[IP] Untouchable? How Canadian Law Can Tackle Spam
Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Mon, 03 May 2004 08:22:21 -0400
From: Michael Geist <mgeist@xxxxxxxxx>
Subject: Untouchable? How Canadian Law Can Tackle Spam
X-Sender: mgeist@xxxxxxxxxxxxxxxxxx
To: dave@xxxxxxxxxx
Dave,
Of possible interest to IP -- my regular Toronto Star Law Bytes column
highlights my new study on the state of anti-spam legislative measures in
Canada. Despite absence of specific anti-spam legislation, the paper argues
that when viewed in combination, the current Canadian legal options allow
for enforcement actions against virtually all of the conduct identified by
most global anti-spam legislation including the use of deceptive headers,
failure to honor opt-out requests, limitations on email address harvesting
and sales, and the unauthorized use of computing equipment to send spam.
The problem, the paper argues, rests primarily with the lack of aggressive
enforcement initiatives by the responsible government departments including
the Competition Bureau, Privacy Commissioner, Ministry of Justice, and CRTC.
Full study at http://www.michaelgeist.ca/geistspam.pdf
Column (posted below) at <http://shorl.com/gisatystabrope>
MG
A RECIPE FOR BATTLING SPAM IN CANADA
Existing laws and regulations could do the job - if they were enforced
Michael Geist
LawBytes
Over the past ten years, spam has grown from a minor annoyance to a global
concern, threatening the reliability of electronic communication and the
adoption of electronic commerce. Despite developing anti-spam technological
tools, promoting greater consumer awareness, and the introduction of
anti-spam legislation in many countries, the spam problem continues unabated.
The United States, European Union, South Korea, Australia, and Japan have
taken legislative steps to combat spam. Their statutes feature a wide range
of anti-spam measures including labeling requirements (such as "ADV" tags
in the subject lines of e-mails), prohibitions on deceptive practices such
as false header information, bans on e-mail address harvesting, the
creation of do-not-spam lists, penalties for commissioning spam, and
immunity for Internet service providers that take good faith steps to stop
spamming organizations.
The most contentious anti-spam provisions have revolved around whether to
force consumers to ask to be removed from receiving commercial marketing
(an "opt-out" approach) or to compel businesses to obtain consumers'
positive consent before sending commercial marketing (an "opt-in"
approach). While the United States has adopted for an opt-out approach, the
European Union has opted for the stricter opt-in framework.
Layered on top of most anti-spam legislation are significant civil and
criminal sanctions including sizable fines and possible imprisonment for
repeat offenders. The civil penalties found in anti-spam legislation are
particularly noteworthy since they frequently provide parties such as ISPs
the right to bring private actions to obtain statutory damages.
While Canada has yet to enact anti-spam legislation, it would be a mistake
to think that Canadian enforcement agencies are powerless to combat spam.
In fact, current Canadian law features similar powers as those found in
anti-spam legislation elsewhere. Noteworthy Canadian laws include private
sector privacy legislation, deceptive practices legislation administered by
the Competition Bureau's Fair Business Practices Branch, the application of
the Criminal Code, and enforcement of section 41 of the Telecommunications Act.
The Personal Information Protection and Electronic Documents Act (PIPEDA),
Canada's private-sector privacy legislation, could be a powerful legal
tools to challenge a Canadian spammer on privacy grounds. PIPEDA covers
personally identifiable information, which could include e-mail addresses,
where an address can be identified to a specific individual.
Once caught within the PIPEDA framework, the statute could be used to
prohibit the collection of personally identifiable e-mail addresses through
harvesting techniques, to require opt-in consent in certain circumstances,
and to ensure that organizations honour opt-out requests.
Although the Competition Bureau has yet to commence an anti-spam action,
the Competition Act clearly empowers it to seek orders against
Canadian-based spamming organizations on at least two grounds. First,
spamming organizations who use deceptive or false headers, a practice
specifically captured by many anti-spam statutes, could be targeted for a
reviewable conduct order. Second, the Bureau could also consider the
content of some spam such as the ubiquitous Nigerian net scam or offers to
sell suspect health products, which might meet the deceptive or materially
false claim standard established by the Act.
Canada's Criminal Code could also be used to commence actions against
certain spamming activity. First, section 380 of the Code, which covers
fraudulent conduct, could be interpreted to cover spam that contains
fraudulent or false content. Second, the Code could also be applied to
spamming organizations that access computer servers without permission, as
is typically the case when spamming organizations make unauthorized use of
e-mail servers to send spam. In fact, the relevant provision could include
not only the unauthorized use of e-mail servers, but potentially e-mail
harvesting as well.
Canada's Telecommunications Act, administered by the Canadian
Radio-television and Telecommunications Commissioner, features an untested
provision that might be used in the battle against spam. It gives the CRTC
the right to "prohibit or regulate the use by any person of the
telecommunications facilities of a Canadian carrier for the provision of
unsolicited telecommunications to the extent that the Commission considers
it necessary to prevent undue inconvenience or nuisance, giving due regard
to freedom of expression."
Viewed in combination, the Canadian legal options would allow for
enforcement actions against virtually all of the conduct identified by
current global anti-spam legislation including the use of deceptive
headers, failure to honour opt-out requests, limitations on e-mail address
harvesting and sales, and the unauthorized use of computing equipment to
send spam.
As illustrated by a recent Yahoo! lawsuit against a Canadian-based spamming
organization, as well as a UK study that reported that Canada is the
world's second largest source of spam, the true challenge of anti-spam
enforcement does not revolve around finding the spammers nor does it
require additional laws. Rather, sufficient resources are needed such that
enforcement actions generate genuine deterrence to stop the spamming
activities perpetrated by the worst offenders.
A Canadian anti-spam strategy must look to the Office of the Privacy
Commissioner of Canada, the Competition Bureau's Fair Business Practices
Branch, the Ministry of Justice, and the CRTC, the government departments
responsible for administering the laws that could be applied to spam, to
proactively enforce those laws consistent with their statutory mandates.
Moreover, the Internet community must reconcile itself with the reality
that private sector leadership has failed to stem the spam tide. Serious
spam enforcement requires law enforcement to assume the lead role. While
the private sector remains an essential part of any anti-spam initiative
through private sector suits, investigative assistance, implementation of
technological innovations, as well as business and consumer education, it
must be government that leads on the enforcement of the current anti-spam
legal frameworks.
In the 1987 hit film The Untouchables, federal agent Eliot Ness battled the
seemingly untouchable Al Capone during the Prohibition. The movie features
a memorable scene in which Jim Malone, a veteran police officer played by
Sean Connery, confronts Ness over whether he is serious about taking on the
Chicago mobster. Malone challenges Ness by asking "What are you prepared to
do?".
When Ness affirms he is committed to bringing down Capone, Malone leads
Ness across the street, where the presence of alcohol is apparently an open
secret. As they prepare to enter the building, Malone notes that since
everyone knows where the booze is located, the question is whether they are
prepared to do something about it.
Although Canada's battle against spam is not as simple as Hollywood's
portrayal of the battle against Al Capone, the challenge similarly rests
not with finding the spamming organizations nor with instituting
fundamental legal reforms.
We know the location of leading Canadian-based spamming organizations. The
Canadian legal framework features many of the tools needed to launch
anti-spam legal actions, despite the absence of specific anti-spam
legislation. Rather, the challenge rests with our willingness to enforce
the existing laws by engaging in aggressive anti-spam national enforcement
as well as cooperating with global anti-spam enforcement initiatives. It is
time for Canada to get serious about spam. What are we prepared to do?
**********************************************************************
Professor Michael A. Geist
Canada Research Chair in Internet and E-commerce Law
University of Ottawa Law School, Common Law Section
Technology Counsel, Osler, Hoskin & Harcourt LLP
57 Louis Pasteur St., P.O. Box 450, Stn. A, Ottawa, Ontario, K1N 6N5
Tel: 613-562-5800, x3319 Fax: 613-562-5124
mgeist@xxxxxxxxx http://www.michaelgeist.ca
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/