An anti-spam bill currently before the senate – now known as S-220, An Act respecting commercial electronic messages (the Anti-Spam Act) – if passed would help Independent Service Providers (ISPs) and individuals take up arms in the global battle against spam, say industry insiders.
Senator Yoine Goldstein, the Liberal party senator for Rigaud Quebec, gave the opening speech for the second reading of his anti-spam bill in the senate Feb. 5.
The bill seeks to introduce penalties that include fines and jail time for spammers and businesses that make use of their services. It would also make it easier for ISPs to deny service to suspected spammers, and allow individuals to sue those responsible for spam.
Canada is the only remaining G8 nation without anti-spam legislation and it’s time to take action, Goldstein says.
“The general goal is to diminish – because one can’t eliminate – spam,” he says. “Spam results in ISP having to buy more sophisticated equipment to cope with it, it bothers people a great deal, it is starting to inhibit Internet commerce, and is a vehicle for all sorts of nasty things.”
Up until now the battle against spam has been an uphill one largely because prosecuting spammers has proven difficult. They are hard to find, operating via infected computers that are part of botnets and making use of offshore servers.
So Goldstein hopes to make those who hire spammers equally responsible in the eyes of the law.
“If you’re getting a message from Timbuktu to buy Viagra from a Toronto distributor, that distributor would be equally responsible for the fines and civil responsibilities under the act,” he says. “There will be no one sending spam because there will be no one paying to do it.”
On the global spam-scape, Canada doesn’t even register as a blip on the map. The biggest offender is the U.S. that sends out 27 per cent of spam. It is followed by China (seven per cent) and Russia (four per cent), according to security vendor Symantec Corp.’s January spam report.
Canada doesn’t even account for one per cent of spam.
Canada is not the main driver of spam and so the measures proposed by Senator Goldstein’s bill won’t make a significant difference, according to David Senf, a security analyst with IDC Canada in Toronto. “Spam is a global issue – you stamp it out in one geography and it moves to another.”
But the miniscule amount of spam originating in Canada is enough to cause challenges for small, independent ISPs here. Spammers have popped up periodically on ISP servers, according to Tom Copeland, chair of the Canadian Association of Internet Providers.
The most notorious spammer here – nicknamed the “Canadian subsidy spammer” – sends messages offering to sell a directory of government funding programs.
If the new legislation is put through “that spammer could be stopped not only from using our networks, but from abusing our customers,” Copeland says.
“It gives me the opportunity to go after him through a civil action.”
The Act would make it easier for ISPs to deny service to spammers. Currently, if an ISP denies service on the grounds that someone is a suspected scammer, it could face penalties if it ends up being mistaken. Also, spammers use signed contracts to bind ISPs into agreements.
That needs to change, according to Goldstein.
“The bill provides immunity to ISPs if they stop service in good faith,” he says. “ISPs have an interest in minimizing spammers because they have to invest money to combat the sheer volume of spam.”
To David Senf, those new ISP powers are a double-edged sword.
“I’d see it as a mixed blessing,” he says. “One the one hand, it validates their position as an important arbiter of security in the cloud. On the other hand if, and when Canadians still see boatloads of spam in their Inbox, they may point the finger at ISPs.”
Giving ISPs the power to police spam could be a slippery slope, Senf suggests, as it may also offer them undue powers in other traffic issues.
For example, ISPs could use powers the legislation offers them to argue they should be able to curtail file sharing over peer-to-peer networks, a practice known as traffic throttling or traffic shaping.
Larger ISPs — such as Bell Canada and Rogers Communication — already engage in traffic shaping, and have defended the practice.
The Act will allow for spammers to be fined $500,000 or face two years in jail on a first offence, and be fined up to $1.5 million or face five years in jail for repeat offences. Spammers will also be open to civil action launched by those who are allegedly harmed by their actions.
There will be some “public interest” exceptions to the law. For instance, charities, political parties, polling firms, and businesses with pre-existing relationships with an e-mail user may send unsolicited messages, providing there is an opt-out available in the message.
“So my plumber can e-mal me and offer to install a new garberator that’s the best thing since apple pie and motherhood,” Goldstein explains.
You can expect spammers will try to exploit any loopholes in the legislation, Senf says. Then it will be up to the courts to decide if they are in breach or not.
Computer users infected as part of a botnet will not be prosecuted under the proposed Act, Goldstein says.
Copeland and Senf both agree such an Act is long overdue in Canada. The U.S. put its CAN-SPAM Act in place to regulate e-mail marketing in 2003.
If Goldstein’s bill passes a second reading, it will continue on to be reviewed by a Senate committee and will then be back for a third reading. After that, it will go before the House of Commons for debate.
Private member’s bills usually have a tough time making it into law, Goldstein says. He asks that concerned parties contact their local member of Parliament to ask for quick action on the Act.