Verbal Comments to INDU about CASL, Ottawa 10/24/2017

Verbal comments by Neil Schwartzman, Executive Director and Matthew Vernhout, Director-at-large of the Coalition Against Unsolicited Commercial Email to the Standing Committee on Industry, Science and Technology, Ottawa, October 24, 2017

 

Neil Schwartzman

 

With apologies to The Bard of Avon,

 

Friends, Parliamentarians, countrymen, lend me your ears;

 

I come to praise CASL, not to kill it.

The evil that critics of CASL do lives with them;

The good is imbued in its sections;

So let it be with CASL.

 

CASL’s noble adversaries may tell you the law is too ambitious, as If it was a grievous fault. 

 

CASL enshrines the work of 2005’s federal task force on spam, best practices found in our final report are now global industry standards. Best practices do nothing without holding bad players accountable.

 

CASL is a crowd-sourced law, taking input from hundreds, working tens of thousands of hours. The Messaging Anti-Abuse Working Group, MAAWG, is a one hundred eighty five member industry association of companies such as Apple, Facebook, Google, Amazon, and Bell Canada. MAAWG participated in the CASL process and sent a letter to the Prime Minister urging passage of the law.

 

My name is Neil Schwartzman, I am the executive director of CAUCE, the coalition against unsolicited commercial email. I wrote the world’s first distributed spam filter, and 20 years later, here we are.

 

I am a management consultant; my clients include the world’s largest company and the world’s biggest sender of email, and I teach cyber investigation methods to international law enforcement.

 

Spam filtering costs recipients 20 billion dollars a year according to researchers at Microsoft and Google, and the fact is spam has become much worse of late, ransomware and phishing payloads are vicious.

 

Affiliate spam, 90% of the pouriel hitting our networks is a open sewer spraying 1 BILLION messages per hour at our families, friends and colleagues.

 

Unsolicited junk email, texts and phonecalls from Wal-Mart, DirecTV, and Fidelity are some of the affiliate spam sent by third parties earning commissions from the brand. CASL was purpose-built to remedy such activity.

 

Studies and data have proven CASL is protective shield to the spam coming into, and out of Canada. 

 

Law enforcement can’t possibly investigate – nor do they know about – all spam attacks. CASL’s Private Right of Action, a right integral to America’s CANSPAM Act, has been suspended, lamentably preventing Canadian ISPs, businesses and organizations from seeking compensation for damages to their networks and users.

 

Declarations of CASL’s damaging effects are laughable. The OECD has projected Canada’s 2018 economic growth outlook to be the best of the G-7; Quebec enjoys their lowest unemployment rate in three decades. 

 

Yes, legitimate companies bear costs to become compliant, just as when PIPEDA came into force. 

 

Business must be vigilant – data breaches occur daily, business email compromise results in losses in the hundreds of millions. CASL defines the modern standards  of data integrity and permission companies must maintain in the global economy. The EU’s updated GDRP privacy law comes into effect in 2018. Failing to maintain parity will put us at a severe economic disadvantage.

 

In two cases prosecuted by the CRTC, the marketing departments of Rogers and Kellogg’s were found to bought spam email lists from third party firms.

 

Why are spammers afraid of CASL and trying to gut it of effectiveness? Because it is working. We will hear from my colleague Matt who is a 20-year marketing professional, who has data proving marketing has grown in volume and effectiveness under CASL.We keep hearing about chilling effects, yet, our economy is growing, marketing is more effective. Chilling? I’m feeling rather warm.

 

CASL is so frightening to spammers, that they lobby Canada’s law enforcement and legislators. American groups with direct business interests to shady, black-hat spamming groups will make presentations to this very body.

 

With this in mind, I exhort you to leave CASL intact. Adjust, yes, clarify, no doubt, but do not come here to kill CASL. Do Caesar proud.

 

Thank you.

 

 

 

 

 

Matthew Vernhout

 

Good Afternoon, to our distinguished Members of Parliament thank you for inviting us to speak with you today. 

My name is Matthew Vernhout, I am here on behalf of the CAUCE. In my professional capacity I am the Director of Privacy and Industry Relations for email analytics firm 250ok, the Chair of the Email Experience Council’s Advocacy committee, and an active member of the global email marketing community. I participated in the drafting of America’s CAN-SPAM act and had the pleasure of speaking to this Committee in support of CASL in 2009. 

I have published dozens of articles, been quoted in the press, spoken at numerous industry events, and consulted with some of North America’s top brands regarding CASL compliance.

In fact, one of the comparative benchmark reports I authored for ISED; was recently cited in the CRTC decision on the constitutional challenge by CompuFinder. 

The positive effects of CASL on the email industry are remarkable.

I am delighted to say analysis finds the email industry thriving and experiencing significant growth. Businesses ensure they have recipient consent and they are seeing the positive benefits of those efforts. 

A common trend has emerged from several reports published in the past three years: more messages are delivered to Canadian consumers inboxes post-CASL, due to better list management practices and increased consumer trust. 

A recent industry report shows that two countries with the toughest anti-spam legislation, Canada and Australia, also have the best deliverability of commercial emails to inboxes in the G-8 countries studied.

The basic framework of CASL is a series of email marketing best practices that have been the basis of most of my consulting efforts over the past seventeen years: 

•Ask permission first

•Honour opt-outs

•Be clear of who you are and why you are writing to your customer.

CASL has taken these ideas made them the law of the land. 

As my colleague stated, CASL is working to diminish spam, moreover, it is working to make legitimate email marketing more successful, and more effective.

There is far too much baseless fear, uncertainty and doubt being spread by the naysayers of CASL, who are neither anti-abuse nor marketing professionals.

When I speak with marketers about their compliance efforts and the changes that they make to their digital marketing I often hear, “This is a lot of work, but isn’t nearly as difficult as I thought it would be.”

However, we still have a long road ahead of us. The Spam Reporting Centre receives 6,000 complaints per week, totalling more than one million complaints since 2014. 

For example, the blacklist operators SURBL notes that there are currently 70 DOT C A domains spamming counterfeit goods scams to Canadians. 

There are also active spam gangs set up on hosting providers in Montréal, Hamilton, and Vancouver.

Regarding the PRA suspension, this renders CASL toothless. I recommend the PRA be revisited to allow network operators who carry the cost of spam to avail themselves of redress.  

In closing, it is our hope that the law remains a strong and viable tool to protect email marketing, networks, and consumers from unwanted spam messaging.

Canadians, like all consumers, deserve nothing less.

 

Update

 

TO: INDU@parl.gc.ca

 

October 28, 2017

 

To whom it may concern,

 

We are forwarding an electronic message from Deborah Evans of Rogers Media Inc.

 

The undertaking that RMI signed with the CRTC on November 26, 2015 reads, in part:

 

 

AND WHEREAS the CCEO has advised RMI that Commission Staff is of the view that express consent is required to send commercial electronic messages on behalf of unknown third parties. More specifically, Commission start is of the view that implied consent cannot be relied upon to send commercial electronic messages on behalf of unknown third parties, without obtaining prior specific express consent in accordance with the Act, Regulations and Regulations (CRTC);

 

 

Should anyone see daylight between our stated position and that of RMI, we would wish to correct the record. Ms. Evans’ email reads as follows:

 

 

Date: Sat, 28 Oct 2017 15:23:18

From: Deborah Evans <Deborah.Evans@rci.rogers.com>

To: John Levine <john.levine@cauce.org>

Subject: Re: INDU Committee

 

 

CAUCE’s comments to the industry committee were that Rogers was prosecuted and found to have bought spam lists from third parties.

 

This is factually incorrect. We do not buy lists.

 

The reference you made to our undertaking was not that we bought lists, but sent messages (to our existing lists) on behalf of third parties using implied consent. 

 

 

 

We were not found guilty of this, the Chief Compliance Officer merely noted that she disagreed with our interpretation of the rules.

 

CAUCE has publicly stated that Rogers bought spam lists. Again, I cannot stress enough that this is factually incorrect.

 

The matter is obviously not resolved. I was really hoping we could deal with this amicably but this does not seem to be the case. We will pursue other options.

 

 

 

Neil Schwartzman

Executive Director,

CAUCE.org Inc.