Senator the Hon Helen Coonan

Minister for Communications,

Information Technology

and the Arts, Australia

Spam, spyware & consumer protection: An Australian perspective on the role of APEC TEL in securing the online future

APEC TELMIN 6

Lima , Peru

Thursday 2 June 2005

Good morning Minister Ortiz, honoured guests, and ladies and gentlemen.

It is a pleasure to be here at this distinguished gathering in the historic land of Peru.

Our topic this morning, security and communication technologies, is of tremendous importance.

All of our economies are grappling with threats to the security of the online environment.

E-security is essential to minimise the threats posed by our current geopolitical climate. It is also critical to give businesses and consumers confidence that they can safely use the internet and other communications technologies.

A secure online environment will not be built by governments alone. The Australian Government has taken steps to protect the online environment by consulting with business and with users. We are developing and adopting a framework of policy, regulation and other tools to help address our challenges.

But e-security threats can not be countered by individual economies. Security is a global issue, and one where we need to forge solutions together.

APEC provides us with an ideal forum in which to collaborate and to help minimise these threats.

APEC TEL has already made valuable progress in this area. It has run workshops for small business, created detailed advice on e-security and authentication, and shared information on e-government and network interconnection. It has also developed a model for international Internet charging arrangements.

And there is more that could be done.

This morning I will outline four areas of work on e-security where the TEL might wish to focus in the future:

• spam, an area where some excellent results have already been achieved;
• spyware, an emerging issue that might become an even greater concern than spam;
• consumer protection, which I am sure will increase significantly as a problem;
• and lastly, the security of essential infrastructure and services – a relatively new area where there is enormous potential for the TEL to assist.

Spam

I will turn firstly to spam. We all recognise that spam is already a significant problem. According to one recent estimate, spam now accounts for 10 out of every 13 email messages.

Not only is this annoying and costly, it is also a significant hazard. Perhaps most worryingly, spam is decreasing user confidence in e-commerce and the online environment more generally.

To deal with the problem of spam, Australia has taken a multi-layered approach.

We have passed legislation – the Spam Act – which provides clear standards that define when commercial messaging is legitimate. By outlawing unsolicited messages, we are protecting Australian consumers and businesses from spam that originates in Australia.

Our legislation is based on an ‘opt-in’ approach. Australian consumers only receive the commercial messages that they wish to receive.

Since the Act came into effect 14 months ago, the regulator has required 200 businesses to make changes to their email and SMS marketing practices. In a cooperative approach between Government and industry, codes of practice have been registered for e-marketers and for SMS marketing.

Our legislation has also helped computer users internationally – there is now very little spam that is sent from Australia. But no legislation that we pass can stop spam from arriving on Australian computers. For that, we need international cooperation.

That is why we are involved in several international efforts:

• The OECD has a Taskforce on Spam, which Australia is honoured to chair;
• Australia , together with 21 other countries, has signed the London Action Plan. The Plan focuses on cooperation in the area of spam enforcement;
• The so-called Seoul-Melbourne Agreement on Spam is forging a strong network of cooperation amongst 12 Internet and communications agencies across the Asia-Pacific region. Members in this room include China, Thailand and Malaysia.

And we are active within APEC. The TEL is a model of how collaborative approaches to dealing with international problems can lead to real and practical outcomes.

For example, the recently finalised APEC Principles and Implementation Guidelines for Action against Spam provides tools that apply specifically to the needs of APEC member economies.

I am told that these principles and guidelines are an international first. They complement other international efforts to combat spam.

Just as no economy acting alone can solve the spam problem, so no international body – even one as effective as the TEL – can provide the solution on its own.

I encourage the TEL to work in close cooperation with bodies such the OECD and the ITU. The TEL could also consider how best to use the World Summit on the Information Society to promote solutions.

Spyware

Like spam, spyware is starting to have a serious impact on consumer confidence in the online environment.

Malicious practices associated with spyware include fraud, identity theft and anti-competitive behaviour.

Last year, the Australian Government completed a review of our legislative framework to determine whether specific legislation was required to deal with the most serious and malicious spyware activities.

The review confirmed that our existing laws are adequate.

However, robust laws are not enough. We are consulting with industry and the public to determine what other responses might be required.

As is the case with spam, international cooperation is essential to address the challenge posed by spyware.

The TEL has already begun work in this area. The TEL’s E-Security Task Group has undertaken a survey of approaches to spyware, which will assist in identifying areas for further international cooperation.

This survey is a necessary stage of fact-finding. But I consider that the TEL might go further, and look at:

• Firstly, boosting its exchange of information on current practices and concerns regarding spyware;
• The TEL could also consider developing strategies to increase business and consumer awareness of the spyware problem and the range of possible technical solutions;
• And, thirdly, the TEL could undertake capacity building – an area where the TEL has long been particularly effective.

Consumer protection

One challenge that, in my view, will become even more important is consumer protection.

As more and more business is conducted online between different economies, we are bound to see more situations where consumers have complaints that they find difficult, if not impossible, to pursue.

And this could have a very detrimental impact. If the promise of the internet is to be realised, consumers need to have avenues to pursue the inevitable problems.

This is difficult in any one economy. It becomes yet more challenging where the problem may originate in another economy.

For example, the security challenges posed by phishing are real. Phishing attacks see online criminals using apparently legitimate emails to trick people into divulging passwords, credit card numbers and bank account details.

To help address this issue at home, the Australian Government has released a guide entitled Phishing - Don’t take the bait, to provide consumers with pointers to avoid being caught out by online fraud.

As in so many areas, the TEL is at the forefront of international responses to phishing, and its work complements the efforts that many of us make domestically.

The TEL’s three booklets, SafetyNet, Safety Wireless and Safety Mail, provide practical information in a user friendly way. These booklets cut through the often confusing jargon that’s used when discussing Internet security, and map out the measures that people need to take to protect themselves from online threats.

And there is more that could be done to address consumer protection issues.

I note that APEC has an overarching Cybersecurity Strategy. This strategy was developed in the face of recent acts of terrorism and the growing criminal misuse of information. It includes a comprehensive package of measures to protect business and consumers from cybercrime and paves the way for consumer trust in the use of e-commerce.

The TEL could take this work further.

I welcome upcoming TEL activities, including the project on Cybercrime Legislation and Enforcement Capacity Building, which supports institutions to implement cybersecurity laws.

I am also pleased to see cooperative activity with the OECD on the security of information systems and networks. The proposed joint workshop, scheduled for September this year, could usefully consider a range of security issues such as spyware, security certification of IT products, and methodologies for risk assessment of ICT systems.

In addition, I would be keen to see the TEL address complaints from consumers about services provided from one economy into another. There may not yet be a great number of these complaints, but we can be sure that, as the online environment grows, there will more and more. The TEL could prepare strategies to address this issue now.

When we Ministers next meet, we may consider this to be one of the TEL’s most important contributions yet.

Security of Essential Infrastructure and Services

There is one other important issue I would like to raise. We all, more than we often realise, depend upon the electronic information systems that monitor and control the security of essential infrastructure and services. We depend upon these hidden systems for natural gas, water, electricity, and transport.

These systems form an essential element of a nation’s critical infrastructure. As we know, the physical security of this infrastructure has always been a priority. But now we must turn our attention to the importance of their e-security.

Historically, essential infrastructure has been controlled over private communication networks. Because of this, they have not been vulnerable to external attack.

But with the growing use of the internet, e-security measures are an increasingly important issue in the functioning of our airports and power stations.

Australia has conducted a series of workshops to raise national awareness of the risks involved, and the need to apply effective electronic security measures.

We need to do more domestically on this issue. And it is probably also the case that other economies could benefit from discussing our mutual concerns.

There is already some international cooperation on this issue. But there is a vital role that the TEL could play. It could survey the current situation in member economies, work on the best responses, and undertake capacity building. It could also monitor ongoing implementation.

The TEL has a real role here. But the issue is of broader interest, and relates to many other parts of APEC.

This is an area where TEL Ministers might be able to make a particular contribution to the overall APEC agenda. We are in a position to make these links – links that relate to APEC groups working on security and emergency response activities, energy, transport and water infrastructure protection.

Accordingly, I would suggest that Ministers here today consider whether we should bring these issues to the attention of APEC Economic Leaders for further consideration.

Conclusion

In conclusion, it is a pleasure to observe how effective the TEL has been. Its informal style allows members to interact and develop solutions in a positive and productive environment.

This morning I have outlined some of the key areas where the TEL can expand its work and help to secure our online environment. It has significant roles to play in relation to spam, spyware, consumer protection, and the security of essential infrastructure and services.

ICT is an exciting area of growth and as the responsible Australian Minister I am determined to maintain a healthy, secure and competitive market at home in Australia.

I am also committed to building international links and working with my esteemed colleagues in APEC to address those issues that concern us all.

I am confident that, working together, we can strengthen security and prosperity through information and communications technologies.

Thank you.

Refer to www.postini.com