Madam Speaker, I have a couple of key points from the background information that was provided on the bill. It reads:
The bill also addresses the legislative recommendations of the Task Force on Spam, which brought together industry, consumers and academic experts to design a comprehensive package of measures to combat threats to the online economy.
The intention of the proposed legislation is to deter the most dangerous and damaging forms of spam from occurring in Canada and to help drive spammers out of Canada.
This bill proposes a private right of action, modelled on U.S. legislation, which would allow businesses and consumers to take civil action against anyone who violates the ECPA. The proposed ECPA's technology-neutral approach allows all forms of commercial electronic messages to be treated the same way. This means that the proposed bill would also address unsolicited text messages, or “cellphone spam”, as a form of “unsolicited commercial electronic message”.
The bill would establish a clear regulatory enforcement regime consistent with international best practices and a multi-faceted approach to enforcement that protects consumers and empowers the private sector to take action against spammers.
An important proponent of the proposed ECPA is the enforcement regime whereby the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner would be given the authority to share the information and evidence with their counterparts who enforce similar laws internationally....
It goes on to talk about the administrative monetary penalties of up to $1 million for individuals and $10 million in all other cases. It talks about the CRTC role and the role of the Privacy Commissioner.
I know that many of the people listening to this debate know what spam is but I want to give a definition because, like anything else, spam means one thing to one person and something else to another. Spam is identified as the abuse of electronic messaging systems, including most broadcast mediums' digital delivery systems, to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is email spam, the term applies to similar abuses in other media instant messaging: news net news groups spam, web search engine spam, spam and blogs, wikispam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions and the file sharing network.
Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold centres accountable for their mass mailing. Because the barrier to entry is so low, spammers are numerous and the volume of unsolicited mail has become very high.
The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled and has been the subject of legislation in many jurisdictions.
I want to talk briefly about the costs. There are certainly costs to business when we talk about the filters and all the mechanisms that they need to put in place in order to prevent spam from getting into their systems, whether it is their cell phone systems or their Internet or email systems.
There is also the cost to workers. Many times when we are talking about businesses in the House, we are often talking about productivity and efficiency. In some of the previous work I have done, when we talked to businesses about how to improve productivity and efficiency, we often looked at time management techniques. One of the statistics that came from looking at time management techniques was that every time people were interrupted at a task, it would take them seven minutes to get back to the level where they left off.
Every time workers have their systems infiltrated by spam, we see a direct impact on the productivity of that company. Even if workers set time aside to look at their email, when they are dealing with junk email, it prevents them from dealing with the other activities before them. We know it takes a significant amount of time to get back to the place they left off. Therefore, there is a direct impact on worker productivity.
Many of us in the House have experienced spam on what should be a fairly highly protected system. It is an annoyance, a cost factor and extremely disruptive.
Some citizens are more vulnerable to spam. Fraud is involved, both in terms of stealing identity and in terms of having vulnerable people being hooked into purchasing goods and services that they do not need and which are often not of the quality and substance one would expect.
Therefore, there is a very real cost to businesses, to consumers and to the average citizen.
The important thing to point out about this legislation is that Canada is the only G7 country without anti-spam legislation. We often like to tout ourselves as being a proactive and progressive country and here we are lagging seriously behind. In fact, Canada ranked fifth worldwide as a source of web-based email spam, trailing only Iran, Nigeria, Kenya and Israel. It is a pretty sad track record to say that we are one of the countries that is a haven for spammers. Our track record is so bad that we are considered almost lawless when it comes to preventing spam.
Part of what we know about this is that companies anxious to target Canadian-based spammers have been forced to turn to other countries to do the job because we do not have legislation. They actually need to go to international law enforcement agencies that look at criminal spam activities. However, they have difficult enforcing any legislation because the Canadian authorities lack the requisite investigatory powers.
Michael Geist said:
The fact that organizations are forced to use U.S. courts and laws to deal with Canadian spammers points to an inconvenient truth -- Canadian anti-spam laws are woefully inadequate and we are rapidly emerging as a haven for spammers eager to exploit the weak legal framework.
We can see that there is sufficient information out there to say that Canada needs to take action and it is long past due.
In an article from December 16, 2008, CBC News, it says:
Canadian computers — many of them unwittingly — send out over nine billion spam e-mails a day, almost five per cent of all global spam traffic, according to a report from network and internet security firm Cisco. In an annual security report...Cisco estimated almost 200 billion messages per day, or 90 per cent of all e-mails sent worldwide — can be defined as spam, double the volume of the previous year.
I talked earlier about the cost to business, the cost to workers and the cost to citizens. When we look at that volume, it is shocking. Again, Canada has known about this problem for many years and it is only now that we are getting legislation.
I want to talk briefly about some of the key components of the legislation. There are three primary prohibitions. This bill would require all senders to obtain express consent before sending commercial electronic messages, including email, instant messages and so on, and to include contact and unsubscribed information. It would also require provisions designed to counter phishing, spyware and botnets used to send spam.
Various sections deal with this but I want to deal with three requirements: the form, consent and jurisdiction. The law requires that the identification of the person sending the message, as well as on whose behalf it is sent is included, contact information of the sender, because I think many of us have ended up with messages that we have no idea who is behind the sending, and an unsubscribe mechanism. The unsubscribe mechanism must allow for an easy opt-out by email or hyperlink that remains valid for at least 60 days after the message is sent. The sender has 10 days to comply with the unsubscribe request, and currently we know that spammers use the unsubscribe button to actually send more spam. If this is truly enforced, this unsubscribe mechanism, it will actually cut off some of the junk email that we are currently getting.
I want to touch briefly on the enforcement provisions. What we know is that the enforcement provisions do not have any real teeth. We can put all the fines we want in the act, but if we do not have the resources and the tools to commit to enforcement, they are meaningless.
I want to briefly talk about the do-not-call list because some changes to that legislation are embedded in Bill C-27.
In an article by Geist, he says:
Government Quietly Lays Groundwork For Overhaul of Do-Not-Call List....
We know in this House that there have been some serious problems with the do-not-call list. When I talked earlier about the need to have this bill go to committee, what we want to do is ensure the bill accurately deals with the problem that is before this House. We saw this with the do-not-call legislation and with the voter identification where a bill was put before the House but the government did not get it right and it had to make amendments to the bills, which was time-consuming and costly.
Therefore, it is very important that the bill comes before the committee and has a full and extensive review to make sure that the bill is actually going to deal with the spam problem.
In Geist's article, he said:
Four years after the National Task on Spam unanimously recommended that the Canadian government introduce anti-spam legislation...the Government took action by tabling Bill C-27....
While the introduction of anti-spam legislation is long overdue, one of the most significant changes was not reported or even included in the government's briefing materials. Buried at the very end of the 69-page bill, are provisions that would lay the groundwork to kill the National Do-Not-Call list.
It is interesting that it was buried at the end of the bill and not included in any briefing documents, because what it actually says is, “Oops, we blew that initial piece of legislation”.
The proposed approach is very complicated, but boils down to the government repealing the provisions that establish and govern the do-not-call list. In its place, the ECPA approach of requiring an opt-in would apply, meaning that Canadians would no longer need to register their phone numbers on a do-not-call list. Instead, the presumption would be that telemarkets could not call without prior consent. The ECPA would also bring with it stronger penalties (up to $10 million) and fewer exceptions.
Although the do-not-call list is less than a year old, change cannot come soon enough. It faced severe criticism earlier this year when it was reported that out-of-country telemarketers, who are out of the regulatory reach of the Canadian Radio-television and Telecommunications Commission, were accessing the list and making unwanted calls to Canadians. With more than six million numbers now registered on the list, the prospect of do-not-call registration leading to more calls rather than less instantly became a disturbing reality for millions of Canadians.
What that is talking about is people who registered their numbers, and then telemarketers outside of the country accessed the do-not-call list to call people. That seems like a pretty good gap in the legislation.
I hear some of my colleagues calling it a boondoggle. I would certainly say that it is a serious problem when the very legislation that is supposed to protect consumers actually results in more calls to them.
This is buried in this piece of legislation, changing the goof-up.
While the misuse of the do-not-call list remains a concern, a review of thousands of pages of internal government documents released under the Access to Information Act reveal that it is only the tip of the iceberg. In addition to lax list distribution policies, the enforcement side of the do-not-call list raises serious alarm bells with the majority of complaints being dismissed as invalid without CRTC investigation, the appearance of a conflict of interest in sorting through complaints, and a regulator that has been content to issue to “warnings” rather than levying the tough penalties contained in the law.
He went on to say:
The proliferation of the do-not-call list is certainly disconcerting, but [the] picture that emerges about its enforcement is even more troubling. The documents reveal that the CRTC receives over 20,000 telemarketing complaints each month, many involving the do-not-call list (some complaints may relate to other telecommunications rules that cover automated dialers or curfews).
The article goes on to talk about the fact that the initial evaluation of complaints is handled by Bell, which manages the do-not-call list rather than the CRTC. Here we have industry policing the do-not-call list and deciding whether complaints are legitimate or not. It goes on to talk about the fact that, for example, in January, Bell reported there were only 42 valid prima facie national do-not-call violations, while 3,033 national do-not-call complaints were ruled invalid. That is, in 42 out of 3,033 complaints, it was ruled by industry, Bell, that the complaints were not valid.
That does sound a little bit like the fox in the henhouse to me. So when we are talking about enforcement, as the member for Windsor West has rightly pointed out, there are some concerns about whether the enforcement mechanisms in the bill will actually be applied.
Geist goes on to say:
Complaints that survive Bell’s initial round of scrutiny go to the CRTC for further investigation. To date, the CRTC has sent out approximately 70 warning letters where it believes there are reasonable grounds to conclude that the organization is not in compliance with the do-not-call list legislation. Recipients of the letters are asked to take “corrective action” to address the concerns and warned that failure to do so could lead to penalties of up to $15,000 per violation for corporations. Notwithstanding that threat, the CRTC has yet to levy any fines.
When we have legislation that proposes a maximum penalty for individuals of $1 million, and $10 million for any other person, it sounds like pretty hefty fines. However, we need to put forward a mechanism that, first of all, allows appropriate investigation without interference by industry.
With regard to Bell, I do not know about anybody else, but I certainly receive messages from Bell. If I were to complain in regard to the do-not-call list and Bell is the investigator, I wonder what kind of independent scrutiny would be paid to that investigation.
The enforcement piece of this is critical. Canada's reputation internationally with regard to spam is in shreds. In order for us to tell the international community that we are going to walk the talk on this, we need to ensure that resources are put in place to make sure that the enforcement mechanism actually happens.
In conclusion, the New Democrats are in support of sending this bill to committee. I want to reiterate our position that it is very important that we have experts and technical witnesses who can deal with the content of this bill to ensure that Canada will actually be able to say, “Yes, we have anti-spam legislation that is going to stand up to international scrutiny, has appropriate enforcement mechanisms, and will actually protect businesses, consumers and Canadian citizens against both fraud and impact on the cost to productivity in this country.