Debate on spam became innovation agenda discussion

Charlie Angus was in full force yesterday. He took his contribution to the debate on Bill C-27 (often called the anti-SPAM bill, although it still contains anti-malware and other provisions as well), and spoke about it as one part of a larger digital agenda.

The full debate is available via Hansard, but I wanted to highlight a specific section of Mr. Angus' contributions. (Note: Debate resumes after C-50, which may be today or later.)


Mr. Charlie Angus (Timmins—James Bay, NDP):

Mr. Speaker, as always, I am very honoured to rise in this place as a representative of the people from Timmins—James Bay, and I take that role very seriously. One of the roles that I am given as a member of Parliament is to review and speak on legislation. This legislation is something that we as members of Parliament need to see in terms of a larger vision. This is not just a one-off bill.

In order for Canada to go where it needs to go in terms of a 21st century economy, we need to have a full vision in terms of the potential for digital innovation and also the pitfalls that are facing us. In terms of a large vision of where we need to be as a country holding its own and being a leader, we need to look at a number of initiatives. Earlier the issue of digital broadband access was brought up in the House. For a country that is as defined by geography as we are, to remain competitive, we need digital broadband.

The FCC report last week, which would be one of the world leaders in terms of its credibility on this issue, it says how much Canada has fallen behind. We have gone from being a world leader in 2003 to a world laggard. Anyone watching this back home does not need the FCC to tell them that we are paying some of the highest fees for Internet access and we are getting some of the lousiest service.

The FCC talks about how it is that Canada went from being a world leader in terms of making sure broadband access was happening, where just in 2003 we were the country to watch, to now being in 20th, 25th, or 26th place on various parts, depending on what indicators we look at.

The FCC points out the lack of competition in Canada. It is not pointing out the CRTC's dropping of the ball on this, but it speaks to something again that we are seeing, that when there is a very small cabal of companies that are basically now running the infrastructure of the Internet, unless there is innovation being pushed forward by small third-party ISPs, we will have a situation where development begins to ossify and that is what has happened. The FCC reports show how much we are falling behind because we are not getting that level of third-party competition from the smaller players. That is one of the elements we need to look at in terms of a larger vision.

Second is the issue of net neutrality, which plays very much into the access of broadband. When there are a few giant players who are deciding the development of speed on the Internet, we cannot have them making the decision as to who is going to be in the fast lane and who is going to be in the slow lane. There needs to be a sense that, in order to have development on the Internet, net neutrality is a key cornerstone. This is not a principle of the so-called computer geeks. Talk to anybody in business and they will say that if they cannot get fast access, they are going somewhere else. They are very concerned about deep packet inspection, for example. They are very concerned that when they put information through VoIP, or through BitTorrent, it could be unfairly slowed down. So that is the second element of an innovation agenda that we need to look at.

The third part of an innovation agenda is upgrading our copyright laws to the 21st century to ensure that we are moving forward and encouraging innovation and encouraging new ideas that may threaten some existing business models, but the only way we are going to have innovation is if we bring our copyright laws up to the 21st century agenda. I spend a great deal of time on the copyright file and I can say that we are finally at the point where we are agreeing that trying to implement laws that would work in 1996 is not going to get us anywhere. We need to be enacting laws that will bring us into the next 20 years.

The other element in terms of a digital strategy is dealing with the irritant factor. That is how most people see spam. They see spam as an irritant. It affects all of us. Every time I go on my computer I have someone offering to sell me a product that is going to make certain parts of my body much larger than they otherwise would be. I think my ears are large enough as it is. I do not need any help, thanks very much. Nonetheless, they will not leave me alone. They are always offering to sell me real estate when I am still paying for the house I bought many years ago in northern Ontario. I could have used the help then, but I certainly did not need the help of spammers.

We laugh about the silly and stupid things we come across in spam day after day, but we need to see the effect that it is having in terms of not just our ability to do our work but the very nature of the threat it is posing to average citizens. Spammers are very tied into a growing level of Internet fraud. They undermine confidence. We do not want to go to a website and leave our email information, because we do not want it to be taken and misused.

If we do not have confidence, it undermines our ability to move forward. Certainly the issue of spam is very serious. Canada has been singled out as the only G7 country without spam legislation. That puts us in a really bad light, because spammers will use our jurisdiction to push for spam. It is all well and good to say that we will get the emails of the spammers and hunt them down. If anybody has ever tried to track one of them down, they know that these emails do not go anywhere.

What ends up happening is that there is a much more insidious move afoot. They move very quickly in terms of their technological innovation. They do not send the spam from a home computer, so they cannot be tracked. They use a number of techniques to basically act as a parasite on other messages going out, to the point where they can actually take over a person's computer without the person using it and download malicious software. They create these zombies or bots.

The threat to privacy and innovation and the threat of fraud become compounded on a massive scale. This needs to be addressed and taken seriously.

For example, just last year, the U.S. came down with some of the heaviest attacks on spammers. I was referring earlier to May 31, 2007, when they went after Robert Alan Soloway. They charged him with 35 criminal counts, including mail fraud, wire fraud, email fraud, aggravated identity theft and money laundering. Prosecutors were alleging that Soloway was using these zombie computers to distribute spam across wide networks.

I will give an example of how this plays out. It is classic in terms of the development of the Internet. The greatest strength of the Internet is the ease with which one can get information out there. Of course, the greatest threat is the ease with which spammers can undermine it.

We can talk about the famous Nigerian 419 scam. Back in the day when the fax machine was the most exciting cutting-edge technology and I was working at a northern magazine, we used to get these emails from this guy. He was a former colonel in the Nigerian army. He was being held prisoner. If only I could send him $500, he would send me $100,000. It was very crude. It cost them money every time they sent that out. It went on a fax machine. It made tracking these guys a lot easier.

The 419 scam was a very marginal scam in the 1980s when it was first developed in Nigeria. It is interesting that Insa Nolte from the University of Birmingham said that the development of email turned the 419 scam from a local fraud to one of the largest export businesses in the country of Nigeria. That is how effective it has been.

For every million people who click delete, one person in a million might respond. That is how the fraud happens. I am sure that my colleagues here can tell similar stories, but I am now starting to see email requests for help coming much closer to home, where similar last names of family members of constituents and local references are being used.

This comes from the trolling of information that has been enabled under these massive networks of zombie computers. They can track and pick out names from the email traffic. They are picking out bits of stories and they are able to tailor the stories of personal need and personal threat. My daughter received one yesterday from someone who she thought might be a student who was lost in London. They had two or three key pieces of information about her and she could not figure out how they got that.

That is the kind of computer fraud that is now being perpetrated. Again, many of us will click through and delete. The problem is that there are enough people out there who will respond. So we are looking in terms of basic computer protection and basic civic protection. We need to do that.

However, we need to look at it in a larger area, in terms of what basic rules we are going to put down so that developers, innovators and citizens can use this wonderful new medium that we have, without fear.

I think some of the basic provisions in Bill C-27 are fairly straightforward. We should be asked for consent before any computer program is downloaded on our computer. That should be basic. The idea that spyware could be put into our computer without us knowing should have criminal consequences. We know, for example, there are various forms, such as Trojan rootkits. Sometimes legitimate companies think that by being able to put this spyware into our computer it is going to protect them. But it does not. It undermines consumer confidence.

I just have to refer to the famous Sony rootkit disaster, where Sony decided that on its CDs it was going to put spyware and not tell the consumers. Consumers were buying these CDs, thinking they were buying a piece of music, putting them into their computers, and their computers were crashing and they could not figure out why. It turned out that Sony, one of the biggest entertainment companies in the world, had put in the spyware thinking it was going to go after copyright infringement and what it did was undermine its credibility in the marketplace to a great degree. Companies should never have been allowed to think that kind of move should have been able to take place. No citizen who buys a CD or any computer product to put into his or her system should have to worry that there is spyware in there.

So the issue of asking consent before any computer program or any spyware is put into our computer is a very reasonable provision and a necessary provision.

I think the other thing we need to speak to is that companies cannot take personal information without consent. That is another primary element of the Internet. When we go on the Internet and we go to a website or when we respond to email from someone we might not know, we want to know that our records on the computer, our data on the computer, is not being accessed, and that when we go to a website our information is not being passed on to someone who is then going to come and try to sell us some kind of scam product that we do not want.

If we do not have that assurance, it starts to undermine the ability of consumers and companies to make the most of what they need to make the most of in terms of moving forward.

Earlier a Liberal colleague said he was worried that this was a big hammer that was going to shut down business, and we know there was certainly a big backlash against the Liberals when they seemed to be led around by the nose by some lobbyists on watering down provisions of this bill.

I have looked at the provisions and I have looked at what the Liberals were trying to sneak through, and I do not think it is in line with the 21st century digital innovation agenda. Fortunately, the Liberals are not in the position to run a bill like this, where they would be able to undermine it and ensure that the corporate lobbyists got their way. There are citizen provisions that have to be addressed and this bill is looking at that.

It was the Liberals who wanting to limit the scope on spyware. I am astounded by that. I do not know if they think it is okay to spy on my computer, but I certainly do not think it is. And I, as an average citizen or a legislator, would not support that they wanted to exclude surreptitiously installed DRM from the gambit of the bill.

Once again, when I go to a website or when I respond to an email, I do not want to have to worry that some company thinks it is okay to bury mechanical means for spying on what I am doing.

I was surprised by my Liberal colleagues on this bill, but I think there was certainly a large backlash, because the consumer public is very aware in terms of where we need to go with a digital agenda. So I am glad to see that we have moved forward with all parties on this bill.

The bill only addresses commercial electronic messages. This is not an attempt to shut down individuals who maybe want to do mass emails to their friends and to their friends' friends. There is no provision in the bill to go after people who send out those emails. Personally, I find those emails rather irritating. I do not think I have ever reached the bottom of one of the long lists of cc and cc and cc. I do think it is okay for individuals to do that. The question here is electronic messaging for commercial use. That is the main focus of this bill.

A personal relationship, a family relationship, a pre-existing business relationship would not be stopped. Companies would still be able to send information with respect to previous business dealings, such as someone buying software or something from a company.

I ask the simple question: What is the problem with asking the person for consent to continue? I do not see that impeding in any manner. If I purchase goods and I develop a relationship with a company, that is perfectly fine. But I want to know that my Parliament and legislation will back me up if I am not interested in receiving mass emails, that I can say I am not interested. That is not an unreasonable situation. Contrary to what the Liberals are saying, it is not going to grind business to a halt in Canada. It might if we were still back in the age of the fax machine, but this is certainly not going to grind innovation to a halt.

We worked at committee on this. This is a big bill. We had to look at many areas in terms of ensuring that spam legislation would actually address the problems. I am hopeful that this is the proper first step because we need to start addressing this.

We need to address this in terms of lost potential. We need to address this in terms of interference with competitiveness. We need to address this in terms of fraud. We need to address this in terms of the fundamental issue of consumer rights.

Our computers should not be open to some third party that we do not know, a third party who could be dropping spyware into it, or using it to send out harassing emails, possibly fraudulent emails. When we are plugged into the web, we should not have to worry about what is going to come back down the pipe that we do not want.

Bill C-27 takes some steps toward addressing that. Does it do everything that is necessary? I do not think that is possible at this point. We are going to have to amend and change it as we go because the Internet changes quickly, fraudsters change quickly. We have to run just to keep up as legislators, but this is a good first step.

I am proud of the work of my colleague from Windsor West who worked on this bill at committee. We will be supporting it as it goes ahead.