Australia: ACMA Champions Australian Zombie-Hunting Program

The Australian Communications & Media Authority, together with five leading internet service providers, has launched a trial initiative to combat the use by hackers of infected computers to send spam, collect personal information and commit other online crimes.

The program, called the Australian Internet Security Initiative, was launched on 7 November 2005 by the Minister for Communications, Information Technology and the Arts, Senator Helen Coonan.

A zombie computer is a machine which has been infected by a computer virus or another form of controlled intrusion, such as hacking. An infected computer may then be remotely controlled by a third party without the computer owner knowing, and may be used to commit online crimes such as sending spam and hosting offensive material.

It is estimated that up to 60% of all global spam traffic is relayed through zombie computers.

The Australian Internet Security Initiative is to be spearheaded by the ACMA, which has developed a program to find zombie computers with Australian internet addresses on the internet, and administered at the mid-level by internet service providers (ISPs).

Once a computer has been identified as infected, the ACMA will supply the ISPs with alerts showing the whereabouts of the infected internet addresses on their respective networks. ISPs will then contact the customer and provide it with information on how to fix the problem and properly secure the computer to prevent future attacks.

If the customer is unable or unwilling to take appropriate action, the ISP may then take steps under its acceptable use policy to disconnect the computer until the issue is resolved.

The new initiative means that consumers and businesses whose computers are identified as zombies by the ACMA software may face disconnection of their internet service if they are unable to satisfy their ISP that the infected computer has been fixed, and no longer poses a threat to other internet users. For ISPs, the process of contacting owners and providing information on fixing the problem of an infected computer will represent a significant increase in workload, particularly in the case of the average consumer-user with limited knowledge of computer hardware and software. However, it is anticipated that the additional resources required will be more than offset by lower ISP costs due to a reduction in spam traffic.

The identification by the ACMA of infected computers, and provision of that data to ISPs, may result in an increased risk of ISP liability under the Spam Act 2003.

The Act provides that a carriage service provider (in this case an ISP) is not taken to send an electronic message simply because it has supplied the carriage service which enabled the message to be sent.

However, the rules concerning the sending of commercial electronic messages not only cover persons who send contravening messages, but also those who cause to be sent contravening messages. In addition, there are ancillary provisions preventing any person from:

• Aiding, abetting, counselling or procuring a contravention of the primary rules contained in Part 2 of the Act.
• Inducing, whether by threats or promises or otherwise, a contravention of the rules.
• Being in any way, directly or indirectly, knowingly concerned in, or party to, a contravention of the rules.
• Conspiring with others to effect a contravention of the rules.

If an ISP is aware that a particular user is using their carriage service to distribute spam, it is arguable that it will be in breach of the ancillary contraventions set out in sections 16-18 of the Act in that it is encouraging and failing to prevent the user from breaching the provisions of the Act.

Clearly, the best policy for consumers and businesses is to prevent infection of computers and systems in the first place. Anti-virus software and firewalls are widely available to detect and repel attempts by third parties to invade or infect computers.

Should the trial initiative prove successful, it is likely that the ACMA will, in the long run, require all ISPs to comply with the requirements of Australian Internet Security Initiative. This should result in an overall decrease in spam traffic in Australia. It is worth noting, however, that a significant volume of spam originates abroad, and the ACMA is unable to regulate ISPs and users not located in Australia. So it is possible that the program may ultimately fail to achieve a significant decrease in spam originating from abroad.

This publication is intended as a first point of reference and should not be relied on as a substitute for professional advice. Specialist legal advice should always be sought in relation to any particular circumstances and no liability will be accepted for any losses incurred by those relying solely on this publication.