#C27 – ECPA, C-27 Given Second Reading & Debate continues December 11

Electronic Commerce Protection Bill

Second Reading—Debate Continued

On the Order:

Resuming debate on the motion of the Honourable Senator Oliver, seconded by the Honourable Senator Di Nino, for the second reading of Bill C-27, An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

Hon. Grant Mitchell: Honourable senators, I rise to speak on Bill C-27, the spam bill. I will say before I start that I listened with great interest to the HST debate, and I am sure that I reflect broadly the sentiment in this house that the quality of debate distinguishes the Senate. I congratulate each of the members who debated.

Not by way of criticism but simply by way of correcting the record, I point out that the debate not once addressed the HST in Alberta, and I should say, on behalf of Albertans and Alberta, that the harmonization of the tax in Alberta caused absolutely no problem whatsoever. It was done without a ripple; if only all the other provinces could follow that example.

With respect to the spam bill, before anyone begins to yell at me, I want to say that I agree with the bill in principle. I look forward to having it discussed in committee. The spam bill is a good bill in principle, absolutely and fundamentally. We all know about spam. We have all heard of spam. There are many kinds of spam. We know that it is a tremendous waste of productivity. We know that it is a hindrance to effective business. We know that it is fundamentally a nuisance, a problem for us as individuals, and we know it must be dealt with.

It is interesting to note that Canada is one of the few industrialized nations that is without anti-spam legislation and it is interesting to note, unfortunately, that we have gained a reputation somewhat as being a haven for spammers. This legislation is past due. This bill needs to be dealt with and we have to fix the problems.

I point out that there is a good deal of bipartisan, all-party collaboration on this issue. Of course, it has been passed in the house after intense but positive debate — learned debate, I believe — and it has been championed in this house both by Senator Donald Oliver of the Conservative caucus and by our former colleague, Senator Goldstein, both of whom had presented private members' bills.

I will put one small partisan plug in to say that the process of reform for bringing in legislation was started with a task force established by the Liberal government in 2004. Again, in the spirit of cooperation and collaboration in this environment that is sometimes maligned, the government has picked up on much of that work and has brought in a piece of legislation that is an important step.

Let me list briefly what the bill will do, but first let me point out that there are a couple of forms of spam, at least, which were clarified for me. Most of us see spam as those unwanted emails that we receive over and over again, and that the classic view of spam and that was my view.

However, it turns out of course that there can be spammed programs — software — that can be downloaded without consent and that can be extremely dangerous. Often, we refer to those programs as viruses. We have them all the way from inconvenient and a nuisance, to extremely dangerous and damaging, with huge consequences both to personal files and to commercial enterprise.

What does the bill accomplish? As was suggested by the definition of the problem, the bill prevents the downloading of software without consent but it wisely, because an amendment was made, excludes automatic updates to software that one has chosen to download already to their computer. Often that is the case: The software is updated and users want the update. These updates will be excluded.

The bill also prohibits electronic commercial messages, commercial emails and that kind of thing that one can receive at this point without consent; without direct consent or implied consent. Clearly, it is important that we differentiate, that we allow for implied consent in the way that businesses operate. We do not want to impede the ability of businesses to deal with their clients or their prospective clients.

Interestingly, it also prohibits companies from taking personal information without consent. It is important from a privacy point of view and, as we work our way through this area of communications on the Internet, on the web, privacy remains an important issue. Step by step, we have to plug the holes and fix the problems.

This bill is distinguished by the fact that it uses a regulatory approach for implementation rather than some kind of criminal approach. I suppose it can become criminal in certain areas, but basically the approach is a regulatory approach that is coordinated through the Canadian Radio-television and Telecommunications Commission, CRTC, the Office of the Privacy Commissioner and the Competition Bureau; all three are good choices for having responsibility and application to the supervision of this process.

This bill is also serious about dealing with infractions. First, it provides for fines of up to $1 million for any individual who spams, and it also provides for up to $10 million in fines for any company that spams.

I can see Senator Mockler wondering, if he receives a Liberal email, is that spam? I do not know, but I can answer the other way: It is continuing education. If I receive an email from the Conservatives, it might not be spam, but it would be wrong.

Sorry, I am trying to rise above that. Merry Christmas.

The other thing the bill includes is a private right of action provision that will allow consumers, businesses and Internet service providers to take civil actions against violators. I think that provision is all good. It hits the highlights of the problem. It has a structure for administration. It has a structure for penalties to make people focus on the seriousness of these potential problems. It is a 21st century bill and it is good.

Now, right to that point; there is one slight problem. I should not say the problem is slight. It is significant and I know it has been debated, and Senator Oliver has given me assurance that it is being considered.

The problem is this: The bill is sweeping. As you might imagine, it is difficult to structure a spam bill in the environment we are in. That is to say, things are emerging and changing. The Internet, the web, is expanding so dramatically and so quickly and communications are shifting from what we have seen as traditional ways of advertising and communicating, often on paper or on TV, to this remarkable place that many of us have yet to understand: the Internet, the web, the ether.

It is understandable that we would have a broad approach to this bill as a first crack at it. However, there is a single problem that I think we have to address in particular. That problem was raised with me and others by Research in Montion, the BlackBerry people, because it inhibits a company like RIM from responding quickly to a spam virus attack — an attack that could crush their system or parts of their system.

Normally, when immediately faced with a threat, the menace of a virus, a viral attack on their system, RIM has been able to go out into that structure, into that process, and seek out the location, the origination of that attack. The privacy requirements in this bill and the privacy provisions make it difficult for them to react quickly. The company might be able to react, but I think they would have
to have certain kinds of provisions to react. It is difficult to find the balance. We are having the same debate on Bill C-6. However, that problem must be looked at and we must discover a way that a company like RIM is not vulnerable to attacks that can be devastating. To this point, they have been able to defend themselves because they have had mechanisms but those mechanisms might be threatened by this particular piece of legislation.

Honourable senators, I do not know exactly what steps will be taken in a concrete way to fix the problem, but of course committee debate and discussion will be a place where the problem can be considered, and I am sure it will be.

The second point is that a couple of questions arise out of this legislation. I am sure government has thought about the questions and perhaps there are specific answers. If not, I expect we will see some of them in future budgets, et cetera. There is the question, of course, of resources for enforcing the provisions of this bill. It is not as though the CRTC has extra money, the Competition Bureau has too much money or the Privacy Commissioner has extra money, and yet they will be given this tremendous responsibility.

To point out an example of this kind of problem, we need only look to the Do Not Call Registry, which receives about 20,000 complaints a month to the CRTC. However, since the inception of that program, the CRTC, faced with 20,000 complaints a month, has issued only about 70 warning letters. Those numbers underline the magnitude of these issues, and they raise the question of what the resources will be and how we can implement this legislation effectively.

The second matter similar in its implications is that the legislation provides for creating a national coordinating body that, according to the Industry Canada website "will synchronize public education and awareness,, track and analyze statistics and trends, and lead policy oversight and coordination."

That sounds like something we need in climate change, it dawns on me — but not to distract. Of course, we can see why that might be the case. There are implications for both levels, provincial and federal, I am sure, in the application of this kind of legislation; policing forces, information-gathering systems, et cetera. There needs to be coordination.

Again, how will this be structured? Where will it be placed? What kind of money will it have? What kind of resources?

Finally, this is a question of the evolution of the administration of this act; there will be huge implications also for international communication and coordination. Often spam comes from other countries. Therefore, it is necessary to coordinate with those other countries in what they are doing to help us and vice versa in any given case or any given policy development matter. The CRTC, the Office of the Privacy Commissioner and the Competition Bureau will need to have the resources and personnel to focus on that relationship and make that relationship work.

I look forward to the next step, discussing the bill in committee and making it perfect.

Hon. Percy E. Downe: I appreciate the honourable senator's comments on the proposed bill and his comments about the Do Not Call List. He highlighted but skimmed over some of the problems the CRTC is having with the Do Not Call List. My information is that the CRTC, to date, has received over 700 complaints, they have filed nine fines, and the companies are refusing to pay the fines. There is, in effect, no enforcement.

Despite having registered on the Do Not Call List, many people are receiving more calls. Some people who registered their cell phones and were getting no calls before are now getting calls. The CRTC recently issued a request for proposal to hire a contractor to carry out investigations of the Do Not Call List. It then abandoned the request. Why would we have any confidence in the ability of the CRTC to monitor this spam bill if they cannot do it with the Do Not Call List?

Senator Mitchell: I am glad the honourable senator did not call me about
that. Senator Downe is emphasizing the point that I was trying to make.
While I want to remain optimistic, the question arises: Will there be
the resources for this policy to be implemented properly? Clearly the
CRTC example to this point with the Do Not Call List is an issue.

The second issue is how you go about — once you go through the process
of getting a fine allocated or penalty levied on an individual or
company — determining who will take responsibility for that next step? I
am not a lawyer, but I expect there is some legal process to go through
to follow up and collect it.

I agree with the honourable senator. That is a problem.

Senator Downe: I have a further question. I constantly receive emails
from very kind people in Nigeria who want to assist me financially if I
would only send them my banking and other personal information. Senator
Mitchell indicated his concern about resources. I am more concerned
about enforcement.

How will the government prevent foreign countries, and companies
operating in those countries, from continuing to send spam to Canadians?
Will we enforce the law on providers and servers in Canada? Will they
be fined? Does the honourable senator have any information on that?

Senator Mitchell: No. There are probably experts with ideas about that,
and we should call some of them to the committee. I will tell honourable
senators that my impression is that, of course, there will be spam
coming from an infinite number of places, many of which one could not
find in time to fix it.

One of the responsibilities for the national coordinating body is it
would coordinate public education and awareness efforts. To some extent,
those kinds of issues that Senator Downe raises — and we all have
received unsolicited mail — beg the question of how one responds and
understanding what it means and what its consequences are. The best way
to do that is to arm citizens, and public education and awareness would
be one step towards that.

Senator Downe: I hope the committee members would be very careful, given
the donnybrook we have with the CRTC and the Do Not Call List.

The CRTC, for example, holds hearings in secret. Canadians are not aware
of which companies are under investigation. The CRTC will only release
that information if, after the company is fined, they refuse to pay.
There is no transparency, no openness, and no protection for Canadians.
There is no sense of duplicating our problems with the Do Not Call List
with the spam bill and I hope, as a member of the committee, the
honourable senator will keep that in mind.

Senator Mitchell: Will do. Thanks.

Hon. Jane Cordy: I thank the honourable senator for the excellent
speech. I agree with the comments that the committee must look carefully
at this bill. Sometimes what looks very simple can have negative
consequences that the drafters of the bill had never intended. It is
very important that the members of the committee look extremely closely
to ensure that, whatever happens to it, it is the best bill that it can
be for Canadians.

At many NATO meetings I have attended, the country of Estonia was
concerned about the cyberterrorism that happened to them. They believe
that this terrorism came from Russia in an effort to make them a little
more subservient. When this happened, the whole banking and economic
systems within the country of Estonia were brought to a standstill
because none of the computers in the country would work due to the spam
that they believed came from Russia.

Will this bill address those kinds of things? Will Canada be safe from
that type of thing? Hopefully it would never happen, but certainly the
possibility is always there. Is that something the bill would look at?

Senator Mitchell: I think we see, from the nature of these questions,
the breadth of the interest amongst us. I think that is probably
reflective of Canadians generally.

The bill would facilitate dealing with spam, but it comes back to the
question of resources. In relation to Senator Cordy's point about
cyberterrorism and its implications, is the CRTC equipped to combat such
actions? Is the Privacy Commissioner equipped to do that? Who is
equipped to do that? There may need to be more brought into this
process.

It is important to raise that kind of question before the committee as
well. One would hope that there are agencies right now working on that
kind of thing, and we need to find out if this bill would facilitate or
hamper them.

Hon. Donald H. Oliver: I had a point of clarification. When the
honourable senator made his presentation and was talking about the Do
Not Call List, as I heard him, he said that there were 20,000 complaints
a month. He said there were only seven letters that came from it.

Is the honourable senator saying, therefore, that the only reason for
the seven letters is that they did not have enough resources? Was that
the point? Is there any evidence to that effect?

Senator Mitchell: It was 70 letters. It is not a big difference, I know.
My point is that it certainly raises the question of whether they have
resources. I do not know that they do not. Maybe there were only 70 that
they had to act on, but it seems to me that there probably is a
resource issue. I am just asking the question.

Senator Oliver: It may not be a resource issue.

Senator Mitchell: It may not be, but I think the question needs to be
asked. I would bet it is. Do you want to bet?

(On motion of Senator Tardif, debate adjourned.)