Matt Burnell (Spence, Australian Labor Party) Share this | Hansard source

I rise today to speak in support of the Telecommunications Amendment (SMS Sender ID Register) Bill 2024. The humble text message—the SMS, or short message service—was developed long before the wide proliferation of mobile phones in pockets or, as was more likely the case decades ago, in the cars of the majority of Australians. Despite this, the SMS message has remained part of the core functions of mobile services to this very day, surviving well into the age of the smartphone, an age where our lives are all increasingly intertwined with digital communication. In this current age, the trusty text message, unfortunately, may not be as trustworthy as some may believe it to be. Any medium of technology that connects people together opens up the possibility of bad actors exploiting it for the purposes of anything from identity theft to financial fraud, through any number of scams, ranging in levels of sophistication. Many have, it seems, placed a little too much trust in this means of communication, with the cost of that trust being expensive for many Australians and indeed people throughout the world.

The Albanese Labor government is committed to enacting measures to protect Australians from all walks of life, across all domains, with one of those domains now being that small screen we all carry around with us every waking moment. The SMS Sender ID Register is a practical and crucial step to protect Australians from the escalating threat of SMS scams. This bill is not an isolated measure but part of a broader strategy by the Albanese Labor government to enhance digital security across the nation. It complements other initiatives such as the recent enhancements to cybersecurity frameworks, efforts to improve data privacy and the recent establishment of the National Anti-Scam Centre by our government.

This is because our government knows, just like many of Australia's largest companies and telecommunications providers, that the cost to Australians falling victim to these scammers aren't purely economic in nature. Many of these victims—particularly those who are older Australians or those with a culturally and linguistically diverse background, for example—would also suffer further cost by way of loss in their level of trust and faith when using technology and digital communications, whether that be to stay connected with their families and peers, to stay engaged with their community and the outside world or to engage with business and government agencies. Many feel helpless with using newer forms of technology to begin with, and, when they realise they have been scammed, when it is already too late, many feel too ashamed to contact authorities or to speak with their families about what happened.

This is another reason why, when we hear statistics and figures relating to scams perpetrated against Australians, the volume of economic costs caused are, to a degree, always going to be understated. Many, conceding defeat or still in a state of confusion and bewilderment over what happened, would not easily speak up about what has happened to them and are known to be a victim only to themselves and the malicious individuals who preyed upon them. They suffer in silence, sometimes tens to hundreds of thousands of dollars worse off, showing a public face of strength to friends and families and going without to keep up the appearance of things being business as usual.

These things can start with something that would appear, to the untrained eye, to be quite innocent. Most Australians aren't targeted by these kinds of scams in a direct way. This is happening at a grand scale. Text messaging scams can appear simplistic. To many of us, they are an occasional nuisance, but they have grown to become significantly more sophisticated. Scammers have adapted their tactics, using methods such as number spoofing to impersonate legitimate businesses and deceive unsuspecting Australians.

I was going through some blocked messages the other night, and it was quite easy to find numbers that looked quite plausible and perhaps—to one in every thousand or so individuals who receive the message—legitimate. First there was one starting off with 'CommBank Security: Your account has a suspicious transaction.' Next there was 'AusPost: There is an issue with your parcel.' Then there was one that wasn't about a delivery or banking: 'You are about to miss a deadline on your toll payment. You can fix this here.' All of them were followed with a shortened link that could lead to anything from malicious spyware attempting to install on my device or being sent through to a website relatively similar to that of who they claim to be.

I don't bank with CommBank, I very rarely have parcels delivered to my home, and in South Australia we don't have any tollways, but, if others were subjected to these scam messages, it would be easy to fall for them. Further, I had a message the other day on my personal device from someone claiming to be my daughter: 'Hi Dad. I dropped my phone. Can you text me your number?' Well, how did you get my number to be able to text me a message like that? It's easy for us to have a lapse in judgement and hit that link or send that message and confirm the connection. Links go to a website asking me to log in, and I could potentially end up entering personal information and financial details that could lead to my identity being stolen or my bank account being drained. Only after seeing my account emptied would I then realise that maybe the error message that had popped up, advising me to transfer funds through to a secure account, wasn't that secure and maybe wasn't that real to begin with. But, by that time, the money is long gone, the trail is relatively cold. Often, the humiliating process of coming to terms with what happened runs parallel to an individual reaching out to agencies, insurers and banks, trying to make it right again and pick up the pieces. Many people lose their rainy day money or even their life savings—everything. Sometimes it's lost just to a digital portal rather than to any slick social engineering to close the deal on an unsuspecting mark.

If I had clicked on the link, who knows what would have happened, but, in the wake of such an experience, I assume that most, if not all, text messages popping up on my phone are fraudulent. Many end up significantly disconnected from societal participation as a result, whether it be something as innocuous as a friend or family member sending you a text—how can you be sure? The scammer said they were from the bank; the message said it at the top of the message, after all.

Many services that we use every day also use text messages to communicate with us. It could be a doctor's surgery reminding me of an upcoming appointment, and they want me to confirm my time with them. It could be a company or even a government agency sending me an SMS with a code as part of a two-factor authentication, which is, after all, the way we sign into our Parliamentary Expenses Management System. But how can I be sure that the code I'm getting from the Department of Finance is really from them? This is why there is a need for measures to address ways of combating the prevalence of this type of scam. Hopefully the process that led to the introduction of the Telecommunications Amendment (SMS Sender ID Register) Bill 2024 acts as an example of how adopting a collaborative approach, whereby industry, government, regulatory agencies and law enforcement work together, can restore public trust within society as well as in the common text message.

I mentioned the National Anti-Scam Centre earlier. It provided me, through their website, with a very sobering picture of the state of play with scams in Australia. Across the 2023-24 financial year alone, Australians reported the loss of over $326 million to scams, with, roughly, 288,000 reports. SMS scams in that time cost Australians $18 million. Although the percentage of the financial loss wasn't as high as other methods that scammers can utilise, SMS scams did comprise 36 per cent of total reported incidents during that financial year, with the three biggest methods of attack being investment scams, phishing scams and romance scams. Close to 51 per cent of all reported SMS scams losses were incurred by individuals that were 55 years or older. Doing nothing or merely having educational or awareness campaigns is the sole method of combatting these incidents, although I am—and I'm sure a number of my constituents who have received one from my office are—grateful to have a copy of the Little Black Book of Scams that is published by the ACCC. Having this level of awareness in the community about scams is important, but having a mechanism that will prevent and deter SMS scams backed by telcos, large institutional companies and government is something that was called for, and, thus, the journey to the establishment of the SMS sender ID registry began in earnest.

The SMS sender ID registry will require businesses to register their sender IDs with the Australian Communications and Media Authority—ACMA. This process will create a safeguard against fraudsters who attempt to impersonate legitimate entities. Businesses will submit their sender IDs and associated details to a centralised database held by ACMA, ensuring these IDs are protected from unauthorised use. Think of the SMS sender ID register as a digital shield—fortified, resilient and ever vigilant—protecting Australians from the king tide of fraudulent messages. This shield must be both flexible and scalable, capable of adapting to future technological advancements, while handling a large volume of sender IDs.

ACMA's role in the process is critical. The authority will verify and authenticate sender IDs by cross-referencing businesses' details with existing records to ensure legitimacy. The system will employ technical safeguards to prevent duplication or misuse of registered IDs, maintaining the integrity of this registry. This, alongside the continuous monitoring of SMS traffic, will allow ACMA to detect violations and to respond to violations, including by issuing fines and suspending sender ID privileges when necessary.

The development and implementation of this bill has been supported by key stakeholders across various sectors. Major telecommunications providers such as Optus and TPG recognise the necessity of a mandatory SMS sender ID register. These companies understand that maintaining consumer trust is crucial, and they are committed to supporting measures to enhance this trust.

The financial sector has also been a strong advocate for this legislation. Banks and financial institutions are on the front line of the battle against scams, witnessing firsthand the devastating impact these scams can have on their customers. Institutions such as Bendigo Bank, Adelaide Bank and NAB have stressed the importance of a centralised, enforceable system to combat these sophisticated scams. Their backing, along with that of the telecommunications companies, greatly improves the SMS Sender ID Register's potential to protect customers and preserve the integrity of the financial system.

Quotes from industry leaders reflect the widespread support for this initiative. As one industry leader put it, 'The SMS Sender ID Register is a crucial step forward in protecting our customers from the sophisticated scams that threaten their financial security every day. We fully support this initiative and look forward to working with the government to ensure its success.' Such endorsements highlight the importance of this legislation and the collaborative effort required to make it effective.

Small businesses, often disproportionately affected by scams due to limited resources, will also benefit significantly from this legislation. The strength of this bill lies in its collaborative development. By engaging with a wide range of stakeholders, we have crafted a framework that addresses the immediate threat posed by SMS scams, while considering the needs and concerns of all affected parties.

The feedback received from stakeholders highlighted the importance of a mandatory register as opposed to a voluntary one. A mandatory register ensures that all SMS service providers participate in the system, creating a comprehensive and effective safeguard against scams. Stakeholders also emphasised the need for robust verification processes to prevent misuse of the register, and the bill reflects these recommendations by incorporating stringent identity checks for all registrants.

This bill is a definite step in the right direction, from the collaborative nature of combating fraudulent activities through to finding the best mechanism. Given where we are today, this proposed SMS Sender ID Register was considered the best fit to do so. It should act as a litmus test for solutions to combating the many other nefarious mediums that individuals attempt to use in order to defraud everyday Australians. As scammers and other fraudulent and malicious actors out there—both at home and abroad—adapt and get smarter and more sophisticated in the manner and methodology of how they prey upon ordinary Australians, then so too must we.

This is why the Telecommunications Amendment (SMS Sender ID Register) Bill 2024 represents a vital step forward in safeguarding Australians from the ever-growing threat of SMS scams. By establishing this register, we are closing the door on scammers who seek to exploit our telecommunications networks. Together—government, industry, law enforcement and every Australian—we can build a safer, more secure digital future.

I commend this bill to the House. As an aside, to all members who haven't picked up a copy of the ACCC's Little Black Book of Scams, I highly recommend you do so. It is a great tool that many of our constituents would thank us for making available to them at our offices. I thank the House.

See this speech in context