Industry Committee on Oct. 3rd, 2022

Thank you.

Yes, I was. I have communicated with them over the years, even just in doing my local programs and education. They have reached out to me.

As far as further support or being able to take basic information that we've had available and working more hand in hand goes, no, it's not really something that I've had experience of, whether that's because we're down in Windsor and just off in the corner, or because we have our local police to deal with it. That part I can't speak to.

There are times in doing the things that I do—working with our local police or doing education and working with our university—when I definitely do feel like I'm operating a grassroots program that shouldn't be grassroots after 10 years. More support, regardless of the direction, would definitely be a benefit.

I have looked at their own materials. I certainly have nothing to disparage about that. It is good and sufficient material. It's very elaborate, but whether or not it's getting to everybody is the question we're probably looking to answer here today.

It's to make the information more accessible. As I said, having higher-level programs or information is not the information that people need. It's very detailed. It's sending potential fraud victims a dictionary and just hoping that they read the whole thing instead of boiling it down to just what the fraud actually is all about and how to avoid it.

For most fraud, it doesn't really matter if it's through a text, a phone call or an email: These are the same types of scams that they're using. You can get an email about cryptocurrency or have a phone call about investing in cryptocurrency. The method doesn't matter.

From what I've seen, there is a lot of focus on information that spends too much time on the methods, making some of the information seem like it's over people's heads. I focus on dialing things down and keeping things straightforward. There's a publication that our local businesses, the Windsor police and a few other private donors actually funded for publication. That was put out through the community, and the reception from it was phenomenal. It's not taking the high-level information and seeing how much we can give to the people or how smart I can make myself seem; it's about how we can take that information and present it to people so that they're going to find it useful.

Thank you.

When our group saw the recommendations from this report, we were actually quite appreciative, because I think they essentially reflected what we had asked for in terms of supporting a hearing. The response, I believe, from the ministry about the hearing was that they didn't feel it was appropriate to have a hearing because they didn't want to solicit views from the public on how to protect themselves—which I thought was somewhat silly, because where the telcos have gotten to now is based on a recommendation we made back in 2020. However, because they have dragged their heels or have not listened to us, more victims have accumulated in that time.

The second thing is that they don't understand that a hearing is not just to, let's say, solicit recommendations or things like that. Many of these victims do not feel heard. You may recall that you asked me back in 2020 how Rogers had responded to my fraud case. They offered me $100. Their customer service representative gave away my information, which took away all of my data. The scammer threatened to destroy my life, to destroy my career, unless I paid $25,000. That's what they asked from me, and Rogers wanted to give me $100 for that. That was the apology.

Other folks who have lost hundreds of thousands of dollars are taking them to court instead. They're not co-operating. It takes these criminal investigations to reveal the kind of decay that's within the practices of the telco. That's why we continue to believe there needs to be a hearing to give that transparency in terms of the numbers. What are the practices? What are the ways and different patterns in how victimization occurs?

The third thing is that we want to codify it. The FCC also believes there is no consistency and durability in these practices. They can choose to not do this or just to say that it was a slip-up. The fourth thing is that we need that enforcement there, which we believe the Australian example shows is critical to ensuring there is compliance and things like that.

Those are the three or four things we stick to, and I believe the committee was a part of this the last time.

Yes, we're highly supportive of the idea. It doesn't matter really what form it takes. Again, it's all about being able to be heard. We've learned a lot from the different victim stories, because our group essentially is very grassroots. I identify them by scanning through articles and reaching out to them, or they come to us and they tell us the circumstances of these issues.

A public-based approach can help people understand how the fraud itself happens, or those points of confusion that enable the fraud—for example, when they get a text message and they don't know whether it is a fraud or not.

The second thing is that if you think about portability, it takes two to tango. There are two telcos involved in it, because it's typically going from one carrier to the winning carrier, so there needs to be a kind of consistent practice and standard across the industry itself.

Third, I think there needs to be a much deeper layer at the business process level when we're talking about these vulnerabilities within the organizations. This isn't just in Canada. This is in the United States and in other countries where we've seen SIM swaps occur, because insiders or the ability to socially engineer people within the organization essentially enables an open season on people's information. I agree with you on that suggestion.

In my advocacy, where I've hit a dead end is that basically I'm stuck at the local level. We're dealing with a border city in a town with a university and a college. We have a very high multicultural population, and I can't even get funding for standard translations. Living in Windsor and with French being our second official language, I don't even have a French copy at the moment, and this is something that I've been involved with for years. It's not something I've just started. This is a problem that I've been trying to crack, and thankfully, with MP Brian Masse inviting me for this committee, my appearance here might even provide some opportunities to get this out.

Anything that I've done over the years is all completely non-profit. It's all volunteer time. I'm not paid for any appearances, I'm not paid for any of the booklets or publications that are put out. This is solely just non-profit, and even at that level, it's definitely difficult getting any level of support.

Okay.

Some of the frustrations I had when I was in the RCMP have actually carried over, and I'm not surprised. One of the things is a passion project I have to try to create awareness. I've never had any high sense that I myself would be able to have a big impact. It's a term that Kevin used several times, “grassroots”, but I kept pushing, pushing, pushing, and most recently came our experience with the Western Union matter. The Federal Trade Commission of the United States was the genesis behind that. They basically forced Western Union to hand over in excess of half a billion dollars through a deferred prosecution process, and those funds went to victims of fraud related to Western Union around the world, which is an amazing gift for victims of fraud.

However, the big problem was with getting that information to victims in Canada. The U.S. Federal Trade Commission kept repeating that message, but it did not resonate in Canada.

In March, I start repeating their message the best I could on my limited social media platform, and then, having no luck, I finally got frustrated and actually wrote the commissioner of the RCMP, both on June 1 and June 7, with a view that at that point the end date for the Western Union offer was at the end of June. It was going to die at the end of June. Unfortunately, my plea went nowhere.

I explained who I was, the experience I had with victims, my engagement with fraud and so on, but there was no response until close, I believe, to the end of June, at which point it was almost moot. At that point they basically posted it on the Canadian Anti-Fraud Centre website. The perverse thing at that time was that it was posted, I think, on June 26, and at that point it was believed that the offer was going to expire for intake at the end of June. It was pointless doing that, because any victim would need at least a week or more to get all their documentation together.

However, two days later the Federal Trade Commission announced that there was going to be an extension to the end of August. The only meaningful access I've had to advance this cause came when I engaged Mr. Masse, and then he pushed it forward. He has a much larger platform than I'll ever have, so I'm very appreciative of that.

What it speaks to, and I try to be as respectful as I can when I say this, is that at the highest level, the RCMP does not appreciate fraud or appreciate the impact fraud has on its victims. That is a current frustration I have now, and it was also a frustration I had when I was actually a member of the RCMP investigating fraud.

No, I have not.

Well, I've consulted several lawyers. It's interesting, because unlike others who've had significant financial losses.... In the case of credit card fraud, let's say, the credit card company or the banks end up kind of compensating folks for that. Other folks who have crypto-thefts are still trying to recover their losses, and many of the people within our groups are trying to recoup between hundreds of thousands to millions of dollars. However, my theft was very insignificant financially. They had essentially taken possession of all of my information and tried to extort me with it. Extortion and the kind of psychological distress of thinking your life is going to be over is something that's very hard to quantify. Therefore, it was just not worth pursuing.

This action was my form of getting my compensation.

That's in the case of a stolen phone. There's a bit of balance here, right? The CRTC wants to allow you to easily port your number. There is actually a rule that they have to execute it within two and a half hours. My bigger recommendation, which doesn't have to apply to just a stolen phone, is that when you have text notification that your number has been requested to be ported, you have to proactively consent by texting back “yes”—that yes, you are trying to execute that port.

Take what happened to me, for example. If I'd gotten that text message at 11 o'clock on a Tuesday, would I have executed a port? Absolutely not. That would never have gone through, and I wouldn't be in front of you today, but that process did not exist at the time.

Afterwards, the telcos introduced a text and didn't require the proactive notification. This was the problem, because people thought it was fraudulent text, ignored it, and executed the port anyway. It wasn't until much later that they did.... According to the Rogers website right now, they say that they have introduced this practice that I introduced back in 2020 before this committee. They're saying that it applies now, but again, there are inconsistent practices and things like that.

This proactive notification should help prevent a significant number of these scams.