News

How effective is Canada’s anti-spam legislation?

 | April 5, 2011

The Canadian government recently passed an anti-spam legislation to decrease the number of spam messages you receive in your inbox.

Bill C-28, also known as Fighting Internet and Wireless Spam Act, aims to do that by prohibiting companies and businesses from sending out unsolicited e-mails.

Spam, or unsolicited e-mail messages, is more than a source of annoyance.

“Spam is the stuff we don’t want, the advertising we don’t need, but also from a malware perspective, it’s a security risk,” said Jim Gilpin, McAfee Canada’s consumer manager and security specialist. “It can pack malware. It can drop little bots into your computer that may one day take over or may access something in your PC.”

According to the act, businesses and organizations must receive explicit, or have implicit, consent from recipients before including them in a mass mailing list. Messages must also include a link so people can unsubscribe from the list if they wish to.

This legislation applies to other types of unsolicited electronic messages including text messages from cellphones.

“The biggest problem I see in this bill is that, if a criminal wants to send spam, they’ll still do it,” said Gilpin, adding that malicious websites come and go, making them almost impossible to track.

According to Cisco’s 2010 Annual Security Report, while spam is down globally, it’s on the rise in developed countries abroad. This means that while this act may help reduce spam coming from Canada, people will continue to receive unsolicited messages from overseas.

“Most spam comes from abroad,” Gilpin explained. “We did a malware report a few months ago and most of the stuff came from places where it’s easy to set up a malware site and it’s easy to take it down. And that’s why this kind of stuff is pounded out by the millions. A lot of this stuff may happen in a small African country like Cameroon, and in Canada, how do we really track that?”

“The other thing I see in this bill is how it applies to individuals and businesses. Sometimes you may opt in for something and you didn’t even know you did it. Those are the sorts of things that I think people are going to have challenges with,” he added.

The good news? Managing spam is as easy as doing your due diligence.

“You need to make sure you have a really good security program running on your computer that encompasses antivirus, firewall—just the basics that we all should have anyhow,” said Gilpin. He said many reputable products come with good anti-spam software that consumers can use. Gilpin points out that though these softwares won’t eliminate spam, they’re helpful in reducing spam to a manageable level.

Another tip is not opening e-mails from an unknown sender.

“If you see something you don’t know in your e-mail inbox, don’t just click on it anyhow. Make sure where the stuff is coming from. Is it something you’ve signed up for?”

Canada’s decision to pass an anti-spam act follows an international trend. Cisco reports that “governments seem to place a greater importance on taking a leadership role in fighting spam, and are setting aside resources for anti-spam efforts.” Germany, for example, sets aside funds for the public to clean up infected computers.

The act also states that companies cannot install programs in consumers’ computers without consent and that if companies outsource their services to companies abroad, the Canadian company must ensure the foreign company abides by these regulations.

The act will be implemented by the Canadian Radio-television Telecommunications Commission (CRTC). The penalties for non-compliance are up to $1 million for individuals and $10 million for businesses.

For more information, visit www.ic.gc.ca.

Comments