Like what you've read?

On Line Opinion is the only Australian site where you get all sides of the story. We don't
charge, but we need your support. Here�s how you can help.

  • Advertise

    We have a monthly audience of 70,000 and advertising packages from $200 a month.

  • Volunteer

    We always need commissioning editors and sub-editors.

  • Contribute

    Got something to say? Submit an essay.

 The National Forum   Donate   Your Account   On Line Opinion   Forum   Blogs   Polling   About   
On Line Opinion logo ON LINE OPINION - Australia's e-journal of social and political debate


On Line Opinion is a not-for-profit publication and relies on the generosity of its sponsors, editors and contributors. If you would like to help, contact us.


RSS 2.0

The limits of freedom

By George Williams - posted Monday, 18 August 2008

Two events this week raise big questions about our privacy. The first was the mistake by Ticketek of sending an advertising email to its customers along with several thousand private email addresses. The second was the release of a mammoth 2,700-page report on privacy by the Australian Law Reform Commission.

Ticketek's error shows how hard privacy is to protect and to police. A simple human error meant that thousands of people had their email address put into the public domain. This provided a rich harvest for spammers and other abusers of the Internet. More ominously, organised crime groups might bundle the email details with contextual information such as bogus requests from Ticketek to lure people into revealing even more about themselves.

Internet crime syndicates have become increasingly sophisticated. They have moved on from spamming millions of addresses with Nigerian and other scams in the hope that a few people take the bait. They now tailor rogue emails with information relevant to the target, even so that an email appears to come from inside a person's organisation.


With a University of New South Wales email address, I routinely receive emails that appear to come from our own IT service desk. These ask for private information such as my employee number or request that I click on a link that will infect my computer and even allow the attacker to gain control (thereby rendering my computer a ''zombie'', to use the technical term).

Ticketek says that its mistake covers less than 0.01 per cent of its database, but I would certainly be concerned if I was one of those affected. This loss of privacy could have serious consequences unless the person is aware of what has happened and is vigilant about follow-up emails or other invitations.

Despite this, there is no likely prospect of a remedy against Ticketek. Australia's 1998 Privacy Act is a lengthy, complex piece of law that is unfortunately distinguished by the fact that many regard it as a ''toothless tiger''.

The law does not even require a company to notify its customers if their most private details have inadvertently been made public.

The report by the Australian Law Reform Commission has 295 recommendations on how to fix the Privacy Act. One is that any organisation which collects our data and then breaches our privacy must notify us of the fact. It makes sense that notification not be required where the breach is trivial, but be mandatory where serious harm may result.

In the case of Ticketek, some people will be aware of the mistake due to media reporting or because they have seen their email address revealed along with thousands of others. Others will be oblivious and thereby susceptible to follow-up contact by harmful operators.


The Privacy Act is riddled with exemptions, including for businesses with a turnover of less than $3 million. The Commission recommends that privacy law extend to all companies. Indeed it should. A person's privacy should be protected irrespective of the size of the business. Both small and large businesses should have a responsibility to protect the personal details of their customers.

In a move sure to annoy its political masters, the commission recommends that political parties no longer be exempted from the law. Parties compile large databases containing a wealth of information about voters, including their contact details, local concerns and political preferences. While this certainly helps with campaigning, there is too large a scope for information to be misused. Just because politics is involved should not mean that privacy concerns can be ignored. The exemption should be rejected for what it is: politicians looking after their own interests.

Many of the recommendations represent commonsense change and reveal the poor state of the current law on privacy. A good example is the proposal to prohibit telephone companies charging a fee for people have an unlisted number. People should be able to take their phone number out of circulation, and beyond the reach of telemarketers, without having to pay for the privilege. Access to such a service should not be limited to those people who can afford the fee.

  1. Pages:
  2. Page 1
  3. 2
  4. All

First published in the Canberra Times on August 16, 2008.

Discuss in our Forums

See what other readers are saying about this article!

Click here to read & post comments.

15 posts so far.

Share this:
reddit this reddit thisbookmark with Del.icio.usdigg thisseed newsvineSeed NewsvineStumbleUpon StumbleUponsubmit to propellerkwoff it

About the Author

George Williams is the Anthony Mason Professor of law and Foundation Director of the Gilbert + Tobin Centre of Public Law at the University of New South Wales.

Other articles by this Author

All articles by George Williams

Creative Commons LicenseThis work is licensed under a Creative Commons License.

Photo of George Williams
Article Tools
Comment 15 comments
Print Printable version
Subscribe Subscribe
Email Email a friend

About Us Search Discuss Feedback Legals Privacy