Mr. Marc Garneau (Westmount—Ville-Marie, Lib.):
Mr. Speaker, it is with great pleasure that I stand today in third reading to speak about Bill C-28. I was involved as a member of the Standing Committee on Industry, Science and Technology on the bill, which deals with a very important matter. It was known as Bill C-27 at the time and has now progressed to being Bill C-28, and it is very encouraging to see that we are now at third reading.
First of all, I would like to stress that we must act quickly to resolve the massive problem of unsolicited electronic messages, more commonly known as “spam”.
Let us go back to 2003, when the problem was not nearly as bad as it is now. A report at the time concluded that businesses spent $27 billion on expenses related to the IT personnel needed to deal with this plague.
Who of us in this chamber have not experienced that maddening moment when we have opened up our emails and discovered that a fairly large number were unsolicited, were trying to interest us in something we were really not interested in, were trying to sell us something? Who of us have not experienced the time it has taken to get rid of these unsolicited emails? Of course many of us have now had to purchase software to try to control so-called spam, and this is adding to our annoyance with the whole thing. Even today, the ingeniousness of some people still manages to circumvent even the best spam software, and we still occasionally receive spam messages even with that best software.
Spam represents, according to the experts, 60% to 80% of all email traffic around the world. Clearly this situation is a major challenge for consumers, businesses, governments and Internet service providers. Yet the issue at hand is not limited to spam and, therefore, legislation must also remedy the use of false or misleading statements that disguise the origins or true intent of the email, the installation of unauthorized programs and the unauthorized collection of personal information or email addresses.
Whether spam comes in the form of unsolicited emails, viruses hidden in attachments—which is often the case—phishing, misrepresentations or the use of fraudulent websites, the government must take action to ensure that Canada does not fall behind.
How can we be the only G8 country and one of only four OECD countries that has not introduced legislation on spam? No one can deny the magnitude of this problem that goes beyond the simple annoyance of receiving unsolicited emails.
This practice also has huge costs for users in terms of the cost of receiving emails and text messages, as well as in terms of the users' storage capacities. Furthermore, this interferes with computer systems, which can have consequences on businesses, governments and individuals. When spam floods and completely paralyzes systems, these practices have more serious effects than anyone could imagine on the way society functions.
We often do not realize how vulnerable we are, which is why we must act quickly. In this case, there is no point reminding members that when the Prime Minister prorogued Parliament at the beginning of the year, he ruined our chance to act quickly.
The Liberal Party of Canada has not only always been concerned by this serious problem but has been very proactive on this matter. In fact the Liberal government established an anti-spam task force in May 2004 that held public consultations and round tables with key industry stakeholders. This Liberal initiative led to the 2005 anti-spam action plan for Canada, which was a call to action.
The plan comprised specific recommendations, requiring the implementation of legislative measures that: prohibit the sending of unsolicited commercial electronic messages; prohibit the use of false or misleading statements that disguise the origins or true intent of the email; prohibit the installation of unauthorized programs; and prohibit the unauthorized collection of personal information or email addresses.
Bill C-28 and the initiatives announced by the Conservative government followed through on the recommendations made by the Liberal anti-spam task force of 2005. However, it is worth mentioning that Bill C-27, as originally submitted by the current government, contained a number of flaws. Fortunately, the Standing Committee on Industry, Science and Technology did outstanding work and proposed recommendations that significantly improved the bill. With these amendments and with further changes recently proposed in Bill C-28, we believe the bill is achieving its main objectives.
Bill C-28 introduces legislation to deploy most of our recommendations, and therefore we are pleased to say that the government has finally decided to act on the recommendations brought forth by our task force. This said, care must taken and we will continue to monitor the legislation closely to ensure that it does not stifle legitimate electronic commerce in Canada. It is important to emphasize that the fight against spam is much more than just legislation.
The industry committee also discussed how important it is that the government take responsibility for a cohesive approach once Bill C-28 is passed. What good is this law if the authorities overseeing it cannot take action because they lack resources? What specifications will be given to the various entities that will enforce and implement the law?
The minister must submit a comprehensive enforcement plan outlining the roles of these entities, such as the CRTC, the Competition Bureau and the Office of the Privacy Commissioner of Canada. The fact is that with this many stakeholders, Industry Canada's role as coordinator will be extremely important. We must give this department the proper tools, both from a human resources and an organizational perspective.
In short, it is essential that there be a coordinated approach involving industry partners, affected organizations and concerned stakeholders in order to implement this bill, and it is in this context that the government needs to take action. It needs to provide the mechanisms to ensure that this legislation is enforced effectively. Enforcing this type of law is complex. It needs to be reviewed periodically so that we, as legislators, can cover all eventualities, such as technological advances.
I should also point it that it is becoming essential and urgent to coordinate our legislation with various countries and engage with the international community in order to harmonize measures to achieve agreed-upon objectives. Canada must now take its place and become a leader in this area.
The Liberal task force also recommended that resources be put toward co-ordinated enforcement of the law, since we all know that legislation will only go as far as the capacity and willingness to enforce the law. Hence it is of the utmost importance that the government put appropriate resources into enforcement, in its determination to work with other nations to stamp out spam.
It is also imperative that the government dedicate resources to clearly establish codes of practice. The Liberal Party of Canada will, without fail, be on task to assure that these elements are not forgotten as the process moves forward.
I am confident that we are on the right track. The members of the Liberal Party will continue to work to ensure that this bill is in line with the expectations of the people.
Mr. Bruce Hyer (Thunder Bay—Superior North, NDP):
Madam Speaker, it is my pleasure to rise to speak to Bill C-28, the anti-spam bill, which was formerly Bill C-27.
I have often bemoaned the lack of co-operation in the House, but this is one case where members of all partisan stripes seem to agree.
All of us and our constituents have been inundated with unwanted spam at home and at work. Spam represents about 87% of email activity around the world. At best, it is a huge waste of time and energy. It was estimated last year that over 62 trillion, and I am trying to get my head around that number, spam emails were sent out. It is done in a variety of ways. This bill would identify and eliminate some of those ways.
This bill enjoys strong public support. It certainly has the support of the New Democratic Party. This is part of the New Democratic Party's electoral platform to move forward on a number of consumer issues that we want to see implemented as law.
There will be a push to try to weaken this bill. There are some elements in this bill that make it a really strong and good bill for Canadians and Canadian businesses because it affects our economy.
Canada is actually in the top 10 when it comes to generating and receiving spam. Canada is the only G8 country that does not have the kind of legislation that Bill C-28 represents. Once again, we are behind but we can catch up with this bill quite significantly and have one of the better models to deal with this important issue.
Approximately 1 out of 20, or 5%, of the spam in the world comes from Canada. Canada is known as a harbour for some of the big spammers. I believe we stand fourth in the world in terms of spamming, behind Russia and just ahead of Brazil. An Ipsos Reid poll found recently that approximately 130 spam messages are received by Canadians each week. That is troubling because it is up 51% from just the year before. Speaking for myself, both at work and at home I get quite a bit more than 130 spam emails.
It is not just the irritation of removing unwanted messages and solicitations; it is also time consuming. Employers are worried about the time it takes and the cost to their businesses. As a small business owner myself, I know how taxing spam can be on my computer system's efficiency. It puts my computers at risk and lowers my employees' productivity.
Some may argue that businesses have the right to inundate us with these kinds of messages, but really it is a privilege. No one has an absolute right to inundate us with emails, especially when many spammers use malware and other kinds of spyware to gain data on us regarding where we shop online, what our online consumer habits are, et cetera.
Interestingly, the bill provides for windows of opportunity for businesses with existing relationships to make that connection with their customers. One idea is an 18-month extension in terms of a previous existing business relationship. That makes sense. The Bloc moved a motion to extend that grace period on previous business relationships to 24 months. I strongly disagree with extending it to 24 months. Eighteen months is long enough.
Once this law is in place, there will be three regulatory agencies to punish spammers. The CRTC will investigate complaints. The Competition Bureau will slap on fines of up to $1 million for individuals and $10 million in all other cases. The Privacy Commissioner will get involved when people's privacy is violated.
The part about the Privacy Commissioner is important because far too often spammers have used headliners that look like many banks' headliners, and then people click on them, and I have almost done it a few times, thinking it is their bank, but it turns out that it is a spammer seeking to collect data and information on them, perhaps to create fraud.
There have been cases where people have lost money, thinking it was their own financial institution or a legitimate financial institution. They provided access to some of their monetary resources and suffered financial losses. This is shameful and should not be happening in a country like Canada.
There is going to be recourse to show those who bombard us with spam and those who have to deal with it that there will be real punishments, that it will be more than just a fine, that it is going to be significant for them to deal with and hopefully it will help to curb this behaviour.
One of the reasons that the bill will be strong is it would have those three regulatory agencies actively involved in maintaining the accountability of the actual bill. Interestingly enough, there was a bit of a debate about whether or not this bill should deal with the telephone solicitation issues. It would not. However, at the same time, it would allow the minister actually some degree of ability and capability, and quite frankly, a bit more strength to work on the do not call list.
It is also important to note that there was another issue in the bill that was defeated. It is important to recognize that, because it is an issue that people are concerned about. In the original manifestations of the bill there was a provision that would have allowed companies to go onto our computers and seek information regarding that computer site. If we had agreed to them being part of our Internet relationship, we would be consenting or allowing them to go onto our computer and access information and documents, and basically surf through our site, at times unknown to us. That issue was taken off the table as well, thank goodness.
There was great Internet discussion and blogging about this offensive piece of legislation. I was happy to see that this was removed as well. It is important because had that provision been there, as well as the other provisions I have mentioned that were taken out, I do not know whether I could have supported this legislation because it would have weakened it so much. It would have become far weaker than even the do not call registry, which is pretty weak. It is very fortunate that we were able to get consensus and push that back.
As well, there were a couple of amendments that were interesting, and I was rather curious as to how they came forward. We will see whether or not, in the Senate, they will be pushed forward again.
One of them came from the Bloc, and that was the extension of the time to actually opt out of an email subscription. The way it works is if I, for example, agree to receive an email and I have a relationship with a company, or if someone is sending me that information, then I could opt out of that later on. I would just send an email that I do not want to continue this relationship. The way the legislation was, in 10 days, I would be taken off the list. The Bloc moved a motion for it to be 30 days. The final part of the bill is now 10 business days.
If we agree to an email through our bank or somewhere else, they will instantly start spamming or sending information. Once we agree, they start flying in. I have Aeroplan points, for example, from Air Canada, and then boy, that thing rings all the time with all kinds of stuff. I have agreed to that relationship and sometimes it is helpful. Sometimes it is irritating, but I make that choice. To suggest that I want that out and that it would take 30 days to get out of that is absolute nonsense, especially with the sophistication of some of today's programs. Ten business days is more than sufficient time within which to end that relationship.
As well, it is important to reinforce the issues of how serious spam is. Spam is used in crime. Spam is also used in an organized way that affects the whole Internet capacity of the system. We just have to look at some of the botnets. This is like a zombie computer where specific programs are written to go in and turn our computers into a generator for spam, or our email address for someone else who controls a whole grid of computers.
I hope to see the bill passed and I hope to not see it watered down in our unelected Senate. One of the interesting results of the American legislation that was passed was the conviction of Robert Alan Soloway who was arrested in the United States. He was one of the world's largest spammers. Among the 35 counts that he was charged with were not only identity theft and fraud, but also money-laundering.
I want to touch on companies too because some of the market they invest in gets lost or hurt because of spamming. Some of the spamming is very particular, very effective and professional-appearing in imaging and induces people to think it is something it is not, such as, for example, the banking industry as I have already mentioned. It costs the banking industry because it loses customers. People then do not want to trust that company because others have abused the site that appeared to be theirs.
That is why we do not want to lose sight of the criminal aspect of this as well. We must move the bill through as quickly as possible. It has taken long enough to get through committee, despite the noble efforts of my colleague, the hon. member for Windsor West, who has worked hard and smart on the bill.
Let us show Canadians that the government can get useful things accomplished for Canadians.
Mr. Scott Simms (Bonavista—Gander—Grand Falls—Windsor, Lib.):
Madam Speaker, when I was first elected in the summer 2004, spam was a burgeoning issue, but it was something that was focused. Everyone's Internet account was getting inundated with spam and solicitations of a nefarious nature. In 2004 the activity was measured at $130 billion worldwide. One has to wonder exactly how it goes from zero to $130 billion in a very short period of time.
The situation has proliferated to the point where it has become oppressive to individuals who have email accounts and certainly for small businesses with accounts. In dealing with spam and unsolicited emails, we are at a point where the system has been clogged. Now 80% of the information traffic to our computers and PDAs constitutes what we know as spam.
That was then and this is now. Not only has the situation been exacerbated by the fact that so many people are trying to get involved in unsolicited emails and are becoming much better at, the system is allowing them to become much faster and in many cases more elusive. We have several platforms by which people can do this.
As imaginative as we can be when it comes to the world as an extension of who we are, since 2004, we have had the proliferation of social media, such as Facebook and Twitter. Also an abundance of texting has taken place. We know it is not only the computer on our desks at home or at the office, it now travels with us all day no matter where we go because it is much more compact.
Back in 2004, about six months after I was elected, an anti-spam task force was established. At that time, experts were gathered because it was a pressing issue. Let us remember, it is not only the domestic issue at which we are looking. Sometimes we extensively deal in a domestic nature in the House with issues such as the economy, social security, pensions and employment insurance. Sometimes these serve as models for the world to follow, such as our Canada pension plan.
Now we are now completely intertwined with the world. As we know, electronic commerce, or e-commerce, knows no boundaries. It surpasses all that CBSA can put out there. It travels around the globe instantaneously. We are able to connect to the world in a way we never thought possible. I am not saying that is a bad thing. It is absolutely wonderful if we are to achieve a common understanding around the globe. However, it becomes problematic when we have to create domestic legislation to follow suit on international agreements. Therein lies the crux of what we are doing.
Other members have pointed out, and I would wholeheartedly agree, that we are behind the eight ball when it comes to this type of legislation. Legislation has been addressed in other G8 nations and it has gone farther than we have. Now we find ourselves in the situation where we are playing catch up with the rest of the world.
However, that is one issue. We still have to do our due diligence within the House, through debate and committee work, so we can create legislation that has teeth and is effective.
The second phase of this follows from the legislation we create in the House, and that is the enforcement of it, which is very important. This is why the myriad of agencies, as mentioned in this debate, have been brought into this in order to enforce it.
I mentioned the international component of this. Being from the east coast, primarily Newfoundland and Labrador, we have dealt with legislation on an international perspective when it comes to our fisheries. As many past politicians from Newfoundland and Labrador have said, “borders are borders, but fish can swim”, and they swim over borders.
Therefore, the international scope of this issue is much like issues of climate change. Many of the models created to govern our resources are created in international forums. For fisheries, it is the North Atlantic Fisheries Organization, NAFO. For climate change, it is the United Nations and other avenues and even the Council of Europe for that matter.
This agreement has taken place through international governance. Now we have to follow with our own domestic legislation. That goes a long way in cluing up and taking our place in the world to deal with this issue.
I have compiled some background information. My compliments to the Library of Parliament for this legislative summary. I want to congratulate Ms. Alysia Davies for compiling this information. She did a fantastic job. She is with the legal and legislative division, Parliamentary Information and Research Service.
There are a few clauses in the bill that deal with the situation at hand.
Following the work of the task force, we had the first go around with Bill C-27. When it made its way through committee, certain changes were brought forward by the committee, as well as the government and the department, which have been incorporated for the most part. That too follows a great debate. Following the prorogation, the bill died on the order paper. Now we are with Bill C-28 and we will do our due diligence yet once again.
As Bill C-27, it was known as the electronic commerce protection act. We now incorporate items that were added to the former ECPA as government amendments during its original passage when it was Bill C-27.
As with the previous bill, the new bill, called “fighting Internet and wireless spam act”, would amend four existing acts that deal with telecommunications regulation, competition and privacy. Among other changes, these amendments designate the Canadian Radio-television and Telecommunications Commission, commonly known as the CRTC, as the main regulator of the fighting Internet and wireless spam act. Also, both the Commissioner of Competition and the Privacy Commissioner will play enforcement roles related to their respective mandates.
There may be some questions. For example, one question earlier in the debate was about the Privacy Commissioner not being mandated to educate the public. That is a very valid point because then it falls within the realm of justice. That certainly needs to be brought out in the House and we need to have a thorough debate as to exactly who will to educate on what is not right, not legal and what fines may result.
My hon. colleague from Manitoba brought up the idea of prosecution for the sake of criminal charges being laid. Right now we are dealing with just fines, but that too should be addressed. In future, this may be re-addressed in this legislation.
I also want to talk about the four pillars. This is a combination of a process that began with the anti-spam action plan in 2004. That was a private sector task force, chaired by Industry Canada, to examine the issue of unsolicited commercial email, which we now know as spam.
By the end of 2004, spam, which is in many ways the electronic equivalent of junk mail, had grown to encompass 80% of global email traffic. Imagine a mailbox with 80% of its mail being junk mail. Many would say that is already happening, and in some cases I am sure it is.
Nonetheless, 80% is a high number because it is so easy and cheap to put out these emails. Typing something in, either a scam or something close to a scam, and feeding it to the masses electronically is much easier than doing it with physical paper.
The task force on spam led the action plan at a round table of national stakeholders in December 2004. We received feedback through announcements in the Canada Gazette and in a dedicated online forum. It issued a report in May 2005. That report recommended, among other measures, legislation specifically aimed at combatting spam, which we are dealing with today. It is a second incarnation of a spam act. The federal government introduced a first attempt back in the 42nd session.
I want to thank two gentlemen from the Senate who did a lot of work prior to this. First is Senator Donald Oliver. Second is former Senator Yoine Goldstein from Montreal, who did a tremendous amount of work on this issue. We owe both former Senator Goldstein and Senator Oliver a debt of gratitude.
The spam act can be seen as a complement to the e-commerce legislation that has gradually been developing in each of the Canadian provinces and territories over the past 10 years.
We owe a debt gratitude to provincial legislation that started back in 1998 under the uniform electronic commerce act created by the Uniform Law Conference of Canada. The provincial and territorial acts have thus far served as the underpinning for burgeoning e-commerce sectors across the country. We also owe a debt of gratitude to many of the respective provincial ministers for helping us create the bill in front of us today. Eventually we will deal with the enforcement aspects of it.
Basically what came from that, the main federal legislation related to e-commerce, was the Personal Information Protection and Electronic Documents Act, or PIPEDA, which governs privacy requirements for private sector organizations and electronic documents within federal jurisdiction and in provinces or territories that have not yet established their own similar legislation. This is typical for many pieces of legislation since the inception of Parliament.
As I mentioned, Canada is the last of the G8 countries to introduce specific anti-spam legislation domestically, and a lot of this came from what was negotiated in international fora. Some existing Criminal Code provisions were identified by the task force as being of possible assistance in prosecuting spam cases. The task force worked on this with the Department of Justice and the Technological Crime Branch of the Royal Canadian Mounted Police in 2004 and 2005.
This is another element of the bill that should be engaged to a greater degree. We are still on the cusp of understanding the influence that spam emails have around the world. In six years we have come a long way in electronic commerce. We have gone from the nuisance of spam email to Facebook and social media, such as Twitter and other forms of apps, iPads, and so forth. Members get the idea. The platforms are evolving, but the people who are behind the criminal aspect of spam, and some not so criminal, are adapting around the platforms that currently exist. Therefore, it is incumbent upon us to try to keep up to date, to ensure people are informed as to what they can and cannot do and to allow the government agencies, at arm's-length, to deal with the enforcement of these issues.
I mentioned the technological crime branch of the Royal Canadian Mounted Police and the requirements to bring a charge under the existing provisions. However, when the task force report was published, these provisions had not been used for this purpose, so questions remain around that.
Other agencies, such as the office of the Privacy Commissioner of Canada and the Competition Bureau, have received complaints from members of the public about spam as well and there was no overarching framework for addressing such complaints. We can see the genesis of this. At the time, the task force was able to tell them to deal with the issue of the Criminal Code and deal the fact that our government agencies are inundated with complaints and that we have to marry the two. The fine situation we have right now was a result of that. That is something we need to address at a future date.
The legislation would provide a clear regulatory scheme, including administrative monetary penalties, or AMPs, with respect to both spam and related threats from unsolicited electronic contact, including, which is the important part, identity theft, phishing, spyware, viruses and botnets. It would also grant an additional right of civil action to businesses and consumers targeted by the perpetrators of such activities. Therein lies another aspect of taking these people to court. Does it hold enough teeth is the expression and this is what I have a few reservations about.
For descriptions and analysis, clause 2, for example, contains its own definition of what we call commercial activity. It is different from the one in PIPEDA, the legislation that served as the paramount legislation for dealing with spam. It does not modify the existing definition to that act but builds on the PIPEDA wording of “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character”, and adds the qualification “whether or not the person who carries it out does so in the expectation of profit”.
Therefore, we get the incentive for doing this when we talk about unsolicited emails and other nefarious activities that I described earlier, the botnets, the spyware and those sorts of things, because those are the programs that are adapting, for a nefarious nature, to solicit from us money taken under circumstances that consumers would consider to be not right. Therefore, it tries to define that for the sake of profit.
It does reflect an intention to widen the scope of who could be considered responsible under the new law in cases where spamming or other activity occurs, possibly implicating Internet service providers, or ISPs, or even those whose computers are being used for spamming without their awareness or consent. We can see how this has taken place.
A lot of situations have developed since we first started the task force about six years ago that this legislation has to address. A lot of that came out of the committee work on Bill C-27 and now enacted within this. Part of clause 2 acknowledges that.
There are also provisions discussed in further detail, which I will talk about in just a little while, but one of the situations was telemarketers and what we call the DNCL, the do not call list, which members of Parliament receive a lot of calls about. I would say that over the past six years of being here, I have certainly dealt with a lot of that and the bill would address it to an extent.
Eighty per cent of global traffic regarding spamming is an incredible amount of activity. This is what this legislation attempts to address. There are key provisions in clauses 7 to 10 and 13.
One of the situations that subclause 7(6) originally added to the predecessor bill through a government amendment that was before the House of Commons under the industry, science and technology committee specified that the prohibitions on sending a commercial or electronic message do not apply to quotes or estimates for the supply of a product, goods, a service, land or an interest or right in land, if the message was requested by the recipient. Therefore, this bill would not impede on the normal course of e-commerce.
We need to face the fact that those businesses, especially the small and medium size businesses, the SMEs, have been successful through the world of Internet and therefore we want to ensure this legislation will not impede upon their efforts to create business and to solicit in what I would call a way that is consistent with good consumer practice.
Mr. Serge Cardin (Sherbrooke, BQ):
Madam Speaker, I rise here today to speak to Bill C-28, once known as the Fighting Wireless and Internet Spam Act.
I would like to begin by saying that the Bloc Québécois is in favour of the principle of Bill C-28, which was previously known as Bill C-27, but which died on the order paper at prorogation. A number of minor changes have been made, but the overall text, its objectives and key elements remain the same.
New legislation that specifically targets unsolicited commercial electronic messages has been needed and requested by society as a whole for some time now. Governments, Internet service providers, network operators and consumers are all affected by the problem of spam. Preserving the efficiency of legitimate electronic commerce is a vital and pressing issue. Not only are commercial emails sent with the prior and ongoing consent of the recipient important to electronic commerce, but they are also essential to the development of the online economy.
The Bloc Québécois is pleased to see that Bill C-28 takes into account most of the recommendations in the final report of the task force on spam. On the other hand, we are upset that the legislative process has taken four long years. Computer technology is evolving at astonishing speeds, and spammers keep finding new ways to achieve their goals. Accordingly, consideration of the bill in committee should give many industry stakeholders and consumer protection groups an opportunity to express their views on the proposed Electronic Commerce Protection Act. A number of other points also need to be examined in committee and I will come back to those points later on in my speech.
The task force on spam was struck in 2004 to look into this problem, which is constantly evolving, and to find ways of dealing with it. The task force heard from Internet service providers, electronic marketing experts and government and consumer representatives.
In all, more than 60 stakeholders took part in the discussions, providing input on issues such as legislation and law enforcement, international co-operation, and public education and awareness. In addition to launching an Internet-based consumer awareness campaign entitled “Stop Spam Here” to inform users of steps they can take to limit and control the volume of spam they receive, the task force on spam presented its final report to the Minister of Industry on May 17, 2005.
Entitled “Stopping Spam: Creating a Stronger, Safer Internet”, this report calls for new, targeted legislation and more rigorous enforcement to strengthen the legal and regulatory weapons that Canada could use in the global battle against spam.
The report also supports the creation of a focal point within government for coordinating the actions taken to address the spam issue and other related problems like spyware.
Among the report's key recommendations are more vigorous legislation and enforcement and legislation to prohibit spam and protect personal information and privacy, as well as computers, emails and networks.
The proposed legislation is designed to allow individuals and companies to sue spammers and hold any businesses whose products and services are promoted using these means partially responsible for spamming activity.
In addition, new and existing resources of the organizations responsible for the administration and enforcement of anti-spam laws should be strengthened.
The task force recommended creating a centre to coordinate the government's anti-spam initiatives. This focal point would coordinate policy and education campaigns and support law enforcement efforts. It would also receive complaints and compile statistics on spam.
To curb the volume of spam reaching users, the task force developed a series of industry best practices for Internet service providers, network operators and email marketers. Examples include allowing ISPs and other network operators to block email file attachments known to carry viruses and to stop emails with deceptive subject lines.
As well, email marketers would be required to obtain informed consent from recipients to receive emails, provide an opting-out mechanism for further emails and create a complaints system. The report recommends that these groups voluntarily adopt, regularly review and enhance the best practices.
To help change people's online behaviour, the task force created an online public education campaign called “Stop Spam Here”. Launched in 2004, the website offers consumers, volunteer organizations and businesses practical tips for protecting their personal information, computers and email addresses. The task force recommended that all partners continue to enhance the site's content.
Since most of the spam reaching Canadians comes from outside the country, international measures to stem spam are vital. Therefore, the task force proposed that the government continue its efforts to harmonize anti-spam policies and to improve cooperation among all countries to enforce anti-spam laws.
Four years later, on April 24, 2009, the Government of Canada finally introduced new legislation to protect electronic commerce, namely, Bill C-27. Inspired primarily by the final report of the task force on spam, Bill C-27 established a framework to protect electronic commerce. To achieve that, the bill would enact the new Electronic Commerce Protection Act, or ECPA. Basically, this act would set limits on the sending of spam.
Spam can be defined as any electronic commercial message sent without the express consent of the recipient. It can be any electronic commercial message, any text, audio, voice or visual message sent by any means of telecommunication, whether by email, cellular phone text messaging or instant messaging. Considering the content of the message, it would be reasonable to conclude its purpose is to encourage participation in a commercial activity, including an electronic message that offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land, or a business, investment or gaming opportunity.
Note that the following types of commercial messages, which appear in clause 7, are not considered to be spam: messages sent by an individual to another individual with whom they have a personal or family relationship; messages sent to a person who is engaged in a commercial activity and consists solely of an inquiry or application related to that activity; messages that are, in whole or in part, an interactive two-way voice communication between individuals; messages sent by means of a facsimile to a telephone account; messages that are a voice recording sent to a telephone account; a message that is of a class, or is sent in circumstances, specified in the regulations.
This means that, under this legislation, sending spam to an electronic address—email, instant messenger, telephone or any other similar account—would be prohibited. The only circumstances under which it would be allowed is when the person to whom the message is sent has consented to receiving it, whether the consent is express or implied
In addition to being in a form that conforms to the prescribed requirements, the message will have to make it possible to identify and contact the sender. Lastly, the message must include an unsubscribe mechanism, with an email address or hyperlink, so that the recipient can indicate that he or she does not want to receive any further commercial electronic messages from the sender.
The bill would also prohibit altering the transmission data in an electronic message so that it is delivered to destinations other than that specified by the initial sender. In addition, the bill would prohibit installing a computer program on another person's computer and sending an electronic message from that computer without the owner's consent.
There are provisions for administrative recourse. Anyone who contravenes, even indirectly, any of these provisions would be liable to an administrative monetary penalty, or AMP, if the computer used is located in Canada. The maximum AMP is up to $1 million for individuals and up to $10 million in all other cases. The Canadian Radio-television and Telecommunications Commission, the CRTC, will be responsible for investigating complaints and, when necessary, imposing the penalties. Furthermore, the CRTC will have the authority to apply for an injunction if it finds that a person is about to or is likely to carry out a violation.
In order to carry out these inquiries, the CRTC would have interesting powers. It could require a person to preserve transmission data, produce a copy of a document that is in their possession or prepare a document based on data, information or documents that are in their possession. It could even conduct a site visit in order to gather such information or, if necessary, to establish whether there was a violation under clauses 6 to 9. Note that it will have to get a warrant from a justice of the peace prior to entering premises.
An individual who refuses or fails to comply with a demand under clauses 15, 17 or 19 will be guilty of an offence and subject to a fine of up to $10,000 for a first offence and up to $25,000 for repeat offences. Businesses will be subject to a fine of up to $100,000 for a first offence and $250,000 for repeat offences.
There are also private remedies. Bill C-28 provides for the creation of a private right of action, modelled on U.S. legislation, that would enable businesses and individuals to initiate civil proceedings against any person who contravenes clauses 6 to 9 of the new act.
If the court believes that a person has contravened any of these provisions, it may order that person to pay an amount corresponding to either the loss or damage suffered or the expenses incurred. If the applicant is unable to establish these amounts, the court may order the applicant to be paid a maximum amount of $200 for each contravention, up to a maximum of $1 million.
Bill C-28 also proposes an extension of the co-operation and information exchange powers for anything that has to do with the Competition Act, the Telecommunications Act or the Personal Information Protection and Electronic Documents Act.
For example, any organization to which part 1 of that act applies may on its own initiative disclose to the CRTC, the Commissioner of Competition or the Privacy Commissioner any information in its possession that it believes relates to a violation of the act. The CRTC, the Commissioner of Competition or the Privacy Commissioner must also consult with each other and may share any information necessary to carry out their activities and responsibilities in accordance with the act.
Over the years, unsolicited commercial electronic messages have turned into a major social and economic problem that undermines the business and personal productivity of Quebeckers. Not only does spam impede the use of email for personal communication, but it also threatens the growth of legitimate e-commerce.
The Internet has become an essential tool for commerce and communication in general. According to the government, the online marketplace represents an important segment of the Canadian and Quebec economies. In fact, there was $62.7 billion in sales in 2007. In 2009, e-commerce reportedly surpassed $8.75 trillion. But the Internet and e-commerce are also becoming increasingly vulnerable and threatened.
Spam accounts for more than 80% of global electronic traffic, which results in considerable expenses for businesses and consumers. Spam is a real nuisance. It damages computers and networks, contributes to deceptive and fraudulent marketing scams, and invades people's privacy. On a larger scale, spam directly threatens the viability of the Internet as an efficient means of communication, undermines consumer confidence in legitimate e-businesses and hinders electronic transactions. And in the end, everyone loses.
The need for new legislation dealing with unsolicited electronic messages has been urgent for far too long. The Bloc Québécois is pleased to see that Bill C-28 covers most of the recommendations made by the task force on spam. However, we deplore the fact that the legislative process has taken four long years. Computer technology is evolving at astonishing speeds, and spammers keep finding new ways to achieve their goal. In terms of information technology, four years is an eternity.
Consideration of the bill in committee should give many industry stakeholders and consumer protection groups an opportunity to express their views on the relevance of new electronic commerce protection legislation. The committee should also study the exchange of information between the CRTC, the Commissioner of Competition and the Privacy Commissioner. And while we want these exchanges to take place in order to maximize the efficiency of the ECPA, any personal information that is shared must always remain confidential. This is even more critical because this information could be shared with foreign states. The question of vigilance in relation to protecting commercial ties between businesses and consumers will also be studied in committee. And although the ECPA's provisions on this subject may seem to be sufficient, industry evidence must be considered because this legislation cannot slow down the use of the Internet as a catalyst for and facilitator of trade.
Mr. Derek Lee (Scarborough—Rouge River, Lib.):
Madam Speaker, this is an important piece of legislation we are debating here today, if for no other reason than it having been long delayed in finally being dealt with by the House.
I am advised by credible sources that Canada is the only G8 country that does not have legislation governing spam. This legislation deals with more than spam, but the bill's moniker out there on the street is that it is an “anti-spam” bill. So this is what Parliament is attempting to legislate on, and in my view, the bill could have a massive potential impact in the world of electronic commerce.
I am also advised that for a period of time some of the business organizations in our country were uncomfortable with provisions in the initial bill. Some amendments have been made to the initial bill, and I believe those organizations support it now.
It is incredibly important for us to ensure that if this bill is passed at second reading, which I believe it will be, the committee that studies it has the fullest consultation possible with professionals and businesses in this field to ensure that we deliver the best bill we can without impairing our electronic commerce, while protecting the privacy and other amenities that almost all Canadians would agree with.
The bill itself begins by attempting to prohibit. I say “attempting” because it is all very well for us to pass a law that prohibits or criminalizes or somehow regulates something, but the proof is in the pudding. The bill has to have an impact on the street, and in order to prohibit, there must be reasonable enforcement; and in order for there to be enforcement, there has to be a resourcing of those officials who would police or regulate.
This particular bill embarks on a course that has been followed in other legislation. It would allow the private sector to do some forms of enforcement or to participate in the organization of the regulation or enforcement. That is a positive step, but my point is that we just cannot pass a bill that prohibits and purports to regulate; we must also look to the issue of the means and modalities of enforcement. I note that while there is not a Criminal Code type of prohibition, the bill does have some significant potential financial penalties that could be applied.
But just because I stand here and say the bill has financial penalties, and just because we enact it, does not mean that those financial penalties will be brought to bear. The mechanisms of enforcement that involve quasi judicial and judicial enforcement have to be properly resourced.
I will deal with each of the prohibitions in the bill later in a little more depth, but at this point I just want to list them for the benefit of my own remarks.
The first thing that the bill would prohibit is spam itself. In other words, it would prohibit the sending, without the consent of the recipient, of what I call “junk”, what the bill calls something else, and what some people on the street call “spam”. Most of us who work on computers and receive emails are familiar with that type of communication.
The bill would prohibit false statements that disguise the origins of the email or the intent of the email. That involves a communication where the sender disguises what the message is about or inserts some piece of information that would entice the receiver to open it up.
Third, the bill would prohibit the installation of unauthorized programs. While I personally have not known myself to be victimized by this, I know it is a huge problem when emails bearing these bad news programs are opened up and somehow they worm their way into a computer's operating system. In some cases it can have dire effects on the computer system.
Fourth, it would prohibit the unauthorized collection of personal information and email addresses. The real core of that particular prohibition is the personal information piece. I will speak more about that later. That is a huge component of this and one which will have to be managed carefully under this legislation when it is finally put in force.
This series of prohibitions and the other statutory pieces that are proposed arose out of the report of a task force that completed its work about five years ago. I mention that only to indicate that the bill has good grounding in the private sector. The task force brought together industry and government in a way that produced a listing of these problematic issues with the Internet.
While we may have been showing some leadership five years ago, it is clear that we have been really slow to get this legislation enacted. Why it has not been a priority I can only guess, but if anyone wanted to look at the order paper, one would see a list of about 10 or 15 criminal law amendments jamming the legislative calendar when I and most people around the House know that most of those criminal law amendments could have been put into one bill and dealt with together.
However, our Conservative colleagues, and perhaps it was not even our Conservative colleagues, but under the leadership of the Prime Minister or whoever is driving the bus, a decision was made to clutter our parliamentary legislative agenda with all of these separate criminal law amendment bills. Forgive me for making this sidebar reference. I do not want to call all these criminal law amendments spam, but they could have been put into one, two or three bills. It would substantially reduce the number of bills the House and the other place have to deal with.
There are complaints about a log jam and that bills are piling up in the pipeline. I know the Minister of Justice will react to this and he will want to explain why the government chose to put 15 bills through the pipeline instead of two or three. Those bills have cluttered the legislative agenda much in the way that spam clutters our inboxes and our individual computers.
There is always a complaint that there is so much legislation that is not getting through the House. I know that complaint is coming. If it does not come today, it will come tomorrow, next week or at the end of the year. In my view, with respect to all of those bills, the government has to be the author of its own misfortune, if there is misfortune. However, I can report that there is some reasonably judicious, if I can use the term, management of all of those bills. We will certainly do our work.
In any event, regarding this anti-spam legislation, we have failed in an international sense, in my view, to provide appropriate leadership. We are a technologically advanced country. We have a parliamentary House that is sensitive to the issue. We had a task force in place five years ago. There was a report. A bill was created at some point and then it just seemed to languish.
In fairness to the government, we have had a sequence of minority governments and shorter Parliaments. I do accept the will of the Canadian electorate in creating these minority Parliaments, but the downside is that we do not get a good long run at the legislative calendar. It gets cut short by elections. I know my colleagues on the Liberal side will relate to this. It also gets cut short by prorogations, as has happened conspicuously a couple of times around here. In any event, we are muddling along and doing our best.
This particular bill is addressing a huge challenge, as has happened in the legislation of other countries. The Internet is new in human history. We do not really have all of the nouns and adjectives to describe exactly what it is. It is an entire universe of activity, communication, buying and selling, and conveying all manner of data. Without a lot of human experience in this field, the human race is grappling with whether, first of all, this particular field should be regulated.
The answer to that in the beginning was no. Many advocates behind the Internet, as it was originally born, took the view that it should be unrestricted and free, that it should be allowed to develop and flourish as another means of human communication and human endeavour.
It quickly became apparent that people with good motives and people with bad motives began using the Internet and its modalities for their own purposes. In some cases, those purposes were seen to be anti-social, and there is a general consensus on this. For example, there is the perpetuation of some form of criminality, to steal, to defraud, to abuse our children, or to steal from our privacy. Those are just some of the alleged anti-social forms of activity that appear on the Internet.
Ultimately we, as legislators, and the task force five years ago, reached the conclusion that there had to be some restraints. The restraints are described in this bill as prohibitions.
I do not underestimate the vastness of all we are trying to regulate as, just to look at it in this country, we are only a piece of the global Internet. This bill is trying to do that, but I suppose it could try to do it in a way that is sensitive to the capacity of the Internet to do good things. I will speak to that later if I have time.
It seems to me that anyone with the capacity to store electronic data could engage in the business of collecting data on persons and institutions. If one really put one's mind to it, one could come up with quite a good collection of financial and personal data. That by itself would not be good or bad necessarily. It could be used for bad things, or it could be used for good things.
It is not clear to me whether the bill really deals with this, but what if those who collect such data began to artificially assemble in the Internet false persons, non-existent identities of persons or institutions? One could, I am sure, create in the Internet world something that looked like a person, that seemed like a person, that had an identity of a person but that really was not a person, and that false identity, that non-existent but Internet-existent thing could do good things or bad things.
I realize my remarks are a bit on the philosophical side, but the capacity is out there to do this. It could be said that this bill comes close to regulating that, but I am not sure it does and I am not so sure that we have seen all of that develop in the Internet. We see little bits and pieces of it developing here and there, but I am thinking in terms of an Internet bad guy or an Internet good guy with all of this data and using it for good purposes or using it for bad purposes. Of course, beauty is in the eye of the beholder, but I do not think this bill really deals with that.
I want to deal with each of the categories of prohibition.
The first one is spam without consent. That is easy for most of us because most of us have experienced it. I know from remarks made today that in Canada there are nine billion pieces of spam a year. That is a lot of territory. The cost is $130 billion a year.
It is not because the spam shows up on one's computer that it is costly. The fact is that the communications infrastructure that carries all of this stuff costs money. Whoever is spending money for Internet services is actually bearing the cost of carrying the spam. Are the spammers paying their fair share? They might be. It is not clear. I have not seen that addressed with a great deal of precision. I suppose I could say if the spammers were paying a commercial rate for all of their unwanted spam it might lower the cost burden on those users who do not send out spam and it might lower the cost to everybody. However, I will leave that aside.
Electronic filters that software provides do make a difference. It is a big help to Internet users around the world to have filters to clear out most of the spam.
I do want to point out a problem which is particular to members of Parliament and the way they manage their immigration files.
Many of us in the House have large numbers of immigration files where constituents have brought matters to the MPs. I recently came across a situation of a potential immigrant who was in the queue waiting for his application to be processed. An email was sent to him advising him of the need for a further piece of documentation. He never got that email. As a result, 90 or 100 days later, his file was dropped, closed, terminated, by our immigration department because there was not a response. The thinking is, why did that happen? Clearly, the email was sent to the right address. There is some sense that a filter on the recipient's computer may have blocked it and, regrettably, we do not know how to fix that kind of problem. Filters are usually good, but sometimes they are not.
The enforcement under this bill would be with the CRTC, the Privacy Commissioner and the Competition Bureau. The fines would be between $1 million and $10 million. They are administrative monetary penalties and would not be delivered by a judge but by these organizations.
I hope we do find teeth and enforcement. Time will tell. I only raise one caution. We should make sure, in this bill, that we do not restrict political communications or communications from religious groups, and I hope our international treaties will begin to reflect these issues involving the Internet.
Mr. Jim Maloway (Elmwood—Transcona, NDP):
Mr. Speaker, I am very pleased to speak to Bill C-28. I enjoyed the remarks by the member for Scarborough—Rouge River. He made some valid observations in the beginning about the fact that the delays of the government in bringing the bill to fruition were in some way unavoidable because of the election. However, sometimes delays can actually work out to one's benefit.
I note that because of this process involving a previous bill dying and then the government re-forming it as Bill C-28, the fact of the matter is some improvements were actually made along the way.
Coming out of the committee there were some improvements, even one that the government made itself as a result of representations made by presenters to the committee. They resulted in amendments to the bill.
I know governments oftentimes introduce legislation and they themselves bring in a number of amendments at the committee stage, so it is a process to get it right, a process that involves in many cases correcting oversights and making amendments as we progress.
At the end of the day, we may actually have a better bill than we would have, had we gone with the earlier versions.
We have not heard from the government very often during these debates. One of the questions I would ask is: How many actual cases have not been dealt with because of a lack of this type of legislation?
This type of legislation has been in the pipe since 2004. There were two senators involved with bills of their own. As has been pointed out, we are the only country in the G8 that does not have legislation of this type at this point.
Therefore I would be interested in knowing what the experience has been with the other countries in the G8, with their type of legislation, and how many consent orders have been dealt with in their jurisdictions and how many fines have been collected. If in fact they have jail provisions, how many people have actually gone to jail in any of those G8 countries?
However we have not had any representations from any government members about those particular issues. Surely we could learn from the other countries that have this legislation. If in fact there has been an increase in one type of activity over another in one of those G8 countries, I would assume that the government would have been quick enough to respond and would have been able to cover that off in our legislation.
Having looked at the legislation, I see it is quite comprehensive. The NDP members support the legislation over and above the questions that we have about it on the issue of the jail provisions. It is quite a substantial bill and deals with many areas that need to be dealt with.
Another point I would like to make is that this is a relatively new area. The technology has expanded so much. It has only been since 1995 that emails have become a regular occurrence and certainly e-commerce has been on the radar only since 1999.
At the provincial level, 10 years ago we were looking at bringing in e-commerce legislation, and in Manitoba around 10 years ago we brought in Bill 31, which I mentioned before in the House, which was the best e-commerce legislation in the country at the time. It was following the Uniform Law Conference. I believe that all of the provinces in Canada have since followed suit and brought in their own type of legislation to deal with those substantial issues.
However, that was a response to e-commerce in 1999 when it was very new and people were reluctant to purchase things online. We brought in some consumer friendly amendments to that bill. One of the provisions was that anyone in the province of Manitoba who purchased a product or service online and did not receive the product or service, the credit card company would have to back it up and compensate the customer.
The credit card companies had some concerns about that but it was something that we copied from at least four states in the United States that had that type of legislation in 1999. Those were the beginnings of e-commerce legislation. Today, e-commerce has burgeoned and exploded in spite of any type of legislation. I do not think I could point to many thousands of people in Manitoba who would even know we put in that protection for them in that bill.
That was only part of why we brought in the bill in the first place. We were dealing with the whole issue of databases, which is very controversial. It was shortly after the Jane Stewart experience in Ottawa with databases. However, what we were trying to do was come up with a common business identifier so that businesses in the country could deal with the federal tax department through a single business number. By doing that, we had to have a legislative framework in place to begin dealing with, not only within the government but within companies in Manitoba and the federal government, taxation issues, making corporate tax payments, the whole issue of T4 slips, records of employment and all those sorts of business type issues.
The governments of the day were looking at low-hanging fruit, things that they could control. They were looking at their own government to start with, but the view was to expand out to the private sector companies to try to make them more efficient and make the government more efficient. Before we went with the SAP computer system, we had no idea that the Department of Industry was giving a grant to a company that was in arrears with our taxation department and not paying its PST. In fact, that was happening. I am not sure what systems are now being used through federal government departments, whether it is SAP or a different ERP system, but we wanted to ensure we knew what we were doing in our own house.
This was a very controversial type of legislation that we had to deal with. We had to deal with the sharing of databases. We had interjurisdictional issues. We also had to deal with the existing silos within the provincial government where each department was saying something different. For example, finance was saying that it could not do this because of certain reasons and justice was saying something else. In each department there were five or six involved in the legislation. Since each one had its own concerns, we needed to get them together and say that this was the way we were going and that we would need to accommodate to the changing environment.
That is a big problem and it is a big problem with the federal government as well.
We have had to do a lot in this whole area and the federal government was under a lot of pressure. Why did it wait so long when seven of the eight G8 countries have had legislation dealing with spam for a number of years?
At the end of the day, it is time to pass this legislation and get it through. Some debate will continue about whether we went far enough. There are some provisions that I will get to later but there are so many provisions to this legislation that it is impossible to deal adequately with them in a 20 minute time period. However, a lot of provisions in the legislation may provide some sort of upset or cost to our nation or to the businesses in the country. We will only know over time whether that will be the case.
I know that in dealing with legislation, governments try to the best job it can to have an open process by having witnesses come before committee to give expert testimony. Provincially, we have a system where we allow almost anybody to come and make a 10 minute presentation on a bill.
Having said that, we would have a similar bill to this where we would do a round of consultations over the course of a year and then we would have the hearings and the press coverage. Still, at the end of the day, a year down the road after we had passed the legislation and had the regulations in force, people in the affected business communities would come forward and say that they knew nothing about the legislation and that it was a total mystery to them. They would accuse the government of bringing in the legislation and causing them a lot of problems without having proper consultation, when in fact we could prove that we did a lot of consultation.
In the spite of the fact that we have done all this work and that it has taken so much time, I still anticipate that we will have some problems at the end of the day with people or companies saying that they did not know about it, even after all of the speeches and the consulting that has been done.
Some adjustments may be necessary. For example, small businesses are very concerned about the relationship they will have or will continue to have with their previous clients. The new laws put some restrictions on how they can deal with their clientele. Before the do not call list came into effect, it was routine for a business to contact its customers, in-house, over the phone or through the mail, regarding other products. However, they cannot do that anymore because it is not allowed.
The way the system works now is that customers need to give their agreement for the business to approach them. This will cause a lot of stress for businesses in the country. Every time the government comes out with a new set of regulations, businesses that are doing what businesses do best, which is conduct business, will need to retool their operations and re-educate their employees on what is involved. There is no end to the questions being asked about whether companies can contact previous clients and under what conditions they can be contacted.
We introduced the do not call registry but the government found that the system did not work so well. I think it is working a little better now. However, in the initial periods, some people who were put on the do not call list found that they were receiving more calls after they were on the list than they were before being put on the list. People were accessing the do not call list.
This bill would deal with the do not call list. As a result of the much improved wording in the bill, the government has the option to phase out the do not call list over a period of time. When that time comes, the government can simply invoke the provision of the act that allows it to eliminate the do not call list. The do not call provisions are covered under this bill.
The bill has a lot of good things with respect to the definitions and the wording. With the volume of clauses and changes in wording that we are dealing with, it is impossible to get into all of the minutia in a 20 minute presentation.
A lot of good improvements have been made to the bill. Three or four years ago, people were not aware of some of the technical terms and technology issues, so it is possible that this legislation will be outdated before it comes into effect.
I have mentioned the issue of fines a few times but I want to deal with it again. I want to look at the case involving Facebook. The fellow who had a $1 billion judgment against him by Facebook for spamming, basically turned it into a media extravaganza for himself. He was on all the national television networks as a result of it. He laughed at Facebook. Facebook spent a huge amount of money on lawyers and chasing him down to get this $1 billion settlement and he just declared bankruptcy. If we are dealing with the likes of that fellow and other people like him, how in the world will we be able to deal with them by passing this type of legislation? Let us take a look at what is being contemplated in this bill in terms of enforcement.
I do not have any complaints about it. It is a good idea to look at consent orders. However, we can always be suspicious of regulators who deal with consent orders because they may show favouritism to their friends or may not fine people who should be fined. People who co-operate and people the regulators like will get a consent order and a cease and desist order but no fine. People not in their favour may get fined.
Nevertheless, let us assume for a moment that consent orders are a good idea and will solve a lot of problems. If the consent order does not work, the backup is a $1 million maximum penalty for individuals and $10 million for corporations. That is not bad but I do not know of any corporation that can afford a $10 million fine that will be guilty of spamming in the first place. These big companies have lawyers. They know the law. They will not be spamming in the first place.
Who we will have spamming are offshore people, people who are hard to catch, people who do not have any assets or people who hide their assets. A consent order will not stop them. Fines will not stop them. It seems to me that only a jail sentence will put the skids on some of these people--
Mr. Anthony Rota (Nipissing—Timiskaming, Lib.):
Mr. Speaker, it is a pleasure to speak to Bill C-28, the fighting Internet and wireless spam act, better known as FISA. It is designed to curb the flow of spam, unwanted installations of unauthorized and sometimes malicious software and the unauthorized collection of personal information. In other words, it aims at stopping spam emails. With spam emails, we do not always give prior consent and that is what makes them so obnoxious.
I have been listening to a lot of the speeches and going through the bill and it really is a dry topic. It is something that, unless one is really into the technical side of things, does not excite people until it hits our computers or our homes. That is when we really feel the impact that spam has on individuals.
I want to do a bit of a history. In 2004-05 the Liberal government of the day established an anti-spam task force and recommendations for actions were put forward. The Liberal recommendations called for the government to introduce legislation to prohibit four things: first, the sending of spam without prior consent of recipients; second, the use of false or misleading statements that disguise the origins or true intent of the email; third, the installation of unauthorized programs; and fourth, the unauthorized collection of personal information or email addresses.
I would like the members to remember these four points because they will be showing up again and it is important that we finally get there. Of all the G8 countries, Canada is the only one that does not have legislation in place yet. When we look at something like this, we have to ask why Canada has really lagged behind.
Had the government continued under a Liberal government back in 2005, we would have had legislation. However, unfortunately the NDP leader decided that in 2005, it was time to stop supporting the Liberal government of the day. I think history will look back and see where progressive thought really slowed down, if not stopped, for a number of years. It will not be pretty when people look back and see what was lost. Whether it was legislation on spam, child care or first nations rights, it will not be viewed positively.
Let us get back to Bill C-28. It was originally introduced by the Conservative government as Bill C-27, which died in prorogation. Prorogation normally is not something we speak of positively. I look at prorogation and it really was something Canadians did not want, it was something Parliament did not really want and it caused a lot of problems. However, one thing it caused was the death of Bill C-27.
Prior to the prorogation, many flaws were exposed in the bill and when it came back, the good thing was that many changes were made. Bill C-28 was introduced after the return from prorogation, with the changes to correct many flaws identified. I am pleased to see the Conservative government decided to act on the recommendations of our Liberal task force and the recommendations of the industry, science and technology committee.
Legislation in a fast moving area such as technology must be monitored closely to ensure it does not stifle legitimate electronic commerce in Canada, while accomplishing its intended purpose.
The real test of Bill C-28 will be in its implementation. How diligently will it be reinforced? What resources will be allotted? How serious is the government in protecting Canadian citizens? Those are the questions we will have to look at and really look to see how strong the legislation will be.
One of the things that the legislation calls for is periodic review of the legislation. I talked about how fast electronic media changes and how fast technology changes. That is why the legislation in particular has to be reviewed on a regular basis so it keeps up with what goes on.
In its main provisions, Bill C-28 introduces a new regulatory scheme and monetary penalties for spam and related threats such as identity theft, phishing, spyware, viruses and botnets, and it extends the rights of civil action of their victims. I know a lot of us have heard these terms, but I thought I would take the time to go through them because they are not always well understood and I want to clarify them.
I went on the Internet itself, to Wikipedia, and got some definitions of the individual terms, because I know there are people listening at home wondering, “This is wonderful, but what exactly does it mean and what effect does it have on me?” We all know about spam, which I will define at the end, but spam is just one part of it.
We hear about identity theft. Identity theft is a form of fraud or cheating of another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft can suffer adverse consequences if he or she is held accountable for the perpetrator's actions. Organizations or individuals that are duped or defrauded by identity theft can also suffer adverse consequences and losses, and to that extent, they are also victims.
Again, identity theft is one of the points that this legislation takes on. We look at the fraud in it. Someone spoke earlier and asked about the Criminal Code. This identifies it, and fraud is covered under the Criminal Code.
The other term that comes up quite often is phishing, not fishing with an “f”, but phishing with a “ph”. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.
Phishing is typically carried out by email or instant messaging and often directs users to enter details to a fake website that looks and feels almost identical to a legitimate one. When we go somewhere on the web and see something saying it is a certain company, we want to make sure that it is real, that it is what it says it is.
Phishing basically sets up a fake facade that people think they can trust. People input information and then the information is harvested and used to hurt individuals. Whether it is taking their money or identity or causing problems for those individuals, we can see where the problem would come.
The one we hear about often is spam. That seems to be the generic one that covers everything. Spam is the use of electronic messaging systems to send unsolicited bulk messaging indiscriminately.
While the most widely recognized form of spam is email spam, the term is also applied to similar abuses in other media, including instant messaging spam, Usenet newsgroup spam, web research engine spam, spam in blogs, wikispam, online classified ad spam, mobile phone messaging spam, Internet forum spam, and junk fax transmissions.
People who have faxes in their offices have had junk fax transmissions come to them. It uses up trees by using paper, it uses up resources by using ink, and it uses up copies that the individual receiving it has to pay for. Sometimes when these transmissions are received in large number, it becomes an expense that hurts.
Social networking spam is something that people are aware of, as well as television advertising and file-sharing network spam.
We have all heard the word “spyware”. Not many people really realize what spyware is. It is a type of malware that can be installed on computers and collects little bits of information at a time, without the user's knowledge. The key is “without the user's knowledge”. Users do not know that this spyware is in their computers and it constantly transmits little bits of information. The presence of spyware is typically hidden from the user and it can be difficult to detect.
Typically, spyware is secretly installed on the user's personal computer, and while the term “spyware” suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information such as Internet surfing habits and sites that have been visited, but it can also interfere with the user's control of the computer in other ways, such as installing additional software and redirecting web browser activity.
Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, or loss of Internet functionality and other programs.
We have all come across that, where we are working on something and it seems that everything is going along really well, and suddenly everything stops. What happened? There is a piece of spyware that went in there and changed things around. There is a frustration and a cost to the individual.
If someone sitting at home, likely retired, working on a computer, has a fixed income and suddenly he or she has to expend dollars to get the computer running again, there is a direct effect there.
There may be those who ask how that affects them. We have all had the frustration. We have had to bring someone in to fix the problem, if he or she can fix the problem. When the individual gets it running again, that individual has money out of pocket. On a limited income, if one is retired, it really hurts individuals directly.
Computer viruses are something that we hear of a lot. A computer virus is a computer program that can copy itself and infect a computer. A true virus can spread from one computer to another when its host is taken to a target computer, for instance because a user sent it over a network or the Internet or carried it on a removable medium such as a floppy disk, CD, DVD or USB drive.
We see a lot more of that now where we have people coming in with USB drives, collecting the information and then going to another computer. It is a perfect way to spread viruses.
I have a 13-year-old daughter who works on her computer. She brings her homework back. She will input the information and take it to school. She might be bringing back something from the school or someone else might be bringing it to the school. So we can see where a virus can cause a lot of problems for many people.
Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers.
One that we do not hear much about is botnets. That is covered under this legislation. A botnet is a collection of software agents or robots that run autonomously and automatically. The term is most commonly associated with IRC bots.
The best way to describe IRC bots is when we go to a website or even an email and think we are interacting with another individual but we are not. With an IRC bot, we are basically interacting with another machine. We think that person is there responding to us. We can see the problems that could cause: someone going to one site, getting answers, building up a trust, and then suddenly finding out it is a machine on the other side.
The other thing that happens with the IRC bots is that one can access a number of people, all interacting with this one machine, so the individual is not duping people, a machine is, and the spread can cause a lot more damage because it is so pervasive.
As well, it does spread some malicious software and it can also refer to a network of computers using distributed computing software.
Anyone who has used a computer can relate to the kind of frustration that this malware can cause in some of these unwanted infiltrations into one's computer.
It is not only frustration. As I mentioned earlier, there can be a real financial loss to the individual who is using that computer and connecting and who will be affected by some of these issues.
Let us take a look at Bill C-28 again, now that we know what some of the definitions are.
Bill C-28 contains four main thrusts. It prohibits the transmission of commercial messages, basically spam, without express consent. The only conditions under which express consent is not required are those where family or prior recent business relationships exist. Messages requesting consent have to provide the names of the sender and the client on whose behalf the message is being sent, contact information for both, and a way to unsubscribe.
Quotes and estimates that are requested are not covered by this, nor are emails or follow-ups on business previously transacted.
There is one loophole or one barrier in this legislation that I would like to talk about. That is in regard to people who are in sales, such as financial advisers, real estate agents, or stockbrokers. What often happens is that they will do business with someone, and at some point, using real estate as an example, the person they are doing business with will say, “My brother, John, is looking for a house. Give him a call or get hold of him. I am sure you can help him out. You have done a great job for me, and John, who is my relative, could use your help”.
This legislation unfortunately does not allow the real estate agent to send an email to that person. He has to get express consent from the individual to whom he will be sending that email.
I was talking about how this legislation has to be reviewed on a regular basis. I think this is one of the areas we are going to have to look at and ask if it really allows business and e-commerce to continue and to flourish. We can see the barriers that are set up and the problems it would cause to people who earn a living in the sales field.
As we see this going on, I think it is important that we monitor some of the effects of this legislation. Maybe in about a year or so we should review it, see what is going on, and see what the unintended effects of this legislation will be.
The bill attempts to curtail phishing, with a prohibition on false or misleading information on the source of an email. The bill also prohibits the installation of programs to operate another's computer or the dissemination of messages on a computer without the individual's consent, and there is the option to withdraw the consent.
As we can see, it goes back to malware, the spam that we spoke about earlier and how this bill will block that.
The bill includes provisions that halt the collection of personal information, by amending PIPEDA, the Personal Information Protection and Electronic Documents Act, to include a ban on collecting or using electronic addresses obtained through a computer program designed for their collection, as I mentioned earlier, the phishing program.
So this legislation does come into play, and there are additional provisions that specify that a tougher regime under FISA take precedence over the existing Personal Information Protection and Electronic Documents Act and all the legislation that could apply.
The bill's provisions extend not only to those who violate it, but also to the agents or directors of the corporations who aid, authorize or acquiesce to the violations. The bill follows the money. That is the key right here, because when we look at a lot of this, the infractions and the invasion, it comes right back to money. It follows the money, stripping protection for those who hide behind a corporate shield.
When we look at some of the fines that are out there, the fines could go as high as $1 million for individuals and $10 million for corporations. The bill aims to accomplish ending the practice of spamming.
Will this bill end it completely? I think when there is something illegal going on, it just keeps going and going. What this does is minimize it and at least offer some protection to Canadians when it comes to spamming, phishing and the rest of the electronic malware that exists around the world and on the Internet.
Hon. Dan McTeague (Pickering—Scarborough East, Lib.):
Mr. Speaker, I am honoured to speak to this bill.
The impetus for this bill dates back to 2003, when I introduced the first bill to combat emails containing commercial electronic information.
The fact that there have been changes of government and four Parliaments since then is obviously a problem. But the situation continues to get worse, and it cannot be minimized by arguments that we will hurt industry if we pass a bill to protect consumers and ensure that industry can function. We recognize the importance of sending commercial information through electronic media.
I reflect on the several years and how long it may take for a bill to make its way through Parliament and to address an issue, which I think for most Canadians is obvious. We have heard my good colleague from Nipissing—Timiskaming talking about the fact that many parts of his riding in northern Ontario and places outside of the beaten track of larger urban areas still are without significant access to the Internet, even though we all recognize in this Parliament, and Canadians recognize, the importance of commercial information through electronic media.
I was here 17 years ago as a member of Parliament and recall the then minister of industry having a BlackBerry. It was a new, revolutionary idea, but of course it had not really taken off at that time. One wonders how we could function as a nation today, recognizing the great advances that have been made in many respects with Canadian technology, Canadian prowess and Canadian utilization, were it not for these kinds of developments, which have caught on in Canada and around the world. It seems to me that we would certainly be somewhere well behind the rest of the world.
Therefore the legislation, albeit rather late, is timely in the sense that it does address a domestic problem, but as I indicated in my question for the previous member from our party, who sits on the industry committee and has sat on the industry committee, I am most concerned about the ability to reflect upon what this legislation will do as much as what it will not do.
I do not want to create false expectations for the Canadian public that suddenly tomorrow, or when the legislation is passed and accepted in the other house, there will be in fact a cessation of spam, malware, spyware, botnets and other programs that are added on, nor will this stop those who exercise beyond our jurisdiction, beyond our geography, from continuing to engage in something that is now more than just a nuisance, as it was in the early 2000s when I introduced the first spam bill.
It is important for us to recognize the work that has been done over the years.
I also want to give specific recommendations and a commendation, not just to the committee that passed this very recently, but also of course to my own party, which in 2004 and 2005, in order to address this issue, set up a task force, the Liberal task force on spam. Of course, it recommended that we come forward as quickly as possible with legislation that would prohibit the sending of unintended, unwarranted, unsolicited emails and information without the prior consent of recipients.
At the time it also recommended the prohibition of the use of false and misleading statements that suppress, ignore, set aside, or disguise the true intent of the email, not to mention of course its origins. This was a very serious point, where people would open up information and it was in fact nothing short of a commercial nuisance disguised in a fraud.
The Liberal task force on electronic emails also called for the prohibition of the installation of unauthorized programs. My colleague who spoke previously talked at great length about what those programs look like, the kind of information that is often inserted, unbeknownst to the recipient, on his or her computer. It also, of course, talked about the prohibition of the unauthorized collection of personal information or email addresses, the aggregation of which would be to see constant emails sent to us ad infinitum.
These were very important recommendations that were made and they formed literally the basis of what the government has now brought forward and with which we agree. We agree with it because it also does take into consideration the balancing of ensuring that privacy questions are also paramount. The committee took great pains to ensure that personal information and the laws that support PIPEDA are in fact in this piece of legislation, and that it reflect very carefully, endorse, and inform Canadians as to just how the legislation proposes not only to ensure the optimal protection of privacy, but also the steps in terms of coordination of how the legislation is to be enforced.
I go back to the Liberal Party task force recommendation because it is very telling.
As Bill C-28 looks to be implemented, it provides fines for violations of any one of these particular acts of up to $1 million for individuals and $10 million for business. It also establishes rules for warrants of information during investigations.
It is extremely important to understand that there has to be a coordinated and collaborative attempt to ensure that there are rules of engagement in terms of enforcement. We cannot just walk in and seize someone's computer.
The legislation, through the Department of Justice I presume, has met a number of very stiff and significant tests: privacy, the way in which the legislation is enforced; and, as the bill calls for the injunctions of spam on activity while under investigation, it does provide the ability to force a cease and desist.
Bill C-28, as we know, establishes something new, but it is something that was also discussed some years ago, and that is the private right of action. We have seen this in other areas where, if enforcement is not adequate and an individual or business feels there is something where they have been targeted, they have that as a recourse.
I think that is fundamentally important to distinguishing this bill from its previous characterizations and incarnations. It gives a significant step forward for individuals to take up these matters when there may be the possibility of a lack of interest as a result of a number of circumstances.
Of course, it also allows those individuals who have been aggrieved, who have been the target, whose businesses or affairs have been trampled on, affected, or impeded, to seek damages from those who are involved in the perpetration of spam. I think that is important.
We all understand the significance and importance of this kind of legislation. What cannot be misunderstood and certainly cannot be gainsaid is the significance and importance of ensuring that we have legislation that does not have unintended consequences. That is why legislation like this must, I emphasize, be reviewed periodically and more frequently. As technology evolves, so does the ability to make legislation that is relevant.
While we have constructed a piece of legislation that would have been good in 2003 with some modifications here and there, it may not be relevant to the overall concern that I think consumers have, and that is the prospect that they are going to continue to get unwarranted and unsolicited spam emanating from jurisdictions outside of Canada.
As my good colleague from Nipissing—Timiskaming has emphasized, and it cannot go unnoticed, we have to do a better job at working with other nations. We must ensure that individuals do not use jurisdictions with the least amount of enforcement in order to continue to harass, sully and act with relative impunity in assaulting and taking up so much space on the Internet.
It is one thing for northern and rural parts of this country to still be on dial-up or DSL. It is quite another thing to have 60% to 80% of all electronic traffic in this country originating from spammers. Quite apart from the sinister side of what that means in terms of malware, spyware, botnet, and as that has been described by my previous colleague in considerable detail I will not go over it again, it seems to me we have to ensure that the legislation is pragmatic and can evolve with time.
It is not clear to me that this legislation will do that. While I support it and believe it is a step in the right direction, let us understand that this is really only a first step. This is a first step towards understanding that Parliament has to be continuously vigilant in ensuring legislation meets the expectations of an economy that more increasingly depends, in this digital age, on the ability to receive and transmit information, and to use the Internet and electronic means not only to convey private information but indeed as a means by which our economic infrastructure becomes more increasingly dependent.
This brings me to the question of enforcement. I understand that there are other significant pieces of legislation that we have before us now in this House. There are a number of committees embarking on the issue of copyright. However, this legislation will require constant review by those in business, by those in the know, to recognize areas where the legislation should be modified from time to time. It will also be incumbent on future industry committees every year or so to have a periodic look to see where we are going, where the bill has had an impact, what it is failing and what it is addressing.
One of the areas that I think we have not discussed sufficiently about this bill, but which we are going to require, will be the unintended consequences this would have on domestic business.
Here I talk of legislation that is meant to do the right thing for business and the right thing for consumers.
At the same time, we have to recognize the impact it will have on small and medium-sized businesses that, for some reason, are unaware of this bill's real impact and of the fact that the bill provides for penalties. As well, these businesses may not be aware that some transactions they conduct, not for fraudulent reasons but for legitimate business reasons, may violate the legislation.
I am worried about the sudden impact it will have on our small and medium-sized businesses. This is not something this bill is merely silent on. We will have to use the federal government's communications resources to ensure that businesses do not run afoul of the law because they are unaware that, in the future, it will prohibit them from sending messages and notices to promote their business.
Let us be very clear on this point. We want to make sure that small business, as well, is aware of the impact of this legislation. It is great that we have finally come to the point where we have legislation that actually has a very positive impact on assuring Canadians that we are finally getting on the ball to address spam. However, we certainly do not want to negatively or adversely impact those who, through no fault of their own, do not have a real understanding of this legislation, business in particular.
People may be out there actually trying to make a living as opposed to hearing what we are saying here in Parliament, but those individuals should be contacted. Organizations that work with small and medium-sized enterprises in this country should at least be aware of what is in store should the law be broken unintentionally.
There has to be some deference given. We understand there is a civil sanction. This is where the hon. member for Nipissing—Timiskaming got it right. Criminalizing may have the horrific outcome of putting someone in a very difficult position. People who engage in advertising and unintentionally send electronic emails to prospective or perhaps even existing clients without the clients' consent could find themselves afoul of the law. It is a very fine balancing act that will not be resolved by criminalization.
Quite frankly, that would be the worst road we could go down and we should be very careful. If we do not have in place a strong communication strategy to ensure small business has the opportunity, we may hurt the very people we are trying to protect.
I look forward to hearing comments in the next few days as to where this legislation will go. It is a hybrid of what Parliament can do if parties decide to set aside their partisan differences and focus on some very important pieces of legislation.
It also requires us now to take this legislation, should it be passed in the next several weeks, to other committees. I would hope the trade committee of the House also takes on the responsibility of ensuring that there is co-operation and coordination between other jurisdictions. We have talked a bit about those, but if we receive spam originating from, say, Sao Tome, a very famous place off the continent of Africa that tends to be a channel or switch for a lot of information, we may not have the jurisdiction or wherewithal to stop it, prevent it or provide assurances to Canadians that they will not continue to be harassed.
It seems to me that when this bill was first introduced some years ago, there were individuals as close as Detroit. There was one individual I will not mention who was responsible for a significant amount of the junk we used to receive in our emails. It took us a considerable amount of time to work with our American friends to shut down the practice. The practice was not just about harassment. The practice itself was also about mismanaging and directing computers to open up programs and direct us to other addresses or simply to shut down or break down our computers that were otherwise intended for very innocent reasons.
It is also important to understand that the legislation itself has as its intentions all of the elements that have been brought forward to us in the more recent times, but we must be careful that we do not involve a debate that suggests this bill will be the be all and end all. I know some believe that Parliament is capable of doing far more and that this legislation may be the silver bullet. However, it is not. We have to be very realistic about what we believe this would accomplish.
My own sense is that, if the House of Commons were to be properly disposed, it would also want to allocate within a period of time an understanding of how much money will be spent on enforcement and what agencies would be responsible for collecting information on an ongoing basis to determine whether this legislation has in fact been properly impacted. We need appropriate benchmarks over the next year or so to demonstrate what the effectiveness and efficiency of this bill is.
I am talking about down the road. We have got to one point, but we have a long road ahead of us, and this is not going to end anytime soon. Canadians will continue to look upon parliamentarians and government to be able to correct problems they cannot themselves fix.
The last thing, as I have suggested, is that we do not want legislation that leads us in the direction of creating more problems than we are resolving. That is of course a real prospect and a concern that I have in looking at the legislation, because the legislation itself does not provide all of the guarantees.
I have looked at other concerns that have been raised in Bill C-28. There are some very hard penalties that come with this piece of legislation. It will be interesting to see whether those penalties in fact can be borne by those who unintentionally make an error. I think there has to be some kind of judicial discretion given in these circumstances so we are not looking to make a particular example of an individual.
That brings us to legislation as it relates to the do-not-call list. With that list, in many respects some are walking away with a literal slap on the wrist or, worse, being given an opportunity to send money to a particular academic organization in order to sort of make amends.
I think we have to provide an effective balance, a balance that takes into consideration the seriousness of the damage done to others, while giving people a private right of action but not going to the point where we are simply trying to make one example as a means of scaring off everyone else.
The law must be applied fairly, consistently and evenly, and above all it must be applied pragmatically in order to ensure that we are aware and can stay on top of all the new nuanced ways in which people will try to get around the legislation to harm our economy and, above all, really bother our consumers.