The CRTC (Canadian Radio-television and Telecommunications Commission) is one of the agencies that will implement Canada's anti-spam law. We filed these generally supportive comments in response to their proposed regulations for the law.
Regarding: Notice #: 2011-400 -Draft Electronic Commerce Protection Regulations (CRTC) File number: 8665-C12-201109851
The Coalition Against Unsolicited Commercial Email (CAUCE North America Inc.) thanks you for the opportunity to submit our comments on the draft regulations, below.
CAUCE is an all-volunteer Internet end-user advocacy organization. CAUCE has moved beyond its original mission of advocating for anti-spam laws, to a broader stance of defending the interests all users in the areas of privacy and abuse in all its forms on the Internet.
CAUCE is led by a Board of Directors with a cumulative century of experience in the field of Internet advocacy who are active in consulting with governments, law enforcement agencies, and Industry associations.
CAUCE is a participant in many industry initiatives including the Messaging Anti-abuse Working Group (MAAWG), the Anti-phishing Working Group (APWG), the Microsoft Digital Crimes Consortium, the National Cyber-Forensics & Training Alliance (NCFTA), the U.S. National Cyber Security Alliance, the Stop Spam Alliance and the London Action Plan (LAP) and has participated in The Canadian Task Force on Spam, the U.S. Federal Communications Commission (FCC) Communications Security, Reliability And Interoperability Council (CSRIC) and the Anti-spyware Coalition (ASC).
We need not go into how frequently abuse happens on the Internet. Daily news reports in the popular press and media speak to that, and the ubiquity of the problem cannot be overstated. Beside the obvious criminal element involved in spamming, hacking and other Internet abuse, there remain, unfortunately, some marketers from name-brand companies who engage in poor practices. Organizations like the Messaging Anti-abuse Working Group (MAAWG.org) have worked very hard to develop Best Common Practices documents, many based upon the fine work undertaken by the Canadian Task Force on Spam. We encourage you to review them as you proceed in this process and the work ahead of you.
Ivor Tossell perhaps said it best in his article recently published in the Globe and Mail:
“Providing real content to real customers with whom you’ve got a real relationship is the opposite of spam”
CAUCE generally supports the draft regulations. Our goal, which we believe you share, is that the recipient of electronic communications be protected from abuse, and when it occurs, be able to stop it, and report it easily and without technical skills beyond those of ordinary Internet users.
We must respect and preserve the ability for senders of commercial messaging to comply with the law and the regulations; we also think that avoiding trivial or technical ‘gotcha’ violations is fundamental to an effective and fair anti-spam régime in Canada. That said, we anticipate some commentary will propose changes that open dangerous loopholes that will be quickly exploited by Internet abusers.
We recall the launch of Apple’s music social networking service, Ping, which saw abuse literally within hours of launch. We urge you not to underestimate the willingness of abusive marketers to do so just as rapidly, and should you adopt any changes, please do so with a careful eye cast to protecting the recipients of messaging; the end-users of the Internet, whose interests must remain paramount.
Marketers are not the main reason people are on the Internet; business use of the net still lags far behind what is most popular. The sites that individuals most often visit are social networks and other forms of personal, one-to-one interactions with friends and family, first and foremost.
INFORMATION TO BE INCLUDED IN COMMERCIAL ELECTRONIC MESSAGES
2. (1) For the purposes of subsection 6(2) of the Act, the following information must be set out in any commercial electronic message:
(a) the name of the person sending the message and the person, if different, on whose behalf it is sent;
(b) if the message is sent on behalf of another person, a statement indicating which person is sending the message and which person on whose behalf the message is sent;
(c) if the person who sends the message and the person, if different, on behalf of whom it is sent carry on business by different names, the name by which those persons carry on business; and
(d) the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person sending the message and, if different, the person on whose behalf the message is sent and any other electronic address used by those persons.
(2) If it is not practicable to include the information referred to in subsection (1) and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act in a commercial electronic message, that information may be provided by a link to a web page on the World Wide Web that is clearly and prominently set out and that can be accessed by a single click or another method of equivalent efficiency at no cost to the person to whom the message is sent.
We suggest that subsection (1) require that the information must be included in a form that can reasonably be expected to be legible to all recipients. We have seen opt-out information encoded in images that are not displayed by default in many mail programs (and not at all by screen readers for the visually impaired), or in Flash animations that are not displayed on many mobile devices.
We suggest (1) (d) clarify ‘mailing address’ in the following manner:
“Valid physical postal address” means the sender’s customary street address, a post office box the sender has accurately registered with Canada Post, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to the Act for the Regulation of the Postal Service, the Canada Post Corporation Act, and other applicable laws and regulations (and similar analogous services in other countries).
We do not believe that inclusion of a web page and telephone number are necessary, so long as other information adequate to identify and contact the sender are present. They may be burdensome to some small businesses that legitimately wish to conduct commerce on the Internet. As always, the goal here is for a recipient to readily reply to a sender and opt out from future mail.
FORM OF COMMERCIAL ELECTRONIC MESSAGES
3. (1) The information referred to in section 2 and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be set out clearly and prominently
(2) The unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be able to be performed in no more than two clicks or another method of equivalent efficiency
The Commission should consider adding text to the effect that an e-mail recipient cannot be required to provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt-out of receiving future e-mail from a sender.
Opt-out must not require any information not present in the body of the original message, and action must be taken in response to any request that reasonably appears to be from or on behalf of the recipient. It is very common for a user to forward several email addresses to a single mailbox, and it is unfair to ask them to play a ‘guessing game’ as to which address the sender has on file. This information should be included in the original message, an approach that is a widely used best common practice in commercial mailings. For one-to-one communications, the recipient's address appears in the “To” line of the message, so this places no extra burden on individual senders.
With regard to the two clicks rule, the Commission should understand that links can go to web pages that include a wide variety of multimedia, many of which are not visible to some groups of Internet users. Hence we suggest a similar rule to the one proposed in the previous section that web pages included in an opt-out process must be in a form that can reasonably be expected to be legible to and usable by all recipients. We do not object to additional images or animations, so long as the opt-out process works without them.
INFORMATION TO BE INCLUDED IN A REQUEST FOR CONSENT
4. For the purposes of subsections 10(1) and (3) of the Act, a request for consent must be in writing and must be sought separately for each act described in sections 6 to 8 of the Act and must includ
(a) the name of the person seeking consent and the person, if different, on whose behalf consent is sought;
(b) if the consent is sought on behalf of another person, a statement indicating which person is seeking consent and which person on whose behalf consent is sought;
(c) if the person seeking consent and the person, if different, on whose behalf consent is sought carry on business by different names, the name by which those persons carry on business;
(d) the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person seeking consent and, if different, the person on whose behalf consent is sought and any other electronic address used by those persons; and
(e) a statement indicating that the person whose consent is sought can withdraw their consent by using any contact information referred to in paragraph (d).
We are concerned about the lack of clarity in this regulation; there has been some mention that ‘in writing’ might be interpreted as requiring records be kept on paper.
Furthermore, there may be a business case made for the validity of collecting consent orally in some cases. It is our general feeling that this regulation is overly detailed and the Commission might consider simply withdrawing it. Those who collect consent need to do so in a verifiable manner, and to keep adequate records of the time and manner of consent, should they need to provide evidence of it to the Commission.
At very least, we strongly suggest the CRTC clarify the phrase “in writing” indicate that it is acceptable to receive consent in digital form.
CAUCE requests that the Commission consider an additional regulation.
Identification of Senders
We note that some commercial electronic mail senders use so-called "private" or "proxy" domain name registrations, whereby WHOIS point of contact information is suppressed and replaced by the "private" or "proxy" service providers details. This hinders research of the ostensible sender by those afflicted by abusive messaging, and in our view, is contrary to the intent of these regulations.
We therefore urge the Commission to forbid senders of commercial electronic message from using such services in any domain that appears in their messaging or websites or other services referred to by any messages they send. CAUCE has no objection to the continued availability or use of "privacy" or "proxy" registration services by private persons engaged in non-commercial activities. We note that CIRA, the registry for Canadian domain names, permits suppressed WHOIS information only for individuals, not for organizations or businesses, so no organization or business using a .CA domain would be affected by this rule.
Thank you again for allowing us the opportunity to submit these comments, and wish you success in this commentary process.
CAUCE North America
5284 St. Joseph
Tel: (514) 664-5037