Industry Committee on June 9th, 2009

Mr. Chairman, thank you, and thank you to members of the committee, of course, for the opportunity to meet the committee to discuss Bill C-27, the proposed electronic commerce protection act, or ECPA.

Joining me today we have two officials, Helen McDonald, the assistant deputy minister for spectrum, information technologies and telecommunications, and Mr. Richard Simpson, who is the director general of the electronic commerce branch of Industry Canada.

Mr. Chairman, in little more than a decade the Internet has become a critical medium, not only for communicating but also for competing in the global economy. It has become an essential part of the daily lives of Canadians, and essential to Canadian business.

However, in recent years, the Internet and the online economy have become more vulnerable with the rapid growth and increasing sophistication of spam and other online threats.

So the legislation before you today is about encouraging the growth of electronic commerce by ensuring business confidence and consumer trust in the online marketplace.

In 2007 one report estimated that the global cost of spam was at $100 billion U.S. per year. Canada's share of this cost would be about $3 billion. So unsolicited commercial e-mail is more than just a nuisance. Along with the development of associated threats like malware, spyware, phishing, and various viruses, worms, and trojans, spam has become a major disruption to the Internet and to the Canadian economy as a whole.

A growing chorus of voices across the nation has called for legislation to protect Canadians and the Canadian economy from spam.

The Canadian Chamber of Commerce has described spam as, and I quote, “a considerable burden not only to consumers, but to the business community.”

Major industry associations, including the Canadian Marketing Association, the Canadian Bankers' Association, the Information Technology Association of Canada, and the Canadian Association of Internet Providers, have called for new laws to address this issue.

In October 2007, nine major industry representatives at the Canada Roundtable on the Future of the Internet Economy confirmed their support for legislative action to deal with spam and other threats on the Internet.

We have listened to their concerns, and those of millions of Canadians who have seen their email cluttered and clogged with spam and their computers compromised by the threats that spam causes when it slips into their software and disrupts their lives.

Mr. Chair, it is time to act.

We have debated this bill at second reading, and I am gratified to see the support this bill has received from both sides of the House. In fact, I must say that several parliamentarians have been calling for some time for legislation that would curb spam and other threats to the Internet and the online economy.

Senator Donald Oliver, for instance, in the other place, has introduced bills to combat spam. During last September's election campaign, the Prime Minister announced that if re-elected, the government would introduce anti-spam legislation.

I would also like to acknowledge Senator Goldstein and his bill, Bill S-220, which was introduced in the other place last February. I believe the bill before us improves upon his bill in that it empowers specific agencies, at royal assent, that would have the power to enforce the law, including the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner. Like Bill S-220, this Commons bill also allows for a private right of action.

The honourable member for Pickering—Scarborough East emphasized the need for international action against spam. I would point out that the bill before us provides the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner with the authority to work not only with one another, but also to work with their international counterparts. The honourable member for Pickering--Scarborough East also pointed out the importance of administrative monetary penalties that have teeth. I should mention to this committee that this bill provides for AMPs up to a maximum of $1 million per violation for individuals and up to $10 million for businesses.

During our debate in the House of Commons, other members from the Liberal benches spoke in favour of the principles of this bill. The honourable member from Scarborough—Rouge River told the House that he was pleased to see the private right of action included in the bill. This right would allow users and businesses to take civil action against anyone who violates the act. This remedy has been very effective in the United States, Mr. Chairman, and is one example of how we have adopted the best practices from around the world.

The NDP have a solid history of favouring anti-spam legislation. Last fall their election platform contained a commitment to “Combat identity theft and control online computer fraud against...consumers and seniors” and against “spamming and phishing”. During second reading, the honourable member for Nanaimo—Cowichan reminded us of spam's impact on the productivity of Canadian workers. She reminded us that Canada is the only G-7 country without anti-spam legislation, and I would like to assure her, through you, that the bill before us benefits from the best practices of the jurisdictions that have gone before us in introducing anti-spam laws.

The honourable member for Timmins—James Bay has been an outspoken champion in protecting Canadians from spam. When speaking to this bill, he expressed concern about the implications Bill C-27 will have for the national do-not-call list. The honourable member for Scarborough—Rouge River, also from the Liberal Party, raised concerns about the national do-not-call list as well.

I should mention to this committee that the do-not-call list is up and running, and it is effective; over six million Canadians have signed up. At this point in time we always have the ability to review these things, but we would like to see the DNCL continue for the time being, and we do not want to shelve it with this legislation at this particular moment in time.

As my parliamentary secretary indicated during second reading debate, Bill C-27 will not abolish the do-not-call list. In fact, subclause 6(7) enhances do-not-call lists because it carves out telemarketing by exempting interactive voice communications, facsimiles, and voice recordings to telephone accounts from the application of the act.

It's well known, however, that with the convergence of technologies, the distinction between voice telephony and Internet-carried communications, for all intents and purposes, is disappearing. Clauses 84 to 86, which could repeal section 41 of the Telecommunications Act and the do-not-call list, would not be proclaimed by the government until it is necessary to deal with such changes. That is to say, we are going to continue to monitor how this particular aspect of the bill changes over time and we will have the flexibility to react to those changes.

The Bloc spoke in favour of the principles of this bill. The honourable member for Chicoutimi—Le Fjord reminded us of the increase in the amount of spam and wondered whether businesses were changing the way they contact consumers.

Before the debate adjourned on May 7, I believe the honourable member for Jeanne-Le Ber was about to make a point about the difficulty of policing the Internet. It's unfortunate that the debate was cut off at that moment, because I appreciate the concerns about the challenge of enforcement when communications technologies know no borders. However, I'd like to assure the committee that it is indeed possible for anti-spam laws to have a huge impact.

In Australia, for example, after the Spam Act came into effect, the proportion of global spam originating from that country was greatly reduced. Some major spammers, particularly pornographic spammers, closed their Australian operations altogether.

Mr. Chairman, during second reading, two themes recurred in most of the interventions. First of all, all parties support the intent of this bill. We just want to ensure that we get the details right. Second, many speakers said they looked forward to examining the bill in greater detail here at committee.

I'm pleased that we have the opportunity now to do just that. I encourage members to read it through, to understand the intent, and to ask questions. You'll see that the legislation in front of you is solid and considered and that it will make a big difference in protecting Canadians in the online marketplace.

On that note, Mr. Chair, I'll be very pleased to hear from the committee members. If there are more technical aspects to this bill, we have departmental officials to answer your questions and clarify those more technical provisions that may require explanation.

Thank you.

Thank you very much, Minister. We'll have about an hour and fifteen minutes of questions and comments from members, beginning with Mr. Garneau.

Thank you, Mr. Chair.

First of all, I'd like to thank the minister for his comments, and I would like to reiterate to him in no uncertain terms that the Liberal Party welcomes Bill C-27 in the interests of combatting spam. There's no question that we're very glad to see this as a follow-up to the task force that rendered its report back in 2005.

However, having said that, I must mention some very significant concerns about Bill C-27 that have been expressed to me in the course of the last few weeks.

If I could try to summarize, the net has been cast in order to eliminate spam, but it has been cast in a very broad manner. The devil is in the details, and there are significant concerns about its having some negative effects. Casting the net so broadly has also left certain definitions so general that the interpretation of something as simple as a computer program can be taken in a number of ways. With respect to the anti-spam provisions, the scope is too broad at this point, specifically with respect to the consent provisions contained in the bill, and exclusions are too narrow. The unsubscribed requirements are unworkable, and this could have a chill on legitimate commercial speech and e-commerce.

We want to help fix that, because the anti-spam bill is a good thing, but we have a lot of work in front of us in order to address some of the specific concerns that have been expressed to us by people who also want to see Bill C-27 come into play.

As a first question, I assume the team that put together the bill has consulted legislation from other countries. There are recent examples of legislation in other countries, and you mentioned Australia; Australia is one example, and New Zealand is another. Have other countries' legislation been consulted in the process of putting this bill together? At first sight, some of what they have done appears to address many of the concerns that have been expressed to me by various organizations.

Thank you. I'll just pass it over to Helen.

How about New Zealand and Australia?

I would suggest that we need to look at some of the things they have done that get around some of the objections with respect to the scope being too broad. In terms of defining some of the words that are used in this legislation, let me bring up a couple of examples.

One has to do with extraterritorial provisions. The anti-spam and message-altering provisions that exist at the moment apply to any message when a computer system located in Canada is used to send, route, or access the electronic message. The key word here is “route”. As you know, the way the Internet works is that we can have messages flowing through Canadian computer systems that don't originate in Canada and are not ultimately going to end up in Canada. The use of the word “route” is problematic in this particular case. That is an example that I think perhaps you may want to address. We need to address it.

Mr. Simpson, go ahead.

Getting back to defining some of the terminology here, when we think of HTML files that are regularly used in accessing websites, or JavaScript, which is another common example, or updating programs that some of us use, for example, Symantec antivirus software, those would not be looked upon as spam, and yet, by the definitions that exist within clause 8, I believe, they could be looked upon as being spam.

So again, that is something that needs to be tightened up. It needs to be clarified so that it doesn't create serious impediments to legitimate users.

No. We have noted that particular concern about clause 8, I can tell you, Mr. Garneau. I guess what we're trying to do is provide the right balance. Clearly, if you're getting an upgrade, if there's an implied consent or some other mechanism so that we can have these reinstallations or upgrades in our computers, that's an obvious legitimate practice.

We have to make sure that is legitimate, but we don't want to leave the barn door so wide open that the bad guys can use that as the way to get the spam in. We're prepared to work with you to get the right kind of language that will balance this off appropriately.

Thank you, Mr. Minister.

Thank you, Mr. Garneau.

Monsieur Bouchard.

Thank you, Mr. Chair.

First of all, Minister, you know that the Bloc Québécois supported the bill at second reading. As a committee, we want to hear from the various witnesses, we want to know their opinions and listen to what they have to say.

This bill will affect three bodies: the CRTC, the Competition Bureau and the Office of the Privacy Commissioner. I would like you to describe what role each will play, as well as the kind of coordination they will engage in. How will they coordinate their efforts while being effective and efficient? You have three major players. Will these organizations keep up a dialogue? I would like you to speak to their respective roles and to how users and consumers will benefit.

Thank you.

Ms. McDonald and Mr. Simpson may have something to add, but I would like to say a few things.

In its final report, the Task Force on Spam recommends that, and I quote, “enforcement of new legislative provisions addressing spam should be undertaken by existing agencies.” Of course, that means that the CRTC, the Competition Bureau and the Office of the Privacy Commissioner are organizations that we can use to protect the public from spam. Similar legislation has already been passed in other countries including Australia, New Zealand and the United Kingdom.

Ms. McDonald may have something to add.

As you know, in some cases, spam makes it very difficult to use the Internet. It really hinders the effectiveness and efficiency of email.

Your bill excludes telemarketing so that it is not subject to the legislation. From what I understand about telemarketing, it is solicitation on the Internet. So how can this bill protect against all solicitation of that nature? The first thing people do in the morning is clean their computers because of all the spam they receive. If the bill excludes telemarketing, that means that users, consumers, will still receive telemarketing messages they do not need.

I would like to hear your thoughts on that. How can you ensure that users and consumers will be protected when they are on the Internet at their workstations?

Right now, technologies are converging, and in the future, it will be possible to have a convergence of the telephone and the Internet. But for the time being, we have the national do not call list for the telephone. For other means of communication, such as the Internet, our legislation establishes a system.

Thank you, Madam McDonald.

Thank you, Mr. Bouchard.

Mr. Lake.

Certainly. I think, for instance, there are legitimate e-mail marketers who want to communicate with their clientele. What we've tried to do is create both explicit consent and implied consent in those situations when there's a pre-existing business relationship.

I used to be in the legal beagle business. Let's say you've got clients. You're a lawyer with clients, and you want to send them updates about particular aspects of changes in the law; let's say anti-spam legislation, for instance. Obviously, there's a pre-existing business relationship, and those kinds of things do imply some consent by the receiver of that information, by the consumer of that information. We're not trying to interfere with the legitimate e-mail practices of legitimate businesses, of course.

We have the implied consent mentioned in the legislation. We can further hone that down in the regulations as well, where we can describe further circumstances where marketers can rely on implied consent. Again, we're not trying to interfere with the existing business relationships. We're trying to deal with bad guys who right now can drive a truck through the open barn door because there's no regulation.

I have a question for Ms. McDonald or Mr. Simpson.

Often when you go through legislation like this, once you put it out, there are folks who want to comment on it, express concerns, or get some clarification. I imagine you've had some folks comment or contact you regarding this. What kinds of common concerns have been expressed at this point?