For anyone holding out and hoping that the Canadian Anti-Spam Legislation (CASL) was a fad, the message from the public regulator this week was clear – it’s not.
At a downtown forum Tuesday hosted by the Canadian Marketing Association (CMA), the chair of the CRTC Jean-Pierre Blais conceded that of the 80 or so attendees, mostly marketing professionals, many saw him as an adversary. He was signaling that the CRTC has been listening to industry feedback, which was likely negative.
Yet what Blais did not concede was the future of the legislation.
“The law is here to stay,” he told the room, adding that, in fact, laws like this are likely to get tougher as instances of electronic fraud become more prevalent.
The self-awareness did not stop there, however.
Blais made the case that components of the legislation enabled police to catch real criminals.
In one example, “dorkbot” malware that originated from a Toronto-based server that had managed to infect computers around the world. The investigation and takedown that followed – including the collaboration with international law enforcement – Blais attributed to CASL.
In another, he described CRTC investigations into telemarketers that have been masquerading as the Canadian and American government departments as well as Microsoft to sell antivirus to consumers, including those on Canada’s “Do Not Call” list.
Related
The message here was that CASL is much more than for penalizing legitimate companies that sent an unsolicited email.
Yet much of the CRTC’s wording was based on faith in the purpose of the law rather than concrete results.
On stage, Blais and Lynn Perrault, director of Electronic Commerce Enforcement division at the CRTC, cited a study released April 2015 by security firm Cloudmark that suggests that spam originating from Canada dropped 37 per cent following CASL coming into effect July 1, 2014. However, Blais is hesitant to take credit he says there was no control group-style study directly tying the law to the results.
Similarly, while Blais insisted that compliance would separate legitimate companies from shady ones, he said that there are no clear lines to tell them apart.
“If the do’s and don’ts were cut and dry, a computer could enforce the law,” he said, arguing for the organization’s case-by-case approach. “Let’s expose the scammers who diminish your work.”
What’s coming in the following months will likely determine CASL’s success in doing just that.
As the law approaches its 2-year anniversary since coming into effect, the CRTC will be looking more closely at compliance on social media, “triaging” the most urgent issues such as cybersecurity, and bracing itself for legislative or case law changes that may or may not come from the new federal government and courts, especially around whether the law will be retroactive. (Likely not, a CMA rep said.)
For IT providers, the regulator notes that it is also looking for subject matter experts to help it investigate more serious crime, which depending on results from current ongoing investigations could set legal precedents.
All of this is to say that legitimate companies that are still on the fence about compliance need to realize the benefits of staying on their customers’ good side and get on board, Blais said.
“Compliance is better than enforcement; we prefer to be your ally.”
One of the things that the CRTC appears to have not considered in its analysis of whether to keep CASL in place or not is the impact on small and medium businesses in Canada; many of us who had been using email marketing as a low-cost method to reach potential new customers. We would send an enews blast out with opt-in permissions to enable us to highlight our products and services, as well as education material. Now, we have to use more costly methods to try to reach and gain new potential customers. Plus, we have to put up with increased unsolicited emails from US and global companies. The CRTC has tied our hands by continuing to have CASL in place.
The only issues I have are that my mailbox is full of “enews blast out with opt-in permissions” every damn day and about 50% have opt out, permissions which don’t work. What the devil is an opt in permission? I run a small business and this curse costs me valuable time to deal with which reduces my ability to generate income. Unsolicited email should be made a criminal offense, carrying with it fines and jail terms. It boils down to robbery.
Unfortunately, on a small portion of the spam that clutters my Inbox originates in Canada. Its time to extend the reach of CASL.