Bill C-27 (Historical)

Mr. Speaker, yes, I will. A witness told us. That was our concern. We knew that the question would come up when a clause was put in the bill that could abolish the national do not call list.

The question did come up, and there was no mention in the answer of abolishing the list. The government wants to be able to replace this regulatory system in future if necessary.

I believe that they want to abolish this list. I do not know why, since they are the ones who introduced it. It cost businesses $5 million to comply with the list. This bill contains a clause that could abolish it. That is unfortunate, because the do not call list has been in place for a year and it is working.

Mr. Speaker, when the government brought in the do not call registry, individuals signed up so they would not be called. Then we found out that international scammers simply walked away with that list because internationally the registry is not respected. All the people, who put their numbers on the list so they would not be called, found themselves victimized by fraud artists and scammers.

There is talk about taking the existing registry and rolling it into Bill C-27. That is possible and I am open to the suggestion. However, my concern is this. Given the fact that the government showed absolutely no teeth in dealing with all of the scam artists in the Cayman Islands, and wherever else, who obtained the list of our citizens, how are we going to ensure that we are protected from international scammers who have no interest in what we proclaim in the House of Commons?

The hon. member for Shefford has only 30 seconds left.

Mr. Speaker, that is precisely the problem. The bill does not mention what is happening at the international level. It only makes reference to what is going on locally, here in Canada. Anything outside the country is excluded. We do not hear about it and we cannot pass an international law either. We would need the G7 or G8 to pass a law that would be respected and endorsed by all its members.

I want to go back to the do not call list. I personally put the question to the chairman of the CRTC, who told me that the list is working. Federal public servants use it. I do not know why they identified it and included it in this legislation. I do not have an answer to that.

Mr. Speaker, I will be splitting my time with the member for Yukon.

I am pleased to speak to Bill C-27, the electronic commerce protection act.

I think that the last interchange is an indication that the legislation before us may have its shortcomings but the urgency with respect to bringing the legislation forward is undeniable. It is undeniable because of the invasiveness of spam and that people's lives can be turned absolutely upside down by those who use spam with the intent to defraud and to use information that is available through access to information. It has been pointed out that no technological firewall or router can act as a barrier and people are absolutely susceptible to those who have spent a huge amount of time thinking of how they can, through an email invasion, access information that will be used fraudulently.

This is not an issue over which the government or any particular party has proprietary rights. In this House we all share the responsibility to have in place a legislative regime that anticipates the nature of this invasion through electronic commerce with the intent to defraud or to put forward false information.

We all share the desire to develop the tools. This will not be the end. The committee has made amendments to original legislation that was put forward through a committee or a task force process. This bill will go through the Senate process. I would assure members of the House, and I refer in particular to the interchange that just took place, there will be other mechanisms undoubtedly, other tools that will be developed through the continuing process of developing the legislation.

I am sure there are people who are watching who only see bits and pieces of the debate. People do not always see the total context within which the debate on legislation is taking place. I would like to provide a chronology to put things in context.

Spam is a serious concern for individual Canadians and businesses. Back in 2004-05, the then Liberal government established a task force to look at anti-spam legislation. That task force brought forward recommendations which generally paralleled the bill before us. Those recommendations were aimed at prohibiting the sending of spam without prior consent as a first principle. The second principle was that it would be an offence to use false or misleading statements to disguise the origins or true intent of an email.

The task force led to a number of key recommendations. I think there were 22 recommendations in all. The government of the day established a series of round tables to seek input from the business community and the community in general.

At that time, the specific recommendations were to prohibit the sending of spam without prior consent as the first principle, to prohibit the use of false or misleading statements disguising the origins or intent of an email, and to prohibit the installation of unauthorized programs. Spam artists are so cunning that if a person does give clearance to a misleading and disguised email, information with respect to even the person's passwords can be made available, which gives access to the person's email content, websites, et cetera. The final principle that was established through that task force was to prohibit the unauthorized collection of personal information or email addresses.

This bill has all of the elements of those task force recommendations and looks to implement the recommendations of that task force. As I have said, this is not a Liberal approach or a Conservative approach; in fact, it appears that the bill has the support of all parties in the House.

There is one aspect of the bill that is different from the regime that was put forward back in 2004-05 under those recommendations, and that is with respect to fines and the implications with respect to what may happen if one is found guilty of violating the intent of the legislation. The fines for these violations can go up to a maximum of $1 million for individuals and $10 million for businesses. It establishes rules for warrants, for information, as was discussed by the last speaker and in questions, and in particular, that information being available through warrants during investigations and injunctions that can be sought on spam activity while under investigation.

The bill also establishes the private right of action, allowing individuals and businesses the ability to seek damages from the perpetrators of spam. That is a particularly important principle. We have talked about victims and victims' statements during criminal proceedings and recently with the bill that firms up the interventions with respect to parole and the ongoing communication with those who have been victimized with respect to how the provisions of parole are carried out.

This bill also attempts to err on the side of victims. It gives them the ability to seek damages from the perpetrators of spam, depending upon the nature of invasion of privacy and the activity that took place.

It was pointed out that the committee had some problems with flaws in this bill. Clause 6 seemed to be a little too broadly written and, as has been pointed out by other speakers, could suppress a very legitimate part of our application of technology and the whole sector. It could impose an adverse position with respect to those who are creative within the technology, the rules of the technology and so on. It was pointed out that the committee was not satisfied to that extent. However, amendments were made to the bill.

The bill also maintains a very strong and some have said heavy-handed position, but given the nature of the illegal activity going on, I think that all of the House would concur with the committee's intent to make those who are guilty suffer.

Generally speaking, those in the stakeholder groups were not satisfied with the original task force recommendations, and there may be some who are still not satisfied with the bill. However, as I have indicated, it has gone through the committee stage, amendments have been made and at this point I think we have to err on the side of those who use their email and other technology for positive and high value-added activity and go after those who would victimize those who are using the technology.

Mr. Speaker, I realize that there are certain provinces, I believe Quebec is one and Manitoba is another, that have class action legislation. Ontario might have it as well.

I wonder if the member could confirm that class action provisions might be applicable as far as the bill is concerned. It seems to me that if we are dealing on an individual basis, it is a much more positive approach if we could have the bill affected by class action lawsuits, whereby people could take action on the part of a whole group of people who were being victimized by certain types of spam activity.

I wonder if the member would comment on that and whether he has any ideas for improvements.

Mr. Speaker, I know that the hon. member is a lawyer, and I very much respect his knowledge of not only this kind of legislation, but the recourse that innocents would have with respect to the law.

The bill leans toward the concept of victims' rights. If victims' rights can be characterized through class action, and in other aspects of law, both civil and criminal, then that can happen. This is embarking on new ground. There will be many who will be viewing the intent of the bill and the legislation. It may be contested through the courts, but certainly the provisions with respect to victims would leave the door open, I would say from a lay person's perspective, to class actions. That would mitigate the cost associated with an action. Also, with the kind of publicity that is entrenched in that approach it would do what the bill, in terms of its intent is trying to do. It would put those who would use spam for defrauding and other criminal purposes on notice that more than individual court proceedings could occur. Class actions are very costly. The repercussions could be serious and would act as a deterrent, I would think. However, I am sure that the member would have better suggestions than I would from a legal perspective.

Mr. Speaker, the hon. member is always very succinct and informative in his speeches.

In his speech he talked about the fines, which he said were slightly different from the original task force recommendations. What specifically was he getting at? I would like his opinion on that. Also, I think there needs to be a significantly large fine for huge corporations because some of them look at a small fine as the cost of doing business and just carry on. It does not have an effect.

Mr. Speaker, there are those with legal experience who could probably give a better answer to that.

When I review the bill and look at fines of a maximum of $1 million for individuals and $10 million for businesses, it would seem that is a pretty serious step toward the objective the member has which I inferred from his question. In that there is not a regime that is that serious now, this would be a fairly substantive deterrent. These are very serious charges and very serious fines.

The whole process through the bill establishes a framework for investigation. The notion that there are rules to be established with respect to warrants, for information during an investigation and so on, certainly provides a framework which will make the bill a much greater deterrent, if it is fully understood, than exists at this time.

Mr. Speaker, in 2004-05 a Liberal government anti-spam task force consulted the public widely and had round tables with stakeholders. This important bill to limit spam did not come out of the blue. There were four major recommendations from the task force.

The first is prohibiting the sending spam without the prior consent of recipients. I cannot imagine anyone in the public who would not want this to come into effect very quickly. We all get hundreds and hundreds of nuisance and unwarranted spam. People must be dreaming for the day when they will no longer be sent. Quite often it is the very same message with a different title, which I will talk about a little later. This will be a very popular part of the bill for businesses and anyone who uses a computers.

The second is the use of false or misleading statements disguising the origin or true intent of the email. I am sure everyone has received emails that they have opened by accident because they are very clever titled such as “You haven't paid your bill” or other more creative ways of getting us to open the email. Then there is the very same email we received one hundred times trying to sell us the very same product.

The third major recommendation from the Liberal task force is the installation of unauthorized programs prohibiting that and no one would want that to occur.

The fourth is the unauthorized collection of personal information or email addresses. That is very significant. Canadians and businesses do not want the unauthorized collection of their personal information. All kinds of damage can be done.

We only need to go back to the debates we have had recently on commercial crime to see the huge multi-billion dollars in damages and lives ruined because information of individuals has been used for fraudulent purposes. Computer technology is relatively new. In a previous job before I became a member of Parliament there were no computers in business. In that it is a new technology, people, especially seniors who were not used to this throughout their lives, could easily be hoodwinked into giving personal information, which is then be used to victimize them. It is very important this not be allowed to continue.

Let us look at the scenario where millions of unauthorized, unwanted messages or spam go through the Internet. How important is the Internet to today's life? It is really a backbone for many people and for many businesses. The whole way that our society functions—

Order, please. The hon. member will still have time available in his time slot.

Mr. Speaker, I am pleased to rise this afternoon on debate at the third reading stage of Bill C-27, the Electronic Commerce Protection Act, the ECPA.

It has been estimated that spam costs the Canadian economy about $3 billion a year. It costs the economy through the use of such malicious means as malware, spyware, phishing, worms and viruses such as Trojan horses which enter computers. It costs the economy in terms of sapping Canadians' trust in electronic commerce.

Bill C-27 will protect Canadian consumers and businesses from the most damaging and deceptive forms of electronic harms and provide a regulatory regime to protect the privacy and the personal security of Canadians. The rules will encourage confidence in online communications and e-commerce.

The bill before us provides the CRTC, the Competition Bureau and the Office of the Privacy Commissioner with the tools they need to pursue those who would undermine the online economy and to work with one another and with their international counterparts.

The bill provides sharp teeth: administrative monetary penalties of up to a maximum of $1 million per violation for individuals and up to $10 million for businesses.

The bill before us is the result of a great deal of work by several different sources. On the one hand we have the recommendations of the 2005 report by the task force on spam. The bill has also benefited from Bill S-220 introduced in the other place by former Senator Goldstein.

Some features of the bill before us differ from what the former senator proposed. Perhaps one of the most important is using the CRTC, the Competition Bureau and the Office of the Privacy Commissioner to enforce the provisions rather than using law enforcement agencies as proposed by Bill S-220.

The RCMP has other urgent law enforcement responsibilities. We should not redirect their resources to the monitoring of unsolicited commercial e-mail.

I believe that both this House and the other place see the wisdom in using regulatory authorities rather than law enforcement agencies to combat spam. The regulatory agencies would be consistent with the regimes that have been put in place in other countries. This system would help promote international cooperation among the various agencies responsible for combatting spam.

In drafting Bill C-27 we have also looked at the experience of other countries in combatting spam. The bill draws upon what has worked in New Zealand, Australia and the United States. We have benefited from their experience, and the bill before us is based on the best and most effective aspects of the legislative initiatives from around the world.

Finally, the bill as amended, which is before us today, has benefited from the work over the past months of the Standing Committee on Industry, Science and Technology of which I have been a member.

As a result of the committee's work, several key elements of the bill have been strengthened and clarified without diminishing the core principles.

As hon. members know, Bill C-27 adopts an express consent regime designed to give businesses and consumers control over their inbox and over their own computers. It requires that an individual's consent be obtained in order to permit an ongoing commercial relationship. Once consent has been expressed by an individual, it remains until the individual opts out or revokes that consent.

The committee took a careful look at how to ensure that companies that use email to keep in touch with customers do not inadvertently find themselves in violation of the law. The implied consent provision has been expanded to include the conspicuous publication of an electronic address. If one publishes one's email on a website or in a print advertisement, one is considered to have consented to receiving unsolicited commercial messages, provided that the sender's message relates to the business or office one holds. Consent is also implied when one gives out a business card or provides an email address in a letter.

Similarly the amended bill clarifies that when a business is sold, the purchaser has implied consent to contact the customers of that business.

The period of implied consent has been expanded to two years from eighteen months following an initial transaction. This gives businesses an extended period in which to obtain someone's express consent to receive further commercial messages.

We heard from a number of different witnesses in front of committee. This may not have been what some wanted. They might have wanted a longer term, but the two years was agreed upon by the committee, and it was felt to be a reasonable amount of time.

Another area where the bill has been amended is in ensuring that updates to computer programs are not adversely affected by the protections we have put in place against malware and spyware. The committee looked at the impact the bill would have on the installation of computer programs. It has been amended such that the installation of updates is understood as a part of the original contract under which the software was installed.

Most of these programs call for automatic updates that take place daily or weekly to such things as antivirus software. A fresh consent will not be required each time one of these updates takes place. Programs such as JavaScript or Flash will also not require express consent each time they are run.

Let me say a few words about the private right of action included in this bill. Some hon. members have questioned whether a private right of action is needed. A private right complements the enforcement efforts of the CRTC, the Competition Bureau and the Office of the Privacy Commissioner.

I would remind the House that this feature has been very effective in the United States at shutting down those such as spammers who cause harm to the electronic economy. I believe it will be very effective here in allowing groups or individuals to pursue violators. The private right of action will allow individuals and businesses who suffer financial harm an avenue of recourse through which to be compensated and awarded damages.

Let me reiterate some of the things this bill does. The purpose of the amendments is to clarify some elements of this legislation and to address concerns that were brought forward from the witnesses during the testimony in front of the industry committee. The proposed amendments clarify the concept that legitimate online commercial messages are not prohibited, while reinforcing the vigorous safeguards for businesses and consumers in this bill.

The legislation is about reducing spam and other computer-related threats that discourage the use of electronic commerce and undermine privacy. This legislation restores consumer confidence in online commerce by protecting both consumers and Canadian businesses from unwanted spam. The Government of Canada is delivering on a key commitment that the Prime Minister made to Canadians and Canadian businesses back in the fall of 2008.

The proposed electronic commerce protection act will discourage the use in Canada of the most dangerous, destructive and deceptive forms of spam. Our goal is to ensure confidence in online commerce by addressing the privacy and personal security concerns that consumers associate with spam and related threats which deter consumers from participating in the online marketplace.

The bill proposes that all forms of commercial electronic messages will be treated the same way. Unsolicited text messages and cell phone spam are also prohibited by this legislation. Spam and related online threats can be reduced only through a concerted, cooperative approach aimed at undermining spammers, using a combination of public and private efforts. The Government of Canada continues to work closely with our domestic and international partners to address threats to online commerce.

The proposed government legislation affects the legislative recommendations of the task force on spam, which are a product of extensive consultations with businesses and other stakeholders during the task force's mandate. The legislation allows for administrative monetary penalties to be imposed upon those who violate the law by sending false and misleading email and who attempt to steal personal information.

The legislation also proposes this private right of action, which will allow businesses and individuals to take civil action against those who violate the law. All parties in the House have expressed their desire to strengthen confidence in online commerce. All parties are opposed to spam and see the dangers of it.

We have studied this bill at great length in committee. We have emerged with important amendments to clarify the bill. The time has come to pass the third reading of this bill in order to protect all Canadians.

Mr. Speaker, I wonder what the implications of the bill and its rollout are going to be to small businesses across the country that have had to deal with the implementation of the do not call list over the last couple of years, and the Privacy Act changes. A lot of small businesses find this very disruptive.

Does the government have any plans to communicate to small business and any plans to help them in any way, through information programs, perhaps using some of that government advertising to advertise that these changes are in the works? Are there any plans in this regard, regarding this particular initiative?