obtained by that electronic account holder.

Under the Spam Act, if the sender, or the person who caused the message to be sent, wants to rely on the consent of the electronic account holder, then they bear the evidential burden in relation to that matter. This means that they must adduce or point to evidence that suggests a reasonable possibility that they had consent to send the message. In this case, Hyarchis was able to point to evidence that an electronic address (mobile phone number) had been entered in to its website, but not that it had consent from the electronic account holder as required by the Spam Act.

ACMA has a number of enforcement options available to it when it has a reasonable belief that a contravention of the Spam Act has occurred. This includes the issue of a formal warning, the issue of an infringement notice or taking the matter directly to the Federal Court. The issue of a formal warning in this case is indicative of ACMA’s tiered approach to compliance with the Spam Act. It is the intention of the Spam Act to provide ACMA with a range of enforcement options depending on the circumstances and seriousness of the contravention. A formal warning enables ACMA to formally indicate its concerns about a contravention and allow for the company to take compliance action to prevent any future contraventions.

The content of the messages in question were:

Hey what are you up to? Im having a lazy Friday arvo.. feel like going out later tho – where are you right now? Hy arch is free message, stop 2 quit

AND

Hey what are you up to? Im having a lazy Saturday arvo.. feel like going to the pub later tho where are you right now? Hy arch is free message, stop 2 quit

It is ACMA’s view that the messages in question were commercial electronic messages in terms of the Spam Act because they were intended to offer a service and therefore elicit business.

The Spam Act prohibits the sending of unsolicited commercial electronic messages, except in certain limited circumstances In this case, ACMA formed the view that the messages did not fall within one of the exceptions to the general prohibition at section 16(1) of the Spam Act. In particular, Hyarchis did not provide sufficient evidence to demonstrate a reasonable possibility that the recipient had consented to receive the commercial electronic message from Hyarchis Ltd.

The Spam Act does not apply to messages that are purely factual as these are not ‘commercial electronic messages’ within the meaning of the Spam Act. It is feasible that a purely factual ‘confirmation’ message could be sent to a mobile number entered on to a website to verify consent of the electronic account holder.

ACMA encourages the use of double-opt in for subscription services, but reminds content providers that they must comply with all applicable laws, including the Spam Act.

It is ACMA’s policy to publicise enforcement action taken under the Spam Act to encourage compliance in the industry and in this case, to ensure greater levels of awareness that the Spam Act covers SMS messages.

But ACMA’s response invites some questions

• Why wasn’t more detail provided in the original announcement ? There’s a material difference between sending messages without the slightest basis, and failing to implement double opt-in.
• If Hyarchis had pleaded that a third party loaded up the addresses, and ACMA had accepted that, why wasn’t it acknowledged in the first place ? If ACMA’s case is that this still resulted in a suspected breach, fine. But it’s a different case.
• Why does a Google search suggest that there’s only one document on ACMA’s website that recommends double opt-in to business ? And that is an ageing guide prepared by ACMA’s predecessor.
• Why did ACMA rule out the possible application of sub-section 16(4) of the Spam Act – a message isn’t ‘guilty’ if it was sent by mistake ?

We’re not saying ACMA’s answer was wrong

But its explanation of what happened, and what it was thinking, were poor.

Many industry players watch carefully for information on how to stay on the right side of regulators like ACMA.  Bland announcements that someone was warned for sending messages without consent aren’t helpful.  Plenty more proactive statements of position would be.

Besides, the limited detail of the initial announcement opened the door for Hyarchis to ‘set the record straight’ and win sympathy that’s probably undeserved.  When an authority finds itself issuing a 752 word defence of a 44 word announcement, someone in the public relations team has some explaining to do.

ACMA is where ACCC was 25 years ago

Over time, ACCC has developed into a good communicator, focusing on proactive education and using infringements as opportunities to spread the compliance message, too.

ACMA needs to get on board the policy and education train.  There are many decent players in the marketing game, keen to understand ACMA’s positions.  If only the Authority would articulate them with more enthusiasm.

Hyarchis’ Australian representative Peter Pichler is reported as rejecting the warning, arguing that it arose out of an incident where a mischievous third party entered a bogus phone number on a Hyarchis social networking site.

The Hyarchis version of events

The report says it happened this way.  A prankster filled in a registration form on a Hyarchis site.  They used a made up mobile number like 123 123 123 (only an example) that happened to coincide with the actual number of a mobile subscriber.

The subscriber received a ‘please confirm’ message – three times, since the prankster entered it thrice – and reported the matter to ACMA which investigated and issued a warning.

According to the report, Pichler said ‘We’ve been slapped down for something really minor. When you Google our name this comes up. It’s not good. It’s an absolute over-reaction.’

CSP Central comment

ACMA’s powers under the Spam Act are pretty strong stuff, and the power to warn is a surprisingly dangerous one.  There’s no real opportunity to fight it in court, and no real public record of the ‘proven facts’.

Hyarchis and Pichler have asserted circumstances that warrant a response from ACMA.  Confidence in the process would be assisted by clarification from the Authority.  And, assuming there’s a powerful answer to Pichler’s complaints, he’s asked for it.

Hyarchis is a mobile content provider that operates a ‘ringtone club’ and some social networking sites.    It despatched SMS promotions to an Australian mobile user, without having consent to do so.

On this occasion, ACMA has used its discretion not to impose a penalty, but noted that penalties of up to $1.1 million per day can apply to repeat offenders.

The lessons:

• Promotional email, SMS, MMS, IM and any other similar messages are all regulated by the Spam Act.
• You can’t send them to Australians without actual or inferred consent.

Or that the Australian law can also apply to offshore marketers ?

mBlox, which describes itself as ‘the world’s largest mobile transaction network’ now knows it, following an $11,000 ACMA penalty.

What mBlox did

According to ACMA, mBlox sent a significant number of commercial electronic messages promoting a premium ringtone download service to mobile phones, on behalf of a premium mobile content provider, without providing notification of how to unsubscribe from receiving more messages.

Is that wrong ?

Under Australia’s Spam Act, ‘commercial electronic messages’ count as ‘spam’ … and that includes SMS.

If you send ‘commercial electronic messages’, including SMS, each message must:

• be sent with the recipient’s consent
• include clear and accurate sender identification, and
• offer a functioning unsubscribe mechanism.

mBlox didn’t include the unsubscribe option in its messages.

But isn’t mBlox a US outfit ?

Yes, it is.  But Australia’s Spam Act applies to all marketing that has an ‘Australian link’, and that includes when ‘the computer, server or device that is used to access the message is located in Australia’.

ACMA used its ‘infringement notice’ powers

Similar to an ‘on the spot’ speeding fine, an ‘infringement notice’ is an official allegation of breach of the law.  The recipient can pay the penalty, and that’s the end of the matter, or they can decline to pay.  If the authority wants to take it any further, it will then issue court proceedings.

One downside of not paying is that the court’s level of fines is much higher.  If you lose, you are likely to pay a lot more.

The penalty is modest compared to the $1m plus maximums that apply to repeat offenders, but makes it clear that ACMA won’t overlook a spam breach just because it doesn’t involve large numbers.

BBA really asked for trouble by not actioning people’s requests to be dropped off its mailing list.

What BBA did wrong

Under section 16(1) of the Spam Act 2003, you can’t send promo email to anyone without their consent.

The rules are simple enough

‘Consent’ can be express e.g. an opt-in.

It can also be inferred e.g. where the recipient is a current customer.

But there is never consent, of either kind, if the person has actually told you not to email them.

BBA didn’t take ‘stop’ for an answer

It seems that two people who had received promo emails from BBA contacted the company and asked to receive no further mail.  And then more mail arrived.  And then ACMA became involved, and investigated.

When ACMA concluded there was likely to have been a breach of the Spam Act, it issued an infringement notice.

Infringement Notices

These are like ‘on the spot’ speeding fines.  The authority says that it believes an offence or breach occurred and issues a notice claiming a penalty.

You can pay the penalty within a time limit – 28 days for Spam Act notices – and that’s the end of the matter.  That’s what BBA has done.

Or you can decline to pay the fine, and the matter can proceed to court.  Maybe you dispute the allegations and want to defend them in court.  OK, you can do that. The downside is that court-imposed penalties can be much higher than infringement notice penalties, so you might be playing ‘double or nothing’.  Or ‘triple or nothing’ taking into account the legal costs that court involves.

How BBA’s penalty was calculated

• There were two complaints that ACMA had reasonable grounds to consider indicated offences.
• Each complaint carries a penalty of $2,200 per offence for a company. That’s for first offences. Second time infringers get much higher penalties.
• Each offending email is one separate offence i.e. it’s $2,200 per individual email.
• But don’t worry, that’s capped at $220,000 a day

So for BBA, $2,200 x 2 = $4,400.

For ACMA, it’s ‘no hard feelings’

ACMA doesn’t necessarily only fine ‘big bad guys’.  So-called innocent mistakes by ‘little guys’ can also land you in hot water.  As ACMA says in its media release:

ACMA expects all businesses, irrespective of their size, to have the necessary processes in place to ensure that all their e-marketing activity is compliant.

Translation:  If you’re big enough to send marketing email, you’re big enough to understand and comply with the Spam Act.