Canada's Benevolent Overlords Speak
By Ken Magill
The Canadian Radio-television and Telecommunications Commission last week announced its first action under Canada’s anti-spam law in which the only thing missing was the Barney “I Love You” theme song.
The announcement was a move of pure cynicism and CASL supporters took the bait like sharks to chum.
The reaction from some anti-spammers to the CRTC’s announcement may have well been: “See how benevolent our all-powerful overlords are? Doesn’t this show they can be trusted to wield their unchecked power reasonably?”
No. It does not. No organization can be trusted to wield the kind of power CASL gives to the CRTC reasonably.
What it shows is the CRTC is well aware of some people’s fear that CASL gives it the power to press charges and levy fines with no hearing, and invites abuse.
The action was not about stopping spam—although ostensibly it did stop some. The action was about sending a message to the great unwashed masses.
“In July 2014, the Spam Reporting Centre received reports of spam messages routed through Access Communications, an Internet service provider (ISP),” said the CRTC in its release announcing the action. “During its investigation, the CRTC discovered that the spam messages were actually coming from a small business’s server, which used Access Communications as its ISP. This business’s server had become infected with malware, which had caused it to join the botnet ‘Ebury.’ It is estimated that the infected server had sent millions of malicious spam messages without the business’s or Access Communications’ knowledge.
“Once alerted to the situation by the CRTC, the small business and Access Communications fully cooperated and removed all traces of the malware.”
And here’s the money quote:
“We have a number of tools at our disposal to protect Canadians from online threats such as spam. This investigation illustrates how we can tailor our enforcement actions to the situation at hand,” said Manon Bombardier, chief compliance and enforcement officer of the CRTC, in the release.
After the announcement, Andrew Barrett, director of ISP relations and deliverability at iContact tweeted to me: “Hey @kmagill! Looks like CASL might not be the soul-crushing, business-killing ban hammer you've said it is.”
As if one instance of commonsensical bureaucratic restraint proves anything. The CRTC decided not to charge and fine a victim of malware and we should applaud them for this?
Yay CRTC! You avoided an obscene bureaucratic overreach and made a no-brainer decision not to fine a malware victim! Clap! Clap! Clap!
Phew! And I thought CASL was a terribly crafted law posing multiple, needless threats to legitimate marketers.
Oh, wait. I was right.
The number of sales not made as the result of CASL is not measurable. Nor is the number of jobs not created. Nor do we know just how devastating CASL has been or will be to marketers’ email programs.
The law’s provision allowing individuals to sue has not kicked in yet. Nor has its requirement that businesses have express consent to send email. Who knows what fresh hell will be unleashed when they do in 2017?
Barrett apparently fails to understand he has years to be wrong about CASL and I have years to be right.
Canadian business executives are rightly terrified of CASL. It is reportedly one of the top three concerns the Canadian Federation of Independent Business’s 109,000 members have with respect to federal policy.
Then there was Neil Schwartzman, executive director of the Coalition Against Unsolicited Commercial Email, who tweeted: “if we can solve a problem for the cost of a piece of letterhead, why not?”
No federal agency in the history of the world has ever resolved an issue—with the doubtful but possible exception of ordering more letterhead—for the cost of a piece of letterhead.
The press release alone was lawyered syllable by syllable.
Speaking of which, the CRTC’s press release also included the following:
“The CRTC can discuss corrective actions with individuals, firms or organizations, which may lead to a settlement that includes an administrative monetary penalty and other corrective measures.”
Why include such a statement in a release about a small business whose computers were infected with malware? To illustrate that the CRTC has the power to impose fines but in this case chose not to exercise it. There is no other reason to make mention of the power to fine.
They have the power to fine. They chose not to fine a malware victim. Bully for them.
What happens if the computer reseller’s servers get infected again? Might the CRTC decide the principal hadn’t learned her lesson and taken the proper precautions and needs to be spanked?
It’s not difficult to imagine some anti-spammers getting the ears of CRTC officials and saying: “You know, she really could have prevented that malware attack had she just implemented some basic security measures. Maybe you should make an example out of her.”
That anti-spammers have a harmful influence on Canada’s commercial email policies is already evident in the punitive way CASL was written. CASL is an anti-spammer’s dream.
The opt-in-based law gives CRTC bureaucrats the power to charge, decree guilt and levy enormous fines without benefit of a trial of any sort. History is not on the side of those who trust such empowered bureaucrats to use their weapons judiciously.
One reasonable action by Canada’s benevolent overlords should comfort no one. Keep the champagne corked.