Canada’s anti-spam law has been the target of intense criticism since its introduction in 2009 as the Electronic Commerce Protection Act. Even after the law passed in 2010, there was no shortage of effort to delay the regulations needed to put it into effect. Once it finally took effect in 2014, the criticism continued with a steady stream of fanciful suggestions that it would render promotions of neighbourhood lemonade stands illegal and warnings that the law would invariably be challenged in the courts and ruled unconstitutional. In 2017, just as critics were arguing for reforms to the law at the Industry Committee, the CRTC issued its ruling on the matter, determining that the law was in fact constitutional. The issue then proceeded to the Federal Court of Appeal, which last week unanimously upheld the constitutionality of law.
The case could still be appealed to the Supreme Court of Canada, but the decision signals that Canada’s anti-spam law (now typically referred to as CASL) will remain the law of the land for the foreseeable future. The lobbying campaign at the Industry Committee in 2017 to overhaul the law was rejected, resulting only in recommendations to clarify certain provisions. The government response to the committee report months later was even more tepid, merely noting the committee’s concerns. Now the efforts to challenge the constitutionality at both the CRTC and in the federal courts have failed with the Federal Court of Appeal firmly dismissing claims that have repeatedly raised by the law’s critics.
I have written extensively about CASL, defending it when it took effect in 2014 (here and here) and making the case for the law in 2017 before the Industry Committee. My committee appearance focused on three issues: there is a real harm or risk to be addressed, the evidence suggests that the law has been effective, and that the claims that the law is too onerous or overbroad are overstated. The Federal Court of Appeal addressed all of those issues in its decision.
The ruling includes an extensive review of the CRTC spam investigation into a Montreal firm named CompuFinder that triggered the case, but the heart of the case is whether the law is unconstitutional. The argument touches on numerous issues, including whether the law falls within federal jurisdiction, violates the freedom of expression protections found in the Canadian Charter of Rights and Freedoms, or runs afoul of several other Charter provisions related to self-incrimination or the right against unreasonable search and seizure. There is also additional analysis of the specific CRTC investigation and application of the law to CompuFinder, which will be the subject of a follow-up post as it provides guidance on the interpretation of CASL.
Does CASL fall within federal jurisdiction?
The CRTC ruled that CASL falls within the second branch of the federal trade and commerce power pertaining to general trade and commerce affecting Canada as a whole. As the court assessed that finding, it divided CASL into three distinct regulatory schemes that govern commercial electronic messages (CEM), alteration of transmission data, and unauthorized installation of computer programs. At issue in this case was the CEM rules, which the court ruled were far narrower than critics have suggested:
The impugned provisions target a particular type of electronic communication – commercial messaging – that is intimately tied to the scheme’s purpose of protecting e-commerce. The scheme has no effect on the sending of electronic messages that cannot reasonably be considered to have as a purpose encouraging participation in a commercial activity. This belies the appellant’s assertion that ‘CASL’s ‘true purpose’ is to regulate unsolicited messages generally.’
More particularly still, the impugned scheme regulates only a narrow aspect of the targeted type of messaging. The scheme establishes three consent-related preconditions for the sending of CEMs: express or implied consent of the recipient; inclusion of an unsubscribe mechanism to allow recipients to withdraw consent; and inclusion of senders’ identification and contact information so these individuals can be contacted directly and informed of recipients’ withdrawal of consent, if necessary.
I have often argued that the fight against CASL was a thinly disguised objection to obtaining consent. A reasonable reading of the law is that once consent is obtained, there are few restrictions on businesses. The court viewed the law the same way:
once recipient consent has been obtained and the few consent-related content requirements satisfied, as far as CASL is concerned, senders of CEMs are at liberty to offer, advertise or promote any form of transaction, act or conduct they wish, in any manner, according to whatever terms they see fit.
The court also dismissed concerns that some of the affected commercial messages might occur exclusively within a single province and thereby undermine the federal jurisdiction:
The impugned scheme’s regulation of intraprovincial messaging is incidental to its primary aim of regulating CEMs that by nature do not respect provincial borders and can have a dramatic effect on the national economy. Pursuit of this primary aim made the scheme’s regulation of some intraprovincial messaging unavoidable.
Having established the character of the CASL CEM provisions, the court then assesses whether it falls within federal jurisdiction over trade and commerce. The court concludes that it does, notably finding that spam threatens e-commerce and that touches potentially on all industries:
These deleterious effects associated with unsolicited CEMs threaten e-commerce in Canada. The impugned scheme regulates the sending of unsolicited CEMs to defend against these threats. Once it is accepted that e-commerce permeates Canada’s economy and is not confined to any specific industry or sector- and I do not perceive the appellant as seriously contesting this proposition – it must follow that the impugned legislation is concerned with trade as a whole and thus satisfies the third General Motors indicium.
The court also finds that if left to the provinces, a provincial failure to address spam would jeopardize the national approach:
When it comes to the genuinely national goals of safeguarding the digital economy from electronic threats that could easily emanate from, and visit their deleterious effects on, any place in the country, federal regulation is essential. If one province were to have more lenient laws respecting unsolicited CEMs, spammers using cloud computing or other methods could easily arrange to disseminate their CEMs from servers located in that province. This would fundamentally handicap any interprovincial scheme aimed at guarding Canada’s e-economy from the online threats associated with unsolicited CEMs. In this way, a federal regime, such as the impugned CEM scheme, is ‘qualitatively different from a voluntary interprovincial scheme.’
Does CASL Violate Section 2(b) of the Charter of Rights and Freedoms?
While there is little doubt that CASL represents a limitation on protected speech, the question for the court was whether the measures in the law are prescribed (focusing on whether they are sufficiently precise), “pressing and substantial”, and proportionate. The proportionality test examines whether there is a rational connection the measures and their objectives, if they impair the freedom as minimally as possible, and the overall proportionality of the benefits weighed against the deleterious effects.
On the issue of whether CASL is sufficiently prescribed, CompuFinder raised the longstanding claim that CASL’s definitions are too open ended, particularly the definitions for commercial activity and CEM. The court engages in a detailed review of the definitions and reaches the following conclusion:
CASL is sufficiently precise to delineate an area or zone of risk, which is all that can be realistically expected and all that is constitutionally required of legislation. The impugned provisions are intelligible, offer a grasp to the judiciary, and provide an adequate basis for legal debate and therefore do not bear the characteristics of vague legislation set out in Nova Scotia Pharmaceutical Society. I find that CASL more than meets the threshold for passing the ‘prescribed by law’ stage of the section 1 analysis.
The court then turns to the pressing and substantial issue. While CompuFinder again raises longstanding claims that CASL is overbroad, the court does not buy it:
First, the statements are hyperbole. Contrary to the appellant’s claims, CASL does not ban all speech or expression with any possibility or semblance of commerciality, or that might be, may be or could be viewed as having a slight, faint, or minor commercial element, aspect, nature or purpose. In reality, CASL’s prohibition captures electronic messages that it would be reasonable to conclude have – not could, might or may have – as their purpose, or one of their purposes, to encourage participation in a commercial activity. Furthermore, the prohibition only captures such messages where they have not been consented to or do not conform to the prescribed content requirements, and where none of the various exceptions for prescribed individuals and organizations applies.
It further adds:
It is clear, in my view, that CASL’s objective is not as restrictive as the appellant seeks to portray in its narrow formulation of the Act’s purpose. The proper statement of CASL’s objective as well as the objective of the impugned CEM scheme more specifically is found in section 3 of the Act.
When the court turns to the issue of a rational connection to the objective, it reiterates its analysis:
CASL does not create an absolute prohibition on electronic messages that aim to encourage participation in commercial activity. The legislation prescribes means of engaging in the regulated conduct, namely, where recipients’ consent has been obtained or can be implied and the Act’s content and unsubscribe requirements have been met.
Moreover, it understands that the harm from spam involves more than just individual fraudulent spam messages. Rather, the volume of messages – all sent without consent – is itself a harm:
The more appropriate inquiry is whether an inundation of emails offering an array of coupons, which a recipient did not consent to, and which the recipient is powerless to bring to an end, can impair the efficiency or optimal use of, or undermine a recipient’s confidence in, email as a means of carrying out commercial activities. Without a doubt, it can. A proper appreciation of CASL’s objectives makes clear that the Act may validly restrict messages that may seem innocuous relative to ‘the most damaging and deceptive forms of spam’ without being arbitrary or unfair.
On the question of minimal impairment, CompuFinder argued that an opt-out approach in which consumers would have to unsubscribe from unwanted messages offered a less intrusive alternative. That approach is the one used in the U.S. with its appropriately titled CAN-Spam Act. The court rightly rejects opt-out as inadequate when compared to opt-in:
the opt-out approach places the burden in terms of time, effort and, ultimately, cost, on recipients to avoid unsolicited messages, contrary to paragraph 3(b) of CASL, which aims to avoid additional costs to businesses and consumers. The fundamental issue with the opt-out model is that it permits spammers to continue sending spam. It is worth noting that the Government of Canada’s 2005 Task Force on Spam specifically recommended that Canada adopt an opt-in approach in any future anti-spam legislation.
CompuFinder offered up other alternatives (including the Australian anti-spam model), but the court was left unpersuaded, noting that “the appellant is also only able to make its suggestions appear palatable by once again understating CASL’s objectives.”
Finally, on the issue of proportionality, the court did not find significant deleterious effects:
I cannot accept the appellant’s submission that CASL has any substantial deleterious effect on forms of expression other than commercial expression and find that the Act’s impact on commercial expression is mitigated by numerous exceptions and a prescribed method of compliance.
Rather, it found real benefits:
Relative to CASL’s deleterious effects on free expression, I consider its benefits to be considerable. Spam is a nuisance that has the potential, if left unregulated, to wreak the substantial and negative effects on Canada’s economy that Parliament has sought to prevent through this legislation. The volume of spam CASL shields Canadian internet users from is enormous- there is evidence on the record that spam made up fully 90% of all email sent in 2014. CASL’s benefits are not marginal.
And found that it works:
Nor are CASL’s benefits speculative. Within one year of CASL coming into force, spam emanating from Canada dropped by 37%, removing Canada from among the world’s top five spam-producing countries and placing it outside the top twenty.
The decision continues with assessments of Sections 11, 7, and 8 of the Charter (no violations) and then upholds the specific CRTC analysis in the CompuFinder investigation. It is a long, comprehensive decision that validates the core arguments of CASL’s supporters, namely that the law addresses a real problem, has proven beneficial, and that the best way to address the legal obligations in the law is simply to ask for a clear consent from Canadians to send commercial electronic messages. A second post on the specific analysis related to the application of CASL in this case will follow shortly.
As fanciful as all of this is, CASL doesn’t work.
I have sent many many (many!) complaints to spam@fightspam.gc.ca and have even opened specific complaints (and had exchanges with analysts at) with the CRTC about the big legitimate Canadian companies (i.e. Air Canada) that continue to spam for months, or even years after receiving an opt-out. And they continue to spam, copiously.
Clearly they are not concerned with the CRTC and CASL and certainly could not be the recipients of the heavy fines *theoretically* applicable with CASL, or they’d surely stop spamming.
But the spam continues and continues.
The CRTC claim they receive too many complaints to deal with all of them. I would tend to believe they deal with a very small few, if any at all.
“Too many complaints” doesn’t sound like a legitimate argument to me in fact. Given the powers they have to effectively generate an income stream from spammers (through big fines), they should be able to staff up to whatever level is needed to fully handle the complaint level in an effective and timely manner. If the problem really is that they are receiving too many complaints, that sounds like a large base of offenders from which to levy and collect fines in order to increase staffing commensurate with the complaint level. More complaints, more fines, more staff. Rinse. Repeat. It’s a self-solving problem.
If only they’d apply the solution.
I mean to add to my comment:
“Where is my private right of action”?
Then I could go after these spammer myself and not need to rely on the CRTC to completely inadequately [not] deal with them for me
My approach is to check the WHOIS data and report them to their domain provider. These companies tend to get their hosting from big-name hosting providers with strict anti-spam policies.
Pingback: ● NEWS ● #michaelgeist #canada ☞ #CASL is Constitutional: Federal C… | Dr. Roy Schestowitz (罗伊)
Pingback: Canada's Anti-Spam Law Declared Constitutional - Freezenet.ca
Pingback: News of the Week; June 10, 2020 – Communications Law at Allard Hall