Existing laws and regulations could do the job – if they were enforced

Over the past ten years, spam has grown from a minor annoyance to a global concern, threatening the reliability of electronic communication and the adoption of electronic commerce. Despite developing anti-spam technological tools, promoting greater consumer awareness, and the introduction of anti-spam legislation in many countries, the spam problem continues unabated.

The United States, European Union, South Korea, Australia, and Japan have taken legislative steps to combat spam. Their statutes feature a wide range of anti-spam measures including labeling requirements (such as “ADV” tags in the subject lines of e-mails), prohibitions on deceptive practices such as false header information, bans on e-mail address harvesting, the creation of do-not-spam lists, penalties for commissioning spam, and immunity for Internet service providers that take good faith steps to stop spamming organizations.

The most contentious anti-spam provisions have revolved around whether to force consumers to ask to be removed from receiving commercial marketing (an “opt-out” approach) or to compel businesses to obtain consumers’ positive consent before sending commercial marketing (an “opt-in” approach). While the United States has adopted for an opt-out approach, the European Union has opted for the stricter opt-in framework.

Layered on top of most anti-spam legislation are significant civil and criminal sanctions including sizable fines and possible imprisonment for repeat offenders. The civil penalties found in anti-spam legislation are particularly noteworthy since they frequently provide parties such as ISPs the right to bring private actions to obtain statutory damages.

While Canada has yet to enact anti-spam legislation, it would be a mistake to think that Canadian enforcement agencies are powerless to combat spam. In fact, current Canadian law features similar powers as those found in anti-spam legislation elsewhere. Noteworthy Canadian laws include private sector privacy legislation, deceptive practices legislation administered by the Competition Bureau’s Fair Business Practices Branch, the application of the Criminal Code, and enforcement of section 41 of the Telecommunications Act.

The Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy legislation, could be a powerful legal tools to challenge a Canadian spammer on privacy grounds. PIPEDA covers personally identifiable information, which could include e-mail addresses, where an address can be identified to a specific individual.

Once caught within the PIPEDA framework, the statute could be used to prohibit the collection of personally identifiable e-mail addresses through harvesting techniques, to require opt-in consent in certain circumstances, and to ensure that organizations honour opt-out requests.

Although the Competition Bureau has yet to commence an anti-spam action, the Competition Act clearly empowers it to seek orders against Canadian-based spamming organizations on at least two grounds. First, spamming organizations who use deceptive or false headers, a practice specifically captured by many anti-spam statutes, could be targeted for a reviewable conduct order. Second, the Bureau could also consider the content of some spam such as the ubiquitous Nigerian net scam or offers to sell suspect health products, which might meet the deceptive or materially false claim standard established by the Act.

Canada’s Criminal Code could also be used to commence actions against certain spamming activity. First, section 380 of the Code, which covers fraudulent conduct, could be interpreted to cover spam that contains fraudulent or false content. Second, the Code could also be applied to spamming organizations that access computer servers without permission, as is typically the case when spamming organizations make unauthorized use of e-mail servers to send spam. In fact, the relevant provision could include not only the unauthorized use of e-mail servers, but potentially e-mail harvesting as well.

Canada’s Telecommunications Act, administered by the Canadian Radio-television and Telecommunications Commissioner, features an untested provision that might be used in the battle against spam. It gives the CRTC the right to “prohibit or regulate the use by any person of the telecommunications facilities of a Canadian carrier for the provision of unsolicited telecommunications to the extent that the Commission considers it necessary to prevent undue inconvenience or nuisance, giving due regard to freedom of expression.”

Viewed in combination, the Canadian legal options would allow for enforcement actions against virtually all of the conduct identified by current global anti-spam legislation including the use of deceptive headers, failure to honour opt-out requests, limitations on e-mail address harvesting and sales, and the unauthorized use of computing equipment to send spam.

As illustrated by a recent Yahoo! lawsuit against a Canadian-based spamming organization, as well as a UK study that reported that Canada is the world’s second largest source of spam, the true challenge of anti-spam enforcement does not revolve around finding the spammers nor does it require additional laws. Rather, sufficient resources are needed such that enforcement actions generate genuine deterrence to stop the spamming activities perpetrated by the worst offenders.

A Canadian anti-spam strategy must look to the Office of the Privacy Commissioner of Canada, the Competition Bureau’s Fair Business Practices Branch, the Ministry of Justice, and the CRTC, the government departments responsible for administering the laws that could be applied to spam, to proactively enforce those laws consistent with their statutory mandates.

Moreover, the Internet community must reconcile itself with the reality that private sector leadership has failed to stem the spam tide. Serious spam enforcement requires law enforcement to assume the lead role. While the private sector remains an essential part of any anti-spam initiative through private sector suits, investigative assistance, implementation of technological innovations, as well as business and consumer education, it must be government that leads on the enforcement of the current anti-spam legal frameworks.

In the 1987 hit film The Untouchables, federal agent Eliot Ness battled the seemingly untouchable Al Capone during the Prohibition. The movie features a memorable scene in which Jim Malone, a veteran police officer played by Sean Connery, confronts Ness over whether he is serious about taking on the Chicago mobster. Malone challenges Ness by asking “What are you prepared to do?”.

When Ness affirms he is committed to bringing down Capone, Malone leads Ness across the street, where the presence of alcohol is apparently an open secret. As they prepare to enter the building, Malone notes that since everyone knows where the booze is located, the question is whether they are prepared to do something about it.

Although Canada’s battle against spam is not as simple as Hollywood’s portrayal of the battle against Al Capone, the challenge similarly rests not with finding the spamming organizations nor with instituting fundamental legal reforms.

We know the location of leading Canadian-based spamming organizations. The Canadian legal framework features many of the tools needed to launch anti-spam legal actions, despite the absence of specific anti-spam legislation. Rather, the challenge rests with our willingness to enforce the existing laws by engaging in aggressive anti-spam national enforcement as well as cooperating with global anti-spam enforcement initiatives. It is time for Canada to get serious about spam. What are we prepared to do?