The comments came in a submission the ACA made to an inquiry that the Federal Senate Legal and Constitutional References Committee is currently carrying out into the Privacy Act 1988. The inquiry will examine the Act's effectiveness in protecting privacy, particularly with reference to new and emerging technologies like Smart Cards, biometric imaging, genetic testing and in-body implanted microchips.
The ACA pointed out in its submission that although the Act had initially aimed at implementing technologically neutral rules, developments like e-mail have "consistently created the desire to be specific about aspects of the technology".
With respect to e-mail, the ACA said, privacy legislation in Australia had failed in several key areas. "The need to seek consent before [carrying out] electronic messaging, the need for functional unsubscribe facilities, and the need for accurate and specific identification in the course of all commercial electronic messaging" were all needs not met under current legislation.
The ACA said these requirements had emerged "from the realisation that electronic messaging couldn't work in a free-for-all environment," and concluded that "without control over the flow of messages coming at them, consumers will simply disengage from the channels."
The result of such needs not being addressed by the legislation, according to the ACA, was that "The last decade showed that such [e-mail] messaging without significant cost or regulatory restraints on the originator will impose considerable burdens on the consumer."
And furthermore, "The degradation of the e-mail 'info-commons' has comprehensively demonstrated that the only way e-messaging can work (for business as well as consumers) is on an opt-in basis," said the association.
This has led to a situation in which "E-mail has been a significant challenge to our formal privacy framework, one it failed to rise to. The job has been given to the communications regulator, the Australian Communications Authority, soon to be the ACMA. However, our fear is that notwithstanding the sensible Australian approach in the Spam Act, the public e-mail space may well be permanently corrupt."
While none of the other submissions to the inquiry specifically focused on any failure of the Act to provide for the challenges posed by e-mail, security company Lockstep Consulting did have this to say: "Further research should be conducted into the threats posed to privacy by phishing and spam, especially in light of electronic health records and similarly sensitive personal information becoming increasingly available over the Internet."
Lockstep was established in 2004 by Stephen Wilson, who bills himself as an authority on identity management and information security.
MessageLabs Business Development Director Paul MacRae said last week that industry analyst IDC had predicted that by the end of 2006, around 30 billion e-mails would be sent annually. Highlighting the current extent of the e-mail problem, MacRae said that one in sixteen e-mail messages received today contained a virus, one in four was spam, and that 80 million of the e-mails sent in 2004 consisted of phishing attacks. MessageLabs is a provider of managed e-mail services.
