ACMA, Copyright, Privacy and other un-newsworthy things…….

Posted on June 25th, 2009 by Drazen Drazic

By SGirl:

Who will I upset this time? Though the support far outweighed the few negative comments. But, I digress…..

It is interesting the information that you can find when you look really hard and spend a bit of time to get results.

As a bit of background, to me, IT security is not just all about technical solutions, hacking and latest marketing terms like the “Cloud”. It is also about management, strategy, compliance (not the dirty version). It’s many areas that for some reason, the media don’t really report nor focus upon (unless your compliance means PCI DSS). It’s the less “sexy” part of the industry, but for much, the parts that hit the coalface of the business.

In Australia, there are things happening that you hear little to nothing about – things that are affecting businesses and compliance considerations now. They aren’t being focused upon and far from hot topics like PCI DSS; “Ooh merchants might start being fined soon and let’s start talking about what PCI DSS is, and means to you and how vendor X is going to help you”! We only hear about what a few decide is “sexy” but for most part and as recent conversations here in this blog and forums have shown, what those individuals are deciding as “interesting” seems not to be what is floating the boats of many in the industry. Drazen Drazic gets most of his news from blogs he says.

Let have a look at a few things:

Businesses getting hit for being not compliant with the SPAM Act

We all know a little about this but the details and stories are rarely if ever covered. The  Australian Communication and Media Authority (ACMA) seems to be taking their job of enforcing the Spam Act pretty seriously.

Take for example one small business: 1 owner. Two staff purchased a list that they bought in good faith (apparently) to send SMS’s advertising health goods. 4 complaints later and a fairly serious investigation by ACMA and they [the business] are down $10,000 plus some fairly big mandatory requirements that they must comply with such having to undergo audits by ACMA for a year – having to demonstrate a training and awareness program and business practices that will prevent them from breaching the Spam Act again. To top it off, their company is publicly named

They are not alone either. http://www.acma.gov.au/WEB/STANDARD/pc=PC_310869 and http://www.acma.gov.au/WEB/STANDARD/pc=PC_100407

Does this not rate as News? Checkout the links. Some of this stuff is quite interesting!

Businesses getting fined for Software Piracy

Under the Copyright Act, copyright breaches can result in fines up to $93,500 and /or up to five years imprisonment for individuals and fines up to $467,500 and/or up to five years imprisonment for companies. Civil penalties can include rewards of damages that are unlimited plus court costs.

Here are just some recent penalties:

- Travel Company $200,000
- Manufacturing Company $200,000
- IT Services Company – $150,000
- Telecommunications Company $100,000
- Training and Employment Company $91,500
- Agricultural Company $60,000.

The Australian Copyright Council publicly lists all cases including business names and penalties:
http://www.copyright.org.au/news/news_items/cases-news

Also on Software Piracy, The Business Software Alliance is a group made up of members of the major software companies that actively champion uncovering software piracy and copyright infringement. They also provide rewards of $5000 to identify businesses that are infringing copyright.

Still not News? Checkout the link. Some interesting reads again!

Privacy and Credit Card Information

In 2007, a complaint was made by an individual who was concerned that a receipt for a payment they received made displayed their full credit card details, including their name, full credit card number, type of card and expiry date. They felt that this compromised the security of their information as any person gaining custody of this receipt would subsequently be provided with sufficient information to complete a credit card transaction charged to their credit card account.

The commissioner upheld that this did not breach the Privacy Act -  which technically is true, but isn’t it so at odds with every principle of the PCI DSS? Depends I suppose on what is simplest to deal with and uphold at the time? Common sense versus “pragmatic” and selective placement in the too-hard basket. (The merchant EFTPOS facility used was provided by a banking institution).

Is this not a strange message to send? Is this not news. (I know it was reported but few “journalists” if any disected and questioned it).

I hope if you’ve made it this far in this post, you have found it interesting. Nothing new here but more so details – cases, case-studies and other things to consider or just general interest different to the day to day things we think about. But as I said, not the easiest information to find on the Net!

9 Responses to “ACMA, Copyright, Privacy and other un-newsworthy things…….”

  1. Ralphy Says:
    June 26th, 2009 at 3:08 am

    @Draz where do you find these self-centred ghost writers? Why are they so condescending to your readership?

    @Sgirl thank you for highlighting these issues that as you point out aren’t sexy infosec topics… I think you assume far too much that these are not reported. My very scientific methodology of utilising Google News Search with the search parameters ‘Spam Act Australia’ found three articles relating to this topic published in June 2009 and only two relating to ‘PCI DSS Australia’. Now before you get on your high horse saying that the search was unlikely to include the “IT Media”, you specifically target small business… and I know my corner fish and chippy religiously reads SC magazine dot com

    In fact I think Franco (the chippy owner) was even rooting for Big Galoot to win the AustCert award for excellence in the field of excellence.

    PS @Draz as this is your blog can you please proof and edit these posts… my head hurts trying to understand shit like:

    “Nothing new here but more so details”

    I guess if you keep reading you forget the beginning of the sentence made no sense.

  2. Thanks Says:
    June 26th, 2009 at 10:32 am

    I thought the links and story were interesting. Good to get another perspective on what you don’t hear much about and different to most topics people are blogging about.

    Sorry Ralphy. You are a hard marker. :) I think the point of most of this was information being easy to find, at hand and being a more reported topic. I know your stats prove otherwise and that is interesting.

    I don’t understand all this Big Galoot business. ;)

  3. Exhausted Says:
    June 26th, 2009 at 11:08 am

    Jeez.
    After reading this epic, War & Peace looks like a short story.

    So, to summarize, did the butler do it … I drifted off ?

    ;)

  4. LOL Says:
    June 26th, 2009 at 12:18 pm

    The fact you could even be bothered posting Exhausted is funny.

    I bet you enjoyed every bit of it and are just trying to be too cool. Probably sending the links off as your own to all your colleagues and going for the back pats on what you know. LOL.

  5. Drazen Drazic Says:
    June 26th, 2009 at 1:07 pm

    I love the posts that generate discussion/debate (even silly stuff). There’s some witty people who get on here and some not so much (eh Exhausted? :) )

    Interestingly, SGirl’s last post was the most read for that month according to my site statistics and from memory was posted well into the month so it had some catching up to do. This one’s already getting up there after less than a day.

    @Ralphy, I apologise for the “proofing”. That is my fault.

    I do also make the final call on submitted stories and I stand by this one. From my perspective, it was very interesting as I haven’t really spent much time going through detailed information and case studies in these areas. I thought others might find it interesting also. Judging by the interest from traffic hitting the story directly, I’d say quite a few others are finding that.

    Keep the comments coming Ralphy. Thanks for reading and contributing. I do value the input. :)

    “Exhausted”, dude, thanks for the effort and giving it a fine shot! I don’t want to spoil the ending for you. Maybe next time, read it over a few sittings.

    DD

  6. Ralphy Says:
    June 26th, 2009 at 3:43 pm

    @Thanks Ofcourse I am, Draz has a great blog, and therefore has set expectations high. Blame him not me.

    @Sgril Please keep submitting posts, they are interesting, even if they are albeit difficult to read. By what Draz has said not only to me but it seems to a wider BorB audience.

  7. Exhausted Says:
    June 26th, 2009 at 5:05 pm

    @SGirl yeah good effort all things considered.

    Regrettably though, not a single mention though of the words “beer”, “V8s” or “porn” to keep plebs like me reading to the very end of your epic post doctoral thesis-styled research paper.

    Almost certainly, its’ more about me than you. When I googled it, I thought the term “Beast or Buddha” had something to do with an almost forgotten, ancient Indian tantric quasi-religious ritual involving oiled goats and buddha? Perhaps not.

    Quite possibly, I’m on the wrong site ?
    ;)

  8. D2 Says:
    June 27th, 2009 at 12:34 pm

    Don’t mean to cloud anyones judgement lead times for Eli Lilly and I’ve been bitten by this recently too in #infosec role.

    As for #goats and #secretspooningbuddha .. well.. back to copyright here Lessig @TED

  9. Drazen Drazic Says:
    June 27th, 2009 at 3:29 pm

    Thanks for the link to the Ted talk D2. I haven’t seen that one before. Highly recommended viewing I would say.

Leave a Reply