Industry Committee on Sept. 29th, 2022

That's a fair question. I'm going to ask my colleagues to add.

I'll give you two things. I'm a good bureaucrat, and I'd never say no to more money, and I'm sure Steven and Alain would like to have—

—more colleagues, so if you'd like to send some more money to the CRTC, we will use it properly. I can assure you of that. But simply adding more people doesn't solve the problem. First we can focus on education and compliance. We try to get people to abide by the rules. We educate them. As I said, when we get information about fraudulent activities, when we discover those kinds of actions, we pass that on to law enforcement.

One thing I would say that definitely would assist us would be having more flexibility or an enhanced ability to share information with other players, other government departments and agencies, and perhaps international partners. We're very restricted in information-sharing.

Could I ask for indulgence, perhaps, since we have a bit more time, Chairman, just to give one or two examples?

Mr. Harroun, what do you want—more money? Yes, forget that one.

It's always more money.

I think our challenge is that we share a lot of aggregate information with law enforcement partners—municipal, provincial and federal. For us to say, okay, here's a campaign with very specific details, we are unable to do that on any of those levels. I'm not sure what piece of legislation it is, but sharing that information to very specifically go after this person or this thing is something we're unable to do right now under our legislation.

Pardon me for interrupting, Mr. Chair.

I would just add a few points on what Ian mentioned.

On how much we spend on this, the only thing I can say for sure is that when we set up the DNCL, the do not call list, we also created the do not call list operator. The role of the operator is to, of course, receive and compile complaints and to share the complaints with us, but also to collect the portion of the fee that the CRTC needs to execute its mandate. If I have to put an amount on it—it's in the DNCL report—it's $3.3 million. Is it enough? That's another question.

That's the cost of running that particular program.

I echo Ian's and Steven's comments—it's a global problem. We need collaboration. We need co-operation. We don't have the tools in our hands to sit at the same table as the RCMP or the other law enforcement agencies. You must understand that the regime is a civil regime actually. We're not police officers. I don't have guns. Steven doesn't have guns.

Sometimes the modus operandi is a mix of extortion and.... At some point it becomes very difficult for us to sit at the same table and openly share information with law enforcement agencies.

This involves all the major providers and many smaller businesses.

Mr. Garneau, would you like to answer the question?

With pleasure.

The Bell case, which is recent, was mentioned. I think it's a very good example of a business that takes matters into its own hands. Rogers recently made a real breakthrough too. It adopted an artificial intelligence-based technology that uses algorithms to provide call recipients with caller IDs or at least to let them decide whether calls seems legitimate.

You have to understand that the purpose of the STIR/SHAKEN technology isn't to block calls but rather to provide people receiving them with the information they need to decide whether they want to pick up once the calls have been validated at level A, B or C. Without going into the details, the role of the service provider through which the call is made will essentially be to authenticate the call by certifying that it comes from one of its clients, that it knows the individual and that it is indeed Ian Scott, for example. The service providers of individuals who receive calls will confirm that they may answer it and that it is indeed Ian Scott who's calling, not someone in Europe who's trying to defraud them.

Allow me go back a little in time to provide you with some details.

Our first step was to address calls made using VOIP technology, the Internet protocol. The reason for that is simple: TDM networks, which use time division multiplexing, are still in widespread use in Canada. Requiring providers to migrate to VOIP technology is one thing, but you have to understand that costs are associated with that. So you have to proceed gradually. That'll be the next step.

The United States has adopted or mandated out-of-band authentication, which makes it possible to certify calls even if they're carried on a TDM network. That's the approach we adopted in Canada. You have to understand that the Canadian market is smaller than the American one. You also have to consider the access to technological solutions that vendors provide.

For smaller service providers, the CRTC recently requested that the Canadian Secure Token Governance Authority increase their coverage so those providers could have easier access to those tokens too. So we're doing something for the small players.

The resellers among them can participate through their service provider, which will be able to validate their calls.

Generally speaking, everyone's cooperating.

As Mr. Garneau said, however, sharing information is a problem because the act lays down limits in that regard.