Thank you, Susanna. Thank you, Mr. Chair.
I would like to reiterate the importance of legislation to deal with problems being tackled by Bill C-27. I think everyone agrees with the basic objectives of the bill. Some of the features of the bill, however, could create inadvertent problems. I will focus on these problems, but my comments should not be taken as a lack of support for the bill.
At a high level, there are two main problems with the bill. First, the bill does not adequately balance the objective of preventing unwanted or harmful behaviour with the objective of ensuring that perfectly legitimate acts are not made illegal and the goal of preserving the vitality of the Internet for electronic commerce. Second, it introduces conflicting or unnecessary regulatory regimes that needlessly impose significant costs on business.
The scope of the anti-spam provisions are very broad. The ECPA applies to all electronic messages, including messages that are business to consumer, business to business, consumer to consumer, and consumer to business, subject to very limited exceptions. To be caught, messages must simply have as a purpose to encourage participation in a commercial activity. The limitations on the constitutionally protected right to commercial speech are far broader than legislation passed by other governments. Its open-ended net could result in making perfectly desirable communications illegal.
Australia and other countries also use the term “commercial electronic message”, but they confine its application to a defined list of business-to-business and business-to-consumer messages that offer to supply, advertise, or promote a product and service essentially to direct marketing.
It has been argued that we shouldn't worry about the scope because there are exceptions that cover all legitimate communications. I almost missed the business-to-business exception when I first read it because it was so narrow. It applies only to sending a message that consists of an inquiry or application. It doesn't permit a range of messages that can be sent to a business, including sending e-mails to a potential new partner, distributor, or supplier about potential new business, even if their contact details are published on the Internet, or sending out e-mails to a contact list developed over a lifetime when starting a new business or changing jobs would also be prohibited. Even including an e-mail invitation to go for a coffee or lunch to talk about business could be banned, unless you've entered into a contract with that person in the last 18 months. The bill would literally also prohibit consumers from e-mailing retailers, demanding a refund, asking for support, or making a warranty claim within 18 months after purchasing a product.
The examples illustrate the problems associated with the so-called features of the bill. Regulations to expand exceptions will never keep pace. It is far easier to use regulations to close loopholes spammers may devise than it is to keep pace with the indefinable and potentially unlimited range of messages that may be communicated among Canadians. There are also significant potential problems with the personal or family exception.
You have also been told not to worry about the broad prohibitions in the bill because consents are implied in many situations, but under the bill, implied consent exists only where the sender has an existing, narrowly defined business or non-business relationship. That definition does not catch the diversity of actual business relationships that entities may have. The consent provisions are much narrower than in other jurisdictions, such as Australia and New Zealand. These countries accept that consent can be expressed or implied from the conduct of a business and other relationship, or inferred from a conspicuous publication of an electronic address on a website.
PIPEDA, our privacy legislation, permits consent where it may be inferred from the action or inaction of the individual. This standard was agreed to by all stakeholders as part of the CSA model code in PIPEDA, so the impact of the ECPA's higher standard would be that legitimate Canadian businesses would now be subject to conflicting standards. They would have to revisit all of their practices, and this is especially of concern to the chamber members.
The extraterritorial effect of the bill is problematic for Canadian companies.
The address harvesting provisions are not tied to the collection of information for the purpose of using it to send spam, as it is in other countries.
The bill would render inapplicable all of the general exceptions in PIPEDA that are used to collect, use, or disclose personal information. This would include exceptions for private and public law enforcement or to comply with subpoenas, warrants, or orders made by courts. It could be very significant for private and public law enforcement in Canada.
There is also no exception covering network service providers caught by these provisions.
The anti-spyware provisions make it illegal for a business to install any computer program on somebody's computer without consent. The prohibition is not limited to “malware”.
The spyware provisions would establish a whole new and unnecessary regulatory regime covering the installation of beneficial computer programs. No one has studied the costs and technical difficulties of complying with these new rules with the myriad of digital devices that exist today and that will be used in the future.
I would like to thank the committee for the opportunity to speak today. I look forward to answering any questions you may have and working with you towards getting a stronger and better bill as soon as possible.
Thank you, Mr. Chair.