Industry Committee on Oct. 26th, 2017

Very well.

Sure. The fellow who founded that contacted me some time ago, or I contacted him, and he put me on his list of advisers. That's more or less the extent of my involvement with them. I've spoken with them but I'm appearing here to give you my own opinion. I'm not doing so on their behalf, and I haven't run what I'm going to say by them in any way. What you're going to hear is what I think.

Thank you, Mr. Chair.

I'm a lawyer. I practise a mix of competition law and commercial litigation. I'd like to think that it's my competition law experience that is going to drive a lot of what I'm going to tell you today.

I'm going to divide my comments on CASL into three categories, which I'll call “the good, the bad, and the ugly”.

What is the good? Generally speaking, the provisions added to the Competition Act by this law are good. It's a good thing. It's good that we have bulked up the Competition Act to deal with misrepresentations in electronic communications. Also, I generally think the provisions about computer programs are good. I also think that having a robust unsubscribe requirement for electronic communications is a good thing.

I'm going to turn, though, to the bad, because of course what this committee is about is reviewing and proposing potential changes to this law.

As you know, CASL establishes an opt-in regime for commercial electronic messages. It does not distinguish between one-off emails and bulk emails. In fact, it was deliberately drafted so as to apply to even a single email. Basically what this law does is to make it presumptively unlawful to use email—and I'm using “email” as a shorthand for any kind of electronic communication that's captured by the act—for any commercial purposes.

I see four problems with this.

The first relates to the scope. I won't spend a lot of time on that, because I suspect you've heard a lot about it. What we're really concerned about, I would think, is bulk emails, people sending out large amounts of emails, yet CASL applies if I as a lawyer send an email to an in-house counsel saying, “Hey, I'd like to pitch my firm to do some work for you”, or even if I send an email to a lawyer to say, “Let's get together for lunch”. It also applies if I send an email to a neighbour asking if they'd like to buy tickets to a gala dinner, say, for a kids' sports team. That would be a commercial electronic message. In theory, I should be putting an unsubscribe in there.

All of these are likely commercial electronic messages. All of them, therefore, have all of these requirements superadded to them, yet I think no one would say in these situations, one-off emails between people in these circumstances, that all of this apparatus is necessary.

I'm going to turn now to a more fundamental point. In my submission, the mechanism in CASL is inconsistent with a free-market economy. Freedom isn't just about freedom of political speech. In fact, I would say that, for most people, freedom means the freedom to go about their daily lives. This includes economic freedoms, the freedom to start a business, to look for clients, to market that business, to tell people about new and innovative products that you've created, and to offer them on the market.

The quid pro quo for my freedom and the freedoms of Canadians to start businesses is that I'm going to get publicity from other people exercising their freedoms. I might not be that interested in that publicity, but if I want the freedom to tell people about my business and what I do, then I have to accept that I'm going to get stuff that I'm going to have to put in the trash—in the case of snail mail or flyers that are paper—or hit delete on. Of course the other thing is that one person's junk mail or spam is another person's coupon-clipping opportunity.

A corollary to this is that this law reduces competition. In fact, it does so, I'd say, deliberately. That makes its title, frankly, the opposite of what it is. It's almost Orwellian. It parodies some of the purposes of the Competition Act. It talks about, “An Act to Promote the Efficiency and Adaptability of the Canadian Economy...” but, in fact, what CASL does explicitly is privilege incumbent firms over new entrants.

Competition is about new entrants coming into the market offering new products, innovative products, expanding entering markets, and competing with the incumbents, and maybe even unseating them as incumbents.

CASL privileges the relations between incumbents and their clients over those with new entrants who would want to establish new relationships with new clients. It does so by erecting what is effectively a barrier to entry. It says you can't send a commercial electronic message. You can't email people to tell them about your new and innovative products unless you have first somehow contacted them and got their consent to do that.

It raises the costs to a new business and a new entrant to tell Canadians about new and innovative products, and that reduces competition. It's built into the act. It's not a bug. It's a feature.

You've probably heard from other witnesses, so I'm not going to belabour the point, but there's a very serious constitutional argument about this statute, that the mechanism that makes it presumptively unlawful to use email for commercial purposes is inconsistent with the existence of any commercial freedom of speech. As we know, our courts have said there is such a thing as constitutionally protected commercial speech. It's not as strongly protected as what I'm doing today—political freedom of speech—but it is protected.

You may also have heard issues about the effectiveness of CASL, so I won't spend a lot of time on that but I will note that most spam comes from outside of Canada. CASL can't really touch that directly; we have to rely on our partners abroad to deal with that.

The other thing is that some of the absolutely worst kind of spam that we get—phishing messages trying to get us to log on to things and give over our passwords—might not even be caught at all because it's not a commercial message. It's not about buying and selling a product. It's just flat out fraud. It's already probably a criminal offence under our criminal law, but CASL doesn't really touch it. In the end, CASL goes after legitimate businesses here in Canada, loads them up with restrictions that you've probably heard a lot about, and probably doesn't do very much for us in return.

What would I propose in its place if I had the decision-making power? I'd say we should have a very strong opt-out system with very robust unsubscribe requirements that are enforced. The CRTC is enforcing the unsubscribe requirements, of course.

I'll turn quickly to the ugly—the things that need to be fixed a bit, as opposed to just changed fundamentally. First is the private right of action. There are three problems with it. The first is it's an open invitation to class action lawyers to start actions against reputable companies. They're not going to go after the Russian brides and the spammers outside of the country. They're going to go after Air Canada, WestJet, and all the rest of them.

Second—and this is troubling—because you can get out of a class action, although you have to do it before it starts by entering into an undertaking with the CRTC, it gives the CRTC a big tool, a big club, to get money out of companies. What's wrong with that? Well, anytime you create incentives for a regulator that give them a club to get money, there's a danger that they'll try to do that. I'm not saying they will. I'm saying there's a danger. It's like an invitation for them to do it.

The third is a nit, but in its application to section 74.011 of the Competition Act, there's no materiality threshold requirement in that provision. That means you could have a cause of action and lawsuit over an insignificant, trivial misrepresentation or inaccuracy in a subject line of an email.

I suspect my time is over. I'll just mention quickly that the warrantless searches provision, notice to produce, is almost certainly unconstitutional. The act is full of what I'd call statutory interpretation nightmares, but I don't have the time to take you through them.

Thank you.

Thank you very much, Mr. Chair.

I would like to thank all the members of the committee for inviting me to appear today.

I have noticed that the media have not reported much on the committee's work, and yet you do excellent work, both for companies and Canada's economy, and for consumers.

For my part, I have followed your work with great interest, albeit from a distance, through the committee's website, and have published a regular update about it on our blog.

I have to admit that this is the first time I have been in a so-called lobbying position, and I was especially surprised by the number of approximations, exaggerations, and “alternative facts” that have been presented to you by various witnesses as scientific truth. I will come back to that later on.

First, allow me to introduce myself briefly. I am an Internet pioneer in Quebec. In 1994, I founded the first digital marketing agency, through which, for close to 20 years, I have helped various organizations such as VIA Rail, RDS and Club Med USA use the web to transform their marketing strategies, their sales strategies, and sometimes even their business model.

I have always considered email as being at the heart of any digital marketing strategy, and I started implementing email marketing strategies for our clients back in 1996.

In 2013, I left the agency to found Certimail, the company I am representing today, whose mission is to help SMEs increase the effectiveness of their email marketing while complying with Canada's anti-spam legislation, or CASL.

Far from being dogmatic, the observations and recommendations I will present today are based on 20 years of email marketing experience, and four years dedicated to analyzing CASL and its 13 regulatory instruments, in order to help dozens of SMEs of all sizes implement a compliance program based on the CRTC's requirements.

Before I get to the analysis of CASL and its enforcement, I would like to answer a simple question that the committee members have asked regularly, at nearly every meeting, without ever getting an answer, namely, what does it cost for a company to comply with CASL. The answer is simple. The compliance packages offered by Certimail cost $699 for a sole proprietorship or self-employed person, $1,249 for a small company with fewer than 10 employees, and between $3,000 and $15,000 for companies with between 11 and 300 employees. If my colleagues from Newport Thomson, Deloitte, or KPMG, which offer similar services to larger companies, had been invited to appear before the committee, they would have told you that their rates for compliance range from $25,000 to $100,000.

I think this is important information. I admit that I was surprised that neither the CRTC nor the various industry organizations that appeared before you were able to provide this essential and publicly available information.

That being said, I will focus on three elements: the importance and effectiveness of CASL, the inadequacy of the CRTC's approach to its enforcement, and a few recommendations to strengthen CASL by reducing its negative impacts.

Contrary to what many lobbyist have stated before the committee, CASL does not pertain to cybersecurity or computer security risks, but rather seeks to develop consumer confidence in electronic commerce and to develop Canadian industry.

As suggested in the report of the Task Force on Spam, which preceded the legislation, the legislation and its regulations seem more like rules of the road for electronic communications than legislation about information security threats, as people have led us to believe.

When I crossed the bridge this morning to attend your meeting, I noted that the complex and strict regulations that were established a century ago to guide the few automobile drivers of the time have not really compromised this mode of transport or that industry. The same thing applies to CASL.

These rules of the road for electronic communications are very important to Canadians. They demonstrated this by filing more than a million complaints in three years, without a single advertisement encouraging them to do so. There was no advertising campaign informing people who received spam that they could forward it to the Spam Reporting Centre. The idea caught on spontaneously and people filed more than a million complaints. These votes in support of CASL continue to come in by the thousands every day.

Moreover, this volume of complaints is sufficient to contradict a recent statement made to your committee by a Canadian Chamber of Commerce representative, namely, that the problem of unsolicited email has been resolved by anti-spam technology. Receiving unsolicited email is in fact still a major problem for a vast majority of Canada's population. Anti-spam technology is increasingly effective, but it has not solved the problem. Moreover, this technology is starting to show its limitations. Just ask the U.S. Department of Homeland Security, which was short on tasers last week because the Taser server had treated its purchase orders as spam.

By its first anniversary, CASL had reduced the volume of spam received by Canadians by 37%. This shows the effectiveness of CASL for consumers. It is also effective for businesses, at least for those that want to do real email marketing, and not use email incorrectly to do traditional mass marketing from the Mad Men era.

Since CASL came into force, Canada has pulled ahead of the pack to become one of the two countries with the most effective email marketing by far. The other country is Australia, the only other country that has legislation that is as broad, complex, and strict as CASL.

The delivery rate, that is, the proportion of commercial email that is sent and is visible to addressees, that is not filtered by anti-spam or other systems, is in the order of 80% in most countries in the world. In Canada, that rate rose from 79% in 2014 to 90% today. The only country in the world with a similar success rate is Australia.

Similarly, the readership rate, that is, the proportion of marketing emails that are opened by addressees, fluctuates between 12% on the African continent and 24% in the United Kingdom. In the United States, it is 21%. With a readership rate of 32%, Canada is in second place, just behind Australia, where the rate is 33%. Before CASL came into force, the readership rate in Canada was just 26%.

Okay, I will be brief.

Narrowing the scope of CASL today would help encourage Canadian businesses to maintain an outdated marketing approach rather than to harness innovation and prepare to meet current challenges.

CETA has just come into force, and Europe has passed legislation that is practically a carbon copy of the Canadian Anti-Spam Legislation in order to manage all the electronic communications of the 300 million European citizens.

CASL enables Canadian companies to comply, to prepare and to gain a competitive edge over other companies that want to enter the European market.

I have about a dozen recommendations for you, but since I won't have time to go over them, I suggest that we talk about them in the debate. We will also submit a brief to you after my testimony.

First of all, in terms of helping the consumer, CASL certainly does help consumers in ways, and I wouldn't want you to think that I'm saying it doesn't. The—

I may have overstepped. The point is that the central thrust of it, the opt-in requirement, I see as bad. However, having strong unsubscribe mechanisms—and they're there in CASL—makes a lot of sense. Any reasonable anti-spam law is going to have those, so I wouldn't want you to think that I think those are not necessary and good things.

Yes, the definition of a CEM needs to be clarified. My own view is that it's hard to craft, but it should be restricted to the bulk type of emails and not the one-off type of emails. I don't think our enforcers are that concerned if I send one email to someone or if anyone does. It's just not what the law is about—

I'm thinking on the fly here. First of all, changing the central mechanism would mean they would not need to get consent to send an electronic message. Now, that doesn't mean they could just go and blast away. There's still PIPEDA to consider. There's still the issue of how they get email addresses in the first place.

There are still barriers, which I think everyone would say are reasonable barriers, in the sense of restrictions on companies selling our personal information, including email addresses, but it would certainly unlock to an extent the issue of how you would collect email addresses for purposes of sending something. Or if someone sends you an email, you don't have to worry as much about how you respond and what the limits are: two years, six months, or what have you. It would reduce the compliance costs for new entrants.

Again, changing the thrust of the law would not mean that you could just go and scrape email addresses all over the place and blast away. I wouldn't advocate going that far.

Again, in some ways we find it ironic that when the do-not-call list was brought in, there was an exemption for charities. We've all been subjected to phone calls during dinner and whatnot, and that's a much more expensive and intrusive way of contacting people. When CASL was brought in, we recommended a similar exemption for charities, and also, if they can be properly defined in the law for public benefit non-profits—

Under the regulations, charities have a limited exemption. Our understanding of the intent of the officials who wrote the exemption was that it was meant to cover virtually any commercial message that a charity might send.

When we published the information that the officials at what was then Industry Canada had vetted and confirmed was accurate, we were contacted by the CRTC. They said to hold on, that they were the enforcement agency and that they were not sure that was what the exemption meant, but they couldn't really tell us what they thought the exemption meant.

What we'd be looking for is a much more clearly worded exemption from the consent provisions.