ANTI-SPAM TEAM Complaints Handling and Investigations Guide Version 2.2: Last update completed March 2009 Version 2.3: Last update completed 27 April 2009 Version 2.4: Corrections by Julia Cornwell McKean, completed 6 May 2009 Version 2.5: Addition by S. Craze on administrative closures Version 2.6: Addition by S. Craze on enforceable undertakings, 21 September 2010 Version 2.7: Update completed 4 October 2010 Version 2.8: Currently under revision TABLE OF CONTENTS TABLE OF CONTENTS... 1 FIGURES, DIAGRAMS AND TABLES... 7 1. INTRODUCTION... 12 1.1. Regulatory responsibility... 12 2. COMPLIMENTARY DOCUMENTS... 13 3.1. Ethical behaviour... 15 4. APPROPRIATE LEGISLATION... 15 4.1. Spam Act... 15 4.2. Telecommunications Act... 16 4.3. The ACMA Act... 16 4.4. Privacy Act... 16 4.5. Other legislation... 17 5. COMPLAINTS, ENQUIRIES AND REPORTS... 17 5.1. Differentiating between complaints, enquiries and reports... 20 5.2. Online submission forms and auto-reply... 21
Anti-Spam Team Standard Operating Procedures 2009 2. Complaint and report online submission forms... 91 3. Complaints handling policy... 91 6
Anti-Spam Team Standard Operating Procedures 2009 FIGURES, DIAGRAMS AND TABLES Figure ii: Screenshot of auto-reply from CRM for an SMS complaint... 21 Figure iii: SpamMatters reporting tool... 26 Diagram ii: AST CRM Process Flowchart... 19 Diagram iii: AST complaints handling flowchart... 23 Diagram iv: SpamMatters database organisation structure... 27 7
Anti-Spam Team Standard Operating Procedures 2009 GLOSSARY Address harvesting software Affidavit Aggregator Anti-Spam Team (AST) Australian Business Number (ABN) Australian Company Number (ACN) Australian Communications and Media Authority (ACMA) Australian Competition and Consumer Commission (ACCC) Australian Federal Police (AFP) Australian Government Solicitor (AGS) Australian High Tech Crime Centre (AHTCC) Australian Securities and Investments Commission (ASIC) Australian Security Intelligence Organisation (ASIO) Carriage service provider (CSP) The Spam Act defines address-harvesting software as software that is specifically designed or marketed for use for a) searching the internet for electronic addresses; and b) collecting, compiling, capturing or otherwise harvesting those electronic addresses. A written statement on oath, sworn before an authorised official (usually a solicitor), often used as evidence in court proceedings. A provider of message sending platforms, database management, tracking and reporting features, billing services (usually for SMS), customer helplines and unsubscribe facilities, among other things, to clients and clients customers ACMA team responsible for education, compliance and enforcement of the Spam Act. The ABN is a unique 11 digit identifying number that Australian businesses use when dealing with other businesses for taxation purposes. A unique nine-digit number issued by the Australian Securities and Investments Commission (ASIC) to every company registered under the Commonwealth Corporations Act 2001 in Australia and used as an identifier. Commonwealth Government regulatory agency for broadcasting, radiocommunications, telecommunications and the internet. Commonwealth Government agency primary responsible for ensuring that individuals and businesses comply with the Commonwealth competition, fair trading and consumer protection laws. The principal law enforcement agency through which the Commonwealth pursues its law enforcement interests. Provide legal services to Australian Government and State Government departments and agencies, and for entities in which the Australian Government has an interest, domestically and internationally. AFP coordinated centre that provides a nationally coordinated approach to technology-enabled crime. Commonwealth Government regulatory agency for Australia s corporate sector, financial markets and financial services. Commonwealth agency enabled to warn the government about activities or situations that might endanger national security. A supplier of listed telecommunication carriage services to the public using a) a network unit owned by one or more carriers; or b) a network 8
Anti-Spam Team Standard Operating Procedures 2009 unit in relation to which a nominated carrier declaration is in force. Commercial electronic message Complainant Complaint Consent Content service provider Customer Relationship Management (CRM) Electronic account-holder Electronic address Enforceable undertaking Enquiry Express consent Formal warning Identify Inferred consent Infringement notice An electronic message sent by email, SMS or IM that advertises or offers to supply goods or services, among other things. Full definition in section 6 of the Spam Act. An individual who expresses a grievance about electronic messages they have received. An expression of grievance about a matter. To grant permission to receive commercial electronic messages from the sender. A person or business who provides message content and accompanying products and services to mobile telephones. Used by AST to describe the complaints database used to receive and respond to spam complaints and enquiries. The owner or account-holder of an electronic address, such as an email address, mobile telephone number or IM account. An email address, mobile telephone number or IM account, or similar account as allowed within the meaning of commercial electronic message. An agreement offered by a person or business and accepted by ACMA that provides certain actions (undertakings) the person or business must comply with. Should these undertakings not be complied with, ACMA may take enforcement action against the respondent. A request for information or question about spam, the Spam Act or associated codes. When a person has specifically provided permission to receive commercial electronic messages from the sender by, for example, subscribing to the sender s electronic list. A letter issued under section 41 of the Spam Act that documents alleged contraventions of the Spam Act. A formal warning does not incur a financial penalty but will contribute to enforcement action resulting from subsequent investigations. Under section 17 of the Spam Act, commercial electronic messages must contain clear and accurate sender identification. Where a message sender can reasonably assume from certain conduct or relationships that a message recipient had consented to receive commercial electronic messages. Under the Spam Act, considered to be similar to a settlement of an investigation, rather than a fine (i.e. like a parking ticket). It is not an 9
Anti-Spam Team Standard Operating Procedures 2009 admission of guilt, but a mutually agreeable resolution to the matters at hand. Injunction Interview List-broker Prior record Report Respondent SpamMatters Spam Act 2003 (Spam Act) Spam Intelligence Database (SID) Spam Manual Statement of claim Statute of limitations Statutory Notice Manual Telecommunications Act 1997 (Telecommunications Act) TRIM A judicial process or order requiring the person or persons to whom it is directed to do or (more commonly) not to do a particular thing. Injunctions can only be granted by a court of law. The process of questioning a person about allegations made against them concerning alleged breaches of the Spam Act. A provider of personal information that is collated and sold for marketing purposes. Where allegations of breaches of the Spam Act have been found against a respondent before. Increased penalties apply where a prior record has been established in the Federal Court. A notification sent to AST about or concerning spam that does not express a grievance. The person or business AST is investigating. A spam reporting tool that can be installed in Microsoft Outlook email programs or used via Telstra s BigPond webmail to report email spam directly to ACMA. The legislation that sets up a scheme for regulating commercial electronic messages in Australia. A database containing emails reported via the SpamMatters, Telstra or Bigpond buttons. These emails are processed and key information is extracted to assist the user. A document prepared by Legal Services Division providing detailed information on enforcing the Spam Act. The document which sets out the plaintiff's allegations of fact and thus, engages the judicial process by seeking trial. A statute prescribing the time period during which legal action can be taken. A document prepared by Legal Services Division providing detailed information on statutory notices available to the Anti-Spam Team to investigate spam. The legislation that provides regulatory framework that promotes the long-term interests of end-users of carriage services and the efficiency and international competitiveness of the Australian telecommunications industry. ACMA s document management and archive system. 10
Anti-Spam Team Standard Operating Procedures 2009 Unsubscribe Unsubscribe facility Wiki Without prejudice Witness Witness statement Section 18 of the Spam Act states that all commercial electronic messages must contain a functional unsubscribe facility. The functionality in an electronic message to remove an electronic address from a database, e.g. sending STOP to a dedicated number; clicking a link in an email. An information management system used by AST to keep updated on investigations and other team matters. A statement set onto a written document such as a letter, which qualifies the signatory as exempt from the content to the extent that it may be interpreted as containing admissions or other interpretations which could later be used against him or her; or as otherwise affecting any legal rights of the principal of, or the person signing. A person who perceives an event (by seeing, hearing, smelling or other sensory perception). A written document signed and dated of a witness version of events. 11
Anti-Spam Team Standard Operating Procedures 2009 1. INTRODUCTION Under the Spam Act 2003 (Spam Act) it is illegal to send, or cause to be sent, unsolicited commercial electronic messages. The Act covers email, instant messaging, SMS and MMS (text and image-based mobile phone messaging) of a commercial nature. The Anti-spam Team (AST) of the Australian Communications and Media Authority (ACMA) is responsible for enforcing the Spam Act. AST s role includes: educating consumers and businesses about spam, how it can be prevented and what to do about it; responding to enquiries about e-marketing activity and compliance with the Spam Act; receiving and managing complaints and reports from consumers and businesses; undertaking preliminary enquiries into allegations made against individuals and businesses concerning contraventions of the Spam Act; conducting investigations into alleged contraventions of the Spam Act; taking enforcement action for contraventions of the Spam Act; liaising with international agencies to assist in global action against spam. This document focuses on procedures and issues around spam complaints handling and investigations. 1.1. Regulatory responsibility There are a number of government agencies and bodies involved in dealing with spam and internet content in some capacity. The diagram below gives an indication of the complexity involved in regulating electronic messages and content. Diagram i: Who is responsible for regulation of electronic messages? 12
Anti-Spam Team Standard Operating Procedures 2009 Section 20: Address-harvesting software and harvested-address lists must not be supplied (relevant to the supplier); Section 21: Address-harvesting software and harvested-address lists must not be acquired (relevant to the purchaser); and Section 22: Address-harvesting software and harvested-address lists must not be used. Sections 20, 21, and 22 is not a contravention if the use was not in connection with sending commercial electronic messages without consent (section 16). The Spam Act provides civil penalty provisions for contraventions of these sections and provides the ACMA with broad powers to accept enforceable undertakings. The Spam Act does not cover faxes, internet pop-ups or voice telemarketing. Fax marketing was removed from the Spam Act by regulation in 2004. Voice telemarketing is covered by the Do Not Call Register Act 2006. 4.2. Telecommunications Act The ACMA is provided powers under Part 26 of the Telecommunications Act 1997 (Telecommunications Act) to accept complaints and investigate spam (section 509). The ACMA can commence a preliminary inquiry (section 511) and proceed to an investigation (section 512) 1. Section 512 allows the ACMA to conduct investigations and allows respondents to make submissions against allegations. Part 27 of the Telecommunications Act provides the ACMA with information-gathering powers. Of particular relevance are sections 521 (obtaining information and documents from carriers and service providers) and section 522 (obtaining information and documents from other persons). Part 28, Division 2 of the Telecommunications Act provides the ACMA powers of enforcement and the appointment of inspectors. Division 3 and 4 of the Telecommunications Act gives the ACMA the power for a court to issue warrants to search, and the power to seize for offences against the Telecommunications Act and the Spam Act. Division 5A of the Telecommunications Act (sections 547A to 547J) gives the ACMA specific powers for an inspector to monitor compliance with the Spam Act with the consent of the occupier. Compliance warrants can be applied for, but strict conditions must exist before a magistrate can issue them. 4.3. The ACMA Act This Act establishes the ACMA as a government agency and details its functions, powers, liabilities, requirements relating to the functions and powers, constitution, membership, decision-making and delegations, amongst other things. 4.4. Privacy Act The Privacy Act sets out rules for the use of personal information by businesses and government agencies. In particular, it establishes the National Privacy Principles: 1 A preliminary inquiry in advance of an investigation is not a requirement. 16
Anti-Spam Team Standard Operating Procedures 2009 1. Manner and purpose of collection of personal information; 2. Solicitation of personal information from individual concerned; 3. Solicitation of personal information generally; 4. Storage and security of personal information; 5. Information relating to records kept by record-keeper; 6. Access to records containing personal information; 7. Alteration of records containing personal information; 8. Record-keeper to check accuracy etc. of personal information before use; 9. Personal information to be used only for relevant purposes; 10. Limits on use of personal information; and 11. Limits on disclosure of personal information. A fact sheet on the intersections between the Spam Act and the Privacy Act is available from the Office of the Privacy Commissioner s website at www.opc.gov.au 4.5. Other legislation Other Acts of Parliament may be appropriate depending on the circumstances. Spam has been found to cross numerous legislative areas, such as inappropriate online content, fraud, phishing, misrepresentation and deceitful conduct. 5. COMPLAINTS, ENQUIRIES AND REPORTS The ACMA receives complaints, enquiries and reports about electronic messages primarily through online submission forms available at www.spam.acma.gov.au and through the SpamMatters Reporting Tool (SpamMatters) and the Telstra/Bigpond buttons. Reports made through SpamMatters and the Telstra/Bigpond buttons are received and stored in the Spam Intelligence Database (SID). Other areas of the ACMA also refer enquiries and complaints about spam. A dedicated telephone number is also available for telephone enquiries, complaints and reports and AST also receives written and fax correspondence from the general public. All spam complaints, reports and enquiries are to be handled in accordance with the Spam Complaints Handling Policy. The policy is available to the public at: http://www.acma.gov.au/web/standard/pc=pc_311907 Unlike other areas of the ACMA, AST handles first resort complaints, enquiries and reports directly with a dedicated Customer Relationship Management (CRM) system. There is no escalated complaints handling body for unsolicited commercial electronic messages. By December 2008, AST was receiving between 300 and 400 complaints per month and between 50 and 100 enquiries per month through the CRM. Hundreds of thousands of reports are received by SID every month. In June 2010, these numbers had increased to 226 complaints, 442 reports, 437 Spam SMS reports and 100 enquiries. The amount of emails reported into SID per month has also increased substantially with the database storing over 52 million reports. 17
Anti-Spam Team Standard Operating Procedures 2009 Before making a complaint, report or enquiry with the online submission form, the submitter is advised that the Spam Act does not cover: Some scams: Scams that do not fall under the purview of the Spam Act should be reported to the Australian Competition and Consumer Commission s Scamwatch [www.scamwatch.gov.au] website or to phone the ACCC at 1300 302 502 during business hours; Voice telemarketing: complaints can be made through the Do Not Call Register website [www.donotcall.gov.au]; The content of spam: spam the submitter considers may be prohibited can be reported to ACMA s Content Assessment Team through a dedicated submission form; and Faxes: marketing faxes to fax numbers registered on the Do Not Call Register can now be reported through the Do Not Call Register website. It is important to note that common understanding of the term spam may differ from the strict definition provided in the Spam Act. Spam may be construed to cover the Australian definition of an unsolicited commercial electronic message and also a method of distribution. For example, a phishing scam (a request for the message recipient often under the guise of a well-known bank or service provider to submit personal information or click a hyperlink in an email) may be received by email and be routed through dozens of computers located across the world. This type of message could be considered spam by the recipient. ACMA may direct these types of emails to the AHTCC as the criminal element to the scam and the potential impact on the recipient is more serious than the Spam Act contraventions. AST s online submission forms allow for information about electronic messages to be submitted anonymously. The only essential field on the forms is for an email contact address. This is required for the submission to be logged in the CRM. However, in accordance with the Complaints Handling Policy (attachment) failure to provide sufficient information, including not consenting to release the electronic address the message was sent to, may mean there is little AST can do to resolve a complaint from the submitter. Full procedures on handling complaints using CRM are available in TRIM at [ED09/37204]. The flowchart at diagram ii outlines the process followed when escalating a complaint, enquiry or report. 18
Anti-Spam Team Standard Operating Procedures 2009 Diagram ii: AST CRM Process Flowchart 19
Anti-Spam Team Standard Operating Procedures 2009 In the event a complaint is received by fax or letter, a CRM ticket can be created by the Compliance Officer and the complaint details can be included within the new ticket. 5.1. Differentiating between complaints, enquiries and reports AST considers a report to be an advice of spam activity where no grievance has been expressed and no clear statement has been provided by the submitter that they are seeking a resolution to the matter. Reports are received by AST by SID, the online submission form, the Spam SMS service, or by email directly into CRM. For SID reports, AST receives minimal information on the submitter and the submitter is not given an opportunity to comment on the report. For Spam SMS reports, AST receives the submitter s mobile telephone number (not the original message sender s number) and the message content. Reports through the online submission form may include some personal information and detail. Submissions are considered reports if: the content of the message means the submission is more suited for another agency, e.g. phishing, mule recruitment and Advance Fee (419) scams; and/or the submitter has simply forwarded an email to the AST email address or copied it into an online submission form without any explanation, or with limited explanation such as more spam received today. AST defines a complaint as an expression of dissatisfaction which does not include a request for information. A complainant needs to give a clear indication of the problem they have with the message received, for example the message: was unsolicited or sent without the recipient s permission; does not identify who sent it; does not contain an unsubscribe function or clear advice on how to unsubscribe from receiving future messages; attempts to unsubscribe have been made but were unsuccessful; and/or was one of a series of messages received and the complainant has discovered their telephone account has been charged. In practical terms, the complainant must have completed all relevant information on the complaint form and provided enough information to AST to either contact the message sender on the complainant s behalf or identify the message sender in some capacity, including a 1800, 1300 or 19 telephone number or a website address. In addition, the complainant needs to provide information on any relationship they may have with the message sender and any attempts made to unsubscribe. It is sufficient for the complainant to answer don t know or no. The complaints handling process at item xx will explain handling complaints further. An enquiry is a request for information. AST may receive enquiries from: businesses about compliance with the Spam Act; individuals and businesses with questions about whether an issue is covered by the Spam Act; and users of SpamMatters requiring technical support. 20
Anti-Spam Team Standard Operating Procedures 2009 5.2. Online submission forms and auto-reply AST s complaints and enquiries forms are available on the ACMA s website at www.spam.acma.gov.au and through various links throughout the ACMA website at www.acma.gov.au There are seven forms available for use depending on the way the electronic message was transmitted: 1. email complaint form 2. email report form 3. SMS/MMS complaint form 4. SMS/MMS report form 5. instant message complaint form 6. instant message report form 7. enquiry form A standard complaint form is not used because AST requires specific information based on the way the electronic message was transmitted. For example, a complaint about an email will require email headers to be included so AST can determine where the email came from. An SMS may have telephone numbering information that AST will require to handle the complaint. All complainants are advised of the ACMA s privacy policy and the Complaints Handling Policy before lodging their complaint. Once the complaint or enquiry form is submitted, an auto-reply message is sent straight to the submitter. This is sent from AST s CRM system and indicates that the complaint has been received by the CRM and a unique identifier for future correspondence. Figure ii: Screenshot of auto-reply from CRM for an SMS complaint 5.3. Naming conventions All tickets are to be named in accordance with the established naming conventions on a daily basis. CRM includes drop-down menus named Type and Sub-Type to facilitate this process. The Type should be determined by the content of the report, either email, SMS, MMS or instant message. To identify the sub-type, the contents of the message submitted is to be reviewed. Sub-types can be either: 21
Anti-Spam Team Standard Operating Procedures 2009 a) General: the message appears to fit the standard definition of a commercial electronic message as defined in section 6 of the Spam Act; b) Scam: the message appears to fit the standard understanding of a scam, such as indicating the recipient has won a lottery; c) Designated commercial: the message appears to be factual in nature or sent by an entity that is exempt from the Spam Act; d) Potential Lure: the message contains a personal statement that may be intended to elicit a response for the purpose of gain but this is not clear; e) Other: the message does not fit any of these criterion. Email only b) Hacking/malware: the message appears to be associated with a compromised or hacked email account; c) Overseas: the message appears to have originated overseas and has no other identifying features; d) Phishing: the message appears to fit the standard understanding of a phishing scam; e) Pornography: the message appears to be sexually explicit in nature but without commercial content; f) Spoofing: the message appears to be associated with a spoofed email account; SMS only g) Premium Ad: an SMS report with a message that appears to be promoting or advertising a premium mobile service and may include, for example, the prefix FreeMsg. Some messages which appear to be premium confirmation messages may in fact be premium ads; h) Premium confirmation: an SMS report with a message that appears to be eliciting a response from the recipient to continue an opt-in process and has no content which promotes or advertises a service, e.g. Reply Yes ; i) Premium service: an SMS report with a message that appears to be a message sent as part of a premium service; j) WAP Push: an SMS report with a message that appears to be a WAP push message, often identifiable by a long URL included in the content. The Business Name and Free Text fields should be completed with the relevant information included in the copy of the message. If this is not available, these fields can be left blank. Staff should spend no more than 10 minutes in identifying the message authoriser. 22
Anti-Spam Team Standard Operating Procedures 2009 5.4. Complaint handling procedure As indicated in diagram ii above, when handling complaints about spam, there are several indicators for how the complaint should be managed. Firstly it needs to be established that: the complainant has consented to their electronic address (email address, instant message account or mobile telephone number) being released to the business in question; there is an Australian link for the message; the message is commercial; the message in question is not exempt from the Spam Act; and in the event the message is an SMS message, it is not a mobile premium service message. Secondly, the Compliance Officer needs to ascertain that the complainant: has provided sufficient message content to identify the message sender s email address for emails and a shortcode or sender telephone number for SMS; has provided sufficient information to action the complaint, or whether more information is required; and has indicated their grievance and cause for complaint (i.e. no consent to receive such messages was given, no unsubscribe facility was included, efforts to unsubscribe were not actioned, insufficient identifying information was included) Once this information has been provided, the process outlined in the diagram below should be followed. Full procedures on handling complaints, including using AST s CRM system are available at: ED09/71294. Diagram iii: AST complaints handling flowchart 23
Anti-Spam Team Standard Operating Procedures 2009 24
Anti-Spam Team Standard Operating Procedures 2009 5.5. Standard replies to complainants and businesses AST has prepared form letters [ED08/153681] covering a wide variety of scenarios raised by complainants, including: Advising the outcome of contacting the business in question about the complaint; When the complaint concerns a non-commercial message or a designated commercial electronic message; and Complaints about areas where the ACMA is unable to assist the complainant or the complaint is outside of the ACMA s regulatory function. AST also has standard form letters for contacting businesses about complaints [ED08/146792]. 5.6. Online report handling procedure In accordance with AST s complaints handling policy, reporters of spam activity through the CRM process are sent a standard reply thanking them for their report. It is then logged into the report queue of CRM, named according to the established naming conventions and resolved. In the event that a reporter of spam replies to AST with more information on the submission, the ticket may be reopened and considered for suitability as a complaint. Reports should be handled in accordance with the AST Reports Policy at ED10/144508. Spam reports made into SID are discussed below. 5.7. Spam SMS report handling procedure In accordance with AST s complaints handling policy, Spam SMS reporters are sent an acknowledgement SMS thanking them for their report. The Spam SMS report is logged into the SMS_reports queue of CRM, named according to the established naming conventions and resolved. Spam SMS reports should be handled in accordance with AST Spam SMS Reports Policy at ED10/144509. 5.8. Enquiry handling procedure Enquiries are generally split into three categories: 1. Questions about the Spam Act; 2. Questions about how the Spam Act affects a business or intended business activity; 3. Questions about SpamMatters. Enquiries are personally answered with further direction provided with reference to the relevant section of the website. In the event the question is about a SpamMatter issue and the Compliance Officer is unable to answer it through the frequently asked question section of the website, the enquiry can be referred to the e-security section. 5.9. SID procedures Training materials on SID are available at: ED10/205070. 25
Anti-Spam Team Standard Operating Procedures 2009 pharmaceutical products; replica watches, bags and other accessories; online gambling and lotteries; mis-reported emails; designated commercial electronic messages (e.g. from charities, educational institutions or government agencies); Australian businesses and services; overseas businesses and services; and other campaigns. SpamMatters conducts a statistical analysis of a percentage of all reports received and organises them into campaigns. Once it identifies these campaigns, it then analyses the remaining reports to identify connections between reports. Diagram iv: SpamMatters database organisation structure 6. COMPLAINT RESOLUTION PROCESS Attempting to resolve complaints is required before commencing an investigation into contraventions of the Spam Act. Each complaint should be handled independently, although complaints about the same business entity or person can be handled together, if appropriate. Information required to assist in the resolution of complaints includes: Details of complaint(s); including a description of complainants allegations against the individual or business who has allegedly contravened the Spam Act; Details of subsequent correspondence from the complainant, including efforts the complainant has made to resolve the matter before making a complaint; 27
Anti-Spam Team Standard Operating Procedures 2009 Details of the respondent, including the business or individual s name, contact details and business registration numbers; Details of the respondent s response (if any) to other complaints and steps taken (if any) to resolve the matter. Consideration needs to be given to the respondent in question. For example, if the respondent is an ACMA stakeholder, it may be appropriate to contact the respondent by telephone to discuss the matter in an informal capacity. Alternatively, if indications so far show the respondent will not be cooperative and is unresponsive, a formal approach will be more suitable. 6.1. Information gathering The AST complaint forms have been specifically designed to gain sufficient information to investigate a complaint further. However, a complainant may choose not to provide some details in their complaint. For example, many complainants do not provide their consent to release their electronic address to the respondent. In most cases, AST can not resolve a complaint without this consent. The Compliance Officer is expected to follow up on any omissions or discrepancies that may have been in the complaint before the complaints resolution begins. The success of an investigation into suspected spam activity is significantly higher the more information a complainant can provide in their submission. It should be noted that without the original email, SMS or instant message and the cooperation of the complainant, the suitability of the complaint for further investigation should be carefully considered. However, in the event that several complaints have been received about the same respondent, further investigation may be considered where some complainants have provided sufficient information when others have not. AST does not provide the electronic account-holder s address to a respondent without the express consent of the complainant. 6.1.1. Investigation of respondent s antecedents ACMA records should be checked to determine if a previous relationship with the respondent has been established through an investigation. If this is the case, it may have some bearing on a future investigation. Information that may be collected includes: an advisory letter that may have been sent; any written warning letters issued under section 41 of the Spam Act; any previous infringement notices issued; any current undertakings or enforceable undertakings in force; any correspondence received in reply to enforcement action; or any previous history of prosecutions. Copies of any documentation relevant to antecedents should be attached to the relevant TRIM file. 6.1.2. Information gathering about the respondent Information gathering during the complaints resolution process should not be limited to: 28
Anti-Spam Team Standard Operating Procedures 2009 Web searches to find more information on the respondent, including the respondent s website; A search of the respondent s website domain name to uncover any linkages between the respondent and other parties; White Pages Online TM searches for the respondent s business location and contact details; Searches of premium shortcode owners and helpline telephone number allocations; Searches of SID for reports; A search of the ASIC Business Register to obtain business registration details, including Director and Secretary names; Using Google Street View to ascertain whether a respondent s address is business or residential, or exists at all; Contacting the respondent s SMS aggregator or email service provider (by email or telephone) to obtain information about the respondent s operations and activities in Australia; and Contacting a representative regulator in a country where the respondent is based or operates. 6.2. Forensic analysis of email evidence Full guidelines on forensic analysis of computer evidence are available in TRIM [ED09/28847]. The complainant is asked to provide the email header within the initial complaint. The email header is a block of data preceding the message that indicates, among other things, the sender s email address, the recipient s email address, subject, sending time stamp, receipt time stamps and route the message has taken from the sender to receiver. 29
Anti-Spam Team Standard Operating Procedures 2009 6.3.1. 19 numbers The three numbers within this message should be assessed for correct allocation. The 19 number can be checked at the website: www.19sms.com.au. 19 numbers are generally used for premium rate subscription services and sre six or eight digits long. A ten digit 19 number commencing 1900, 1901 or 1902 is for premium rate voice calls and can not be checked on this website. SMS marketing can be used to promote premium rate voice services. 6.3.2. 1800 and 1300 numbers The first check of these numbers should be made by calling the number and seeing who answers. A search of Google may also produce results. 1800 numbers are often used for helpline and automated voice response services because they are free of charge for the caller. 1300 numbers are the cost of a local call regardless of the location of the caller. These numbers are purchased from the ACMA through an auction process. An owner can be established at the Online Numbering System page: http://web.acma.gov.au/numb/openaccess/inquiry/viewallocationsearch.do;jsessionid=e CB91DB5DF201E92C90FC56426408219 Premium shortcodes, 1800 and 1300 numbers can be re-allocated and used by multiple parties. Often, the helpline is operated by an SMS aggregator on behalf of the content provider who sent the message. Further investigation may be required to identify the correct name of the sender. 6.3.3. Sender numbers In the example in Figure iv there is no clear and accurate sender identification. In this situation, the telephone number 614 can be called to check its connectivity and can be traced. Section 284 of the Telecommunications Act provides an exception for a carriage service provider (CSP) to provide the ACMA with information or documents that may assist the ACMA in carrying out its functions or powers. In general, CSPs do not require the ACMA to make a formal request under section 521 of the Telecommunication Act for this information. Forms to request a check of the Integrated Public Number Database (IPND) from Telstra are in TRIM [ED09/28304 and ED09/28306]. They must be signed by a senior investigator appointed as an inspector. 6.4. Record-keeping of resolved complaints Records of the actions taken when resolving a complaint should be stored with the relevant complaint or complaints in CRM. These records should be included as a comment : the actions taken and the decision made on whether to pursue an investigation or not; a reason for the decision; the material reviewed during the resolution process; identification of the person to undertake any further action; 31
Anti-Spam Team Standard Operating Procedures 2009 the officer making the decision (automatically recorded as owner of the ticket); and the date of the decision (automatically recorded when comment is made). 6.5. Advice to complainant(s) Complainants are informed of the resolution of their complaint. Should electronic messages continue from the message sender against the complainant s wishes, the complainant is encouraged to advise AST. This can be done through a new complaint or through the existing complaint. If an investigation has been commenced, or is intended for commencement, any subsequent complainant is advised that an investigation has commenced. Subsequent complaints are still expected to be resolved or addressed, depending on the circumstances of the investigation. Complainants with complaints involved in an investigation are to be contacted and advised that an investigation is to be conducted, and ensure that the complainant is prepared to make a statement if required. 6.6. Deciding on further action In general, AST considers an investigation may be commenced when the complaints handling process has not resolved the matter at hand. Some factors that may lead to an investigation include: no response from a business to advise how a complaint has been resolved; an unsatisfactory response from a business, e.g. an error had occurred in their systems to cause the matter pertaining to the complaint, such as the unsubscribe function failed for a period of time, system failure caused all unsubscribe requests to be unactioned; or the sender identification dropped off the message; several complaints about the same business being received within a short timeframe (such as a few days or a week); or follow-up correspondence from a complainant indicating their complaint has not been resolved satisfactorily, i.e. they are still receiving messages. Investigators are expected to meet regularly with Compliance Officers to discuss current complaints and any flagged complaints that may be suitable for further inquiry. A matter intended for investigation can be assigned to an ACMA6 Investigator or EL1 Senior Investigator. This is a consultative process and is discussed further in section xx. 6.6.1. Resolving a complaint If it is decided that no further action is required or will be taken, a comment attesting to this should be made and the CRM ticket is to be closed. 32
Anti-Spam Team Standard Operating Procedures 2009 35
Anti-Spam Team Standard Operating Procedures 2009 92