Canada’s antispam enforcer ready to fight

The woman who will enforce the country’s new antispam legislation has given a clear warning to service providers and businesses that she won’t be trifled with.

Canada has a bad reputation for hosting spammers, Andrea Rosen, chief enforcement officer at the Canadian Radio-television and Telecommunications Commission told the Canadian Telecom Summit on Wednesday, “but that’s not going to be the case much longer.”

Passed in the last session of Parliament but yet to be proclaimed, the act carries a maximum penalty of $1 million for individuals and $10 million for companies that distribute unsolicited email or malicious botnets.

While law protects service providers that are unknowing carriers of spam, Rosen noted that providers usually partner with email distributors and warned them that “willfully turning a blind eye to practices that facilitate abuse is not an excuse. Nor is it a free pass from an investigation.”

If a provider or enterprise has a problem of controlling of email her office will help develop a plan to fight spammers, she said.

“We have the tools to find the spammers wherever they’re hiding [in Canada] and the power to shut down their operations.” That includes power to get search warrants restraining orders and injunctions.

Under Bill C-28, consumers have to give their consent to receive unsolicited email.

Rosen said one organization has estimated Canada is the source of $3 billion of the $100 billion in spam-related fraud and privacy breaches around the world.

She said the commission has recently finished hiring enforcement staff for prosecutions and a computer lab for investigating spam.

She also said the CRTC will work with the federal privacy commissioner and the RCMP, as well as businesses and service providers to stamp out malware.

While cracking a whip, Rosen also sent a message to those who want to avoid prosecution by facing the music.

“Those who walk through our doors first will be treated with more leniency than those who wait for us to show up at their door,” she said.

To quality for leniency, she added, her office will need a full and frank exchange of information.

“Anyone not part of the solution will be considered part of the problem, and I assure you we will go after them.”

Rosen hopes the law will come into effect in the fall.

She was a member of a panel discussion on privacy, which also heard Prescott Winter, chief technology officer of Hewlett-Packard’s ArcSight risk management products division, complain that enterprises don’t take security seriously enough.

The digital economy won’t grow without security, he said, but too many chief executive and chief security officers admit to him they’re not doing a good enough job closing their networks to attackers.

“You can’t protect what you can’t see” on your networks, he said. “You’ve got to be able to see who’s on the network, how to put sensor in place to see where your adversaries are coming in, which pathway they’re using, whose account are they using.”

Just as important, he added, is the company or service provider has to have a security policy linked to the business plan. “Technology without policy goals and risk management frameworks is, quite frankly, dumb.”

“It’s an organizational challenge, an operational challenge, it’s a technical challenge, and most organizations are failing miserably on those scores.”

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now