CAN-SPAM law goes under the microscope

For A.J. Byers, CEO at Magma Communications, an Internet service provider based in Ottawa, anti-spam legislation, either in Canada or the United States, will do little to curb the 24 million unsolicited e-mail messages that arrive at his business each month.

Even with a multi-level filtering system in place, 74 per cent of all the e-mail traffic that goes through Magma is unsolicited, costing the company approximately $250,000 over the past three years.

“There’s no magic bullet for spam,” Byers said, adding that he would support the creation of Canadian anti-spam legislation but recognizes that anti-spam technology is just as important in the battle against unwanted e-mail.

Byers says spam needs to be made illegal and Canadian legislators need to take a stand and then go after those who are sending it.

The discussion around anti-spam legislation hit the streets earlier this month when four leading ISPs in the United States filed six lawsuits against hundreds of defendants, including a Kitchener, Ont.-based man and his two sons.

Yahoo Inc., American Online Inc., EarthLink Inc. and Microsoft Corp. jointly announced the first lawsuits under the new U.S. anti-spam law called Controlling the Assault of Non-solicited Pornography and Marketing. CAN-SPAM came into effect Jan.1.

The CAN-SPAM law provides new enforcement tools and criminalizes some of the techniques spammers use to spread junk e-mail. It also allows for penalties against large-scale spammers.

In the lawsuit, Yahoo alleges Barry Head and his sons Eric and Matthew, who all live in the Kitchener area, were on the company’s “most wanted” spammer list for sending millions of spam messages.

In January 2004, Yahoo Mail allegedly received approximately 94 million e-mail-messages from The Head Corporation — a collection of three companies operated by the Head family, which includes Gold Disk Canada Inc., Head Programming Inc. and Infinite Technologies Worldwide Inc.

Charges in the lawsuit include disguised identity; unsolicited commercial messages including solicitations for life insurance, mortgage and debt consolidations; deceptive subject lines; sold personal data, where the defendants allegedly collected personal information and sold the data; and false domains and font tricks to hide randomized text in an attempt to circumvent anit-spam filters.

The four U.S. ISPs jointly said spam continues to drain time, resources and network space from online companies and inhibits the online experience of consumers across the medium.

Canada is the second leading source of spam, after the U.S., according to recent research conducted by Sophos PLC. That being said, even as most people agree that the proliferation of spam has increased dramatically over the past few years, Canadians aren’t focusing heavily on legislation.

“The solution to spam has to be universal when it comes to legal solutions, if it isn’t what we do is just push the problem offshore,” said Cobourg, Ont.-based Tom Copeland, chairman of the Canadian Association of Internet Providers (CAIP). “Right now we are in a holding pattern in Canada to see if this legislation has any teeth.”

CAIP supports a multi-prong solution to beat spam including the use of technology, law enforcement and encouraging the government to use existing laws before implementing new ones.

In Canada, legal options against spammers include the Personal Information Protection and Electronic Documents Act, the federal competition act with its misleading ad clause, and computer fraud and mischief laws. There are also a few private members bills in the House of Commons, said Richard Corley, partner at Blake, Cassels and Graydon LLP and the co-head of the IT practice at the firm.

“These things (laws) have clearly not been effective…in fact the rate of spam in the past five to 10 years has grown exponentially from a small percentage to now being a substantial majority of all e-mail traffic,” he said.

Referring to spam as a national plague, Corley says legislation in Canada is highly desirable. “So I think Canada should react with legislation in this area,” he said.

CAIP’s Copeland says the large Canadian ISPs need to band together, as they did in the U.S., and the government needs to realize that ISPs are as much a victim of spam as consumers are.

Although many of the defendants in the U.S. send spam from other countries, the fact that Yahoo has filed a lawsuit against Canadian citizens has caused a flurry of conversation on this side of the border.

Bernice Karn, a partner at Cassels Brock and Blackwell LLP in Toronto, said the U.S. is proporting to have a lot of extra territorial jurisdiction in its attempt to regulate the activities of people outside its borders. But in reality, it can’t.

“U.S. jurisdiction ends at the border,” Karn said. “If I were acting for the [Canadian] defendants, the first thing I would be arguing is that [U.S] courts have no jurisdiction over me and it’s not the appropriate forum to bring the case and therefore it should be thrown out.”

“It’s a basic rule, when you’re suing people, whether its in this kind of legislation or anywhere else, the practical reality is that you try to sue where the defendant is so you can get at the defendant’s assets,” she said.

At the same time, citing specific cases, Corley explained that Canada, specifically the Supreme Court, has a strong tradition of enforcing monetary judgments granted by U.S. court.

It remains to be seen what will happen with CAN-SPAM.

For now, ISPs similar to Magma, have not have seen a decrease in the amount of unsolicited email activity since the CAN-SPAM lawsuits hit the street.

“I would say spammers are ignoring it and not changing,” Magma’s Byers said.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now