ASIC repeatedly delays S.313 FoI responses

8

asic

news The Australian Securities and Investments Commission has on multiple occasions over the past month, involving multiple parties, delayed responding to Freedom of Information requests seeking documents relating to its controversial decision to start unilaterally blocking websites it suspects of fraudulent activity.

Last month the Federal Government confirmed its financial regulator had started requiring Australian Internet service providers to block websites suspected of providing fraudulent financial opportunities, in a move which appears to also open the door for other government agencies to unilaterally block sites they deem questionable in their own portfolios.

The move is based on the use of Section 313 of the Telecommunications Act, which allows government agencies to ask ISPs for reasonable assistance in upholding the law, a mechanism which is also being used for the Government’s limited Interpol-based filter to block child abuse material. However, there appears to be no public oversight of the process, no appeals mechanism, and no transparency to the public or interaction with the formal justice system. A move by the Australian Securities and Investments Commission in April to block several sites suspected of providing fraudulent investment information has resulted in the inadvertent blockage of some 1,200 other innocent sites.

The move was immediately greeted with alarm by a number of political groups and digital rights lobby organisations, who expressed concern that ASIC’s move could herald the covert return of the Federal Government’s previous mandatory Internet filtering scheme, which the Government abandoned in November last year. Commentators immediately called upon the Government to reveal how widespread the practice is.

Since that time, ASIC has admitted to another incident in which it inadvertently blocked some 250,000 websites, and another un-named agency within the Attorney-General’s portfolio, suspected of being ASIO, has been revealed to also be using the Section 313 power on “National Security” grounds.

In the wake of the ASIC revelations, several parties filed Freedom of Information requests with ASIC seeking to ascertain more details of its blocking practice. The Pirate Party Australia immediately filed a Freedom of Information request with the Australian Securities and Investments Commission, seeking documents relating to the blocking of, filtering of, or interference with the IP address blocked by the agency in March and April, in addition to any other website.

Delimiter has also filed Freedom of Information requests with major departments and agencies seeking the full text of any Section 313 notices issued in calendar years 2011, 2012 or 2013 that sought to have Internet addresses of any kind blocked. The FOI requests have been issued to ASIC, the Department of Defence, the Australian Taxation Office, the Australian Customs and Border Protection Service, the Department of Health and Ageing, the Department of Immigration and Citizenship, and the Department of Human Services.

However, in a post on his blog last week, Pirate Party Australia secretary and lead candidate for the Senate on the NSW Ballot in the upcoming Federal Election, Brendan Molloy noted that ASIC had delayed its response several times to the party’s FOI request.

“Oh ASIC, it just keeps getting worse for you,” Molloy wrote. “Not content with accidentally blocking up to 250,000 websites and laughing it off as if of no consequence, it is now entirely evident that they aren’t capable of even keeping records of their mass-blocking escapades.”

Molloy noted that ASIC was initially obligated to respond to his FOI request by 17 June. However, he subsequently received a letter from the regulator requesting an extension to 20 June. Subsequently, ASIC also missed that deadline, successfully requesting a time extension from the Office of the Australian Information Commissioner to 28 June.

“Now, I’m rightfully pissed off now,” wrote Molloy. “This is a completely straightforward request and leaves only two options: They have blocked relatively few sites but are having trouble finding out just how many due to no actual proper record-keeping on this issue; or They have blocked so much that just determining if the documents can be released at all is time burdensome.”

ASIC has also delayed its response to Delimiter’s FOI requests. On 14 June the regulator wrote to Delimiter on 14 June requesting an extension of two days past the initial due date of 18 June, to take its response to 20 June. Subsequently, on 21 June, ASIC wrote again to Delimiter noting that it had requested a further time extension from the Office of the Australian Information Commissioner until 28 June.

Typically agencies request time extensions to respond to FOI requests when there are complications in the evaluation of the documents concerned. For example, the FoI legislation allows department and agencies to request consultation with external parties which may be affected by FoI disclosures, or to redact certain portions of documents which the agency has deemed may not be released to the public for a variety of reasons.

ASIC has shown little remorse in its blocking efforts, despite heavy criticism from a variety of different areas of the Australian community. Earlier this month, its chairman Greg Medcraft said: “We don’t apologise for blocking the sites of criminal fraudsters, and we will continue to take action to prevent scammers ripping off Australians. We have seen first-hand the devastating consequences these scams have on Australian investors and their families. ASIC is all about ensuring investors can be confident and informed and this means cracking down on fraud when we see it.”

However, Communications Minister Stephen Conroy has reportedly requested that Federal Government departments and agencies coordinate with his department regarding use the controversial Section 313 power, with a view to providing centralised transparency of the blocking mechanism.

opinion/analysis
ASIC’s delays here are hardly surprising; in my several years’ experience in filing FoI requests, it is very rare that they arrive back on time, and I have never seen the Office of the Australian Information Commissioner not grant an extension. In this case, I’m sure ASIC is doing its darndest to work out which provisions of the FoI Act it can use to redact as much as possible from the Section 313 notices it has been using.

Personally, I suspect that when we do get ASIC’s Section 313 notices back, they will be heavily redacted, as the Section 313 notices we’ve previously obtained from the Australian Federal Police have been. Names and contact details will be blacked out, the lists of websites which the regulator wants to block will be blacked out, and possibly other details.

However, I still think we will learn a great deal from these documents. ASIC has been demonstrably technically inept in its use of Section 313 notices, inadvertently knocking hundreds of thousands of innocent websites offline in its attempt to take down a few fraudulent sites. I suspect that we’ll see just how technically inept the regulator is through the text of these notices.

It will also be interesting to see if we get more details on which telcos, precisely, ASIC issued these notices to. My sources in telco-land have been very puzzled with ASIC’s actions in this regard. Apparently the regulator either took the approach of issuing the Section 313 notices only to a couple of major telcos, leaving others off its list, or it went very deep, aiming to get telcos such as Telstra with underlying network infrastructure to block the sites, in a way which could have affected other telcos higher up the network stack. It’ll be interesting to see precisely how ASIC went about this; this will reveal quite a lot about not only how technically competent the regulator’s actions were, but the extent to which Australia’s retail ISPs are able to control website access if their upstream providers are implementing Section 313 blocks. I’d like to have used more technical terms in this paragraph to explain what I am talking about, but I am worried that I’d just starkly illustrate my own technical imcompetence ;)

Image credit: Screencap of ASIC officials at a Senate Estimates hearing this week.

8 COMMENTS

  1. Slight error: “On 14 June the regulator wrote to Delimiter on 14 June”

    Thanks for reporting on this one, ABC don’t seem interested at all :(

  2. > I’m sure ASIC is doing its darndest to work out which provisions of the FoI Act it can use to redact as much as possible from the Section 313 notices it has been using.

    Or as they said to Brendan to explain what section of the FoI Act they were referring to when they applied for another extension “I am not at liberty to provide you with this information.”

  3. If the blockage is being done by requests to ISP then surely the people doing the blocking realise they are blocking far more than they should? Sounds like they have been accidentally blocking Class B address pools.

    Unless the ISPs are dumbly blocking what’s requested or deliberately doing this to draw attention?

    • I believe most people would ‘just do their job’ and at most report to someone that it will also effect other websites. You don’t want to be seen to go against the government, you could be jailed! :)

      • Or – gasp! – never work for the government again.

        It seems that our secret censors want to keep secret what they are censoring as well as who might be doing it.

        Wonder why they seem to think they should be able to get away with that?

  4. What is it with the word “redact”, surely the proper word should be “censored”; or is that poor PC.

  5. Hmm, I think the ASIC have it wrong, unless they’re woefully inept – in order for them to see ‘first hand’ the damage done by financial Internet fraud, they would have needed to be on the receiving end of the scam – I that is, the victim. As a regulator their experience is necessarily second hand…

Comments are closed.