Reckless Oz regulator runs roughshod over rights

Reckless Oz regulator runs roughshod over rights

Summary: The Australian Securities and Investment Commission censored a website it alleges was part of a scam — plus 1,200 others as collateral damage. An apology is nowhere near enough.

SHARE:

Ladies and gentlemen, may we please have a slow hand clap for the Australian Securities and Investment Commission (ASIC)? It wrongly killed access to more than 1,200 presumably innocent websites for over a week — and for many of the organisations and individuals who owned them, email would have also ceased to flow. Without an explanation to any of them.

Now, I don't want to be a smug so-and-so and say we told you so — but we did. When the Australian government decided to use a creative interpretation of communications law to "volunteer" internet service providers (ISPs) to block access to child pornography, critics warned of the potential for scope creep, and the censorship of less heinous websites. And that's exactly what we have here.

So, what's happened?

Two years ago, when the government's plan to introduce new laws to force all ISPs to censor the internet on its behalf had clearly become a political liability, it came up with another idea. Following negotiations with major ISPs and the Internet Industry Association (IIA), a voluntary code was introduced, under which participating ISPs would block access to a list of internet domains that hosted "severe child sexual abuse content" compiled by Interpol.

No new laws would be needed. Instead, it would use Section 313 of the Telecommunications Act 1997, which requires telcos to provide help to "officers and authorities of the Commonwealth and of the states and territories" in matters of enforcing the criminal law and laws imposing pecuniary penalties; assisting the enforcement of the criminal laws in force in a foreign country; protecting the public revenue; and safeguarding national security.

The archetypical uses of this law are things like preventing the terrorist making the phone call that triggers the bomb, or preventing a criminal from being warned that the police have him surrounded — or, conversely, patching through a phone call to the gunmen in a hostage situation. Such uses are presumably uncontroversial. Lives might be at stake.

Using this law to implement the Interpol blacklist was novel. ISPs that volunteer to take part are asked by the Australian Federal Police (AFP) to implement the filtering, giving them legal immunity.

However, the Interpol blacklist consists of domains that have been confirmed by two independent law enforcement agencies to be hosting the really nasty stuff. Anyone whose access is blocked is redirected to a web page explaining why, and describing the process they should follow in case it's a mistake. Blocking the communication of child pornography should also be uncontroversial.

But if Section 313 sounds wide ranging, that's because it is, and its use by ASIC is rather different.

"ASIC has warned consumers about the activities of a cold-calling investment scam using the name 'Global Capital Wealth' ... The scammers offer consumers opportunities to invest in a managed share trading fund," it wrote in a media release dated March 22.

"The scammers operate websites at www.globalcapitalwealth.com and www.globalcapitalaustralia.com, which purport to provide share trading services. ASIC has already blocked access to these websites.

"ASIC's concern is that the scammers, via their websites, promotional material, and cold calling, appear to be fraudulently using the Australian business number (ABN), Australian company number (ACN), and Australian financial services (AFS) licence number of Global Capital Resources Pty Ltd, a licensed financial services business with no connections to Global Capital Wealth."

Life and limb are not under threat here, nor are young children being abused. The only risk is about money — and, even then, the only people at risk are those too greedy or too stupid to realise that the deals being offered are too good to be true. That's quite a bit of scope creep — especially since ASIC only has "concern" about what the sites "appear" to do.

ASIC made the mistake of requesting that access be blocked to the sites' internet protocol (IP) address. More than 1,200 other sites used the same address — a common situation with commodity-grade shared internet hosting. That ASIC didn't know this demonstrates a fundamental ignorance of how the internet works. It's like putting road blocks around an entire suburb because one shop is selling dodgy merchandise. And the problem was compounded by not providing an explanatory web page.

This isn't a random oopsie. This is a complete cock-up. To call ASIC's effort "ham fisted" would be an insult to people whose fists are actually made of ham.

"The government is working with enforcement agencies to ensure that Section 313 requests are properly targeted in future," said a spokesperson for Communications Minister Senator Stephen Conroy yesterday. Good. But it's not enough. Nowhere near enough.

One of ASIC's key responsibilities is ensuring that Australians are protected from dodgy and reckless business operators. And yet, in the operation of its own "business" of serving the Australian people, ASIC has acted recklessly. It disrupted the communications of more than 1,000 individuals and organisations that were going about their lawful business — and to me, that sounds like a crime under other sections of the Telecommunications Act.

If a crime's been committed, we need an investigation and a head on a spike. Those affected should be compensated. And we should take a closer look at what Section 313 really means in the internet age.

Topics: Australia, Government AU, Legal

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Typical Conroy !

    Nothing Conroy does surprises me. He thinks Australians are dim witted morons who have no sense and that he is our saviour from the 'evil internet'. The sooner this stinking government is tossed out (along with Conroy) the better for everyone.
    Spartan-Runner
    • Nothing to do with him

      I'm sure I enjoy some Conroy-bashing as much as the next guy, but doesn't ASIC report to the Treasurer?
      ajfitzpatrick
      • Conroy administers the Telco Act

        You're right in saying that ASIC reports to Treasury, specifically "ASIC currently comes under the portfolio responsibilities of the Parliamentary Secretary to the Treasurer, the Hon Bernie Ripoll MP".

        But Senator Conroy, as communications minister, administers the Telecommunications Act, which is the law in question gere.
        stilgherrian
      • So that is to say...

        ... Conroy can comment on the legal status of ASIC's actions, yes, but it's Treasurer Wayne Swan, ultimately, who would be answerable for the agency's actions, not Conroy.
        stilgherrian
  • Yes and so what!

    I got my doubts that any one at ASIC new then what an IP address was. They may have an inkling now. Ya gotta give them credit for trying to do sumpin about the issue they had on hand because there are a lot of people who need protecting from themselves.

    A big picture view would be that a lot of people tasked to look after the interests of ozzies in general need some education in this matter of IT whereas you me and a few others know it all... but would we get a job at ASIC?
    ahanse
    • Know it all?

      You dont have to know it all. You only need to have a desire to find out how to get around the blocks and then you can find out about 30 seconds later how to do it.
      greg-w-h
  • Where is the Accountability?

    ASIC must be held accountable for their alleged breach of the Telecommunications Act.

    Those who acted recklessly should be dealt with under that Act and then fired.
    ITenquirer
  • ASIC = DAD

    "Do as I SAY, not as I DO"
    Enigmaticatious
  • Amazing and innovative use of stupidity!

    Again, if only they would learn - the sites they are TRYING to block even if for the right reasons, are only blocked to the innocent and to the less than tech savvy or in a lot of cases, to those who dont NEED to know how to get around such blocks. How easy is it, for a tech savvy Australian situated in Australia using an Australian ISP to STILL get to any site they like regardless of what blocks are on it? LAUGHABLY easy and if they dont know how, all they have to do is ask Google who will tell them HOW!

    So when blocking shared I.P. addresses where the co-users of those addresses are legitimate and nothing that even the Rev Fred would object to, all they are doing is killing off revenue for the innocent and blocking access for those who dont know hot to get by the block anyway. Wouldnt it have been interesting if those I.P. addresses lead to someone of influence on the Govt?

    Time to wake up ASIC. Obviously you dont have a clue what you are doing. So try asking someone who knows, first and also try talking to someone who knows how to EASILY circumvent your blocks, too! That ought to give you some insight into how anyone who WANTS to know how to get around them CAN get around them and regardless of what you think you can do, the ease of actually not being able to be traced, too. Start asking people who know what they are talking about!
    greg-w-h