Evidence of meeting #30 for Industry, Science and Technology in the 40th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was spam.
A recording is available from Parliament.
Assistant Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
I think that might be an unintended consequence of the drafting. I certainly think Canadians expect and want those upgrades on their computers, so I understand that Industry Canada is looking at tweaking the language to make sure that's taken care of.
Conservative
Liberal
Dan McTeague Liberal Pickering—Scarborough East, ON
Chair, thank you very much for this.
I thank you, witnesses, for being here today.
It's a real pleasure and a treat to be back on the industry committee. It feels like old times.
As the author of the first anti-spam legislation in 2002-03, I'm really pleased that, several years later, Mr. Chair, we're getting onto this and, more importantly, the lawful access.
I'm going to start to charge a copyright fee for all the ideas that are now being taken by my colleagues.
Mr. Chair, I wanted to ask a question.
Ms. Denham, following up on Ms. Coady's remarks this morning on the collection, the enforcement of a private right, and the purpose of enforcement and the law, it would appear to me that provisions or exceptions have not been made to those two types of actions that have been legally enforced.
How do you reconcile the two? If I have a legal mandate to acquire personal information or collect an address, either by law or by a private right of action, what trumps the other? Which one prevails--your law or the law ordered by a court?
Assistant Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
I'm not sure I quite understand it.
Do you mean does PIPEDA trump a private right of action?
Liberal
Dan McTeague Liberal Pickering—Scarborough East, ON
I mean the way you've drafted it here in clause 78 of the legislation.
Strategic Policy Advisor, Office of the Privacy Commissioner of Canada
Let me try to clarify.
Clause 78 is designed to deal with using a computer program to collect e-mail addresses. If I were engaged in a lawsuit against you or any other individual, there would be any number of other mechanisms I would use to get the e-mail address or any other information I needed. I could get a deposition, or we'd work through lawyers. But certainly this idea of a prohibition on being able to collect e-mail addresses using a computer program seems to be overstated, because in many of these situations, again, if I'm dealing with a one-on-one case with another individual, there are other ways to get this information without using a computer program.
Liberal
Dan McTeague Liberal Pickering—Scarborough East, ON
Assuming, then, a scenario, we have to look at the probabilities of these things happening. When you put together the legislation, under clause 78, did you take into account in any way, shape, or form the legitimacy of a requirement for public or private enforcement? I think that's really the issue at hand.
You're saying it's overstated. I'm suggesting to you that certainly there is a legitimate concern. If I've been directed by a court to use or have a right to use, other than through consent, where do you draw the line?
Strategic Policy Advisor, Office of the Privacy Commissioner of Canada
Again, I think I would refer to the fact that, in our view, that is written relatively narrowly. It refers to using a computer program to collect e-mail addresses. Again, if for some reason a law enforcement agency wants to collect 10,000 e-mail addresses from a telecommunications service provider to investigate possible hate e-mails, I don't see anything in this legislation that would prohibit it.
Liberal
Dan McTeague Liberal Pickering—Scarborough East, ON
We've talked about similar legislation occurring around the world, and I certainly see us as sort of falling behind in this. This follows as well on Ms. Coady's remarks earlier. I'm not sure we got a satisfactory answer on this. Do you feel that the legislation you've provided here in clause 78, not linked specifically to the word “spam”, makes it broader than that of the United States, makes it broader than New Zealand's, and makes it broader than Singapore's? I'm really trying to find the broader purpose of not actually relating it to spam, spelling it out, and defining it.
Strategic Policy Advisor, Office of the Privacy Commissioner of Canada
Again, we don't think it's overly broad. In fairness, we really haven't had anyone come to us with specific examples of what it would prohibit, or of what is now permissible that would become prohibited under this legislation, so it's difficult for us to respond to that. Again, there are ways to make “minor”--that's the word we use--adjustments to that provision without opening it up completely. That's something that could be considered.
Liberal
Dan McTeague Liberal Pickering—Scarborough East, ON
As an observer, again, I'm looking at this from more of a layman's perspective. It would appear that what you have done in reducing some of the exclusions you have in clause 78 for other purposes--not defined as spam--is that you've in fact opened yourself up to some pretty substantial changes in PIPEDA, which were never intended or perhaps not contemplated by the limited nature of that legislation as it was first presented.
Do you not believe that we should perhaps have a separate, stand-alone piece of legislation to introduce these rather substantial changes, whether it's implied consent or explicit consent that's required? It sounds like you're biting off quite a bit more than you can chew and, more importantly, possibly opening us up to the countervailing view that this is far more broad-reaching than it ought to have been.
Strategic Policy Advisor, Office of the Privacy Commissioner of Canada
Let me first start with a sort of caveat. This is Industry Canada's bill, not the Office of the Privacy Commissioner's bill. We have an interest in a relatively narrow set of provisions in the bill.
Our view is that it's not overly broad. On this issue of spam, one of the difficulties is that it's very difficult to put into legislation when you cross the line between unwanted e-mails and when it suddenly becomes spam. We thought about that. It's just a very difficult thing to try to figure out when you go over that, when you tip the balance.
Conservative
The Chair Conservative Michael Chong
Thank you very much, Mr. Baggaley. Thank you very much, Mr. McTeague.
Thank you to members for their questions and comments. Thank you to our witnesses for their testimony.
We'll suspend for 15 minutes and reconvene at 5:15.
Conservative
The Chair Conservative Michael Chong
Welcome to the 30th meeting of the Standing Committee on Industry, Science and Technology. We're here pursuant to an order of reference of Friday, May 8, 2009, concerning Bill C-27.
We have in front of us today three representatives of the Canadian Radio-television and Telecommunications Commission: Mr. von Finckenstein, Mr. Katz, and Mr. Traversy.
Welcome to the three of you.
Mr. von Finckenstein, you now have time to give us your opening remarks.
Konrad W. von Finckenstein Chairman, Canadian Radio-television and Telecommunications Commission
Thank you, Mr. Chairman, for the opportunity to meet with the committee to discuss the Electronic Commerce Protection Act.
We are here to support Bill C-27 and explain our role, as envisaged in the bill. We are glad that the government has introduced this legislation, which is essential to Canada's growing digital economy. It will also have the added benefit of bringing Canadian law in line with our peers in the G8 who have already enacted similar anti-spam legislation.
As the committee knows, the bill is designed to counter commercial spam and related online problems, such as spyware, malware and phishing. These are problems that undermine confidence in the electronic marketplace.
Under the bill, the main enforcement responsibilities for spam will fall under the responsibility of the CRTC. We will be responsible for investigating violations and ensuring compliance.
The Competition Bureau will address false or misleading representations made through electronic messages. The Office of the Privacy Commissioner will address the invasion of privacy stemming from the collection and use of email addresses by computer programs.
The CRTC will be responsible for enforcing three types of violations under the act. First, we will enforce the “no spam” provisions of the act.
The ECPA provides for an “opt-in” regime, whereby people must first consent to receive commercial electronic messages. If there is no express or implied consent, spammers are subject to monetary penalties. Consent will be considered implied under one of two conditions: (a) where there is a business relationship that has been in existence for any time during the last 18 months, or where the recipient has made an inquiry or application within the last six months; and (b) in a non-business relationship where, in the last 18 months, the recipient has made a donation or gift, provided volunteer work, or signed a membership.
Second, the CRTC will prosecute violations involving the alteration of transmission data in an electronic message. Altering transmission data without express consent is prohibited.
Thirdly, the CRTC will enforce the prohibition against installing software or causing it to be installed without express consent. This has been a growing problem, as some spam has been designed to install software into a host computer, and this software in turn broadcasts further spam messages.
The bill provides for tools to permit the CRTC to enforce the act. The CRTC will be able to require telephone companies that provide Internet services to preserve time-sensitive transmission data. We will also be able to require telecom service providers and other institutions to provide documents and reports. Furthermore, there is a provision for searches with a warrant.
The act will be enforced on two separate tracks. The CRTC will have the authority to issue administrative monetary penalties of up to $1 million for an individual and up to $10 million for a business. We will also have the authority to negotiate binding undertakings. The second track involves the right to sue, which will allow individuals and businesses to take civil action through the courts to (a) recover damages for losses suffered and (b) to obtain additional damages for violations of the act.
However, lawsuits under (b) above will not be permitted if the CRTC has already issued a notice of violation or if an undertaking has been agreed upon. Similarly, the CRTC cannot start enforcement action if lawsuits have already been launched under (b) regarding the same violation.
One of the most important features of this bill is that it gives each of the federal partners—the CRTC, the Competition Bureau and the Privacy Commissioner—the ability to share information with one another, as well as with foreign partners.
While there is much to commend in Bill C-27, we believe there is room for improvement in two key areas.
The first concerns section 27, which provides the right to appeal certain CRTC decisions to the Federal Court of Appeal. We propose amending this section to provide a timeframe for bringing such appeals to the Federal Court, and suggest that 30 days would be sufficient. The wording for this proposed amendment can be found in the appendix to this speech.
Secondly, we would like to propose an amendment to the information-sharing provisions of the bill to strengthen the CRTC's ability to work with the U.S. Federal Trade Commission and other international bodies operating under similar anti-spam legislation.
As it has been drafted, the bill allows the CRTC, the Competition Bureau, or the Office of the Privacy Commissioner to share information with other countries provided there is an international agreement or arrangement. In our view, these provisions fall short of what will be required to effectively counter spam. We know that spammers can be very adept at locating in one jurisdiction and directing spam at another jurisdiction. Living in North America, we can expect that a good deal of spam originates or will originate from our southern neighbours.
In its 2005 report, the task force on spam recognized that international enforcement of spam is essential. It recommended that:
The federal government, in coordination with the provinces and territories, should conclude and implement cooperative enforcement agreements with other countries. These efforts should include examining and amending existing legislative provisions as required to allow for seamless international cooperative investigative and enforcement action.
We agree that cooperation with other countries, and particularly with the United States, is essential. But clause 60 of the bill allows for cooperation only on the basis of intergovernmental or interagency agreements or arrangements. From my own experience as Commissioner of Competition, I know how difficult it can be to reach such agreements and how time-consuming and complex the process has become. It is essential that once the legislation has been enacted we can move quickly to cooperate with the United States. We can't afford to wait years until there's an international agreement. The process of negotiating the agreement should not be a barrier to working together to counter spam.
In 2006, the United States passed the Safe Web Act. It gives the FTC the authority to conduct investigations on behalf of a foreign agency, such as the CRTC, that is investigating conduct that is also prohibited under laws enforced by the FTC. However, in our view, and based on past experience, the FTC will provide assistance only if the country in question has reciprocal legislation. No such reciprocal provision is found in Bill C-27.
If Bill C-27 were amended so that it would mirror the provisions in the Safe Web Act, such cooperation would not be problematic; it would be automatic, and it would obviate the need for lengthy negotiations of arrangements or agreements.
We have drafted a proposed amendment, numbered 60A. You will find it in the appendix to this speech. Subject to certain safeguards, it would specifically empower the commission to gather information and evidence on behalf of a foreign country with similar reciprocal legislation, i.e., the United States. This assistance would be provided further, through a written request, in cases of alleged civil contraventions of foreign laws regarding conduct that is substantially similar to that prohibited in Canada. The proposed amendment would also allow the CRTC to share that information with the foreign entity in question.
In essence, clause 60A would provide for mutual assistance between Canada and other countries. I would emphasize that this provision would apply only to the gathering and sharing of information. The decision regarding whether to proceed would be entirely up to the CRTC and would depend on whether the foreign agency had agreed to provide reciprocal assistance.
The addition of clause 60A will require minor changes to the wording elsewhere in the bill to ensure consistency. For that purpose, the proposed changes to clauses 15, 17, and 19 are set out in the appendix.
In conclusion, both proposed amendments, with respect to the appeal period and cooperating on investigations, are very much in keeping with the spirit of the bill as passed for second reading in the House.
In the absence of section 60A, we believe it will be difficult to work quickly and cooperatively with foreign entities, and in particular the FTC. Without this amendment, the Commission's ability to address spam will be compromised significantly.
Thank you very much.
We will be pleased to answer any questions.
Conservative
The Chair Conservative Michael Chong
Thank you very much, Mr. von Finckenstein.
We'll have about an hour of questions and comments from members of this committee, beginning with Madam Coady.
Liberal
Siobhan Coady Liberal St. John's South—Mount Pearl, NL
Thank you very much.
We certainly appreciate your coming here this afternoon and sharing your expertise with us. This is indeed a very important bill, and it's a long-awaited one. It's very important to Canadian business in particular, but also to Canadians who use the Internet.
Mr. von Finckenstein, I have a couple of questions. First of all, on your proposed amendments, you've addressed one of my concerns with this bill, which is the right to appeal. Thank you for addressing that so comprehensively. I have a couple of questions on that particular change to the right to appeal. You're suggesting that 30 days would be sufficient. Why do you think 30 days is sufficient? Second, do you think there should be any kind of appeal process to the CRTC prior to going to the courts?
Chairman, Canadian Radio-television and Telecommunications Commission
We're talking here about the provisions regarding preserving evidence or making reports. First of all, we ask them, but let's say the telephone company in question is not willing to do it. They can ask the CRTC to review it. There's a time period provided and then the CRTC will make the decision. It's very quick. Then, if you're still unhappy, you can go to the Federal Court.
We see no problem with that, but we suggest that it should be 30 days because that's the standard period for appeals to the Federal Court of Appeal. Your decisions from the Competition Bureau, for instance, also have 30 days, etc., so that's the norm. We just felt that it shouldn't be left open-ended. Otherwise, you could come with that after half a year and try to make an appeal.
Liberal
Siobhan Coady Liberal St. John's South—Mount Pearl, NL
I have two other quick questions and only a few moments.
The ECPA would make violation of the provisions subject to administrative monetary penalties of up to $1 million in the case of an individual and $10 million in the case of non-individuals. Now, as you know, these high penalties can be exacted without the right to a trial, and what you're suggesting there is merely a right to representation. Are you saying that what you're suggesting is a balance to that approach?
Chairman, Canadian Radio-television and Telecommunications Commission
No, no--
Liberal
Chairman, Canadian Radio-television and Telecommunications Commission
It's just the sections on where you're appealing a decision of the CRTC.
Chairman, Canadian Radio-television and Telecommunications Commission
No. Just to understand, you've said a couple of things that are not quite correct. For the administrative monetary penalties and what happens there, there's going to be an investigation by the CRTC. The staff then talks to a commissioner and asks if it is legitimate and so grave or so persistent that we should proceed by way of administrative penalty. The commissioner then says yes or no, and we send it to the alleged violator, saying that we have investigated and here is the evidence we have. We say that we feel they are in violation and their violation requires a fine of x dollars, and we ask them to please send their comments.
They then send their comments. Then, in effect, the accusations by the staff of the CRTC and the defence by the party are put to a panel of three commissioners of the CRTC who have up to that point not been involved and will make a decision. That's the procedure. The appeal to the court of appeal is on any decision of the CRTC, including the AMP decision.
Liberal
Siobhan Coady Liberal St. John's South—Mount Pearl, NL
Thank you.
I want to move now to “Rules About Contraventions”, clause 52, which states:
An officer, director, agent or mandatary of a corporation that commits a contravention of any of sections 6 to 9 is a party to and liable for the contravention if they directed, authorized, assented to, acquiesced in or participated in the commission of the contravention, whether or not the corporation is proceeded against.
My concern here is that the liability will extend to employers, officers, directors, or agents of the company, and that we may be, through that clause, discouraging individuals from accepting management roles in Canadian business. I'm wondering about your thoughts on that. Am I interpreting that correctly?