Lost amidst the high drama on Parliament Hill last week was the release of Stopping Spam, the National Task Force on Spam’s final report. Established in May 2004 by the Minister of Industry, the Task Force was comprised of Internet service providers (ISPs), marketers, consumer groups, and academic experts (I was a member of the Task Force and served as co-chair of its Law and Enforcement Working Group).
The Task Force provided Industry Minister David Emerson with a 60-page report featuring 22 recommendations, including a call for a new spam-specific law and a central co-ordinating body to improve enforcement. Its work was guided by three key principles: (i) that no country can single handedly eliminate spam but that each must do its part to curtail the spam that originates from within its borders; (ii) that any spam solution must include effective laws, technological solutions, as well as better business and consumer practices; and (iii)) that new laws should only be pursued if the current Canadian legal framework is ineffective.
The magnitude of the Canadian spam problem quickly became apparent. We heard from ISPs burdened by enormous costs trying to block billions of spam messages each day, from marketers discouraged that the promise of email as an effective marketing channel was rapidly eroding, and from individual Canadians struggling under a daily deluge of junk email. Moreover, we learned that Canada is a leading source of spam, typically ranked among the top six sources worldwide. Given that situation, all agreed that Canada must take steps to clean up its own spam problem, while working with other countries on international solutions.
Technological and business solutions will clearly play critical roles in combating spam. Working with the Task Force, the ISP community developed a series of best practices that I believe should be considered mandatory by Canadian ISPs since they provide a framework for dramatically reducing the amount of spam that leaves their networks. Similarly, individual Canadians should take note of the costs of responding to spam messages and be guided by the maxim found in a Task Force education campaign of “don’t try, don’t buy, and don’t reply.”
Alongside technological and business solutions, Canada also needs an effective anti-spam legal framework. With national privacy legislation, the Competition Act, and the Criminal Code, many of the provisions contained in other countries’ anti-spam statutes are admittedly already part of Canadian law. The challenge was therefore to test the effectiveness of current Canadian law in order to identify any gaps or shortcomings.
Together with officials from the Competition Bureau, the Privacy Commissioner of Canada, and law enforcement, the Task Force targeted the provisions that might be used to launch cases against Canadian spamming activity. The Competition Bureau completed its case in December, demonstrating that the law could be used to counter spam containing false claims. That same month, the Privacy Commissioner released her first spam decision, responding with a well-founded finding to a complaint that I launched against the Canadian Football League’s Ottawa Renegades. Despite many meetings, the law enforcement initiatives languished, however, leading to a Task Force conclusion that little progress was made due to a lack of prioritization and jurisdiction questions.
The test cases demonstrated that while existing laws address specific aspects of spam, they are not sufficient to achieve the overall goal of deterring spammers in Canada. The report therefore recommends legislative and enforcement changes to remedy the problem.
From a legislative perspective, we recommend that the federal government enact a spam-specific law. That law should establish an opt-in regime by making failure to obtain appropriate consents before sending commercial email an offence. Such an approach would distinguish the Canadian law from its U.S. counterpart, which contains only an opt-out requirement. Moreover, an opt-in system in a spam specific law will take the pressure off the current national privacy statute, which is ill-equipped to deal with serious spam issues since it does not provide the Privacy Commissioner with the ability to levy tough penalties or exercise order making powers.
The task force identified additional gaps in the current statutory framework. New provisions are needed to address issues such as false or misleading headers, dictionary attacks, and the harvesting of email addresses. Underlying all of these provisions would be tough penalties, modeled after the Australian system. Backed by a statute that features potential multi-million dollar penalties, Australia has enjoyed some success in ridding itself of local spammers.
In order to engage the private sector in the legal fight against spam, the Task Force is also calling for the establishment of a private right of action that could facilitate lawsuits against spammers. This would make it far easier for all Canadians, particularly ISPs, to use national law for spam suits, rather than relying on U.S. law, as has been the recent practice.
While a better legislative framework is essential, a more proactive enforcement system is also needed. The Task Force recommends creating a central co-ordinating body to foster greater collaboration between enforcement agencies and to provide oversight to ensure that anti-spam actions receive appropriate resources and prioritization. The central co-ordinating body would also keep private sector parties accountable by issuing regular public reports and would assist the public by establishing education programs and a central complaints mechanism.
The Task Force report provides a roadmap to creating a spam-specific statute and enforcement framework that would be far more robust than our current system. Implementing new legislation may be difficult in the current political environment, but given the rising costs associated with spam, failure to act is not an option.