ASIC on Internet Filtering

estimates

Budget Estimates - Tuesday 4 June 2013 - Economics Committee

Senator LUDLAM: I would like to bring us back to where you started. Mr Kell, I missed the beginning of your opening statement. It is probably no surprise that I am going to take you back to that topic. I think part of what I might have missed was where you told us the number of times that ASIC has used section 313 of the Telecommunications Act to knock out a particular website.

Mr Kell : Over the past 12 months we have used the power 10 times. Just to clarify: it is not so much to knock out a website but, rather, to block access to the website by Australian consumers or investors who go through Telstra, for example. Our objective is to ensure that they do not lose money through overseas criminal operations.

Senator LUDLAM: If you are trying to view that site from an Australian IP address you will not be able to see it.

Mr Kell : That was the basis upon which we were seeking the document. That is correct.

Senator LUDLAM: What about in the previous 12 months?

Mr Kell : No. That is the extent of our use of the power. I do not know whether you caught the end of my statement. We are making a commitment that we will publicly report on our use of the section 313 powers. ASIC wants to be as public as possible because of the nature of what we are trying to do with this to target websites. We would like the public to know about this, so we will report publicly on our use of the power.

Senator LUDLAM: The kinds of scammers you chase, who use sites to back up the direct social engineering-

Mr Kell : That is part of it, yes.

Senator LUDLAM: Those scammers have existed, probably, for as long as the internet has. Why have you started using these notices just in the last 12 months?

Mr Mullaly : We made a conscious decision to try to interrupt these kinds of criminal activities in the most efficient way that we could.

Senator LUDLAM: Why were you not doing this five years ago, for example?

Mr Kell : The evolution of our efforts to combat these activities has involved various ways of dealing with the websites over the years. We have tried in the past on numerous occasions to get voluntary compliance by domain registries and other overseas agencies to suspend or take down websites. We have found that that is not always effective. It can be far from straightforward for overseas based operations. It can be a form of disruption that is not as timely as we would like. Time is of the essence in these matters because if you can stop people getting in early you can reduce the losses. This appeared to us to present an additional opportunity to limit the exposure of Australian consumers and investors to these sites.

Senator LUDLAM: Were you inspired-that is the wrong word; I am trying to work out exactly what the right word would be. Noting that the Federal Police have started using that section of that act to knock out a set of websites that is maintained by INTERPOL, that mechanism had not been used to block content before. Is that what inspired ASIC to start using this method?

Mr Mullaly : No. There had been discussions as part of Task Force Galilee, which is aimed at trying to reduce the harm in relation to cold-calling scams. As part of that process, we looked at a whole range of ways that we could interrupt and take action in relation to these illegal activities.

Senator LUDLAM: Were you aware that the Federal Police were using that method at the time?

Mr Mullaly : No, I was not aware. I am not sure that ASIC was aware either.

Senator LUDLAM: So it is by pure coincidence that that section of the act has been there for years and years and, within months of each other, two agencies have started using those notices in a completely unique way?

Mr Mullaly : I am not aware that there was any discussion by one agency about its use in relation to one area that they have regulatory responsibility for. There is the suggestion that we use it in relation to illegal activity, fraudulent websites. However, there were discussions at Task Force Galilee level about how to take action in relation to cold-calling scams.

Senator LUDLAM: Because this is a rather unique way of using that section of the act, could you provide for us a de-identified copy of what the letter that goes to the service provider looks like? Scrub anything that would compromise a particular operation.

Mr Mullaly : I think we can do that.

Senator LUDLAM: That would be much appreciated.

Mr Mullaly : ASIC's deputy chair said at the beginning that we have received a number of FOI requests and we will fully comply with those FOI requests, as we are required to under the law.

Senator LUDLAM: Excellent. I would expect you to. That is good. There might be a way of just getting a bit of a sense of how these notices are being used, because there is no provision under that section of the act for anything like a notice, so I presume you have just invented a form of words by way of a letter to a service provider. Is that what it is roughly going to look like?

Mr Mullaly : Essentially, yes.

Senator LUDLAM: 'Dear Telstra'; 'Dear iiNet'. How many of these letters do you have to send out? Is it one to each ISP that currently serves customers in Australia?

Mr Mullaly : No, the letter is sent out-and I cannot say exactly on all 10 occasions-it is faxed out to the telecommunication carriers. In what you might call the address field, it has the telecommunication carrier's name-I think there were five of those and, on some occasions, there might have been fewer-the fax number or the email address, and we send it out that way.

Senator LUDLAM: There are hundreds of ISPs serving content to Australian customers, though. Do you send hundreds of faxes?

Mr Mullaly : No.

Senator LUDLAM: So you only go after the largest ones?

Mr Mullaly : We send it to the largest ones. Regarding some of the technology aspects, I have to say that I am not totally across them. However, as I understand it, some of the carriers control the pipelines, as they have been described to me, from Australia to the international, overseas providers. By serving on those particular carriers, we get to the majority.

Senator LUDLAM: So you might be a smaller ISP that is not served one of these faxes. You might not even know that at the gateway level particular forms of content are being blocked? That is a reasonable consequence, I suppose, isn't it? So you have sent faxes to the five or 10 largest ISPs who have also, therefore, blocked the gateways into Australia-I was not aware of that-so therefore the rest, in the low hundreds, I suppose-

Mr Mullaly : There might be some.

Mr Kell : I just make the point that that may be the case in relation to our past use on those 10 occasions. We are consulting with other law enforcement agencies, with the carriers and with others to ensure that, from ASIC's perspective, there is greater transparency around how it is used and who it applies to in the future. The sort of issue you have raised is one of the issues that we will discuss. As I have said before, ASIC want to be very public about this. We want people to know about it.

Senator LUDLAM: I want to very briefly change the subject. I will come back to content blocking. Can I confirm that ASIC supports the retention of telecommunication data and also content? I note that Commissioner Tanzer, at the hearing of the joint committee on 27 September in Sydney, was pretty forthright about ASIC's inability to access lawfully intercepted information. This relates to the data retention proposals that were forwarded by the Attorney-General to the joint committee. Could you confirm for us that it is ASIC' view that a data retention scheme would be good for the work of the agency?

Mr Kell : I do not think we have changed our view from what Commissioner Tanzer said on that occasion. I do not have before me exactly what he said.

Senator LUDLAM: For what length of time do you believe telecommunication data should be retained?

Mr Kell : We would have to take some of those issues on notice.

Mr Price : If data retention were introduced, I think it would be subject to an appropriate consultation process about length of time and so forth.

Senator LUDLAM: Yes. I am interested to know what ASIC would bring to the table. It would certainly need a degree more consultation than it has had thus far, but what is the position of ASIC? That is what I am interested in while we have you here.

Mr Price : That is a hypothetical question, I think.

Senator LUDLAM: No, not at all. It is real and present. Your commissioner has been telling the committee what ASIC's policy is. I am just trying to draw you out on some details that were not canvassed. For what length of time do you believe data retention should be implemented? For what forms of data-whether it is just the traffic data or the telecommunication's data or also content? Do you support the Attorney-General's view that it should be rolled across the entire population of the country, including, obviously, everyone sitting in this room?

Mr Kell : I think it would be better for us to take those questions on notice. We are happy to provide a response.

Senator LUDLAM: And the purpose of that, as to whether or not it would actually improve your record of successfully prosecuting people? Perhaps we could go to the cause or why.

Mr Kell : Yes.

Senator LUDLAM: You posted a press release on 22 March that had a bit of pickup, at least in the Fairfax and the online tech press on subsequent days, about the global capital wealth case, which is the one that was subject to be overblocking. When did you first hit 'send' on your fax machine on the global capital wealth instance-on what day?

Mr Mullaly : I would need to have a look at the exact dates. I should say, in relation to global capital wealth-and this gives an indication of the sort of thing that we are up against-there were four locations, as far as I know, under different guises, that that criminal organisation had websites up on, trying to defraud Australian consumers.

Senator LUDLAM: Yes. What date did you initiate that block request?

Mr Mullaly : I am not aware of the exact date. I will have to take that on notice.

Senator LUDLAM: On what date were you aware that you had overblocked by a factor of about 1,200?

Mr Mullaly : I think we were made aware of that on 11 April. That was not in relation to, as far as I am aware, the notice served on 22 or 26 March; it was in relation to a notice served, I think, on 3 April. I clarify that it was a request made. We do not serve notices. It is a request made.

Senator LUDLAM: But it is pursuant to the law of the land. It is a fairly uncompromising request. You are not asking nicely; you are saying, 'You are legally obliged to block this content.' Right?

Mr Mullaly : The reading of the section is that the telecommunication carrier has to give reasonable assistance. They have the ability to consider whether or not it is reasonable assistance and they could come back to ASIC or to any other requester and raise an issue with us.

Senator LUDLAM: In the 10 notices-I do not know whether to refer to them as notices, but you know what I mean-

Mr Mullaly : Requests.

Senator LUDLAM: that you have issued in the last 12 months, have you ever had an instance of an ISP coming back and saying, 'Thanks, but no thanks'?

Mr Mullaly : Not that I am aware of.

Senator LUDLAM: Could you check that on notice, just in case that turns out to be the case? I will bring this to a close. You have taken quite a bit of material on notice. Could you disambiguate for us the chain of events and the particular block request that led to the overblocking?

Mr Mullaly : We can, Senator.

Senator LUDLAM: It is also my understanding that, if somebody does attempt to access any of the websites that you have requested to be blocked, you do not actually get any kind of notification. Nothing comes up. The site is just not there. Is that right?

Mr Kell : That is one of the issues that we are currently looking at. From our point of view, again, it would be desirable, given the reasons we are seeking to undertake the blocking-and we do not know how technically feasible it is-to have a pop-up page indicating why access has been blocked and warning people about the risks associated with that particular website. So that is something we are considering in our discussions with carriers and others at the moment.

Senator LUDLAM: Are you part of the committee that the department of communications and broadband has convened? We now have three agencies that are blocking in their own portfolios, with no central coordination or oversight, no lists-nothing, really-and an unidentified but much larger number of agencies who could potentially use these notices to block whatever content they think should be knocked off the net. When are you expecting that those discussions will come to a close? And are you participating in that cross-agency working group or whatever it is that Senator Conroy's department has initiated?

Mr Mullaly : We attended a meeting of agencies, convened by that department-broadband.

Senator LUDLAM: On 22 May?

Mr Mullaly : Yes, I think it was that date. So, we attended that. As far as I am aware, no committee has been formed. If a committee has been formed, we have not been entitled to sit it.

Senator LUDLAM: Not a committee, but a working group, or whatever it is.

Mr Mullaly : Well, certainly there were indications and, as we have said, we are entirely open to working with other agencies-other law enforcement agencies, telecommunications carriers-to get a process that will achieve the right outcome.

Senator LUDLAM: Just one last one on notice, if I could, because time is short: could you provide for us the precise section of the act-I presume it is going to be the Telecommunications (Interception and Access) Act 1979-on which you are resting your power to even issue these notices in the first place? Could you provide the committee, on notice, with where you think your legal authorisation to actually issue these letters in the first place derives from? There is a bit of ambiguity about how you are even able to do that. I cannot write to IRNet and ask that a website that offends me be knocked over.

CHAIR: You can ask that question.

Senator LUDLAM: If they could just provide that on notice, that would be fine.

Mr Mullaly : We do not provide legal advice, that is all.

Senator LUDLAM: It is not legal advice. I want to know how what you are doing is lawful.

Mr Mullaly : It is not sites that offend us; it is illegal activities. These are people who are defrauding Australians on a continuous basis.

Senator LUDLAM: I am not going to that.

Mr Mullaly : Well, you mention offending sites. These do not offend; they are illegal.

Senator LUDLAM: Do you believe that any site, anywhere on the net, that is hosting content that is arguably illegal should be blocked from Australian consumers by whichever agency has got responsibility? Is that really where this is going?

Senator Thistlethwaite: Hang on: that is asking for an opinion.

Senator LUDLAM: I have just been given an opinion, so I think it is reasonable to ask for one.

 

untitled_5.pdf