1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

CRTC enters into MOU with FTC on spam and unlawful telemarketing

As we have noted in previous posts (here and here), the Canadian Radio-television and Telecommunications Commission (CRTC) has repeatedly highlighted its work with its international counterparts to combat spam and unlawful telemarketing, among other communications “threats”.

On March 24, CRTC Chairman Jean-Pierre Blais and US FTC Chairwoman Edith Ramirez signed a Memorandum of Understanding addressing these threats:  the MOU between the US Federal Trade Commission and the CRTC on mutual assistance in the Enforcement of Laws on commercial email and telemarketing.  The MOU states that the two organizations have already “worked closely in connection with numerous investigations and enforcement actions relating to unsolicited commercial email (spam) and automated telephone calls (robocalls); and have collaborated on promoting technological solutions to robocalls”.

The laws administered by the agencies – the FTC Act and CASL, respectively – both  contemplate sharing information with foreign enforcement agencies under certain conditions.  The new MOU recognizes that it is in the FTC’s and the CRTC’s “common public interest” to extend support across the border where this will assist investigation and enforcement efforts, including:

  1. cooperate with respect to the enforcement against Covered Violations, including sharing complaints and other relevant information and providing investigative assistance;
  2. facilitate research and education related to unauthorized telemarketing and unauthorized telephone calls;
  3. facilitate mutual exchange of knowledge and expertise through training programs and staff exchanges;
  4. promote a better understanding by each Participant of economic and legal conditions and theories relevant to the enforcement of the Applicable Laws; and
  5. inform each other of developments in their respective countries that relate to this Memorandum in a timely fashion.

Accordingly, the FTC and CRTC will share information, provide investigative assistance, and coordinate enforcement against cross-border violations that both sides agree are priority cases.

The announcement is timely in at least one sense.  Industry stakeholders in Canada have complained that the CRTC’s publicized enforcement activity to date has focused largely on Canadian companies that have made mistakes in implementing CASL’s complex compliance requirements.  There has been comparatively little visibility around the CRTC’s efforts to “drive spammers out of Canada” – one of CASL’s primary objectives.

, ,

CRTC enters into MOU with FTC on spam and unlawful telemarketing

The TPP Agreement and Privacy

The Trans-Pacific Partnership Agreement (the “TPP Agreement”) is a regional trade and investment agreement negotiated by 12 Pacific Rim countries representing 40 percent of the global economy. Canada, the United States, Mexico, Japan, Malaysia, Vietnam and Australia are signatories. The TPP Agreement, which has 30 Chapters, ushers in a comprehensive program of tariff reduction for goods and services and establishes binding rules in a wide-range of subject areas, including financial services, cross border trade in services, investment, competition policy, intellectual property, telecommunications and electronic commerce. The TPP Agreement also touches on a number of privacy-related issues, including the cross-border flow of information, spam and encryption technology.

Cross-Border Flow of Information

The free flow of information across borders is important for international commerce and the trade in services, particularly information technology services. However, a number of countries regulate the export of data to other jurisdictions and/or require that service providers use local data servers, equipment and infrastructure as a condition of doing business. This has raised concerns that restrictions on cross-border information flows and data localization requirements may be misused as disguised trade barriers to favour domestic service providers.

Under the TPP Agreement, each Party must allow the cross-border transfer of information by electronic means, including personal information, in the course of business activities. In addition, no Party can require a service provider to use or locate computing facilities in its territory as a condition for conducting business in the territory. Exceptions are permitted in order to achieve a legitimate public policy objective, provided that the measure adopted is proportional to the objective and the measure is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade.

Unsolicited Commercial Electronic Messages

Unsolicited commercial electronic messages (CEMs) – also known as spam – can be exploited to deliver malware, spyware and other related network threats, which can undermine network security and privacy. The TPP Agreement requires each Party to adopt or maintain measures to minimize unsolicited CEMs, but provides each Party with flexibility on how to address the problem. A Party may either require organizations that send CEMs to obtain prior consent from recipients or provide recipients with the ability to prevent ongoing reception of those messages (unsubscribe mechanism).

Canada’s current anti-spam legislation (“CASL”) meets (and far exceeds) the obligations under the Agreement. CASL generally requires both opt-in consent and an unsubscribe mechanism for CEMs and sets out a myriad of disclosure and form requirements. It also implemented a strict enforcement regime.

Encryption

Encryption protects the security, confidentiality and privacy of data by converting data (plaintext) into unreadable data (ciphertext) through the use of a cryptographic algorithm. The use of encryption technology is a major policy issue with technology companies adopting strong encryption for devices (full-disk encryption) and communications on the internet (end-to-end encryption) to ensure data security and protect user privacy. National security agencies and law enforcement allege though, that the use of encryption undermines their ability to investigate criminals and terrorists, and are subsequently pressuring technology companies (and lawmakers) to allow for access to decrypted data (“backdoors”).

The TPP Agreement wades into this debate to ensure that encryption policies are not obstacles to trade, particularly with respect to Information and Communication Technology (ICT) products. Under the Agreement, a Party is not permitted to require a manufacturer or supplier of a commercial product that uses encryption to transfer a decryption key to the Party or integrate a particular encryption in the product as a condition for conducting business in the territory.

However, there are a number of important exceptions to this rule. First, the section does not apply to products used by a government entity. Second, the section does not preclude law enforcement authorities from requesting unencrypted communications pursuant to lawful authority (i.e. court order).  Third, the section does not apply to investigations by financial market regulators. Finally, the section is subject to the Security Exception in Chapter 29 of the TPP Agreement that permits a Party to apply any measure that it considers necessary to maintain or restore international peace and security, including the protection of its own essential security interests.

The TPP Agreement demonstrates that with the growth in digital trade and electronic commerce, international trade and investment agreements will increasingly address privacy-related issues.

For more information on the TPP Agreement or any of the subjects covered in this note, please contact a member of our team.

, , , ,

The TPP Agreement and Privacy

Canada’s role in international botnet takedown

The Canadian Radio-television and Telecommunications Commission (CRTC) has served its first warrant under Canada’s Anti-Spam Law (CASL) to take down a Toronto-based command and control server.  The malware family Win32/Dorkbot had reportedly infected more than a million personal computers in 190 countries.

The CRTC has repeatedly stated that it is working together in close collaboration with other countries to address spam, malware and other “online threats”.  In this case, the CRTC collaborated with the FBI, Europol, Interpol, Microsoft, and the RCMP, among others.  The CRTC Chief Compliance and Enforcement Officer, Manon Bombardier, has said that “partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats”.  CASL expressly provides for sharing information among the Government of Canada, various Canadian enforcement agencies, and the government of a foreign state or international organization, for the purpose of administering and enforcing CASL’s anti-spam and malware provisions.

For more information on CASL’s application to malware, see CASL – Software, Apps and other Computer Programs.

, ,

Canada’s role in international botnet takedown

Canada’s Anti-Spam Law (CASL) applies to Software January 15

Earlier this year we told you that Canada’s Anti-Spam Law (CASL) is not just for Canadians.

CASL is also not just about spam.  Effective January 15, 2015, CASL applies to the installation of “computer programs” – software, apps and other programs – on the computer or device of another person.  This affects software vendors, app developers, gaming and entertainment companies, and others that are in the business of providing software to businesses and individuals in Canada.

Like CASL’s spam provisions:

  • the software provisions apply where a Canadian is the recipient – in this case, the recipient of the software, app, or other program;
  • the regime is based on “express consent”, as defined by the legislation; and
  • significant administrative monetary penalties (maximum $10 million) can be levied for non-compliance.

Our overview presentation walks through CASL’s application to computer programs.

Other resources published by the Canadian Radio-television and Telecommunications Commission (CRTC):

, , , , , , ,

Canada’s Anti-Spam Law (CASL) applies to Software January 15

6 Month Countdown to Canada’s Anti-Spam Legislation (CASL)

Canada’s Anti-Spam Legislation (CASL) has been a long time coming.  The Government of Canada announced today that most of CASL’s provisions will enter into force on July 1, 2014.  That will be 10 years from the time the Government of Canada launched its Anti-Spam Action Plan. 

In recent years, a steadily increasing number of organizations within and outside Canada have been monitoring CASL’s status.  Among the reasons:  CASL is a new regime, contains a private right of action,  provides for significant administrative monetary penalties (maximum $10 million), and is broader in scope than the anti-spam laws of the US and other countries.  Some organizations have already begun to take steps and adopt practices intended to allow them to comply with CASL.

As of today, with the publication of the long-awaited Industry Canada Regulations, the CASL “rulebook” now includes the following legislation, regulations and guidance documents.  

Affected organizations will be relying on certain limited provisions under CASL to phase in requirements, intended to allow businesses to get ready and to adjust to the new regime.  These include the 6-month “implementation period” until July 1, 2017, and the 3-year “transitional period” until July 1, 2017, during which existing business relationships will be grandfathered, for consent purposes. 

While the above provide a bit of breathing room, there is a great deal to be done for organizations affected by CASL.  This may involve: auditing online communications processes, contact lists, and database practices; updating forms and procedures that document consent; updating customer service processes; reviewing and updating contracts that deal with third-party communications; and providing information and training for employees, management and the Board of Directors.  Affected organizations should proceed with their review and compliance work as soon as possible. 

We will be updating this blog regularly with posts on compliance tips and new developments.  You may be interested in the Slideshare presentation Comparing CASL to CAN-SPAM, which summarizes how the Canadian and US anti-spam regimes differ, considering their respective scope, standard of consent, application, and penalties.

, ,

6 Month Countdown to Canada’s Anti-Spam Legislation (CASL)