Dear Minister Bernier,
As you are doubtless aware, representatives from industry, Internet Service Providers (ISPs), consumer groups and government and law enforcement gathered together from May 2004-2005 in a group known as the Federal Task Force on Spam. We are two of the members of the Task Force, representing Canadian consumers and Internet users, worldwide.
The Federal Task Force on Spam submitted a comprehensive report to your predecessor, the Right Honorable David Emerson in May 2006, which he accepted and offered public assurances that its recommendations would be implemented. Among those recommendations were laws to help deal with the new threat of spam.
Back in the mid-90s when spam first became commonplace it was easy for ISPs and individual users to deal with the problem - they could just hit the delete button and be done with it. But last year alone, AOL dealt with half a trillion spam messages attempting entry into their systems. ISPs across Canada of all sizes are under severe attack of the same proportions relative to their size.
But the problem of spam doesn't stop there. Spam is no longer limited to exhortations to buy various potations of dubious origin and effect. We are now faced with spam as a delivery mechanism for spyware that steals personal and corporate information from its recipients, often with no action at all required on their end. (That is to say, merely viewing the message is enough to infect their system.) Mail Threats include viruses which destroy data, zombies which allow "Bot-masters" to control a user's computer from afar, and phishing, the sending of counterfeit messages from financial institutions to trick recipients into revealing their account information, for identity theft and to empty their bank accounts.
Of all of these threats, Bot-nets are perhaps the direst in terms of national security; they can be used to send spam, or to attack points of infrastructure to disable them. Hospitals and 9-1-1 systems have been attacked in this manner. What makes this even more pernicious is that vast numbers of so-called Zombie Armies are readily available for rent or purchase, for relatively little money. It is only a matter of time before terrorists use them in tandem with a 'real-world' attack to confound any emergency response.
In this country, we are seeing the presence of organized crime behind the dissemination of zombies, obscene materials including bestiality and child porn, and phishing scam attacks. The latter have doubled in number each month for the past year, against all of our financial institutions and ultimately their customers. The drop in consumer confidence in online banking and purchases has already begun and is measurable in the double digits. This is having a profound impact on the online economy. Perhaps the hardest hit at the moment are those firms who do legitimate email marketing, and whose difficulty in distinguishing their messages from spam has spawned a cottage 'deliverability' industry as receiving sites ramp up their filtering ever higher so as to stave off complete meltdown of their servers.
At the FTC Spam Summit held several years ago, an AOL representative told me that were they to remove their spam filters, their entire network would be driven offline in no more than fifteen minutes.
Sadly, we do not yet have any effective legal manner in which to deal with these threats. In the absence of laws in Canada (we are the only G-8 country not to have specific anti-spam laws), we have become a haven for spammers. Legal actions are becoming commonplace throughout the world, save for Canada. Indeed, the Commissioner of the Competition Bureau recently made mention of our poor abilities to deal with criminals; they look at fines as a cost of doing business.
Furthermore, in a recent press conference announcing the arrest of numerous criminal spammers under the auspices of Operation Global Con, in which the RCMP and Competition Bureau participated, U.S. Attorney General Gonzales was asked specifically about the weak laws in this country. Justice Fish of the Supreme Court of Canada has called for specific laws to help the legal community deal with the new vistas of threats from the Internet.
But do allow us to reassure you that we have made some progress since last year. Recently, several of our report's findings were adopted by the OECD in amended form as best common practices for email marketers and network operators. Canada set the highest standards in these areas, and the world rose the to challenge and adopted them as guiding principles. Our own ISPs and network operators have implemented Task Force recommended practices such that we have seen a dramatic decrease in the amount of spam being illicitly sent via Canadian servers.
But the spammers, some of them foreign nationals, remain. We are considered 'offshore'; some of the biggest spam operations including infamous American spammer Allan Ralsky have set up shop here. We think that for the good of the online economy, the family users of the Internet, Canadian consumers and businesses, and for the very security of this nation the Canadian government should take immediate action on the recommendations of the report from the Task Force on Spam.
Strong legislation will protect us and to allow us to take our place on the international stage as partners in the fight against spam. Consumer groups, law enforcement, ISPs, professional email marketers, the broadest possible coalition of stakeholders imaginable, agreed to the contents and recommendations of the final report.
Chair, CAUCE Canada
Member, Federal Task Force on Spam
Member, London Action Plan
Member, Anti-spyware Coalition
Member, Internet Corporation For Assigned Names and Numbers