Consumers and ISPs go head-to-head on bill-shock
The Australian Communications Authority (ACA) has revealed that work it began last month primarily to safeguard consumers against high bills for premium telephone services would also address deficiencies in equivalent guidelines and codes that apply to conventional Internet service providers.
Michael Owens, project officer within the ACA consumer interest group, said that existing ISP codes, established by groups such as the Australian Communications Industry Forum (ACIF), "don't go far enough".
Charles Britton, the Australian Consumer Associations IT and communications senior policy officer, agrees.
"ACIF fails to engage the Internet side of telecommunications industry at all ... for a variety of reasons, so from that point of view the communications authority needs to, and is somewhat, engage in the process of looking at what it needs to do about this space," said Britton.
Owens said that the new measures, which he believed were likely to be a standard, would pick-up where the ACIF codes currently fall short.
Among the options the ACA will examine is the possibility of putting a cap on bills across all consumer telecommunications services, including broadband services.
The new measure could eradicate what the consumer broadband ISP industry has termed "bill-shock". In the Internet space, the most common form of bill shock involves broadband users who unwittingly and rapidly exceed their monthly bandwidth allowances and are left with bills that dwarf their expectedl monthly service charge. In some reported cases consumers that expected to pay around $50 per month for services ended up with bills as high as $10,000.
Customers of the few broadband ISPs that charge for uploading data to the Internet, as well as downloading from it are, arguably, more vulnerable to bill-shock than customers that don't. That's because the most commonly reported causes of bill shock involve excess use of data leaving the victim's computers (uploaded) rather than being pulled to it, or "downloaded".
While only a handful of ISPs count upload traffic toward their customers' monthly bandwidth allowances, Telstra BigPond, Australia's largest ISP, is one of them.
To date, most scrutiny on bill-shock has involved customer horror-stories arising from consumer misuse of peer-to-peer file-sharing software such as Sharman Network's music-sharing software, Kazaa.
However, there are other instances of bill-shock that don't require consumers to experiment with high-bandwidth applications or play any concious role in contributing to the problem at all.
The frequency with which it seems to be catching customers unaware appears to be linked directly to the prevalence of viruses released on the Internet to benefit spammers. The viruses effectively turn common PCs into e-mail servers, or "spam relays", sending out e-mail in bulk and leaving their owners with hefty bills for excess data usage.
Amanda Meade, a Sydney-based professional, recently became acquainted with the phenomenon. She signed up to BigPond's Internet cable service last year after buying a laptop for "e-mail and a little research work".
Meade, was paying Testra BigPond $49.95 per month for a 500MB data allowance that she had never exceeded until March this year. Over March and April she incurred around $400 worth excess data charges.
"I was absolutely gob-smacked," said Meade.
Meade's excess data charges had mounted up steadily unchecked for around seven weeks.
Meade's computer was infected with a virus sometime early in March. At the time her laptop began to behave strangely. She received what she recognised to be spam appearing to come from e-mail addresses belonging to friends and associates. Later, it became apparent that her laptop was also sending large amounts of e-mail across Telstra's network.
Toward the end of April Meade complained to BigPond that she was experiencing problems connecting to the Internet. A Telstra technician discovered the virus and advised her to buy anti-virus software. It took her a few days to get round to buying the software and about a week, around May 6, she received her bill for March.
She contacted BigPond customer service to query the excess data charge -- around $157 -- and other anomalies with her bill. She was told that the virus had pushed her data usage to triple her monthly allowance and that she should expect more bad news for her April bill.
During April she notched-up another $250 worth of excess data charges.
Meade said BigPond customer service representatives told her that her situation was common among the ISP's customers and agreed to waive the excess data charges for April.
Meade characterised BigPond's decision as a rewarded for "being a good girl"; accepting responsibility for the charges and installing anti-virus software.
Meade's situation is one that the Australian Consumer's Association finds unacceptable.
"I think anyone that's getting huge bandwidth fees is getting a rough deal," said Britton.
The consumer advocacy group is pushing for ISPs to adopt better risk management strategies; pricing their services to take account of the potential financial losses consumers can experience using the Internet.
"What you have in the broadband space is an example of very ineffective risk management and certainly unsatisfactory attempt to impose the risks onto consumers," he said.
The Internet Industry Association (IIA) has pushed responsibility back at the feet of consumers. They believe consumers should have a responsibility to address Internet security threats equal to software developers, computer manufacturers and ISPs.
IIA chairman, Peter Coroneos said the ISPs, industry and government needed to foster a "culture of security" within the community.
Coroneos said recognising that threats exist on the Internet "shouldn't be an intellectually challenging exercise" for consumers, and that they have a responsibility to both themselves and others to overcome their ignorance.
"I think if everyone was protected up to the hilt, the scope for generation and perpetuation of viruses would become greatly reduced," said Coroneos.
However, for the IIA, shared responsibility ends when it comes to financial losses. According to Coroneos, ISPs can't be held liable for consumer losses resulting from malicious activity on the Internet any more than they can for activity involving copyright infringement online.
Financial losses, said Coroneos, were issues best dealt with in terms and conditions of Internet service contracts.
Coroneos said keeping personal computers free of vulnerabilities was as important maintaining a car.
"We wouldn't tolerate a situation in which one-in-four cars were un-roadworthy to both the road user and other people on the road," he said.
While wobbly steering and bad brakes might be noticeable to the average motorist, Amanda Meade certainly had no idea her laptop wasn't ready for the information superhighway.
"It's my fault I guess because I didn't have anti-virus software installed [on the laptop] ... I just presumed that someone had put all the software I needed on it".
According to Meade, Telstra told her that "technically it was the consumer's fault because they did give warnings" and that "[she] had used up that [bandwidth] therefore somebody had to pay for it".
Telstra notifies its customers about their bandwidth usage in two ways: e-mail notifications that warn them when it reaches certain levels and via a bandwidth usage metre built-in to its cable service software.
Unaccustomed to exceeding her bandwidth limits, Meade said she did not check BigPond's usage meter until after her first bill arrived. Even then she said she "wasn't sure what she was looking at".
The meter itself is known to have reliability problems. In at least one instance, in February, it was rendered unusable for two weeks.
Also, Meade said she wasn't sure what to make of BigPond's e-mail notifications, having lost trust in her e-mail service as result of receiving hundreds of counterfeit (or "spoofed") spam messages as result of the virus.
Meade certainly isn't alone and even those that have anti-virus software installed on their systems -- which is commonly pre-loaded on new computers -- can easily become confused.
The Australian Consumers Association recently issued a warning to consumers about broadband service contracts after one of its readers was caught with a bill for Internet traffic downloads that exceeded his normal usage levels 200-fold.
As in Meade's case the situation involved a new laptop and a computer virus. According to ACA sources, the reader's laptop had anti-virus protection pre-installed on it, however he was unaware that it needed to be updated.
Coroneos's car maintenance analogy is one that Microsoft used early this month facing criticism in the wake of the Sasser worm which managed to ellude IT security experts at Westpac and the Northern Territory government.
So, if banks can be caught napping, what chance does the average consumer have?
Coroneos conceded that the security provisions available to consumers were far from perfect and said that the Internet was still carried inherent risks. However, he stopped short of admitting that the Internet was too risky for the average consumer.
"No, not if the consumer avails himself to the accessible and easy-to-understand information that is there, but we need more education so that more of those users know more of that information as soon as possible after they're first connected," he said.
For Britton, the technological and cost impediments for guaranteeing the security for consumers are simply too impenetrable and only add weight to arguments in favour of ISPs adopting risk management practices, employed by other businesses.
"Banking is a particularly good example where you expect risk management; you expect if the bank is robbed, that when you go there in the morning your money will still be there for you; that [the bank] has managed that risk," he said.
Both sides will soon get to have their say on the issue. The roar of the dispute has reached the office of federal IT and communications minister Darryl Williams and he's asked the ACA to file report on what the government has labelled the telecommunications industries "credit management" issues within six months.
The ACA (the communications authority) has been consulting with industry and consumer groups, and expects to issue its first discussion paper on the matter for comment early next month.