Bill C-28 (Historical)

Your time is pretty much up; there are about 10 seconds left. But I would like to clarify, perhaps, Mr. Jenkin's response.

The PIPEDA act is up for review. It was due to be reviewed about two years ago. It was reviewed once about seven years ago, and the government's response to that review was Bill C-28, which died on the order paper, and Bill C-12, which died on the order paper. So if there was a government response, none of those elements was ever implemented; the act was never amended or changed.

I don't want Mr. Ravignat to think that a review led to amendments to the act. It did not.

Or did you mean something else?

I have the honour to inform the House that when the House went up to the Senate chamber His Excellency the Governor General was pleased to give, in Her Majesty's name, the royal assent to the following bills:

Bill S-3, An Act to implement conventions and protocols concluded between Canada and Colombia, Greece and Turkey for the avoidance of double taxation and the prevention of fiscal evasion with respect to taxes on income--Chapter No. 15

Bill S-210, An Act to amend the Federal Sustainable Development Act and the Auditor General Act (involvement of Parliament)--Chapter No. 16

Bill S-2, An Act to amend the Criminal Code and other Acts--Chapter 17

Bill C-3, An Act to promote gender equity in Indian registration by responding to the Court of Appeal for British Columbia decision in McIvor v. Canada (Registrar of Indian and Northern Affairs)--Chapter 18

Bill S-215, An Act to amend the Criminal Code (suicide bombings)--Chapter 19

Bill C-464, An Act to amend the Criminal Code (justification for detention in custody)--Chapter 20

Bill C-36, An Act respecting the safety of consumer products--Chapter 21

Bill C-31, An Act to amend the Old Age Security Act--Chapter 22

Bill C-28, An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act--Chapter 23

Bill C-58, An Act for granting to Her Majesty certain sums of money for the federal public administration for the financial year ending March 31, 2011--Chapter 24

Bill C-47, A second Act to implement certain provisions of the budget tabled in Parliament on March 4, 2010 and other measures--Chapter 25

It is my duty pursuant to Standing Order 38 to inform the House that the questions to be raised tonight at the time of adjournment are as follows: the hon. member for Dartmouth—Cole Harbour, Canadian Council on Learning; the hon. member for Vancouver Kingsway, Public Safety.

Madam Speaker, I am pleased to speak to Bill C-28, the electronic commerce protection bill.

As has been discussed here, the purpose of the bill is to deal with the issue of spam. The bill would prohibit the sending of commercial electronic messages, or spam, without the prior consent of the recipients.

Spam represents about 60% to 80% of Internet traffic worldwide, and it is a serious problem for Canadian individuals and Canadian businesses. In recognition of the seriousness of the issue, the Liberal government in 2004-05 established an anti-spam task force that came up with recommendations.

The recommendations called for the government to introduce legislation that would: first, prohibit the sending of spam without the prior consent of the recipient; second, prohibit the use of false or misleading statements that disguise the origin or the true intent of the email; third, prohibit the installation of unauthorized programs; and, fourth, prohibit the unauthorized collection of personal information or email address.

I am pleased to see that the Conservative government, through Bill C-28, is enacting all of these recommendations. However, we need the legislation immediately as Canadians are suffering because of the lack of legislation.

Twenty years ago, a computer was not essential in carrying out our daily lives. However, now it is important to small businesses, corporations, non-profit organizations, hospitals, students, seniors and even our parents and grandparents use one. It is a mode of operation. It is a way of life. It facilitates, hopefully, the ease of transactions. People like to do their banking, pay their bills, et cetera on the computer.

With the ease of using computers and sharing information, however, a problem is created. It is the unwarranted advertising or misinformation and potential threats. We all know too well the consequences of spam. It brings with it viruses and worms.

In 2003, Canadian consumers and businesses spent approximately $27 billion to develop a phishing program. Members should reflect on the amount of money Canadian businesses had to spend. It probably constitutes the budget of three developing countries. A critical issue is the amount of money that was spent and yet the problem has grown worse.

Why is spam a critical issue? First, it is unwanted; second, it makes the utilization of our computer or our technology inefficient; and, third, it is costly. Computer technology was supposed to make our lives easy, efficient and effective. It was supposed to do things on an economical basis and it was supposed to be paperless.

In my previous occupation as a management consultant, I used to talk about the 3E's of business: economy, efficiency and effectiveness. I used to tell users that by using technology they would make life easier for themselves, things would be simplified and everything would go well.

As we reflect on spam, let us look at the economic aspect of it. Has it become economical to use the computer? I think a lot of us would say that is debatable. As I mentioned, Canadian businesses have collectively spent $27 billion on a phishing program. Imagine what could have been done with $27 billion. Imagine the amount of investment that could have been made and the jobs that could have been created. From an economic perspective, there does not seem to be any economic benefits or the economic benefits have been diluted because of spam. Therefore, the Liberals made recommendations to alleviate the economic pitfalls.

Let us look at this from an efficiency standpoint. Sixty to seventy per cent of Internet traffic is spam. A small or medium sized enterprise can ill-afford this type of ineffective utilization of its computers. Employees or business owners have to waste time looking at that spam mail and figuring out what to do with it. Instead of being effective or productive, they have to start clearing out the spam. In terms of efficiency, spam is a thorn in the side of efficiency, be it for businesses or individuals.

How many times have we ourselves been overloaded with spam? I am sure all of us have had first-hand experience with spam where we get false and misleading information from institutions purporting to be banks and false or misleading information from organizations. In fact, sometimes it could be a personal spam that is sent to us, and I can attest to that. As I was looking through my own email, I noticed an SOS from a constituent and I wondered what was wrong. As I looked at that email, I realized that the constituent's email had been compromised, especially because I knew the constituent and I knew that she would never ask for money. It claimed that she was stuck in some foreign land.

People who do not understand or do not know the person who is sending an SOS notice try to be good Samaritans and they might just be misled into giving money and being defrauded.

Spam, and subsequently the possibility of fraud, is a huge problem for all of us. It is important that we, as a collective, address the issues.

Sometimes we think we have secure accounts. Our BlackBerrys are secure accounts but how many of us receive junk on our BlackBerrys? How many of us think that this is such a secure account, how did somebody access it?

If we look at what is going on in this day and age where technology is easy, where people can hack through anything, we need to be careful that we have legislation in place to protect Canadians from misleading or fraudulent activities.

We know what to do with junk mail. We park the junk mail. However, some people who do not know what to do with it and sometimes respond. Sometimes we get emails stating that our computers are at risk. This is a classic example where people download a program that will protect them from viruses or worms and then the computer freezes. Many constituents have complained that this has happened to them and they want to know if there is any protection for them. We have now downloaded a virus and the person who has sent us the virus is looking for us to buy his or her own anti-virus or firewall. This is trying to cheat Canadians and cheat people who are unsuspecting of what is going on. By sometimes naively downloading files or pictures, et cetera, worms and viruses have entered the system and it has been problematic for Canadian businesses.

We have heard of receiving emails that appear to come from our financial institutions. If we are naive enough and do not verify with the banks whether they have sent us this email, we can compromise our bank accounts. This has happened to many seniors. They have been defrauded of their life savings by unscrupulous people.

Therefore, to address this very important issue, the Liberals released a report in 2005 entitled, “Stopping Spam: Creating a Stronger, Safer Internet”. As we mentioned earlier, the task force made many recommendations. Among those were the prohibition of sending unsolicited email or the use of misleading statements, funny titles, products, et cetera.

These are important changes and I do not think anyone in the House would object to what Bill C-28 proposes. However, we may object to the fact that it is a little too late, that we have not got on with the program and that we have not moved with the world.

I am sure many members of the House have received complaints from constituents because the issue is compounded when things are deregulated or contracted out. For example, when the telephone service is contracted out or the banking service is done in India, China or Brazil, there is a problem because the government's ability to control or combat spam is not just about introducing legislation, but it is also about working with world governments and organizations to develop an international strategy for reducing this ongoing burden of spam.

Internet policing is difficult as the traffic is humongous. I mentioned that 60% to 80% of the Internet traffic is spam. The sheer volume of messages challenges the capacity of the ISP, the Internet service provider, or legitimate businesses to do business. They have to put all sorts of firewalls up to help prevent their businesses from being hacked.

It was only a matter of time before spammers began to take advantage of our country. Canada ranks fifth worldwide as a source of web-based email spam, trailing Iran, Nigeria, Kenya and Israel. The recent Facebook case that has been referred to has placed the spotlight on Canada's ongoing failure to address its spam problem by introducing long overdue anti-spam legislation. The case is only the latest to illustrate that the government's inaction has had an impact. The fact that organizations are forced to use U.S. courts and laws to deal with Canadian spammers points to an inconvenient truth; that Canadian anti-spam laws are woefully inadequate and we are rapidly emerging as a haven for spammers eager to exploit our weak legal framework.

One of my colleagues talked about the information-sharing agreements, that we sign tax treaties and that we have trade treaties. We have a relationship with so many countries. It is absolutely unconscionable that Bill C-28 does not somehow link these relationships that we already have. Why are we not linking our anti-spam legislation so we can be assisted internationally?

We have these information-sharing agreements with regards to matters before us. Spam costs worldwide $130 billion in terms of costs and damages. Canada is ranked fifth in terms of web-based spam.

We need to ensure that the government does not drag its feet on this very important issue. It has been five years since the bill first came to us. It has already been disclosed that we have not gone as far as the other G8 countries. We are the only G8 country and one of four OECD countries that does not even have legislation. A member of the committee just said that we would be playing catch-up because we did not go far enough.

Michael Geist, who is an expert in Internet and e-commerce law at the University of Ottawa, said that there were several Canadian companies among the roughly 200 top spamming organizations in the world. They account for about 80% of the spam generated. He pointed out that junk mail could go beyond nuisance and result in hacking and fraud. That is a big problem for a lot of businesses and individuals.

As I mentioned, many people have been defrauded of their savings. Many computers have been compromised. Therefore, it is important that Bill C-28 be passed quickly so at least there is a first step in getting anti-spam legislation.

In particular, a new section needs to be added to define false or misleading representation by electronic message as an offence. This offence extends not only to the content of the message, but also to its sender and subject matter information, as well as its locator. It is not necessary to prove that someone was mislead or deceived by the message or even that the person was the intended recipient. It is sufficient to prove that the message was misleading or deceptive.

The penalties for this new offence are a prison term of up to 14 years or a fine at the discretion of the court for an indictment of both or a prison term of up to one year or a fine up to $200,000 for a summary conviction, or both, which is clause 76.

At this junction, I would like to draw attention to government members. It could be troublesome for members of the government as they continue to send messages touting the dubious benefits of many pieces of its fiscal legislation. I look forward to the finance minister's tweets on the budget becoming one of the first enforcement actions emanating from the passage of this law. I wonder if emailing some of the debates in the House might also cause someone to be charged under this act.

In all seriousness, we must be mindful that the intent of this act is not to limit freedom of speech, but to stop some of the more egregious examples of spamming and fraud that is prevalent and obvious to anyone who has an email account.

It is important, as we move forward, that we know that Internet policing may be difficult. Internet trafficking is creating a lot of problems, but with problems there are solutions. In finding solutions, we need to know what we are dealing with. If the government is serious about introducing legislation, it is important that we move quickly to enforce the legislation.

Industry Canada cannot do its own work without the necessary resources. I would like to know the resources the government will commit to Industry Canada to ensure effective corrective solutions. It is extremely important for people everywhere in Canada to have confidence that the legislation provided by the government will be effective and that there are appropriate sanctions. I believe any legislation brought forward must ensure that we have proper resources and effective coordination.

A rapid response to correct this problem would ensure that those who see Canada as a target would find another place. However, we do not want them to find another place because that other place is where we also do our business in the financial and banking sectors.

I hope we will work with the international community to ensure we have a reduction in spam. I hope all members will support the bill so it will provide fast relief to Canadians.

Madam Speaker, we are debating BillC-28, which I must admit is a very important bill. A number of members have had an opportunity to speak on it, but I would like to read into the record the summary of the bill. The summary of a bill is usually a fairly good synopsis of what the bill would do.

The summary of Bill C-28 states:

This enactment establishes a regulatory framework to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities.

It enacts An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, which prohibits the sending of commercial electronic messages without the prior consent of the recipient and provides rules governing the sending of those types of messages, including a mechanism for the withdrawal of consent. It also prohibits other practices that discourage reliance on electronic means of carrying out commercial activities, such as those relating to the alteration of data transmissions and the unauthorized installation of computer programs. In addition, that Act provides for the imposition of administrative monetary penalties by the Canadian Radiotelevision and Telecommunications Commission, after taking into account specified factors. It also provides for a private right of action that enables a person affected by an act or omission that constitutes a contravention under that Act to obtain an amount equal to the actual amount of the loss or damage suffered, or expenses incurred, and statutory damages for the contravention.

This enactment amends the Competition Act to prohibit false or misleading commercial representations made electronically.

It also amends the Personal Information Protection and Electronic Documents Act to prohibit the collection of personal information by means of unauthorized access to computer systems, and the unauthorized compiling of lists of electronic addresses.

Finally, it makes related amendments to the Competition Act, the Personal Information Protection and Electronic Documents Act, the Canadian Radiotelevision and Telecommunications Commission Act and the Telecommunications Act.

Most people would recognize this as the bill to deal with spam, but actually it is much more than that. So I took the opportunity to go back and look at the representations made to the House by the minister himself when the bill first came forward. I would like to quote a brief section of his speech in which he says:

Threats to the online economy include more than just spam. They include spyware, malware, computer viruses, phishing, viral attachments, false or misleading emails, the use of fraudulent websites, and the harvesting of electronic addresses.

Here is an interesting point. He says:

These threats are not just nuisances. Some are fraudulent, some invade privacy, and some are used to infect and gain control over computers. It is estimated that spam costs the worldwide economy $130 billion a year.

He goes on to say:

The bill before us contains important provisions that will protect Canadian businesses and consumers from the most harmful and misleading forms of online threats. It improves the privacy and economic security of Canadians in the electronic environment. It offers a host of clear rules that all Canadians will benefit from. It will promote confidence in online communication and electronic commerce.

The bill before us stakes out new ground in Canada.

Here is an interesting point:

Currently we are the only G8 country and one of only four OECD countries without legislation dealing with spam. This bill will rectify that situation.

In developing the bill, we have been able to incorporate the best practices of other countries that have launched similar efforts.

That is not exactly what the members said today in debate. It is kind of interesting. In fact, some members said that we have not even put forward legislation that takes into account all of the best practices of the G8 countries that have legislation in place. We have come up short on that. As a matter of fact, it was described that we are going to be playing catch-up. That point was made several times today during debate.

It is concerning because this is a very serious problem. We are ranked fifth in the world in terms of spam. I believe nine billion spam messages are received each and every day in Canada.

There is a cost associated with it. The worldwide cost is some $130 billion. Canada is fifth and we have about 10% of that. So we are talking about a lot of money, and based on the debate in the House, which has been substantively just opposition members, not enough rigour has been put in this bill to make sure that it is effective, the wish of the minister that this is going to be a good thing. We have missed the boat a bit.

One reason is that most of these problem areas come from international origins and they are beyond the reach of the laws of Canada. So all of a sudden we have to take out all these mass emailings sent out by persons who are not resident in Canada and are outside the reach of our laws. I will speak a bit more about that later.

The other part that was discussed very substantively during the day had to do with penalties. The infractions are under clauses 43 and 44, but with regard to the penalties, it says in subclause 47(1):

Every person who commits an offence under section 43 or 44 is guilty of an offence punishable on summary conviction and is liable

(a) to a fine of not more than $10,000 for a first offence or $25,000 for a subsequent offence, in the case of an individual; or

(b) to a fine of not more than $100,000 for a first offence or $250,000 for a subsequent offence, in the case of any other person.

It seems to stop there, ostensibly, in terms of the fines.

The point made in debate was that these are just fines. The growth of spam in Canada continues and we are playing catch-up. Despite the fact that this is proposing some fines, the argument has been that it does not seem to represent a sufficient deterrent to the perpetrators of, in many cases, the frauds.

Since the year 2000, online sales for Canadian companies have increased nearly tenfold. Ten years ago, online sales in our country were less than $7.2 billion. In 2007, the sales reached $63 billion. When we consider the magnitude of the economic activity going on in these unsolicited emails, we have to wonder whether, if someone gets caught, a fine of $10,000 or even $250,000 is going to be a significant deterrent from continuing the practices of spamming and the other forms of offences.

The point has been made a number of times that we missed the boat in terms of the penalties for offences. We have not taken into account that although the CRTC and the Competition Bureau will have the tools to impose fines, we do not have criminal sanctions here. There are going to cases, undoubtedly, where we are talking about billions of dollars that have been made by companies, without the fear of any criminal prosecution, just a fine. That, I believe, is a big flaw in this bill.

Regarding the admission that it did not go as far as other G8 countries and that we are playing catch-up, this bill has been around for five years. Previously it was Bill C-27. It is now Bill C-28 under a new Parliament, after prorogation and/or an election, but we are still playing around ostensibly with the same act.

If we look at the briefing notes, it is substantially still the same act. I really have to question whether there is a strategy to deal with the whole problem. The deterrents and penalties are certainly one aspect of it.

Recently, we have been dealing with some other pieces of legislation that I had an opportunity to deal with. One I think was just yesterday, a bill on tax treaties with Greece, Turkey and Colombia. It included the fact that we would be entering into information-sharing agreements with these countries.

It turns out that Canada has tax treaties with more than 90 countries around the world. We have relationships with virtually with every major economy around the world, and we do it because we want to eliminate double taxation, we want to deal with tax avoidance issues and we want to promote trade, et cetera. It is a good thing.

Why is it that we did not discuss information-sharing agreements on Internet abuses at the G8 and G20 summits? We paid $1 billion for one of those meetings. Surely we could have talked about some substantive matters, such as a problem that is costing the world $130 billion a year. It is not insignificant. That is 130 G8 meetings. That concerns me.

In the Income Tax Act there is a general anti-avoidance provision. Because there is a concern about being behind in our ability to keep up with the changes in technology and not even up to speed with what other G8 countries have been doing, we have the situation that, given how long it takes to bring forward new legislation and make the necessary changes, the time lag is so great that it is a tremendously expensive proposition when we know that it is going to grow.

I am wondering why the government did not pursue information-sharing agreements and things like the spirit of a general anti-avoidance provision, something that would say that notwithstanding what the act says, if the government believes people have done something that gets around the rules and in fact perpetrates fraud, the process of fraud or other offences under the act, it will be able to prosecute them as well, even though it may not be specifically in the act or have been contemplated.

That is why we have regulations to legislation. Rather than putting all the items in the legislation, we put them in regulations, which we can amend by orders in council fairly quickly. We do not need new legislation.

I am not sure at this point whether there was an opportunity missed. It would have been helpful to have built in some sort of a mechanism whereby the legislation, particularly in this case, was adaptable or was able to address emerging technologies and some of the issues that are coming out.

The other bill we dealt with recently that spurred some interest with me was the requirement for Internet service providers to report websites, et cetera, that had information or depictions of the sexual exploitation of children. The whole purpose of the bill was to require Internet service providers to report those things. It is an important element in the overall attempt to deal with the sexual exploitation of children.

Could this bill not have had a requirement or obligation for people who are involved or who become knowledgeable about the people behind some of these fraudulent activities to report? Intuitively people would say, “I respect the law, but I am not sure whether I am obligated to report if I become aware”. Maybe we should understand what the consequences are if we allow it to carry on, and perhaps there should have been some initiative that would have spurred people to report when it comes to their knowledge.

One of the experiences I have recently had, which most members have had, is that we received an unsolicited email apparently from a bank, which has the actual logo of TD bank or Scotiabank, for example. It purports to be our friend and tells us our account has been suspended and we have to get in touch with the bank, blah, blah. I printed that email before I deleted it and took it to the bank, which told me those things originate offshore and there is nothing banks can do about it, and that was about it. The banks ought to play a greater role in this. This is a big part of it. This is where there are people who prey particularly on seniors, the ones who are most vulnerable. When they are sent an email that says the bank has a problem and they have to get in touch, once they press the button and respond, they are in the system. Now they are targets. Now they are at risk.

We did not deal with that. We should have dealt with that. I do not know how. I am not saying I have the answers, but we should talk about it. Are other jurisdictions doing it? If these come from offshore, it is a case where we should have entered into information-sharing agreements and worked collaboratively with countries around the world? We certainly could have agreements with the 90 countries with whom we have tax treaties on matters that are harming all of us, when someone is in one jurisdiction and doing harm in another. We have seen that with regard to Switzerland and Liechtenstein with regard to tax havens, money-laundering and all kinds of things. When are we going to start entering into serious negotiations with our partners in trade and any other country that wishes to, for mutual benefit, to deal with these things? Where is the strategy? That is what is missing.

As I indicated, the penalty regime is not quite right. The issue with regard to dealing with the international situation seems to be ignored. We do not know what the dimensions are there.

The fact that it has taken five years already to get to this point does not send a warm fuzzy signal that we are really serious about this. Why does it take so long? When we bring bills in, why do we not start them with the minister or whoever is going to present the bill to the House and deal with it right through so that there is a continuity of the debate and a consensus that starts to develop? Second reading should be an opportunity for members to alert committee members to the kinds of concerns they have. This is where some of the fodder comes from in the legislative process. We cannot make any particular motions at second reading to change things, but we certainly can make recommendations to the committee and then make sure that committee is ready to deal with it. There is no point in putting forward a bill when there are 10 other bills waiting in a hopper to get into a committee, because it will not get dealt with for months.

In scheduling the House business, a particularly important legislation such as this seems to have been an orphan. I wish it had been dealt with quickly and, when it went through committee and came back here, we did not have debate last May and some more debate in September and now again in November. The continuity of the bill has been appalling. The issues have been on the table and this is something that has the support of all hon. members, all the parties. So why does the government drag this out in terms of how it schedules the bills for debate in the House? If it really cared about it, this would have been bang, bang, bang. The House leaders should have talked to each other. In the U.K. they have discussions to decide how many speakers there are going to be, they have the speeches and they deal with it.

I would suggest it is an important bill. I support the bill. The House will support the bill. We should get on with it, but the minister should know we are very concerned that we did not go far enough and that the bill may be a false start on the resolution of a very important problem.

Madam Speaker, one of the issues we wanted to try to resolve today was in the case of the Facebook suit. In that case, the judgment was against the individual. We wanted to think in terms of that in the context of the bill. Had the bill been in force at that time, would the penalties under the act have had any application to that gentleman?

We know, for example, that the authorities will be proceeding by undertaking as much as possible. The CRTC will try to get the perpetrators to stop doing what they are doing. That probably would not have worked with this gentleman.

The second option is to look at fines of $1 million or $10 million in the case of companies. Clearly this gentleman declared bankruptcy and moved on. Therefore, that would not have worked.

The question is whether any sort of a criminal offence would have helped stop this person. Violations under C-28 are not criminal offences.

The debate today has been about whether this bill would have proper application to the Facebook case. Perhaps we will have to revisit the bill in two or three years and take another look at it. If more Facebook-like cases evolve and the bill does not apply, then we will have to haul it back and look at making tougher sanctions available to people who do what the Facebook operator did.

Mr. Speaker, it is a pleasure to rise on Bill C-28, formerly Bill C-27. A little bit of history on the bill is important. This is a bill that will limit spam in this country and there are a number of different correspondence issues, not just email. There are several others I will get into later on, but it is important to recognize that this is important for Canada because we are the only one of the G7 countries that does not have a management style anti-spam bill. That is important for us to change.

New Democrats have been pushing for this for years and I want to touch at the beginning of my presentation a little bit on why we feel so strongly about the bill. It was formerly Bill C-27. With prorogation of Parliament that bill was shelved and did not go forward. We played a key role in getting that bill passed with the government. There were attempts to water it down by both the Bloc and Liberal members, but we made sure that the essence of the bill remained when there was lots of lobbying pressure from a number of different business and other organizations that rely upon electronic media. Some of it is done with good intent. Some of it is done with ill intent. But we were able to do that by taking out a provision where the government at one point was allowing a clause in the bill whereby if one had agreed to an electronic advertisement from someone that person could actually use that to go into one's computer and phish through it for further information. We had that clause taken out of the bill and compromised on that so we could move this forward.

Unfortunately, with prorogation, the government lost its opportunity and the bill died despite actually going through the chambers, and that is unfortunate because we did not get to have that legislation come to fruition. The bill reintroduced is taking quite some time in this latest government round. I am rather surprised it was not tabled during one of the first weeks post-election when we came back to the chamber. There certainly was a willingness on our side to get the bill moved forward and there were a few more changes added that were important to clean up the bill, but did not really essentially change anything. Then it moved quickly through committee and to this point in time.

It is a good opportunity for Canadians to revisit some of their rights in particular. I feel this is very much a social issue and a justice issue because when we look at the violations that go through spam it is not just the mere deleting and the pain of doing that, it is also a means of economically undermining people as well by phishing for information and privacy issues. It is important that the bill passes and I am hoping that it does so rather quickly in the other chamber when it goes there because it is critical.

What really defines New Democrats as different from the other parties in this are the rights people should have as users on computer systems and the Internet. This is something that I continually impressed on those who kept on pushing back on the bill. What I am referring to is the reality that when people buy a computer system, they pay the money. Then after that they pay for the use of the system not only through electricity, but also if it is activated on the Internet. They pay for the programs that are installed on computers that they use. They pay for all those elements out there.

At the same time, their rights were being ignored and, in my opinion, trampled on by others dumping all kinds of unwanted and unsolicited information and material, some of it even malicious, that affected computers, and that is wrong. There should be the rights of the users who pay for all of that, not just the initial outlay, but also the continuation of services every month through a provider. That is a key element that is important about this that gets overridden to a certain degree. With the explosion of the computer use and the Internet evolution, there were no rights granted to the user of any significant magnitude. As well, it allowed the introduction of a number of different commercials and even affects the performance of computers and the work people are doing by having malicious spyware and other types of things that end up on computer systems.

This is at the heart of it. Is this bill going to restore some justice to the Internet? Is it going to bring some accountability, bring Canada into this century in terms of its response and put penalties on those who do it?

For those who do not think it is a serious issue, I want to refer to a Cisco study that was done a couple of years ago. It found that there were around 200 billion messages per day and 90% of emails sent worldwide were spam. There were 200 billion messages per day being sent out to all kinds of people from all over the world and Canada, unfortunately, was one of the places that had spammers.

It was not individual people sending out that message. It was also those hijacking computers and creating what are called botnets. That is where people write programs and send out messages that would infect somebody else's computer so that people's computers become like zombies and send out a series of files, information and messages.

That happened to one of my accounts. It was hijacked and messages were sent out under my email address. A lot of people have faced this. That is why a lot of different software packages have been introduced. Because of the aggressive nature of those who are doing this, it has become an industry in itself just to police it. Various types of software are being used, which require constant upgrading to deal with all of the different infections taking place on computers.

What is important to recognize in that respect is that people are affected in a number of ways. Not only are their reputations affected by their names being tagged with material they do not approve of but it also affects the capabilities of their computers and sometimes their privacy.

There are also phishing scams to trick people. How that works is if people agree to something, there are unintended consequences that are not clear because there are no rules about that. Some people were giving out personal information, and there are those who said they knew what they were doing because they said yes.

We heard the argument from some of the people who use advertisements and so forth that once people agree, it is basically carte blanche. That is not fair and the reason is that yes, people made the mistake when they did it, but people are virtually learning on the computer every single day.

I know seniors today who are taking up the computer and its technology that they never had before, and they deserve protection from the government on that. The Internet has become very important, not only for communicating on social matters but also in allowing people to conduct their public and private affairs.

Public affairs means being connected to the world and communities and allows people to understand what is happening out there and to interact in that element, especially those who do not have the capabilities to get out any more, who do not have transportation or whatever the case may be. It is their connection to the community, and that has become clear through sites like Facebook and a whole series of other social media.

People use these avenues now to connect to their own community, not just to look at things or obtain information from across the globe, which they can do as well. It is very much part of people's lives, and those of neighbours, friends, family and so forth.

The second reason people deserve protection from the government and the forces who want fair play on the Internet is because people use it to conduct business, financial transactions such as paying bills, making investments and a whole series of things. Online elements have become critical for the daily administration of businesses and people's pocketbooks. That is key too.

There is the entertainment aspect as well, another critical part. People take part in everything from video games to movies. They can watch television now and a whole series of things. That is why with these elements of phishing, botnets and spam it is important to recognize the seriousness of it. It is not simply about deleting the thing that arrived in one's mailbox that was unwanted. It is about the abuse caused if one has those different elements affecting one's system.

New Democrats believe when a consumer buys equipment, programs and a service provider, the consumer's rights come first. That is an important difference. Technology will change even more. Some of the programs and the writers will become even more vicious. That is why it is important we start with the number one principle.

I will to refer to the international scene so we can get a clear understanding of this issue. Cisco reported that the United States was the single largest source of outgoing spam, accounting for 17.2% of all global spam. Canada was the fourth largest source with 4.7% of global spam. Behind the U.S., Turkey and Russia, Canada has a significant per capita.

The United States was referenced at 17.2% and Canada was at 4.7%. That is because the U.S. brought in what was affectionately known as the can spam bill. I hope Bill C-28 will be more effective than the American legislation, but we will see. It has been done with a bit more diligence.

Members will remember the legislation with respect to the do not call list. The government rushed it through and it failed miserably. It was an abuse on Canadians and an embarrassment to the government. We warned the government that it would not respond to the needs of Canadians.

There is a remedy. I took some criticism for supporting the government in a key vote on that legislation. I agreed to allow the minister to amend the do not call list legislation. I thought it was important for consumers to have that capability so I agreed with the government. Canadians want a do not call list that works. Improvements have been made to it and NDP members are happy with the changes.

I want to touch a bit on the types of information in the bill. I want to ensure people know that it is not just spam email defined under abuse. Instant media messaging, use net and user groups spam, web search engine spam, spam in blogs, wiki spam, online classified ad spam, mobile phone messaging spam, Internet form spam, junk fax transmissions and file sharing network spam are all included.

It is important to note that. Those who abuse these types of communication devices will be subject to a series of penalties and fines. I will get into that a bit later. There will be better enforcement power. There will be a better process to stop those who send messages in those different formats to people who do not want to receive them. It is key that be the case.

The spam that we are focusing on has a number of different cost factors. There is the overhead cost, which is electronic spamming, including bandwidth, developing or acquiring an email, wiki blog spam tool and taking or acquiring the zombie computer.

Materials used on a computer system, whether it be the actual computer itself, the server, the websites, the other tools and applications such as a dot design can get infected. They then have to be administered by new software upgrades, hardware upgrades, a series of different things depending on what the spam has done to the computer.

Say, for example, a web designer has to design another management system related to security provisions to block certain things coming in. A physical cost is going to be involved as well as a programming cost. That is basically lost productivity in the Canadian economy. There is a cost to people doing work because others have abused or caused problems maliciously.

There is also a transaction cost. The incremental cost of contacting each additional recipient when one method of spamming is multiplied by the number of recipients. There is risk of legal or public reaction, including punitive damages.

On the transaction cost, it is not only the cost of responding, but also the public image or whatever it might be. There could be any host of emails coming in that are disingenuous and presents one's company or oneself in an ill way. Often those affected have to physically spend the time to re-contact people.

Also, one's reputation may be at stake. If people have their names tagged to something they do not support, that can be very damaging to them, given some of the content that is on the Internet today. Companies can suffer from this as well. This is another cost.

As well, damage is another cost. Damage can take place in a number of different ways, from people's reputations to a community and other types of areas. For example, Canada is currently known as a spamming country. We know that other countries look at us in an unfavourable way because we have not dealt with spam in a responsible way until now.

Spam is also used in crime, and this is important. In our opinion, it is a violation of not only consumer rights, but it is crime. We have seen viruses, Trojan horses and malicious software, often with the objective of identity theft and fraud.

There are people who lose information. There is sensitive information on computers, for instance, payment of credit card bills, real estate or other types of transactions, and all types of purchases. We see more and more purchases through several different sites taking place now.

When people experience identity fraud, they face a series of things. First, they have to find out when it took place and what has gone out. As well, the damages are part of that. Whether it is credit card theft or the use of their names and IDs to do things on the Internet, that can significantly affect them.

Also, and this is important, some people are not used to using the Internet or are just learning to use it. They become pawns for those who are very clever about using this information, technology and the different types of spam. Basically, there are predators. If people are not skilled or do not know the full effects of what they are doing, it does not make it right that they are taken advantage of. The bill's increased fines and penalties will be a significant deterrent when we look at some elements that need to be changed.

I recognize the work of the 2004 national task force on spam, which went across the country. It got things going and unified Canadians around the rights of the spam bill. It is important that we recognize the task force.

Mr. Speaker, I am honoured to speak to this bill.

The impetus for this bill dates back to 2003, when I introduced the first bill to combat emails containing commercial electronic information.

The fact that there have been changes of government and four Parliaments since then is obviously a problem. But the situation continues to get worse, and it cannot be minimized by arguments that we will hurt industry if we pass a bill to protect consumers and ensure that industry can function. We recognize the importance of sending commercial information through electronic media.

I reflect on the several years and how long it may take for a bill to make its way through Parliament and to address an issue, which I think for most Canadians is obvious. We have heard my good colleague from Nipissing—Timiskaming talking about the fact that many parts of his riding in northern Ontario and places outside of the beaten track of larger urban areas still are without significant access to the Internet, even though we all recognize in this Parliament, and Canadians recognize, the importance of commercial information through electronic media.

I was here 17 years ago as a member of Parliament and recall the then minister of industry having a BlackBerry. It was a new, revolutionary idea, but of course it had not really taken off at that time. One wonders how we could function as a nation today, recognizing the great advances that have been made in many respects with Canadian technology, Canadian prowess and Canadian utilization, were it not for these kinds of developments, which have caught on in Canada and around the world. It seems to me that we would certainly be somewhere well behind the rest of the world.

Therefore the legislation, albeit rather late, is timely in the sense that it does address a domestic problem, but as I indicated in my question for the previous member from our party, who sits on the industry committee and has sat on the industry committee, I am most concerned about the ability to reflect upon what this legislation will do as much as what it will not do.

I do not want to create false expectations for the Canadian public that suddenly tomorrow, or when the legislation is passed and accepted in the other house, there will be in fact a cessation of spam, malware, spyware, botnets and other programs that are added on, nor will this stop those who exercise beyond our jurisdiction, beyond our geography, from continuing to engage in something that is now more than just a nuisance, as it was in the early 2000s when I introduced the first spam bill.

It is important for us to recognize the work that has been done over the years.

I also want to give specific recommendations and a commendation, not just to the committee that passed this very recently, but also of course to my own party, which in 2004 and 2005, in order to address this issue, set up a task force, the Liberal task force on spam. Of course, it recommended that we come forward as quickly as possible with legislation that would prohibit the sending of unintended, unwarranted, unsolicited emails and information without the prior consent of recipients.

At the time it also recommended the prohibition of the use of false and misleading statements that suppress, ignore, set aside, or disguise the true intent of the email, not to mention of course its origins. This was a very serious point, where people would open up information and it was in fact nothing short of a commercial nuisance disguised in a fraud.

The Liberal task force on electronic emails also called for the prohibition of the installation of unauthorized programs. My colleague who spoke previously talked at great length about what those programs look like, the kind of information that is often inserted, unbeknownst to the recipient, on his or her computer. It also, of course, talked about the prohibition of the unauthorized collection of personal information or email addresses, the aggregation of which would be to see constant emails sent to us ad infinitum.

These were very important recommendations that were made and they formed literally the basis of what the government has now brought forward and with which we agree. We agree with it because it also does take into consideration the balancing of ensuring that privacy questions are also paramount. The committee took great pains to ensure that personal information and the laws that support PIPEDA are in fact in this piece of legislation, and that it reflect very carefully, endorse, and inform Canadians as to just how the legislation proposes not only to ensure the optimal protection of privacy, but also the steps in terms of coordination of how the legislation is to be enforced.

I go back to the Liberal Party task force recommendation because it is very telling.

As Bill C-28 looks to be implemented, it provides fines for violations of any one of these particular acts of up to $1 million for individuals and $10 million for business. It also establishes rules for warrants of information during investigations.

It is extremely important to understand that there has to be a coordinated and collaborative attempt to ensure that there are rules of engagement in terms of enforcement. We cannot just walk in and seize someone's computer.

The legislation, through the Department of Justice I presume, has met a number of very stiff and significant tests: privacy, the way in which the legislation is enforced; and, as the bill calls for the injunctions of spam on activity while under investigation, it does provide the ability to force a cease and desist.

Bill C-28, as we know, establishes something new, but it is something that was also discussed some years ago, and that is the private right of action. We have seen this in other areas where, if enforcement is not adequate and an individual or business feels there is something where they have been targeted, they have that as a recourse.

I think that is fundamentally important to distinguishing this bill from its previous characterizations and incarnations. It gives a significant step forward for individuals to take up these matters when there may be the possibility of a lack of interest as a result of a number of circumstances.

Of course, it also allows those individuals who have been aggrieved, who have been the target, whose businesses or affairs have been trampled on, affected, or impeded, to seek damages from those who are involved in the perpetration of spam. I think that is important.

We all understand the significance and importance of this kind of legislation. What cannot be misunderstood and certainly cannot be gainsaid is the significance and importance of ensuring that we have legislation that does not have unintended consequences. That is why legislation like this must, I emphasize, be reviewed periodically and more frequently. As technology evolves, so does the ability to make legislation that is relevant.

While we have constructed a piece of legislation that would have been good in 2003 with some modifications here and there, it may not be relevant to the overall concern that I think consumers have, and that is the prospect that they are going to continue to get unwarranted and unsolicited spam emanating from jurisdictions outside of Canada.

As my good colleague from Nipissing—Timiskaming has emphasized, and it cannot go unnoticed, we have to do a better job at working with other nations. We must ensure that individuals do not use jurisdictions with the least amount of enforcement in order to continue to harass, sully and act with relative impunity in assaulting and taking up so much space on the Internet.

It is one thing for northern and rural parts of this country to still be on dial-up or DSL. It is quite another thing to have 60% to 80% of all electronic traffic in this country originating from spammers. Quite apart from the sinister side of what that means in terms of malware, spyware, botnet, and as that has been described by my previous colleague in considerable detail I will not go over it again, it seems to me we have to ensure that the legislation is pragmatic and can evolve with time.

It is not clear to me that this legislation will do that. While I support it and believe it is a step in the right direction, let us understand that this is really only a first step. This is a first step towards understanding that Parliament has to be continuously vigilant in ensuring legislation meets the expectations of an economy that more increasingly depends, in this digital age, on the ability to receive and transmit information, and to use the Internet and electronic means not only to convey private information but indeed as a means by which our economic infrastructure becomes more increasingly dependent.

This brings me to the question of enforcement. I understand that there are other significant pieces of legislation that we have before us now in this House. There are a number of committees embarking on the issue of copyright. However, this legislation will require constant review by those in business, by those in the know, to recognize areas where the legislation should be modified from time to time. It will also be incumbent on future industry committees every year or so to have a periodic look to see where we are going, where the bill has had an impact, what it is failing and what it is addressing.

One of the areas that I think we have not discussed sufficiently about this bill, but which we are going to require, will be the unintended consequences this would have on domestic business.

Here I talk of legislation that is meant to do the right thing for business and the right thing for consumers.

At the same time, we have to recognize the impact it will have on small and medium-sized businesses that, for some reason, are unaware of this bill's real impact and of the fact that the bill provides for penalties. As well, these businesses may not be aware that some transactions they conduct, not for fraudulent reasons but for legitimate business reasons, may violate the legislation.

I am worried about the sudden impact it will have on our small and medium-sized businesses. This is not something this bill is merely silent on. We will have to use the federal government's communications resources to ensure that businesses do not run afoul of the law because they are unaware that, in the future, it will prohibit them from sending messages and notices to promote their business.

Let us be very clear on this point. We want to make sure that small business, as well, is aware of the impact of this legislation. It is great that we have finally come to the point where we have legislation that actually has a very positive impact on assuring Canadians that we are finally getting on the ball to address spam. However, we certainly do not want to negatively or adversely impact those who, through no fault of their own, do not have a real understanding of this legislation, business in particular.

People may be out there actually trying to make a living as opposed to hearing what we are saying here in Parliament, but those individuals should be contacted. Organizations that work with small and medium-sized enterprises in this country should at least be aware of what is in store should the law be broken unintentionally.

There has to be some deference given. We understand there is a civil sanction. This is where the hon. member for Nipissing—Timiskaming got it right. Criminalizing may have the horrific outcome of putting someone in a very difficult position. People who engage in advertising and unintentionally send electronic emails to prospective or perhaps even existing clients without the clients' consent could find themselves afoul of the law. It is a very fine balancing act that will not be resolved by criminalization.

Quite frankly, that would be the worst road we could go down and we should be very careful. If we do not have in place a strong communication strategy to ensure small business has the opportunity, we may hurt the very people we are trying to protect.

I look forward to hearing comments in the next few days as to where this legislation will go. It is a hybrid of what Parliament can do if parties decide to set aside their partisan differences and focus on some very important pieces of legislation.

It also requires us now to take this legislation, should it be passed in the next several weeks, to other committees. I would hope the trade committee of the House also takes on the responsibility of ensuring that there is co-operation and coordination between other jurisdictions. We have talked a bit about those, but if we receive spam originating from, say, Sao Tome, a very famous place off the continent of Africa that tends to be a channel or switch for a lot of information, we may not have the jurisdiction or wherewithal to stop it, prevent it or provide assurances to Canadians that they will not continue to be harassed.

It seems to me that when this bill was first introduced some years ago, there were individuals as close as Detroit. There was one individual I will not mention who was responsible for a significant amount of the junk we used to receive in our emails. It took us a considerable amount of time to work with our American friends to shut down the practice. The practice was not just about harassment. The practice itself was also about mismanaging and directing computers to open up programs and direct us to other addresses or simply to shut down or break down our computers that were otherwise intended for very innocent reasons.

It is also important to understand that the legislation itself has as its intentions all of the elements that have been brought forward to us in the more recent times, but we must be careful that we do not involve a debate that suggests this bill will be the be all and end all. I know some believe that Parliament is capable of doing far more and that this legislation may be the silver bullet. However, it is not. We have to be very realistic about what we believe this would accomplish.

My own sense is that, if the House of Commons were to be properly disposed, it would also want to allocate within a period of time an understanding of how much money will be spent on enforcement and what agencies would be responsible for collecting information on an ongoing basis to determine whether this legislation has in fact been properly impacted. We need appropriate benchmarks over the next year or so to demonstrate what the effectiveness and efficiency of this bill is.

I am talking about down the road. We have got to one point, but we have a long road ahead of us, and this is not going to end anytime soon. Canadians will continue to look upon parliamentarians and government to be able to correct problems they cannot themselves fix.

The last thing, as I have suggested, is that we do not want legislation that leads us in the direction of creating more problems than we are resolving. That is of course a real prospect and a concern that I have in looking at the legislation, because the legislation itself does not provide all of the guarantees.

I have looked at other concerns that have been raised in Bill C-28. There are some very hard penalties that come with this piece of legislation. It will be interesting to see whether those penalties in fact can be borne by those who unintentionally make an error. I think there has to be some kind of judicial discretion given in these circumstances so we are not looking to make a particular example of an individual.

That brings us to legislation as it relates to the do-not-call list. With that list, in many respects some are walking away with a literal slap on the wrist or, worse, being given an opportunity to send money to a particular academic organization in order to sort of make amends.

I think we have to provide an effective balance, a balance that takes into consideration the seriousness of the damage done to others, while giving people a private right of action but not going to the point where we are simply trying to make one example as a means of scaring off everyone else.

The law must be applied fairly, consistently and evenly, and above all it must be applied pragmatically in order to ensure that we are aware and can stay on top of all the new nuanced ways in which people will try to get around the legislation to harm our economy and, above all, really bother our consumers.

Mr. Speaker, the member made a good point.

In 2003 we started working on this while the Liberal government was in power. Now in 2010, after five years of Conservative rule, we are finally getting around to enacting it. A lot of progressive legislation has fallen by the wayside and we are trying to get some of it back. This is a small step in the right direction.

Internationally, Canada no longer has the same esteem it had prior to the 2006 election when the Conservatives took over. That we know. We have heard it. I travel to Europe and other places. People have asked me what has happened to Canada. They say that Canada used to be an open country where people discussed things and came to an agreement, but suddenly it has become difficult to deal with Canada. I am speaking of countries in Europe, South America, all around the world. They are wondering what is going on.

One thing about Bill C-28 is that we would have to co-operate with other countries. We would have to talk to other countries and negotiate with other countries. We do not want another Camp Mirage situation to happen with this legislation.

It is important that the Conservatives start opening up when dealing with other people. They cannot just dig in their heels and say it is their way or the highway. It may sound good to some people, but not to most people, that here in Canada there is a government that can dig in its heels and do whatever it wants. The government has to be open. It is not about black and white. There are different shades of grey and the government has to negotiate to come to an agreement that works.

That is one of the keys of this legislation. It has to do with individuals in the government negotiating with other governments so that we can come to agreements and settlements that work so that the people of Canada can be protected from spam and other malware in the Internet.

Mr. Speaker, it is a pleasure to speak to Bill C-28, the fighting Internet and wireless spam act, better known as FISA. It is designed to curb the flow of spam, unwanted installations of unauthorized and sometimes malicious software and the unauthorized collection of personal information. In other words, it aims at stopping spam emails. With spam emails, we do not always give prior consent and that is what makes them so obnoxious.

I have been listening to a lot of the speeches and going through the bill and it really is a dry topic. It is something that, unless one is really into the technical side of things, does not excite people until it hits our computers or our homes. That is when we really feel the impact that spam has on individuals.

I want to do a bit of a history. In 2004-05 the Liberal government of the day established an anti-spam task force and recommendations for actions were put forward. The Liberal recommendations called for the government to introduce legislation to prohibit four things: first, the sending of spam without prior consent of recipients; second, the use of false or misleading statements that disguise the origins or true intent of the email; third, the installation of unauthorized programs; and fourth, the unauthorized collection of personal information or email addresses.

I would like the members to remember these four points because they will be showing up again and it is important that we finally get there. Of all the G8 countries, Canada is the only one that does not have legislation in place yet. When we look at something like this, we have to ask why Canada has really lagged behind.

Had the government continued under a Liberal government back in 2005, we would have had legislation. However, unfortunately the NDP leader decided that in 2005, it was time to stop supporting the Liberal government of the day. I think history will look back and see where progressive thought really slowed down, if not stopped, for a number of years. It will not be pretty when people look back and see what was lost. Whether it was legislation on spam, child care or first nations rights, it will not be viewed positively.

Let us get back to Bill C-28. It was originally introduced by the Conservative government as Bill C-27, which died in prorogation. Prorogation normally is not something we speak of positively. I look at prorogation and it really was something Canadians did not want, it was something Parliament did not really want and it caused a lot of problems. However, one thing it caused was the death of Bill C-27.

Prior to the prorogation, many flaws were exposed in the bill and when it came back, the good thing was that many changes were made. Bill C-28 was introduced after the return from prorogation, with the changes to correct many flaws identified. I am pleased to see the Conservative government decided to act on the recommendations of our Liberal task force and the recommendations of the industry, science and technology committee.

Legislation in a fast moving area such as technology must be monitored closely to ensure it does not stifle legitimate electronic commerce in Canada, while accomplishing its intended purpose.

The real test of Bill C-28 will be in its implementation. How diligently will it be reinforced? What resources will be allotted? How serious is the government in protecting Canadian citizens? Those are the questions we will have to look at and really look to see how strong the legislation will be.

One of the things that the legislation calls for is periodic review of the legislation. I talked about how fast electronic media changes and how fast technology changes. That is why the legislation in particular has to be reviewed on a regular basis so it keeps up with what goes on.

In its main provisions, Bill C-28 introduces a new regulatory scheme and monetary penalties for spam and related threats such as identity theft, phishing, spyware, viruses and botnets, and it extends the rights of civil action of their victims. I know a lot of us have heard these terms, but I thought I would take the time to go through them because they are not always well understood and I want to clarify them.

I went on the Internet itself, to Wikipedia, and got some definitions of the individual terms, because I know there are people listening at home wondering, “This is wonderful, but what exactly does it mean and what effect does it have on me?” We all know about spam, which I will define at the end, but spam is just one part of it.

We hear about identity theft. Identity theft is a form of fraud or cheating of another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft can suffer adverse consequences if he or she is held accountable for the perpetrator's actions. Organizations or individuals that are duped or defrauded by identity theft can also suffer adverse consequences and losses, and to that extent, they are also victims.

Again, identity theft is one of the points that this legislation takes on. We look at the fraud in it. Someone spoke earlier and asked about the Criminal Code. This identifies it, and fraud is covered under the Criminal Code.

The other term that comes up quite often is phishing, not fishing with an “f”, but phishing with a “ph”. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.

Phishing is typically carried out by email or instant messaging and often directs users to enter details to a fake website that looks and feels almost identical to a legitimate one. When we go somewhere on the web and see something saying it is a certain company, we want to make sure that it is real, that it is what it says it is.

Phishing basically sets up a fake facade that people think they can trust. People input information and then the information is harvested and used to hurt individuals. Whether it is taking their money or identity or causing problems for those individuals, we can see where the problem would come.

The one we hear about often is spam. That seems to be the generic one that covers everything. Spam is the use of electronic messaging systems to send unsolicited bulk messaging indiscriminately.

While the most widely recognized form of spam is email spam, the term is also applied to similar abuses in other media, including instant messaging spam, Usenet newsgroup spam, web research engine spam, spam in blogs, wikispam, online classified ad spam, mobile phone messaging spam, Internet forum spam, and junk fax transmissions.

People who have faxes in their offices have had junk fax transmissions come to them. It uses up trees by using paper, it uses up resources by using ink, and it uses up copies that the individual receiving it has to pay for. Sometimes when these transmissions are received in large number, it becomes an expense that hurts.

Social networking spam is something that people are aware of, as well as television advertising and file-sharing network spam.

We have all heard the word “spyware”. Not many people really realize what spyware is. It is a type of malware that can be installed on computers and collects little bits of information at a time, without the user's knowledge. The key is “without the user's knowledge”. Users do not know that this spyware is in their computers and it constantly transmits little bits of information. The presence of spyware is typically hidden from the user and it can be difficult to detect.

Typically, spyware is secretly installed on the user's personal computer, and while the term “spyware” suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information such as Internet surfing habits and sites that have been visited, but it can also interfere with the user's control of the computer in other ways, such as installing additional software and redirecting web browser activity.

Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, or loss of Internet functionality and other programs.

We have all come across that, where we are working on something and it seems that everything is going along really well, and suddenly everything stops. What happened? There is a piece of spyware that went in there and changed things around. There is a frustration and a cost to the individual.

If someone sitting at home, likely retired, working on a computer, has a fixed income and suddenly he or she has to expend dollars to get the computer running again, there is a direct effect there.

There may be those who ask how that affects them. We have all had the frustration. We have had to bring someone in to fix the problem, if he or she can fix the problem. When the individual gets it running again, that individual has money out of pocket. On a limited income, if one is retired, it really hurts individuals directly.

Computer viruses are something that we hear of a lot. A computer virus is a computer program that can copy itself and infect a computer. A true virus can spread from one computer to another when its host is taken to a target computer, for instance because a user sent it over a network or the Internet or carried it on a removable medium such as a floppy disk, CD, DVD or USB drive.

We see a lot more of that now where we have people coming in with USB drives, collecting the information and then going to another computer. It is a perfect way to spread viruses.

I have a 13-year-old daughter who works on her computer. She brings her homework back. She will input the information and take it to school. She might be bringing back something from the school or someone else might be bringing it to the school. So we can see where a virus can cause a lot of problems for many people.

Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers.

One that we do not hear much about is botnets. That is covered under this legislation. A botnet is a collection of software agents or robots that run autonomously and automatically. The term is most commonly associated with IRC bots.

The best way to describe IRC bots is when we go to a website or even an email and think we are interacting with another individual but we are not. With an IRC bot, we are basically interacting with another machine. We think that person is there responding to us. We can see the problems that could cause: someone going to one site, getting answers, building up a trust, and then suddenly finding out it is a machine on the other side.

The other thing that happens with the IRC bots is that one can access a number of people, all interacting with this one machine, so the individual is not duping people, a machine is, and the spread can cause a lot more damage because it is so pervasive.

As well, it does spread some malicious software and it can also refer to a network of computers using distributed computing software.

Anyone who has used a computer can relate to the kind of frustration that this malware can cause in some of these unwanted infiltrations into one's computer.

It is not only frustration. As I mentioned earlier, there can be a real financial loss to the individual who is using that computer and connecting and who will be affected by some of these issues.

Let us take a look at Bill C-28 again, now that we know what some of the definitions are.

Bill C-28 contains four main thrusts. It prohibits the transmission of commercial messages, basically spam, without express consent. The only conditions under which express consent is not required are those where family or prior recent business relationships exist. Messages requesting consent have to provide the names of the sender and the client on whose behalf the message is being sent, contact information for both, and a way to unsubscribe.

Quotes and estimates that are requested are not covered by this, nor are emails or follow-ups on business previously transacted.

There is one loophole or one barrier in this legislation that I would like to talk about. That is in regard to people who are in sales, such as financial advisers, real estate agents, or stockbrokers. What often happens is that they will do business with someone, and at some point, using real estate as an example, the person they are doing business with will say, “My brother, John, is looking for a house. Give him a call or get hold of him. I am sure you can help him out. You have done a great job for me, and John, who is my relative, could use your help”.

This legislation unfortunately does not allow the real estate agent to send an email to that person. He has to get express consent from the individual to whom he will be sending that email.

I was talking about how this legislation has to be reviewed on a regular basis. I think this is one of the areas we are going to have to look at and ask if it really allows business and e-commerce to continue and to flourish. We can see the barriers that are set up and the problems it would cause to people who earn a living in the sales field.

As we see this going on, I think it is important that we monitor some of the effects of this legislation. Maybe in about a year or so we should review it, see what is going on, and see what the unintended effects of this legislation will be.

The bill attempts to curtail phishing, with a prohibition on false or misleading information on the source of an email. The bill also prohibits the installation of programs to operate another's computer or the dissemination of messages on a computer without the individual's consent, and there is the option to withdraw the consent.

As we can see, it goes back to malware, the spam that we spoke about earlier and how this bill will block that.

The bill includes provisions that halt the collection of personal information, by amending PIPEDA, the Personal Information Protection and Electronic Documents Act, to include a ban on collecting or using electronic addresses obtained through a computer program designed for their collection, as I mentioned earlier, the phishing program.

So this legislation does come into play, and there are additional provisions that specify that a tougher regime under FISA take precedence over the existing Personal Information Protection and Electronic Documents Act and all the legislation that could apply.

The bill's provisions extend not only to those who violate it, but also to the agents or directors of the corporations who aid, authorize or acquiesce to the violations. The bill follows the money. That is the key right here, because when we look at a lot of this, the infractions and the invasion, it comes right back to money. It follows the money, stripping protection for those who hide behind a corporate shield.

When we look at some of the fines that are out there, the fines could go as high as $1 million for individuals and $10 million for corporations. The bill aims to accomplish ending the practice of spamming.

Will this bill end it completely? I think when there is something illegal going on, it just keeps going and going. What this does is minimize it and at least offer some protection to Canadians when it comes to spamming, phishing and the rest of the electronic malware that exists around the world and on the Internet.

Mr. Speaker, I also wish the bill would be sufficient in the form it is right now. As I said, I look at the consent orders and think they should solve a lot of the problems. I think a lot of people would be reasonable. The fines are good as well. I do not have any problem with the $1 million for individuals and $10 million for companies. However, I do not see how that would solve the issue of somebody declaring bankruptcy and not paying the fines.

Some sort of criminal offence and jail time should be in the bill to stop people like that from spamming. In future, we may have to revisit the bill and add that in.

I want to mention the private right of action. This is another important part of the bill because it creates a private right of action for individuals who have been affected by contraventions of Bill C-28. A person who alleges that he or she is affected by an act or omission that breaches the key provisions of the act might apply to a court for an order of compensation. This is another outlet for people who think an issue is not being dealt with by the government. There would be a private right of action. It is important for those who are watching today to know that.

Mr. Speaker, I am very pleased to speak to Bill C-28. I enjoyed the remarks by the member for Scarborough—Rouge River. He made some valid observations in the beginning about the fact that the delays of the government in bringing the bill to fruition were in some way unavoidable because of the election. However, sometimes delays can actually work out to one's benefit.

I note that because of this process involving a previous bill dying and then the government re-forming it as Bill C-28, the fact of the matter is some improvements were actually made along the way.

Coming out of the committee there were some improvements, even one that the government made itself as a result of representations made by presenters to the committee. They resulted in amendments to the bill.

I know governments oftentimes introduce legislation and they themselves bring in a number of amendments at the committee stage, so it is a process to get it right, a process that involves in many cases correcting oversights and making amendments as we progress.

At the end of the day, we may actually have a better bill than we would have, had we gone with the earlier versions.

We have not heard from the government very often during these debates. One of the questions I would ask is: How many actual cases have not been dealt with because of a lack of this type of legislation?

This type of legislation has been in the pipe since 2004. There were two senators involved with bills of their own. As has been pointed out, we are the only country in the G8 that does not have legislation of this type at this point.

Therefore I would be interested in knowing what the experience has been with the other countries in the G8, with their type of legislation, and how many consent orders have been dealt with in their jurisdictions and how many fines have been collected. If in fact they have jail provisions, how many people have actually gone to jail in any of those G8 countries?

However we have not had any representations from any government members about those particular issues. Surely we could learn from the other countries that have this legislation. If in fact there has been an increase in one type of activity over another in one of those G8 countries, I would assume that the government would have been quick enough to respond and would have been able to cover that off in our legislation.

Having looked at the legislation, I see it is quite comprehensive. The NDP members support the legislation over and above the questions that we have about it on the issue of the jail provisions. It is quite a substantial bill and deals with many areas that need to be dealt with.

Another point I would like to make is that this is a relatively new area. The technology has expanded so much. It has only been since 1995 that emails have become a regular occurrence and certainly e-commerce has been on the radar only since 1999.

At the provincial level, 10 years ago we were looking at bringing in e-commerce legislation, and in Manitoba around 10 years ago we brought in Bill 31, which I mentioned before in the House, which was the best e-commerce legislation in the country at the time. It was following the Uniform Law Conference. I believe that all of the provinces in Canada have since followed suit and brought in their own type of legislation to deal with those substantial issues.

However, that was a response to e-commerce in 1999 when it was very new and people were reluctant to purchase things online. We brought in some consumer friendly amendments to that bill. One of the provisions was that anyone in the province of Manitoba who purchased a product or service online and did not receive the product or service, the credit card company would have to back it up and compensate the customer.

The credit card companies had some concerns about that but it was something that we copied from at least four states in the United States that had that type of legislation in 1999. Those were the beginnings of e-commerce legislation. Today, e-commerce has burgeoned and exploded in spite of any type of legislation. I do not think I could point to many thousands of people in Manitoba who would even know we put in that protection for them in that bill.

That was only part of why we brought in the bill in the first place. We were dealing with the whole issue of databases, which is very controversial. It was shortly after the Jane Stewart experience in Ottawa with databases. However, what we were trying to do was come up with a common business identifier so that businesses in the country could deal with the federal tax department through a single business number. By doing that, we had to have a legislative framework in place to begin dealing with, not only within the government but within companies in Manitoba and the federal government, taxation issues, making corporate tax payments, the whole issue of T4 slips, records of employment and all those sorts of business type issues.

The governments of the day were looking at low-hanging fruit, things that they could control. They were looking at their own government to start with, but the view was to expand out to the private sector companies to try to make them more efficient and make the government more efficient. Before we went with the SAP computer system, we had no idea that the Department of Industry was giving a grant to a company that was in arrears with our taxation department and not paying its PST. In fact, that was happening. I am not sure what systems are now being used through federal government departments, whether it is SAP or a different ERP system, but we wanted to ensure we knew what we were doing in our own house.

This was a very controversial type of legislation that we had to deal with. We had to deal with the sharing of databases. We had interjurisdictional issues. We also had to deal with the existing silos within the provincial government where each department was saying something different. For example, finance was saying that it could not do this because of certain reasons and justice was saying something else. In each department there were five or six involved in the legislation. Since each one had its own concerns, we needed to get them together and say that this was the way we were going and that we would need to accommodate to the changing environment.

That is a big problem and it is a big problem with the federal government as well.

We have had to do a lot in this whole area and the federal government was under a lot of pressure. Why did it wait so long when seven of the eight G8 countries have had legislation dealing with spam for a number of years?

At the end of the day, it is time to pass this legislation and get it through. Some debate will continue about whether we went far enough. There are some provisions that I will get to later but there are so many provisions to this legislation that it is impossible to deal adequately with them in a 20 minute time period. However, a lot of provisions in the legislation may provide some sort of upset or cost to our nation or to the businesses in the country. We will only know over time whether that will be the case.

I know that in dealing with legislation, governments try to the best job it can to have an open process by having witnesses come before committee to give expert testimony. Provincially, we have a system where we allow almost anybody to come and make a 10 minute presentation on a bill.

Having said that, we would have a similar bill to this where we would do a round of consultations over the course of a year and then we would have the hearings and the press coverage. Still, at the end of the day, a year down the road after we had passed the legislation and had the regulations in force, people in the affected business communities would come forward and say that they knew nothing about the legislation and that it was a total mystery to them. They would accuse the government of bringing in the legislation and causing them a lot of problems without having proper consultation, when in fact we could prove that we did a lot of consultation.

In the spite of the fact that we have done all this work and that it has taken so much time, I still anticipate that we will have some problems at the end of the day with people or companies saying that they did not know about it, even after all of the speeches and the consulting that has been done.

Some adjustments may be necessary. For example, small businesses are very concerned about the relationship they will have or will continue to have with their previous clients. The new laws put some restrictions on how they can deal with their clientele. Before the do not call list came into effect, it was routine for a business to contact its customers, in-house, over the phone or through the mail, regarding other products. However, they cannot do that anymore because it is not allowed.

The way the system works now is that customers need to give their agreement for the business to approach them. This will cause a lot of stress for businesses in the country. Every time the government comes out with a new set of regulations, businesses that are doing what businesses do best, which is conduct business, will need to retool their operations and re-educate their employees on what is involved. There is no end to the questions being asked about whether companies can contact previous clients and under what conditions they can be contacted.

We introduced the do not call registry but the government found that the system did not work so well. I think it is working a little better now. However, in the initial periods, some people who were put on the do not call list found that they were receiving more calls after they were on the list than they were before being put on the list. People were accessing the do not call list.

This bill would deal with the do not call list. As a result of the much improved wording in the bill, the government has the option to phase out the do not call list over a period of time. When that time comes, the government can simply invoke the provision of the act that allows it to eliminate the do not call list. The do not call provisions are covered under this bill.

The bill has a lot of good things with respect to the definitions and the wording. With the volume of clauses and changes in wording that we are dealing with, it is impossible to get into all of the minutia in a 20 minute presentation.

A lot of good improvements have been made to the bill. Three or four years ago, people were not aware of some of the technical terms and technology issues, so it is possible that this legislation will be outdated before it comes into effect.

I have mentioned the issue of fines a few times but I want to deal with it again. I want to look at the case involving Facebook. The fellow who had a $1 billion judgment against him by Facebook for spamming, basically turned it into a media extravaganza for himself. He was on all the national television networks as a result of it. He laughed at Facebook. Facebook spent a huge amount of money on lawyers and chasing him down to get this $1 billion settlement and he just declared bankruptcy. If we are dealing with the likes of that fellow and other people like him, how in the world will we be able to deal with them by passing this type of legislation? Let us take a look at what is being contemplated in this bill in terms of enforcement.

I do not have any complaints about it. It is a good idea to look at consent orders. However, we can always be suspicious of regulators who deal with consent orders because they may show favouritism to their friends or may not fine people who should be fined. People who co-operate and people the regulators like will get a consent order and a cease and desist order but no fine. People not in their favour may get fined.

Nevertheless, let us assume for a moment that consent orders are a good idea and will solve a lot of problems. If the consent order does not work, the backup is a $1 million maximum penalty for individuals and $10 million for corporations. That is not bad but I do not know of any corporation that can afford a $10 million fine that will be guilty of spamming in the first place. These big companies have lawyers. They know the law. They will not be spamming in the first place.

Who we will have spamming are offshore people, people who are hard to catch, people who do not have any assets or people who hide their assets. A consent order will not stop them. Fines will not stop them. It seems to me that only a jail sentence will put the skids on some of these people--