Bill C-27 3rd Reading & Debate in House of Commons

According to a MessageLabs report of September 2009, which is a division of Symantec Corporation, spam accounted for as much as 86% of all global email traffic. Unfortunately, Canada is in part responsible for this problem.

Canada ranks as one of the top originating states for spam. In Cisco 2008 Annual Security Report Canada ranked fourth on the list of spam by originating country list.

Late last year in the United States, Facebook won $873 million U.S. in damages from an American court arising from the activities of a spammer based in Canada. That case was prosecuted in the United States and not in Canada. That speaks to the lack of Canadian legislation in place to prevent this kind of activity.

If Bill C-27 is passed by the House at third reading, Canada will go a long way to combating spam and spam-related threats. Based on the experience of other states with similar legislation, a reduction in spam is quickly expected. When Australia adopted similar legislation in 2004, it dropped out of the world's top 10 spam-originating states and major spammers in Australia closed their operations altogether.

While the legislation will not eliminate spam entirely, Canadians will see a reduction in the amount of spam in their inboxes. Equally important, the legislation will decrease the most damaging forms of spam from originating in Canada and will help drive spammers and their associated illegal activities out of Canada.

November 02, 2009, 16:55:

Hon. Michael Chong (Wellington-Halton Hills, CPC):
Mr. Speaker, I am pleased to rise to speak to the third reading of Bill C-27, Electronic Commerce Protection Act, or as it is also called the ECPA.

As chair of the Standing Committee on Industry, Science and Technology, I want to recognize the constructive work of all the members of the committee from all parties in improving the bill.

The bill, as amended, from committee has benefited from the work over the past months of the members of the committee. As a result, a number of key elements in the bill have been strengthened, clarified and have been done in a way without diminishing the core principles of what the government has been trying to achieve.

Email is a wonderful technology, and it has only been just over 10 years that we have all been using email broadly. In just over 10 years, it has completely changed our lives. However, many of the benefits of email have been offset by the problem of spam, which is unwanted and unsolicited commercial emails.

According to a MessageLabs report of September 2009, which is a division of Symantec Corporation, spam accounted for as much as 86% of all global email traffic. Unfortunately, Canada is in part responsible for this problem.

Canada ranks as one of the top originating states for spam. In Cisco 2008 Annual Security Report Canada ranked fourth on the list of spam by originating country list.

Late last year in the United States, Facebook won $873 million U.S. in damages from an American court arising from the activities of a spammer based in Canada. That case was prosecuted in the United States and not in Canada. That speaks to the lack of Canadian legislation in place to prevent this kind of activity.

The high volume of spam in recent years has negatively affected the productivity of the Internet and all the technologies associated with the Internet. When a high volume of email is spammed, many people spend hours deleting unwanted messages, networks slow down and companies are forced to spend millions, if not billions of dollars, upgrading their systems, their networks, their backbones, their routers, their pipes to the Internet in order to accommodate the additional bandwidth and network capacity needed to handle this volume of email traffic.

The high volume of spam has impeded the full potential of the Internet as a platform for both personal and commercial use. Spam is more than just unwanted email. It is often used as a vehicle to perpetrate fraud on Canadians. It can lead to online fraud by luring individuals to counterfeit websites, also known as phishing. It can lead to the theft of personal data to rob bank accounts and credit card accounts, called identity theft. It can lead to the collection of personal information through elicit access on one's laptop or on one's computer, known as spyware. It often is used as a vehicle to perpetrate fraud on Canadians

Not just Canadians suffer but Canadian businesses suffer and often this is an overlooked fact of spam. Canadian businesses suffer because they are the victims of the counterfeiting of their corporate website to defraud individuals. We all know of examples of getting emails from spammers or from other people who wish to perpetrate fraud. They ask for people's banking information. They send an email that contains a page that looks like a Royal Bank website or a TD Bank website and often many unsuspecting individuals give their information to these spammers, the people trying to perpetrate this fraud.

It also leads to spam borne viruses and other malicious software called malware, which are used to create networks of zombie computers known botnets without the knowledge of their owners. This undermines confidence not just that Canadians have in the Internet but that Canadian businesses have in the Internet as a platform for commerce, as a platform for doing business in the 21st century.

I do not think it is hyperbole to say that spam is costing Canadians and Canadian businesses billions of dollars a year in fraud, in network capacity and in the need to upgrade systems to handle the volumes of email which we are seeing. It costs the economy through malicious programs such as malware, spyware, phishing, viruses, worms and Trojans that enter computers. It costs the economy in terms of undermining Canadians and Canadian businesses in their confidence of the Internet, often having to rely on old-fashioned ways of doing business because the Internet is not seen as trustworthy enough to conduct certain types of business transactions.

In response to this problem, the Government of Canada launched a task force on spam to consult Canadians and their businesses. The task force was given one year to consult and report. In May 2005 the task force reported its findings and recommendations in a report to the Minister of Industry. I want to thank the members of the task force for their valuable work in this regard.

Our government has acted on the recommendations and findings of the task force by introducing Bill C-27, anti-spam legislation entitled "The Electronic Commerce Protection Act", or the ECPA. This legislation will deter the most damaging form of spam from happening in Canada and will help drive spammers and their associated activity out of Canada.

The legislation addresses the recommendations of the task force on spam, which brought together experts from industry, academia, consumers and other business experts to come together to craft a comprehensive set of measures to combat threats to the online economy. Successful legislative models in other states were also examined and taken into account when drafting the bill.

The legislation will allow Industry Canada to act as a national coordinating body to educate consumers, track and analyze statistics and trends and lead policy oversight and coordination.

The legislation will also facilitate the establishment of a non-governmental agency, the spam reporting centre, which will receive reports of spam and related online threats, allowing it to collect evidence and gather intelligence to assist the three reporting agencies, the Canadian Radio-television and Telecommunications Commission, the Competition Bureau and the Office of the Privacy Commissioner, with the investigation and prosecution of offences.

It is important to note that the ECPA does not apply to non-commercial activity. Political parties and charities, other organizations that contact Canadians through email will not be subject to the ECPA, provided these emails do not involve selling or promoting a product.

Bill C-27 will protect Canadians and their businesses from the most damaging and deceptive forms of electronic harms and provide a regulatory regime to protect the privacy and personal security of Canadians. The rules will encourage confidence in online communications and e-commerce on the Internet.

The bill before us provides the CRTC, the Competition Bureau and the Office of the Privacy Commissioner with the tools they need to pursue those who undermine our online economy and to work with one another and their international counterparts. The bill has sharp teeth, administrative monetary penalties of up to $1 million for individuals and up to $10 million for businesses.

The bill in front of us today resulted from a great deal of work from several different sources. On the one hand, we had the recommendations and findings of the 2005 task force on spam. On the other hand, we have also benefited from some of the work that former Senator Goldstein did in Bill S-220 in this regard.

Some of the features in this bill differ from what Mr. Goldstein had previously proposed. One of the most important is the use of the CRTC, the Competition Bureau and the Office of the Privacy Commissioner to enforce the provisions, in other words, using regulatory agencies to enforce the provisions of the spam bill rather than using police enforce
ment agencies as Bill S-220 had proposed.

The RCMP has other urgent law enforcement responsibilities, and I believe we should not redirect those precious resources to the monitoring of unsolicited commercial email. I believe that regulatory authorities are better positioned than law enforcement authorities for this kind of white collar problem.

In drafting Bill C-27, the government also drew on a wealth of experience in other states in combating spam. The bill drew on work that had been done in New Zealand, Australia and in the United States. The bill also benefited from the approach taken by other states as well. The bill before us is based on the best and most effective aspects of those legislative regimes in those states.

By being consistent with the approaches of other states, by using regulatory approaches and regulatory agencies in effecting this anti-spam bill rather than law enforcement agencies, we will help promote greater international co-operation to combat spam and other online fraud.

As members of the House know, Bill C-27 adopts an express consent regime designed to give businesses and consumers control over their inboxes and their computers. It requires that the individual's consent be sought and obtained in order to permit an ongoing commercial transaction. Once consent has been expressed by an individual, it remains until the individual opts out or revokes that consent. The industry committee took a careful look at how to ensure that the companies that used email could keep in touch with consumers so they did not inadvertently find themselves in violation of the law.

Members of the House will also know that the bill contains implied consent provisions that have been expanded to include suspicious publication of an electronic address. If someone publishes his or her email address on a website or in a print advertisement, he or she is considered to have consented to receive unsolicited commercial messages, provided the sender's message relates to the business or office held by the person.

Consent is also implied when a person gives out a business card or provides an email address in a letter. Similarly, the amended bill clarifies that when a business is sold, the purchaser has an implied consent to contact the customers of that business. Following the initial transaction between a business and a consumer, the period of implied consent has been expanded to 24 months from the original 18, as first contained in the original bill. This gives businesses even more time in which to obtain the express consent to further commercial transactions.

Another area in which the bill has been amended is in ensuring that updates to computer programs are not adversely affected by the protections we have put in place against malware and spyware.

The committee looked at the impact the bill would have on the installation of computer programs. It has been amended in the situation where the installation of updates, as it is understood as part of an original contract under which the software is installed, is not prohibited by the bill. Most of these programs call for automatic updates, such as daily or weekly updates, to anti-virus software. These updates will not require fresh consent for each instance. Running programs such as JavaScript or Flash programs will also not require express consent each time they are run.

Let me say a few words about the private right of action before I conclude. Some hon. members have questioned whether a private right of action is necessary. I believe it is. The private right of action enforces and complements the enforcement efforts of the CRTC, the Competition Bureau and the Office of the Privacy Commissioner. I would remind the House that this feature has been very effective in other jurisdictions in shutting down those such as spammers who have caused to the electronic economy. I believe it will be equally effective here in allowing groups or individuals to pursue violators. The private right of action will allow individuals and businesses suffering financial harm an avenue of recourse to be compensated and awarded damages.

Finally, the bill is technology-neutral. Bill C-27 recognizes that the convergence of voice and data is happening and will eventually be complete. It will allow the Government of Canada to prevent spam and associated threats regardless of how the technology evolves. Therefore, the bill will remain current in the future as technology evolves.

If Bill C-27 is passed by the House at third reading, Canada will go a long way to combatting spam and spam-related threats. Based on the experience of other states with similar legislation, a reduction in spam is quickly expected. When Australia adopted similar legislation in 2004, it dropped out of the world's top 10 spam-originating states and major spammers in Australia closed their operations altogether.

While the legislation will not eliminate spam entirely, Canadians will see a reduction in the amount of spam in their inboxes. Equally important, the legislation will decrease the most damaging forms of spam from originating in Canada and will help drive spammers and their associated illegal activities out of Canada.

The Internet has become the primary platform for online commerce and general communications. Canada has had a long history of global leadership in the telecommunications sector. E-commerce is now a part of the Canadian economy, with billions of dollars of goods and services being sold over the Internet each year in Canada.

If adopted by Parliament, this legislation would allow Canada to continue in that leadership, ensuring that we remain a secure locale for e-commerce and for Canadians. It is time for Canadian law to catch up with the Internet age. All parties in the House have expressed their desire to strengthen confidence in online commerce. All parties are opposed to spam and see the danger of it.

We have studied this bill at great length in committee and have emerged with important amendments that clarify it. The time has come to pass it at third reading.

debate at http://www2.parl.gc.ca/HousePublications/Publication.aspx?Language=E&Mode=1&Parl=40&Ses=2&DocId=4197556#TOC-TS-1710