You are here: EFA Home » Issues » Privacy » Calling Number Display » Complaints re blocked calling number disclosure » Complaint to C'th Ombudsman » Attachment 1 8 Sep 2004

Attachment 1:
Explanatory notes and commentary on the ACA's decision

This document is an attachment to the letter of complaint to the Commonwealth Ombudsman dated 5 September 2004, regarding a decision by the Australian Communications Authority dated 19 August 2004.

In this document, relevant extracts from the ACA's letter and decision are quoted, followed by indented paragraphs containing explanatory notes and commentary by the complainants.

Extracts from the ACA's letter

"The ACA does not at this time propose pursuing prosecution of any carrier or ISP regarding apparent breaches of the Act and the code. While I am aware this is not the redress sought by you, the ACA believes that given the absence of malicious intent the measures proposed by the ACA will correct inappropriate behaviours. In particular they will provide customers of ISPs with information regarding disclosure and use of CLI upon which they can make informed choice regarding their relationship with their ISP, and will allow the customers of phone services to understand the circumstances in which unlisted numbers and CND blocking may not effective prevent the disclosure and use of their CLI."

Given the ACA is of the opinion that carriers are permitted to disclose silent and other blocked numbers to ISPs without consent, individuals who do not want their number disclosed have no choice regarding their relationship with their ISP. In order to prevent their number being disclosed, they would have to terminate their relationship with their ISP and also cease accessing the Internet via their telephone service because any other ISP could commence collecting their blocked or silent number without consent and without prior notice.

Further, the ACA's statement that the measures "will allow the customers of phone services to understand the circumstances in which unlisted numbers and CND blocking may not effective [sic] prevent the disclosure and use of their CLI" is highly disturbing because those circumstances include circumstances in which the ACA has found the disclosure is illegal but the ACA has declined to enforce the law.

"The ACA has an appreciation of the time and effort you, Mr Clark and Mr Fitch expended in developing and writing your submission of July 2003 and also appreciates that the matters you raised are legitimate and display you commitment to protecting the privacy of Australian telecommunication users. However as regulator of the telecommunications industry the ACA seeks to achieve a balance between individual rights and support for a telecommunications industry which is efficient, competitive and responsive to the needs of the Australian community and which promotes the long-term interests of end-users."

There is no "balance" in the decision to allow industry to continue breaking the law. The decision in effect says individuals' rights are subservient to the wishes of industry, irrespective of individuals' legislated rights.

Moreover, the ACA's statement above says that the ACA is of the opinion that it is not in the long-term interests of end-users to enable them to protect their privacy by blocking provision of their number. Such an opinion is contrary to the conditions under which carriers were permitted to introduce calling number display services into Australia in 1997. The Government required the telecommunications carriers to undertake to enable individuals to block provision of their calling number (on all calls except those made to the 000 emergency number) and to comply with AUSTEL's written guidelines to that effect and to develop a similar industry code to be registered by the ACA.

Extracts from the ACA's Report of investigation, analysis and findings

Discussion of alleged breaches of the Act and the code

Breach of section 276 of the Act

7.        The investigation has established that carriers and ISPs are disclosing and/or using the CLI of customers; including the CLI of customers who have blocked CND either by way of default as an unlisted number or as an Optus customer, or by way of permanent or per call blocking initiation.

8.        Prima facie this activity appears to be in breach of section 276 of the Act; however a number of exemptions from section 276 are made available by sections 279 to 294 of the Act. The exemption provided by section 291 (Business needs of other carriers or service providers); in particular subsection 291(1), is cited by industry as enabling the exchange of CLI between carriers and ISPs.

9.        Subsection 291(1) is comprised of four elements and to claim an exemption to section 276 by virtue of subsection 291(1) all four elements must be satisfied.

The four elements of the exemption which must be satisfied are (a). (b), (c) and (d) below:

"s291 Business needs of other carriers or service providers
(1) Section 276 does not prohibit a disclosure or use by a person of information or a document if:

(a) the disclosure or use is made by or on behalf of:
(i) a carrier (the first carrier); or
(ii) a carriage service provider (the first provider); and
(b) the disclosure or use is made for a purpose of, or is connected with, any other carrier or service provider carrying on its business as such a carrier or provider; and
(c) the information or document relates to a person (the third person) who is a customer or former customer of:
(i) the first carrier or the first provider; or
(ii) the other carrier or the other provider; and
(d) the disclosure or use is made for a purpose of, or is connected with:
(i) the supply, or proposed supply, by the other carrier or other provider to the third person of a carriage service or a content service; or
(ii) the supply, or proposed supply, by the other carrier or other provider to the third person of goods or services for use in connection with the supply of a carriage service or a content service; or
(iii) the installation, maintenance, operation or provision of access to a telecommunications network or a facility, where the network or facility is used, or for use, by the other carrier or the other provider to supply a carriage service or a content service to the third person."
[emphasis added]

The investigation has identified that in most episodes of CLI disclosure/use carriers and ISPs can claim an exemption by virtue of subsection 291(1) as all four elements of subsection 291(1) are satisfied.

For example: Person A dials their own ISP. In the ACA's opinion, disclosure by any telecommunications service provider to the ISP is permitted because Person A is a customer of the ISP, the number disclosed to the ISP is Person A's number and allegedly the disclosure is made for a purpose connected with supply of a service by the ISP to Person A.

However in the scenario discussed in the complaint; that is in circumstances where a customer accesses their ISP from a phone line controlled by another party and this phone line is either an unlisted number or has CND blocked, (refer Attachment A to this report) if, as specified by subsection 291(1)(c), the other party who controls the phone line is not a current or former customer of either the carrier or the ISP all four elements of subsection 291(1) are not satisfied and exemption from section 276 cannot be claimed.

While we agree with the statements in the above paragraph, both that paragraph and the remainder of the ACA document fails to take into account the fourth element of the s291 exemption from prohibition on disclosure. The s291(1)(d) element requires that "the disclosure or use is made for a purpose of, or is connected with the supply, or proposed supply, by the other carrier [disclosing telco] or other provider [receiving ISP] to the third person [the person to whom the disclosed information relates (s291(1)(c))] of a carriage service".

For example: Person A is a current Optus telephone service customer, who used to be a Telstra customer (a "former" customer of Telstra), and Person B uses Person A's phone line to dial their own ISP. The call passes during transit from the Optus network to the Telstra network and Telstra discloses Person A's Optus silent/blocked number to Person B's ISP.

The ACA decision contends that the above disclosure is lawful because Person A is a former customer of Telstra. Such disclosure does not, however, appear to be lawful because the fourth element of s291 is not met. The ACA decision makes no reference to the fourth element, i.e. s291(1)(d). The above disclosure is not made for a purpose connected with the supply of a carriage service by the ISP to Person A (s291(1)(d)), nor is it made for a purpose connected with of supply a carriage service by Telstra to Person A (s291(1)(d)) of a carriage service (the supplier of Person A's telephone carriage service is Optus.)

10.        While legal advice notes that measuring detriment is not an element of section 276 [titled "Primary disclosure/use offence—eligible persons"] the investigation has attempted to establish, in relative terms, some measure of the magnitude of breach of section 276 in circumstances where a customer accesses their ISP from a phone line controlled by another party and this phone line is either an unlisted number or has CND blocked. The following is what could be described as a set of filters which, when applied, endeavours to define the customer group which in the circumstances may suffer detriment from breaches of section 276, and the size of this customer group relative to all Australian Internet users.

The ACA's attempt to measure magnitude of detriment by defining a customer group that is a subset of all Australian Internet users fails to take into account that individuals who may suffer detriment from breach of s276 include people who are not Internet users. That is, individuals who are not Internet users but whose silent/blocked number is used by other person/s to dial their ISP.

Although the ACA's para 10 above recognises that detriment is irrelevant to whether or not breach of the law has occurred, the ACA has attempted to justify its decision to allow continued illegal disclosures by contending that the group of people who may suffer detriment is small. Given the ACA took into account the irrelevant matter of magnitude of detriment, it is highly disturbing that they failed to also take into account the type of people who may be very seriously affected.

For example, a women's shelter may have a silent number. If they provide a computer with Internet access, the shelter's silent number will be disclosed to ISPs. Similarly a battered wife may be staying with a friend/relation who may have a silent number, or the wife may dial the CND blocking code before dialling her ISP. Nevertheless, the other person's blocked number will be disclosed to the ISP. If the Internet access account is in the name of the husband there is a serious risk that the ISP may disclose the number to the abusive husband potentially enabling him to identify the battered wife's physical location.

Such considerations demonstrate why the s276 offence does not include an element requiring a finding of multiple disclosures nor a large number of people being affected. Magnitude of breach is irrelevant to individuals who suffer harm as a result of illegal disclosure of silent/blocked call numbers by telecommunications service providers. Nevertheless, the ACA decision speculates that only a small number of people are affected by breach of the law and therefore the ACA will not take any steps to enforce compliance with the law.

11.        For an episode of breach of section 276 to occur in circumstances where a customer accesses their ISP from a phone line controlled by another party and this phone line is either an unlisted number or has CND blocked (refer Attachment A to this report):

In this section, the ACA attempts to determine how many people's silent/blocked numbers are being illegally disclosed by applying what the ACA describes as a "set of filters". These "filters" do not block numbers from being disclosed to ISPs. On the contrary, the "filters" allow the vast majority of silent and other blocked numbers to pass through and so be disclosed to ISPs.

  1. the subject customer's CLI must be CLI which is traffic between a carrier and an ISP. As reported in the 2002-03 Telecommunications Performance Report at the end of March 2003 there were 5.1 million Internet subscribers in Australia; and

    The reference to "the subject customer" refers to an ISP customer who dials their ISP from another person's phone line (see para 11 above). Therefore this first "filter" contends that, at most, there are 5.1 million people who may suffer detriment, because that is the number of Internet subscribers.

    However, the ACA's "filters" fail to take the context into account, that is, it is not the ISP's customer's number that is being disclosed it is someone else's number who may not be an Internet user. Therefore, the contention that at most 5.1 million people may suffer detriment by breach of the law is incorrect.

    In summary this "filter" suggests the number who may suffer detriment from breach of the law by carriers is less than would be the case.


  2. the subject customers' CLI must be CLI which is disclosed to an ISP. The number of CLI episodes being disclosed to ISPs is not known. The 2002-03 Telecommunication Performance Report notes that the seven largest ISPs (which included Telstra Bigpond and OptusNet) accounted for 70 per cent of total Internet subscribers, however Telstra and Optus provide CLI to some, not all, of their customer ISPs. Comindico on the other hand provides CLI to all its customer ISPs bundled in the connection service, however Comindico is understood to have a relatively small customer base, a subset of the 30 per cent not sourced from Telstra and Optus; and

    The relevance of the above, if any, is unclear. The paragraph appears to compare apples with oranges. It says:

    • 70% of total Internet subscribers are accounted for by the 7 largest ISPs (2 of which are Telstra Bigpond and OptusNet)
    • Telstra and Optus provide CLI to some, not all, of their customer ISPs. However, no information is provided concerning how many customer ISPs Telstra and Optus have, nor even how many of the 7 largest ISPs they have as customers.
    • Comindico's customer base is "a subset of the 30% not sourced from Telstra and Optus".

    There is no stated basis for the 30% figure. Comindico does not have Internet subscribers as customers, only customer ISPs. Hence, although the figure of 30% appears to refer to the remainder of Internet subscribers who are not included in the 70% accounted for the 7 largest ISPs, that does not appear relevant to how many customer numbers Comindico discloses to its customer ISPs. For example, Comindico could have some of the 7 largest ISPs as customers, and if so, then Comindico ISP customers could account for a subset of more than 30% of Internet subscribers.

    In summary, this "filter" provides no information relevant to determining the number who may suffer detriment from breach of the law by carriers.


  3. the subject customer's CLI must be CLI which is CND blocked, either by way of default as an unlisted number or as an Optus customer, or by way of permanent or per call blocking initiation. Figures available to the ACA indicate that of the 40 million numbers recorded on the Integrated Public Number Database, 11 million are classed as unlisted; however this 11 million includes all mobile services which are, by default, unlisted but are not relevant to this issue.

    The basis for the claim that mobile services are not relevant is not apparent. Presumably the ACA believes that no mobile phone subscriber would ever allow another person to use their mobile to access the Internet.

    It is notable that the ACA fails to state how many of the unlisted numbers are mobile numbers and as a result the paragraph tends to imply that the number of unlisted fixed (land line) numbers would be small after subtracting the number of mobile numbers. However, the 2002-03 Telecommunication Performance Report states "There are about 14.3 million mobile phone services in operation". Hence the number of mobile services is of itself greater than the 11 million unlisted numbers. All that can be concluded from the ACA statistics is that numerous mobile numbers are not unlisted. The statistics provide no indication at all as to how many fixed (land line) numbers are unlisted.

    In summary, this "filter" provides no information relevant to determining the number who may suffer detriment from breach of the law by carriers.


    Figures regarding CND blocking which arises as a result of default (for example Optus customers) or which arise by way of customer initiated permanent blocking or per call blocking are not available, however it is believed that the number of CND block initiations is relatively low. This is especially thought to be the case for Telstra customers as Telstra is an 'opt-out' CND service provider; and

    This "filter" consists of completely unsubstantiated speculation by the ACA. It provides no information relevant to determining the number who may suffer detriment from breach of the law by carriers.


  4. the CLI which is being disclosed/used must be the CLI of a customer who is not a current or former customer of the disclosing carrier or the ISP using the CLI. Given the dominance of Telstra, and to a lesser extent Optus, as providers of telephone lines it is reasoned that a large percentage of customers whose CLI remains after being filtered through the first three levels above will be excluded by virtue of these customers being current or former customers of the carriers disclosing or the ISP using the CLI.

    The CLI that remains after being "filtered" through the first three levels above is CLI that involves a silent or other CND blocked number. All other CLI has passed through the filter and been disclosed to an ISP because in the ACA's opinion the disclosure is legal because either:

    1. the number relates to a person who is not an Internet user (however, as discussed under 11(a) above this filter is wrong because it is irrelevant whether or not the telephone subscriber is also an Internet user), or
    2. the number is an unlisted or blocked number, but the carrier did not disclose it to an ISP (the ACA says the number of CLI disclosures to ISPs "is not known"), or
    3. the number is not a silent number and is not CND blocked on a permanent or per call basis (the ACA says figures regarding the quantity of silent and CND blocked numbers are not available).

    In the ACA's fourth "filter" (d), the ACA states that "it is reasoned that a large percentage of customers whose CLI remains after being filtered through the first three levels above will be excluded by virtue of these customers being current or former customers of the carriers disclosing or of the ISP using the CLI."

    It should be noted that the term "excluded" above means the customers' silent/blocked numbers will be excluded from coverage by the privacy protective prohibition on disclosure in s276 of the Act. In the ACA's opinion, the numbers are allowed to be disclosed by the s291 exemption because the individuals are current or former customers of the carrier disclosing their number or of the ISP receiving their number.

    However, again the ACA decision fails to take into account the fourth element of s291 (i.e. s291(1)(d)) requiring supply to the person whose information is being disclosed. This aspect is discussed in detail under para 9 earlier herein.

    In addition, the ACA discussion of "filters" fails to take into account the situation when wholesalers or intermediaries are providing CLI to their customer ISPs. In such situations the carrier discloses the CLI to the intermediary who discloses it to the ISP. Such an intermediary would rarely if ever be able to claim compliance with all four elements of s291 when they disclose the CLI to an ISP (unless the caller was using their own telephone service to call their own ISP). Unlike for example Telstra, the intermediary would rarely have a former customer relationship with the person whose blocked number they disclose to their customer ISP. Most ISPs' Internet subscribers would not even know the intermediary was involved let alone have ever been a customer of that wholesaler/intermediary. As stated by the ACA in para 22 "anecdotal evidence indicates that few ISP wholesalers have an understanding of their responsibilities and obligations and indeed considered themselves quite divorced from the implications of the Act and the code".

    Furthermore, while the "former customer" argument is convenient in relation to disclosure by Telstra to their customer ISPs, it is not for disclosure by Optus to Optus customer ISPs. 89% of standard telephone services are Telstra phone numbers (according to the 2002-03 Telecommunication Performance Report). When Optus discloses a Telstra telephone subscriber's silent or other blocked number to an Optus customer ISP (and the Telstra telephone subscriber is not a customer of the ISP), Optus is in contravention of s276 because the vast majority of Telstra telephone subscribers are not former Optus customers. However, when Telstra discloses an Optus telephone subscriber's silent or other blocked number to a Telstra customer ISP (and the Optus telephone subscriber is not a customer of the ISP), in the ACA's opinion Telstra is usually not in contravention of s276 because the vast majority of Optus telephone subscribers are former customers of Telstra.

    Hence if the ACA's interpretation of the s291 exemption is correct, it demonstrates that the Act has not achieved its overall objective of creating a level playing field in the telecommunications market. Telstra would be allowed to sell/disclose the vast majority of Optus subscribers' numbers (because they were former customers of Telstra) but Optus would not be allowed to sell/disclose more than a small percentage of Telstra customer numbers (because they are not former customers of Optus).

    However, in our view the Act does achieve its objective of a level playing field in the above context because we believe the ACA interpretation of s291 is wrong. The ACA has failed to take into account the fourth element of s291.

    In summary, in our view the ACA's "filters" allow more silent and blocked numbers to be disclosed by carriers to ISPs than a correct interpretation of s291 would allow.

    In any case the ACA has found carriers are contravening s276 in some circumstances by disclosing silent and blocked numbers to ISPs, but the ACA decision is to take no action to enforce compliance with the law.

12.        In addition, for a breach of section 276 to be sustained it would have to be established that an ISP was actually using the CLI. While it appears that in certain circumstances carriers are in breach for disclosing CLI to ISPs, an ISP in the same circumstances may only be in breach for episodes when they actually use the CLI.

Section 276 of the Act does not require use by an ISP to be established in order to sustain breach by a carrier for disclosing information to the ISP.

13.        The number of customers whose CLI remains after being filtered through all four levels as described in paragraph 11 above is, relative to all Internet users, considered to be very small.

As discussed earlier herein, the ACA's grounds for considering the number of illegal disclosures to be very small is supported only by the ACA's total speculation together with an interpretation of s291 that in our opinion is incorrect. Furthermore the number "relative to all Internet users" is irrelevant because the illegal disclosures include disclosure of numbers of people who are not Internet users.

The investigation has revealed that ten ISPs did not use the CLI they receive from Comindico and many others stated they used the CLI infrequently, mainly to settle billing disputes. Therefore it is possible that episodes of ISPs using the CLI which remains after being filtered thorough all four levels, relative to the episodes of transmission of all CLI between carriers and ISPs, could approach the infinitesimal.

The above paragraph apparently refers only to the practices of ISPs who receive CLI from Comindico which according to the ACA in para 11(b) is understood to have a relatively small customer base. No information is provided on the frequency of, or type of, use by ISPs receiving CLI from Telstra and Optus. Moreover, given the ACA contacted 130 ISPs with questions and 21 of them did not respond, it seems likely that those 21 may not only be using CLI, but also using it for non-permitted purposes.

In any case, it is irrelevant whether or not "it is possible" that the number of illegal disclosures (those that occur after all other silent/blocked numbers have been allowed to pass through the ACA's "filters") is infinitesimal relative to the total number of disclosures. A claim of only a small number of illegal disclosures is not a defence to contravention of s276.

In addition, if an ISP is not using the CLI, it appears doubtful that the disclosure by carriers to the ISP of blocked numbers of the ISP's current customers is lawful. The second element (1)(b) of s291 appears not to be met, that is, it appears the disclosure is not made for a purpose of the ISP carrying on its business as an ISP if the ISP does not use such information.

Furthermore, the disclosure by carriers to ISPs is in contravention of s276 whether or not the recipient ISPs are using the received numbers.

26.        The complainants argue that the provision of CLI to ISPs is a relatively recent development; that ISPs did not need CLI to achieve Internet access in the past and do not require CLI to provide access today. While the complainants are entitled to their opinion the ACA believes it is for the ISPs to decide what they need to operate their business. Legal advice provided to the ACA in regard to section 291 of the Act offers the opinion that there is no need to establish a 'needs test' as the provisions of the section very clearly state the criteria to be taken into account for this exception to apply. Further the ACA's legal advisors do not think the legislation intended to introduce a business needs test as such, rather, it intended for carriers to comply with the criteria it provides within the provisions.

If the opinion of the ACA's legal advisers is correct concerning absence of a 'needs' test, the ramifications are extensive.

Lack of a needs test affects disclosure and use of all personal information about telecommunications users and the content of their communications, that is, not only calling number information and not only in relation to calls made to ISPs.

It would mean that members of the telecommunications industry can disclose and use, among other members of the telecommunications industry, information about current and former customers without their consent whenever it is said that this is for the purpose of not only supply, but proposed supply, of a service to a person, i.e. apparently including for the purpose of direct marketing of their services.

As stated in our complaint to the ACA: "If Section 291 could be interpreted in such a manner [re calling numbers], the same sub-section could equally easily be interpreted to permit a carrier or an ISP to disclose personal information (name, address, telephone number) about their customers, without their customers' consent, to for example a pay television provider "for a purpose of, or is connected with...the proposed supply by" a pay television service provider of "a content service" (s291(1)(d)(i)." For example, ISPs and telephone companies could disclose current and former customers names, addresses and phone numbers to a pay television service provider for the purpose of facilitating the pay television service provider to contact those individuals proposing to supply them with a content service (i.e. unsolicited direct marketing).

An interpretation of s291 that results in the above situation is contrary to the overall intent of Part 13 of the Act to protect telecommunications user/s communications and personal information and therefore we find it unlikely such an interpretation is correct.

ACA decisions

35.        In considering its response to the findings of the investigation the ACA has made a number of decisions which pursue a non-adversarial approach to remedy identified breaches of the Act and code and inappropriate behaviours.

The decisions provide no remedy in relation to disclosures the ACA agrees are illegal under the Act, that is, when all four elements of s291 are not met, nor do the decisions include any measures to prevent continuation of illegal disclosure practices.

The decision in effect tells telecommunications service providers they can continue breaching the law, safe in the knowledge that the telecommunications regulator will not take any action to enforce compliance with the law.

It is acknowledged that this approach is not that preferred by the complainants. The ACA however has decided on this approach for the following reasons:

  • the investigation uncovered no evidence of malicious intent on the part of carriers and ISPs;

    The above is irrelevant. Malicious intent is not an element of the s276 offence, nor is absence of malicious intent a defence to contravention of s276.

  • there is reason to believe that the number of breaches committed by carriers is relatively very small with breaches committed by ISPs reasoned to be even considerably fewer;

    The number of breaches is irrelevant. The s276 offence is applicable to a single breach. The provision is intended to protect each individual's privacy. How often an individual's privacy is breached, and how many individuals' privacy is breached, is totally irrelevant to a finding of contravention of s276.

    Further, the "reason to believe" that the number is "relatively very small" stated in the ACA response (para 11) consists entirely of speculation by the ACA. It is littered with remarks such as "the number...is not known", "the figures...are not available", "it is believed", "it is thought", "it is possible", etc.

    In addition, in speculating that the number of illegal disclosures would be small, the ACA has used a construction of s291 of the Act that we consider to be wrong. It contends, for example, that Telstra is allowed to disclose private information about most people, even if they are not Telstra customers, because they are probably former customers of Telstra. Even if that aspect of the ACA's construction is correct, the ACA response fails to take into account the fourth element of s291 (i.e. s291(1)(d)) requiring supply to the person whose information is being disclosed, as discussed in detail under para 9 earlier herein.

  • there is concern that carriers will be unable to definitively identify the CLI of customers who have CND enabled and who are not current or former customers of the carrier disclosing or the ISP using the CLI

    We agree that when carriers automatically override a telephone subscriber's or caller's calling number blocking instruction, they cannot possibly know at the time of the automated disclosure whether or not the silent or other blocked calling number information relates to one of their, or the ISP's, current or former customers. This fact was a principal point made in our complaint.

    However, much the same as ignorance of the law is not a defence, use of automated technology by carriers that enables them to be ignorant of whether or not they are breaking the law in any particular instance is not a defence to contravention of s276.

    and, as a consequence, carriers may implement a technical solution whereby they cease to disclose any CLI to ISPs.

    That is a choice for carriers. However, there is no probability whatsoever of the above claimed consequence. The technical solution has long existed and has long been used by carriers in Australia. It is entirely legal for carriers to disclose calling number information to ISPs and any other types of customers, unless the call is made with a CND block in place. The only reason carriers are currently breaking the law is because they have relatively recently and intentionally chosen to over-ride telephone subscriber and caller CND blocking instructions on calls made to some ISPs.

    Such a solution could disadvantage carriers and responsible ISPs in the conduct of their business, for example investigation and prevention of fraud; may diminish the capacity of carriers and ISPs to develop technology and business models which benefit the Internet user community and may hamper law enforcement agencies in the collection of information under warrant.

    Responsible carriers and ISPs would ensure of their own volition that they comply with the law. In relation to the other matters referred to above:

    1. Re "investigation and prevention of fraud"

      As discussed in detail in Attachment 4 to our complaint to the ACA, ISPs cannot use calling number information to prevent fraud unless the particular customer has previously notified the ISP of the number/s they will be calling from. There is therefore no justification for ISPs to covertly and illegally collect calling numbers without consent for a claimed purpose of preventing fraud. Customers who wish to receive this type of value-added security protection (and do not travel or otherwise call from numbers not known in advance) can be advised by the ISP that if they have line blocking implemented, they will need to dial the unblocking code in order to use their Internet access account. Other claims by some members of the industry were also addressed in detail in Attachment 4, and the ACA has not disputed any information therein.

    2. Re "may diminish the capacity of carriers and ISPs to develop technology and business models which benefit the Internet user community".

      The above implies that the Internet user community would benefit from technology and business models that necessitate invasion of users' privacy without consent. However, it is a well known and documented fact that a major impediment to uptake of e-commerce is public concern about privacy online. Technology and business models that do not provide Internet users with a choice in relation to privacy of their personal information is highly unlikely to be popular. In any case, telecommunications service providers are not above the law, notwithstanding the ACA's decision, and they are already obligated to comply with the law in developing technology and business models.

    3. Re "may hamper law enforcement agencies in the collection of information under warrant".

      It is astounding that the ACA considers it appropriate to allow telecommunications service providers to continue breaching the law because that might help them to help law enforcement agencies catch other people who breach other laws.

Decision 1

36.        That carriers and ISPs be required to ensure their customers are made aware of the circumstances in which CLI will be provided to ISPs; clearly identifying that the CLI of any phone line, whether it has an unlisted number or has CND blocked, used to access the Internet may be disclosed and used.

The above circumstances currently include circumstances where the disclosing carrier is contravening s276 of the Telecommunications Act 1997. Given the ACA has decided to take no action to enforce compliance with the law, we question whether the ACA will require carriers and ISPs to inform customers that silent and blocked calling number information will be provided to ISPs in circumstances in which the disclosure is a criminal offence.

[Note: Decisions 2-15 address breaches of the Industry Code and other matters, not breach of the Act.]

Decision 16

67.        The complainants be advised of the outcomes of this investigation, including what remedial action is proposed by the ACA. In particular the complainants be advised that contrary to the relief they have sought, the ACA will not at this time be launching prosecution against carriers or ISPs found to be in breach of the Act or the code.

While the complaint to the ACA did request the ACA to arrange for the prosecution of corporations found to have breached the law, that is not the only form of relief that was sought. Among other things, we also requested the ACA to issue a warning to all carriers and carriage service providers (includes ISPs) concerning compliance with the Telecommunications Act 1997 in relation to the prohibitions on disclosure and use of silent and other blocked scaling number information.

It is of extreme concern that the ACA has decided not to take any action whatsoever directed to ensuring service providers comply with the law from now on. In our opinion, the ACA must take firm action in relation to the breaches of s.276. Specifically, we believe that the ACA must:

  1. prosecute the organisations that committed the breaches;
  2. if not, then obtain a Federal Court injunction requiring all relevant organisations to comply with s.276 (as the ACA is empowered to do by Part 30 of the Act);
  3. if not, then:
    1. issue directions to all relevant organisations, requiring them to comply with s.276 (as the ACA is empowered to do by Part 4 Div 5 of the Act); and
    2. put in place firm arrangements to conduct a follow-up investigation 6 months after the directions are issued; and
    3. prosecute organisations that continue to be in breach of s.276.

You are here: EFA Home » Issues » Privacy » Calling Number Display » Complaints re blocked calling number disclosure » Complaint to C'th Ombudsman  » Attachment 1