:
Thank you, Mr. Chair and members of the committee, for inviting our office to address you on this important government initiative. I am Elizabeth Denham, Assistant Privacy Commissioner, and I am joined today by Hedy Kirkby, Acting Senior Legal Counsel and Carman Baggaley, Strategic Policy Advisor.
[English]
The Office of the Privacy Commissioner of Canada has long called for anti-spam legislation. We welcome and support the introduction of the Electronic Commerce Protection Act. This is an important piece of legislation that addresses a serious problem. Much more than a mere nuisance, unwanted electronic messages--or spam--have significant consequences for our economy. Spam affects productivity and undermines confidence in electronic commerce.
This legislation has the potential to help individuals and organizations deal with unsolicited electronic messages, and it also provides important redress mechanisms, including a private right of action. We believe it strikes the right balance between giving people greater control over the e-mail and text messages they receive, while still allowing legitimate businesses to continue to communicate with their clients and their customers.
In the run-up to the development of PIPEDA more than 10 years ago, concerns were expressed by businesses that are similar to those we've heard in this debate about ECPA. However, interestingly, in the PIPEDA review just two years ago, the business community did not raise the same concern that privacy rules would impede business. Business is adaptable. There's evidence that there's a competitive advantage to giving consumers choice and respecting their privacy. As well, for businesses that have actually been complying with PIPEDA for the past nine years and respecting the privacy of their customers, this law should have little or no adverse effect.
The legislation will help us fulfill our mandate to promote the protection of personal information. E-mail addresses are considered personal information under the Personal Information Protection and Electronics Documents Act, PIPEDA.
Our office is concerned about e-mail addresses being collected and used to send spam without consent. We're also concerned about the growing use of spam e-mails containing malware or spyware to collect personal information in order to commit fraud such as identity theft. I should also add that we see this legislation as complementing Bill S-4, which would amend the Criminal Code to deal with identity theft and related misconduct.
The CRTC, the Competition Bureau, and our office will share enforcement of the act. We look forward to working collaboratively with these two agencies and Industry Canada in carrying out our new responsibilities, including that of educating the public about this important new legislation. ECPA contains provisions to facilitate consultation, referral, and information sharing among the three agencies to enable more effective and efficient investigations and enforcement actions.
The three agencies will also have the authority to share information under written arrangements with foreign states where the information may be relevant to an investigation under a foreign law that addresses substantially similar conduct. This is an important provision that's going to help us deal with the challenge of a problem that really knows no borders.
The CRTC and the Competition Bureau will have shared responsibility for enforcing the anti-spam provisions, and those are the provisions dealing with the sending and the content of electronic messages. The Privacy Commissioner will have responsibility for investigating related contraventions of PIPEDA, specifically, the unauthorized collection and use of personal information through e-mail address harvesting, dictionary attacks, and the use of spyware to collect personal information.
The legislation will not change the existing enforcement powers of the Office of the Privacy Commissioner, nor is it expected to create a significant increase in complaints to our office. We actually anticipate that many complaints are going to be directed elsewhere, to the CRTC and the Competition Bureau.
The bill also imports two significant sets of amendments that have been discussed in the context of the review of PIPEDA. Under the first set of amendments, the Privacy Commissioner will have the discretion to decline to investigate a complaint--something we don't have now--or to discontinue a complaint investigation, including in cases where the matter could be more appropriately dealt with by the CRTC or the Competition Bureau.
Under the second group of amendments in ECPA, the commissioner will have the authority to collaborate and exchange information with provincial counterparts--not just those with substantially similar legislation--and with foreign counterparts who enforce data protection laws that are similar to PIPEDA. To be clear, these amendments apply to all our activities, not just those related to spam.
Under the proposed amendments to PIPEDA, the commissioner may decide not to accept a complaint if she believes that the complaint could be more appropriately dealt with under other available procedures. This includes procedures provided for under federal or provincial laws or grievance or other procedures. A complaint may also be refused if it is not filed within a reasonable amount of time--the evidence has gone stale--from the date when the issue actually arose.
The commissioner will notify complainants and also the responding organization if she decides not to investigate a complaint, and she'll provide reasons for her decision. The commissioner may reconsider a decision not to investigate if she is satisfied that there are compelling reasons to do so.
As well, ECPA provides the commissioner with the discretion to discontinue some investigations if she is of the opinion that there is insufficient evidence to pursue the investigation or if the complaint is trivial, frivolous, or vexatious.
The Office of the Privacy Commissioner of Canada has previously asked Parliament in the context of the PIPEDA review to provide the commissioner with the discretion to refuse or to discontinue complaints.
This is important because traditionally privacy issues have arisen in the context of interaction between one person and an organization. They have come to light as a result of a complaint by an individual. More and more often, however, critical privacy issues are arising from systemic threats, from rapidly advancing information technologies, including Internet applications and surveillance. This discretion to refuse and/or to discontinue complaints will, importantly, allow our office to focus our investigative resources on privacy issues that have broader systemic interest.
In closing, I would like to thank the committee for providing us with the opportunity to explain our role in enforcing this important new legislation and the reason we believe this initiative is going to help the office better protect the privacy interests of Canadians.
I would be happy to take your questions.
[Translation]
I would now be pleased to answer your questions.
:
Good afternoon everyone.
Thank you, Mr. Chair, for inviting the Competition Bureau to appear before the committee to discuss Bill , a legislative initiative that targets spam.
[English]
It is rare that one finds an idea or a point of view that almost every Canadian can agree upon. Unsolicited electronic communication, or spam, is one of the most universally reviled features of the Internet age. While its most malicious forms may be designed to spread viruses or facilitate identity theft, a significant proportion of spam involves the false or misleading promotion of products or services, particularly in the health and financial sectors.
[Translation]
For those less familiar with the Bureau, our mandate is to protect and promote competitive markets and to enable informed consumer choice in Canada. Our principle statute, the Competition Act, allows us to carry out both civil and criminal enforcement against, among other things, deceptive marketing practices.
[English]
With the passage of Bill C-10, the law implementing the federal budget, the penalties for deceptive marketing practices under the Competition Act were strengthened, both in terms of the monetary penalties and through the introduction of restitution orders to get victims their money back. These amendments were designed to harmonize the act with our international counterparts and to improve the bureau's ability to promote truth in advertising.
[Translation]
The proposed legislation before you, Bill , the Electronic Commerce Protection Act, would amend the Competition Act to allow the Bureau to more effectively combat false or misleading advertising in electronic communications and better protect the integrity of electronic commerce in Canada.
[English]
Along with the CRTC and the Office of the Privacy Commissioner, the bureau would be one of three partners carrying out responsibilities under this initiative.
[Translation]
The 2005 report of the Task Force on Spam established by the identified “gaps in current Canadian law that must be filled”. As it stands now, the Competition Act contains both civil and criminal provisions to curb the use of false or misleading advertising.
[English]
However, Canada still has no equivalent to laws found in other industrialized countries that relate specifically to electronic commerce, such as the CAN-SPAM Act in the United States or the Spam Act in Australia.
[Translation]
The additions to the Competition Act outlined in Bill C-27 would help to clarify more precisely what cannot be done in electronic messaging and how competition laws would apply in cyberspace.
[English]
Specifically Bill C-27 would add more targeted civil and criminal provisions with respect to false and misleading advertising in electronic messages. It would provide authority for court injunctions to restrain conduct that falls within these new provisions and make certain that the act is technologically neutral. False or misleading representations in header information, such as subject lines or sender names in e-mails, in the content of the communication itself, or in locators, such as web addresses or URLs, would now be more broadly covered.
[Translation]
An example of a message that we have all received is one in which the subject line suggests that the message is a greeting from a familiar friend or trusted business, but whose content turns out to be an advertisement for a dubious product from a less than reputable source. This activity would fall under the new provisions as a false or misleading header.
[English]
An e-mail or text message advertising a bogus fuel additive, for example, falsely claiming to double your car's fuel efficiency, would be an example of a false or misleading representation made in the content of a message.
[Translation]
Similarly, a Canadian website that chooses a domain name or search terms to suggest that it is a source of job opportunities when it is merely a collection of links and vague advice would be caught under the “false or misleading locator” provisions.
[English]
While these examples may be covered to some extent under the current act, Bill C-27 would make it clear that they are, thus making it simpler and faster to take enforcement action against these forms of misleading advertising.
In addition to administrative monetary penalties and potentially even criminal prosecution, Bill C-27 proposes to expand court injunctive powers. The bureau will be able to seek court injunctions against spammers based in Canada or using Canadian equipment to engage in false or misleading advertising, and also against those persons and businesses supplying the spammers with the equipment and services used to carry out false or misleading advertising.
To ensure that the Competition Act remains in step with technological innovation, Bill C-27 amends definitions in the Competition Act to ensure that the act applies broadly to new technologies. For example, voice-over-Internet protocol, or VoIP, and text messaging would now clearly be within the scope of the Competition Act.
[Translation]
Furthermore, the framework provided for in the new Competition Act civil provisions serves as the basis to empower those affected by false or misleading spam to launch private actions under the remedial scheme in the Electronic Commerce Protection Act.
This means that enforcement will be coming from all angles, not just the Bureau or its government partners. In addition to a statutory per-message amount of damages, this scheme also allows plaintiffs to sue specifically for losses incurred as a result of the deceptive communications, ensuring that victims of scams, false advertising claims and other forms of deception have a potential way to get their money back.
[English]
In these difficult economic times, we can expect to see an increase in messages targeting not only consumers but also small and medium-sized businesses, which may suffer serious financial harm if they fall prey to misleading or false advertising messages contained in spam. It is the job of the Competition Bureau to protect Canadians from this kind of activity in all economic environments and to foster confidence in an honest marketplace.
The Competition Bureau has decades of experience in conducting investigations into false and misleading advertising and working with our domestic and international partners to achieve common enforcement objectives. For example, the bureau recently launched Project False Hope, an education and enforcement initiative that targeted false or unproven cancer cure claims found online. The project has resulted in 98% of those websites targeted by the bureau changing or removing the claims at issue in order to comply with the Competition Act. As part of the initiative, the bureau worked in collaboration with the Canadian Cancer Society to produce an awareness campaign and an informative pamphlet that has reached tens of thousands of individuals.
In other collaborative efforts, the bureau has worked with domestic and international partners, such as Health Canada, the U.S. Federal Trade Commission, and the U.S. Food and Drug Administration, to combat false or misleading claims surrounding weight loss and diabetes treatments. The bureau successfully took action against almost 100 Canadian-operated websites, with the vast majority changing or removing the claims at issue in order to comply with the Competition Act.
[Translation]
Cooperation is key to ensuring deceptive marketers cannot hide from authorities, in any jurisdiction. Experience conducting investigations, in both the on and offline world, combined with established cooperation networks, provides the right foundation to take action against spam.
[English]
Technological progress is a positive and powerful economic driver, but it comes with new ways to engage in deception, and Canadian law must keep pace. The new provisions, combined with the current provisions in the Competition Act, will provide a more complete framework to facilitate more effective and timely enforcement against deceptive conduct in the electronic marketplace in all of its forms.
Canada has been without anti-spam legislation and is lagging behind our major international trading partners. These changes allow the bureau, together with its partners, to more confidently and effectively enforce the law in an undeniably problematic but complex area.
We at the bureau are enthusiastic about the prospect of Bill C-27 becoming law. I welcome the opportunity to discuss the bureau's role and respond to any questions the committee members may have.
Thank you.
:
Let me address the first part of the question about whether this hinders the ability of businesses to engage in legitimate marketing. In some ways, I think using electronic means of communication to do marketing is quite different from, say, direct mail.
One obvious example is if someone is using text messages. Many services impose a cost when you receive a text message. No cost is imposed on me when I receive something in my mailbox.
Another problem with electronic messages is that we've seen this phenomenon of phishing. Sometimes it's very difficult for the individual to figure out if it's really an e-mail from RBC or whether it's simply some organization pretending to be RBC. Also, e-mails can have viruses in them.
There are all kinds of harms that can arise with respect to electronic messages that don't arise with respect to direct mail in particular. So for many of those reasons, and certainly the cost that imposes on businesses, which I think you've heard about, we certainly think the regime that's being created to deal with electronic messages is reasonable.
With respect to the issue of address harvesting, this is a difficult issue. Again, we think what this is intended to deal with is organizations that are collecting e-mail addresses, using what are called dictionary attacks to generate lists of e-mail addresses, and then either using them to send spam or selling them.
We've had some discussions about whether or not it would be necessary to make small adjustments to that provision to deal with some scenarios. We're open to minor adjustments on the address harvesting, particularly to deal with cases where we understand that a search engine, for example, may collect e-mail addresses in order to determine where they're coming from.
When you search on the word “Chelsea”, if you're in England, it's probably the football club. If you search on the word “Chelsea” in the United States, it may be the district of New York. You want to know where they collect e-mail addresses. There may be ways to address some of those problems.
To Monsieur Vincent, our next guest in the next hour is from the CRTC. I could be wrong, but to my understanding, that story about the list being available to be bought was actually false and not accurate. I'd like to know more, so if you don't ask the question, I'll be asking the question.
My question now is for the Competition Bureau. Hopefully you're able to answer it.
There is an exception in here for business-to-business communications. Do you as an organization have any issues with that? Most organizations that have come to see us have appreciated that there's a business-to-business exemption.
I'll use the wild example--this doesn't actually happen, and I want that to be on the record--of an insurance company, let's say, that's using spam to bug me about buying insurance from them. I've had no past relationship with them and I've never bought life insurance from them. But they keep sending me e-mails. I'm not happy about that. I can take action if this bill becomes law.
In a previous life, I sold racking systems for servers and monitors. I actually sold to many of the large insurance companies. They have beautiful computer rooms in their basements, with lots of names on them. I was able to put their hardware on a lot of my racks.
Under this legislation, an insurance company would still be able to e-mail me--or I could e-mail them, because they are a customer--any discounts, anything I had, as long as there was a relationship; that's my understanding. But in terms of starting a relationship, have you read anything in here, or could you tell me what you believe this would do, with regard to me trying to start a relationship with, say, a large insurance company that I'm trying to sell something to, from a business-to-business perspective?
:
Chair, thank you very much for this.
I thank you, witnesses, for being here today.
It's a real pleasure and a treat to be back on the industry committee. It feels like old times.
As the author of the first anti-spam legislation in 2002-03, I'm really pleased that, several years later, Mr. Chair, we're getting onto this and, more importantly, the lawful access.
I'm going to start to charge a copyright fee for all the ideas that are now being taken by my colleagues.
Mr. Chair, I wanted to ask a question.
Ms. Denham, following up on Ms. Coady's remarks this morning on the collection, the enforcement of a private right, and the purpose of enforcement and the law, it would appear to me that provisions or exceptions have not been made to those two types of actions that have been legally enforced.
How do you reconcile the two? If I have a legal mandate to acquire personal information or collect an address, either by law or by a private right of action, what trumps the other? Which one prevails--your law or the law ordered by a court?
:
Thank you, Mr. Chairman, for the opportunity to meet with the committee to discuss the Electronic Commerce Protection Act.
[Translation]
We are here to support Bill and explain our role, as envisaged in the bill. We are glad that the government has introduced this legislation, which is essential to Canada's growing digital economy. It will also have the added benefit of bringing Canadian law in line with our peers in the G8 who have already enacted similar anti-spam legislation.
As the committee knows, the bill is designed to counter commercial spam and related online problems, such as spyware, malware and phishing. These are problems that undermine confidence in the electronic marketplace.
[English]
Under the bill, the main enforcement responsibilities for spam will fall under the responsibility of the CRTC. We will be responsible for investigating violations and ensuring compliance.
[Translation]
The Competition Bureau will address false or misleading representations made through electronic messages. The Office of the Privacy Commissioner will address the invasion of privacy stemming from the collection and use of email addresses by computer programs.
[English]
The CRTC will be responsible for enforcing three types of violations under the act. First, we will enforce the “no spam” provisions of the act.
The ECPA provides for an “opt-in” regime, whereby people must first consent to receive commercial electronic messages. If there is no express or implied consent, spammers are subject to monetary penalties. Consent will be considered implied under one of two conditions: (a) where there is a business relationship that has been in existence for any time during the last 18 months, or where the recipient has made an inquiry or application within the last six months; and (b) in a non-business relationship where, in the last 18 months, the recipient has made a donation or gift, provided volunteer work, or signed a membership.
Second, the CRTC will prosecute violations involving the alteration of transmission data in an electronic message. Altering transmission data without express consent is prohibited.
Thirdly, the CRTC will enforce the prohibition against installing software or causing it to be installed without express consent. This has been a growing problem, as some spam has been designed to install software into a host computer, and this software in turn broadcasts further spam messages.
The bill provides for tools to permit the CRTC to enforce the act. The CRTC will be able to require telephone companies that provide Internet services to preserve time-sensitive transmission data. We will also be able to require telecom service providers and other institutions to provide documents and reports. Furthermore, there is a provision for searches with a warrant.
The act will be enforced on two separate tracks. The CRTC will have the authority to issue administrative monetary penalties of up to $1 million for an individual and up to $10 million for a business. We will also have the authority to negotiate binding undertakings. The second track involves the right to sue, which will allow individuals and businesses to take civil action through the courts to (a) recover damages for losses suffered and (b) to obtain additional damages for violations of the act.
However, lawsuits under (b) above will not be permitted if the CRTC has already issued a notice of violation or if an undertaking has been agreed upon. Similarly, the CRTC cannot start enforcement action if lawsuits have already been launched under (b) regarding the same violation.
[Translation]
One of the most important features of this bill is that it gives each of the federal partners—the CRTC, the Competition Bureau and the Privacy Commissioner—the ability to share information with one another, as well as with foreign partners.
[English]
While there is much to commend in Bill C-27, we believe there is room for improvement in two key areas.
[Translation]
The first concerns section 27, which provides the right to appeal certain CRTC decisions to the Federal Court of Appeal. We propose amending this section to provide a timeframe for bringing such appeals to the Federal Court, and suggest that 30 days would be sufficient. The wording for this proposed amendment can be found in the appendix to this speech.
[English]
Secondly, we would like to propose an amendment to the information-sharing provisions of the bill to strengthen the CRTC's ability to work with the U.S. Federal Trade Commission and other international bodies operating under similar anti-spam legislation.
As it has been drafted, the bill allows the CRTC, the Competition Bureau, or the Office of the Privacy Commissioner to share information with other countries provided there is an international agreement or arrangement. In our view, these provisions fall short of what will be required to effectively counter spam. We know that spammers can be very adept at locating in one jurisdiction and directing spam at another jurisdiction. Living in North America, we can expect that a good deal of spam originates or will originate from our southern neighbours.
In its 2005 report, the task force on spam recognized that international enforcement of spam is essential. It recommended that:
The federal government, in coordination with the provinces and territories, should conclude and implement cooperative enforcement agreements with other countries. These efforts should include examining and amending existing legislative provisions as required to allow for seamless international cooperative investigative and enforcement action.
We agree that cooperation with other countries, and particularly with the United States, is essential. But clause 60 of the bill allows for cooperation only on the basis of intergovernmental or interagency agreements or arrangements. From my own experience as Commissioner of Competition, I know how difficult it can be to reach such agreements and how time-consuming and complex the process has become. It is essential that once the legislation has been enacted we can move quickly to cooperate with the United States. We can't afford to wait years until there's an international agreement. The process of negotiating the agreement should not be a barrier to working together to counter spam.
In 2006, the United States passed the Safe Web Act. It gives the FTC the authority to conduct investigations on behalf of a foreign agency, such as the CRTC, that is investigating conduct that is also prohibited under laws enforced by the FTC. However, in our view, and based on past experience, the FTC will provide assistance only if the country in question has reciprocal legislation. No such reciprocal provision is found in Bill C-27.
If Bill C-27 were amended so that it would mirror the provisions in the Safe Web Act, such cooperation would not be problematic; it would be automatic, and it would obviate the need for lengthy negotiations of arrangements or agreements.
We have drafted a proposed amendment, numbered 60A. You will find it in the appendix to this speech. Subject to certain safeguards, it would specifically empower the commission to gather information and evidence on behalf of a foreign country with similar reciprocal legislation, i.e., the United States. This assistance would be provided further, through a written request, in cases of alleged civil contraventions of foreign laws regarding conduct that is substantially similar to that prohibited in Canada. The proposed amendment would also allow the CRTC to share that information with the foreign entity in question.
In essence, clause 60A would provide for mutual assistance between Canada and other countries. I would emphasize that this provision would apply only to the gathering and sharing of information. The decision regarding whether to proceed would be entirely up to the CRTC and would depend on whether the foreign agency had agreed to provide reciprocal assistance.
The addition of clause 60A will require minor changes to the wording elsewhere in the bill to ensure consistency. For that purpose, the proposed changes to clauses 15, 17, and 19 are set out in the appendix.
[Translation]
In conclusion, both proposed amendments, with respect to the appeal period and cooperating on investigations, are very much in keeping with the spirit of the bill as passed for second reading in the House.
In the absence of section 60A, we believe it will be difficult to work quickly and cooperatively with foreign entities, and in particular the FTC. Without this amendment, the Commission's ability to address spam will be compromised significantly.
[English]
Thank you very much.
We will be pleased to answer any questions.
:
First of all, it's “up to” $1 million or $10 million. It could be $10, $100, $1,000, or whatever is appropriate.
Secondly, we, like every enforcement agency, have a compliance compendium. You start off by educating people. You warn them, you try to get them to comply, you try to educate them. Then, if there is resistance or a wilful breach, you can fine them.
When you do fine them, you take into account the gravity of the action taken. Was it deliberate or was it unintentional? Was it repetitive? What was the cost damage? When you impose a fine, you take into account both aspects--the deterrence aspect, in that it should be a lesson to this person and others not to do it again, and also the effect it will have. You don't want to put somebody out of business. You just want to make sure they get a meaningful lesson and won't do it again.
Now, if it's somebody who is just deliberately, consistently, and wilfully breaching, etc., obviously you may go close to the maximum or to the maximum. It depends; you make an assessment of the circumstances.
:
Commissioner, it's a pleasure to have you here before this committee. I can say with some certainty that your role as former competition commissioner was one that saw a number of changes certainly in my time. I'd like to think that the changes we saw in Bill C-10 were the result of your good work and efforts over the past few years. Congratulations to you. I just realized that 10 years of fighting for this and debates back and forth was all done in one fell swoop without a single debate on it in the House of Commons. I was quite amazed at that, even though there are a lot of things in there that I agree with.
Commissioner, you have suggested something that requires a more fulsome explanation. With this bill, we are giving Canadians the impression that by looking after our own mess in our own backyard we are going to suddenly end spamming in Canada. In 2005 the task force recognized that the amount of spamming in Canada is very limited and the effect on Canadians is rather limited. Much of it does come from international sources. Your second recommendation is music to my ears and very much follows with the observation of the task force. I will read it into the record:
The actions that we take within Canada to reduce the amount of spam will only have a limited effect on the amount of spam arriving in Canadians' email boxes unless these actions are complemented and reinforced by strong, effective international cooperative actions against spammers.
Based on that, sir, not only from the bilateral perspective, but you've suggested that you would be working with the CRTC, the FTC, as well as with the FCC. Who, in your view, would be the lead in coordinating the effort of ensuring that spammers who went to other jurisdictions, not just between Canada and the United States, but...for instance, as I was discussing with my colleague, Mr. Rota, earlier, what if they all wound up in São Tomé?
What reasonable objectives can be achieved in the short term? You've talked about problems of agreements and collaboration and corroboration. How realistic is it that if we provide this legislation, we would stop the spamming in Canada? Also, how likely is it that we would be successful in stopping jurisdictions that have no enforcement responsibilities or any type of agreement in order to put an end to this once and for all?
:
I think you have to look at it in context. You're talking about commercial spamming, right?
Hon. Dan McTeague: That's correct.
Mr. Konrad W. von Finckenstein: Why do they do that? It's in order to sell something. In order for them to sell something, it has to be something that people want to buy. If you're in São Tomé, as you suggest, in spam, and if you provide for delivery from Canada, we can go after the people on whose behalf it is done. If you want to ship it from São Tomé, there are very few products that are worthwhile shipping from there. In the end, on spamming and the business case, it is really primarily if you're located in Canada and the U.S. That's why I'm so focused on the U.S. That's why I want to have such an agreement with them.
We are not going to eliminate spamming. There's no question about it. As for the letters you get from Nigerians offering you $20 million if you give them a bank account number or something like that, I can't do anything about them because they have no assets and Nigeria has no legislation.
But on the commercial spamming, if people offer you a product you don't want, we can deal with it. We're going to deal with people who try to put stuff on your computer without you knowing it, or the phishing, etc. I think by far the largest source of all of this is in our country or the country to the south, and that we will be able to deal with.
I would like to congratulate you, Mr. von Finckenstein, and your organization. Indeed, the amendment that you tabled does in fact reflect one of my concerns. I know that this bill is not 100% perfect. Indeed, other witnesses have told us that there are often affiliated programs, that it was possible to obtain lists, in particular, and to go through countries that were not covered by this type of legislation. The problem is that an organization here can forward information to other countries, as is done in the case of the Indian telephone system. These people could therefore go through another country in order to spread advertising.
You said that these products could be delivered to Canada by a foreign company responsible for the distribution and advertising from Canada. With this amendment, in North America, we are going to cover all of that. Of course, it would have been preferable to have had an international agreement, but this is a good start.
I would now like to refer you to clauses 6(4)(a) and 6(4)(b) of the bill, which read as follows:
(a) an electronic message is considered to have been sent once its transmission has been initiated; and
(b) it is immaterial whether the electronic address to which an electronic message is sent exists or whether an electronic message reaches its intended destination.
Going back to the scenario given by Mr. Wallace, let's suppose that I have my own home business and that my son uses the electronic address list found in my computer in order to sell chocolate for his school. What would happen? From what I can gather, I would be responsible for my computer and individuals under the law. Would there be any repercussions?