Canada to Crack Down on Spam (Finally!)

It took a while, but Canada is finally on the brink of joining other developed countries in implementing a law that will deter fraudsters from developing spam.

The proposed Electronic Commerce Protection Act (ECPA), or Bill C-27, will crack down on various forms of electronic fraud including anything that resembles phishing (the act of generating counterfeit websites to trick Internet users into revealing their personal financial information); spyware (software that taps into a personal computer and steals information); and identity theft (including programs that copy an individual's credit card information).

Because the legislation will target electronic fraud as a whole, rather than just Internet fraud, cell phone spam and other types of  'unsolicited commercial electronic messages' will also be included in the new bill.

Why a law is needed

Since virtually every developed country around the world already has a similar law in place, the Canadian government is getting a bit of heat from critics regarding its delayed response to this growing problem. According to the Federal government's press release, spam now makes up over 80% of global e-mail traffic.

The Sophos Security Threat Report 2009 reveals that most of this spam is coming from organized crime groups, primarily based in the US, and in 2008 these groups tripled their attacks on unsuspecting consumers and businesses.

The most popular method is by posing as legitimate anti-virus vendors and scaring individuals into thinking that their websites have been compromised – a form of fraud that has now been coined 'scareware'. Sophos suspects five new scareware websites are created every day, on average.

While it took a while to respond to these threats, the government says, in its defense, that it's been able to learn from the setbacks and successes of other countries. As a result, it has put together a bill that is on the cutting edge of technology and addresses the latest threats facing consumers.

The details

Now to clarify a bit, this new Act doesn't mean your e-mail junk folder will soon be rid of those pesky discount drug messages. Instead, the new legislation is more focused on making it difficult for spam culprits to send their messages out from Canadian-based computers.

The proposed bill will make it possible for consumers and companies alike to take legal action against anyone who violates the ECPA. This means, unlike now, you'll be able to sue spammers.

The Canadian Radio-Television and Telecommunications Commission (CRTC) would essentially be the watchdog of the new legislation and, as such, it would be able to fine individual perpetrators up to $1 million, and larger crime rings up to $10 million.

The government also plans to create a Spam Reporting Centre that would allow businesses and consumers to report spamming behaviour. The Centre would collect information and disperse it to different government bodies involved – namely the CRTC, the Competition Bureau and the Office of the Privacy Commissioner.

The drawbacks

While very few people can argue against legislation protecting consumers and businesses from the dangers of spam, the problem most critics have is in how it's going to be rolled out and enforced.

After the flop of the national 'Do Not Call' list – which saw thousands of people across the country register their phone numbers so that they wouldn't be hassled by telemarketers, to largely no avail – many people don't have faith in the CRTC's enforcement powers.

For this legislation to have an effect, the CRTC is going to have to aggressively go after anyone who fails to abide by it. The differences in the way the bill is set up – compared to the mechanics of the 'Do Not Call' list – has the potential to make this happen.

While the 'Do Not Call' list seemed to have a truckload of exceptions as to who can make unsolicited telemarketing phone calls, the ECPA has very few exceptions. Basically, in order to receive spam, a customer or business must consent to it – case closed.

The bill still has to make its way through Parliament, but the consensus is that it will pass quite easily. When it does, here's to hoping we'll see some reduction of malicious spam – if not now, then hopefully over the next few years.