Jean-Pierre Blais to the Seminar on International Electronic Marketing Enforcement and Consent
May 18, 2017
Jean-Pierre Blais, Chairman
Canadian Radio-television and Telecommunications Commission
Check against delivery
I’d like to thank the Communications and Media Law Association and the Australian Chapter of the International Institute of Communications (IIC) for having invited to speak at this seminar.
Canada’s federal government created the CRTC in 1968 as an administrative tribunal that regulates and supervises broadcasting and telecommunications in the country.
The CRTC derives regulatory authority from Acts of Parliament. Our organization is committed to ensuring Canadians as citizens, creators and consumers have access to a world-class communications system.
To that end, we have many jobs: licensing radio and television broadcasters, approving price tariffs for regulated companies, encouraging competition, and promoting compliance and enforcing a range of rules and regulations.
The CRTC’s interests in anti-spam and unsolicited telecommunications
Some of those rules and regulations aim to protect Canadians from spam and other nuisance communications.
Unsolicited communications present a serious and increasing threat to the social and economic prosperity of the digital economy.
Internet and mobile technologies have revolutionized the way that commerce is conducted. These technologies have also changed how governments operate and deliver services to citizens.
But as more commerce and citizen engagement occurs online, illegitimate actors discover new avenues for disseminating these threats through phishing, data theft, robocalls and other harmful activities. Consumers may be annoyed when they receive unwanted email, robocalls or Short Message Service message. What’s worse, they may also find themselves the victims of fraud and theft.
Our organization is committed to reducing the harmful effects of spam and related threats. Our goal is to help create a safer and more secure online marketplace.
Canada’s Anti-Spam Legislation
To that end, the CRTC helps enforce what we call Canada’s anti-spam legislation – a law designed to discourage people from sending unwanted spam messages.
The CRTC, as well as Canada’s Competition Bureau and the Office of the Privacy Commissioner, work together to enforce this legislation.
The CRTC has the primary enforcement responsibility, including powers to investigate and take action against violators, and set administrative monetary penalties.
We target those who send commercial electronic messages without the recipient’s consent.
We also target those who alter transmission data without express consent.
And we go after those who install programs on computers or networks without express consent. This includes malware, spyware and viruses in computer programs, in spam messages, or downloaded through infected Web links.
The maximum penalties for violating Canada’s anti-spam legislation are significant. The CRTC has the authority to impose administrative monetary penalties of up to $1 million to an individual per violation and up to $10 million for a business per violation.
We need citizens to take part in our anti-spam efforts. So we operate the Spam Reporting Centre where Canadians can report spam and other electronic threats for all three enforcement agencies to investigate. Here’s a promotional video we produced on that to spread the word.
The CRTC is working with organizations who have violated the Act but want to comply through undertakings, which are like negotiated settlements. Our highest penalties are used in the most egregious cases, where there is a blatant disregard for the Act. Those administrative monetary penalties are issued through Notices of Violation.
Our enforcement actions have reached beyond our borders into other countries including the United States, thanks to assistance from organizations including the U.S. Federal Trade Commission (FTC) and the Federal Communications Commission (FCC).
Unsolicited Telecommunications Rules
The CRTC also helps enforce Canada’s Unsolicited Telecommunications Rules. They’re designed to ensure telemarketers respect the choice of Canadians have made not to be disturbed.
We oversee Canada’s National Do Not Call List, where Canadians can report their unwanted calls. Any Canadian can have their number added to the list. Telemarketers calling Canadians are obliged to make sure they do not call anyone whose number is on the list.
The penalties for violating Canada’s Unsolicited Telecommunications Rules reach up to $1,500 in the case of an individual, and up to $15,000 in the case of a corporation, per violation.
Our goal is to promote compliance. So we emphasize education and compliance, rather than punishment. And we tend to focus on the higher volume of complaints and trends when we decide what to investigate.
Certainly our efforts have yielded results. The CRTC and its partners have investigated and issued notices of violations to a number of telemarketers, both in Canada and abroad, who violated our rules.
The uphill battle against spam and illegal telemarketing
Spammers and telemarketers get the message that when they violate the rules, there are consequences for those actions.
But sometimes, it feels like our work is all uphill – and that hill feels like Mount Kosciuszko, Australia’s highest peak.
Just to give you a sense of what we face, according to Cisco’s 2017 annual cybersecurity report, spam accounts for nearly two-thirds of total email volume.
The company’s research suggests that global spam volume is growing, due in part to large and thriving spam-sending botnets. Cisco figures 8% to 10% of the global spam traffic in 2016 could be classified as malicious.
And the percentage of spam with malicious email attachments is increasing, too. It seems hackers are experimenting with different types of files to attach to their unwanted and damaging messages to.
Governments and the private sector alike have much at stake here. The damaging effects of unsolicited communications could undermine people’s trust in their communications networks, and more broadly, in the digital economy.
So we see anti-spam efforts as a shared responsibility for government, regulators, enforcement agencies, non-governmental organizations, the private sector, and technical experts.
The good news is many countries have made significant progress on this issue, particularly with respect to enacting anti-spam and unsolicited communications legislation, promoting compliance, and establishing domestic and international partnerships among different communities.
The importance of international cooperation
But spam and other forms of online threats are not just a Canadian problem. They are a worldwide problem. In fact, much of the spam that targets Canadians comes from outside our borders.
International problems require international solutions. So we collaborate actively with our international counterparts, such as the FTC in the U.S., the Office of Communications, or OFCOM, in the U.K., and of course the Australian Communications and Media Authority (ACMA).
We're an active member of the Unsolicited Communications Enforcement Network, which is a global network made up of 27 different counties who focus on international spam and telephony enforcement cooperation. That’s an international cybersecurity and telecommunications group.
And we engage with the Interpol Global Complex for Innovation in Singapore. It's a cutting-edge R&D facility to identify cybercrime and cybercriminals, and combat them through innovative training, operational support and partnerships.
Spam messages that pass through Canadian networks for delivery to those addresses are then forwarded to the CRTC for analysis and possible investigation. Our investigators and analysts use a wide range of tools internally and from partners to pursue bad actors.
So we are reaching out internationally. But we wanted to go further. And last October, we did just that.
Recap of Bangkok meeting
In the fall of 2016, the CRTC, in partnership with the International Institute of Communications, or IIC, hosted an international workshop on combating spam and other forms of nuisance communications.
The half-day event took place as part of the IIC’s annual Communications Policy and Regulation Week in Bangkok, Thailand.
There were 45 participants representing regulators from all global regions –including ACMA’s Acting Chairman Richard Bean, and IIC President Chris Chapman – and representatives from industry, academia, and other aspects of the communications ecosystem.
The IIC provided the ideal forum for this workshop. The organization offered an independent, international and distinguished platform to discuss the critical and evolving impacts of spam and nuisance communications on citizens and businesses globally.
The IIC also offered access to a global network of senior-level industry strategists, regulatory authorities, enforcement agencies, academics, and other experts.
The purpose of the workshop in Bangkok was threefold.
First, it sought to bring together experts from policy and from enforcement communities around the world. We wanted them to exchange views, so the policy experts would learn from the enforcement experts and vice versa.
That exchange is important. These two communities are both actively working to combat spam and other unsolicited communications. But too often, each community is in conversation with itself.
So policy may be developed without sufficient consideration of enforcement needs.
And the people in charge of enforcement sometimes fail to understand where the policymakers are coming from. We wanted to help connect those two sides.
Second, we wanted the workshop to produce recommendations for global anti-spam efforts. Spam is an international problem. We need an international solution.
We need policy-makers and enforcement organizations to focus on approaches that work across jurisdictions, not just at home.
Because the truth is, unless the solutions are international, they won’t really work at home anyway.
The majority of spam and illegal telemarketing originates from outside the country of the people receiving those messages or calls. A global response is the only practical solution.
The third purpose: to include regulators from both advanced and emerging economies as part of the discussion. Those who have experienced enforcement regimes and those who may be starting or looking to set up their own where lessons learned could be shared.
We need to make sure policymakers and enforcement agencies from all regions have the ability to take part in the anti-spam battle. Otherwise, we risk creating a system in which spammers are able to evade enforcement by setting up in areas of the world they are inaccessible.
Those were our goals. How did we fare? Well, last month, the CRTC published a report on the Bangkok workshop. I would like to share some of those findings with you.
Results from Bangkok
Participants in the workshop highlighted three main challenges with respect to managing spam and other unwanted communications.
The first challenge: inconsistencies in policy and legislation. The global nature of spam and telemarketing means cases almost always cross national borders.
This can create challenges when policies, approaches and legislative frameworks differ from country to country. These difference can make it challenging to share information and collaborate on enforcement.
The second challenge: high-tech anonymity. Technologies like Voice over Internet Protocol make it easier for illegal telemarketers to hide who they are and where they are.
That makes it harder for enforcement organizations to find them – which, in turn, makes it harder to stop them.
We certainly know this in Canada. A high number of complaints CRTC receives about unwanted telemarketing involve caller ID spoofing, in which it’s hard to tell where the caller is really located.
The third challenge: capacity building for emerging economies. Spam and unsolicited communications are a global problem.
But not all countries are well equipped to combat these threats. Many emerging economies may lack the resources and the knowledge to enforce anti-spam laws and unsolicited telecommunications rules.
In the global battle against spam and illegal telemarketing, collaboration in all areas is key. All the good guys need to have effective weapons.
The workshop participants talked about solutions to those challenges. Here are their three main recommendations.
First, policymakers and enforcement agencies should engage in regular discussions to share expertise.
Workshop participants agreed that an international forum – one that is either new or established – would allow for continued discussions on policy issues, such as how to draft good unsolicited-communications laws, the best way to speed up cross-border information sharing, and how to ensure policies can adapt to new technologies and new platforms.
The second recommendation is the importance of private-sector involvement in all forums of discussion for solutions.
Companies that run communications networks and businesses that build communications technology equipment have a major influence on the infrastructure spammers and illegal telemarketers use.
These businesses also have the expertise to help us keep deceitful message-senders and phone-callers in check. Workshop participants came up with a number of ways in which the private sector could help.
For example, where this has been successful is the creation of tools on their networks or software platforms for citizens to report spam and unwanted calls to enforcement agencies to investigate right from their mobile phones, all with just a few quick taps on the keypad.
By leveraging the power of the private sector, those of us on the regulatory side of the solution would have an even better chance of shutting down spammers and illegal telemarketers.
For their third recommendation, workshop participants said enforcement agencies should join the Unsolicited Communications Enforcement Network (or UCENet).
Formerly known as the London Action Plan, this long-established network aims to promote international spam and telephony enforcement cooperation, and to address problems related to nuisance communications, such as online or telephony fraud, phishing, and Internet viruses.
Workshop participants agreed that participation in the UCENet is critical to cross-border partnerships for enforcement, intelligence, communication and training.
The enforcement community has long recognized that online and telemarketing activity is not bound by geography or borders.
And since many government agencies operate with limited resources, UCENet enables collaboration across skillsets and expertise, which reduces duplication of effort.
Its membership includes agencies from 27 countries, including government departments and other interested parties in the private sector, non-profit sector and academia. The network gives members the chance to learn from each other’s experiences.
I’ll say it again, because it matters: global cooperation is the key to curtailing spam and illegal telemarketing.
During the Bangkok workshop, one participant talked about challenges in acquiring confidential information from a company outside its jurisdiction. That information was vital for an investigation.
The company claimed that since it operated outside the jurisdiction, it was not obliged to disclose its data – even though the company was enabling illegal activity in the jurisdiction.
Fortunately, authorities in the jurisdiction had a long-established relationship with the enforcement agency where the company was located.
Together, they were able to use their respective rules to produce and share information lawfully and pursue enforcement action.
Canadian success story
I would like to take this opportunity to tell you a Canadian success story in fighting unsolicited telecommunications. The truth is, this is not just a Canadian story. It’s an international win.
In December 2015, the CRTC announced that it had served its first ever warrant under Canada’s anti-spam legislation.
This accomplishment was the result of international collaboration. Law enforcement agencies from around the globe worked together to disrupt a malware network that had infected more than a million computers in over 190 countries.
The malware’s name: Win32/Dorkbot. It sounds silly. But what it did was serious.
Dorkbot spread through USB flash drives, instant messaging programs and social networks. Once Dorkbot infected a computer, the PC could be instructed to steal passwords, install additional dangerous malware, and join other infected computers to overwhelm and take down specific servers – what’s known as a distributed denial-of-service attack.
To investigate Dorkbot, the CRTC worked in close collaboration with authorities from Europol, Interpol, the U.S. Federal Bureau of Investigation, and Canadian law enforcement groups.
Together, we were able to take down a command-and-control server located in Toronto, disrupting the Dorkbot network.
Our success in disrupting Dorkbot resulted from international cooperation. We know global collaboration is critical when it comes to fighting spam and unsolicited telecommunications.
We heard that from participants in the Bangkok anti-spam workshop. And we have seen just how internationally spammers and illegal telemarketers operate.
That’s why we continue to strengthen our international ties. The CRTC has signed memoranda of understanding (MoU) with organizations beyond our borders, to help make our approach to unsolicited communications more global and more effective.
In 2016, the CRTC signed an MoU with the FTC in the U.S. The agreement relates to unsolicited telecommunications, unsolicited commercial electronic messages – spam – and other unlawful electronic threats.
Also in 2016, the CRTC signed an MoU with the FCC in the U.S.. This agreement enables the CRTC and the FCC to facilitate research and education related to robocalls and illegitimate caller ID spoofing.
The organizations have also committed to sharing knowledge and expertise through training programs and staff exchanges, and to inform each other of legal developments in their respective jurisdictions.
Just a few months ago, the CRTC signed an MoU with the New Zealand Department of Internal Affairs to fight spam in both countries. The agencies have committed to sharing information and intelligence, where permitted by the laws of each jurisdiction.
The CRTC is also one of 11 enforcement agencies – members of the UCENet – that have signed a memorandum of understanding to share information and intelligence.
Other UCENet signatories include ACMA, the FTC and FCC, the U.K.’s Information Commissioners Office, Korea Internet & Security Agency, Netherlands Authority for Consumers and Markets, the Department of Internal Affairs in New Zealand, and the National Consumer Commission in South Africa.
These organizations have committed to sharing knowledge and expertise through training programs and staff exchanges. We will also inform each other of legal developments in our respective jurisdictions.
The MoU provides a clear framework that demonstrates a strong commitment to cross-border cooperation, thereby strengthening the fight against a global problem.
Such a development sends a clear message to those responsible for fraudulent or malicious messages and calls: bad actors cannot escape enforcement attention, and the interests of citizens are being protected.
The CRTC’s new MoU with ACMA
We continue to look for new ways to improve international collaboration. And in fact, we are doing just that here in Australia. The CRTC is signing an MoU with ACMA.
In this new agreement, the CRTC and ACMA agree to share information to enforce compliance, to share research related to unlawful telemarketing, and to discuss the economic and legal conditions relevant to enforcing spam and telemarketing laws.
This new MoU is yet another example of cross-border collaboration – a necessary measure to curtail the international anti-spam and illegal telemarketing problem.
These measures represent important collective actions to strengthen enforcement capacity, and to build robust, flexible policy to combat unsolicited communications.
The commitment to continued collaborative discussions, the involvement of the private sector, and the mobilization of global resources like the UCENet are key pillars in advancing our common agenda.
These MoUs, as well as last year’s Bangkok conference, are a good starting point. More work is needed.
But fundamentally, addressing this challenge requires dialogue. Regulators, policymakers, service providers and enforcement agencies must improve their ability to share information, learn from one another and focus on the common goal of reducing threats to our global communications system.
We encourage regulators, policymakers and other stakeholders to identify their roles in successfully combating this challenge. The CRTC looks forward to advancing this dialogue, together with its partners.
Toll-free: 1 (877) 249-CRTC (2782)
TTY: (819) 994-0423
Ask a question or make a complaint
Report a problem or mistake on this page
- Date modified: