SMS spam - Australia versus America

Filed Under: Malware, Spam

AT&T's recent decision to advertise the American Idol TV show in the US via SMS ended in tears, with floods of complaints on social networking sites - even though the campaign was apparently perfecly legal.

Interestingly, even in Australia, whose Spam Act of 2003 is considered fairly strict, AT&T would almost certainly have been allowed by law to conduct an SMS campaign of this sort. (The Australian Act is not limited to email, but instead covers what it calls electronic messages to electronic addresses. Email addresses, instant messaging accounts and telephone numbers are all examples of these.)

That will be cold comfort to Australian telephone and internet company Optus, which was recently fined AU$110,000 for an SMS campaign it ran.

Australia's Spam Act is consent-based - often called opt-in legislation - which, very loosely, means that you can spam me, but not until I give you permission to start doing so. The Act relaxes this slightly if I am already a customer of yours, allowing you to use inferred consent to treat me as though I had expressly opted in.

Under these circumstances, it's hard to imagine how a mobile phone company could be in breach of the Act for SMSing its own subscribers, since an obvious business relationship - a contractual one, in fact - exists between them.

But in Optus's case the issue was not that the company had sent the spam at all, but that it had failed to identify itself as the sender. (This is a perfectly reasonable provision in the Act. If you want to send legal spam, you have to nail your colours to the mast in the messages.)

According to a report from the Australian Communications and Media Authority (ACMA), the Act's legislated enforcer, Optus identified itself only with the digits "966", standing for ZOO, the name of its internet and mobile phone portal. Not good enough, said ACMA.

The amusing part of the story is that ACMA's chairman explained in a press release that 966 was considered inadequate because it "could be used to represent any number of permutations on the telephone keypad". (I could only make 36 of them, including some rather unlikely words such as YMN and XOM.)

The serious part is that in comparison with AT&T's spamfest over American Idol, the Optus campaign was positively restrained, with just 20,000 SMSes sent. So Optus ended up paying a fine of nearly six bucks per message!

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog