The Standing Committee on Industry, Science and Technology is conducting a review of CASL, Canada’s anti-spam law. While the usual critics are out in full force, I had the opportunity to appear before the committee yesterday to explain why there is real harm, why CASL has helped solve the problem, and why claims that the law is overbroad are overstated. Of particular note was the discussion involving the significant decline in the number of major spamming organizations operating in Canada since the law took effect. Three years ago, Spamhaus’ Register of Known Spamming Organizations listed Canada as home to 7 of the top 100 spamming organizations worldwide (who are responsible for 80% of global spam). Canada’s presence on the ROKSO list has been dramatically reduced with only two Canadian-based organizations remaining on the list, suggesting that spam originating in Canada has experienced a significant decline. My full opening remarks are posted below.
Post Tagged with: "spam"
On May 17, 2005, the National Task Force on Spam, which included stakeholders from the across the spectrum including the Canadian Marketing Association, ITAC, Bell, CAIP, and consumer groups, presented its final report to then-Industry Minister David Emerson. The unanimous report included the following recommendation:
There should be an appropriate private right of action available to persons, both individuals and corporations. There should be meaningful statutory damages available to persons who bring civil action.
The inclusion of a private right of action was no small matter. I was a member of the Task Force and recall discussion of lawsuits launched in the United States by large ISPs and Internet companies such as Microsoft and Amazon that had proven effective. It took nine years for the task force recommendations to become law when all parties – Conservative, Liberal, NDP and Bloc – supported the resulting legislation. The private right of action provision was to have taken an additional three years as the Conservative government chose to delay its implementation until July 2017 to give businesses three years to ensure compliance with Canada’s anti-spam law.
Yesterday, Innovation, Science and Economic Development Minister Navdeep Bains indefinitely suspended the private right of action before it could take effect. In doing so, Bains blocked important consumer redress for harmful spam and spyware that would have supplemented enforcement efforts overwhelmed by spam complaints. Bains indicated that the statutorily-mandated review of the law, which is required after three years, will be used to assess the law and the private right of action (the Canadian Federation of Independent Business holds out hope that it will be struck down permanently).
Canada’s anti-spam legislation has long been the law that Corporate Canada loves to hate. Months before it was slated to take effect in 2014, there were ominous warnings about how regulation would bring commercial e-mail to a screeching halt, banning everything from large-scale business marketing efforts to emails promoting a neighbourhood lemonade stand.
My regular Globe and Mail technology op-ed notes that nearly three years later, e-mail marketing is alive and well in Canada as many have adjusted to the tougher privacy standards that require informed consent prior to sending commercial electronic messages. Moreover, in a world where malware and ransomware have become serious cybersecurity threats touching millions of Internet users, the inclusion of antimalware provisions has proven prescient since they give authorities the legal tools to participate in global enforcement efforts.
The Trouble with the TPP and privacy, which includes weak privacy laws, restrictions on data localization, bans on data transfer restrictions, and a failure to obtain privacy assurances from the U.S., also includes the agreement’s weak anti-spam standards. Given the fact that nearly all TPP countries have some form of anti-spam law (with the exception of Brunei), the inclusion of anti-spam provision in the TPP was not surprising, yet the agreement sets the bar far lower than that found in many countries. Article 14.14 states:
Each Party shall adopt or maintain measures regarding unsolicited commercial electronic messages that:
(a) require suppliers of unsolicited commercial electronic messages to facilitate the ability of recipients to prevent ongoing reception of those messages;
(b) require the consent, as specified according to the laws and regulations of each Party, of recipients to receive commercial electronic messages; or
(c) otherwise provide for the minimisation of unsolicited commercial electronic messages.
The TPP provision features two key requirements: anti-spam laws that provide for a binding unsubscribe mechanism and some form of consent. Yet with the standard of consent left wide open, countries are free to adopt weak, ineffective standards and still comply with the TPP requirements. In fact, since spam raises global concerns that frequently requires cross-border co-operation, the TPP would have been an ideal mechanism to strengthen international anti-spam rules and enforcement.
The launch of Canada’s anti-spam law generated considerable criticism suggesting that the law was unenforceable and would not have a discernible impact on spam. Recent enforcement actions by the CRTC and the Competition Bureau, which led to millions on fines, demonstrates that the law can be used to target businesses that run afoul of the law. Now a new study from Cloudmark, a network security firm, concludes that there was a significant drop in spam originating from Canada once the law took effect. Moreover, Canadians received considerably less email after CASL was implemented. Cloudmark states: