Thank you, Mr. Chairman, for the opportunity to meet with the committee to discuss the Electronic Commerce Protection Act.
We are here to support Bill C-27 and explain our role, as envisaged in the bill. We are glad that the government has introduced this legislation, which is essential to Canada's growing digital economy. It will also have the added benefit of bringing Canadian law in line with our peers in the G8 who have already enacted similar anti-spam legislation.
As the committee knows, the bill is designed to counter commercial spam and related online problems, such as spyware, malware and phishing. These are problems that undermine confidence in the electronic marketplace.
Under the bill, the main enforcement responsibilities for spam will fall under the responsibility of the CRTC. We will be responsible for investigating violations and ensuring compliance.
The Competition Bureau will address false or misleading representations made through electronic messages. The Office of the Privacy Commissioner will address the invasion of privacy stemming from the collection and use of email addresses by computer programs.
The CRTC will be responsible for enforcing three types of violations under the act. First, we will enforce the “no spam” provisions of the act.
The ECPA provides for an “opt-in” regime, whereby people must first consent to receive commercial electronic messages. If there is no express or implied consent, spammers are subject to monetary penalties. Consent will be considered implied under one of two conditions: (a) where there is a business relationship that has been in existence for any time during the last 18 months, or where the recipient has made an inquiry or application within the last six months; and (b) in a non-business relationship where, in the last 18 months, the recipient has made a donation or gift, provided volunteer work, or signed a membership.
Second, the CRTC will prosecute violations involving the alteration of transmission data in an electronic message. Altering transmission data without express consent is prohibited.
Thirdly, the CRTC will enforce the prohibition against installing software or causing it to be installed without express consent. This has been a growing problem, as some spam has been designed to install software into a host computer, and this software in turn broadcasts further spam messages.
The bill provides for tools to permit the CRTC to enforce the act. The CRTC will be able to require telephone companies that provide Internet services to preserve time-sensitive transmission data. We will also be able to require telecom service providers and other institutions to provide documents and reports. Furthermore, there is a provision for searches with a warrant.
The act will be enforced on two separate tracks. The CRTC will have the authority to issue administrative monetary penalties of up to $1 million for an individual and up to $10 million for a business. We will also have the authority to negotiate binding undertakings. The second track involves the right to sue, which will allow individuals and businesses to take civil action through the courts to (a) recover damages for losses suffered and (b) to obtain additional damages for violations of the act.
However, lawsuits under (b) above will not be permitted if the CRTC has already issued a notice of violation or if an undertaking has been agreed upon. Similarly, the CRTC cannot start enforcement action if lawsuits have already been launched under (b) regarding the same violation.
One of the most important features of this bill is that it gives each of the federal partners—the CRTC, the Competition Bureau and the Privacy Commissioner—the ability to share information with one another, as well as with foreign partners.
While there is much to commend in Bill C-27, we believe there is room for improvement in two key areas.
The first concerns section 27, which provides the right to appeal certain CRTC decisions to the Federal Court of Appeal. We propose amending this section to provide a timeframe for bringing such appeals to the Federal Court, and suggest that 30 days would be sufficient. The wording for this proposed amendment can be found in the appendix to this speech.
Secondly, we would like to propose an amendment to the information-sharing provisions of the bill to strengthen the CRTC's ability to work with the U.S. Federal Trade Commission and other international bodies operating under similar anti-spam legislation.
As it has been drafted, the bill allows the CRTC, the Competition Bureau, or the Office of the Privacy Commissioner to share information with other countries provided there is an international agreement or arrangement. In our view, these provisions fall short of what will be required to effectively counter spam. We know that spammers can be very adept at locating in one jurisdiction and directing spam at another jurisdiction. Living in North America, we can expect that a good deal of spam originates or will originate from our southern neighbours.
In its 2005 report, the task force on spam recognized that international enforcement of spam is essential. It recommended that:
The federal government, in coordination with the provinces and territories, should conclude and implement cooperative enforcement agreements with other countries. These efforts should include examining and amending existing legislative provisions as required to allow for seamless international cooperative investigative and enforcement action.
We agree that cooperation with other countries, and particularly with the United States, is essential. But clause 60 of the bill allows for cooperation only on the basis of intergovernmental or interagency agreements or arrangements. From my own experience as Commissioner of Competition, I know how difficult it can be to reach such agreements and how time-consuming and complex the process has become. It is essential that once the legislation has been enacted we can move quickly to cooperate with the United States. We can't afford to wait years until there's an international agreement. The process of negotiating the agreement should not be a barrier to working together to counter spam.
In 2006, the United States passed the Safe Web Act. It gives the FTC the authority to conduct investigations on behalf of a foreign agency, such as the CRTC, that is investigating conduct that is also prohibited under laws enforced by the FTC. However, in our view, and based on past experience, the FTC will provide assistance only if the country in question has reciprocal legislation. No such reciprocal provision is found in Bill C-27.
If Bill C-27 were amended so that it would mirror the provisions in the Safe Web Act, such cooperation would not be problematic; it would be automatic, and it would obviate the need for lengthy negotiations of arrangements or agreements.
We have drafted a proposed amendment, numbered 60A. You will find it in the appendix to this speech. Subject to certain safeguards, it would specifically empower the commission to gather information and evidence on behalf of a foreign country with similar reciprocal legislation, i.e., the United States. This assistance would be provided further, through a written request, in cases of alleged civil contraventions of foreign laws regarding conduct that is substantially similar to that prohibited in Canada. The proposed amendment would also allow the CRTC to share that information with the foreign entity in question.
In essence, clause 60A would provide for mutual assistance between Canada and other countries. I would emphasize that this provision would apply only to the gathering and sharing of information. The decision regarding whether to proceed would be entirely up to the CRTC and would depend on whether the foreign agency had agreed to provide reciprocal assistance.
The addition of clause 60A will require minor changes to the wording elsewhere in the bill to ensure consistency. For that purpose, the proposed changes to clauses 15, 17, and 19 are set out in the appendix.
In conclusion, both proposed amendments, with respect to the appeal period and cooperating on investigations, are very much in keeping with the spirit of the bill as passed for second reading in the House.
In the absence of section 60A, we believe it will be difficult to work quickly and cooperatively with foreign entities, and in particular the FTC. Without this amendment, the Commission's ability to address spam will be compromised significantly.
Thank you very much.
We will be pleased to answer any questions.