Canadian business wants out of antispam regulations
Proposed changes to Canada's draft antispam regulations could legalize installation of spyware, says privacy advocate Michael Geist
By: nestor e. arellano Computing Canada (07 Feb 2013)
Amendments proposed by some 13 business and technology organizations to Canada’s draft antispam regulations call for the government to allow the installation in computers of devices that can monitor user activities.
A 34-page document sent to Industry Canada Monday by the Coalition of Business and Technology Associations, which includes the Canadian Wireless Telecommunications Association (CWTA), Information Technology Association of Canada (ITAC), Canadian Chamber of Commerce, Canadian Marketing Association, Magazines Canada and the retail Council of Canada, is asking the government to make at least 10 exemptions from the draft regulation’s express consent requirements on software installation.
The group is also calling on the government to have the draft regulations reviewed once more and not to enforce the antispam law until at least 12 months after final regulations have been published.
On Monday this week, the deadline for comments on the draft published by Industry Canada expired. The regulations will be used to interpret terms of the Canada Anti-spam Legislation (CASL), which was passed by Parliament in December 2010 but has not yet been proclaimed as law because of wrangling over regulations.
Image from ShutterStock.com
The proposed regulations contain a critical provision that requires express consent from users before software can be installed in a computer. The provision specifically states that a person must not, in the course of a commercial activity, install have someone install computer program on any other person's computer system.
If a computer program has been installed, the provision states, the installer or the person who ordered the installation must not cause an electronic message to be sent from that computer system, unless expressed consent of the owner or authorized user of the machine is obtained or if the act is in accordance with a court order.
“CASL’s computer program rules could make it illegal for Canadian organizations to fight threats to their computer systems, networks and to their customer’s personal information and privacy,” the coalition’s submission said. “…This could result in law abiding organizations that are trying to do the right thing in the face of cyber threats inadvertently violating CASL.”
The group proposed the creation of a “Review Body” to look into the draft regulations once more before it comes into effect with the “consideration of limiting the scope of the computer program provision to malware and spyware.”
Interestingly, the first exemption the coalition proposed deals with the type of programs the provision addresses. The coalition wants exempted:
(a) A program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) presents a risk or threatens the security privacy, or unauthorized or fraudulent use of a computer system, telecommunications facility or network or (ii) involves the contravention of any law of Canada, or a province or municipality of Canada or of a foreign state.
At least one privacy advocate argues that admitting this and other exemptions allows “surreptitious” surveillance by copyright owners.
“This provision would effectively legalize spyware in Canada on behalf of these industry groups,” wrote Michael Geist University of Ottawa Internet law professor in his blog yesterday. “…a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception.”
Programs designed to block access to Web sites, attempts to access wireless networks without authorization, or keylogger programs tracking unsuspecting users, could be covered by the proposed exception, he said.
The coalition, Geist wrote, wants to make sure the antispam law does now block their ability to "secretly install spyware on personal computers for a wide range of purposes."