Industry Committee on Nov. 7th, 2017

Evidence of meeting #82 for Industry, Science and Technology in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was casl.

A recording is available from Parliament.

On the agenda

Statutory Review of An Act to Promote the Efficiency and Adaptability of the Canadian Economy by Regulating Certain Activities that Discourage Reliance on Electronic Means of Carrying Out Commercial Activities, and to Amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act

MPs speaking

Also speaking

Louis Lau Digital Crime Officer, Cybercrime Directorate, INTERPOL

Kim Arsenault Senior Director, Client Services, Inbox Marketer

Chris Lewis Chief Scientist, Spamhaus Technology Ltd.

12:35 p.m.

NDP

Brian Masse NDP Windsor West, ON

Thank you, Chair.

Mr. Lau, what can Canada do better to improve the chances of getting to some of the international spammers and some of the content that we get in our country? Before we had this law known as CASL, Canada was known as being one of the havens for spamming. In fact, we were one of the genesis areas for much of the international stuff that took place. Is there something that we can do better or that can work in a stronger context?

One of the frustrations we're hearing is the excuse that it happens so much from international sources and what we do here really doesn't matter at all, so we may as well just loosen restrictions here, because it's happening from Nigeria or somewhere else. I don't subscribe to that philosophy, because I don't think that's a solution at the end of the day, but what things can we do, either by sharing our experience or by joining organizations or resources or whatever? Are there any suggestions you can provide?

Again, I view this a little differently, in the sense that receiving electronic messaging in documentation, especially unsolicited, is a privilege, and it should not be a right for somebody to do that, because you own and control and contribute financially through your device. Can you provide any suggestions with regard to our country?

12:35 p.m.

Digital Crime Officer, Cybercrime Directorate, INTERPOL

Louis Lau

Maybe I can try to provide that from a practical point of view. You probably heard me mention that Interpol works with one of the west African countries. We were able to analyze the computer of a particular suspect and found that the suspect was using some automated programs on the Internet to send out spam emails. Imagine that you input some of the fake personal data in that program and then that email automatically sends out thousands of emails to different recipients.

This program is supposed to be operating in some sort of server in some of the physical locations, right? If it's operating in Canada, let's say, how can the authorities or the law enforcement agencies tackle it? Also, if this sort of server or service is not operated in Canada but is being controlled by Canadians, is there any provision for the Canadian authorities to work with other jurisdictions or the law enforcement agencies to tackle these kinds of services? I think those are the facts.

12:35 p.m.

NDP

Brian Masse NDP Windsor West, ON

That's interesting, because we haven't really thought of that too much. I want to get this right. There could be a program, service, or technology developed here in Canada that is exported and then becomes a tool to re-import spam and other unsolicited messages through, I guess, our own technology coming from our country.

12:35 p.m.

Digital Crime Officer, Cybercrime Directorate, INTERPOL

Louis Lau

There are different perspectives. Either it can be developed in Canada and then operated in other countries, or it is developed and also operated in Canada. When considering legislation, I think we need to look into this aspect. This is more about the criminal aspect, and it is really malicious.

12:35 p.m.

NDP

Brian Masse NDP Windsor West, ON

That's the focus, but unfortunately one becomes a vehicle.

Mr. Lewis, I'm sorry. I didn't mean to ignore you today—

12:35 p.m.

Voices

Oh, oh!

12:35 p.m.

NDP

Brian Masse NDP Windsor West, ON

—but there has been very good testimony from both of our previous witnesses.

What can CASL do? There is an argument out there that I've joked about that maybe we need a CASL for Dummies. I have some empathy. The playbook or the rule book should be really clear so that people can understand. That's one thing. I do think there is an onus on a business to understand this, though. At the same time, it does seem a little difficult, or some of the decisions seem a little unclear. Can that happen on its own, just with time, or are there things that we can sharpen right away to make that defining much clearer?

12:40 p.m.

Chief Scientist, Spamhaus Technology Ltd.

Chris Lewis

I'm not sure. There are a lot of players. They're all at different places in their understanding. There are people who are going to make more of it than they need to, for various reasons. The basic principles, the important items, need to be made clear. Then the person has to say his goal in running his company is to follow those basic principles, and here are some of the things he should be thinking about. It should be made clear to him that as long as he's doing a reasonable job, he's in pretty good shape.

For a large company it's the cost of doing business. They have to expend more effort on this, because it's a bigger thing. The issues for the smaller companies that are sending out a couple of hundred or a couple of thousand a month are smaller and should be much smaller, but there is a cost of doing business, because, after all, sending out a million emails is a lot cheaper than sending out a thousand postal messages.

12:40 p.m.

NDP

Brian Masse NDP Windsor West, ON

That's just it. That's the problem. There is very little cost for those who want to do it.

What disturbed me a little with some of the testimony we had earlier was that we had lemonade stands and cousins couldn't communicate and things of that nature. We're trying to get an understanding about managing a serious problem within the context of the legislation or an understanding of what needs to be changed, because change in the legislation could create even more problems.

12:40 p.m.

Chief Scientist, Spamhaus Technology Ltd.

Chris Lewis

Absolutely.

12:40 p.m.

NDP

Brian Masse NDP Windsor West, ON

I think that's one of the things that has been discussed too much

12:40 p.m.

Chief Scientist, Spamhaus Technology Ltd.

Chris Lewis

Yes. The cases we've seen go before the CRTC have not been problematic in that area at all. We're not seeing any lemonade stands being prosecuted by the CRTC. They're all large organizations that either made mistakes or deliberately did things they really shouldn't have.

The penalties from a corporate standpoint seem to have been appropriate. I brought one of the cases that the CRTC successfully prosecuted. I said these are big guys and they're important people. They're not bad people, but they should be made to be a little more careful on this particular aspect. They said giving them a sting is what they intended to do, so that they wouldn't do that any more. Lemonade stands are not going to have large things land on them.

12:40 p.m.

Liberal

The Chair Liberal Dan Ruimy

Thank you very much.

We are going to move back to Mr. Baylis for the final shot.

12:40 p.m.

Liberal

Frank Baylis Liberal Pierrefonds—Dollard, QC

Mr. Chair, I'll be sharing my time with both Mr. Longfield and Mr. Sheehan.

12:40 p.m.

Liberal

The Chair Liberal Dan Ruimy

Okay.

November 7th, 2017 / 12:40 p.m.

Liberal

Frank Baylis Liberal Pierrefonds—Dollard, QC

Mr. Lewis, there's a bit of a dichotomy in some of your testimony. On the one hand you're saying it's not that hard to understand CASL and that people are making more out of it than what it is. They shouldn't be spending these millions of dollars or tens of thousands or hundreds of thousands, as Ms. Arsenault says, and then you swing back and say you'd also like to see the prior right of action have that big hammer hanging over a company.

If I'm a company and I could be facing $10 million in penalties and then also facing prior rights of action, I am going to spend a lot of money. Certainly if someone comes in here and says they have a solution for $695, if I've got a big organization, such as Rogers or Bell, I'm not going to implement a $695 solution. It makes no sense that something that simple will protect me against potential penalties and lawsuits can easily run into the millions. How do you balance those two positions you hold?

12:40 p.m.

Chief Scientist, Spamhaus Technology Ltd.

Chris Lewis

Part of it is seeing what has been happening over the years and the inability of people to deal with specific problems unique to themselves and at the same time knowing how much of an opportunity email has brought to large-scale marketing. There needs to a brake on the massive overkill that sometimes we can see.

As somebody once commented, if every small company in Canada figured they had one kick at the can per year, you'd have a quarter of a million emails in your inbox all the time.

12:45 p.m.

Liberal

Frank Baylis Liberal Pierrefonds—Dollard, QC

We've heard from so many of the corporate witnesses that this is hard to understand. Ms. Arsenault, you've just said that when you sit down with the CRTC, you walk away still scratching your head.

This question is to both of you. I'll go to you and then go back to you, Mr. Lewis. You mentioned the definition for an electronic message and things like that. Could we really simplify it so that I could get it easily, as Mr. Masse said? It would apply to me—CASL for Dummies. I know he was looking at me when he said that—

12:45 p.m.

NDP

Brian Masse NDP Windsor West, ON

How about CASL for Geniuses?

12:45 p.m.

Liberal

Frank Baylis Liberal Pierrefonds—Dollard, QC

How would that help, Ms. Arsenault?

12:45 p.m.

Senior Director, Client Services, Inbox Marketer

Kim Arsenault

I smiled when you said that. CASL for Dummies, I think, is a great idea.

I'm not from the legal side, but I think any law should be fairly simple to understand so that we can abide by it. Drinking and driving is very black and white. In this CASL legislation there is way too much that is open for interpretation, so I think the CRTC, which I've worked with, needs to better understand it themselves, and then—

12:45 p.m.

Liberal

Frank Baylis Liberal Pierrefonds—Dollard, QC

You're saying it's hard for them to understand because it's too open for interpretation, and you'd like to see a lot of things tightened up.

Mr. Lewis, would it make sense to you to tighten up a lot of these definitions, such as the definition for a CEM?

12:45 p.m.

Chief Scientist, Spamhaus Technology Ltd.

Chris Lewis

The main thing I'm concerned about is that by tightening up the definitions, you may be subjecting smaller and medium-sized organizations to more work than they need to do. You'd be making something appropriate for a large organization and trying to apply it to a small one or a very small one, such as a one-person company, so I'm a bit hesitant about saying “This is the record you must keep for every single email.” For 99% of these organizations, that's overkill.

12:45 p.m.

Liberal

Frank Baylis Liberal Pierrefonds—Dollard, QC

What about the electronic messaging? You just gave an example of a newsletter that has a logo, and if you click on the logo, it pulls you into something. The newsletter wasn't a commercial message, but the logo click-through is. What if we just cleaned up things like that?

12:45 p.m.

Chief Scientist, Spamhaus Technology Ltd.

Chris Lewis

We have seen things presented as non-commercial that end up being highly commercial, because that's what organizations will try to do to get some of their stuff in front of people.

Part of the issue in this technology is that things are so complicated that you intentionally have to leave the law vague in certain areas; otherwise you're not going to cover what you should be covering.