Industry Committee on Sept. 26th, 2017

I'll build on what Mark has been saying.

From an enforcement perspective, the opt-in regime is actually very helpful, because we are able to understand very clearly if someone has given their permission to receive information or emails, etc. That's a very helpful piece.

On the international front, I stand by the fact that we are very active in the international sphere. For example, I've mentioned UCENet, which is an international network of enforcement agencies. Just last year, we held a workshop with the International Institute of Communications on nuisance communications. The importance of that venue was that they are the policy folks, and there are people and countries involved in the IIC who had never met the enforcement side of the piece. We brought those two sides of the puzzle together at a workshop to look at the varying ranges of legislation available to these countries, so that the developed and the developing countries could exchange with each other their lessons learned. We can learn from the enforcement side of the house about what works and what doesn't. If you're about to institute legislation, how can that help?

We at the CRTC took it upon ourselves to sponsor this workshop and bring those two worlds together, and we'll be doing a follow-up actually, later in October, to discuss the next steps, how we can get everybody on the same page moving forward, and who can pick up the ball on particular pieces to ensure that we keep furthering the elimination of nuisance communications to everyone around the world.

It's ironic that you say you get calls from everywhere else. I know we've cited good stats. We still get calls from international partners asking us to help them against the servers in Canada. It's interesting. They see it from the other side of the fence. Across the pond, they say it's over there in Canada. They're the ones doing the spamming. They may not be spamming Canadians, but they're spamming someone else around the world.

I would say no. I definitely think UCENet as an enforcement network is very helpful, and Mark had mentioned the M3AAWG and malware analysis group, which also includes countries from around the world.

There is certainly no one central point and that is why we, as the CRTC, branched out to get the policy folks in. Now we've included the IIC. There are certainly other fora, for sure, in which we could participate. The challenge, of course, internationally is that the legislation differs in different countries. The commitment by certain countries is different from what we would suggest. We have a strong commitment here in Canada. There may not be the same level of value in other countries. So one-stop shopping is probably not the way to go. I think it would be challenging, and we might never get anything done because no one would agree.

Absolutely, and I apologize if there was any confusion.

Our memorandums of understanding with Australia, the U.S., and New Zealand are with the government departments responsible for spam legislation. The 12 enforcement agencies in the nine different countries are the enforcement side of the house, so more the RCMP or public safety kind of officials in the UCENet space. They are two different organizations, two different sides of the house, if you will, referring back to my policy side versus enforcement side.

Absolutely. I would suggest the MOUs are drafted in such a way that we can share. From a very simplistic perspective, we help them and they help us. We get calls, I won't say every week, but definitely every month. We are probably more in contact with our colleagues in the FCC and the FTC than other countries. We receive requests all the time for assistance.

Just to clarify, we do have the ability to impose administrative monetary penalties, and we have on several occasions.

Overall, we have a broad suite of tools. In each case it's dependent on the facts of that investigation and our assessment of what the best outcome is to produce compliance. In some cases that is a negotiated agreement with the party, where it voluntarily agrees to come into compliance, and sometimes it pays a prescribed amount as part of that agreement. In other cases, parties might not be willing to negotiate with us, and in such a case we might pursue a notice of violation, including an administrative monetary penalty.

Yes.

That's correct.

I'll ask my colleague to chime in on that one.

Absolutely. I was going to say I could pull out a list, but even just last year we travelled from P.E.I. to Victoria. We do this across the country.

With respect to the first question, as I said in my opening remarks, the origination for CASL in and of itself was Canada's appearance on the top five countries for origination of spam. As I said, we are now out of the top 10, so in terms of whether it was the result we were aiming for, I'd say that in general, it's a positive outcome as a whole. I think it's a double-edged sword or it's a two-headed challenge in some ways.

With respect to what we would like to see, I think the degree to which organizations in Canada have the capacity to understand and thereby comply with CASL should be at its maximum, to be able to ensure that no one is receiving a message that they haven't consented to, and that the expression of that consent was understood by both parties. To that degree—