For anyone holding out and hoping that the Canadian Anti-Spam Legislation (CASL) was a fad, the message from the public regulator this week was clear – it’s not.
At a downtown forum Tuesday hosted by the Canadian Marketing Association (CMA), the chair of the Canadian Radio-television Telecommunications Commission (CRTC) Jean-Pierre Blais conceded that of the 80 or so attendees, many of whom worked in marketing, some likely saw him as an adversary.
He was signaling that the CRTC has been listening to industry feedback that was likely negative. Yet what Blais did not concede was the future of the legislation.
“The law is here to stay,” he told the room, adding that, in fact, laws like this are likely to get tougher as instances of electronic fraud become more prevalent.
The self-awareness did not stop there, however.
Blais made the case that components of the legislation enabled police to catch real criminals.
In one example, “dorkbot” malware that originated from a Toronto-based server that had managed to infect computers around the world. The investigation and takedown that followed – including the collaboration with international law enforcement – Blais attributed to CASL.
In another, he described CRTC investigations into telemarketers that have been masquerading as the Canadian and American government departments as well as Microsoft to sell antivirus to consumers, including those on Canada’s “Do Not Call” list.
The message here was that CASL is much more than for penalizing legitimate companies that sent an unsolicited email.
Yet much of the CRTC’s wording was based on faith in the purpose of the law rather than concrete results.
On stage, Blais and Lynn Perrault, director of Electronic Commerce Enforcement division at the CRTC, cited a study released April 2015 by security firm Cloudmark that suggests that spam originating from Canada dropped 37 per cent following CASL coming into effect July 1, 2014. However, Blais is hesitant to take credit he says there was no control group-style study directly tying the law to the results.
Similarly, while Blais insisted that compliance would separate legitimate companies from shady ones, he said that there are no clear lines to tell them apart.
“If the do’s and don’ts were cut and dry, a computer could enforce the law,” he said, arguing for the organization’s case-by-case approach. “Let’s expose the scammers who diminish your work.”
What’s coming in the following months will likely determine CASL’s success in doing just that.
As the law approaches its two-year anniversary since coming into effect, the CRTC will be looking more closely at compliance on social media, “triaging” the most urgent issues such as cybersecurity, and bracing itself for legislative or case law changes that may or may not come from the new federal government and courts, especially around whether the law will be retroactive. (Likely not, a CMA rep said.)
For IT providers, the regulator notes that it is also looking for subject matter experts to help it investigate more serious crime, which depending on results from current ongoing investigations could set legal precedents.
All of this is to say that legitimate companies that are still on the fence about compliance need to realize the benefits of staying on their customers’ good side and get on board, Blais said.
“Compliance is better than enforcement; we prefer to be your ally.”