You are here: EFA Home » Issues » Privacy » Calling Number Display » Complaints re blocked calling number disclosure » Commentary on the ACA's Decision 9 Sep 2004

Explanatory Notes and Commentary on the ACA's Decision re illegal disclosure of blocked calling number information

This document contains a copy of the Australian Communications Authority's letter and decision (dated 19 Aug 2004) regarding illegal disclosure of silent and other blocked calling number information to ISPs, together with explanatory notes and commentary by the complainants.

Some of the notes and commentary below are also contained in Attachment 1 to the complaint to the Commonwealth Ombudsman (dated 5 Sep 2004) regarding the ACA's decision in relation to breaches of the Telecommunications Act 1997. The below document contains additional notes and commentary regarding breaches of the Industry Code. To assist readers who have previously read Attachment 1 to the complaint, the following colour coding has been used in this document:

Paragraphs also contained in Attachment 1 to the complaint to the Ombudsman.


Additional paragraphs regarding the Industry Code.

ACA Letter

[Australian Communications Authority letterhead]

File Reference:        ACA2004/469

M[s]Irene Graham
...

Dear M[s] Graham

The ACA has completed its investigation of the matters raised by you, Mr Roger Clark and Mr David Fitch in your correspondence of 28 July 2003. As indicated in my letter to you dated 23 March 2004 the complexity of the matters raised by you and the responsiveness of some parties has meant that the investigation has taken longer than initially anticipated.

In acknowledgement of the comprehensive manner in which your complaint was presented I present the ACA's analysis and findings report in some detail at Attachment 1. The report commences with some background comments, outlines how the investigation was conducted, discusses is some detail the various matters raised in your complaint and concludes with a series of decisions made by the ACA.

The ACA believes that the matters raised by you, Mr Roger Clark and Mr David Fitch have been comprehensively investigated and I thank you for your input to the investigation and for your patience.

The ACA does not at this time propose pursuing prosecution of any carrier or ISP regarding apparent breaches of the Act and the code. While I am aware this is not the redress sought by you, the ACA believes that given the absence of malicious intent the measures proposed by the ACA will correct inappropriate behaviours. In particular they will provide customers of ISPs with information regarding disclosure and use of CLI upon which they can make informed choice regarding their relationship with their ISP, and will allow the customers of phone services to understand the circumstances in which unlisted numbers and CND blocking may not effective prevent the disclosure and use of their CLI.

Given the ACA is of the opinion that carriers are permitted to disclose silent and other blocked numbers to ISPs without consent, individuals who do not want their number disclosed have no choice regarding their relationship with their ISP. In order to prevent their number being disclosed, they would have to terminate their relationship with their ISP and also cease accessing the Internet via their telephone service because any other ISP could commence collecting their blocked or silent number without consent and without prior notice.

Further, the ACA's statement that the measures "will allow the customers of phone services to understand the circumstances in which unlisted numbers and CND blocking may not effective [sic] prevent the disclosure and use of their CLI" is highly disturbing because those circumstances include circumstances in which the ACA has found the disclosure is illegal but the ACA has declined to enforce the law.

The ACA has an appreciation of the time and effort you, Mr Clark and Mr Fitch expended in developing and writing your submission of July 2003 and also appreciates that the matters you raised are legitimate and display you commitment to protecting the privacy of Australian telecommunication users. However as regulator of the telecommunications industry the ACA seeks to achieve a balance between individual rights and support for a telecommunications industry which is efficient, competitive and responsive to the needs of the Australian community and which promotes the long-term interests of end-users.

There is no "balance" in the decision to allow industry to continue breaking the law. The decision in effect says individuals' rights are subservient to the wishes of industry, irrespective of individuals' legislated rights.

Moreover, the ACA's statement above says that the ACA is of the opinion that it is not in the long-term interests of end-users to enable them to protect their privacy by blocking provision of their number. Such an opinion is contrary to the conditions under which carriers were permitted to introduce calling number display services into Australia in 1997. The Government required the telecommunications carriers to undertake to enable individuals to block provision of their calling number (on all calls except those made to the 000 emergency number) and to comply with AUSTEL's written guidelines to that effect and to develop a similar industry code to be registered by the ACA.

Given your interest in the privacy of Australian telecommunications users and strong advocacy skills might I suggest that you, Mr Clark and Mr Fitch consider contributing to a review of the code which is scheduled to take place in mid 2005. Notice of this review will be advertised in major newspapers and will also be advised on the ACIF Internet site.

As stated in decision 15 of the attached report the outcomes of this investigation will be conveyed to the Office of the Federal Privacy Commissioner.

If you would like to discuss any of the details contained in this letter I invite you to contact [... on telephone .... ...] has had carriage of this investigation and is best placed to discuss details with you.

Yours sincerely

John Haydon
Executive Manager
Community and Universal Service Obligation Group

19 August 2004

Enclosure

Attachment 1 Report of investigation, analysis and findings.

ACA's Report of investigation, analysis and findings

ATTACHMENT 1

Report of investigation of alleged breaches of the Telecommunications Act 1997 and the ACIF C522:2003 Calling Number Display Industry Code

Background

1.        On 29 July 2003 the ACA received a written complaint alleging breaches of the Telecommunications Act 1997 (the Act), the ACIF C522:2003 Calling Number Display Industry Code (the code) and the Privacy Act 1988.

2.        The written representation to the ACA was lengthy and complex, however claims discernable in the complaint are characterised as follows:

  1. Telstra Corporation Limited (Telstra), Comindico Australia Pty Ltd (Comindico) and Optus Networks Pty Ltd (Optus) are providing calling line identification (CLI) to some of their Internet Service Provider (ISP) customers. CLI provides these ISPs with caller identification information regardless of whether permanent or per call blocking has been enabled on these lines. That is, the default blocking of calling number display (CND) for unlisted numbers and Optus customers, and caller initiated blocking of CND are not operative by virtue of the provisioning arrangement of these carriers. The complainants allege that this practice is in breach of the Act and the code;
  2. in some circumstances the CLI of customers is being disclosed by carriers or used by ISPs where these customers have no relationship with either the carrier so disclosing or the ISP so using the CLI. A diagrammatic representation of this scenario at Attachment A to this report;
  3. the provision by carriers of CLI to ISPs is in breach of the Act and as the Act takes precedence over the code, any use ISPs make of CLI, notwithstanding that it may comply with the code, is also in breach of the Act;
  4. the majority of customers of ISPs are not aware that the ISPs are receiving CLI and more specifically are not aware that the identification of lines on which CND has been blocked is being provided to the ISPs (by virtue of the CLI being delivered);
  5. contrary to section 5.8.1 of the code some ISPs are refusing to provide services to callers who choose to block CND;
  6. carriers and ISPs cannot claim compliance with the Act and the code on the grounds that the provision of CLI is necessary for the provision of a carriage service. The complainants argue that provision of CLI is not necessary for the delivery of an Internet access service, has not been required in the past to achieve such a service and further that usernames and passwords, not CLI, are use to identify/authenticate the ISP's customer for the purpose of billing; and
  7. CLI is provided to ISPs in a form which is divorced from the activity of achieving a connection between the client and the ISP, therefore when ISPs receive CLI they are in fact receiving the output of a CND service.
3.        One separate matter raised in the complaint; an unconfirmed allegation that forty businesses (not being ISPs) in a particular building in Perth were receiving blocked CND; was deemed not to be a regulator issue and was referred back to the complainants.

Relief sought

4.        The complainants requested that the ACA investigate the matters contained in their complaint and sought very specific redress as follows:

  1. prosecution of carriers and ISPs which are in breach of the law;
  2. the ACA to issue official directions to carriers and ISPs found to be acting contrary to the code;
  3. the ACA to issue official warnings to all carries and CSPs (including ISPs) concerning compliance with the code and the Act; and
  4. the ACA to instigate review of the code and if found deficient require the development and registration of an amended code or introduction of an industry standard.
Conduct of the investigation

5.        Based on information provided by Telstra, Optus and Comindico the ACA contacted 130 ISPs and questioned them regarding how they obtained, used and stored CLI; responses were achieved from 109 of these ISPs. The information provided by the carriers and the ISPs was evaluated against each of the different issues and allegations identified in the complaint and evaluated against the relevant sections of the Act and the code. Where available, supporting information was sourced from industry publications.

The above indicates that there are 130 ISPs receiving calling number information from Telstra, Optus and Comindico and that those are the only carriers and ISPs investigated.

It hence appears the ACA failed to fully investigate the complaint. The complaint stated that the respondents to the complaint were the above three and "any other carriers or carriage service providers engaging in the complained of practices (including resellers of carriers' services to ISPs)" and ISP customers of those service providers' relevant services. Notably, the ACA's report states that "anecdotal evidence indicates that few ISP wholesalers have an understanding of their responsibilities and obligations and indeed considered themselves quite divorced from the implications of the Act and the code" (para 22).

The number of breaches of the Act therefore seems likely to be significantly larger than suggested by the ACA's report.

6.        In addition the ACA took legal advice regarding a number of matters and this advice informed the investigation and the findings.

Discussion of alleged breaches of the Act and the code

Breach of section 276 of the Act

7.        The investigation has established that carriers and ISPs are disclosing and/or using the CLI of customers; including the CLI of customers who have blocked CND either by way of default as an unlisted number or as an Optus customer, or by way of permanent or per call blocking initiation.

8.        Prima facie this activity appears to be in breach of section 276 of the Act; however a number of exemptions from section 276 are made available by sections 279 to 294 of the Act. The exemption provided by section 291 (Business needs of other carriers or service providers); in particular subsection 291(1), is cited by industry as enabling the exchange of CLI between carriers and ISPs.

9.        Subsection 291(1) is comprised of four elements and to claim an exemption to section 276 by virtue of subsection 291(1) all four elements must be satisfied.

The four elements of the exemption which must be satisfied are (a). (b), (c) and (d) below:

"s291 Business needs of other carriers or service providers
(1) Section 276 does not prohibit a disclosure or use by a person of information or a document if:

(a) the disclosure or use is made by or on behalf of:
(i) a carrier (the first carrier); or
(ii) a carriage service provider (the first provider); and
(b) the disclosure or use is made for a purpose of, or is connected with, any other carrier or service provider carrying on its business as such a carrier or provider; and
(c) the information or document relates to a person (the third person) who is a customer or former customer of:
(i) the first carrier or the first provider; or
(ii) the other carrier or the other provider; and
(d) the disclosure or use is made for a purpose of, or is connected with:
(i) the supply, or proposed supply, by the other carrier or other provider to the third person of a carriage service or a content service; or
(ii) the supply, or proposed supply, by the other carrier or other provider to the third person of goods or services for use in connection with the supply of a carriage service or a content service; or
(iii) the installation, maintenance, operation or provision of access to a telecommunications network or a facility, where the network or facility is used, or for use, by the other carrier or the other provider to supply a carriage service or a content service to the third person."
[emphasis added]

The investigation has identified that in most episodes of CLI disclosure/use carriers and ISPs can claim an exemption by virtue of subsection 291(1) as all four elements of subsection 291(1) are satisfied.

For example: Person A dials their own ISP. In the ACA's opinion, disclosure by any telecommunications service provider to the ISP is permitted because Person A is a customer of the ISP, the number disclosed to the ISP is Person A's number and allegedly the disclosure is made for a purpose connected with supply of a service by the ISP to Person A.

However in the scenario discussed in the complaint; that is in circumstances where a customer accesses their ISP from a phone line controlled by another party and this phone line is either an unlisted number or has CND blocked, (refer Attachment A to this report) if, as specified by subsection 291(1)(c), the other party who controls the phone line is not a current or former customer of either the carrier or the ISP all four elements of subsection 291(1) are not satisfied and exemption from section 276 cannot be claimed.

While we agree with the statements in the above paragraph, both that paragraph and the remainder of the ACA document fails to take into account the fourth element of the s291 exemption from prohibition on disclosure. The s291(1)(d) element requires that "the disclosure or use is made for a purpose of, or is connected with the supply, or proposed supply, by the other carrier [disclosing telco] or other provider [receiving ISP] to the third person [the person to whom the disclosed information relates (s291(1)(c))] of a carriage service".

For example: Person A is a current Optus telephone service customer, who used to be a Telstra customer (a "former" customer of Telstra), and Person B uses Person A's phone line to dial their own ISP. The call passes during transit from the Optus network to the Telstra network and Telstra discloses Person A's Optus silent/blocked number to Person B's ISP.

The ACA decision contends that the above disclosure is lawful because Person A is a former customer of Telstra. Such disclosure does not, however, appear to be lawful because the fourth element of s291 is not met. The ACA decision makes no reference to the fourth element, i.e. s291(1)(d). The above disclosure is not made for a purpose connected with the supply of a carriage service by the ISP to Person A (s291(1)(d)), nor is it made for a purpose connected with of supply a carriage service by Telstra to Person A (s291(1)(d)) of a carriage service (the supplier of Person A's telephone carriage service is Optus.)

10.        While legal advice notes that measuring detriment is not an element of section 276 [titled "Primary disclosure/use offence—eligible persons"] the investigation has attempted to establish, in relative terms, some measure of the magnitude of breach of section 276 in circumstances where a customer accesses their ISP from a phone line controlled by another party and this phone line is either an unlisted number or has CND blocked. The following is what could be described as a set of filters which, when applied, endeavours to define the customer group which in the circumstances may suffer detriment from breaches of section 276, and the size of this customer group relative to all Australian Internet users.

The ACA's attempt to measure magnitude of detriment by defining a customer group that is a subset of all Australian Internet users fails to take into account that individuals who may suffer detriment from breach of s276 include people who are not Internet users. That is, individuals who are not Internet users but whose silent/blocked number is used by other person/s to dial their ISP.

Although the ACA's para 10 above recognises that detriment is irrelevant to whether or not breach of the law has occurred, the ACA has attempted to justify its decision to allow continued illegal disclosures by contending that the group of people who may suffer detriment is small. Given the ACA took into account the irrelevant matter of magnitude of detriment, it is highly disturbing that they failed to also take into account the type of people who may be very seriously affected.

For example, a women's shelter may have a silent number. If they provide a computer with Internet access, the shelter's silent number will be disclosed to ISPs. Similarly a battered wife may be staying with a friend/relation who may have a silent number, or the wife may dial the CND blocking code before dialling her ISP. Nevertheless, the other person's blocked number will be disclosed to the ISP. If the Internet access account is in the name of the husband there is a serious risk that the ISP may disclose the number to the abusive husband potentially enabling him to identify the battered wife's physical location.

Such considerations demonstrate why the s276 offence does not include an element requiring a finding of multiple disclosures nor a large number of people being affected. Magnitude of breach is irrelevant to individuals who suffer harm as a result of illegal disclosure of silent/blocked call numbers by telecommunications service providers. Nevertheless, the ACA decision speculates that only a small number of people are affected by breach of the law and therefore the ACA will not take any steps to enforce compliance with the law.

11.        For an episode of breach of section 276 to occur in circumstances where a customer accesses their ISP from a phone line controlled by another party and this phone line is either an unlisted number or has CND blocked (refer Attachment A to this report):

In this section, the ACA attempts to determine how many people's silent/blocked numbers are being illegally disclosed by applying what the ACA describes as a "set of filters". These "filters" do not block numbers from being disclosed to ISPs. On the contrary, the "filters" allow the vast majority of silent and other blocked numbers to pass through and so be disclosed to ISPs.

  1. the subject customer's CLI must be CLI which is traffic between a carrier and an ISP. As reported in the 2002-03 Telecommunications Performance Report at the end of March 2003 there were 5.1 million Internet subscribers in Australia; and

    The reference to "the subject customer" refers to an ISP customer who dials their ISP from another person's phone line (see para 11 above). Therefore this first "filter" contends that, at most, there are 5.1 million people who may suffer detriment, because that is the number of Internet subscribers.

    However, the ACA's "filters" fail to take the context into account, that is, it is not the ISP's customer's number that is being disclosed it is someone else's number who may not be an Internet user. Therefore, the contention that at most 5.1 million people may suffer detriment by breach of the law is incorrect.

    In summary this "filter" suggests the number who may suffer detriment from breach of the law by carriers is less than would be the case.


  2. the subject customers' CLI must be CLI which is disclosed to an ISP. The number of CLI episodes being disclosed to ISPs is not known. The 2002-03 Telecommunication Performance Report notes that the seven largest ISPs (which included Telstra Bigpond and OptusNet) accounted for 70 per cent of total Internet subscribers, however Telstra and Optus provide CLI to some, not all, of their customer ISPs. Comindico on the other hand provides CLI to all its customer ISPs bundled in the connection service, however Comindico is understood to have a relatively small customer base, a subset of the 30 per cent not sourced from Telstra and Optus; and

    The relevance of the above, if any, is unclear. The paragraph appears to compare apples with oranges. It says:

    • 70% of total Internet subscribers are accounted for by the 7 largest ISPs (2 of which are Telstra Bigpond and OptusNet)
    • Telstra and Optus provide CLI to some, not all, of their customer ISPs. However, no information is provided concerning how many customer ISPs Telstra and Optus have, nor even how many of the 7 largest ISPs they have as customers.
    • Comindico's customer base is "a subset of the 30% not sourced from Telstra and Optus".

    There is no stated basis for the 30% figure. Comindico does not have Internet subscribers as customers, only customer ISPs. Hence, although the figure of 30% appears to refer to the remainder of Internet subscribers who are not included in the 70% accounted for the 7 largest ISPs, that does not appear relevant to how many customer numbers Comindico discloses to its customer ISPs. For example, Comindico could have some of the 7 largest ISPs as customers, and if so, then Comindico ISP customers could account for a subset of more than 30% of Internet subscribers.

    In summary, this "filter" provides no information relevant to determining the number who may suffer detriment from breach of the law by carriers.


  3. the subject customer's CLI must be CLI which is CND blocked, either by way of default as an unlisted number or as an Optus customer, or by way of permanent or per call blocking initiation. Figures available to the ACA indicate that of the 40 million numbers recorded on the Integrated Public Number Database, 11 million are classed as unlisted; however this 11 million includes all mobile services which are, by default, unlisted but are not relevant to this issue.

    The basis for the claim that mobile services are not relevant is not apparent. Presumably the ACA believes that no mobile phone subscriber would ever allow another person to use their mobile to access the Internet.

    It is notable that the ACA fails to state how many of the unlisted numbers are mobile numbers and as a result the paragraph tends to imply that the number of unlisted fixed (land line) numbers would be small after subtracting the number of mobile numbers. However, the 2002-03 Telecommunication Performance Report states "There are about 14.3 million mobile phone services in operation". Hence the number of mobile services is of itself greater than the 11 million unlisted numbers. All that can be concluded from the ACA statistics is that numerous mobile numbers are not unlisted. The statistics provide no indication at all as to how many fixed (land line) numbers are unlisted.

    In summary, this "filter" provides no information relevant to determining the number who may suffer detriment from breach of the law by carriers.


    Figures regarding CND blocking which arises as a result of default (for example Optus customers) or which arise by way of customer initiated permanent blocking or per call blocking are not available, however it is believed that the number of CND block initiations is relatively low. This is especially thought to be the case for Telstra customers as Telstra is an 'opt-out' CND service provider; and

    This "filter" consists of completely unsubstantiated speculation by the ACA. It provides no information relevant to determining the number who may suffer detriment from breach of the law by carriers.


  4. the CLI which is being disclosed/used must be the CLI of a customer who is not a current or former customer of the disclosing carrier or the ISP using the CLI. Given the dominance of Telstra, and to a lesser extent Optus, as providers of telephone lines it is reasoned that a large percentage of customers whose CLI remains after being filtered through the first three levels above will be excluded by virtue of these customers being current or former customers of the carriers disclosing or the ISP using the CLI.

    The CLI that remains after being "filtered" through the first three levels above is CLI that involves a silent or other CND blocked number. All other CLI has passed through the filter and been disclosed to an ISP because in the ACA's opinion the disclosure is legal because either:

    1. the number relates to a person who is not an Internet user (however, as discussed under 11(a) above this filter is wrong because it is irrelevant whether or not the telephone subscriber is also an Internet user), or
    2. the number is an unlisted or blocked number, but the carrier did not disclose it to an ISP (the ACA says the number of CLI disclosures to ISPs "is not known"), or
    3. the number is not a silent number and is not CND blocked on a permanent or per call basis (the ACA says figures regarding the quantity of silent and CND blocked numbers are not available).

    In the ACA's fourth "filter" (d), the ACA states that "it is reasoned that a large percentage of customers whose CLI remains after being filtered through the first three levels above will be excluded by virtue of these customers being current or former customers of the carriers disclosing or of the ISP using the CLI."

    It should be noted that the term "excluded" above means the customers' silent/blocked numbers will be excluded from coverage by the privacy protective prohibition on disclosure in s276 of the Act. In the ACA's opinion, the numbers are allowed to be disclosed by the s291 exemption because the individuals are current or former customers of the carrier disclosing their number or of the ISP receiving their number.

    However, again the ACA decision fails to take into account the fourth element of s291 (i.e. s291(1)(d)) requiring supply to the person whose information is being disclosed. This aspect is discussed in detail under para 9 earlier herein.

    In addition, the ACA discussion of "filters" fails to take into account the situation when wholesalers or intermediaries are providing CLI to their customer ISPs. In such situations the carrier discloses the CLI to the intermediary who discloses it to the ISP. Such an intermediary would rarely if ever be able to claim compliance with all four elements of s291 when they disclose the CLI to an ISP (unless the caller was using their own telephone service to call their own ISP). Unlike for example Telstra, the intermediary would rarely have a former customer relationship with the person whose blocked number they disclose to their customer ISP. Most ISPs' Internet subscribers would not even know the intermediary was involved let alone have ever been a customer of that wholesaler/intermediary. As stated by the ACA in para 22 "anecdotal evidence indicates that few ISP wholesalers have an understanding of their responsibilities and obligations and indeed considered themselves quite divorced from the implications of the Act and the code".

    Furthermore, while the "former customer" argument is convenient in relation to disclosure by Telstra to their customer ISPs, it is not for disclosure by Optus to Optus customer ISPs. 89% of standard telephone services are Telstra phone numbers (according to the 2002-03 Telecommunication Performance Report). When Optus discloses a Telstra telephone subscriber's silent or other blocked number to an Optus customer ISP (and the Telstra telephone subscriber is not a customer of the ISP), Optus is in contravention of s276 because the vast majority of Telstra telephone subscribers are not former Optus customers. However, when Telstra discloses an Optus telephone subscriber's silent or other blocked number to a Telstra customer ISP (and the Optus telephone subscriber is not a customer of the ISP), in the ACA's opinion Telstra is usually not in contravention of s276 because the vast majority of Optus telephone subscribers are former customers of Telstra.

    Hence if the ACA's interpretation of the s291 exemption is correct, it demonstrates that the Act has not achieved its overall objective of creating a level playing field in the telecommunications market. Telstra would be allowed to sell/disclose the vast majority of Optus subscribers' numbers (because they were former customers of Telstra) but Optus would not be allowed to sell/disclose more than a small percentage of Telstra customer numbers (because they are not former customers of Optus).

    However, in our view the Act does achieve its objective of a level playing field in the above context because we believe the ACA interpretation of s291 is wrong. The ACA has failed to take into account the fourth element of s291.

    In summary, in our view the ACA's "filters" allow more silent and blocked numbers to be disclosed by carriers to ISPs than a correct interpretation of s291 would allow.

    In any case the ACA has found carriers are contravening s276 in some circumstances by disclosing silent and blocked numbers to ISPs, but the ACA decision is to take no action to enforce compliance with the law.

12.        In addition, for a breach of section 276 to be sustained it would have to be established that an ISP was actually using the CLI. While it appears that in certain circumstances carriers are in breach for disclosing CLI to ISPs, an ISP in the same circumstances may only be in breach for episodes when they actually use the CLI.

Section 276 of the Act does not require use by an ISP to be established in order to sustain breach by a carrier for disclosing information to the ISP.

13.        The number of customers whose CLI remains after being filtered through all four levels as described in paragraph 11 above is, relative to all Internet users, considered to be very small.

As discussed earlier herein, the ACA's grounds for considering the number of illegal disclosures to be very small is supported only by the ACA's total speculation together with an interpretation of s291 that in our opinion is incorrect. Furthermore the number "relative to all Internet users" is irrelevant because the illegal disclosures include disclosure of numbers of people who are not Internet users.

The investigation has revealed that ten ISPs did not use the CLI they receive from Comindico and many others stated they used the CLI infrequently, mainly to settle billing disputes. Therefore it is possible that episodes of ISPs using the CLI which remains after being filtered thorough all four levels, relative to the episodes of transmission of all CLI between carriers and ISPs, could approach the infinitesimal.

The above paragraph apparently refers only to the practices of ISPs who receive CLI from Comindico which according to the ACA in para 11(b) is understood to have a relatively small customer base. No information is provided on the frequency of, or type of, use by ISPs receiving CLI from Telstra and Optus. Moreover, given the ACA contacted 130 ISPs with questions and 21 of them did not respond, it seems likely that those 21 may not only be using CLI, but also using it for non-permitted purposes.

In any case, it is irrelevant whether or not "it is possible" that the number of illegal disclosures (those that occur after all other silent/blocked numbers have been allowed to pass through the ACA's "filters") is infinitesimal relative to the total number of disclosures. A claim of only a small number of illegal disclosures is not a defence to contravention of s276 .

In addition, if an ISP is not using the CLI, it appears doubtful that the disclosure by carriers to the ISP of blocked numbers of the ISP's current customers is lawful. The second element (1)(b) of s291 appears not to be met, that is, it appears the disclosure is not made for a purpose of the ISP carrying on its business as an ISP if the ISP does not use such information.

Furthermore, the disclosure by carriers to ISPs is in contravention of s276 whether or not the recipient ISPs are using the received numbers.

Breach of sub-sections 5.1.2, 5.1.3, 5.1.5 and 5.2.1 of the code

14.        Investigation of the activities complained of indicates that prima facie carriers may be in breach of some sub-sections of Section 5 (Blocking and Enabling CND) of the code. However sub-section 1.1.4 of the code states:

'If there is a conflict between the requirements of this Code and any requirements imposed on a Supplier by legislation, the Supplier will not be in breach of this Code by complying with the requirements of legislation.'

15.        As discussed in paragraph 11 above, in circumstances where all four elements of section 291(1) of the Act are satisfied carriers and ISPs can claim exemption from the provisions of section 276. Prima facie carriers and ISPs are non-compliant with sub-sections 5.1.2, 5.1.3, 5.1.5 and 5.2.1 of the code; however when sub-section 1.1.4 is applied, they are non-compliant only in so far as the activity relates to CLI which does not meet all four elements of section 291(1), typically the CLI of customers who have CND blocked and who are not current or former customers of the carrier disclosing the CLI or the ISP using the CLI.

Again the ACA decision fails to take into account the fourth element of s291 (i.e. s291(1)(d)) requiring supply to the person whose information is being disclosed. This aspect is discussed in detail under para 9 earlier herein.

Breach of sub-section 5.8.1 of the code

16.        The complainants allege that four named ISPs are non-compliant with sub-section 5.8.1 of the code. Sub-section 5.8.1 directs that suppliers must not unfairly discriminate against customers who choose CND or CND blocking. The investigation has confirmed the terms and conditions and practices of three of these named ISPs do appear to breach sub-section 5.8.1 of the code. In addition the investigation has identified another ISP which appears to be in breach of sub-section 5.8.1 of the code.

According to ACA Decision 2, the ACA will be notifying those ISPs of their non-compliance and seeking undertakings from them to refrain from discriminating against customers who choose CND blocking and details of remedial action the ISPs propose to implement to achieve compliance with 5.8.1.

Breach of sub-section 7.1.1 of the code

17.        Sub-section 7.1.1 permits a supplier to provide CLI to CSPs for the purposes of supporting the operation of a carriage service in accordance with the Act. This sub-section may apply to ISPs that act as wholesalers or intermediaries (that is those which trade between the carrier and the ISP) and which provide CLI to their customer ISPs. However similar to the breaches of Section 5 discussed in paragraph 15 above, carriers or ISPs which supply CLI to ISPs are in breach of sub-section 7.1.1 but only in so far as the activity relates to CLI which does not meet all four elements of section 291(1), typically the CLI of customers who have CND blocked and who are not current or former customers of the carrier disclosing the CLI or the ISP using the CLI.

As discussed under para 11(d) above, when a wholesaler/intermediary ISP receives blocked calling number information from the originating call carrier, then discloses it to their customer ISP, the intermediary would rarely be able to claim compliance with all 4 elements of s291 (unless a telephone service subscriber was calling their own ISP). Unlike e.g. Telstra, the person whose number the intermediary discloses would rarely have a current or former customer relationship with the intermediary (most people would not even know the intermediary ISP existed).

Breach of sub-section 7.1.2 of the code

18.        Sub-section 7.1.2 requires a supplier which passes on CLI to a carriage service provider (CSP) to be satisfied that the CLI will be used only for the purposes of supporting the operations of a carriage service. Telstra, Optus and Comindico have all stated that they rely on contractual agreements with their customer ISPs to ensure compliance with 7.1.2.

19.        Legal advice indicates that it is likely all the supplier of CLI needs to satisfy itself is that the CLI will be used for the purposes of supporting the operation of a carriage service, there is no requirement that the supplier be satisfied the CLI was used for that purpose. Further, that to meet the requirements of 7.1.2 the supplier may only need to ask the ISP about how they intend to use the CLI, or the supplier could make a written declaration that the CLI was going to be used for the purposes of supporting the operation of a carriage service, or this could be specified in a contract.

It appears the word 'supplier' highlighted above should be 'recipient/ISP'.

20.        Unlike Comindico, Telstra and Optus do not provide CLI automatically to their customer ISPs as part of their basic service package. Those ISPs acquiring CLI from Telstra and Optus must first apply to be provided with CLI and must then enter into agreements which in part demands their compliance with ACIF codes and legislation.

21.        Comindico however provides full CLI to all its customer ISPs automatically as a part of its basic service package. Notwithstanding Comindico does have in place contractual agreements with its customer ISPs, the investigation has identified that some of Comindico's operating procedures make it arguable that Comindico is compliant with sub-section 7.1.2 of the code.

ACA Decision 3 states that the ACA will request Comindico to provide details regarding remedial action Comindico proposes to implement to ensure compliance with 7.1.2 of the code.

22.        In certain circumstances ISPs may also be in breach of sub-section 7.1.2. ISPs which act as wholesalers or intermediaries and which provide CLI to their customer ISPs may be in breach if they fail to take adequate steps to satisfy themselves that the CLI is intended to be used only to support the operation of a carriage service. While this issue has not been investigated in depth, anecdotal evidence indicates that few ISP wholesalers have an understanding of their responsibilities and obligations and indeed considered themselves quite divorced from the implications of the Act and the code.

ACA Decision 4 states the ACA will be advising ISPs acting as wholesalers and intermediaries of their status and responsibilities under the code and seeking undertakings to comply with the code and details of remedial action they propose to implement to ensure compliance with 7.1.2 of the code.

Breach of sub-section 7.2.1 of the code

23        Sub-section 7.2.1 of the code permits ISPs that receive CLI to use the CLI for the purposes of fraud prevention, billing, call management and credit control. However similar to the discussion of breach of sub-section 7.1.1 in paragraph 11 above, it appears ISPs are in breach of sub-section 7.2.1 but only in so far as the activity relates to CLI which does not meet all four elements of section 291(1), typically the CLI of customers who have CND blocked and who are not current or former customers of the carrier disclosing the CLI or the ISP using the CLI.

Again the ACA decision fails to take into account the fourth element of s291 (i.e. s291(1)(d)) requiring supply to the person whose information is being disclosed. This aspect is discussed in detail under para 9 earlier herein.

24.        Of the 109 responses received from ISPs only one ISP indicated it may be using CLI contrary to the purposes permitted by 7.2.1.

ACA Decision 5 states the ACA will further investigate that particular ISP.

However, given the ACA contacted 130 ISPs with questions and 21 of them did not respond, it seems probable those 21 are using CLI for non-permitted purposes.

Breach of sub-section 7.2.3 of the code

25.        Sub-section 7.2.3 requires ISPs to inform their customers if they are receiving CLI. Of the 109 responses received from ISPs only 20 per cent (22) informed their customers that they were receiving CLI, even fewer informed their customers of the privacy implications of this as required by the code.

ACA Decision 6 states the ACA intends to write to all the ISPs which the investigation established are non-complaint requiring them to inform their customers that they receive CLI and of the privacy implications of this, and that the ACA will seek their undertaking to comply and to provide details to the ACA regarding remedial action they propose to implement.

Discussion of other matters raised in your complainant

ISPs do not need CLI to provide a carriage service

26.        The complainants argue that the provision of CLI to ISPs is a relatively recent development; that ISPs did not need CLI to achieve Internet access in the past and do not require CLI to provide access today. While the complainants are entitled to their opinion the ACA believes it is for the ISPs to decide what they need to operate their business. Legal advice provided to the ACA in regard to section 291 of the Act offers the opinion that there is no need to establish a 'needs test' as the provisions of the section very clearly state the criteria to be taken into account for this exception to apply. Further the ACA's legal advisors do not think the legislation intended to introduce a business needs test as such, rather, it intended for carriers to comply with the criteria it provides within the provisions.

If the opinion of the ACA's legal advisers is correct concerning absence of a 'needs' test, the ramifications are extensive.

Lack of a needs test affects disclosure and use of all personal information about telecommunications users and the content of their communications, that is, not only calling number information and not only in relation to calls made to ISPs.

It would mean that members of the telecommunications industry can disclose and use, among other members of the telecommunications industry, information about current and former customers without their consent whenever it is said that this is for the purpose of not only supply, but proposed supply, of a service to a person, i.e. apparently including for the purpose of direct marketing of their services.

As stated in our complaint to the ACA: "If Section 291 could be interpreted in such a manner [re calling numbers], the same sub-section could equally easily be interpreted to permit a carrier or an ISP to disclose personal information (name, address, telephone number) about their customers, without their customers' consent, to for example a pay television provider "for a purpose of, or is connected with...the proposed supply by" a pay television service provider of "a content service" (s291(1)(d)(i)." For example, ISPs and telephone companies could disclose current and former customers names, addresses and phone numbers to a pay television service provider for the purpose of facilitating the pay television service provider to contact those individuals proposing to supply them with a content service (i.e. unsolicited direct marketing).

An interpretation of s291 that results in the above situation is contrary to the overall intent of Part 13 of the Act to protect telecommunications user/s communications and personal information and therefore we find it unlikely such an interpretation is correct.

27.        In discussion of this matter the complainants refer to one particular sentence in the Explanatory Statement to the code (paragraph 3 of page 1 of the Explanatory Statement) which they allege supports their contention that CLI should only be provided to ISPs on a needs basis. It is noted that no mention of 'need' is included in the operational sections of the code and ACA legal advice, similar to the discussion in paragraph 26 above, is that the code does not imply a 'needs test'.

Evidently the ACA considers it appropriate for the Code's Explanatory Statement to be misleading to members of the public. It states:

"The Code expands on those privacy protections [in Part 13 of the Act], ensuring that CLI is only passed on to carriage service providers which need CLI information for the provision of carriage services."

Inaccurate definition of CLI

28.        In the complaint it is argued that the definition of CLI used in the code is inaccurate and the complainants advance the argument that information transmitted beyond the telephone network into the customer's access network or local loop, that is beyond the carrier to the ISP, is not CLI but a CND service based on CLI. While it is again acknowledged that the complainants are entitled to their view, the ACA does consider this view is relevant in any analysis of whether there has been a breach of the Act or the code. The Act does not proscribe a definition of CLI, and alleged breaches of the code can only be assessed against the definition provided in the code. The ACA does not consider that the complainants have provided any compelling argument why the definition in the code should be reviewed.

It is a fact that ISPs are receiving a CND service, not CLI, in the circumstances complained about.

Overriding of CND affects the provisions of the Customer Service Guarantee

29.        In the complaint is it alleged that because CLI overrides CND choice,

The above was not alleged in the complaint. CLI does not override CND choice, CND blocking is a CLI-based service. The carriers are overriding subscribers' and callers' CND blocking instructions.

'carriers have intentionally introduced this fault and service difficulty into their network', and that because this 'fault' was introduced deliberately carriers will escape their obligations for this 'fault' under the Telecommunications (Customer Service Guarantee) Standard 2000. In this the ACA considers the complainants have incorrectly represented correct CLI function as a CND failure; these are separate functionalities that are not aligned.

The complainants did not represent correct CLI function as a CND failure. The complaint stated "We assert that the non-operation of blocking is a breach of the Telecommunications (Customer Service Guarantee) Standard 2000 (No. 2). Calling number display blocking is a 'specified service' [in the CSG] as it is an 'enhanced call handling feature'. The blocking feature is not operative on calls to a range of numbers, and there is no technical reason, nor legislative basis, for it not to be operative. We consider that the fact that carriers have intentionally introduced this fault and service difficulty into their network should not enable them to thereby escape their obligations under the Customer Service Guarantee."

Users of the Internet are not aware their CLI is being disclosed and used

30.        It is alleged that the vast majority of individuals who have silent and other blocked numbers are not aware that blocking is being overridden, that ISP owners and staff do not understand their responsibilities regarding CLI and carriers misrepresent the extent to which CND blocking is effective.

31.        The investigation does indicate some support for these comments. The provisions of Section 6 of the code (Ensuring Customer Awareness) place the onus on carriers and CSPs/ISPs to keep their customers informed of how CND works and the privacy implications of disclosure and use of CLI. However in practical terms the requirements of Section 6 fall mainly to carriers as many of the requirements do not relate to the type of services provided by ISPs. Perusal of the Internet sites of Telstra, Optus and Comindico elicits little information regarding CND services and it is difficult to assess the degree to which these carriers comply with Section 6.

32.        Specifically for ISPs, sub-section 7.2.3 of the code requires ISPs to inform their customers if they are receiving CLI regardless of whether the customer has blocked sending it and the privacy implications for the customer. ISP compliance with this requirement has been previously discussed in paragraph 25.

Paragraph 25 states that only 20% even partly comply.

33.        The complainants make the comment that the ACA's consumer fact sheet Calling Number Display does not reflect the current situation of CLI being provided to ISPs. The ACA agrees that the fact sheet should be enhanced to clarify in what circumstances CLI is disclosed and used.

ACA Decision 12 states the ACA intends to amend its (non-factual and misleading) 'fact' sheet which states/stated "If you have an unlisted number, it will automatically be blocked (and not show up on CND), unless you request otherwise. ... Please note that calls made to emergency call service numbers will always display the caller's number, regardless of whether it has been blocked or not."

Breach of other legislation

34.        Finally the complainants allege that carriers and ISPs participating in the activity complained of are in breach of National Privacy Principles of the Privacy Act 1988; are in breach of the Trade Practices Act and some State and Territory fair trading legislation and are in breach of confidence and the common law right of privacy.

ACA decisions

35.        In considering its response to the findings of the investigation the ACA has made a number of decisions which pursue a non-adversarial approach to remedy identified breaches of the Act and code and inappropriate behaviours.

The decisions provide no remedy in relation to disclosures the ACA agrees are illegal under the Act, that is, when all four elements of s291 are not met, nor do the decisions include any measures to prevent continuation of illegal disclosure practices.

The decision in effect tells telecommunications service providers they can continue breaching the law, safe in the knowledge that the telecommunications regulator will not take any action to enforce compliance with the law.

It is acknowledged that this approach is not that preferred by the complainants. The ACA however has decided on this approach for the following reasons:

  • the investigation uncovered no evidence of malicious intent on the part of carriers and ISPs;

    The above is irrelevant. Malicious intent is not an element of the s276 offence, nor is absence of malicious intent a defence to contravention of s276 .

  • there is reason to believe that the number of breaches committed by carriers is relatively very small with breaches committed by ISPs reasoned to be even considerably fewer;

    The number of breaches is irrelevant. The s276 offence is applicable to a single breach. The provision is intended to protect each individual's privacy. How often an individual's privacy is breached, and how many individuals' privacy is breached, is totally irrelevant to a finding of contravention of s276 .

    Further, the "reason to believe" that the number is "relatively very small" stated in the ACA response (para 11) consists entirely of speculation by the ACA. It is littered with remarks such as "the number...is not known", "the figures...are not available", "it is believed", "it is thought", "it is possible", etc.

    In addition, in speculating that the number of illegal disclosures would be small, the ACA has used a construction of s291 of the Act that we consider to be wrong. It contends, for example, that Telstra is allowed to disclose private information about most people, even if they are not Telstra customers, because they are probably former customers of Telstra. Even if that aspect of the ACA's construction is correct, the ACA response fails to take into account the fourth element of s291 (i.e. s291(1)(d)) requiring supply to the person whose information is being disclosed, as discussed in detail under para 9 earlier herein.

  • there is concern that carriers will be unable to definitively identify the CLI of customers who have CND enabled and who are not current or former customers of the carrier disclosing or the ISP using the CLI

    We agree that when carriers automatically override a telephone subscriber's or caller's calling number blocking instruction, they cannot possibly know at the time of the automated disclosure whether or not the silent or other blocked calling number information relates to one of their, or the ISP's, current or former customers. This fact was a principal point made in our complaint.

    However, much the same as ignorance of the law is not a defence, use of automated technology by carriers that enables them to be ignorant of whether or not they are breaking the law in any particular instance is not a defence to contravention of s276 .

    and, as a consequence, carriers may implement a technical solution whereby they cease to disclose any CLI to ISPs.

    That is a choice for carriers. However, there is no probability whatsoever of the above claimed consequence. The technical solution has long existed and has long been used by carriers in Australia. It is entirely legal for carriers to disclose calling number information to ISPs and any other types of customers, unless the call is made with a CND block in place. The only reason carriers are currently breaking the law is because they have relatively recently and intentionally chosen to over-ride telephone subscriber and caller CND blocking instructions on calls made to some ISPs.

    Such a solution could disadvantage carriers and responsible ISPs in the conduct of their business, for example investigation and prevention of fraud; may diminish the capacity of carriers and ISPs to develop technology and business models which benefit the Internet user community and may hamper law enforcement agencies in the collection of information under warrant.

    Responsible carriers and ISPs would ensure of their own volition that they comply with the law. In relation to the other matters referred to above:

    1. Re "investigation and prevention of fraud"

      As discussed in detail in Attachment 4 to our complaint to the ACA, ISPs cannot use calling number information to prevent fraud unless the particular customer has previously notified the ISP of the number/s they will be calling from. There is therefore no justification for ISPs to covertly and illegally collect calling numbers without consent for a claimed purpose of preventing fraud. Customers who wish to receive this type of value-added security protection (and do not travel or otherwise call from numbers not known in advance) can be advised by the ISP that if they have line blocking implemented, they will need to dial the unblocking code in order to use their Internet access account. Other claims by some members of the industry were also addressed in detail in Attachment 4, and the ACA has not disputed any information therein.

    2. Re "may diminish the capacity of carriers and ISPs to develop technology and business models which benefit the Internet user community".

      The above implies that the Internet user community would benefit from technology and business models that necessitate invasion of users' privacy without consent. However, it is a well known and documented fact that a major impediment to uptake of e-commerce is public concern about privacy online. Technology and business models that do not provide Internet users with a choice in relation to privacy of their personal information is highly unlikely to be popular. In any case, telecommunications service providers are not above the law, notwithstanding the ACA's decision, and they are already obligated to comply with the law in developing technology and business models.

    3. Re "may hamper law enforcement agencies in the collection of information under warrant".

      It is astounding that the ACA considers it appropriate to allow telecommunications service providers to continue breaching the law because that might help them to help law enforcement agencies catch other people who breach other laws.

Decision 1

36.        That carriers and ISPs be required to ensure their customers are made aware of the circumstances in which CLI will be provided to ISPs; clearly identifying that the CLI of any phone line, whether it has an unlisted number or has CND blocked, used to access the Internet may be disclosed and used.

The above circumstances currently include circumstances where the disclosing carrier is contravening s276 of the Telecommunications Act 1997. Given the ACA has decided to take no action to enforce compliance with the law, we question whether the ACA will require carriers and ISPs to inform customers that silent and blocked calling number information will be provided to ISPs in circumstances in which the disclosure is a criminal offence.

Decision 2

37.        That those ISPs identified as being in breach of sub-section 5.8.1 of the code (discriminating against customers who choose CND blocking) be advised of their non-compliance. That the ACA should, as a first compliance measure, seek their undertaking to refrain from such activity and to provide details to the ACA regarding remedial action they propose to implement to achieve compliance with 5.8.1.

Decision 3

38.        While arguably not in breach of sub-section 7.1.2 of the code, as discussed in paragraph 21 above, Comindico be advised of the ACA's concern that Comindico's operating procedures which are meant to ensure compliance with 7.1.2 are not adequate. Further that the ACA request Comindico to provide details regarding remedial action Comindico proposes to implement to ensure compliance with 7.1.2 of the code.

(s7.1.2 of the code concerns suppliers being satisfied that CLI they provide is to be used only for the purpose of supporting the operation of a carriage service.)

Decision 4

39.        Those ISPs acting as wholesalers and intermediaries identified by the investigation by advised as to their status and responsibilities under the code. Further, that ISPs so identified be requested to provide the ACA with an undertaking that they will fulfil all their responsibilities under the code, and provide details regarding remedial action they propose to implement to ensure compliance with 7.1.2 of the code.

(s7.1.2 of the code concerns suppliers being satisfied that CLI they provide is to be used only for the purpose of supporting the operation of a carriage service.)

Decision 5

40.        As discussed in paragraph 24 above, the ACA further investigate one ISP which was identified during the investigation as possibly not complying with sub-section 7.2.1 of the code. If found to be non-compliant, as a first measure of compliance, seek the ISP's undertaking to refrain from such activity and to provide details to the ACA regarding remedial action they propose to implement to ensure compliance with 7.2.1.

(s7.2.1 of the code restricts use of CLI to the four purposes listed in the Code.)

Decision 6

41.        In light of the disappointing level of compliance with sub-section 7.2.3 as discussed in paragraph 25, the ACA write to all the ISPs which the investigation has established are non-complaint, and as a first compliance measure, require them to inform their customers that they receive CLI and of the privacy implications of this. Additionally the ACA seek their undertaking to comply with sub-section 7.2.3 and to provide details to the ACA regarding remedial action they propose to implement.

(s7.2.3 of the code concerns informing customers of receipt of CLI and of any privacy implications for the customer.)

Decision 7

42.        As a general measure in relation to ISP regulatory observance, the ACA develop and implement a broader strategy for engaging with and informing ISPs of their responsibilities under the Act and the code. It would appear suitable for this strategy to build on the work already being undertaken by the ISP Obligations Awareness Project of the Consumer and Universal Service Obligation Group.

Decision 8

43.        The complainants be advised that the ACA does not support their opinion that need should be an element of any test regarding the disclosure/use of CLI. The next review of the code is scheduled for mid 2005 and the complainants be advised that any contribution they choose make to the review would be welcomed and fully considered.

Decision 9

44.        The complainants be advised that the ACA does not support their opinion that the definition of CLI in the code and that which is used by the industry is not correct. Similar to the comment made in Decision 8, the complainants be advised that any contribution they choose make to the next review of the code would be welcomed and fully considered.

Decision 10

45.        The ACA advise the complainants that enhanced call handling features, of which CND is one, are taken into consideration when the Customer Service Guarantee is monitored.

Decision 11

46.        The ACA investigate the degree to which suppliers (being both carriers and carriage service providers) are ensuring customer awareness as required by Section 6 of the code. Further, suppliers be made aware of any deficiencies identified regarding customer awareness and be required to advise the ACA of remedial action to ensure compliance with Section 6 of the code.

Decision 12

47.        The ACA fact sheet Calling Number Display be amended to better reflect the circumstances in which CLI may be disclosed and/or used by carriers and ISPs.

Decision 13

48.        The ACA formally advise the Office of the Federal Privacy Commissioner of the outcomes of this investigation.

Decision 14

49.        Those law enforcement agencies which have expressed concern regarding possible curtailment of the use of CLI be formally informed of the outcomes of this investigation.

In other words, the ACA will inform law enforcement agencies not to worry, that they will continue to be able to obtain illegally disclosed information from ISPs, because the ACA will take no action to require carriers to cease disclosing information to ISPs in circumstances that constitute a criminal offence.

Decision 15

50.        The complainants be advised that the outcomes of this investigation will be conveyed to the Office of the Federal Privacy Commissioner. Further, the complainants be officially advised that it is not the mandate of the ACA to investigate alleged breaches of the Trade Practices Act, State or Territory fair trading legislation, breaches of confidence and the common law right of privacy; and that they may wish to direct alleged breaches of these provisions to the relevant Commonwealth, State and Territory bodies.

Decision 16

67.        The complainants be advised of the outcomes of this investigation, including what remedial action is proposed by the ACA. In particular the complainants be advised that contrary to the relief they have sought, the ACA will not at this time be launching prosecution against carriers or ISPs found to be in breach of the Act or the code.

While the complaint to the ACA did request the ACA to arrange for the prosecution of corporations found to have breached the law, that is not the only form of relief that was sought. Among other things, we also requested the ACA to issue a warning to all carriers and carriage service providers (includes ISPs) concerning compliance with the Telecommunications Act 1997 in relation to the prohibitions on disclosure and use of silent and other blocked scaling number information.

It is of extreme concern that the ACA has decided not to take any action whatsoever directed to ensuring service providers comply with the law from now on. In our opinion, the ACA must take firm action in relation to the breaches of s.276 . Specifically, we believe that the ACA must:

  1. prosecute the organisations that committed the breaches;
  2. if not, then obtain a Federal Court injunction requiring all relevant organisations to comply with s.276 (as the ACA is empowered to do by Part 30 of the Act);
  3. if not, then:
    1. issue directions to all relevant organisations, requiring them to comply with s.276 (as the ACA is empowered to do by Part 4 Div 5 of the Act); and
    2. put in place firm arrangements to conduct a follow-up investigation 6 months after the directions are issued; and
    3. prosecute organisations that continue to be in breach of s.276 .

You are here: EFA Home » Issues » Privacy » Calling Number Display » Complaints re blocked calling number disclosure » Commentary on the ACA's Decision