Michael Geist on Canadian law and punishing spammers [sp]

[Declan McCullagh <declan () well com>]

-------- Original Message --------
Subject: Untouchable? How Canadian Law Can Tackle Spam
Date: Mon, 3 May 2004 08:22:53 -0400
From: Michael Geist <mgeist () pobox com>
To: Declan McCullagh <declan () well com>
References: <Pine.GSO.4.21.0308051908480.15857-100000 () well com>

Declan,

Of possible interest to Politech -- my regular Toronto Star Law Bytes
column highlights my new study on the state of anti-spam legislative
measures in Canada. Despite absence of specific anti-spam
legislation, the paper argues that when viewed in combination, the
current Canadian legal options allow for enforcement actions against
virtually all of the conduct identified by most global anti-spam
legislation including the use of deceptive headers, failure to honor
opt-out requests, limitations on email address harvesting and sales,
and the unauthorized use of computing equipment to send spam.

The problem, the paper argues, rests primarily with the lack of
aggressive enforcement initiatives by the responsible government
departments including the Competition Bureau, Privacy Commissioner,
Ministry of Justice, and CRTC.

Full study at http://www.michaelgeist.ca/geistspam.pdf

Column (posted below) at <http://shorl.com/gisatystabrope>

MG

A RECIPE FOR BATTLING SPAM IN CANADA
Existing laws and regulations could do the job - if they were enforced

Michael Geist
LawBytes

Over the past ten years, spam has grown from a minor annoyance to a
global concern, threatening the reliability of electronic
communication and the adoption of electronic commerce. Despite
developing anti-spam technological tools, promoting greater consumer
awareness, and the introduction of anti-spam legislation in many
countries, the spam problem continues unabated.

  The United States, European Union, South Korea, Australia, and Japan
have taken legislative steps to combat spam. Their statutes feature a
wide range of anti-spam measures including labeling requirements
(such as "ADV" tags in the subject lines of e-mails), prohibitions on
deceptive practices such as false header information, bans on e-mail
address harvesting, the creation of do-not-spam lists, penalties for
commissioning spam, and immunity for Internet service providers that
take good faith steps to stop spamming organizations.

The most contentious anti-spam provisions have revolved around
whether to force consumers to ask to be removed from receiving
commercial marketing (an "opt-out" approach) or to compel businesses
to obtain consumers' positive consent before sending commercial
marketing (an "opt-in" approach). While the United States has adopted
for an opt-out approach, the European Union has opted for the
stricter opt-in framework.

Layered on top of most anti-spam legislation are significant civil
and criminal sanctions including sizable fines and possible
imprisonment for repeat offenders. The civil penalties found in
anti-spam legislation are particularly noteworthy since they
frequently provide parties such as ISPs the right to bring private
actions to obtain statutory damages.

While Canada has yet to enact anti-spam legislation, it would be a
mistake to think that Canadian enforcement agencies are powerless to
combat spam. In fact, current Canadian law features similar powers as
those found in anti-spam legislation elsewhere. Noteworthy Canadian
laws include private sector privacy legislation, deceptive practices
legislation administered by the Competition Bureau's Fair Business
Practices Branch, the application of the Criminal Code, and
enforcement of section 41 of the Telecommunications Act.

The Personal Information Protection and Electronic Documents Act
(PIPEDA), Canada's private-sector privacy legislation, could be a
powerful legal tools to challenge a Canadian spammer on privacy
grounds. PIPEDA covers personally identifiable information, which
could include e-mail addresses, where an address can be identified to
a specific individual.

Once caught within the PIPEDA framework, the statute could be used to
prohibit the collection of personally identifiable e-mail addresses
through harvesting techniques, to require opt-in consent in certain
circumstances, and to ensure that organizations honour opt-out
requests.

Although the Competition Bureau has yet to commence an anti-spam
action, the Competition Act clearly empowers it to seek orders
against Canadian-based spamming organizations on at least two
grounds. First, spamming organizations who use deceptive or false
headers, a practice specifically captured by many anti-spam statutes,
could be targeted for a reviewable conduct order. Second, the Bureau
could also consider the content of some spam such as the ubiquitous
Nigerian net scam or offers to sell suspect health products, which
might meet the deceptive or materially false claim standard
established by the Act.

Canada's Criminal Code could also be used to commence actions against
certain spamming activity. First, section 380 of the Code, which
covers fraudulent conduct, could be interpreted to cover spam that
contains fraudulent or false content. Second, the Code could also be
applied to spamming organizations that access computer servers
without permission, as is typically the case when spamming
organizations make unauthorized use of e-mail servers to send spam.
In fact, the relevant provision could include not only the
unauthorized use of e-mail servers, but potentially e-mail harvesting
as well.

Canada's Telecommunications Act, administered by the Canadian
Radio-television and Telecommunications Commissioner, features an
untested provision that might be used in the battle against spam. It
gives the CRTC the right to "prohibit or regulate the use by any
person of the telecommunications facilities of a Canadian carrier for
the provision of unsolicited telecommunications to the extent that
the Commission considers it necessary to prevent undue inconvenience
or nuisance, giving due regard to freedom of expression."

Viewed in combination, the Canadian legal options would allow for
enforcement actions against virtually all of the conduct identified
by current global anti-spam legislation including the use of
deceptive headers, failure to honour opt-out requests, limitations on
e-mail address harvesting and sales, and the unauthorized use of
computing equipment to send spam.

As illustrated by a recent Yahoo! lawsuit against a Canadian-based
spamming organization, as well as a UK study that reported that
Canada is the world's second largest source of spam, the true
challenge of anti-spam enforcement does not revolve around finding
the spammers nor does it require additional laws. Rather, sufficient
resources are needed such that enforcement actions generate genuine
deterrence to stop the spamming activities perpetrated by the worst
offenders.

A Canadian anti-spam strategy must look to the Office of the Privacy
Commissioner of Canada, the Competition Bureau's Fair Business
Practices Branch, the Ministry of Justice, and the CRTC, the
government departments responsible for administering the laws that
could be applied to spam, to proactively enforce those laws
consistent with their statutory mandates.

Moreover, the Internet community must reconcile itself with the
reality that private sector leadership has failed to stem the spam
tide. Serious spam enforcement requires law enforcement to assume the
lead role. While the private sector remains an essential part of any
anti-spam initiative through private sector suits, investigative
assistance, implementation of technological innovations, as well as
business and consumer education, it must be government that leads on
the enforcement of the current anti-spam legal frameworks.

In the 1987 hit film The Untouchables, federal agent Eliot Ness
battled the seemingly untouchable Al Capone during the Prohibition.
The movie features a memorable scene in which Jim Malone, a veteran
police officer played by Sean Connery, confronts Ness over whether he
is serious about taking on the Chicago mobster. Malone challenges
Ness by asking "What are you prepared to do?".

When Ness affirms he is committed to bringing down Capone, Malone
leads Ness across the street, where the presence of alcohol is
apparently an open secret. As they prepare to enter the building,
Malone notes that since everyone knows where the booze is located,
the question is whether they are prepared to do something about it.

Although Canada's battle against spam is not as simple as Hollywood's
portrayal of the battle against Al Capone, the challenge similarly
rests not with finding the spamming organizations nor with
instituting fundamental legal reforms.

We know the location of leading Canadian-based spamming
organizations. The Canadian legal framework features many of the
tools needed to launch anti-spam legal actions, despite the absence
of specific anti-spam legislation. Rather, the challenge rests with
our willingness to enforce the existing laws by engaging in
aggressive anti-spam national enforcement as well as cooperating with
global anti-spam enforcement initiatives. It is time for Canada to
get serious about spam. What are we prepared to do?

--
**********************************************************************
Professor Michael A. Geist
Canada Research Chair in Internet and E-commerce Law
University of Ottawa Law School, Common Law Section
Technology Counsel, Osler, Hoskin & Harcourt LLP
57 Louis Pasteur St., P.O. Box 450, Stn. A, Ottawa, Ontario, K1N 6N5
Tel: 613-562-5800, x3319     Fax: 613-562-5124
mgeist () pobox com              http://www.michaelgeist.ca

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)