Industry Committee on June 16th, 2009

Thank you, Mr. Chairman.

On behalf of the Canadian Marketing Association, we're very pleased to appear before your committee to speak about CMA's view of Bill C-27, the proposed Electronic Commerce Protection Act. Joining me here today is the chairperson of our association's ethics and privacy committee, Madam Barbara Robins, who is also vice-president of legal and regulatory affairs for Canada, Asia-Pacific, and Latin America for Reader's Digest.

The Canadian Marketing Association is the largest marketing association in Canada, with 800 corporate members and subsidiaries, including the country's major financial institutions, insurance companies, publishers, retailers, charitable organizations, agencies, relationship marketers, and those involved in e-business and Internet marketing. The association has a code of ethics and standards of practice that is mandatory for our membership. It is a self-regulatory code that provides CMA members and other marketers with a comprehensive set of best practices, including those related to consent-based e-mail marketing. The CMA was pleased to be a significant contributor to the 2004 and 2005 task force on spam. While there have been many changes in both the economy and relevant technologies since the work of the task force, we're pleased to see that many of its recommendations are reflected in Bill C-27.

Electronic commerce in Canada has evolved rapidly, and it has grown to become a key marketing channel. Research conducted for CMA by Global Insight calculated that for 2007 the Internet as a marketing channel drove nearly $17 billion in sales revenue and supported some 75,000 jobs in Canada. The current economic climate notwithstanding, this is a channel that will continue to grow and is expected to become the dominant driver, with anticipated sales revenue to climb to nearly $46 billion by 2011.

The 2009 global consumer e-mail study issued by Epsilon confirms that e-mail is the primary online communications tool for 87% of North Americans and that it continues to grow as a means replacing traditional transactions. Unfortunately, people identify two-thirds of that e-mail as spam, and that view, along with more serious spam-related threats of fraud and identify theft, continues to undermine consumer confidence in the channel. At the same time, ethical businesses see their brands hijacked and online customer relationships jeopardized.

The CMA supports the Electronic Commerce Protection Act because we believe it will put in place a framework and enforcement regime to significantly reduce spam and go after malicious online activity while balancing that goal with the need to promote economic activity and allow responsible marketers to continue using the channel for consent-based electronic communication. We do have some comments and specific suggestions that we believe would make Bill C-27 a better piece of legislation.

First, CMA believes it is premature and unnecessary to include clauses 64 and 86, the provisions that would allow for the dismantling of the national do-not-call program. While the government correctly points out that technology convergence may at some point make this a sensible option, we believe that such proposed changes, along with an assessment of the program, should be brought back to Parliament for careful consideration at such a time. At this point, the only real measures of the program consist of a Harris/Decima survey conducted for the Marketing Research and Intelligence Association, which found that 80% of the nearly seven million Canadians who have registered for the service find that they are getting fewer calls.

We're also pleased to see the exemption in the bill for business-to-business commercial electronic messages that is set out in paragraph 6(5)(b). Although we do feel that the current language could prove to be more restrictive than intended, we understand that Parliament does not want to impede regular communications between businesses. To clarify this point, the committee could look at alternative language, perhaps that used in Alberta's Personal Information Protection Act, to exempt the business contact information. That language would accept all business-to-business electronic communication that--and this is a quote from the Alberta legislation--

is for the purposes of contacting an individual in that individual's capacity as an employee or an official of an organization and for no other purpose.

We expect that other witnesses will offer more detailed assessments; however, we recognize there is a concern about the installation of the computer programs prohibition that's contained in clause 8, and that could adversely affect some commonly accepted and routine online interactions. These include software transfers to facilitate program updates and to identify browser preferences so as to enhance users' online experiences.

We believe the committee needs to carefully examine these provisions with the input of expert witnesses, with an eye to providing greater clarity as to the impact.

CMA supports the notion that the ECPA requires adequate penalties as part of an effective enforcement regime. However, we are concerned that the multi-million-dollar administrative monetary penalties proposed in the bill are excessive, given that they are not subject to the same rules of evidence and due process of civil and criminal proceedings. So we would ask that the committee consider the potential chilling effect this could have on law-abiding companies engaged in commercial electronic communications.

I point out to the committee that when the national do-not-call program was put in place, the penalties in that act were up to $1,500 for individuals and up to $15,000 for companies, for each transgression. The penalties in Bill C-27 are considerably larger than that.

We recognize that the ECPA takes a different approach than the CAN-SPAM Act in the United States, but we have a couple of suggestions to improve consistency between the two laws. Specifically, we suggest that the required contents of a message be changed to specify that only the identity of the sender need be included in the message. We also suggest that the timeframe for executing unsubscribed requests should be clarified as being 10 working days. In the act currently, it is 10 days, and making that small change would put marketers who are engaged in marketing campaigns across both countries on the same page in terms of the legal requirements.

Finally, we take this opportunity to ask for the committee's support in urging the government to commit to a thorough public communications program when the law goes into effect. We ask that the government adopt a pre-implementation program and timetable that will promote business preparedness for the new framework. This will help to build compliance, while at the same time reducing consumer complaints.

Barbara, do you have anything to add?

I would like to echo the comments of Mr. Hill on behalf of all of the members, entities and businesses that serve on our association's ethics and privacy committee.

Consider, for example, Reader's Digest which has been publishing in Canada for at least 70 years. Our company wants and must adapt to new technologies such as the Internet, the Web, and so forth. It is very important to Reader's Digest and to other business members of the association that their legitimate businesses activities not be confused with those of businesses that send out electronic business messages without consent. That is the first reason why we support this bill.

Secondly, we support the bill because it calls for a very reasonable and balanced approach to be taken. The proposed section 13 stipulates that the burden of proving that consent has been obtained, pursuant to sections 6, 7 and so on, falls to businesses. However, the bill is drafted fairly and allows businesses enough flexibility to decide on the required approach to securing consent.

Thirdly, the bill is consistent with many other laws in place in countries around the world. For instance, Australia, New Zealand and Singapore have had legislation that adopts a similar approach in place for several years. For Canadian businesses that operate on an international scale, it is important to have a more or less harmonized approach. However, Canada must retain its reputation of having very solid legislation. This is not considered a lightweight piece of legislation.

Thank you, Mr. Chair.

I send apologies on behalf of Shirley-Ann George, our senior vice-president of policy, who is ill today.

Appearing with me today is Barry Sookman, who is with McCarthy Tétrault. Barry is widely known as an expert in Canadian technology law. He is the author of the leading Canadian five-volume treatise on computer and Internet law and is an adjunct professor at Osgoode Hall in Toronto.

It is a pleasure to be able to present the views of the Canadian Chamber of Commerce and our members on Bill C-27. As many of you know, the Canadian Chamber is the largest business organization in Canada, with membership of 175,000 businesses in all parts of Canada. Our members include both the largest and the smallest of companies. We pride ourselves on being the voice of Canadian business and work hard with politicians and government officials to ensure that Canada's business community is able to maximize its economic and social contribution to our national well-being.

Let me start by saying that the Canadian Chamber strongly supports the goal of eradicating spam. We also participated in the 2005 spam task force, and at our 2007 annual general meeting, the Canadian Chamber and our members from coast to coast to coast passed a policy resolution calling for measures to curb spam. Today, Canadians and Canadian businesses of all sizes and from all regions need effective legislation to limit the scourge of spam. At the same time, Canadian business does not need to be burdened by overly broad legislation that restricts legitimate business activities. To net it out, we need to deal with the bad guys that waste countless and costly hours in every business in Canada and use the Internet to distribute mass mailers that prey on the vulnerable.

Bill C-27 is still a work in progress, and we are here today to call for much-needed modification. This bill, as currently drafted, may render thousands of commonly used computer applications illegal. It would submit Canadian businesses to potential fines of up to $10 million. This new Electronic Commerce Protection Act would also amend the Personal Information Protection and Electronic Documents Act, PIPEDA, to submit Canadian businesses to civil suits resulting from violations of the act. This bill would also effectively prohibit the formation of new business relationships over the Internet or through e-mail. It would also severely limit the use of the Internet for the distribution of software and software updates.

We appreciate the government's efforts to introduce and pass a bill that will help stop spam. Unfortunately, this bill needs to be fixed. We urge members of this committee to take their time with this 77-page bill, so that government can bring to you the necessary repairs, and so you can pass a bill in the fall that we can all agree on, one that will be effective in stopping spam while not inhibiting legitimate business practices.

I will now turn it over to Barry to discuss the specifics.

Thank you, Susanna. Thank you, Mr. Chair.

I would like to reiterate the importance of legislation to deal with problems being tackled by Bill C-27. I think everyone agrees with the basic objectives of the bill. Some of the features of the bill, however, could create inadvertent problems. I will focus on these problems, but my comments should not be taken as a lack of support for the bill.

At a high level, there are two main problems with the bill. First, the bill does not adequately balance the objective of preventing unwanted or harmful behaviour with the objective of ensuring that perfectly legitimate acts are not made illegal and the goal of preserving the vitality of the Internet for electronic commerce. Second, it introduces conflicting or unnecessary regulatory regimes that needlessly impose significant costs on business.

The scope of the anti-spam provisions are very broad. The ECPA applies to all electronic messages, including messages that are business to consumer, business to business, consumer to consumer, and consumer to business, subject to very limited exceptions. To be caught, messages must simply have as a purpose to encourage participation in a commercial activity. The limitations on the constitutionally protected right to commercial speech are far broader than legislation passed by other governments. Its open-ended net could result in making perfectly desirable communications illegal.

Australia and other countries also use the term “commercial electronic message”, but they confine its application to a defined list of business-to-business and business-to-consumer messages that offer to supply, advertise, or promote a product and service essentially to direct marketing.

It has been argued that we shouldn't worry about the scope because there are exceptions that cover all legitimate communications. I almost missed the business-to-business exception when I first read it because it was so narrow. It applies only to sending a message that consists of an inquiry or application. It doesn't permit a range of messages that can be sent to a business, including sending e-mails to a potential new partner, distributor, or supplier about potential new business, even if their contact details are published on the Internet, or sending out e-mails to a contact list developed over a lifetime when starting a new business or changing jobs would also be prohibited. Even including an e-mail invitation to go for a coffee or lunch to talk about business could be banned, unless you've entered into a contract with that person in the last 18 months. The bill would literally also prohibit consumers from e-mailing retailers, demanding a refund, asking for support, or making a warranty claim within 18 months after purchasing a product.

The examples illustrate the problems associated with the so-called features of the bill. Regulations to expand exceptions will never keep pace. It is far easier to use regulations to close loopholes spammers may devise than it is to keep pace with the indefinable and potentially unlimited range of messages that may be communicated among Canadians. There are also significant potential problems with the personal or family exception.

You have also been told not to worry about the broad prohibitions in the bill because consents are implied in many situations, but under the bill, implied consent exists only where the sender has an existing, narrowly defined business or non-business relationship. That definition does not catch the diversity of actual business relationships that entities may have. The consent provisions are much narrower than in other jurisdictions, such as Australia and New Zealand. These countries accept that consent can be expressed or implied from the conduct of a business and other relationship, or inferred from a conspicuous publication of an electronic address on a website.

PIPEDA, our privacy legislation, permits consent where it may be inferred from the action or inaction of the individual. This standard was agreed to by all stakeholders as part of the CSA model code in PIPEDA, so the impact of the ECPA's higher standard would be that legitimate Canadian businesses would now be subject to conflicting standards. They would have to revisit all of their practices, and this is especially of concern to the chamber members.

The extraterritorial effect of the bill is problematic for Canadian companies.

The address harvesting provisions are not tied to the collection of information for the purpose of using it to send spam, as it is in other countries.

The bill would render inapplicable all of the general exceptions in PIPEDA that are used to collect, use, or disclose personal information. This would include exceptions for private and public law enforcement or to comply with subpoenas, warrants, or orders made by courts. It could be very significant for private and public law enforcement in Canada.

There is also no exception covering network service providers caught by these provisions.

The anti-spyware provisions make it illegal for a business to install any computer program on somebody's computer without consent. The prohibition is not limited to “malware”.

The spyware provisions would establish a whole new and unnecessary regulatory regime covering the installation of beneficial computer programs. No one has studied the costs and technical difficulties of complying with these new rules with the myriad of digital devices that exist today and that will be used in the future.

I would like to thank the committee for the opportunity to speak today. I look forward to answering any questions you may have and working with you towards getting a stronger and better bill as soon as possible.

Thank you, Mr. Chair.

Merci, monsieur le président.

Mr. Chair, I am delighted to be here this afternoon to voice our support, as a business association, for this anti-spam legislation.

I'd like to begin by telling you about our association. We are well known, but it might be a good idea to remind you that

the companies that make up our membership—we're the national association of the information and communications technology industry--make the hardware, make the software, offer the services, and create the applications that make the Internet, make it work, and help people use it. Our members are very heavily involved in fighting spam and fighting malware and in helping Canadians to fight these. They deploy tremendous efforts to do this, and we believe that legislation will help in that fight. We therefore support the bill, and we support going after spam--spam against consumers and spam against businesses as well.

I was also personally a member of the spam task force, and I recall that we had a lot of discussions around the concept of spam and the fundamental approach to the issue. All the members of the task force, whether consumer representatives or business representatives, agreed to an opt-in regime, which, by the way, was not the rule in the U.S., and we thought there were flaws there. We also agreed that legislation should cover more than spam and address other topics such as spyware and malware, but I have to say we did not have as much discussion there about what particular approach to take. We definitely wanted to have something that would go after spyware, but we hadn't resolved how to do that without impeding a lot of the legitimate transactions that take place.

We are here to offer our expertise to the committee, and we're offering to bring our expertise and work with the government to handle the changes we need to make to the bill to make sure it doesn't have unintended consequences. The whole purpose of this legislation is to facilitate and increase confidence in the use of the Internet and the digital economy by Canadian businesses and consumers. We approach the changes that we need to make to the bill so that they actually achieve that purpose, as opposed to possibly impeding electronic commerce and making it in some cases more difficult to protect consumers. For example, as Barry has indicated, there are some practical, day-to-day things that everybody would say absolutely need to be able to continue, and they should not be made illegal under the bill.

I see two categories here. When we're talking about spam itself and areas such as implied consent or inferring consent from the circumstances, I think all of us can look to a specific list of practical day-to-day examples and say let's work on the language of the legislation so it does not cover that.

Then there are more technical aspects to the bill. When we come to spyware and malware, or redirecting ISP addresses, or harvesting ISP addresses as well, we fall into a world where even the lawyers who have been involved in this area for many years need to go to our technical people and say let's think through how things work, and ask for some examples of how things happen on the Internet to help users or consumers. We don't realize how it works, and until we do, we may not be able to get the right language in the bill to make sure we don't capture things we don't like.

All our computers need to be protected against malware almost instantaneously when we turn them on, for example. Every second the computer is on the Internet and not protected leaves it open to being infested with viruses that are very difficult to deal with.

Just to give you an example, if you put in a system that has to have the consumer approve a very urgent patch to a gap in security on the computer, the consumer might click on that right away or they might go and get a coffee while the computer is getting turned up, and then you go a few minutes with the thing unprotected. So you don't want that.

You also want certain interventions to be done without really representing a significant transaction. There may be things that happen very automatically, very quickly, and you don't want to start impeding that by requiring explicit consent.

It might be difficult to describe that in sufficient terms, broadly enough, up front, to get the kind of consent you need. It's the same with the redirection of addresses. Sometimes it could be more than just an ISP or a service provider who furnishes the access to the Internet. It can be a site or a service provider that provides you with a portal or services. It could be a search engine and so on. Sometimes you type in a name wrong and the service will redirect you to the correct address you really wanted, and sometimes they will remind you, “Did you really want to spell it this way?” Those are all things that happen instantaneously and very smoothly on the Internet. We don't want to start making that very complicated.

For us, therefore, as I say, we need to work with our technical people to say let's think through all these things and then we can make the changes that are required.

I want to finish by saying that we support getting this bill through and we do not want any undue delay in it. I would say that's the basic theme that I find when I talk to the other business associations. We explain sometimes, by referring to principles or whatever, what we see are problems with the bill, but from our standpoint, the changes that are needed are doable. They're not changes in the principles of the bill. They fit the principles of the bill, and we suggest we approach them from a practical standpoint. You will find that we can make the changes that are needed to have the bill actually achieve its purpose, which is to facilitate electronic commerce and facilitate the use of the Internet by Canadians.

Thank you.

Thank you.

My name is Suzanne Morin and I work for Bell Canada.

I am assistant general counsel at Bell Canada, as well as Bell's privacy ombudsman. However, I am here today in an individual capacity.

You might wonder why. Bell Canada is a member of all the associations appearing here; however, I participated on the task force as an individual and I just thought it might be useful for me to share with you, in my own personal capacity, some of those experiences, but also why, as an actual representative from an organization, I was on the task force.

Since the early 2000s, we've been doing some work internationally with our counterparts as well as with governments on the Internet Law and Policy Forum, as well as on the Global Business Dialogue on Electronic Commerce, where we really initiated some of the beginnings, if you like, of the international discussion around spam and what to do about it. As you've heard today, no one can really define what spam is because it's all a matter of someone's perspective, but everybody agrees that there is definitely a whole bunch of e-mail out there, the millions and billions of e-mails you hear about that clog up our networks and fill up the inboxes of users.

Through a lot of that international discussion, where players ended up was determining that there were two buckets, if you like, of unsolicited e-mails. There was that bucket that was truly harmful, where this wasn't about seeking consent to use someone's e-mail; this was about using false headers and false reply addresses, and it included selling false goods. There was this notion of falsity and fraud incorporated in them.

Then there was this other bucket, becoming smaller and smaller as the years progressed, because as you've heard, unsolicited commercial e-mail represents about 90% of e-mail circulating on the Internet today. So this smaller bucket was more in the sense of fair practices and whether or not organizations were actually adopting those. For example, the real estate agent scenario that we've heard about over the last week is not the kind of situation that internationally we thought actually made sense to go after, because typically privacy legislation would deal with those kinds of scenarios. So that , because we have privacy legislation here in Canada, and it would be perfectly normal that the complaint would be dealt with through that complaint process, through a kind of one-on-one, and usually the Privacy Commissioner would try to mediate that away. So we have existing privacy legislation in Canada--if we come ahead a few years now--that can deal with a lot of the scenarios and a lot of the unintended consequences potentially than what ECPA does.

However, ECPA definitely has a lot of the tools that in fact are needed to go after the really bad actors, those 17 bad spammers who still live and operate in Canada. A lot of different organizations can tell you, “We know who they are, we know where they live, and we know how they operate. We just need the tools in order to be able to go after them easily.”

If you compare that, however, with some of the statements you heard just a few moments ago, the issue is how do you balance a new regulatory regime to go after these bad actors while not imposing on legitimate Canadian businesses, who are really subject to privacy legislation and consumer protection legislation? And there are definitely different approaches to legislation.

I support privacy legislation, but how do we ensure that balance, given the framework that's been adopted? I think what you've heard here is that a lot of people have spent a lot of time thinking about these issues, and this is a very complicated piece of legislation. Every day that we speak with Industry Canada, either at a hearing here or over the phone, we better understand the intent behind some of the provisions that were there. But we don't fully understand the potential consequences it might have and how it might actually play out.

So I think what you've heard is that additional time is needed to work with Industry Canada. They've gone through a lot of effort to try to deal with some of those unintended consequences to try to make sure that legitimate businesses aren't hampered. But those are in fact good intentions, and words on a page are interpreted by courts and by regulators, and we don't know who will be interpreting those words. Just like that real estate agent example, he or she shouldn't have to file an undertaking with the CRTC if they make a mistake. They should be dealt with before the Privacy Commissioner's office through a very simple complaint and that would go away.

The last thing I might mention, in closing--because the dialogue that might happen is what we are really looking forward to--is that I actually filed a second spam complaint with the Office of the Privacy Commissioner, along with Professor Michael Geist. PIPEDA, our privacy legislation, proved to be perfectly capable of dealing with that situation. This was someone who owned pontoons on the east coast and wanted to sell them. He engaged a third party to send out e-mails to professionals. I happen to be a lawyer, so I was on a list of lawyers he got access to. It was as simple as that. I just happened to be on the task force at the time, and I thought this was perfect: a Canadian selling Canadian goods in Canada. Do we have legislation that can deal with this? Sure enough, PIPEDA rose to the challenge. The person changed his practices. His e-mail marketer changed their practices, and that was great. He wasn't subject to having to sign undertakings. He wasn't subject to significant AMPs.

The last point is a little bit of a discussion, and Mr. Hill referred to it as well. Is legitimate business being faced with significant monetary penalties, whether they're from a regulator or through private right of action? There is a lot of expense for organizations to ensure that they do their due diligence and change their practices so they aren't subject to those types of suits, whether it's before a regulator or before the court. Again it's the notion of balance. How do you go after the bad guys without unintentionally overburdening legitimate business?

With that, I welcome your questions.

I'm not sure that one approach is the right one for all the elements of the bill. For example, when it comes to spam, you could either narrow the definition of spam and make sure you catch all the bad behaviour, or you could take a broader definition of spam but work quite a bit on inferred consent and implied consent.

With spyware, you could either create a longer list of things you think are good--software downloads and update patches--and make sure all those exceptions are covered and the regulations can add more, or you could just put in the definitions of the elements of spyware.

In the case of spam, it might work better to look at implied consent and legislation that's been used in other countries that we know works in practice. We could take the best of that and make sure we go through the practical examples and say, “Okay, if we write it this way, then these good examples will not get picked up.” So those are the pros and cons there.

I think everybody would agree pretty quickly on the list of five or six things that constitute malware--the bad things in spyware. You can say in the regulations that we can add to that if the bad guys think of new ways we haven't thought of to date. I think there would be very few examples of that happening. If you try to do the reverse and define all the good things that take place that shouldn't be captured by your anti-spyware provision, we'll have a much harder time exploring that total universe. You have very different types of transactions that take place.

I think the pros and cons weigh in favour of defining upfront the bad things you're going after and allowing additions to that, rather than trying to define upfront exceptions that wind up being longer and longer. You're going to fear that you haven't caught certain circumstances, and someone might find themselves subject to massive administrative monetary penalties or private lawsuits while you think through the legislative changes or the regulatory changes, because regulations don't get changed in 24 hours.

Yes. That's why I'm saying that these are very specific changes that need to be made. When you define the spyware provision, you can then put the specific items. That's not a big change to the legislation. It doesn't affect the principle. In the case of spam, you can define those implied consent things.

When we say yes, it's a little too broad, it doesn't mean that bill needs wholesale change. It means you look at very specific sections and say that we can add some language that narrows it either in the upfront definition or by setting out more or broader exceptions.

Yes. Thank you.

If I could supplement that, I agree with a lot of what Bernard was saying. The international experience is really helpful on this, because many countries have gone before us in enacting this kind of legislation. There is now a fair consensus that Australia is a good model for this. Their legislation was followed by legislation in New Zealand, Hong Kong, and Singapore, so it does have some lessons in it. Their approach, which has been proved to be effective, as this committee has heard, was to target very specific acts and to have generally applicable exceptions. That approach has worked very effectively.

In the Internet context in particular, it is such a dynamic medium, with new technologies and means of communications being used all the time. The prospect of banning potentially legitimate behaviour and thinking that regulators could keep up with all the new forms of communication, and that new forms of communication would become legal as regulations were passed, I think would be an approach that would be exceptionally enormous. It would put Canadian businesses potentially behind our international counterparts, which wouldn't be living with those kinds of prohibitions.

I'll just give you some thoughts. These are things that colleagues or other businesses have raised as well.

There are different ways to ensure that you have the sufficient AMPs; there is no doubt that the fines must be high. They must be significant or else they will just be viewed as a cost of doing business. There is no doubt that the $10 million is great to see, but who is going to apply to? There are different ways to ensure that the exposure to those kinds of penalties isn't faced by legitimate businesses. One of them is a narrower bill.

Another one is linking up, for example, unsolicited commercial e-mail with some of these other bad activities, so it's only if you send unsolicited commercial e-mail along with falsifying headers, or use inaccurate URLs where people go to visit, or accompany that with false information in the contents. You link it back to what is really the fraudulent behaviour, which is not just the sending of the e-mail; it's that business is trying to happen and I'm trying to obtain your personal banking information. If you link them to that and the AMPs are maybe attached more to those types of communications, that in and of itself already takes a lot off the table and definitely allows you to go after those 17 or 20 spammers here.

There are many different ways to do it, but the concept is to try to differentiate the exposure of the bad actors from legitimate Canadian business.

Or take a look at all the different elements that happen in these communications. As I said, the spammers today don't just send e-mails for the fun it. They're trying to sell you something, they're trying to get your personal information, they're trying to circumvent our spam filters. There's always something else fraudulent that they're trying to do. Maybe you'll link into that kind of an activity as well that's already included in that file. It's just a thought.

Yes, spam is an international problem. I believe that part of what this bill intends to do is put in place the enforcement capacities and potential for international cooperation that will allow countries to collaborate and go after spammers in a variety of locations. The bill makes it illegal to send an unauthorized, without consent, commercial e-mail message to someone in Canada. That would equally apply to an organization that may be engaged in spam outside of Canada, but obviously, for enforcement purposes, our authorities will need to collaborate. And that's an issue that we find in a lot of areas.

What I was speaking about was the fact that we're operating in a North American marketplace. Much of our trade goes on between Canada and the United States, and they also have an anti-spam regime, somewhat different from this. I believe this bill will raise the bar on fighting spam here in Canada. But I was just looking for, and putting on the table actually, some suggested areas where we can achieve commonality between the two laws, without reducing the effectiveness of what's been proposed here in Canada, but by avoiding ethical businesses that are engaging in e-mail marketing campaigns in Canada and the U.S.

Many of our members have operations on both sides of the border. Try to get the requirements in e-mail messages, for example, standardized between Canada and the United States. There's a requirement in this bill for the identification of the sender of an e-mail, but added in the Canadian bill is the fact that any service provider that may have sent the message as well has to be included. Well, that's not included in the U.S. framework. For marketers who are operating on both sides of the border, it can often be difficult to tell whether a gmail.com account is in Canada or the United States. It's very difficult.

Businesses could find themselves inadvertently breaking the rules in Canada if we don't try to achieve some commonality between the two regimes, which is something we tried to do under the do-not-call list. You'll recall that the 18-month definition, which is actually in this bill, was initially discussed under that piece of legislation, and we were trying to find some compatibility with the telemarketing rules in the United States.