The Copyright Lobby’s Secret Pressure On the Anti-Spam Bill

As I posted earlier today, the Electronic Commerce Protection Act comes to a conclusion in committee on Monday as MPs conduct their "clause by clause" review.  While I have previously written about the lobbying pressure to water down the legislation (aided and abetted by the Liberal and Bloc MPs on the committee) and the CMA's recent effort to create a huge loophole, I have not focused on a key source of the pressure.  Incredibly, it has been the copyright lobby – particularly the software and music industries – that has been engaged in a full court press to make significant changes to the bill.

The copyright lobby's interest in the bill has been simmering since its introduction, with lobbyists attending the committee hearings and working with Liberal and Bloc MPs to secure changes.  The two core concerns arise from fears that the bill could prevent surreptitious use of DRM and block enforcement initiatives that might involve accessing users' personal computers without their permission.

The DRM concern arises from a requirement in the bill to obtain consent before installing software programs on users' computers. This anti-spyware provision applies broadly, setting an appropriate standard of protection for computer users.  Yet the copyright lobby fears it could inhibit installation of DRM-type software without full knowledge and consent.  Sources say that the Liberals have introduced a motion that would take these practices outside of the bill.  In its place, they would define computer program as, among other things, "a program that has as its primary function…inducing a user to install software by intentionally misrepresenting that installing that software is necessary to safeguard security or privacy or to open or play content of a computer program." This sets such a high bar – primary function, intentional mispresentation – that music and software industry can plausibly argue that surreptitious DRM installations fall outside of C-27. 

Even more troubling are proposed changes that would allow copyright owners to secretly access information on users' computers. 

PIPEDA currently features a series of exceptions to the standard requirements for obtaining consent for the collection of personal information (found in Section 7). Bill C-27 includes a provision that bars those exceptions in cases involving computer harvesting of email addresses and the "collection of personal information through any means of telecommunication, if the collection is made by accessing a computer system or causing a computer system to be accessed without authorization."  In other words, email harvesting and spyware would not be permitted and would not qualify for the PIPEDA exceptions found in Section 7. 

The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means.  The Section 7(1)(b) exception in PIPEDA currently  states that collecting personal information without consent or knowledge of the individual is permitted if it is reasonable to expect that the collection "would compromise the availability or accuracy of the information" and the collection is "related to investigating a breach of an agreement or a contravention of the laws of Canada." 

One can well imagine how this exception could be used for investigations targeting the violation of a user agreement or alleged copyright infringement.  With the changes in C-27, the exception would no longer apply to harvesting email addresses or to accessing personal information on computers without authorization.  For the copyright lobby, this would block investigations that involve capturing user information on computers without knowledge or consent.  In response, sources advise that the Liberals have tabled a motion that would exclude Section 7(1)(b) from C-27 – effectively restoring the exception in these circumstances.

On top of these provisions, sources say the Liberals have also tabled motions to extend the exemptions for telecom providers. The bill currently includes an exemption for telecom providers where they act as intermediaries in the transmission of a spam message (Section 6(6) of the bill).  This obviously makes sense as telecom providers should not be treated as the message sender when they are merely the messenger.  Yet there is a proposed motion that would also create an exception for telecom providers to the requirement to obtain express consent before users install programs on their computers.  It states that the section does not apply to telecom providers providing a telecom service, which is defined to include:

"providing computer security, user account management, routing and transmission of messages, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, and detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software, including scanning for and removing computer programs"

These proposed changes are simply outrageous and it is disappointing that the Liberals have brought forward motions on behalf of the lobby in this manner.  With the hearing on Monday, it is critical for Canadians to speak out – yet again – to ensure that C-27 does not leave the door open to private surreptitious surveillance.  Write to Industry Minister Tony Clement, your MP, or the members of the Industry Committee today asking them to reject these changes.  The members of the committee include:


  1. I’m not sure that proposed change is so outrageous when it’s word-for-word an exception found in the California anti-spyware law:

    Similar exceptions are found in many many other anti-spyware laws.

  2. | Similar exceptions are found in many many other anti-spyware laws.

    If your friends jumped off a cliff, would you do it too?
    I’m somewhat surprised that the Liberals are the ones pushing forward these amendments. Perhaps in their desperation to reclaim relevance in parliament, lobbyist dollars are more appealing than maintaining their moral integrity.

  3. Laurel L. Russwurm says:

    you’re kidding, right?
    An exception found in Arnold’s state we should let fly here? Nyah!

    I don’t think so.

  4. I guess a country starting off life as an abandoned colony owned by a department store means the corporatists have a lot of influence in the government, but this is yet another example of Canada adopting a flawed American policy.
    The Liberals sold out to the entertainment industry back when they were still in power, and the Conservatives have quickly followed suit.

  5. Ryan said: “Perhaps in their desperation to reclaim relevance in parliament, lobbyist dollars are more appealing than maintaining their moral integrity.”

    Puullleezzee – a politician maintaining their moral integrity? Since when does a politician even HAVE moral integrity? That was checked at the door when they joined the Party.

    To my thinking, they’re saying it’s ok to install virusus, spyware (i.e. malware) without your consent.

    Good one, Iggy!!

    I thought this man was supposed to be intelligent.

    Like the recent joke going around said, “Walking Eagle”.

  6. It’s awful that this string of bad laws continues
    To me, the fact that laws like this are proposed seems like another example of just how badly broken our intellectual property (IP) systems are, and how badly skewed they are towards protecting the rights of IP owners rather than the public at large. We would be a lot better off if patents were granted more selectively, if licensing of them was mandatory, if copyright was less well defended and expired sooner, and if fair use rights were more effectively legally enshrined. Here’s hoping ‘pirate parties’ continue to proliferate, pushing back the IP laws that have become so unfairly weighted towards those who own the content.

    After all, it needs to be remembered that there is nothing libertarian or natural about IP protection. Rather, content owners are having their property claims enforced by the mechanisms of the state. The justification for this is supposed to be that doing so serves the public interest; if that is no longer the case, the laws ought to be watered down or scrapped.

  7. Did you write your MP
    I wrote mine. This is crap.

  8. Amazed and Disappointed says:

    Its unbelievable how brutally relentless, and unforunately effective, the copyright lobby has become.

    They are on a trajectory to be as effective as the military industrial lobby.

    Politicians are helpless against such an onslaught.

    All I can say is THANK YOU Micheal Geist for your consistent and effective efforts.

  9. Pandora’s Box
    Years ago, I used to participate in the anti-spam non-community. I was even invited to attend the FTC “Forum on Spam” in 2001 as a speaker.

    Back then, US Senator Murkowski had proposed legislation that enforced “Opt-Out” as opposed to “Opt-in”. The US DMA was all over that legislation – it was exactly what they wanted. The “non-community” of anti-spammers at the time had a contingency plan – it was dubbed Project Pandora. I won’t post the full details, but google it – it makes for some interesting reading.

    Should this bill become law, I will personally do a revamp of Project Pandora that is fully compliant with Canadian Law and make it available to any and all that want it. That is my promise to the lawmakers and the canadian DMA.

  10. pat donovan says:

    iggy let a few people collect on this one.

    who got what for c-6?

    protests going out as i speak.

  11. Bastien koert says:

    Is there a charter challenge to this legislation should it take effect? Something along the lines of the American ‘unreasonable search and siezure’ type challenge?

    Also, from a more technical perspective, how long before the AV ( anti virus) manufacturers include this proposed piece of code into their products? Since the code is effectively a Trojan, it shouldn’t be long before it will get automatically caught. Don’t these lobbyists remember the outcry over Sony’s rootkit exploit? This will do more harm to an industry that all ready has it share of black eyes for stupid and greedy attemtps to control consumers of the content.

  12. Windows
    This is one other reason why it’s a bad idea to run Windows, where a lot of software, including many games, forces you to run as an administrator.

    I’m not saying Mac or Linux are perfect security-wise, but it’s much harder for spyware to be installed without your knowledge because neither operating system runs as administrator by default.

  13. i_Luv_Canada says:

    Will it be POSSIBLE and “not-illegal” to access content on my computer without my consent ?
    I did not clearly understand the whole debate so the bigger question is that would it be technically legal to access content on my computer without my consent, it has my financial information on it, my children’s pictures on it, can technically corporations be able to access it and it would NOT-ILLEGAL after this act passes ?

    They may never access it, they may never use it, the information they access from my computer might be protected by some other statutes or laws BUT will they be able to access without my consent legally?

  14. “moral integrity” and “parliament”
    Don’t put “moral integrity” and “parliament” in the same sentence, unless you have a “no” in the same sentence.

  15. Project Pandora
    Didn’t know what Project Pandora was. Just googled it. Nice!

  16. DeuxHirondelles says:

    I’ve done my part
    I have written Mr. Chang about this issue, and the changes proposed by the CMA

    “…The Canadian Marketing Association is lobbying MPs to change an anti-spam bill so that consumers have to opt out of receiving commercial email messages, rather than opting in to get them…” from–email-spam-legislation.html

  17. Concerned Concerned… So basically anything that gives us ordinary people some rights is a concern to the content industry these days.
    I see how it is.

  18. James Gannon says:

    Reply to Professor Geist
    I am a strong supporter of the goals of the Canadian Government with respect to passing the Electronic Commerce Protection Act (ECPA). Malicious elements like spam and spyware are a serious impediment to Canadians’ ability to conduct business online and ought to be addressed through legislation. Amendments have been proposed to the ECPA that would re-tool these provisions so that they are more focused on the ills the Bill is attempting to address: spam and spyware. I believe much of what is written in this post is inaccurate and misleading. I have taken the time today to write a reply article that addresses many of the criticisms Professor Geist has made to these and other necessary changes to the Bill. I would ask that you please take the time to read my reply to his article. It can be found online on the front page of the blog I maintain on intellectual property law:

  19. Bastien koert says:

    Simple to defeat
    This is also really simple to defeat. As Luke mentioned, going to another OS based computer would make it harder to have this software installed. Bit an even simpler solution is to run Linux off of a Live CD via true CD or a thumb drive. This runs a version of Linux that is readonly, so good lick installing anything on that.

  20. Laurel L. Russwurm says:

    Sure it’s simple…
    …if you’re a computer hermit. The OS platform means nothing. If they get the go ahead to do it, it will be programmed to run on all platforms.

    The moment you put a DRM infected disk in your drive, it can be launched. Could be a DVD of the latest movie. Maybe your favorite band’s new CD. Perhaps its a new game, or piece of software. Your computer is safe until you add something new. Until it launches, you won’t know.

    Maybe you decide to not buy any new movies or CDs. Live life to the fullest without ever getting any new software.

    Can you live without email? Say goodbye to the internet, because this amendment allows the telecom providers to not only add spyware, but to also assume the responsibility of “detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software, including scanning for and removing computer programs”.

    So even if you have AVG, they can remove it….

  21. Laurel L. Russwurm says:

    and don’t forget the hardware…
    Because even if you keep your computer pure, when you need a new component, like say a thumb drive to run Linux. Until you put it in you won’t know, and maybe even not then. Microsoft has us all conditioned to assume that things disappearing off our hard drives are just something that happens…

  22. Has anyone EVER seen a law that improved someones life? No, some $500 tax rebate doesn’t count. With each new bill more of our freedom is taking away from us.

    Don’t vote for any big party in the next election.

  23. Andrew – Project Pandora
    Brilliant. I’ll take ten.

    Seems we just keep on slipping down that Orwellian slope, don’t we?

    Keep yourself educated & ahead of the curve when it comes to computer tech/privacy. It’s not as hard as you think. And it’s the only way to guarantee your own privacy – the guv’ment sure as hell won’t do it.

  24. Gannon works for Sookman. Sookman lobbies for CRIA and CMPDA. Just “follow the money”…

  25. Hendrik Boom says:

    Gannon seems to consistently ignore the clause “without authorisation” in the wording. There’s a huge difference between finding my email address which I have publically posted on my web site, and breaking into my computer to obtain it.

  26. Hijacking my computer
    It is that simple. The “copyright lobby” wants to be able to install software on my computer to monitor my usage, or to contract this out. From this, they can see what I am running, use that to develop new products (after all, it is “market research”) that I may be interested in, target me with advertising (or more likely sell this information so others can use it for targeted advertising) via email from outside of Canada. They may even decide to use it as a means to see if I have any “copyrighted” material on my machine. Microsoft themselves did this with the Windows 95 online registration wizard.

    This gets even better. This, of course, gets even better. If I decide to install a package, say a compiler (I am a software developer), and the company gets into a fracas with the publisher of the package, this software would give them the ability to remove legal software from my machine.

    Basically, these exemptions place the computer owner at the mercy of the “copyright lobby”. You own the hardware, but have no say on what you can do with it. This would give the lobby rights to do stuff that even the police don’t have the right to, as well as the ability to be the accuser, judge, jury and executioner if they think that you have something illegal on your machine.

    @Amazed: In Canada the “Military Industrial Lobby” is, over time, about as effective as herding cats. Canada goes through periods where they spend like drunken sailors on the military, and then that falls off for about 20 years. We are currently in one of those periods. A Canadian defence company that is dependent on DND stands a good chance of going bankrupt. Prior to the current spending spree, the last major capital programs were in the late ’80s (CPF) and the mid-90’s (LAV III).

  27. Due Process
    Michael, you wrote: “The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means.”

    We seem to have a distorted view of due process. If a government agency were to spy, people would be howling all over the place. A private organization proposes to spy on you, silence! Private organizations to not have a right to monitor you on the expectation that you might be doing something they do not like.

    Also why are allowing private organizations to “criminalize” what should be a civil dispute? Our concept of capitalism has gone off the deep-end.

  28. Laurel L. Russwurm says:

    Due Process
    @ Steve R.: Unfortunately if this law goes out in this way, our government would actually be gifting private (ergo unaccountable) private organizations to do just that. The monitoring is bad, the fact that they will be allowed to act on it that is truly frightening.

    I’ve put my piece on my blog to try to help spread the word, as well as emailing the committee members. Of the 5 auto responses I got, three of the elected Members of Parliament deleted my message without reading. So I wrote this today:

    I worry about what is happening in my country.

  29. Canadian_Observer says:

    James G, I took the time…..
    I did take the time to read James Gannon’s blog as requested, and while I don’t agree 100% with Michael Geist or yourself, i did want to respond to one of your semi-rhetorical questions in your blog.

    You wrote, “If Canadian businesses were concerned that a law………would have the unintended effect of impeding their right to investigate contraventions of the laws of Canada, how is this not a perfectly valid concern?”.

    Individuals, nor business, have the right to investigate breach of anything IF that investigation involves coming into my house [or computer in this case], searching around, and collecting or taking information [incriminating or not]!! If you have cause to believe I have broken the law [including breach of contract, breach of copyright and/or theft], then your obligation is to report this activity to the proper authorities who will conduct the investigation and search [IF granted a proper warrant].

  30. James Gannon says:


    Thanks for taking the time to get an alternate point of view. I do agree with what you say, 100%. The concern with the Bill, and with the way that particular section is worded, is that the term “accessing a computer” isn’t limited to hacking into a computer, as I think we can both agree was the intent of the section. When I go to a website, I’m accessing the computer server of that website. So if you look at that list of activities I said would not be permitted under this provision towards the end of my article, I mean that merely surfing the web to collect information would be prohibited under this section. The consequence here becomes that individuals, law enforcement agencies and private companies cannot even use publicly available information to enforce their rights or contracts.

    And that’s really the point I was making overall with this Bill. Everyone agrees with the intent. Nobody I’ve spoken to thinks that companies should be allowed to hack into anyone’s computer for any reason. It’s just a matter of getting the wording right so that the law addresses precisely that. I’d like to think that the drafters agree that people and companies should be able to use information publicly available on the web to enforce their rights, but I think largely because of the misinformation regarding that and other provisions extolled by this site, there’s been resistance for even that. That’s my big issue with Prof Geist’s approach here. I believe he knows that if he uses words like “copyright lobby” and “private surreptitious surveillance”, he can get a certain subset of the population up in a frenzy about whatever he wants. Only in this case, it has nothing to do with either and I hope my article has even in part helped to clarify this.

  31. James Gannon says:

    Hendrik Boom:

    Sir, you are correct. I didn’t fully explain every aspect of that provision. I also didn’t fully go through section 78(2) of the ECPA (which also dealt with address harvesting) and the other section 7 exceptions in PIPEDA which they would effect. My article was already getting very long and I simply couldn’t explain every section of the Bill.

    However, if you look at the list of activities I noted would be illegal under s.78(3) of the ECPA, I think in each of those the person who’s information you are collecting would not grant you authorization to collect it. So, for instance, if an online auctioning website were to use some sort of crawling technology to identify instances of auction fraud, the targets of their investigation would likely not authorize this information, which is publicly available on the web, to be used or collected. Similarly, the target of a law enforcement investigation into, for instance, terrorism or child pornography, would probably not authorize his publicly available information to be used for this purpose as well. And if you read my other response above about the issue with the “accessing a computer” language, you can see that this remains of great concern to a large number of people.

  32. just a thought
    do you think there is a possibility that the politicians in positions of power truly just do not have enough knowledge of info tech to make the most intelligent decisions?

    seems that perhaps more ethical info technologists are needed in these decision-making roles…

  33. MountainView says:

    @ Patty: thats why lobbyists are there .. to ‘educate’ the MPs (who don’t know a server based tracking from a local cookie .. but who can blame them, not many people do). Poor suckers are lambs to a slaughter.

    @Gannon: Re: “I believe he [Michael Geist] knows that if he uses words like “copyright lobby” and “private surreptitious surveillance”, he can get a certain subset of the population up in a frenzy about whatever he wants.”

    Please don’t belittle my concerns that private special interest groups are inserting themselves into Canada’s law making process in a way that is contrary to my best interests, as getting “up in a frenzy”.

    As for Micheal Geist’s efforts, if it weren’t for him, I probably wouldn’t have known who was lobbying Canadian MPs on these issues. These private special interest lobbies certainly don’t advertise their efforts. That’s what is misleading! (and it may yet end up getting me up in a frenzy.)

    Geist’s characterizations are far closer to the truth in terms of impact to me, than your “its about getting the wording right”.

    Hello?! If people like Michael Geist didn’t tell others about this faulty wording, then it probably wouldn’t change would it?

  34. Canadian_Observer says:

    James G.
    My concern with the view you have expressed is it sounds like you are limiting your definition of illegal entry into “my house” [computer] to hacking. Ignoring the fact that we are both intending to use the term cracking, I also have a problem with companies who use “call home” software, code and/or DRM. While I agree with your concerns [as you worded in your reply to me], I believe your view swings too far to the other side of the pendulum, allowing anything as long as it is not defined as “hacking”. This “anything” would include DRM, call home etc.

    I believe you did hit the nail on the head when you said, “It’s just a matter of getting the wording right” but that refers to a balance of interests, not just one side.

  35. Canadian_Observer says:

    For the definition of the term “accessing a computer”, there has to be a place between “hacking only” and “anything goes”.

  36. Canadian_Observer says:

    Does everyone’s opinion get to be heard or only those who agree with you?
    JamesG – hope you enjoy healthy debate 🙂

    Per your article, MichaelG comments on peoples’ fear of DRM. Your response, “At no time in the debates over the required fine-tuning to the Bill were DRM technologies brought up in any way. And why should they have been? What does a Bill with the goal of protecting electronic commerce on the Internet have to do with technologies artists and rights owners use to protect their works?”

    Further in your article you raise Canadian business fears “that a law aimed at preventing spammers from using email address harvesting programs would have the unintended effect of impeding their right to investigate contraventions of the laws of Canada, how is this not a perfectly valid concern?”.

    To respond to your questions…

    1. “And why should they have been?”
    Response: SPAM & Spyware – are the two keypoints. Many people consider DRM akin to Spyware. Taking the position of this being true, how are DRM not relevant? the question should have been, “why were DRM not part of the debates?”

    2. “what does a Bill with the goal…..?”
    Response: The Bill is not exclusively intended to “protect the rights owners….”. Although I agree that is an implied goal, your own definition does not even include that as one of the goals at all! ECPA is also to protect end users.
    Your defintion: The intention of the ECPA was “to deter the most dangerous forms of spam, such as identity theft, phishing and spyware, from occurring in Canada” and to “help drive spammers out of Canada.” The Bill also contained provisions intended to combat spyware by prohibiting the installation of computer programs without the consent of the computer’s owner.

    3. “,…how is this not a perfectly a perfectly valid concern?”
    Response: Personally, I feel harvesting programs are not the evil but rather, who/where is the target of those programs which is right or wrong. Having given my half a cent worth, your representation of “canadian business fears” is perfectly valid.

    One thing does concern me with the approach in your article. When you represent “Canadian business fears”, you say, “how is this not a perfectly valid concern?”, but when MichaelG represents “peoples’ fear of DRM”, you respond, “and why should they have been?” [referring to peoples’ fears being discussed]. Are the “fears” of “the people” not also perfectly valid? Or does only one side of these issues deserve to be heard?

  37. Justin Davis says:

    I agree, but I’m not so sure about what you said at the beginning. Where are you getting your information? I’m not disagreeing, but I’m just wondering how you came to that conclusion.

    Justin Davis
    Author does not represent the position of LSI, which screens content as an internet filter to K-12 institutions.

  38. @James Gannon
    I took the time to read your reply to this post. I have to say that I’m no lawyer, I have nothing to do with legislation. I a mere student in a filed that has absolutely no direct link with Law (well every thing is connected somehow one might argue). Yet I came to the same conclusion that Mr Geist pointed above. If “me” (no lawyer, naive citizen) realized that with these changes, I don;t see how a corporate lawyer with the sole purpose in life is to find cracks in legislature to advance his client’s agenda wouldn’t see it? thus the danger!

    Principle 3 – Consent

    The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.

    I’m with “it is required where not implied/impractical”

    thus the list of things you mentioned that may fall into the illegal realm do not really hold:
    as :

    “Businesses were absolutely right to be concerned that this provision could potentially seriously impact the way they do business online. Here are just some of the activities that would now become illegal should this section of the ECPA not be changed:
    Law enforcement’s ability to collect information related to offline crimes that may be discussed over the Internet (drug trafficking, terrorism, etc.)
    Law enforcement’s ability to collect information related to online crimes such as child pornography, child grooming or luring, bank fraud, identity theft, online extortion and theft of classified information
    Insurance fraud investigations conducted by insurance companies
    Bank investigations into fraud and identity theft
    Online auction monitoring and enforcement
    Artist and copyright holders ability to monitor peer-to-peer networks for early leaks of their works
    Online identity protection services
    Creating blocklists of email addresses of known scammers and spammers
    Collecting electronic addresses of those involved in racist, blasphemous, politically subversive, libellous, slanderous, sedition or inflammatory speech that leads to hate crimes.
    Detecting online harassment or stalking”

    Any information one might find on any one in a website, forum, chat room (publicly accessible) didn’t make it there on it’s own, haven’t been stolen or anything like that. The user put it himself or someone on his behalf (who was authorised to do so) put it there, thus the “user” implicitly gave “authorization/consent”. Thus making the harvesting of such information perfectly LEGAL for any purpose (lawful is implied here).

    Getting information from private sources is an other story (as Canadian_Observer pointed above)

  39. 人妻

  40. Politicians: Eat shit and die, you fat, greedy motherfuckers.