When the Senate was scheduled to resume sitting this month, the so-called anti-malware bill was set to go before a committee for examination, bringing it closer to royal assent.
However, when Parliament was prorogued last month by the Conservative government, that bill and three others affecting telecommunications and service providers died.
How soon they get back on the legislative agenda will depend on the prime minister’s priorities.
The loss of three of the bills doesn’t bother a group that speaks for many of the country’s independent service providers. But it is annoyed at loss of the anti-spam bill.
“I think it’s unfortunate because it’s going to have to go back through the process,” said Tom Copeland, who heads the Canadian Association of Internet providers and who runs his own ISP in Cobourg, Ont. “It may or may not be a priority (for the government).”
All legislation dies when a session of Parliament ends. Bill can be re-introduced, but effectively they start from the beginning of the process no matter how far along they were when the previous session died. However, with opposition consent their progress can be sped.
Still, Parliament isn’t expected to resume until March. By then the government may have appointed new Conservative Senators, until now dominated by Liberals, which could further speed the government’s agenda.
The bills are C-27, the Electronic Commerce Protection Act, which covers spam and malware; C-47, which gives police increased power to intercept telecom services for criminal investigations; and two pieces of legislation, C-46 and C-58, for fighting child pornography. C-58, the Child Protection Act, imposes obligations on service providers to report child porn.
The fact that the Conservatives are expected to take control of the Senate may help C-27 because it was already before that body, Copeland said, unless the Liberals try to amend the bill.
Introduced last April, C-27 forbids anyone from installing a program on a computer that could send an electronic message without the consent of the owner or user. It also forbids anyone in Canada from sending a commercial message to any electronic address unless the receiver has consented. An exception is if the person sending the message has had a business transaction with the recipient in the previous 18 months. Penalties range from up to $1 million for individual violators to up to $10 million for organizations.
The legislation attracted opponents who claimed it would harm IT companies. At one point the government was willing to cave into the marketing industry with an exemption, but gave in to public pressure.
However, the final version did make clear that the ban would not apply to requested business quotes or estimates, as well as e-mail that confirms a previously agreed on commercial transaction, or covers warranty or safety issues. In addition, it wouldn’t apply to e-mail exempted from unspecified regulations that would be proclaimed by the government after the bill passes.
ISPs should also note that while the original act made it illegal for anyone to alter an electronic message without the consent of the sender, the latest version said a change could be made with the consent of the recipient.
It also makes clear that bill only applies to someone in Canada who changes the destination of an electronic message.
In addition a long new section clarifies the obligations for those installing software on computers, such as computer dealers and consultants.
The final version was sent to the Senate at the beginning of December.
Copeland said his association accepts this version, but has reservations about how the Canadian Radio-television and Telecommunications Commission will enforce parts of it.
“The biggest concern is that we don’t end up entrapping small business people make honest mistakes or (who) the government tries to make an example of because they’re low hanging fruit,” he said.
C-47, formally known as the Technical Assistance for Law Enforcement in the 21st Century Act and introduced in June, says public telecom providers would have to be capable of providing intercepted communications to authorized persons under an order from the Minister of Public Safety. If the communications is encoded by the provider, it has to be decrypted unless it is a digital signature for certifying communications.
Telecom providers would also have to quickly provide name, address, telephone number, electronic mail address, or mobile ID of any subscriber directly to a police officer without a ministerial order to prevent an imminent unlawful act.
C-46, formally called the Investigative Powers for the 21st Century Act and also introduced in June, amends the Criminal Code to give judges the power to issue orders to help foil computer-related crimes by preserving electronic evidence, and compelling the production from providers of data relating to the transmission of communications and the location of transactions or individuals.
These two bills are the online versions of telephone wiretap legislation. “This would be at least the third time, and maybe the fourth, that this type of bill has died because Parliament’s been prorogued,” said Copeland. “We haven’t been convinced of the need for this increased [online] surveillance capacity, and as a result if it doesn’t pass this time around we don’t see that it’s a big problem.”
What small ISPs worry about is the cost of adding data-gathering equipment for law enforcement agencies to attach to their networks, he said. To keep costs down C-47 says ISPs would only have to add the capacity when they change their networks. But Copeland said small providers often buy older second-hand gear that meets their needs but may not have the adaptability that law enforcement agencies demand.
Finally, C-58, introduced in November and called the Child Protection Act, would oblige ISPs to tell police of any Internet address they know of where child pornography may be publicly available, or if they have reasonable grounds to believe that their Internet service is being or has been used to commit a child pornography offence.
Copeland said that rather than focus on service providers, Parliament should put the onus on corporate IT and network staff whose are supposed to keep an eye on the content of their systems.