Senate Select Committee on Information Technologies: Inquiry into Self-Regulation and the Information and Communications Industry

Submission from Robin Whittle 21 January 1998

Public version - the same what was sent to the Committee, but with a URL deleted on page 45.  Originally a Word document - converted to HTML 15 May, with the help of Brenda Aynsley.

Robin Whittle - First Principles Consulting

11 Miller St Heidelberg Heights Vic 3081 Ph 03 9459 2889 Fax 03 9458 1736

Email rw@firstpr.com.au World Wide Web: http://www.firstpr.com.au
 

Summary

While self-regulation may have certain advantages, in those industries where the participants cannot easily be identified and/or in which there is widespread disrespect for the public, the costs, complications and ineffectiveness of self-regulatory regimes are an unjustifiable burden on society. This self-regulatory trend is often part of a larger fashion for government to shirk its regulatory responsibilities. In other cases, self-regulation is proposed where no regulation is needed at all - for instance Internet content regulation - saving the government from taking responsibility for the unpopular and unjustifiable restrictions it seeks to impose on the public.

This submission proposes criteria for determining whether formal regulation is required - and if it is required, for determining whether it should be accomplished directly by government, by an industry developed self-regulatory approach, or by an industry based "forced-self-regulatory" approach developed to meet government priorities, on threat of legislative regulation. Case-studies are presented covering areas in need of better regulation, or which are proposed to be regulated by one means or another and which should not be.

There are many areas in which government in recent years has failed to protect the public from threats which are amenable to systematic government regulation, and which individuals cannot defend themselves against. Sometimes this is manifested by an ineffective self-regulatory approach. In other cases it is manifested by the problem falling between the cracks and never being officially recognised. The common themes seem to be:

1. Governments instinctively regulating communications which seem to challenge its narrow sense of "community values".


2. Governments seeing all business activity as good - and adopting a simplistic policy of minimal regulation in order to remove barriers to business growth.


3. As an extension of this, and under the rubric of reducing expenditure, cutting the budgets of regulatory agencies and departments whose work is policy research and development.


4. Governments being fundamentally uninterested in the privacy of individuals.

Contents

1 - Introduction 3

2 - When the public needs to be protected, what forms of regulation are there? 5

Market forces and self-defence - ie. no formal regulation 5

Industry informal regulation - eg. ISPs refusing to support disruptive users 6

Industry formal self-regulation without government involvement 7

Industry self-regulation - forced by the government 7

Regulation by government 8

3 - Government's contract with the people  9

4 - Criteria for deciding whether there needs to be government/industry-based regulation  11

5 - Strengths and weaknesses of government regulation, industry self-regulation and forced-self-regulation  21

6 - Criteria for deciding between legislation and government backed "self-regulation"  29

7 - Governments shirking their responsibilities to regulate  31

8 - Governments regulating inappropriately  34

9 - Case studies  Summary  35

Federal privacy regulation for companies 37

Privacy in the mass media 37

Internet content regulation: Illegal material - ie. child-pornography 40

Internet content regulation: Protecting community standards 42

Internet communications are completely different from mass-media technologies 42

Publishing 45

Community Standards - and the historical perspective 45

Internet content regulation: Protecting children 49

Internet content regulation: Contempt of court 50

Internet content regulation: Defamation and disclosure of private material 52

Internet content regulation: Copyright 53

ISPs and the TIO 53

ISPs and Interception 54

Customer Activated Malicious Call Trace 55

Calling Number Display 57

Outbound telemarketing 58

SPAM email 63

Ex-directory (Silent Line) numbers 63

---

1 - Introduction

This submission is intended to provide the Committee with an overview of many of the areas in the communication and information technologies where regulation is needed, and a few where it is not needed but is proposed or enforced anyway. The question of the effectiveness and appropriateness of "self-regulatory" approaches needs to be viewed as part of the larger question of why government has in recent years failed to protect the public in many fields.

Since 1992 I have been involved in many debates about regulation, especially those concerning privacy and freedom of communications. All of this work has been unpaid. Most of it has been as in independent advocate, working with other individuals and loosely with the Australian Privacy Foundation and Electronic Frontiers of Australia. For three years I was a Council member of Consumers Telecommunications Network. There's more information on my telecommunications experience at:

http://www.firstpr.com.au/telco/

While this work has generally been interesting, it has been emotionally and financially draining. Sometimes my work made an important difference - or I thought it did. I have generally been optimistic about the ability of consumers advocates to work with regulators and industry. In most cases I have got on very well with the people concerned and I believe my work contributed to the outcomes of various reports.

Now, with the worst-case outcome on telemarketing, with the government's complete betrayal of the public with Calling Number Display, with no-one taking an interest in Customer Activated Malicious Call Trace, and with the government still proposing to go ahead with Internet censorship, I have to face the fact that most of my efforts have been a complete waste of time. All these failures to protect the public are ultimately the government's failures.

I have a detailed understanding of how a large network of people in companies, regulators, government departments and in the government collectively behave in ways contrary to common sense and the public interest. Despite the many bright, well informed, astute people in consumer advocacy, regulatory agencies, government departments, in parliament and in corporations, somehow, collectively, the end result is often that the public's real interests are over-ridden by short-sighted commercial pressures. Important factors include short-term thinking, greed, group-think, and a strange set of thrills which arise from cutting budgets, forcing regulations in some areas, and deliberately under-regulating in others. There's no central source of malice in this - but it is the government's responsibility to correct the problems and optimise the outcome for the public.

On any one of these issues there was a lot more work to do. The material on my web sites represents a fraction of my work over the past six years.

It is an indictment of the process of government that work such as this has to be done by unpaid volunteers such as myself. In some fields, such as Calling Number Display, government supported workers (from the Privacy Commissioner's Office) were on the case as well. In many other fields, there was no-one. The few paid consumer advocates in this field are overwhelmed with work. So too are the staff at the Privacy Commissioner's office, especially after recent budget cuts of 43%.

I would much prefer to be continuing my work in electronics, music and telecommunications writing (for Australian Communications magazine) and consulting - rather than writing another submission.

Communication and information industries are rapidly changing and represent a challenge for any government in deciding whether to regulate or not, and if so, how to do so most effectively. However there are many fields - such as Calling Number Display, Telemarketing and Customer Activated Malicious Call Trace - where the government's failure to regulate cannot be explained by complexity or rapid change. In these fields the technology is stable and the issues are straightforward.

Things could be worse in Australia. With a little more wisdom and effort, they could also be very much better. This submission is intended to lead to current and future governments taking a more sophisticated, energetic, serious approach to privacy and telecommunications regulation.

I like to think that all Committee members make regular use of the Internet, including email and the World Wide Web. Quite apart from the opportunities these provide for personal communication and research - and the ability they provide for parliamentarians to engage with the public without the constraints of the mass media - Internet experience and exploration is essential for any parliamentarian making decisions concerning communications and information. While I appreciate that parliamentarians need to be generalists, and don't seek personal experience of some fields they make decisions about (euthanasia, drug abuse . . . ), email and the World Wide Web are perfectly safe, fascinating, educational and generally enjoyable forms of communication.

This has been written rather quickly, with little time for review - please excuse any rough spots.

There are some areas I would have liked to comment on, but have not had time: Privacy aspects of itemised phone bills; and a more generalised approach to regulating against people who systematically make unacceptable communications.

This may be the last significant piece of consumer advocacy I do. Its unsustainable for a person who intends to have a family to spend so much time working to improve the regulatory process - especially when previous efforts have been largely a waste of time because the government was so disinterested in the real needs of the public.
 

Yours sincerely
 
 
 
Robin Whittle

---

2 - When the public needs to be protected, what forms of regulation are there?

Market forces and self-defence - ie. no formal regulation

There is no formal regulation against milk-bars charging a hundred dollars for an ice-cream. It is assumed that consumers will become suitably informed of the costs and benefits before they actually hand over the funds.

Nor are there any regulations regarding what one person can say to another in private conversation - with a few notable exceptions such as making threats of death or injury.

Similar to private conversation, there are no regulations regarding what people may communicate to each other, in private, via telephone, via letters, or - so far - via email.

There are no regulations on how sugary or fatty foods can be - consumers are assumed to be sufficiently knowledgable about tooth decay, obesity and pimples. However, the government may quite rightly decide that taxpayer's money is well spent on educational programs, and that all food and personal care products should have all their ingredients listed.

There are no regulations saying that children must be physically barred from dangerous situations such as open fires, kettles and saucepans on stoves, or traffic in the street. It is assumed that the responsible adult has enough common sense and concern to control the children so as to assure their safety.

Nor are there any regulations preventing children in their homes viewing adult nudity, love-making, erotic/pornographic (who is to decide the difference?) printed or video material - or for that matter seeing a chook's head chopped off.

Common features of all these situations are:
 

1. There is some kind of threat to unsuspecting members of the public. (Someone may overcharge them or insult them. They may be subject to physical danger. They may see something that upsets them, or perhaps causes lasting confusion or distress.)


2. Regulations could be made, in one way or another, prohibiting the actions which caused the threat.


3. Such regulations are not made, for a variety of reasons including:


1. The person is able to defend themselves quite adequately - for instance the $100 ice-cream - or perhaps returning the insult in kind.


2. Regulations would be impractical to enforce.


3. Regulations would involve the state in unreasonable restrictions on individual's lives.
 

The first point is probably the most important - if people can adequately protect themselves, then there is no justification for the costs and complications of government regulation.

Later, I will show that the case of SPAM (Shit Parading As Meat) unsolicited email fits this pattern, and that outbound telemarketing does not.
 

Industry informal regulation - eg. ISPs refusing to support disruptive users

I don't think this principle of requiring "good behaviour" of Internet users is written down formally anywhere. The respectful culture which has developed over fifteen years or so may be breaking down a little now, with the influx of commercially motivated and insensitive, uneducated users. The result of this requirement not to disrupt others is that those very few users who systematically engage in conduct which is unacceptable to others - for instance those who email SPAM to millions of people - find that Internet Service Providers (ISPs) refuse to connect them to the Internet. Unfortunately this is not sufficient to stop them, since they may be able to connect under false pretences, or via an unwary ISP. However it is an example of an industry - in this case ISPs who provide Internet connectivity - working informally to protect the public.

This involves devolved responsibility. The ISP is allowed to connect to other ISPs (and therefore to the Internet) on the basis that it does not support users or activities which disrupt others. ISPs which continue to allow SPAMmers to operate from within their domains are finding that some ISPs are blocking all traffic from those ISPs. This is a a last-ditch resort, after complaints to the errant ISP fail to cause it to disconnect the SPAMmer. Such blockage of traffic from an ISP, which affects all their customers, is something an errant ISP cannot tolerate for long - and so it is a reasonably effective way of ISPs working together to ensure that no-one connects users whose activities are grossly disruptive.

There are other measures for protecting against SPAM. Some take place at the user's computer, and so belong in the category above. Others take place at the ISP - for instance not forwarding to users any email which comes from known SPAMmers. This is the industry acting defensively to protect its customers.

These arrangements arise because of need, because they are technically possible and because industry participants are prepared to organise on a relatively informal basis to protect themselves and their customers. There is no government involvement - nor "indirect" pressure from governments, such as "If the industry does not control SPAM, we will legislate or force you into a 'self-regulatory' regime.".

Recently the Internet Engineering Task Force has been developing a more formal approach to the SPAM problem.

http://www.internic.net/internet-drafts/draft-ietf-run-spew-02.txt

Industry formal self-regulation without government involvement

The former kind typically involves a proportion of players in an industry getting organised to set standards of conduct. This may be motivated by genuine concern for consumers, and/or by a desire to make life more difficult for rat-bag and fly-by-night operators who compete with the more responsible businesses.

Such schemes may not need government involvement of ACCC sanction - provided they have no anti-competitive aspects. In an effort to isolate the cowboy operators, a scheme may require its members to refuse to deal with the cowboys - but that would be anti-competitive and would only be lawful with the blessing of the ACCC, who would evaluate the scheme to (ideally) ensure that the benefits to consumers outweigh the anti-competitive provisions.

Many industries have formal schemes, with no anti-competitive aspects - typically to formally set out how a business should treat its customers, and to create an organisation, administration and easily identifiable logo for the members of the scheme. I think this typically involves a lot of work by a relatively few committed individuals at considerable cost to themselves or their businesses.

Very often these schemes are good for consumers. However when the "industry" is primarily based on exploitative practices (eg. outbound telemarketing) the "code of conduct" - such as that created by the Australian Direct Marketing Association - can be largely window-dressing to provide a veneer of respectability whilst allowing the exploitative practices to continue. A genuinely protective code-of-conduct would not be widely adopted by an industry which thrives on exploitative practices.
 
 

Industry self-regulation - forced by the government

However, when the government's intention is at odds with that of the public - for instance in Internet content regulation - then the results can be a real mess. Perhaps some industry segments seek a compromise with the government's position - and so give the government's position greater credibility than it deserves.

Forced "Self-regulatory" schemes, like genuinely self-regulatory schemes, involve compliance and enforcement mechanisms administered by an industry body. This can have advantages to the equivalent government run regulatory scheme and it can have disadvantages - such as complexity, lack of "teeth" and perceived lack of independence.
 

Regulation by government

Sometimes particular organisations are empowered by governments to administer laws and to create their own regulations - for instance the RSPCA, or the board which determines whether to deregister medical practitioners.

Sometimes there are very clear laws - for instance regarding malicious phone calls (Federal Crimes Act 85ZE) - but due to the evidentiary difficulties (caused by a lack of Customer Activated Malicious Call Trace) and the under-resourcing of the Federal Police, charges and convictions under this criminal law are rare. Consequently the law is not well known and does little to protect the public.

There are many government regulatory approaches. While some are ineffective, they generally true have more teeth, and are better known and better enforced than self-regulatory or forced "self-regulatory" schemes.

Weaknesses can be caused by poorly resourced regulators, or by general disrespect for the law itself. For instance there are criminal provisions for the export of cryptographic software from Australia, as there in the USA - but these laws are now completely anachronistic. They only restrict those companies who must comply with the letter of the law - and have no effect on the national security priorities of trying to keep strong cryptography out of reach of Australia's military enemies.

---

3 - Government's contract with the people

1 - Governments are a costly inconvenience, but are necessary to provide a number of services which cannot be provided by any other means.

2 - We (the people) finance and support the government so that it can perform certain functions which cannot be left to individuals or to corporations, for instance:

• Establishing a national currency.
• Defence.
• Environmental protection.
• Education.
• Preventative health.
• Support for people with disabilities, health problems and those who are unemployed.
• Defining (via the Parliament) a body of criminal and civil law, and the empowering of regulators, the Police, the courts and the corrections system to enforce those laws - for purposes including:


1. Protection of individuals from the unpleasant, dangerous or costly actions of others - particularly in circumstances where systematic, country-wide protective schemes are more effective than personal defences.


2. Similarly, protection of individuals from their own actions. (A much more problematic field!)


3. To enhance national unity and "social standards" - to protect a diffuse notion of collective benefit from the actions of those who would challenge it. (An extremely problematic and contentious field!)

Point 'a' above is a key element in the contract which government has with the people who appoint it:

a - Protection of individuals from the unpleasant, dangerous or costly actions of others - particularly in circumstances where systematic, country-wide protective schemes are more effective than personal defences.

1. Which the government can effectively protect us from, and


2. where the government action will not restrict individual's freedoms (except of those individuals who cause the threat), and


3. where individuals are relatively incapable of protecting themselves.

Point 'c' is extremely contentious, since it involves blanket restrictions on public speech - and sometimes on private speech as well - in order to serve the purported interests of "society". This is highly relevant in the Internet content regulation debate, and in the existing forced "self-regulatory" scheme which covers electronic and print media.
 

---

4 - Criteria for deciding whether there needs to be government/industry-based regulation

 

Q 1 Is there a threat to people, individually or collectively?

 

Q 2 How well can the individuals protect themselves from the threat?

 

Q 3 How well can the government, or industry, systematically protect the victim?

 

Q 4 What side effects are there of personal defences, government or industry-based regulatory approaches?

 

Q 5 Do the benefits of government/industry regulation outweigh those of allowing protection to remain the responsibility of the consumer?

 

If the regulatory concern is more to do with costs and quality of service - for instance poor telephone service and/or excessively high charges and/or deceptive marketing - then two more questions might be relevant:

 

Q 6 To what extent is the service essential?

 

Q 7 To what degree is the supply of that service a monopoly?

 

These questions would produce very different answers if asked in relation to telephone services in regional areas, or Internet Service Providers in the city. In the former case, telephony is an essential service, and Telstra has a monopoly on its supply. In the later case, Internet connectivity is not (yet) an essential service and there are hundreds of ISPs to choose from. Therefore the need for some kind of regulation in regional telephony is very strong - because there are no market mechanisms due to the lack of choice. In the case of ISPs in the city, while there may be some bad ones - just like soft-bananas in the greengrocer - it is relatively easy for consumers to pick a healthier one. So in the case of ISPs in the city, regulatory action would be harder to justify - unless perhaps a very large number of ISPs were incompetent and/or exploitative.
 
 

Here are the first five questions applied to some examples: outbound telemarketing, unsolicited commercial email, and exposure of children to disturbing material in three situations - in shops, on TV and via the Internet.
 
 

Q 1 Is there a threat to people, individually or collectively?

 

In general this is a simple matter: Does the person concerned believe there is a threat?

There are some subtleties in handling this question properly. There could be cases where the person believes there is a threat, but the belief is provably false. There could be cases where one person was speaking on behalf of another, for instance a child - who is asserted to be unable to know their own long-term interests - but those assertions are questionable. An individual could be unaware of a threat, or disbelieving of it - but the threat (for instance disease from smoking) might be provable and serious.

The threat to a "collective" of people can be problematic - since this may depend on assertions about the welfare of a group of people, rather than testimony from the many individuals themselves. Point 'c' above - enhancing national unity and "social standards" - is a case where assertions are made by one or more individuals, about many individuals' well-being being dependent on a group they are asserted to belong to (for instance, they have beliefs or tastes in common), followed by assertions about threats to the group.

Some examples:

1 - Unwanted phone calls, in particular telemarketing calls, are a threat to individuals because such calls distract and annoy them and tie up their telephone. (More discussion below.)

2 - Unsolicited SPAM email is a threat to individuals because it distracts and annoys them, and causes increased Internet costs for them.

3 - Children are threatened by the availability of certain text, graphic, sound, video and computer game material, on paper, on CD, via radio, television or the Internet or in computer games. The damage consists of short-term upset and confusion and/or long-term damage to their sensibilities, sense of personal integrity and safety and to their ability to fit into society.

The display of material in public areas of shops is subject to legislation detailed at the OFLC site:

http://www.oflc.gov.au/pubrate.html#covers

To what degree it is respected is another matter. I personally support these display restrictions, but that is not the issue. I use this as an example in which government regulation plays a protective role, where individual defences are impractical and unrestrained market forces would lead to problems for children.

Apart from some recalcitrant marketing types, no-one would debate the first two points. The third involves a wider range of situations, and involves more complex questions of long-term health, and the exact effects of particular material on particular children in particular situations. However most people would agree that to some extent there is a threat. Toddler's growing up watching nothing but erotica/porn videos are likely to have problems becoming well-adjusted adults (whatever that means!). The threat to children is difficult to determine. Its easy to overestimate the damage - children are naturally adapted to seeing some intense things in hunter-gather society - but television, video games and explicit erotica/pornography are arguably more distracting or disturbing.

1 - In the case of telemarketing and other unwanted phone calls, there is no effective personal defence. Calling Number Display is useless - you can't know the telemarketer's numbers and they may not allow their display anyway. Answering machines are useless - telemarketers leave messages. Unlisted numbers can help - but not everyone can have unlisted numbers, and telemarketers can ring numbers randomly. The key issue is that the telephone is a very dumb piece of customer equipment, with a very dumb interface to the telephone network. It is not possible for the user to engineer an effective defence against telemarketing calls.

In the case of telemarketing, the victims cannot protect themselves.

2 - Like telemarketing, ideally SPAM would simply not be sent. In contrast to the telephone an Internet-connected computer is a very sophisticated piece of customer equipment. It can send and receive messages to any other Internet connected computer - including to servers which enable it to reliably identify most SPAM. The Internet provides the customer equipment with the most sophisticated possible connection to the global network. So SPAM filtering at the user's computer it technically possible and is being developed rapidly. It involves relatively little traffic cost, and like all Internet functionality is being rapidly developed as software which will be available at little or no cost. In addition, there are techniques at the ISP which can prevent SPAM reaching the customer's machine - but this needs to be carefully administered so as to be certain not to block email other than SPAM.

In the case of SPAM email, the victims can defend themselves, either on their own computer, or with the ISP's.

3 - In the case of children being exposed to disturbing material, in some or many cases they cannot protect themselves. For instance if the material is displayed at eye-height in a newsagent or milk-bar, they can't help but see it. If the violent material - say a news flash of a massacre - is inserted in a children's television program, they can't help but see it.

However, it is also reasonable to consider that children are not left to wander the streets, shops or the Internet alone - there is always one or more responsible adults. If the erotica/porn magazines at the local shop or service station cannot reasonably be avoided by adults with children in their care, or the disturbing advert or newsflash in the TV program cannot be foreseen - then there is a problem. Neither the children nor their responsible adult can reliably protect them. The same would be true if disturbing material appeared without warning during an adult-supervised Internet session.

There are many possible cases, but in general I suggest that disturbing material in public places, or out-of-place on TV is something that cannot be defended against by the victim or the responsible adult. Disturbing content in video games at home and via the Internet can be defended against by the responsible adult - there are few surprises in either area. What few "child-disturbing" things are available via the WWW don't just pop up as a surprise - you have to go looking for them. So the personal defences are direct adult supervision - or the use of a filtering system, such as one that only accepts material for which PICS labels reliably indicate that the material meets the adult's particular criteria for suitability for the child in question.

1 - In the case of telemarketing, government regulation concerning systematically unacceptable telecommunications would control telemarketing very well. (More discussion later.) There could conceivably be a carrier industry control scheme, and perhaps even a "telemarketing industry" control scheme - but the latter is unlikely since outbound telemarketing is inherently an exploitative practice and there is no real outbound telemarketing "industry". (The majority of telemarketing, and the primary interest of the Australian Telemarketing Association, is inbound telemarketing - the handling of inquiries and orders when consumers call the business. Don't believe the wild estimates for how important telemarketing is to the economy - most telemarketing is inbound, and the outbound telemarketers are professional bullshit-artists.)

As long as outbound telemarketing calls primarily originate within the one country, then Federal government legislation and regulatory attention is capable of almost entirely removing the burden of outbound telemarketing from consumers and businesses. As international call costs fall, it could be trickier to implement international control schemes - but it would still be possible with cooperation from carriers and/or foreign governments.

2 - In the case of SPAM email, the majority of it originates from the USA. Therefore, unless there were harmonised laws in both countries, and suitably funded regulatory agency responses, then most victims in Australia would not be protected from the USA sourced SPAM. In fact, since the SPAMmers can effectively send email from any country whatsoever, legislative SPAM control would be useless unless every country had a full-strength regulatory response. Even if this was the case, SPAM email would be very difficult to stop reliably, since there are so many ways of tricking computers into sending email on someone-else's behalf. (The Internet email system has no authentication requirements for sending - it was designed to be used by responsible people. In hindsight, this was a serious mistake.)

Both the evidentiary difficulties and the international jurisdictional barriers mean that government attempts at controlling SPAM are doomed to failure, except perhaps be preventing SPAM originating physically in one country - which would not prevent residents in that country making it physically originate from somewhere else.

3 - In the case of children being exposed to disturbing material, both industry codes of conduct and government regulations could probably solve the problems of erotica/pornography in public places, and of inappropriate material located in childrens' television programs. This does not solve the problem of the 6.30 news - where adult fascination with murder and mayhem causes the news people to scour the Earth for such disturbing fare, and serve it up at family dinner time. Government regulation or industry self-regulation could in principle be effective - but only by directly challenging the adult demand for gut wrenching material in the most popular TV program, and by introducing censorship which is likely to have negative consequences for public awareness and debate. (Imagine if film of the Vietnam war was never shown on the 6.30 news because it was disturbing to children - our involvement in it might have been prolonged.)

As with SPAM control, the evidentiary and international jurisdictional barriers to stopping disturbing material at the source - for instance the web-site - are doomed to failure. Technically it is impossible to reliably block certain web or other Internet content at national borders, or at the ISP, whilst retaining a proper useable Internet service. (See http://www.ozemail.com.au/~firstpr/contreg/ )

Government regulations or industry codes could conceivably largely control "child-disturbing" content - or any other content - on web sites physically located in Australia, but web sites can be physically located anywhere in the world, whether their names end in ".au" or not - so such regulation would not affect anyone who did not want to be subject to it. There would be major financial and social costs in any such scheme - as will be discussed in Q 4.

Government and industry support for the development of PICS labelling and filtering systems is probably a very good idea - as long as it is directed at supporting filtering controlled by the responsible adult. This supports intelligent, personally directed filtering by the responsible adult - rather than blanket filtering or banning of material at national borders or at ISPs. (Any proposal by government to make all World Wide Web material "kiddy-safe" is, of course, utterly impractical and unjustifiable.)

 1 - Telemarketing - personal defences:

Attempts to use answering machines to screen calls, to have unlisted numbers, and perhaps to use CND to refuse to answer calls without displayable numbers cause all sorts of problems for callers and receivers. (They are all largely ineffective anyway.)

Telemarketing - government regulation:

The definition of telemarketing is non-trivial - so it might be better to avoid this and work with a broader target of those callers who systematically make hundreds or thousands of calls which people complain about. A narrow definition of telemarketing might be ineffective and a broad definition, with draconian enforcement, would affect other perfectly acceptable calls. There are ways of doing it without causing excessive costs, confusion and most importantly without burdening consumers and targeted businesses.

Telemarketing - industry self or "self" regulation

In principle, carriers could deny connection to known telemarketers (this would require an amendment to the Telco Act). There would be questions and practical difficulties with this, since the carriers make good money from the telemarketers millions of short calls. Also there would be questions of freedom of communication. Denying someone the ability to communicate is a serious matter, only to be taken as a last resort - and then by an open, unbiased, accountable process. This would also require all carriers to agree to the same standards - otherwise one carrier might be tempted to be lax and gain some extra call revenues from telemarketers. It's not as attractive as government regulation.

The thought of the telemarketers regulating themselves is a joke - since virtually the entire population find telemarketing unacceptable, effective regulation means extinguishment of most outbound telemarketing.
 

2 - SPAM - Personal defences

It may take a year or two to evolve, but email client programs with good SPAM control - by checking incoming emails with constantly updated databases at centralised servers - is a practical, easy-to-manage low- or no-cost solution. Most importantly it puts the SPAM management in the hands of the user, whilst automating it in a configurable way. The only danger with this is having the system reject email which was not SPAM. If this merely involves copying the SPAM to a special mail-box, which the user can look through occasionally to check for personal email, then it's not a major danger. In fact, the vast majority of SPAM can be automatically filtered out very reliably - and the evasive measures SPAMmers could take to avoid this would be costly, easily detected and so added to the filtering criteria - globally, within minutes.

SPAM - ISP based defences

Basically the same as for personal defences. The advantage is that the user never has to bother with SPAM filtering (other than perhaps configuring how their ISP filters their incoming email) and also never has to pay for the download time (which may be a cent or so per SPAM). Rejected email could be stored for a while in a web-accessible location so users could scan the subject and sender lines and/or read the emails to make sure they were not missing anything important.

SPAM - Government or industry approaches

Nothing would be gained by government or industry approaches which attempt to deal with SPAM at the receiving ISP - because market forces are already leading ISPs to offer this in response to customer demand. Government or industry schemes only make sense by stopping SPAM at its source. As noted above, this would be impossible in any reliable, global, manner. It would involve governments or formal industry schemes getting involved in denying people (generally SPAMmers, but perhaps by mistake others) from communicating. Government control of communication is a very dangerous thing and should only be used for serious matters, and as a last resort. Telemarketing is more serious than SPAM, and government control is both the effective and the only way to control telemarketing.
 

3 - Disturbing material for children - Personal defences

In the case of erotica/pornography on display in shops, a personal defence would involve the inconvenience and probably impracticality of not taking children into shops.

In the case of material on television - it might involve having children not watch much television. Some people would consider that unacceptable, while others (such as myself) regard virtually all adverts and many programs on commercial TV as disturbing for children . . . and adults . . .

The personal defences for disturbing Internet material: adult supervision and PICS filtering, have side-effects. Adult supervision takes time, and means the child is not free to "roam" or communicate freely - but has the advantage of children spending more time with adults. This should lead to more shared adult-child experiences - something that has been lost in recent decades with long work hours and the domination of the television. The joint web-surfing (or whatever else, such as Internet Relay Chat, interactive games etc.) should be a voyage of discovery. Hopefully it would be more than just looking and discovering, but will be a contribution to the great variety of human perspectives supported by Internet communications.

The side effects of PICS filtering would depend very much on the circumstances. Most likely it would restrict the child to accessing material intended for children - but it would also probably restrict them to a small subset of the material which actually exists and which might be of value to them. PICS-filtered Internet should not be seen as a modern baby-sitter - but Internet communications are typically two way, more sophisticated, less distracting and less manipulative than television.

Disturbing material for children - Government and industry approaches

Government and industry support for the development of PICS labelling and filtering systems to be controlled by the responsible adult is fine - I can't see any negative side-effects as long as the labelling and filtering is fully responsive to the needs of individual children and adults. Unfortunately this task is extremely daunting - if not impossible. As a result, some recent developments in PICS labelling seem destined to result in a dumbed-down set of criteria, suitable perhaps for certain mainstream values systems, and useless for the value systems of others.

There are strong tensions between making a labelling system sophisticated enough to encompass the concerns of millions of people, with different cultures and personal priorities - with a system simple enough for mortal web-masters/mistresses to administer and for the majority of responsible adults to set filtering criteria for.

The result of a dumbed-down system, applied bluntly in homes, schools and libraries, would be to introduce massive filtering restrictions controlled by the label makers (since recent proposals do not trust the labels generated by the content authors) and so to a centralised defacto global filtering system - which is exactly what PICS was intended to avoid.
 

 This involves the following analysis:

To the extent that the threat is a serious problem (Q1), how does the effectiveness and negative side-effects of self-defence (Q2 & Q 4) compare to the effectiveness and negative side effects of government industry regulation (Q3 & Q4)?

To justify government or industry regulation:

A - The threats needs to be a serious enough matter, and

B - The government/industry approach needs to be clearly more effective than the personal defences, and

C - After considering the costs and negative side-effects of government/industry regulation, the benefits to all those affected (and this may go beyond the people being protected) need to be carefully considered before the decision is made to regulate.

Otherwise leave it to personal defences and market forces!

Looking at the telemarketing, SPAM and "disturbing material" questions:

Telemarketing:

A - Outbound telemarketing is a multimillion dollar burden and many other things besides. It is a serious problem already - and considering that it could get to the state in the USA, of several calls per day to each home, it has the potential to be a scourge on the Australian people and a threat to our national character. Its serious!

B - The government (and potentially industry) approach has an excellent chance of success, at a far lower cost than the current drain telemarketing places on the public. In contrast, there are no effective personal defences.

C - In a properly designed and non-draconian scheme (and governments don't have a perfect track record in regulatory matters . . .) there are no significant side-effects whatsoever.

Government/industry control for telemarketing? Definitely!

(As will be explained below, the current Ministerial Council of Consumer Affairs government/industry approach is absolutely worst-case - it does not restrict telemarketing at all.)
 
 

SPAM

A - SPAM email is a damn nuisance, and causes extra cost and wasted time for most email users. (I currently get 2 or 3 a day). Its not a social disaster. (Telemarketing is - it creates distrust and time-wasting telephone practices.) SPAM is a problem well worth solving before it gets any worse.

B - Self-defence, using software filters on the user's computer or at the ISP has excellent prospects for eliminating almost all SPAM, for minimal cost and few, if any, side effects. Government/industry action targeting the sources of SPAM are likely to be at best partially effective.

C - Government/industry SPAM source control is nowhere near as effective as filtering it at the user's machine, or at their ISP. The potential side-effects of government involvement in communications are another negative.

Government/industry control for SPAM? No!
 

Disturbing material - in retail shops

A - Its probably not a total disaster - especially now that the most explicit magazines from the USA now have largely opaque wrappers. (This could just be the situation in Victoria - but this is a direct, positive result of recent state government regulatory activity and probably federal legislation and the work of the OFLC.)

B - Self-defence is possible, but impractical. Government mandated covering of the magazine's covers - or better still banning their display in the main area of shops - would be very effective and would not inconvenience those it is intended to protect.

C - The benefits of government control are considerable. Indeed things would probably be much worse without it - these magazines are quick-selling, high profit items, and shops have a direct financial incentive to display them openly to catch the eye of the largely male clientele who buy them. The side effects of partially covering the covers are negligible - keen customers can peek and see what the image and text is. The side effects of banishing these magazines to a non-general area of the shop would involve a slight inconvenience for the buyers, and significant costs for the seller - but these costs could easily be passed on to the purchaser, by a moderate increase in the magazine's price.
 

Government/industry control for disturbing material on display in shops? So-far so good with the largely opaque cover-bags in Victoria. I think it would be entirely justifiable for government regulation to ban the display of sexually explicit (and grossly violent?) material in non-specialist shops - except in restricted areas. (I fully support the availability of a wide range of erotica/pornography - this is a question about whether erotic material should be displayed in areas frequented by the general public.)
 
 

Disturbing material - on TV

A - Views on what is disturbing for children vary widely. Personally I think TV adverts are disturbing and it wouldn't be a bad idea if children never watched commercial TV - provided there was a credible alternative. There's no clear consensus on the problem, but for the purposes of the argument, lets assume that disturbing adverts, promotions and news-flashes are a problem in children's programs.

B - Self-defence, other than by turning the TV off, is ineffective. Government or industry controls could be very effective.

C - Its undesirable for governments to be meddling in the content of communications - but it could be argued that the control of certain material in children's programs did not constitute a serious threat to adult debate and freedom of communication.

More government/industry regulation of disturbing material in children's programs? It depends entirely how the various arguments are weighed. I haven't researched it enough to have a well informed opinion, but I would say "Yes".
 

Disturbing material - on the World Wide Web

A - I don't think it is a serious matter at present. If it was, there would be many reports of children, left to their own devices with an Internet connected computer, encountering or seeking out all sorts of disturbing material. I can't think of such a report. If it were a significant problem, elements of the mass media would make a big fuss about it. It is a potential problem.

B - Self-defence by adult supervision is entirely effective and has many benefits. Relying on PICS labels and filtering could be acceptable - but it is early days yet. Government attempts to stop material erotica/pornography on web sites can at best affect only the web sites physically located in that country. Governments may be able to make a valuable contribution to a sophisticated PICS labelling system - but recent PICS developments (PICSRules 1.1) have been criticised for being too simple and for being aimed at facilitating centralised control, rather than by the responsible adult.

C - No government initiatives for restricting Internet content at the source can be effective, acceptable in terms of freedom of speech, or practical. Government support of the development of sophisticated PICS labelling is not a form of regulation, but a way of supporting individual responsible adults to meet the government's objectives of protecting children from disturbing material
 

---

5 - Strengths and weaknesses of government regulation, industry self-regulation and forced-self-regulation

If an industry is fundamentally in tune with the needs of the public, and the government is not - as is the case with Internet Content Regulation - then "forced-self-regulation" is clearly the poorer alternative because industry has been cowed into submission, forced to implement controls which neither the ISPs nor the public want, simply because of the threat of direct government regulation.

Where an industry is fundamentally at odds with the public interest - for instance outbound telemarketing - then self-regulation is likely to be an exercise in window-dressing. In these circumstances, the government forcing the industry to regulate its activities so as to protect the public should lead to a better outcome. As discussed below, the recent step towards forced-self-regulation for outbound telemarketing shows no evidence that the government is interested in protecting the public. So in a case such as this, when the forced-self-regulatory approach turns out to be useless for protecting consumers, it is arguably worse than a self-regulatory approach, or no regulation at all because it endorses the exploitative conduct and carries the imprimatur of the government.

In principle, a well designed set of government regulations, when administered by a well run regulator, can provide many benefits:

1. There is a relatively clear path for an aggrieved consumer to follow.


2. The regulators are clearly independent of the industry they are regulating.


3. The regulations and the conduct of the regulators are directly under the control of the government, and so, in theory, the public.


4. The inner workings of the regulator are subject to FOI.


5. Disputed regulatory decisions can be appealed in court or in suitable tribunals.

Crafting a fair, efficient, responsive and adaptable regulatory mechanism - one that is suited to the complex, changing and unpredictable nature of the real world - is a major task. Some of the regulatory framework needs to be "hard-wired" in the legislation. Some of it needs to be implemented as discretion on a case-by-case basis by the regulator.

The regulatory agency needs to remain responsive to the real needs of the public - not just what the regulatory staff conveniently conceive of as the needs of the public. There's no simple solution to such problems, since whenever you put people in large buildings, with windows that don't open, all sorts of aberrant organisational behaviour is likely to develop. The regulatory agency needs to have regular contact with real consumers and with well-resourced consumer advocates. Without this, it invariably becomes unduly influenced by the lobbying of the industry is supposed to be regulating, or by the demands of other arms of government.

The agency needs to be able to use its expertise to inquire into problem areas - including fields which border on its area of responsibility. When new problems develop which do not fit directly into the narrow legalistic interpretation of any agency's area of responsibility - it is vital that some agency own and explore them - otherwise the problem would fall between the cracks and not be recognised by any government or industry agency. (As has happened with Customer Activated Malicious Call Trace.)

A good example of this expansive process was AUSTEL's Privacy Inquiry of 1992. This was aimed at researching problems including Calling Number Display, reverse telephone directories and outbound telemarketing - including the use of automated calling equipment. There were quite a few other issues that it should also have covered, such as Malicious Call Trace and itemised billing. In an ideal world, this small team of people would have had the resources and approval to tackle these and other issues too. In fact, they had their work cut out for them with the initial issues. The Inquiry could have been better advertised, but it did receive input from many individuals, consumer organisations, from industry and from government. It held public seminars and met privately with individuals and organisations. It produced a report which has many strengths. (This was before the popularity of the Internet - so it is not on the web.)

While its easy to see how the AUSTEL Privacy Inquiry could have been more expansive, it is a good example of a regulator making an excellent, public, effort to delve into problem areas for which no specific regulatory arrangements had yet been made. Unfortunately, other than delaying the introduction of Calling Number Display, and leading to the eventual creation of the AUSTEL Privacy Advisory Committee, its hard to see where the report of the Inquiry has had the positive influence it should have had.

As an individual, and later as a representative of Consumers Telecommunications Network, I found that in general, AUSTEL staff were highly supportive of consumers and took their consumer protection role very seriously. Unfortunately, AUSTEL was not able to take real action on new areas which were not hard-wired into the Act which defined its powers. Arguably this is as it should be - the agency should advise on new regulatory approaches, but it should not be able to expand its influence beyond that anticipated by Parliament.

The trouble is, nowhere in the telecommunications field, is there a reliable process for new or existing problems to be "owned" by any agency, or for DoCA, the government or AUSTEL/ACA/ACCC to progress the issue. Its really up to the Minister to decide that something needs to be looked at - and to allocate resources in DoCA and or the ACA to investigate what needs to be done. Then it is a matter of either making Ministerial directives or taking it to Cabinet, creating some new legislation and getting it though Parliament.

The fact is, that with the sheer number of issues, and their complexity, and the finite time and mental resources of the people concerned, and the limited amount of funding that governments are willing to spend on regulatory activities, a lot of important issues are never given proper attention - and those that are recognised are often handled inadequately.

This is primarily a result of government not taking its regulatory responsibilities seriously. With appropriate funding, and careful attention to management, all the issues mentioned below in the case studies could be satisfactorily resolved - very often with a judicious government regulatory approach and sometimes with self-regulation.

If the government was serious about protecting the public in the complex, privacy threatening, economically and socially crucial telecommunications industry, then a great deal more would be achieved. It may cost a few more millions of dollars, perhaps a few tens of millions over a few years - but this is a dollar or two per-annum per capita - a small price to pay.

I do not accept that the deficiencies in current government regulatory approaches are fundamental. It is possible to run responsive, accountable regulatory systems - but it takes adequate funding and good management so that the best people are recruited and given the resources they need.

Industry-based regulatory schemes have certain potential advantages over a government scheme. They may be operated by people with more intimate experience of the industry and of the public's use of its products and services. This is fundamentally a good thing, since the greatest problem in any large "organisation" is the length of the feedback loops between the public (where the action happens and regulatory decisions matter) and the relatively remote and rarefied realms where the crucial decisions are made.

Single person businesses have no such problems with long feedback loops! Large "organisations" - whether government or commercial - can have terrible trouble with long feed-back loops which delay, attenuate and distort feedback so much that the decision makers may be very poorly placed to make the right choices. I didn't find this too much of a problem with AUSTEL, or with DoCA. It is a huge problem with an "organisation" the size of Telstra.

An industry-based self-regulatory organisation can in principle be small enough not to suffer like Telstra or the larger government departments do from inadequate connection with reality. So to can a well-run government regulatory body - but it takes funding, good management, good staff and constant attention to detail.

An oft-cited benefit of self-regulation is that the costs are borne by the industry (and therefore the customers of that industry) rather than the tax-payer. Here are two contrary arguments:

Firstly, a government run regulator can easily be funded by a levy on the industry. This becomes more administratively costly when there are many companies active in the industry - as is now the case with telecommunications - but it is still true in principle. This approach would be difficult where the participants in the "industry" are not keen to identify themselves - for instance outbound telemarketing which is often an activity of a business, rather than the sole function of a business. Also, in the case of telemarketing, where effective regulation would close down the great majority of current outbound telemarketers, there would be a tiny remaining base from which to extract funding.

Secondly and more importantly, in the fields of privacy and telephony - and increasing with Internet communications as it becomes as ubiquitous as telephony - the benefits of the regulatory activities are shared by virtually the entire population. As such, if there are serious difficulties extracting funding from the industry itself, there should be no problem with funding it from general revenue.

An advantage of industry self-regulation is that is in principle more adaptable to changing circumstances. The industry body simply needs to decide on some new rules, check with the ACCC that they are not anti-competitive (and justify them if they are) and implement them. This is a lot snappier than amending Acts of Parliament, or preparing and passing disallowable instruments.

If the industry body was genuinely interested in the real priorities of the public, and it was adequately funded, respected by the industry in general, and it had the powers it needed to protect the public, then the industry-based self-regulatory approach could be more responsive than a one based on legislation and a government regulatory agency.

However there are a number of problems with self-regulatory approaches. These problems are fundamental and I believe much harder to resolve than the task of properly funding and managing a government regulatory agency to achieve excellent outcomes.

1 - The staff and funding of the industry body is very closely coupled to the industry it is supposed to be regulating. Industry participants can obtain a short- or long-term financial advantage from the exploitative practices the industry body is supposed to be preventing - so why should the industry fund the body to the degree necessary for it to carry out its work? (Answer: in theory, the long-term threat of government regulation - but this is a very weak incentive.)

Similarly, why would the industry support the best, most critically and independently minded people leaving productive employment to work for the industry body? Those people would need to be offered high salaries commensurate with their earning potential in the commercial world.

2 - There are significant "political" and administrative problems in deciding how to levy industry participants to pay for the industry body. This is especially true when there is a 10,000 to 1 ratio difference in size between the largest and smallest participants - for instance between Telstra and smaller ISPs.

3 - In an industry where the participants are not clearly defined (eg. telemarketing) and/or where the industry scheme is not compulsory (it could only be compulsory if it was a forced-self-regulatory scheme with legislative backing - for instance the Telecommunications Industry Ombudsman), then the costs of the scheme are borne by the larger and/or more responsible participants - while consumer problems and therefore industry body activities are driven disproportionately by the "bad-egg", "cowboy" operators who are less likely to be funding the industry body.

4 - It can be bad enough, when a consumer encounters a problem, deciding which government regulatory domain best covers the case. However the task of finding the right "home" for a complaint is greatly exacerbated by a profusion of industry based schemes. For instance how are consumers to know, when they receive a call purporting to be a market-research call, but which develops into a sales call, whether this should be covered by:

• The Association of Australian Market Research Organisations' (AMRO's) and the Market Research Society of Australia's (MRSA's) excellent (I believe) voluntarily self-regulatory scheme,


• By the ACCC as a matter of false pretences in business,


• By some yet-to-be-created industry or (preferably!) government approach to telemarketing (or the current ADMA's code for telemarketers - which prohibits such calls - but few telemarketers are members of ADMA. )


• Whether they should complain to their telephone company about the company allowing such unwanted calls to be made to their service.


• The Telecommunications Industry Ombudsman.


• Whether they should make a complaint to the state, or is it the federal, police about a phone call which they believe to be malicious.

Assuming they do figure out which path to take (and the first three are the most likely candidates) how do they prove who made the call? At present they cannot, since there is no Customer Activated Malicious Call Trace service - and even if there was, would it be applicable if the call was not deemed to fit the criteria of 85 ZE of the Crimes Act? (Yes, it might - the TIO can access such call data, in confidence, if it relates to an investigation of theirs - but would the TIO be involved in this? Probably not - unless the call was believed to come from one of its participants.)

Many other examples could be given. The fact is that the more industry based self-regulatory schemes there are, the more difficulty there is for consumers to complain about problems - so the feedback loop is less likely to begin.

Who is to decide which industry body or regulatory agency should "own" the problem - if none of them deem it to be in their territory? I don't think there is any system at all. If it is a privacy matter, ideally the Privacy Commissioner's department should be able look into it - but currently that only works for problems caused by government agencies - not by companies or charities.
 

5 - What are the appeal processes if the consumer does not believe the industry body has adequately addressed their problem? Each industry based body is likely to have its own arrangements for this. They are likely to be difficult to follow, and not very timely. Is legal aid likely to be available for such appeals? What legal basis is there for appealing to the courts if the industry appeal process is thought to be defective?

6 - The public accountability of industry bodies is likely to be poor. I was the sole consumer rep. on the AUSTEL Mobile Churn Committee. We were supposed to devise an industry self-regulatory scheme, and establish an industry body, to cover solely the change of service between carriers for mobile phone contracts. Not sales of new contracts, or sales of handsets. Not closing an analogue account and opening a digital mobile account. Probably not even changing from one digital contract to another. Some of the carrier representatives were extraordinary - denying that consumers hated telemarketing, for instance. (They were extremely antagonistic to consumers and in this case, the AUSTEL chair of the committee was extremely weak.)

This committee lumbered along and eventually got nowhere - but it did propose an industry body with virtually no consumer input to its management, and with no effective external audit or reporting procedures.

The fact that the industry is regulated by a body which is owned, funded and managed by that industry means that consumers will have very little confidence that the body has real teeth, is independent and accountable.

It is fashionable at present in government circles not to over-regulate (unless of course it concerns Internet porn . . or perhaps cryptography. ). While there are attractive arguments for devolving responsibility and allowing industries to regulate themselves, there are fundamental weaknesses with self-regulation. These may not be such an issue in a relatively stable industry, with large, easily recognised participants, which already has established high standards regarding privacy and customer care - such as insurance and banking (though there were some rorts in insurance at least . . . and I am not active in these fields, so perhaps I underestimate the problems). However in a rapidly growing field, where there are many rapacious new-entrants and especially in a field of such technical and human complexity as communications, I doubt that industry self-regulation - including that which is forced by governments - will be effective.

It could be argued that the weaknesses and costs of previous government regulatory regimes are arguments for an industry self-regulatory approach. That may be - but they are also arguments for proper funding and careful management of government regulatory schemes to achieve an excellent outcome.

Without wanting to make too much of rhetorical argument by analogy, would it be better to appoint and independently fund a fresh group of people to control the burglary industry, or to tell the burglars to form their own self-regulatory system - on threat of the government getting a fresh group of people to control them if the burglars fail to really respect the public's interest?

That said, there are instances where industries spontaneously form their own non-compulsory code of conduct, and all, or virtually all, participants join the scheme and respect it. An example of this is the codes of conduct for market research supported by The Association of Australian Market Research Organisations and the Market Research Society of Australia. (http://www.mrsa.com.au) When I last looked at this a few years ago, my impression was that virtually every market research company was a member of AMRO and complied with its code of conduct - which precludes such things as telemarketing and push-polling. (This does not stop anyone at all from offering what they call market research services, but an astute client would avoid any company that was not a member of AMRO.)

The market research industry struck me as genuinely professional. Its clients are businesses and other organisations such as government agencies. The industry depends entirely on the cooperation of the public, and on proper research methodologies, in order to produce valid results. It is a long-term, stable industry. Therefore it is not surprising that it has long upheld high standards of conduct.

Market research and other professional industries are very different from the rapid-growth, dog-eat-dog, hunting-and-herding telecommunications industry, which feed directly from the pockets of millions of impressionable consumers.

If an industry needs regulation, beyond that which it independently develops - if it needs to be forced by government to self-regulate - then there it is doubtful whether the government will really be able to ensure that the self-regulation properly respects the needs of the public.

The dynamics of this forced self-regulation are likely to be that it will always be testing the government's patience. The primary aim of telecommunications businesses (indeed the formal responsibility to their shareholders) is to build business and maximise profits. That means they would be happiest with no regulation - other than to curtail predatory competitors. (This was the primary concern of the Mobile Churn carrier representatives - at one stage I was told that the code was to prevent unfair business practices - unfair to other businesses - and that the code was specifically not intended for the benefit of consumers. They changed their tune later when the ACCC became involved!)

Collectively the industry is forced to work together to set up a body to regulate them all. This is roughly equivalent to the students forming a committee to police the "no foul language" rule in the playground - they aren't going to put themselves under the control of their best and brightest. So the priorities of the industry are:

1. Spend as little time and money on the industry body as possible.


2. Try to ensure that the regulatory policy and/or its enforcement has as little impact as possible on their profitability.


3. The limit to the two above priorities is to convince the government that the industry self-regulatory policy is either working, or close enough to working, to prevent them from actually closing the scheme down and enacting legislation.

Far better to have a well funded, well managed government regulatory body, with teeth and an expansive vision of its responsibilities, such as the ACCC! (Forgetting for a moment their involvement in telemarketing . . . )

The industry forced-self-regulation scheme adds at least one more layer of indirection. With government regulation, if it fails, the citizen can get their local member of Parliament to question the responsible Minister. The responsibility is with the Minister, and the query propagates to the Department, and perhaps to the regulatory body concerned. Now, in the telecommunications industry, it may propagate through DoCA, ACA, ACCC, TIO, ACIF, various ACIF committees and the company concerned.

When, eventually, the consumer decides that the regulatory system has failed, its more complex to get anything changed. Maybe the ACIF would respond - but if they don't, then who's responsibility is it? The Minister rattles the sabre of long-term regulatory action and says it's industry's responsibility to regulate itself - but he can't tell them exactly how to do it, and nor can ACA or the ACCC. Why? Because this is industry self-regulation! Most likely nothing will happen The best case is that the ACIF, would develop a new policy, persuade the great majority of the industry to accept it and then effectively implement it. But what resources and real independence does the ACIF have? Even if its staff are dedicated to consumer benefit, it is managed and financed by the industry whose excesses it is supposed to be controlling.

The time-delays and inertia in all of this are almost certain to ensure that very little consumer benefit emerges. ACIF will be flat out trying to do its work anyway, without developing new proposals which will effectively constrain profitable, exploitative corporate behaviour. The final tasks of getting the majority of the industry to agree to the new constraint, and to fund the effective administration of that constraint are tough barriers. Over the years, it is possible that ACIF will become weak and dispirited - a pawn between a powerful industry that does not want to be regulated and a government that is unwilling to admit that self-regulation was a mistake, and perhaps a government that doesn't care too much about the public anyway.

Let's hope this analysis proves to be completely wrong!   In the past I have been an optimist about telecommunications regulation - only to see my hopes dashed because of poorly funded regulators with no powers (ACA and the Privacy Commissioner's office), and a government that doesn't care.

Another significant and unavoidable problem with the self-regulatory model is that delegation of responsibility can lead to in-expert interpretations of the code-of-conduct. Where breaches of the code are punishable by draconian or criminal penalties, this can lead the restrictive nature of the code to be over-amplified. For instance, accepting for the sake of the argument that material on Australian web sites must not be that which would be refused classification by the OFLC, and that criminal penalties will apply to ISPs who allow such material on their servers, the practical expression of the government's intent is likely to be greatly skewed by the over-cautious judgement of ISPs in assessing whether or not material would be classified or not.

Considering:

1. While the criteria for RC publications is defined at:

http://www.oflc.gov.au/pubrate.html#refuse

the judgement of the censors on what may be refused classification changes over time, and has been the subject of extended court cases. (For instance the Rabelais case which went to the highest courts to decide whether an article "instructed in matters of crime". The question of classification of films is something separate.


2. The paucity of information about exactly what is refused classification - unless perhaps you pay $380 a year to subscribe to the OFLC's database,


3. The vastly more varied material which ISPs are likely to encounter compared to the commercial film, publications and video games which are submitted to the OFLC.


4. The completely different nature, context and mode of communication of material on web-sites compared to the OFLC's work on film and publications.

The best laws are practical to enforce, easy for normal people to understand, and involve penalties which scale with the degree to which they are broken. In addition, the best laws inspire broad respect.

The worst laws are those which are difficult for ordinary people to understand, which involve interpretative subtleties that could keep a Supreme Court busy for a week, and which involve penalties way out of proportion to the way they are broken.

A law which expects an ISP to decide whether web based material would be "refused classification", on threat of criminal penalties if they misjudge it - especially when the community has little respect for Internet censorship - is an example of the very worst kind of law.
 

---

6 - Criteria for deciding between legislation and government backed "self-regulation"

Characteristics of an industry which would make it more likely that government backed self-regulation would be more effective than direct government regulation:

• The industry has clearly identified participants.


• The participants are stable companies, operating in a professional way - ie. they provide sophisticated, high-value services to customers who are likely to be informed and discerning.


• The industry has already demonstrated its commitment to the public interest by a large proportion of participants joining a self-regulation scheme, or an industry association which genuinely promotes respect for the real needs of the public.


• The products are highly differentiated and perhaps personalised. Competition is based on quality of service, more than on price - ie. the product or service is not a commodity.


• The relationship between supplier and customer is long term, and based on more personal methods of contact rather than mass-market advertising and quick, impersonal transactions. This, together, potentially with the smaller size of businesses, puts the decision makers in closer contact with the public.


• The industry prospers without the use of intrusive or manipulative marketing approaches - including telemarketing, street solicitation, door-to-door advertising and high-pressure radio and television advertising.

• Participants in the "industry" are difficult to clearly identify. Especially if the focus of regulation is not an "industry" but an activity which is generally a peripheral function of organisations whose core businesses are unrelated - for instance telemarketing by a variety of companies and charities.


• The participants include many small and new companies, especially in a high-growth area such as telecommunications.


• There either has not been any meaningful attempts at self-regulation or forming an industry association, or the participation rate in genuine organisations has been very low.


• The competitive nature of the industry is characterised by:


1. The product becoming a commodity,


2. Competition for customers being based on marketing and elaborate pricing and bundling schemes.


3. Companies doing almost anything - such as very expensive, manipulative and intrusive marketing campaigns - in a scramble to build market share.


• The relationship between supplier and customer is shallow, and suppliers are geared to impersonal, mass-market customer contact techniques which put the supplier's decision-makers far from consumers.


• Some or all participants regularly use marketing techniques which are intrusive and/or manipulative. This shows a pre-existing contempt for the privacy of the public, and a desire to attract new customers not on the basis of clearly communicated product/price benefits, but by persuasion and taking advantage of people's weaknesses.

 

If the industry is already running itself reasonably well, then it will not need to by forced much by government to respect consumers. Such an industry may be well positioned to change its independent self-regulatory approach into one which involves government backing and more formal responsibility to the public via the government. In that case, it could be argued that a self-regulatory or co-regulatory approach might work well, and compare quite favourably with a purely government regulation scheme.  Those industries which are a battlefield, where consumers are merely cattle to be herded and milked for all they are worth - and I am thinking of many facets of the telecommunications industry here - are the ones which are going to be most difficult to force into a worthwhile self-regulatory arrangement. They will constantly be testing the limits of the government's tolerance by creating weak codes of conduct, by having weak compliance measures and poor public accountability. In this case - an obviously troublesome industry - it is unlikely to be a good candidate for self-regulation. So the government regulation option appears more attractive.

 

---

7 - Governments shirking their responsibilities to regulate

A simplistic view is: Business is good - it employs people, generates GDP, taxes, revenue for other businesses and hopefully generates exports or export replacements. Every regulation is an unproductive burden on business. So cut out the red-tape and let businesses thrive!

It makes a lot of sense, but when taken to the extent that the public, and other businesses, are exposed to exploitative practices which they cannot defend themselves from, then the government is abandoning a key commitment it made to the public - to protect the public from threats they can cannot protect themselves from.

Its my observation that the current federal government has excelled in expressing this fashion, but the previous government certainly had similar tendencies. The previous government started the privatisation of telecommunications (which is fine with me) together with the move towards industry self-regulation.

As far as I can tell, this self-regulatory move was never debated publicly or in Parliament. It was just assumed - as one does after accepting a fashion that puts rationality and other perspectives in the background. The consumer movement has never been happy about the self-regulatory approach. Many concerns about the foreseeable problems with self-regulation have been voiced over the years by representatives of Consumers Telecommunications Network (CTN) , the Australian Consumer Association and the Communications Law Centre.

The telecommunications industry is large and awash with money - most of it money from consumers paying for essential services in a monopoly or a cosy duopoly. Those in the industry, like the staff of government departments and regulators, work in large "organisations" in air-conditioned glass-walled office buildings. Its no problem for the industry to lobby government departments and political parties directly - their voice is much louder and better financed than that of consumer representatives. CTN, struggles with a staff of about three full-time workers (plus one administrator) to represent the telecommunications interests of Australian consumers. (Funding so far has come almost entirely from Telstra, despite attempts to broaden the funding base. Telstra is to be congratulated for this - but this arrangement is likely to end soon.) A handful of volunteers such as myself help out in an unpaid capacity. Given the massive complexity, growth and radical changes in telecommunications in recent years, a staff of twenty or thirty people would be required to adequately represent consumers in all the facets of telecommunications policy and in the maintenance of effective regulation.

Fortunately the government now has a policy to fund consumer representation in the telecommunications industry:

http://www.dca.gov.au/policy/section593.html

From the industry's point of view, self regulation means a bit of work and expense - to create a regulatory process they largely own and control. This is a welcome relief from having to deal with a regulator like AUSTEL, which sometimes made rulings that the carriers found most inconvenient - such as the privacy requirements for Calling Number Display.

The story of telecommunications regulation in Australia, in my six years experience, has consistently been one of consumer representatives struggling to cope with far too many issues - their voices faint by comparison with those of the industry, whose marketing and administrative divisions probably dwarfs the consumer representatives 5,000 to 1, and who similarly outnumber the voices of the regulator and no-doubt DoCA.

It is a tiring business! There have been a few wins - but there have been some terrible losses.

Its the government's responsibility to protect consumers - and the government is solely responsible for the following setbacks:

1. Last year (1997), the Federal government, without warning, cut all funding to the Consumers Federation of Australia. This modest funding was absolutely inconsequential in terms of the budget deficit, but played an important part in facilitating consumer involvement in policy development and technical standards.

 
2. This year (1998), the Privacy Commissioner's office has had its funding cut by 43%. The office, already struggling with its responsibilities in policy development and handling complaints is now even less able to protect the privacy of Australian people.

This was not a publicly debated or announced move - and could only result from a sense of negligence or hostility towards the privacy of Australians.
 

3. In its final year or two (1995-97), AUSTEL suffered greatly reduced funding - whilst taking on a wider and wider range of responsibilities. To compound matters, Telstra took AUSTEL to court over AUSTEL's finding that Telstra was the dominant participant in international phone calls. The legal expenses of defending this action further weakened AUSTEL's ability to perform its work, and requests to the government for funds to make up the short-fall were fruitless. (I learnt this first hand from an AUSTEL Board member.) An example of the resultant cut-backs were that the number of staff assigned to privacy issues was cut from two to one.

If an industry participant can successfully attenuate the regulator's ability to function, simply by taking them to court - and the government provides no relief - then it seems that the government is unconcerned about industry thwarting the regulator's attempts to do its job.
 

4. 4 - Both the previous and current governments supported a long-developed proposal to extend the scope of the Federal Privacy Act to cover not just government departments, but the activities of business as well. The current government's election policy statement supported this and so did many businesses. The Attorney General's Department had been on the case for several years, with discussion papers, plans etc. and all was proceeding smoothly.

In March 1997, apparently without consulting Cabinet, the AG's Dept. or the Privacy Commissioner, the Prime Minister announced that these plans had been abandoned - citing only the purported reason of excessive costs to business.

Reluctantly the AG's Department has fallen into line, and the Privacy Commissioner has been forced to develop a rough plan for an industry-based voluntary self-regulatory scheme to cover privacy in the commercial sphere.
 

http://www2.austlii.edu.au/itlaw/national_scheme/national-INFORMAT.html
Many businesses are opposed to this. No privacy/consumer advocate supports it. The voluntary approach is inconsistent with European regulations which will restrict information flows to countries which do not have sufficiently high standards of privacy protection.

It is impossible to reach any conclusion except that the government (or at least the government following an off-the-cuff decision by the Prime Minister) has so little interest in the privacy of Australians that it would abandon a well developed policy, with bipartisan support, without discussing it in public, with the relevant departments or even with Cabinet.
 

5. 5 - As will be detailed below, the government has allowed Telstra, Vodafone and Optus to introduce Calling Number Display on an opt-out basis without meeting the public awareness requirements which all parties agreed to in the AUSTEL Privacy Advisory Report on Calling Number Display.

Opt-out Calling Number Display is a straightforward case of the carriers wanting to sell caller's personal information, without their explicit, informed consent and very often without their knowledge.

If the government was more concerned about the privacy of Australians than the short-term profitability of the carriers, then it never would have allowed this. (Arguably, the Minister for Communications did not carry out his regulatory responsibilities on Telstra when it broke its commitment not to launch CND before the PAC public awareness requirements had been met - because he is also Minister for Maximising the Share Price of Telstra, To Keep Millions of Shareholder-Voters Happy and to Maximise Returns in the Next Phase of Privatisation.)
 

6. 6 - As will be detailed below, the process of creating some kind of regulation for outbound telemarketing began in late 1991, when AUSTEL launched its Privacy Inquiry. The end result arrived late last year. It is a completely worst-case scenario which enables telemarketers to do almost whatever they like. It is not enforceable - just a voluntary code of conduct, with no industry body to oversee it - but it has the imprimatur of the Ministerial Council on Consumer Affairs and says it is acceptable for telemarketers to call every 30 days, on any day (except three in the year) between 8 AM and 9 PM. They do not have to respect your request not to call again, and there is nothing to prohibit calls with tape-recorded messages.

I put more effort into telemarketing control than any other individual in Australia. A small part of my work is a submission to one of the committees that led to the current "code":
 

http://www.ozemail.com.au/~firstpr/tm/
All my work, and that of others, on telemarketing has been a complete waste of time.

---

8 - Governments regulating inappropriately

Cryptography

The government's cryptography policy has been eagerly awaited for over a year now. Currently there are export restrictions on cryptographic software and hardware - which are completely anachronistic and no longer serve their intended national security purpose. While they are largely ignored, those companies wishing to export software and hardware - and who need to follow the letter of the law - are prevented from exporting.

Despite the suppression of the Walsh Report, there are encouraging signs that the Australian government will ignore the increasingly ridiculous requests by the USA regarding restricting the use of strong cryptography. The Australian input into the relatively enlightened OECD process may have been crucial. Hopefully these cold-war-relic restrictions will soon be historical curiosities.

Content regulation

More on this below. Attempts to impose restrictions on Internet communications are not supported by the majority of the public, are impractical and if implemented will engender disrespect for the law. The proposition that there is a single set of "community values", suitable for imposing on the entire population, in 1998's multicultural Australia, is quaint - and should be preserved for the interest of future generations.

Broadcasting - religious vilification

In February 1996, in the first test case regarding "religious vilification" the ABA found that 3RRR's "Liars Club" (a wide-ranging sceptics program) was guilty of breaching Radio Program Standards by "gratuitously vilifying the Church of Scientology". The presenter had sympathised with a victim of the so-called church, without offering a balancing viewpoint which favoured the "religion" in question.

While this regulation may have been well intentioned, its chilling effects on free discussion of questions concerning religions - and organisations which pretend to be religions - are a very serious matter. It would seem that similar logic applied to the dozens or hundreds of radio and television programs concerning abuse of children by Catholic nuns and priests would have also found many cases of so-called vilification.

Anti-discrimination legislation - or codes of conduct - can be a minefield. Vilification of individuals is a serious matter. Vilification of races probably is too - since people don't choose their race. I am not sure that vilification of systems of belief - or in the case of Scientology exploitative pseudo-spiritual brainwashing - is comparable.

This over-regulation was probably not deliberate. Perhaps the ABA made an interpretive error, but this regulation seems to need revision. I understand that the Communication Law Centre wrote a valuable critique of this decision in Issue 124 (1996) of their journal, Communication Update.

---

9 - Case studies - Summary

[Note for people reading this on a text browser, or with braille or speech synthesisers:  The following two tables have five columns.  1: The area for potential regulation. 2: Whether or not it should be regulated. 3: Why, and if so how it should be regulated.  4: To what extent this regulation will be effective. 5: What should be done to achieve this, starting from the current position in Australia.]

Federal privacy regulation for companies

This is a big debate. For more information, see:

http://www.efa.org.au/Issues/Privacy/Welcome.html

A primary function of government is to protect citizens from those threats