Close to 140,000 complaints against spammers have been lodged in Canada since a new federal anti-spam law came into effect July 1, but to date, the Canadian Radio-television and Telecommunications Commission (CRTC) has taken action against only one Canadian company.
And in that case, the small Saskatchewan-based business faced no fines because it was discovered that the company’s servers had been infected by malware that had hijacked its email.
“They were not even aware that it was happening,” said CRTC spokeswoman Patricia Valladao.
According to the CRTC, 97 million spam emails were sent through the Saskatchewan company’s Internet service provider in June and July.
As a result of complaints lodged with the CRTC through its fightspam.gc.ca website, the CRTC was able to identify the source of the spam and shut it down, but without penalizing the company whose email addresses had been hijacked.
Fines under CASL can be as high as $10 million. And because CASL can be so inscrutable, many small businesses in Canada now fret that every email their employees send out could net them fines that could bankrupt them.
CRTC chairman Jean-Pierre Blais has tried to calm those fears by saying that “punishment is not our goal” and that law-abiding businesses need not worry about facing massive fines.
That has done little to assuage concerns from Canadian businesses, which generally view CASL to be unnecessary red tape that will do nothing to stop spam, most of which originates outside of Canada, where the CRTC has no jurisdiction.
“It’s quite ironic that, for a government that prides itself on cutting red tape – and has a pretty darned good track record – that they’re doing this kind of thing,” said Richard Truscott, B.C. director for the Canadian Federation of Independent Business (CFIB).
He added that CASL is one of the top three concerns that the CFIB’s 109,000 members have with respect to federal policies. The CFIB has been meeting with MPs across the country in hopes that Ottawa will rethink the new law.
CASL is causing such unnecessary consternation among small businesses that the Surrey Board of Trade is considering striking up a petition calling for the law to be scrapped.
“It’s hurting the bottom line for businesses and for not-for-profits,” said Surrey Board of Trade CEO Anita Huberman. “I think it needs to be revisited.”
CASL covers all forms of electronic communication with a commercial purpose, including emails, SMS messaging and software downloads.
Unlike the United States’ anti-spam law, which simply requires companies to provide an opt-out mechanism, CASL is opt-in, meaning companies need the express consent of the recipient to continue sending any electronic message that has a commercial intent.
The provision for electronic messaging came into effect July 1, although there is a three-year grace period in which companies can continue to send emails to customers, if they had an ongoing business relationship.
But as of July 1, 2017, they will need the express consent of all recipients to continue sending those messages or risk being fine for spamming.
A more immediate deadline is January 15, 2015. That’s when Section 8 of CASL, the provision on computer installations, kick in.
Again, CASL will require the express consent of the recipient before a company can cause an application or update to be installed on a computer or device.
Many Canadian businesses may assume that that provision applies only to software companies, said Bradley Freedman, a lawyer specializing in technology law at Borden Ladner Gervais.
But many companies these days have apps that may require frequent updates, and it’s not clear to what extent Section 8 applies to them.
“The language is ‘install or cause to be install,’ and in my view it’s not clear whether that means physically doing the installation or whether it’s making software available online for download installations,” Freedman said.
“That’s a big question mark in my view, and I haven’t seen any guidance issued by the regulators, and if those rules do indeed apply to software distributors who make software available online for downloading, then everyone’s got to start worrying about these rules.”
Canadians who receive unsolicited commercial messages – usually in the form of email – can now report the offending company to the CRTC through fightspam.ca.
But unless the recipient is savvy enough to figure out in which country the originating IP address is located, many Canadians reporting spam will have no idea if the spam they’re reporting originated from Canada. So many of the complaints that the CRTC receives may come from countries where it has little if any jurisdiction to enforce Canadian law.
Valladao said she did not know how many of the 138,750 complaints the CRTC has received originated in Canada.