The Canadian government's lack of action against spam has been one of the most puzzling policy failures in recent years. While addressing a problem that has grown from a mere nuisance to a costly scourge that raises criminal concerns would seem like a no-brainer, successive Industry Ministers have failed to prioritize the issue. The need for Canadian anti-spam legislation was the unanimous recommendation of the 2005 National Task Force on Spam, which included members from the Internet, marketing, and consumer communities (I was a member of the task force). The final report, which was received with approval from the current Conservative (then Liberal) Minister David Emerson, noted that Canada was quickly becoming one of the only Western countries to neglect the issue and was at risk of developing into a haven for spammers seeking refuge in countries with lax anti-spam regulations.
While a government-backed anti-spam bill is still nowhere to be seen, my weekly technology law column (Toronto Star version, homepage version) focuses on the fact that earlier this month Senator Yoine Goldstein quietly stepped into the policy void by introducing the Anti-Spam Act (ASA). Modeled after widely lauded Australian anti-spam legislation, the ASA is the most comprehensive Canadian anti-spam proposal floated to date and even if it languishes in the Senate (private member's bill rarely become law) it promises to place additional pressure on the government to reveal its own anti-spam plan.
The bill targets spam by creating new form and content requirements for commercial electronic messages as well as establishing prohibitions on common spamming techniques. The content requirements include the need to clearly identify the sender of the message, provide accurate "header" information, avoid misleading subject lines, and include information on how recipients can contact the sender directly. Commercial email senders must also establish a functional unsubscribe facility that enables recipients to easily opt-out of future messages.
The ASA also establishes a broad prohibition against "the sending of a commercial electronic message unless the recipient has consented to receive the message." This provision contains several key exceptions, however, since political parties, charities, not-for-profit businesses, survey companies, educational institutions, and any business with a prior business relationship are all entitled to presume to that they have the necessary consents unless recipients expressly "opt-out."
Senator Goldstein's bill also targets common spamming technologies. It prohibits the use of address-harvesting software that spammers use to gather email addresses, outlaws "dictionary attacks" in which spammers send millions of messages without regard for whether the email addresses are valid, and bans the creation of phishing websites that are used by identity thieves to fraudulently obtain personal information.
While many of these provisions match those found in other jurisdictions, the most noteworthy aspect of the ASA is its tough penalties. First time offenders face a fine of up to $500,000 and any repeat offences could result in fines of up $1.5 million. Moreover, the bill includes possible prison terms of up to five years for violating the core anti-spam provisions and grants the private sector the right to seek injunctions to block further spamming activity.
Unlike some prior bills that sought to hold Internet service providers responsible for the spam on their networks, the ASA creates incentives for ISPs to cut off spamming activity by granting ISPs the right to cancel the service of known spammers without fear of liability. The ASA has reached second reading in the Senate and now awaits the prospect of committee hearings. Even if it goes no further, the bill marks an important step forward in the fight against spam after years of disappointing inaction.