Information & Ethics committee  That's right.

Information & Ethics committee  You're quite right, honourable member. In fact, I believe I had another engagement. It was my colleague, then-assistant commissioner Elizabeth Denham, now the commissioner for British Columbia, who came several days. It was a very difficult situation for everybody to understand, because it was a few days before the end of the fiscal year.

Information & Ethics committee  I'm not a huge specialist on this, but I think basically it's like the expression that somebody “throws the dictionary” at you. In the virtual world you just go through all the known forms of words, addresses, symbols, and so on that you can. It's just an all-out blanket attack at every kind of known, recognizable...I won't even say word, but phoneme or something, that is known to these computers.

Information & Ethics committee  The six FTEs are particularly for the anti-spam initiative. They will be scattered across the organization in each of our major functions, such as research, communications, law, compliance, etc. It will be more or less like that. They will be mainly, I would think, acting as in-house experts and liaising with the outside world.

Information & Ethics committee  I do not have the numbers with me, but Mr. Baggaley, who sat on an interagency committee with Industry Canada, may be able to provide more details on that. Generally speaking, I think we can estimate with a fair bit of accuracy the number of spam emails entering and leaving Canada.

Information & Ethics committee  That is an excellent question, sir, but personally, I prefer to use as little public money as possible. We are very aware of the need to be as mindful as possible of taxpayer dollars these days. There have already been spam attacks on certain sites, including Facebook and other social networking sites on the web.

Information & Ethics committee  I would put anti-spam enforcement in two different buckets. There are compliance efforts, and then there's education of the broad public and education of other stakeholders that we work with. There's education so that people know how to recognize spam. One of the problems is that spam is becoming so sophisticated that it continues to draw in more and more people, or at least the same number of people, so just keeping the public up to date on the latest kinds of spam attacks is going to be an ongoing effort.

Information & Ethics committee  That's partly it, but it's also other stakeholders. I've appeared before this committee on anti-spam issues quite frequently, and there's a whole network of stakeholders, ranging from those who work on anti-spam devices such as firewalls and technological ways of combatting spam to various police forces.

Information & Ethics committee  Yes, thank you. I understand you've had a very busy day, so I will try to be very economical with your time. As you said, Mr. Chair and honourable members, we're here to discuss the supplementary estimates relating to our oversight role in relation to Bill C-28, known as the anti-spam legislation.

Transport committee  Well, if they're on a commercial airline, then they'll have all the other elements, and they'll probably then run it against the address and perhaps go back into other databases. Maybe you have done this before, prior to the overflight program, so they would have other information about you and could distinguish between you and the same person with your name but who is in fact a felon.

Transport committee  Yes.

Transport committee  Yes.

Transport committee  Very simply, the issue was that T.J. Maxx, the parent company in the United States, took a business decision not to move to the industry-mandated higher level of encryption for its transmission of personal information around the use of credit cards because it didn't think it was a huge risk.

Transport committee  I don't know, but I would presume that American government national security transmission goes to the highest standard of encryption available, which T.J. Maxx consciously decided not to do.

Transport committee  Again, I'm not privy to how the United States runs its security program, but my understanding is that it's not just to see who's an immediate threat, but to try to prevent threats by looking at patterns of people who may be overflying the United States. For example, one thing that seems to come out is that before someone does something drastic, they make several dry runs at it to check out the defence system.