ITBusiness reports that Conservative MP Michael Chong, chair of the Industry Committee, is against further watering down of Bill C-27, the anti-spam bill. Will the Liberal MPs on the committee also take a stand against spam?
Canwest covers the fight over C-27, the anti-spam bill, as the Conservatives argue the proposed changes are clarifications, while the Liberals and Bloc don't respond at all.
Earlier this week, I wrote about the mounting lobbyist pressure to water down Bill C-27, Canada's anti-spam bill. The pressure in recent hearings has been intense – Amazon was generally supportive of the bill but still sought an implied consent for existing customers for five to seven years (in other words, seven years to simply ask if the customer wants to receive future emails), the Entertainment Software Association and the Canadian Intellectual Property Council teamed up to warn that the bill would put Canada at a competitive disadvantage, and the Canadian Bankers Association called on the Industry Committee to completely gut the bill by dropping opt-in consent and the private right of action provisions.
Yesterday I attended the last committee meeting before clause-by-clause review as government officials appeared to propose reforms and address committee concerns. The meeting showed the lobbying efforts are bearing fruit as officials proposed 40 changes to the bill. While some are technical, there are several significant suggested reforms. Moreover, the lobbying continued, as Liberal and Bloc MPs appeared to work actively to raise lobbyist issues.
First, the proposed reforms, which include:
The sum total of these changes would be pretty significant – many new exceptions to cover various commercial messages that could have been easily covered by consent, specific exceptions for lobby groups like survey companies (widely abused in do-not-call) and professional associations, a new referral exception for realtors, and a three-year initial period to address concerns from companies like Amazon. Note that these are proposals and not yet adopted by the committee.
While these are big proposed changes, it is clear that the lobby groups would like more, particularly a shift from opt-in to opt-out consent. At yesterday's hearing, it was discouraging to see lobbyists for Canadian Chamber of Commerce and Canadian Intellectual Property Council huddling with Liberal MPs before the start of the hearing. It was even more incredible to see lobbyists for the Canadian Real Estate Association draft a series of questions about the bill, hand them to a Bloc MP, and have them posed to the witnesses moments later.
The general tenor of the hearing saw support from the Conservative MPs, general support from the NDP MP (with some fear that the bill may be watered down with the proposed amendments), CREA questions from the Bloc, and a repetition of lobbyist questions from the Liberal MPs, who persistently wondered whether the bill is too broad or even too transparent (raising the possibility of excluding it from Access to Information).
Anti-spam legislation should not be a partisan issue, but it appears that lobbyists are targeting Liberal and Bloc MPs in the hope of garnering support for a further watering down of the bill. The clause-by-clause review is slated for Monday, October 19th. If Canadians want an anti-spam bill with some teeth, they are going to have to fight for it. Consider writing to your MP or the members of the Industry Committee today asking them to support C-27 with an opt-in approach. The members of the committee include:
The Globe covers the attempts to water down C-27, the anti-spam bill. It notes that Amazon would like a 5 to 7 year exception to allow it to imply consent from customers for further commercial messages.
The introduction last spring of Bill C-27 – the Electronic Commerce Protection Act – represented the culmination of years of effort to address concerns that Canada is rapidly emerging as a spam haven. Industry Minister Tony Clement’s anti-spam bill has steadily made its way through the legislative process, with the Standing Committee on Industry likely to conduct its final "clause by clause" review over the next two weeks.
Although support for anti-spam legislation would seemingly be uncontroversial, my weekly technology law column (Toronto Star version, homepage version) notes that various business groups have mounted a spirited attack against the bill, claiming requirements to obtain to user consent before sending commercial email will create new barriers to doing business online. The Conservative MPs on the committee have remained supportive of the bill, yet Liberal MPs have expressed growing concern about some of the bill’s provisions.
A close examination reveals that the bill sets reasonable limits for online marketing consistent with laws found in countries such as Australia, New Zealand, and Japan. In fact, there are four major caveats to the consent requirement.
First, the bill includes a business-to-business exception so that businesses that send commercial email to other businesses are immediately exempt from the need to obtain consent.
Second, the bill only applies to commercial email. Non-commercial email between friends, family, and colleagues is excluded.
Third, a wide range of business-to-consumer commercial email is also outside the ambit of the bill. For example, businesses can rely on "implied consent" to contact existing customers for a full 18 months and even contact non-customers who merely make an inquiry for six months. In other words, simply inquiring about long distance plans or hotel room availability opens the door to six months of electronic messaging under the guise of implied consent.
Fourth, all other commercial messaging to consumers is permitted – there are no limits – so long as the business has obtained prior consent. There are some form requirements, but nothing that should be considered particularly onerous.
Notwithstanding the implementation of similar opt-in systems elsewhere, some Canadian businesses argue that obtaining prior consent is problematic. These groups would prefer an "opt-out" approach whereby they could continue to send electronic messages to consumers and force them to request that no further messages be sent.
Whenever such concerns are raised, politicians would do well to ask a simple question – is obtaining consumer consent really so unreasonable? It is unreasonable to obtain consent before sending a commercial message about a new service or product? Is it unreasonable to obtain consent before installing software on a personal computer? In most instances, the answer is no.
Canadians frustrated with the lobbying against the anti-spam bill can be forgiven for experiencing a sense of déjà vu since it bears a striking similarity to the efforts to water down Canada's do-not-call list. When the bill establishing the do-not-call list was first introduced, it featured strict limitations on unwanted telemarketing.
However, after weeks of business lobbying, the bill was gutted with new exceptions for business relationships, charities, political parties, polling companies, and newspapers. The end-result is that the majority of telemarketing calls remain perfectly legal, despite the inclusion of millions of phone numbers on the Canadian do-not-call list.
History may repeat itself this week with the anti-spam bill. While this should be a non-partisan issue, reservations from some opposition MPs about the content of the bill suggest that Canada’s contribution to the fight against spam is still far from a done deal.
Business groups resumed their attacks on proposed anti-spam legislation yesterday. The Investment Funds Institute of Canada argued against consent provisions before a House of Commons committee.
The full transcript of my appearance before the Industry Committee discussing Bill C-27 has now been posted online.
I appeared earlier today at Industry Minister Tony Clement's Canada's Digital Economy Conference. I shared the stage with Privacy Commissioner Jennifer Stoddart and Tim Wilson from Visa Canada on a panel titled Toward A Safer, Stronger Online Marketplace. My prepared remarks are posted below:
Canada’s Digital Economy: Toward A Safer, Stronger Online Marketplace
Michael Geist, June 22, 2009
Let me begin by thanking Minister Clement – both for the invitation to speak here today and more importantly for his leadership on this critical issue. We all recognize the importance of the digital environment for commercial, cultural, educational, and communication purposes. Canada was once a proud leader in this arena and I think most would acknowledge that we have failed in recent years to articulate much-needed vision, strategy, and perhaps most importantly – urgency.
Minister Clement opened today’s conference by citing confidence as one of his key concerns. I think he’s identified a crucial concern. Privacy and security are key components in instilling this confidence, but there are other issues. I recently wrote about a digital action plan and I want to tease out several points that arise within the context of building confidence.
1. E-commerce consumer protection
The online marketplace has evolved dramatically in recent years and Canada needs an e-commerce consumer protection framework to match. In this regard, I think Minister Clement should be congratulated for introducing Bill C-27, the Electronic Commerce Protection Act. While often described as anti-spam legislation, it is really much more. It addresses phishing, spyware, and consumer control over their personal computers. It sets the right standard of opt-in consent that may eventually be applied across all consumer marketing.
That’s the good news. The bad news is that some business groups – though not all – the Canadian Marketing Association for example was extremely supportive during hearings last week – have been outspoken in their efforts to water down this legislation. They argue that privacy legislation is good enough or that businesses should be allowed to install software on users’ computers without their consent. These kinds of reforms will not breed confidence. Indeed, the experience with phishing sites or the Sony rootkit case is that it is these instances that undermine confidence. If our goal is to establish a safer, stronger online marketplace, we need strong consumer protection laws that return some level of control to the consumer. It has been more than four years since the National Task Force on Spam issued its unanimous report and there is no need for further delays in implementing its recommendations.
2. Openness
Confidence also comes from greater openness and transparency. After years of closed, “walled garden” approaches, the world is embracing the benefits of openness. The City of Vancouver recently adopted an openness policy that establishes a preference for open standards, open source software, and open government data. The federal government should do the same, promoting the use of cost-effective open source software and the benefits of commercial and civic activity around accessible government data. We are seeing some remarkable open government initiatives around the world. Witness last week’s initiative by the Guardian in the UK, which is crowdsourcing the review of hundreds of thousands of documents detailing MP expenses. Within days, 20,000 people have taken part with about 160,000 pages reviewed. There is no reason that we can’t see similar activity in Canada.
A presumption of openness should extend to other policy areas as well. Open spectrum policies in the forthcoming spectrum auction would spur new innovation and heighten competition by facilitating greater consumer mobility and promote the introduction of new services not tied to a single wireless provider.
The openness principle should also cover access to taxpayer-funded research, often referred to as open access. In recent months, the United States and the European Union have taken strong steps toward making their research openly available, with legislative mandates that require researchers who accept public grants to make their published research results freely available online within a reasonable time period. We have started to move in this same direction but need to make it a priority.
3. Confidence in our networks
Minister Clement opened the conference by acknowledging our slipping rankings when it comes to issues such as broadband and network infrastructure. I believe that there is diminishing confidence in Canada – sinking international rankings and incidents that raise questions about network management practices have left businesses and consumers alike concerned about our wired and wireless infrastructure. Confidence in those networks extends beyond just mere access, however. It involves world-class speeds, fair pricing, transparent marketing, and appropriate network management practices. This is by no means just a consumer issue – businesses big and small similarly depend upon these principles.
As many of you will know, last week the Liberal party joined the NDP in declaring its support for net neutrality. I think this is an exciting development, but this ought not to be a partisan issue. It is a policy issue. While the CRTC will examine network management practices with its own hearing early next month, I believe that confidence in the network must be a core part of our national digital strategy. In the short term, all parties should work together to address these concerns by at least addressing the easy issues such as better disclosures on network management practices, truth in marketing with minimum rather than maximum speeds, no content blocking, the openness principles discussed earlier, appropriate network privacy, and addressing the concerns about undue preferences that were raised during the recent new media hearings.
4. Confidence in Copyright
It will come as little surprise that my fourth issue is confidence in Canadian copyright. A digital strategy must be about more than just the infrastructure – the content on the networks is a key issue for the digital economy and copyright plays an important role in that regard. I’d like to touch on confidence in copyright from two perspectives – both the law and the reform process.
Let me start first with the process, which I believe has severely undermined the confidence of thousands of Canadians. With respect, the process that led to C-61 did little to instill public confidence, with no public consultation and the sense that the process was being driven primarily by a select group of interests. In recent weeks, that sense has recurred with the decision to continue in the non-transparent Anti-Counterfeiting Trade Agreement negotiations and with the admission by the Conference Board of Canada that three of its IP reports were plagiarized, unduly relied on feedback from a funder, relied on too few sources, and lacked sufficient balance. Those are their words, not mine.
We need to restore confidence in the policy making process by putting an end to secret negotiations and an end to the unsupportable rhetoric that seeks to paint Canada as a piracy haven. Instead we need to adopt an inclusive, consultative approach. That means placing these issues within the digital strategy framework and following through with a broad consultation as has been recently reported.
From a substantive perspective, there is need for reform. However, we are not going to increase confidence by adopting rules that encourage locking down content, overriding the flexibilities found in the current law, or that leave Internet subscribers vulnerable to losing their access based on unproven allegations of infringement. We are not going to increase confidence by failing to address the gridlock faced by creators and users.
Instead, we need to provide business confidence with rules that provide sufficient flexibility to innovate. We need rules that give consumers confidence that they won’t lose access to their online purchases whenever an online seller drops support for a particular business line. Rules that assure consumers that it’s ok to use their PVR or to shift music to their iPod. Rules that encourage rather than discourage research into encryption and digital security, distance learning opportunities, access to knowledge and long overdue digitization initiatives. We can achieve this kind of reform and still implement international treaties such as the WIPO Internet treaties.
Finally, a word about leadership. Minister Clement has obviously shown a keen interest in these issues and leadership with today’s event. But we need to build a leadership team – for example, a Canadian Chief Technology Officer and a clear position for digital issues at the cabinet table would also feed confidence. There needs to be a sense of urgency here – there is simply no more time to waste.
My weekly technology law column (Toronto Star version, homepage version) notes that last Thursday began as an ordinary, rainy, spring day in Ottawa. Canadian politicians, having just avoided an unwanted election, were only two days away from an extended summer break. Yet by the end of the day, a trio of events unfolded that could help shape the Internet in Canada for years to come.
The first event took place mid-morning, with the introduction of new lawful access legislation. The bills would dramatically change the Internet in Canada, requiring Internet service providers to install new surveillance capabilities, force them to disclose subscriber information such as name, address, and email address without a court order, as well as grant police broad new powers to obtain Internet transmission data.
The introduction of the legislation by Justice Minister Rob Nicholson and Public Safety Minister Peter Van Loan – accompanied by more than a dozen law enforcement representatives – generated an immediate wave of criticism. ISPs expressed concern about the cost of the program, while privacy groups lamented the government’s about-face on the issue of court oversight since Stockwell Day, the previous Public Safety Minister, had pledged not to introduce mandated disclosure of subscriber information without it.
Given the experience with misuse of surveillance powers in other countries, the bill will likely continue to attract attention as Canadians ask whether the government has struck the right balance between providing law enforcement with the necessary investigative powers, ensuring robust oversight, and preserving online privacy.
Hours later, the scene shifted to Question Period, where Liberal Industry critic Marc Garneau surprised Internet watchers by emphasizing the importance of an open Internet and declaring that the Liberal party now firmly supports net neutrality. The party has adopted a position opposing the management of Internet traffic that infringes privacy and targets specific websites, users, and legitimate business applications.
The move represents an unexpected shift in policy direction just weeks before the Canadian Radio-television and Telecommunications Commission is scheduled to conduct hearings on network management practices. For months, the NDP has stood virtually alone among the major Canadian political parties in its support for net neutrality. With the Liberals now onside, the door is open for a bi-partisan effort this fall to enshrine net neutrality principles into law.
Immediately after Question Period, the Standing Committee on Industry held its final hearing before the break on the Electronic Commerce Protection Act, Canada’s new anti-spam bill. Some business groups have sought to water down the legislative proposal, implausibly arguing that Canadian privacy law is sufficient to address persistent spamming activities and that the ECPA’s tough penalties could dissuade talented business leaders from taking on corporate directorship positions for fear of potential liability.
Representatives from the Office of the Privacy Commissioner of Canada, the Competition Bureau, and CRTC Chair Konrad von Finckenstein firmly put those fears to rest. Assistant Privacy Commissioner Elizabeth Denham rejected the view that current privacy laws are up to the task of countering Canadian spam and welcoming the clarity of the anti-spam bill. Von Finckenstein was similarly supportive of the ECPA, expressing optimism about its potential to address longstanding spam concerns and doubt about whether the prospect of penalties would create a disincentive for would-be corporate directors.
These issues – lawful access, net neutrality, and the ECPA – will be back on the parliamentary agenda in the fall. But on a single rainy day in Ottawa, all three moved to the fore with big implications for the future of the Internet in Canada.
The Industry Committee held two days of hearings on C-27, the Electronic Commerce Protection Act, this week with Industry Minister Tony Clement appearing on Tuesday and my appearance (together with CAUCE executives) on Thursday. The line of questioning on both days was very similar and it is clear that some groups are seeking to sow seeds of doubt about the legislation. I tried to address some of the misconceptions and inaccuracies during my appearance, but it is worth taking these claims head on (I will update as needed):
Messaging Provisions
Will the ECPA mean that businesses can't send newsletters, email updates, or other promotional materials to other businesses?
No. Section 6(5)(b) includes an exception for legitimate business-to-business email.
Will the ECPA mean that I can't send emails to friends or family asking if they're interested in buying something from me or using my services?
No. Section 6(5)(a) includes an exception for individual to individual email with a personal or family relationship.
Will the ECPA apply to non-commercial emails that I might send?
No. The bill only applies to commercial email.
Why has Australia targeted direct marketing, while Canada talks about commercial messages?
Australia has not done that. Both laws use commercial electronic messages.
Does the ECPA extend its jurisdictional reach too far beyond Canada's borders?
The law requires a connection to Canada to apply. This is consistent with jurisdictional law more generally that mandates a real and substantial connection.
Will universities be blocked from sending commercial messages to alumnae?
No. With opt-in consent, they can continue to send messages. Even without such consent, universities are typically registered charities and thus qualify under the Section 10(6) exception for 18 months without the need for opt-in consent.
Will companies be prevented from sending consumers warranty or product recall information?
No. In order to send consumers this information, companies must first obtain their contact information. This provides an easy opportunity to obtain consent for sending future warranty or product recall information. Alternatively, companies will still be able to send information even without this consent for 18 months, providing ample opportunities to obtain the necessary consents.
Will real estate agents be unable to contact prospective clients via referral?
No. Referrals can still take place as the personal relationship exception will allow for an individual to individual email that will facilitate a referral. Alternatively, friends can simply provide the contact information for the real estate agent (which is typically the preferred approach anyway).
Does a business always need explicit, opt-in consent to communicate with customers?
No. Businesses can imply consent for 18 months for any existing customer. That provides plenty of time to obtain an opt-in consent?
Does a business always need explicit, opt-in consent to communicate with potential customers?
No. Businesses can imply consent for six months for any potential customer that has made an inquiry with them.
Software Provisions
Will software vendors be required to obtain consent before installing software updates?
Yes. Software vendors should notify users what is they are installing on their computer and obtain consent before doing so. Past experience involving cases such as the Sony rootkit provide ample evidence for why this is a good thing.
Does the ECPA stop web sites from using cookies?
No. Cookies are text files and are not caught by the legislation.
Does the ECPA pose problems for the use of java or javascript on a webpage?
Possibly. I have proposed some language to address this issue and Industry Minister Tony Clement has indicated his willingness to amend the law to address this concern.
Penalty Provisions
Does the ECPA contain very tough liability provisions?
Yes. Experience in other countries shows that anti-spam law can only be effective with sufficiently tough penalties that create economic risk for spammers.
Is the private right of action really needed?
Yes. Creating a private right of action was a recommendation of the Spam Task Force. Given the ongoing concerns about the enforcement history of the CRTC, Competition Bureau, and the Privacy Commissioner of Canada, a private right of action will allow the private sector to launch lawsuits of their own against Canadian-based spammers. Previous lawsuits against Canadian-based spammers have been launched in the U.S., due to the absence of a Canadian private right of action.
Could the private right of action clog the courts?
Unlikely. Unlike the U.S., Canadian class action lawsuits are rarer and there are court costs that create disincentives against frivolous lawsuits.
Email Harvesting Provisions
Will law enforcement be impeded due to the restriction on email harvesting?
Unlikely. While the ECPA alters PIPEDA to address email harvesting, the numerous police powers to access far more than just an email address remain unchanged.