Proposed anti-spam bill merits close attention

For the London Free Press - June 1, 2009 Read this on Canoe

The federal government recently tabled an anti-spam bill aimed at reducing spam originating in Canada.

The anti-spam bill, officially known as the Electronic Commerce Protection Act (ECPA), also would apply to text messaging, instant messaging, phishing, spyware and botnets.

The ECPA is lengthy, but basically makes electronic communication for commercial purposes subject to consent. Thus, sending mass e-mails to random addresses would be prohibited.

Section 6 sets out the consent principle: "No person shall send or cause or permit to be sent to an electronic address a commercial electronic message unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied."

The section also stipulates that a commercial electronic message must identify the sender and how they can be contacted.

Implied consent can be found where there is an existing relationship between the sender and recipient.

An "existing business relationship" can arise from business transactions within the last 18 months or "an inquiry or application, within the six-month period immediately preceding the day on which the message was sent."

Section 8 prevents unauthorized installation of software, which aims to prevent the surreptitious installation of spyware and other malware.

The bill contains significant penalties for those who breach the rules -- as much as $10 million.

As is often the case with legislation, the overall goals are laudable -- no one would argue that anyone should be able to send spam or install malware on people's computers-- but it has the potential to cause headaches for normal businesses that no one would consider spammers.

The bill should not impede normal commercial practices, and would not be good for either business or consumers if it impedes commerce.

The draft legislation needs careful review and possible amendments on two fronts:

- First, to make sure a business that sends an e-mail to a specific person to solicit business, even though it has no existing business relationship, is not prohibited. It's one thing to send out a mass e-mail to thousands of people. However, it should be acceptable to solicit on a one-on-one basis. And, sending a mass e-mail to one's customers advising of things such as corporate events or new developments should be allowed absent contrary instructions.

- Second, to make sure the software provision does not negatively impact the process of placing cookies or providing software updates -- provided, of course, they aren't malicious in nature.

The bill has passed second reading and has gone to committee for review. Interested parties should take this opportunity to comment on the bill.

Once the dust settles, the bill is passed with its final wording, and the effective date is known, all businesses will need to pay attention to the bill's requirements to ensure they are not offside.