Most people try to distinguish between things that are good and things that are bad. Yet the framers of the federal government’s Electronic Commerce Protection Act have somehow failed to make such distinctions. In aiming to crack down on spam and other online afflictions, the act, now in second reading, treats all computer programs that operate over the Internet as inherently bad. And that could be very bad for the rest of us: the bill is “so broad that it will actually chill Canadian businesses,” says Barry Sookman, a partner at McCarthy Tétrault.
That might be putting it mildly. Whether we even need an anti-spam bill is debatable, yet most major countries have one, and Canada is known as a safe haven for malicious code senders. But the feds appear to have cobbled together bits and pieces of legislation from around the world, without putting in appropriate countervailing measures. For example, Section 6(1) of the act prohibits sending a commercial electronic message to an electronic mailbox unless the recipient has expressed or implied consent. Sounds innocuous enough—except that it actually prevents new e-business or e-commerce from taking place because there is no prior relationship. You can’t even send an e-mail to someone asking them to contact you.
Another part of the act prohibits any company from installing a computer program or code without, again, first getting expressed consent. That seems OK, but many websites automatically run Flash or Java applets. That would now be outlawed. So, too, would any automatic patches that, say, Microsoft or Symantec send out, unless they first tell you exactly what’s inside the code—information hackers would love to know. Essentially, the bill would require all Canadian companies to prevent consumers from accessing their websites until they enter into a separate binding agreement consenting to each bit of code they encounter.
Most egregiously, an amendment to the Personal Information Protection and Electronic Documents Act tacked on to the anti-spam bill would allow individuals to sue companies for breach of privacy for up to $1 million a day. Currently, complaints are first taken to the privacy commission, in part because PIPEDA is so ambiguous.
All these changes will make Canadian companies that use the web—and who doesn’t these days?—less competitive than pretty much every single one of their competitors around the world. A chill, indeed.