The deadline for comments on Industry Canada’s draft anti-spam regulations passed earlier this week with a group of 13 industry associations – including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada – submitting a lengthy document that, if adopted, would gut much of the law. The groups adopt radical interpretations of the law to argue for massive new loopholes or for the indefinite delay of several provisions. I will focus on some of the submissions shortly, but this post focuses on the return of an issue that was seemingly killed years ago: demands to permit surreptitious surveillance by the copyright owners and other groups for private enforcement purposes.
During the anti-spam law debates in 2009, copyright lobby groups promoted amendments that would have allowed for expansive surveillance of user computers. Coming on the heels of the Sony rootkit scandal, the government ultimately rejected those proposals (the Liberals had plans to propose such amendments but backed down), leaving in place an important provision that requires express consent prior to the installation of computer software. The provision states:
(a) the person has obtained the express consent of the owner or an authorized user of the computer system and complies with subsection 11(5); or
(b) the person is acting in accordance with a court order.
The industry groups are now demanding that the government overhaul these requirements. Its preferred approach is to simply kill the provision altogether by referring it to a “Review Body”, which it says could be a task force or another public consultation, before taking effect. In other words, despite considerable debate and approval on this specific provision by Members of Parliament from all parties, these industry groups still want it placed in legislative limbo.
Alternatively, the groups want at least ten kinds of computer programs excluded from the express consent requirement. The very first should set off alarm bells for all Canadians:
a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;
This provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation). Ensuring compliance with the law is important, but envisioning private enforcement through spyware without the involvement of courts, lawful authorities, and due process should be a non-starter.
The Canadian Chamber of Commerce and other business groups want to ensure that the anti-spam law does not block their ability to secretly install spyware on personal computers for a wide range of purposes. In doing so, these groups are proposing to turn the law upside down by shifting from protecting consumers to protecting businesses. The comment period on the draft regulations may have closed, but it is not too late to tell Industry Minister Christian Paradis or your local Member of Parliament to reject demands that would gut the anti-spam bill and legalize spyware for private enforcement purposes.