Skip to main content Start of content

INDU Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content

House of Commons Emblem

Standing Committee on Industry, Science and Technology



Tuesday, October 31, 2017

[Recorded by Electronic Apparatus]



     Good morning everybody. Welcome to meeting 80 of the Standing Committee on Industry, Science and Technology as we continue our review of the anti-spam law.
    Today for the first hour we have, from the Department of Industry, Christopher Padfield, director general, small business branch, small business, tourism and marketplace services, and Mélanie Raymond, director, office of consumers affairs.
    Thank you very much for joining us today. You have up to 10 minutes.
    First, Mr. Chair, thank you for inviting us to appear before the committee. As you said, my name is Chris Padfield, and I am the director general for the small business branch within the small business, tourism, and marketplace services sector at Innovation, Science and Economic Development Canada. I am joined here today by Mélanie Raymond, who works in my branch as the director for the office of consumer affairs.
    You have heard from my colleagues Mark Schaan and those at the CRTC and the Office of the Privacy Commissioner, and will hear during the next hour from the Competition Bureau, about their responsibilities for the policy, oversight, and enforcement of CASL. The office of consumer affairs works with all of them to build awareness about the legislation among Canadian small businesses and consumers.


    Together, we help inform consumers to make safer electronic transactions and engage with confidence online. Being better informed, for both consumers and businesses, means being in better control of their activities online and minimizing their risks of unsuspected problems.


    As you may know, one of the vehicles to raise consumer and business awareness is the website “”. From the beginning, has aimed to provide information to consumers, businesses, and organizations on how to protect themselves from threats, as well as provide tips for contacting clients electronically. In a dedicated section on the site, individuals can educate themselves about spam and the risks associated with it. They will find information on how to protect their computers and devices from malware, ransomware, and viruses when downloading software or accessing free Wi-Fi Internet networks.


    Consumers can also learn the steps to take to recognize spam and how to contact the Spam Reporting Centre to report it. They are also alerted of recent spam warnings and notices from the CRTC, the Office of the Privacy Commissioner, and the Competition Bureau.
    The website uses a variety of means—including a mobile protection toolbox, a quiz, FAQs, and infographics—to convey CASL-related information. Canadian consumers thus learn to make more informed decisions about what type of e-marketing they wish to receive and what they allow to be installed on their electronic devices.


    There is also a dedicated section on for businesses and organizations to protect their information and understand their responsibilities to comply with CASL. Through a video, webinar, quiz, and infographics, businesses learn the importance of getting consent, providing information, and offering the option to unsubscribe when sending commercial electronic messages. Businesses and organizations can also find tips on how to protect their information and how to report spam. They are also alerted to recent enforcement actions taken by the agencies responsible for enforcing CASL. This information is complemented by links to the three enforcement agencies' websites and other resources, such as a glossary and information bullets.
    Finally, is the gateway for reporting suspicious emails and activities to the spam reporting centre for the attention of the three agencies responsible for enforcing the legislation. With more than 1.5 million visitors since its launch in August 2011, can be deemed as having been an effective means of reaching out to Canadians.
    In the first two and a half years, the site received almost 4,000 visitors monthly, until January 2014. At that point, consumers and businesses started consulting in ever-growing numbers to understand what CASL meant for them. The first five months of 2014 saw close to 120,000 visitors, or the same number of visitors as in the last 27 months or since the site's launch. Not surprisingly, Canadians became really interested in finding out more about the law closer to its implementation. In the following two months, including July when the law came into effect, some 415,000 visitors consulted the site.
    Since then, has been an important source of trusted information for about 25,000 Canadians every month, individuals and businesses alike. So far this year, close to 270,000 visitors have already consulted the site, which is consistent with the previous two years. This tells us that the tool remains pertinent and useful.


    Thanks to the law and more sophisticated protection technologies, such as virus detection software and spam filters, consumers receive less spam today. And as the number of visitors to the website suggests, Canadians are seeking information and taking action.
     We are encouraged and motivated by these numbers. We continue our awareness efforts and media monitoring to get insight on how awareness efforts impact the dissemination of CASL-related information, all with the goal to improve our activities and broaden our reach.


    To maximize our impact, our communications approach is, and has always been, positioned within the greater efforts of informing Canadians about the benefits and opportunities of the electronic marketplace. Activities related to spam and CASL are an important part of our broader efforts. These efforts aim for consumers to have the information and tools they need to safely and confidently participate in the online marketplace, which also benefits Canadian businesses and the economy. They include raising consumer awareness around cybersecurity and fraud, which includes ID theft prevention. This awareness messaging is complementary and amplifies the messaging for CASL.
    We leverage our other communication channels, in particular “Your Money Matters”, the social media channels for the Government of Canada's money and finances theme. We have regular Facebook and Twitter posts specific to CASL, explaining how to protect electronic devices from malicious software, how to give or refuse consent to receive marketing emails, and how to report spam.
    We also have weekly posts about cybersecurity or fraud focusing on fraud protection, privacy protection, and scam alerts such as phishing scams. Since our Twitter channel went live in January of this year, we have shared more than 350 English and French tweets from partners—the Office of the Privacy Commissioner, the Competition Bureau, and Public Safety Canada—on CASL and issues related to cybersecurity awareness. We also actively support and promote every year Public Safety's cybersecurity month in October, and the Competition Bureau's fraud prevention month in March.
    We also reach out to vulnerable populations, such as seniors, who are the target of fraud and scams, including malicious software. For example, between 2014 and 2016, Canadian seniors were victims of fraud, including phishing and identity theft, that translated into almost $28 million in losses. To be effective, though, we must use the right communication channels. Police departments around the country, for example, regularly ask us for hard copies of our informational leaflet on ID theft so that they can hand out important safety information, particularly to seniors who may not be online.
    While enforcement agencies will continue to lead on compliance and enforcement, we continue to work to make sure that Canadians feel empowered and safe online.
    Thank you very much.


    Thank you very much.
    Before we move on, I was remiss in my duties. We have a new analyst with us, permanently now I think, or at least for the next little while. Everybody, please welcome Sarah.
    Voices: Hear, hear!
    The Chair: Now we can actually get some work done.
    Voices: Oh, oh!
    The Chair: We'll move now to Ms. Ng for seven minutes.
     Welcome, and thank you both, Mr. Padfield and Ms. Raymond, for attending today and for sharing your perspective with us.
    I have a couple of questions about the efficacy of CASL, and particularly around consumer protection. You talked about the website and some of the tools to help people understand something about CASL and how they might be protected. How is it working? Are you doing any outreach other than what you've talked about, which is the website and some of the sharing with local law enforcement? Does more work need to be done from a consumer protection standpoint, from your point of view, to help people understand and then help protect themselves?
     It's really interesting when you look at CASL and the framework we have with the three enforcement agencies. You met with my colleague Mark Schaan, who has the policy responsibility. Awareness-raising around cybersecurity, with CASL being a key part of being cyber-aware, is not just for one entity to be doing. Each of the enforcement agencies plays an important role in raising awareness around how they're enforcing the law when it comes to small business and what they're doing to protect consumers.
    At the same time, we're providing kind of a broad, centralized point for it. When this first came out, it was a brand new piece of stand-alone legislation. The thought was to bring the office of consumer affairs in to help raise awareness of the overall piece of legislation as we go forward.
     Of course, being aware of CASL isn't the first and foremost way for consumers to protect themselves. If you look on our web page and our Your Money Matters page, we try to raise a lot of awareness about basic cybersecurity—I think right now it's cybersecurity month—just making sure that consumers are aware of protecting their passwords, protecting themselves when they're online.
    We have a blend of things, not just that if you think you're being spammed to make sure you're reporting it to the spam reporting centre, but also how to take proactive activities to prevent yourself from getting spammed in the first place, to highlight for yourself when you think you might be subject to a phishing attack or some other thing. It's broad. As I was saying, it's not just around us, it's also around consumer organizations reaching out to Canadians, around police forces reaching out to Canadians. Our colleagues at Public Safety have the “Get Cyber Safe” Facebook page. It's really about broadly raising awareness.
    We brought copies of some of those pamphlets. They were saying that the police were really interested in them. If you want to show them to your constituents too, we'd be happy to leave them at the end.
    What is your department's role in making sure there is that coordination? I agree that it isn't just specific to CASL; it is a general overall awareness. What role do you have? Is there an opportunity for more proactivity, particularly if a number of seniors who are subject to getting spam and being defrauded and that sort of thing? What more can you do?
    That's where we look for partnerships with our colleagues in the Competition Bureau, and others. March is anti-fraud month, and we try to leverage the activities that they're doing to raise that awareness and spread it out as best we can. Again, it's a multi-channel effort, because you never know how a senior is going to get into learning about what you're doing, or about the law, or what have you. We try to leverage as many platforms as we have.
    We keep our website, but also we have our Facebook page for Your Money Matters, and we bring up thematics regularly on that page. We also try to leverage other activities that our colleagues are taking on where they're trying to take a more focused, targeted effort on, for example, fraud prevention month or cybersecurity month.


    Do you think there are parts that are lacking that should be augmented?
    I think it's just raising general awareness about cybersecurity and being cyber-aware as a broad issue. I'm not sure there are particular issues for us to raise more, but I think as much as we can constantly...whether it's in schools at the young ages, making children cyber-aware, there is an ongoing need for us to make sure that everybody is being cyber-safe at every age.
    But is that what you guys do in the department in terms of that collaboration? Can you give me a practical example? When you say you're partnering, how do you reach out to those partners? Are they organizations that then work in different jurisdictions into the communities? Just give me a sense of how that partnership or collaboration takes place.
    Within the enforcement agencies around the CASL organization—you met with our policy colleagues—we have a broad communications working group at the director level that shares planning for how we're going to reach out in the communications. Some of those organizations are going to have a deeper reach than we will into some of the communities they'll be reaching out to, and that's why we're partnering with them as best we can.
    We heard from other witnesses about the need to do some greater definition around consumer electronic messages. Can you give us your perspective on whether a greater definition or description of a CEM would have an impact at all or be helpful in your organization?
     Clarity is always helpful when it comes to communications. If I reflect back on some of the commentary you heard from some of the witnesses so far, I think you heard a balancing between the potential consumer impacts that CASL has had so far in terms of minimizing spam and some of the activities that the digital technologies have had. Also, I think you heard from some of the industry advocates around moving from less complexity to more simplicity, perhaps less prescriptive to more principles-based, and an opportunity for increasing clarity.
    Again, I'm not the policy shop. When it comes to the communications pieces, it's always a challenge for us as part of our role in this because we can't give enforcement advice and we're very careful about that in our role. We have to be really careful. If a Canadian business or a consumer came to us asking if this was against CASL, we would defer them to the appropriate enforcement agency to make that determination. It's very challenging for us to be making any kinds of determinations, because we don't want to cause any confusion. The folks who make the interpretations and enforcement of the law are the actual enforcement agencies. We're really just here to help raise awareness of the whole piece.
    Thank you.
    We're going to move to Monsieur Bernier.


    You have seven minutes.
    Thank you, Mr. Chair.
    Mr. Padfield, thank you for your presentation.
    You said that consumers today are more aware of the issue. They have access to software so that they don't receive spam.
    The effort to fight spam is said to be going well in Canada. Why do you think that is? Does it have to do with the fact that CASL exists or the fact that new anti-spam technologies mean that Canadians are receiving less spam? Is this success due to the legislation or the development of anti-spam technologies?
    It's hard to say. I think it can be attributed to both. The reason the act includes a three-year statutory review requirement is precisely the rapidly changing nature of technology and the digital economy. Two elements have to be assessed: the legislation and the technology. I can't say whether one has a greater impact than the other, but I think that the two together make a difference.


    You are, according to your title, the director general of the small business branch at Industry Canada. Did you evaluate the impact of that legislation on small businesses concerning the cost to be in compliance with the legislation? Do you have any study about that?
     That would be the folks who are doing the policy shop. I think Mark Schaan and the other group that presented earlier provided you with some materials that they've done in terms of the analysis. We have not done a specific small business analysis. Of course, all of that would have been done originally in the regulatory impact assessment that would have accompanied the regulatory framework that was advanced.


    Some witnesses told us that we must clarify the spam definition in the legislation. They told us that the goal of the legislation is very wide, very open, and it could be a little more narrow. What do you think about that? Do you think it would be a good idea to have a definition that would be stricter, with less...with a definition of spam, in commercial use, that would be more friendly for entrepreneurs to be able to do their marketing?
    I think I'd leave the policy details to my colleagues in the policy space. You've heard that balance between the witnesses, I think, talking to both sides and the effectiveness to date about the minimizing of some of the spam. I think if you look back to what your witnesses had indicated, there was a desire from a number of the industry sectors for greater clarity in some spaces. But I'd leave it to my policy colleagues to provide you some details on how that would impact that.
    We just received the information about the legislation, and you have tried to inform Canadians about that legislation and what to do against spam. Do you think these marketing tools are very useful? Is that on your website? What are you doing with that?
    As we said, there is the web page but we've also been reaching out. I think we've given out about 3,500 of these so far this year to different police departments to reach out. We want to make sure that people are informed about spam and their identity theft pieces. Largely, our efforts are focused around social media and around our website.
    In your function as director general of the small business branch, did you receive any complaints about the legislation at your office?
    No. I have not had any direct complaints. When I'm talking with small businesses, their focus is more on access to capital, access to talent, and access to markets. Those are the issues they generally speak to me about. If business owners are sophisticated enough to know about spam, they're generally reaching out to the enforcement agencies, either from an enforcement perspective or, if they are looking for changes to the law, they would be reaching out to my colleagues in the policy branch, seeking their views there.
    So you're in charge of access to capital. I want to ask you a question about the reform the government did on small business taxes. Did you receive any complaint about that kind of reform?
    Yes. In your department you deal with business people who want to raise money and have more money to invest. Now the government is taxing them.
    Tax is the purview of the Minister of Finance and that department, so I leave it to them.
    Oh, you're good.
    Voices: Oh, oh!
    Hon. Maxime Bernier: I want to share the time I have left.
    Matt or Jim?
    You mentioned that the website includes mobile protection, a tool box, a quiz, FAQs, and infographics. You said that a number of people visit the website. You seem to have numbers on the number of visitors and the pieces of literature you have given out, but is there any analysis on whether this is effective? I was puzzled to hear that there's a quiz on the website. I've never used the quiz. I'm curious to know whether that's something that's effective in getting the word out.
    On the quiz, if you've never heard of anti-spam legislation, you're a new business, and you just decide you're going to send out emails to prospective people who you think might be interested in your business, the quiz gives you a sense in simple terms of the things you need to think about before you start emailing your clients.
    Do you have the numbers on how many people are using the quiz?
    I don't have them in front of me. We can see if we can dig them out and provide them to the committee.
    I think visiting a website is one thing, but ensuring that it's useful for people is another.
    Again, our website is a gateway to the enforcement agencies. If you're looking for enforcement information about being in compliance, or how you can best comply, that's where you want to be reaching out to the enforcement agencies to get that kind of detail.
    We're really a conduit, mostly for basic information for consumers—giving a small-business owner or business owners a general sense of the kinds of questions they need to ask themselves, then providing them that gateway to the spam reporting centre and to the enforcement agencies so they can reach out to them for clarity.


    Thank you.
    Mr. Masse, you have seven minutes.
    Thank you, Mr. Chair.
    We've received a lot of terrible testimony, to be quite frank. We've had testimony about little girls not being able to run lemonade stands for fear of persecution on them. We've had cousins not being able to contact cousins. We've had basically a complete meltdown of communication in some business communities, according to some of the testimony provided here.
    What can be done better with regard to the concerns expressed by those who are trying to understand how to actually do electronic communications better without engaging, I guess, a private sector business to do so? Can improvements be made to this through amendments? Or can it be done through regulations or improved public coordination or efforts from the department, either more resources or focus to assist small and medium-sized businesses that might still find compliance daunting?
    Just to clarify my role, those questions are better to loop back to our folks responsible for CASL in the legislative piece. Our role is more around the awareness-raising piece in how we can promote compliance.
    In that, do you have the necessary tools to bridge that gap? From what we're being told from small and medium-sized businesses, in terms of what you're capable of doing for public awareness and coaching those small businesses that perhaps don't know the specific clauses in regulations or legislation.... That's what I'm looking at. Can we narrow that gap between those who perhaps don't want to spend the money on hiring a third party to be compliant?
    When I talk about the awareness-raising being multi-faceted, it's not incumbent just on us for making sure that every Canadian is compliant and aware. I think you met the Chamber of Commerce here. I know they spend a lot of time with their members making them aware, making sure they understand the basic tenets of the law, and that they need to be aware that it's there.
    We look to a lot of those partners across the country to help raise awareness, as any law would, about how a business should be helped to be compliant and what they need to do to take action to make sure they are aware and understand the legislation.
     We're trying to the close the gap here. If there is a legitimate argument to be made on CASL, it's that it's very complicated and difficult for some businesses to be able to use electronic messaging and marketing in an effective and responsible way. They have to engage another party, a third party, for a business to do so, and then there are extra costs and so forth.
    My question is, does the department—especially for tourism—in looking at small business, have the resources and the capabilities, and was the budget increased, as this was incurred over the...? This is one of the reasons I asked for the three-year review, because it's a legislative part. It's in the legislation to have that three-year review. Are there resources allocated there to help bridge the gap between those who want to comply and don't?
    Again, I haven't found evidence of CASL being that credible—when we hear about the lemonade stands and stuff like that. If you're going to spend your time to come here and say that at committee, then it really says something about your other testimony, in my opinion. What I want to get to at the end of the day is what we can do to close the gap of the legitimate concerns. Does your department have the resources necessary to do so, if there's an enhanced campaign to do that?
    Yes, I wouldn't say we were constrained at the moment in terms of raising awareness of it. There's a broad issue around enforcement and understanding of law from any business on any law. On CASL, I wouldn't say there's anything particularly outstanding compared with any other law in terms of awareness-raising.
    We find that the web page, with however many hits it's getting a month, seems to be getting a fair amount of take-up, and it gives that basic information for people to be aware.
    In terms of the complexity issue, you get multiple views from different folks, as you have from your witnesses and their testimony here, about how far you can go in terms of clarifying without diminishing the impact the law has for consumers.
    That's an easier fix than, say, fixing the law. We have to do a report here. We have to send it back, the minister looks at it, and then eventually he has to table legislation, whether it's through legislation or amendments. It can take a long time versus if there was better coaching and resources available to close the gaps. There were some legitimate concerns raised by, for example, businesses not understanding it. I think that's what we have to come to a conclusion on very soon.
    I know that, as New Democrats, we're not looking to scrap CASL. In fact, I don't have people clamouring from the business community or from the general public wanting more spam, unsolicited electronic messaging, or extra viruses. Security provisions, privacy, all those things, are even heightening at this point in time. There are even questions about deviating from the private right of action and others.
    At any rate, I guess my concern is whether or not the department has the capability to help meet some of those concerns we have that are legitimate, and that's understanding CASL, abiding by it, and having those supports, because it would seem to me that, if we are going to have some changes in the meantime, waiting for the legislative review is going to take very long, and it's very onerous. The regulatory review is less so, but there's still gazetting, and a series of other stumbling blocks take place, whereas immediate action could be an investment in the outreach capabilities of the department right now to the chamber and other affiliate organizations. That could be done immediately.
    Thank you.


    We'll move on to Mr. Longfield.
    You have seven minutes.
    Thanks. I'll be sharing some of my time with Mr. Jowhari.
    Thank you for coming and spending time with us this morning. We've had a lot of questions around the definition of what a commercial electronic message is, and businesses are looking for advice on whether they can send messages or not send messages. I'm looking for the interaction part on the website. I'm not seeing a lot of interaction on the website where businesses can ask questions. There are frequently asked questions on the website, but is there another place or is there another way that you're grabbing information?
    Let's say I have a question about the definition of commercial electronic messaging. How do I find the answer?
    I think that goes back to my point that we're really a conduit. A question like that would be an enforcement question, so that's really a question for the CRTC to answer. That's where we would direct them, to the CRTC. If you had specific questions about a definition like that in the law....
    We have to be very careful that we're not making any interpretations on our website. We don't want to have anything that's going to impact a future investigation by our having given some misinformation that, say, was offside of what one of the enforcement agencies would want to say.
    If a company came to us with a question along those lines, we'd direct them to the CRTC. The CRTC has done a fair amount of outreach effort. They did round tables this year, going around to meet with industry groups to explain some of the more detailed pieces like that, give their interpretation, and explain how that interpretation impacts their enforcement activities.
     What does that referral look like? Do they have a website that we can include in our report?
    The CRTC has on its website the sections basically dedicated to CASL. They have guidance documents that try to get to the specific questions that businesses might have. Also, this year, we connected them with the Canadian Business Network. They did a live Twitter chat, where they had those live interactions that you were talking about. They try to supplement, because when you go to a city, not all the businesses are in that city.
    There's always that issue of trying to reach as many businesses as possible. Whenever feasible, they do those in person, but they will also have a portion done as a webinar. The CRTC does a lot of that outreach directly to small businesses.
    Again, it's a question of the businesses coming at it from their very specific reality and they're seeking to understand how they fit within the law. That's really the interpretation of the law, and we're not in a position to do that.
    I understand that. It's just a question of how we help to educate, and your site has a lot of educational opportunities on it.
    Is your hit rate increasing or decreasing? Do you have a trend line on whether it's being used more now than in the past?
    It was fairly calm, and as the regulations were brought into force, it peaked. It has been running along at about 25,000 a month.
    Is that fairly constant?
    That's pretty constant. When the private right of action changes were made, we had a peak again because it was in the media. Whenever it hits the media we get a blip in terms of usage rates.


    I found it very helpful. I hadn't seen the site until recently. I did the quiz myself, to see where I was at.
    Did you pass or was it a crushing defeat?
    Voices: Oh, oh!
    It shows more need for education, which is why we're here.
     His lemonade stand is in trouble.
    Voices: Oh, oh!
     Exactly. And he can't talk to his cousins about it.
    I'll turn the rest of my time over to Mr. Jowhari.
    Thank you.
    Welcome to our witnesses.
    I want to specifically focus on the rate of adoption. If I understand you correctly, a number of times during your testimony you talked about being in the education process and generating awareness through various means. You talked about a video, webinar, quiz, and infographics through which businesses learn the importance of getting consent, providing identification, and offering the option to unsubscribe. You also touched on how many times people are accessing your site. The whole goal of CASL is about protection of the consumer and small businesses from unwanted emails. Through these vehicles, through these means, and through these platforms, what has been the rate of adoption by businesses such that we have fewer and fewer infractions, and the same for consumers?
    On the consumer side, your indicator is really how much they're reporting into the spam reporting centre. I think we've had 1.1 million reports into the spam reporting centre now in terms of actual submissions around—
    Has that gone down?
    That's the total since the spam reporting centre has come up.
    Over what period of time is that?
    That would be since 2014.
    Okay. Since 2014 we've had 1.1 million reports. On an annual basis, has the amount of spam reported by consumers gone down?
    I'd have to defer to the CRTC. Again, we're the portal directing them to the spam reporting centre, but it's really the CRTC that has been monitoring on that.
    So if we really want to see the rate of adoption, we should be talking to the CRTC, asking them what they have seen as a result in terms of spam.
    How about the small businesses?
    On the small business side, again I would have to defer to the folks at the CRTC for their view of the overall compliance rates. We look to the enforcement agencies to do their assessments around the enforcement levels.
    Okay. So your department is purely focusing on educating. How do you measure your success?
    As a department overall, there are two parts. As you saw earlier from my colleagues on the policy side, they are actually responsible for drafting the law and making any amendments and regulatory changes irrespective of the regulatory framework that the CRTC has. On our side, we're really focused on awareness-raising and helping to make sure that consumers and small businesses are—
     How do you measure your success?
    It's roughly based on performance in terms of the hits on our web page, for the most part.
    Thank you.
    Mr. Eglinski, you have five minutes.
    Thank you.
    I was listening to some of your answers to some of the questions that came in earlier, and I'm concerned. I think you said that since you have been in operation, you've had something like 1.2 million people on your...?
    It's 1.6 million.
    Okay: 1.6 million. That's from 2014 to now, so roughly three years.
    It's since the website was launched in August 2011. That's where you get the 1.6 million.
    From 2011 to today.
    Right. But in the first months, we had 4,000 people per month
    I want to focus on two groups. I know that you're dealing with business, but you're also dealing with consumer affairs and the public. In one of your paragraphs here you say that you “also reach out to vulnerable populations that are the target of fraud and scams, including malicious spam”, and you mention seniors. There are two areas that I think are very crucial. Seniors are a larger demographic group than youth under 18, but I'm also concerned with youth under 18. I'm concerned with both areas. Are any of the other organizations you work hand in hand with doing an education program, as you are currently doing with “fightspam”?


    Yes. The Competition Bureau runs its anti-fraud month in March every year. It does a broad campaign of awareness around fraud. It's worth—
    Since CASL came out, is anybody focusing on the vulnerable groups? Have you got any special programs out there dealing with seniors—what they should be looking for, what they should be watching for, how they contact your agency, or anything like that? Have you got anything going for the youth? I mean, kids are now using phones at a pretty young age. I don't think there's a kid in high school across Canada today, probably from the age of about 13 on, who don't have a phone with them. Are we doing anything as a government, through your organizations, to educate these young people?
    I look at my grandchildren. My daughter bought a phone for my 11-year-old granddaughter, and I don't think she really spent a heck of a lot of time telling her a lot about it. She passes her phone over to the four-year-old, and he gets on there faster than I can. He's going through everything on this phone.
    Are we doing anything as an agency—they're consumers, one way or the other—to protect them? Are we looking at any special programs to protect young people who are getting on the phone systems?
    As a senior, I do understand a little bit, but there are many people a little bit older than me, some the same age as I am, who don't understand at all, and they're very vulnerable.
    If you look at the GetCyberSafe campaign that Public Safety operates, it has various thematics that it goes through, and the anti-fraud month also has various thematics. I know that some marketing materials were targeted toward seniors. There's a fun infographic where the fellow is trying to defraud the lady and it says “grandson”; it's actually crossed out to say “grand larceny”. So there are some targeted marketing pieces through that, those two pieces around the broader issues around fraud and cybersecurity.
    When you're talking about your grandchildren using their devices, that's more of a cybersecurity issue than it is a specific issue around CASL. I know that the GetCyberSafe campaign does have a youth element to it.
    So you're focusing on seniors, but no one is really focusing on youth.
    No, GetCyberSafe does have a youth element to it.
    Are we looking at any programs through the school systems in Canada?
    That's a provincial jurisdiction, for the most part.
    So no one has thought of talking to them.
    We broadly make our materials available for everybody to use whenever they want to.
    You have about 30 seconds.
    I'll let the next person go on.
    Mr. Jeneroux, you have about 20 seconds.
    I would like to go back to Mr. Jowhari's question about the evaluation based on the number of hits on your website. Are there any other metrics by which you evaluate the success of the website? I asked you a similar question before, but I want to drill down on that.
     I think it's the blend of the website and also our Facebook page linking the two. Again, as I said, it really is much more of a conduit piece, and I think how many people are passing through from us on to the spam reporting centre is another good indicator of people who are making the follow-on links.
    Again, it's meant to be a flow-on piece where the real insights about whether people are finding value on it are when they reach out to the regulators.
    Thank you.
    Mr. Baylis, you have five minutes.
    Thank you.
    So your position is that your job is mostly awareness-raising and you're doing it for both consumers and businesses. Is that correct?
    You talked about 4,000 regular visitors and then how in January 2014 it made a major jump. What happened in January 2014?
    That's when the regulatory framework brought the law into force.
    So when it came into force on spam, suddenly there was a major jump, and you're up to about 25,000 a month now.
    Yes. It sort of peaked at 415,000 for those couple of months.
    Just those couple of months when it came in, and then it held up.
    Do you know how many of those are new visitors versus return?
    What we can get in terms of web metrics is a count of unique visitors versus visits.


    The numbers we gave you are unique visitors. You can go 30 times or 100 times in the month and we'll count you only once.
    So the 25,000 are new visitors.
    We're not able to say if they're returning from the previous month. I can just say whether in this month you've visited more than once.
    There are a number of metrics that you can have for a website to tell you how good you're doing. I assume you have them. These are things like how long someone stays on the site, for example. Do you have that?
    I don't have that with me, but we could get that.
    You could get that? Okay.
    There's something called a “bounce rate”, too. Do you know what that is? If I just come and I leave right away, it means I wasn't really interested.
    Yes: it's about how long you're on.
    If the website, the document that you spoke about, is your main teaching method, do you know how many people land at a site for consumers? There's a consumer part and then there's a business part. Do you have that as well?
    We can go back and see what we can find out.
    So there's a series of things then. You need to know your bounce rate. You need to know how many people out of that 25,000 are consumers or businesses, and how many of them are moving from your site. You said you're transferring them on. Say I'm a business person and I need to be transferred on.
    If it's your main tool, it seems to me there's a lot of information that can be pulled out of there that you should present to us.
    In terms of the delineation between a consumer and a business person, the site's meant to be user-friendly. We'd have to have them click on to say whether they're a consumer. There's no way we'd know that.
    There is a way you can assume that. We can make certain assumptions that if I'm coming as a business to find out information to make myself CASL-compliant, I'm probably not going to spend a lot of time on the consumer part. If a consumer's trying to find out stuff, maybe he's not going to spend a lot of time asking how to make their business CASL-compliant.
    So although you can't check-box it off, you can make a lot of intelligent assumptions by doing that.
    Could you please provide us that kind of information? I think it's something that you should be looking at to ask how effective, to my colleague Majid's point, the work is that you're doing.
    Now, within that, because you don't have the numbers here, if I'm coming to try to understand something.... We've heard a lot of testimony about CASL being difficult to understand. Your job is to make it understandable. Do you have any metrics whatsoever on how easy or difficult it is, through your website, to understand?
    I just want to clarify that the enforcement agencies make their interpretations of the law.
    I didn't ask about interpretation. I have it here that you say that—
    I guess the point is that when you refer to making it easy to understand, our role is really to make it clarifying...that it impacts you, and not to make it easy for you to comply. So when you talk about ease—
    Yes: you have a “dedicated section...for businesses and organizations to protect their information and understand their responsibilities to comply”. So maybe you're not making it easy to understand, but you're making it understandable. Is that fair to say?
    Right: understand that they need to—
    They need to leave your site.
    Mr. Christopher Padfield: And be able to understand—
    Mr. Frank Baylis No, they need to stay at your site, because you said it here, that they go to “for businesses and organizations to protect their information and understand their responsibilities to comply with CASL”.
    I know you keep saying that every time they come here, you just want to push them away, but you stated here it's your responsibility to help them understand. In that, we need to be able to data mine and understand what you're doing to see if this is working. We've heard from a number of businesses and different stakeholders that it's very hard to understand this law due to the fact that definitions aren't well done or whatever series of reasons.
    Now, we're coming to you to ask you guidance on that, and your answer keeps going, Mr. Padfield, that, well, we just push them on to CRTC.
     I guess to get back to my point around making the law easier to understand—
    I didn't talk about “making” the law easier to understand, but about how easy to teach it is a reflection of how difficult it is to understand.
    Very briefly.
    I guess I'm going back to the fact that we take what we can from the enforcement agencies to make a very simple assessment of what you need to understand to be able to begin to comply, but we won't tell someone whether they're complying or not. If there's a complexity issue, it's around the interpretations in the law and the law itself.
    Thank you.
    We'll move to Mr. Jeneroux for five minutes.
    Perfect. Thank you, Mr. Chair.
    I have a couple of things to clarify before I get into my question.
    You said you have a Twitter channel that went live in January of this year. Do you have what that Twitter channel is? What's the name of the Twitter account?


    The Twitter account is linked to Facebook. It's just another channel that we're using to provide the same message, so it has the same name.
    What is it, though?
    It's called “YourMoneyMatters”.
    Again, that's broader than CASL. That's a broader piece around financial issues for consumers in general.
    With these things that you've provided for us—thank you for doing that—who is the audience for this? Is it seniors? There seem to be some good messages there for seniors, for young kids as well. Is it for everybody? Do you have a specific audience?
    It's a general information piece for folks to become aware that CASL exists. Again, it's fairly unique for a brand new piece of stand-alone legislation to come into place, so it was really about making people aware that this brand new piece of legislation is in place. It has only been in force for a few years now, so it's more just general awareness-raising.
    I just pulled up that Twitter account, and you have 298 followers. I'd be curious to know who some of those followers are. Hopefully, you'll be able to grow some of that, because I think you have some important messages out there to share, and probably a demographic that uses Twitter more predominantly could learn a lot from that.
    If you have an opportunity to talk to your constituents about looking at the Facebook page “Your Money Matters”, there's a lot of great information that comes out from multiple sources that try to share there. We're really an amalgamator of some of those many agencies we talked about today.
    Yes. Well, you watch; now all Edmonton Riverbend will be following you on Twitter, so there you go.
    I want to get to the meat of what I do want to ask. Currently, as CASL exists—it would be nice to hear from both of you on this—do you think the current legislation goes far enough to protect the consumer, and in your opinion, would the private right of action add to the effectiveness of protecting the consumer?
    Again, in our department we don't provide oversight for the law itself. I think if you go back through the various witnesses you have seen, I think you heard quite the balance between some of the consumer agencies who were quite clear that they thought CASL was having an impact. But again, you heard from the business side that they might benefit from some clarity and specificity in terms of making it easier to engage in electronic commerce.
    Beyond that, I can't really speak to the private right of action. That's really for my colleagues to speak to.
    Ms. Raymond, do you have any comments?
    I don't really have anything to add. I agree with Chris, that you have heard from—
    You guys have obviously paid attention to the conversations we've had here.
    Thanks for doing that. Is there anything out of some of those presentations that you think would be important for us to consider adding to our report, going forward?
    Perhaps I could add to that one. It's important to remember that the law covers more than just electronic messages. It also covers the installation of computer programs. I know that a lot of other organizations, like the auto manufacturers and some of the technology companies, where you're looking at some of that.... I think you saw some of that touched on by Michael Fekete with regard to computer installation. If you have the opportunity to hear from some of those folks from some of those sectors around the programming installation issue, you might find some interesting information from some of those stakeholders around what that means.
     That's the whole other part. Because it's named CASL—and “spam” is in the name—a lot of the focus goes into the electronic messaging, but the computer programming installation aspect is another area that I think might be worth hearing a few witnesses on.
     Jim wanted some time.
    Do I have time?
    You have literally 30 seconds. That's it.
    This brochure, is it new?
    Is it new?
    It's not new. Okay. Where does it go? You said you have given out 3,500. What do you intend to do with it? It has good information, but who do you send it to?
    We've given it to a number of organizations. Sometimes we get requests for them. It's available electronically on our web page, too, so you can access it there.
    If we want to get some of these to hand out at our offices, can we contact your office and you'll send them to us?
    Yes. The clerk will get hold of us and we'll get them to you.
    Okay. Thank you.
    Mr. Chair, on that point, there is a complete disconnect from departmental provision of services like this to offices like ours. That's just a notation. Jim has brought up an excellent point. We have the conduits to all these communities for stuff, and it's left to our staff to try to find what's available, which is ludicrous for even industry, let alone everything else.
    It was just a good point that Jim had brought up.


    We'll move Mr. Sheehan for five minutes.
    Thank you very much for your testimony and the importance of your work. In your presentation, you mentioned that between 2014 and 2016 seniors lost $28 million due to fraud and schemes dealing with phishing and identity theft. I think that's one of the raisons d’être this legislation was put in place.
    We've heard testimony on the importance of that piece in particular, and of communicating with the seniors group you have identified. How exactly do you communicate with or target senior groups for marketing, as you alluded to in your testimony?
    That's where I was saying it's a broad, multi-channel piece. Our web page doesn't have a specific seniors section on it, but we participate in and support the anti-fraud month every March. I know there are angles there in particular targeting materials for seniors and those activities.
    That's important to know.
    After 2014, you said, you had a lot of hits on the website. Obviously, it made a lot of sense. I'd never received so much spam before this came into action. I mean, it was daily. It was just boom, boom, boom: “please subscribe, please subscribe”. Everyone was wondering what was going on and were making inquiries. Then it kind of tailed off, I think, and that's evident by your number of hits. I think we've seen an increase in the interest since we have undertaken this discussion, because it's getting out in the community and the media.
    For me, having worked in the website world back in the late nineties, I sort of think to myself, “How exactly are we encouraging people to get to the website?” Sometimes it seems rather reactive. Frank was mentioning hits, and how many of them are unique. Sometimes your hits are accounted to an obsessive-compulsive person who goes there multiple times just because of their personality. But how many are actually unique in that data?
    Under the legislation, are you guys able to do a giant email blast to the small business community? Yes or no.
     We probably don't have that exemption.
    I don't think we have the database for the whole 1.2 million small businesses in Canada.
    Fair enough: question asked and answered.
    The CRTC would have something to say about that, I think.
    Voices: Oh, oh!
    On that note, we had testimony from the Chamber of Commerce. They mentioned that there was some trepidation they had that they wouldn't be able to communicate with their members. Then from other testimony we heard, yes, you could. In Sault Ste. Marie, our chamber of commerce is the voice of small business, and business in general. They are recognized, well known, and they communicate very effectively.
     In my past life, when I did entrepreneurship development for the Economic Development Corporation, we used to do seminars, and we would bring folks in from the government to have a chat. We'd bring in the Community Development Corporation, and it would be everything from soup to nuts on various pieces. That's the proactive sort of thing that I think needs to be done to get things out there. The chambers of commerce network is fantastic. They have the ability to get messaging out.
    For that one piece, we have heard testimony that the business community is lawyering up, or if they can't afford a lawyer, they just don't do it, because the legislation to them is unclear. I think if we can work in collaboration with the chamber and their networks, it would do a great service in helping us as we go forward with CASL and any potential amendments.
     That's my comment. I'll pass my time over to Majid, because he has a specific question he would like to ask.
     Thank you.
    I'm specifically asking for a submission from your department to the clerk. The challenge we have is this. We've heard over the last testimonies about the issues around clarity. To me, one of the best ways for us to understand what the issues are—I'm not asking you to amend the policies or recommend any policy changes—is to know, based on the fact that you have been educating and they have been asking questions, what areas have been the most difficult for small businesses or consumers to understand. Then we can take that information and go back and say, if we have to focus on amendment in any area, this would be an amendment.
    I don't want an answer. I just want you to please look back at your history and tell us, as you were educating, what areas of concern or higher education you needed to do. We can then take that into account for our report.
    Thank you.


    Thank you very much.
    Mr. Masse, did you have anything you wanted to add?
    No, thank you, Mr. Chair.
    All right.
    I want to thank our panel today for presenting to us. Again, we have a lot of work ahead of us.
    We'll suspend for a couple of minutes while we get the other panel set up. Thank you.



    Welcome back, everybody, for the second hour of exciting testimony. We are looking for more fun information from the Department of Industry.
    From the Competition Bureau of Canada's deceptive marketing practices directorate, we have Josephine Palumbo, deputy commissioner, and Morgan Currie, associate deputy commissioner.
    I would be remiss if I didn't say happy Halloween, everybody.
    Ho ho ho.
    That's the wrong holiday.
    An hon. member: The barbaric cultural practice of Halloween.
    Voices: Oh, oh!
    We're going to move on.
    Mr. Currie, will you be presenting?
    Okay. You have up to 10 minutes. Take it away.
    Great. Thank you very much, Chair
    My name is Josephine Palumbo. I am the deputy commissioner of the deceptive marketing practices directorate at the Competition Bureau. I am joined by my colleague Morgan Currie, associate deputy commissioner of the deceptive marketing practices directorate.


    We are pleased to appear today on the committee’s review of Canada's Anti-Spam Legislation, or CASL.
    I'll begin by providing some context about the Competition Bureau and its mandate, and then move to the bureau’s role with respect to CASL, as well as the bureau’s experiences with cases related to CASL.


     Please allow me to begin by noting that the Competition Bureau does not enforce CASL per se. Rather, the Competition Bureau, as an independent law enforcement agency, ensures that Canadian consumers and businesses prosper in a competitive and innovative marketplace that delivers lower prices and more product choice.
    Headed by the commissioner of competition, the bureau is responsible for the administration and enforcement of the Competition Act and the three labelling statutes.


    The Competition Act provides the commissioner with the authority to investigate anticompetitive behaviour. The act contains both civil and criminal provisions, and covers conduct such as bid-rigging, false or misleading representations, price-fixing, and abusing a dominant market position.
    The act also grants the commissioner the authority to make representations before regulatory boards, commissions, or other tribunals to promote competition in various sectors.


    The deceptive marketing practices directorate, which deals with cases related to false and misleading representations, handles the vast majority of the complaints received by the bureau. To give you a sense of the scale of this, in the last year the bureau received approximately 11,000 complaints, of which 69%, or about 7,700, were relayed to the directorate.
    As noted above, when conducting investigations, the bureau uses the Competition Act's relevant criminal and civil provisions. The passage of CASL brought about specific amendments to the Competition Act that enabled the bureau to more effectively address false or misleading representations and deceptive marketing practices in the electronic marketplace, such as false or misleading sender or subject matter information, electronic messages, and website content, such as a website or an IP address. The changes address rapidly changing technologies, allowing us to better address competition offences in the digital economy.
    As I noted a moment ago, the Competition Bureau does not enforce CASL, and I would stress that CASL provided the bureau with no new powers or responsibilities. It provided the bureau with more specific tools and enforcement provisions to address certain kinds of online conduct and specific digital threats.
    With respect to the digital economy, the bureau's thinking has evolved over the years. Initially, we viewed the digital economy as a somewhat separate entity. This thinking took place at a time when most Canadians were not conducting a significant portion of their transactions online. Today the digital economy “is” the economy. The world has indeed changed, and therefore, we focus on the online activities of fraudsters, and prioritize our enforcement efforts in response to threats in the digital economy where those efforts can be most effective.
    In recent years we have observed some concerning online trends. These practices include subscription traps, spoof websites, drip pricing, and technical support scams.



    I would note that, for the most part, the bureau’s investigations are initiated by a complaint from any number of potential sources, including consumers, businesses, industry associations, the media, and stakeholders.


    Subscription traps occur when consumers are offered a free trial or purchase of a product, and consumers are given to understand that they have to pay only the shipping and handling with their credit card. Consumers later find themselves signed up to an unlimited subscription service with ongoing fees and unexpected charges. Contacting the company will only result in them pointing out their online terms and conditions, which are buried somewhere in the fine print. Consumers are told that by not returning the supposed free product ordered, they have in essence agreed to a monthly subscription to that product and that they have authorized monthly charges on their credit card. Once in this situation, it is often extremely difficult to stop the ongoing charges.
    Spoofed websites occur when a scammer uses a website to mislead consumers into thinking that it represents a specific business, financial institution, government, or charity. These websites generally imitate the real website to sell products or services in order to obtain sensitive financial or personal information from users. Often, they will provide enough information to appear like the real thing, including store locations, phone numbers, terms and conditions, and logos—RBC being an example.
    Drip pricing is a deceptive marketing practice whereby advertisers offer an attractive price up front for a product or service, only for consumers to discover that unexpected additional mandatory costs or fees have been added by the advertiser, leading to higher prices than initially advertised. The true total cost may only be revealed after the consumer has initially responded to the advertisement.
    Technical support scams may take many forms, but in general they involve representations that induce consumers to believe that their computers have been infected with some form of a malicious virus or program. They appear in the form of pop-up advertisements in the user's browser, which make the false or misleading representation that the consumer's computer is infected.
     The pop-up message provides instructions on how the malicious program or virus can be removed by directing the user to contact a technical support hotline to ensure the removal and cleanup. These representations are often accompanied by warnings of dire consequences to the user and the computer if they do not take corrective action immediately. Once the consumer reaches the call centre, the representative directs the consumer to grant remote access to the computer. From there, the representative may make additional representations, confirming that the computer is infected and that the user must pay—often hundreds of dollars—to remove the malicious program.


     At present, we have a number of ongoing investigations examining these and other deceptive marketing practices.


    In 2016 the bureau announced its first win involving the new provisions created by CASL. Following an investigation, the bureau concluded that Avis and Budget had engaged in false or misleading advertising for prices and discounts on car rentals and associated products.
     Specifically, Avis and Budget had engaged in drip pricing, whereby certain prices and discounts initially advertised were not attainable because consumers were charged additional mandatory fees that were only disclosed later in the purchasing process. The prices were advertised on Avis and Budget's websites, mobile applications, and emails, as well as through other channels. As part of this settlement, Avis and Budget paid a $3-million penalty to promote compliance with the law going forward.
     Similarly, as a result of an investigation into drip pricing, in April of this year Hertz Canada and Dollar Thrifty agreed to pay a total penalty of $1.25 million to ensure that their advertising complies with the law and to implement new procedures aimed at preventing advertising issues in the future.
    Earlier this year, the CASL-related amendments to the Competition Act allowed the bureau to resolve false or misleading representations in all forms of electronic messages made by Amazon. In this instance, Amazon often compared its prices to a regular or list price, signalling attractive savings for Canadian consumers. Our investigation concluded that these claims created the general impression that prices for items offered on Amazon's website were lower than prevailing market prices.
     We determined that Amazon relied on its suppliers to provide list prices without verifying that those prices were in fact accurate. In this case, the savings claims were advertised on, in Amazon mobile apps, and in other online advertisements, as well as in emails sent to customers. Amazon agreed to pay a million-dollar penalty and make a $100,000 payment toward the bureau's investigative costs, in a 10-year remedy.
    In 2015 the bureau entered into 13 consent agreements, resulting in over $26 million in administrative monetary penalties, almost $25 million in consumer restitution, and over $1.5 million paid to charities and advocacy groups working in the public interest. Put another way, the bureau's enforcement activity has led to $52.6 million in combined financial penalties in the last two years alone. We believe that, on the whole, the bureau has benefited from CASL and has worked well within its existing resources to prioritize enforcement in the digital economy.


     It is worth noting, however, that any shift in resources would undoubtedly impact our work and require us to re-evaluate how we prioritize our investigations and the allocation of our resources.
    I would like to thank the committee for the opportunity to appear today. I would be happy to answer any questions you may have.
    Merci beaucoup.
    Thank you very much, especially for the detailed examples. They're going to go far in helping us.
    Mr. Longfield, you have seven minutes.
    Thank you.
    Thank you for coming this morning and giving us this very detailed presentation.
    The amendments to the Competition Act were intended to address some of these false and misleading representations you've presented to us. Do you believe that CASL has been effective in any way in addressing these types of concerns?
    First of all, CASL amended our act in a couple of ways. Technologically neutral language was implemented within certain of our definitions. Amendments allowed us to be more targeted in terms of our enforcement in the electronic marketplace. CASL represents evolution, not revolution, for us. It didn't really impact on the work we do, how we allocate resources and the way we legislate, but digital economy and online advertising are a high priority for the bureau. We now have more specific tools to deal with false and misleading representations in the electronic space.
    From that perspective, yes, it has been helpful, and the amendments have allowed for more efficient enforcement within the electronic marketplace.
    Thank you.
    I've put forward a motion, that we're looking at studying at some point, hopefully in the near future, around the digital marketplace. As you said, that is now the marketplace. Does our legislation keep up with the changes in the marketplace?
    In the context of online marketing, there's some confusion around what commercial messages are and how people are competing to try to get information. Could you clarify how the Competition Act and CASL work together in terms of online marketing and whether there are some things we need to address in our report to highlight some changes that need to be made?
    Let me begin by saying that there is the memorandum of understanding between the three agencies. That was implemented as a way for us to share information and in order for each of these different agencies, which have different objectives in terms of our mandate, to share information.
     Again, I think we have a specific role to play under our Competition Act. We use the statutory requirements that are listed within the act. When we're looking at CASL-type behaviour, we're looking at it within the context of false and misleading representations with respect to the sender, with respect to the subject matter, and with respect to the locator. We're looking at it within the context of the Competition Act test, and we apply that test. We apply materiality within that test to a certain extent within some of the provisions of CASL.
    We work with our agencies, but we each have our own distinct roles and responsibilities. We, of course, rely on the spam reporting centre in terms of the data that's available there in order to gauge information in respect of possible future investigations within the digital economy space. We rely on that. We use that. We find that helpful. There's information sharing with the three agencies. There's the access to the database through the SRC, which is helpful.
     Perhaps my colleague would like to add to that.


     There are perhaps just a couple of soft spots we've noticed in the course of our examinations over the last three years, just points of clarity that don't appear to be readily apparent to us. For example, we have an injunctive power that's been added to our act with CASL. We can prevent a third-party provider of telecommunications services from providing Internet service to someone who is issuing spam or violating our provisions. We are not entirely sure whether we have to have an investigation, or a substantive case, or a formal inquiry in order to be able to engage in that. It's just not clear. We may find out about something where there's apparent harm, and we don't have an investigation up, but we'd like to stop it right away. It just seems to be a bit of a spot where we may encounter some difficulties.
    Second, it might be helpful if we had a clearer definition of what constitutes an “electronic message”.
     Yes, we've heard that.
    What is meant by “send or cause to be sent ” under the Competition Act? This would allow us to better understand how to use our new provisions to address online threats such as those technical support scams in which you receive a pop-up on your computer screen. We would take the position that that's an electronic message, but it's not entirely clear or well defined, as are other means of conveying false and misleading representation such as text messages, tweets, emails, social media, and others, which are clearly covered.
    There's so much to ask and so little time. I have only a minute and a half left.
    Earlier in our study, I was looking for information around the threats from outside of Canada and how we might be able to have this legislation address outside threats. Does the Competition Bureau address the outside threats? Some of your presentation includes international companies. How do we deal with outside threats?
    The Competition Bureau has very strong relations with its international counterparts. We have 20 international instruments with about 15 different jurisdictions. Some of those jurisdictions have consumer protection remedies and requirements within them. We work very, very closely with our international counterparts.
    We know that online activity crosses national borders, and we coordinate with our counterparts in other countries to amplify the reach of our enforcement action in the extremely challenging frontier of e-commerce. We partner in coordinated Internet sweeps for searches with respect to certain sites that may be problematic. Annually, we conduct the Internet sweep under ICPEN, the International Consumer Protection and Enforcement Network. These sweeps essentially are aimed at designating particular sites that may be problematic not only for Canadians but for other parts of the world as well.
    Again, our aim is always to improve consumer confidence in e-commerce by demonstrating vigorous and effective global law enforcement presence here in Canada and abroad.
    You put a lot in, in a short time, so thank you very much.
    Thank you very much.
    We'll move to Mr. Eglinski for seven minutes.
    You mentioned in your presentation the amounts of money that you've received. I think you said something like $52.6 million?
    How do you go about assessing those penalties? You talked about Avis and then you talked about Amazon. Do your bureaucrats or your department heads decide on the fine, or is it kind of a gentlemen's agreement between both parties?
    Let me start off by saying that administrative monetary penalties are not punitive in nature. They're not there to punish. We associate deterrence with being punitive, and this is not what administrative monetary penalties are about. They are about fostering compliance, encouraging compliance with enterprises that are on our radar for particular investigations.
    How do we determine the administrative monetary penalties? There are 11 aggravating and mitigating factors that are listed within the confines of the Competition Act. Those can include things like the duration and the scope of the conduct at issue, the gross revenues generated by the conduct at issue, and the vulnerability of the groups of individuals who may be targeted by the conduct that is at issue. History of compliance with the Competition Act will also dictate where on that spectrum someone would fall in terms of the quantum of the administrative monetary penalty. We're also concerned about the financial viability of the company that is the target of our investigation. All of these factors are taken into consideration when we assess what the quantum is. There is also a catch-all provision under which the bureau can consider other factors when assessing the quantum.
    I need to explain that administrative monetary penalties in the cases of Avis, Budget, Hertz, Dollar, Thrifty, and Amazon were all the result of negotiated settlements, so they were arrived at through consent agreements. Consent agreements are a form of negotiation in which the parties and the commissioner and the bureau work together to promote compliance with our act. They can be quite effective. We negotiate them, and we work with the parties in order to achieve the public interest. These consent agreements are actually registered with the courts and with the competition tribunal, and they carry the same force of law as a court order.
    Also, the administrative monetary penalties can be levied in the context of the courts if there's an application to the competition tribunal, for example. Within the remedies that the tribunal would consider, administrative monetary penalties would be one of the remedies, as would corrective actions, and possibly restitution payments.
    We don't just pull these numbers out of the air. We work with the targets of the investigation, and come up with the right quantum that reflects the public interest. Ultimately, if we're able to accomplish it in the context of a consent agreement, we're actually avoiding the costs associated with lengthy, costly, and sometimes uncertain litigation.


     Have you had any repeat offenders?
    It's interesting you might ask. We have a pretty good track record on repeat offenders. On the record, we currently have one case, the Matthew Hovila case. The individual had agreed to a consent agreement, under the Competition Act, and a few years later decided to repeat the conduct. As a result, this individual faced jail time as well as restitution costs.
    When there is a consent order with the Competition Tribunal, and a civil matter is violated in this fashion, it slips things over to a knowing and reckless offence. In this case, we're looking at criminal charges. In the end, Mr. Hovila spent two and half years in jail and was ordered to pay restitution to victims of his scheme in the amount of $185,000.
    Again, that's one example—
    It's the only one.
    Ms. Josephine Palumbo: —out of a large number of consent agreements.
    The figures you've given us, were those for North American companies registered in Canada? Have you had any penalties levied against foreign companies through your co-operation with enforcement in other countries?
    Amazon is a company that crosses the Canadian border. That would be one example of extra-jurisdictional reach. Obviously, the law confines us to our Canadian borders.
    Do you have enough personnel to handle the workload you have in front of you? I think you're talking about 7,700 cases that you've looked at. Are we providing you with enough resources to be efficient at what you're doing?
    We continue to make the most of our resources. We take stock of our enforcement experience. We review evolving trends in international best practices to ensure our enforcement actions remain modern and relevant. Each investigation is different. The costs vary from one case to another. We use the resources that we have available to ensure the most effective and efficient enforcement to provide high-impact results for Canadians.
    We maximize our effectiveness and the resources we have. Could we do more with more? Probably.


    I notice you mentioned a million-dollar penalty to Amazon and a $100,000 payment for costs. Do you normally go after costs in these cases? Is it roughly 10%?
    It depends. If you look at Hertz, for example, there were no costs levied against Hertz and Dollar Thrifty. But we weren't even on inquiry, at that point. The company came in, and we negotiated a resolution. They wanted to co-operate. We want to achieve compliance. Fundamentally, that's what we're aiming for. We want compliance and we want it fast. We were able to accomplish that. There were no costs levied.
    In any event, administrative monetary penalties or costs to the bureau are payable to the Receiver General for Canada and fall into the consolidated revenue fund for further distribution to other programs within the government.
    Thank you.
    Thank you very much.
    Mr. Masse, you have seven minutes.
    Thank you, Mr. Chair.
    The presentation is clear—and I think it's obvious, too—that with the additional responsibilities the Competition Bureau has been provided over the last decade, if we want to have a more serious allocation of some of the laws in place, then the resources need to be there for it. It's going to become more robust in terms of the complications to do so, especially internationally. The treaties we've signed over the last number of years haven't included some of the things probably necessary to keep up to speed with some of the issues you deal with. In fact, they've been missed opportunities with many of our agreements. They don't have these as internal components, which they could.
    That aside, how do we rank with our G7 partners, in terms of protecting competition in Canada, in terms of your counterparts in the United States, Australia, and others? Where does Canada rank with this?
    Well, I believe our record speaks for itself, quite frankly. I've given you some examples of consent agreements. The resolutions have yielded $26 million in administrative monetary penalties, $25 million in consumer restitution, and $1.5 million paid to charities. That's—
    I know all that. But how do we rank? I would say that our protection for consumers and enforcement needs to be equal to that of, for example, the United States, where we have reciprocity in many respects but we don't get the same for consumers, let's say.
    I'll give you the quick example of Toyota, and now Volkswagen, where consumers get less protection in Canada for a variety of different political decisions and even legislative reasons. Where do we compare in terms of consumer protection but also competition, for the fair companies, with our American counterparts and other G7 nations? I know what you have here, but what I'm looking for is how we compare with others. We have very much an integrated market in consumer societies with the G7. Where do we rank with regard to competition protection and consumer protection?
     I think we're doing a fairly good job in what we have and in the legislation that we have before us. In the Volkswagen matter, we resolved the case as well with respect to the 2.0-litre engines—$15 million in administrative monetary penalties and $2.1 billion in restitution to Canadian consumers, as well as costs. I think we're faring quite well, quite frankly.
    That's still not comparable to the United States in terms of Toyota and what they received; and Volkswagen, we still haven't seen that over here.
    We work well with our American counterparts as well. We collaborate with the FTC as is necessary.
    Your presentation here indicates that you need more resources to do more. I'm asking, quite frankly, how your resources...and how you actually play out with the United States with regard to comparables. You're referencing Amazon and, for example, a 10-year remedy for $1 million. That affects other competition when a company is allowed to have a position that provides for an advancement of their market share. There's been a restitution here, but for Amazon, that's not a lot of money over a 10-year period. The reality is that when it's an international company that needs to be examined like this, how do you compare with the United States? That's what I'm trying to find out. Are we as robust in our protection and our fines and our penalties as the other G7 countries are? That's what I'm interested in.
    Your presentation here does say that you...and you've tried to recite the numbers here. I'm looking to find out whether it's comparable to our other G7 nations.


    I believe we are. I think we're working within the confines of our law, and our resolutions reflect those realities.
    It's somewhat difficult to measure because of the scale of the economics, the scale of populations. There's no doubt that two of our most important partners, the U.S. Department of Justice and the Federal Trade Commission, are enormously well resourced. We all know that. We are certainly part of the conversation and work collaboratively with them in several law enforcement partnerships that we are engaged in across Canada and internationally.
    On the consumer protection side, we have the International Consumer Protection and Enforcement Network. Within that group, which is well over 40 countries, New Zealand, Australia, the Federal Trade Commission, the U.K., and us are considered the big five. We're the ones that collaborate. We're the trailblazers. We're the ones that are more likely to work collaboratively to address such global scourges as subscription traps.
    On the criminal side of our law, with cartels—at the Competition Bureau, for example, with bid-rigging—our partner, the U.S. DOJ, is enormously resourced. There's a lot of collaboration there. Could we do more with more resources? As we always say, as a law enforcement agency, most certainly we could.
    That's what I'm trying to ascertain here. I don't believe that consumers get reciprocity. For example, when you look at legislative things, even the automotive sector, you see that Toyota's settlement with the United States was quite different from that with Canada. In fact, it included investment into their facility development for safety, and plant development as well.
    I'll leave it at that. There are other legislative things that have taken place, like proceeds from crime going to different agencies and different things. It seems to me, though, that your presentation is suggesting that you need more resources to do more, but at the same time— that's why I'm asking for comparables with other G7 nations—you say you're doing fine. So I don't know what the message really is at the end of the day.
    Thank you.
    Perhaps when you go back you can take a look, answer that question, and submit something.
    We can certainly come back with more detailed data that might help position Canada vis-à-vis other law enforcement partners.
    Thank you.
    If you could submit it to the clerk, that would be good.
    Very good.
    Thank you.
    Mr. Baylis, you have seven minutes.
    Thank you.
    Thank you for being here.
    One of the points you make is that the Competition Bureau is looking after ensuring that we have a competitive and innovative marketplace, and that this in turn delivers lower prices and more product choice. We've heard some philosophical arguments against CASL, saying that it favours the companies that are already implanted, because they have made those electronic relationships that they can then build upon, whereas new entrants don't have that opportunity to advertise and get into the marketplace.
    We've heard philosophical arguments saying that CASL is going to reduce competition and innovation. In your role, do you have thoughts on that?
     We apply the rules or the law as set out in the Competition Act. We look at representations. We don't carve out, for example, a charity. We don't carve out members of Parliament. We apply the law as it speaks.
    When we look at a representation, we look at it in the context of whether it's false and misleading in a material respect in order to promote a product or a business interest. We look at it with respect to the conduct, the materiality, the general impression that's conveyed. If it's false or misleading in a material respect, we will enforce as an independent law enforcement agency should and does do.
    What we've seen as we've moved into the digital economy becoming the economy is that in many cases, the same actors that were once on the phone and engaged in telemarketing have moved their activities online. Our piece of CASL, through these minor amendments to the Competition Act, really hasn't changed the profile of what we see in the marketplace in terms of the false and misleading representations. We're vigilant in trying to detect it in both the civil and the criminal side of our law.


    With the very malicious activities, as you said, the same people who were doing the phone scams have now moved on to the Internet scams. However, you've had some strong wins against some very big, legitimate companies. Is that an ongoing thing, or have you set a bar to let people know that if they behave in this way, they're going to be dealt with as per previous examples?
    Let me start by saying that reviewable conduct is civil. An offence that has the element of “knowingly or recklessly” will tip you into the criminal behaviour. The cases you have before you, the Avis and Budget, the Amazon, and the Hertz cases, were all resolved under the civil reviewable conduct provisions of the act. No deliberate mens rea, knowingly reckless; doesn't exist there.
    In terms of what those consent agreements have done, though, you'll notice that Avis, Budget, Hertz, and Dollar Thrifty are all in the rental car industry. Generally, because our resources are limited, when we invest in a particular industry, we focus and hit on the bigger players. From there, we engage in outreach, some advocacy and education, to try to level off the playing field. That's what we're really trying to accomplish.
    Those resolutions are public. If it's a consent agreement registered with the Competition Tribunal, there are websites, so other companies or other enterprises become aware of what the standard is, of what the rules are, and what they should and shouldn't be doing. It disciplines the industry, to a certain extent.
    You discipline an entire industry.
    I'll pass it over to my colleague Mary.
    Thank you.
    On the private right of action, I'm hoping you can give us some advice. Given your testimony and the experience that the Competition Bureau has around penalties, what I would love to hear about...because we heard from other witnesses that at present what they're worried about, I suppose, is that there's no scalability. A penalty is a penalty, and therefore there's no scalability based on the type of offence.
    In your opinion and in your experience, if we're looking at the PRA, does it make sense to have a sliding scale of penalties commensurate with the type of offence? For malicious phishing—terrible—it would be high, with a scale for others. How might we look at that?
    On the private right of action, obviously we take the law as it is given to us. The law hasn't come into force. I know there has been a pause on the implementation of this legislation. We have some experience in this area, because private right of action provisions were introduced in the Competition Act in 2002. We know there have been 25 private right of action lawsuits filed with the Competition Tribunal, eight of which have been certified, but to the best of my knowledge, the commissioner has never intervened in any of those private right of action processes.
    The current CASL private right of action very much mirrors this process. All I can speak to is the experience we have. The commissioner hasn't intervened. The commissioner would intervene only in exceptional circumstances. We would assess on a case-by-case basis whether to intervene. A number of factors would be considered, including the public interest, whether it's in the public interest for the commissioner to intervene, and the significant competition issues that might come into play. Our experience really falls within the confines of the private right of action in the Competition Act.
     So you think that private right of action, in that the tool is there, has been effective at prevention, deterrence?
    It has given the opportunity for private litigants to seek redress with respect to certain offences. Our involvement, though, has been minimal; we haven't intervened in any cases. Again, we're looking at competition issues that go beyond the immediate parties that are affected, a wider geographic scope. We're looking at significant issues that could impact the consumer, businesses—
    I'm sorry to interrupt you, but just on the sliding scale piece, enforcement commensurate with the type of a potential offence, I'm looking for your perspective. Not around the private right of action, but if you had that kind of sliding scale, would that be effective in the other civil enforcement, as a example?


    Very briefly.
    As a law enforcement agency, we assess the facts that are brought before us in an investigation. We assess and determine whether or not the law applies, to what extent the law applies, and the appropriate remedies. It's hard to deal in hypotheticals without the facts.
    Thank you.
    We are mindful of the time. For the next four sets of questions, we'll go for three minutes each.
    Mr. Jeneroux, you have three minutes.
    Let the record state my visible and vehement opposition to this muzzling of three minutes for the opposition.
    Voices: Oh, oh!
    Mr. Matt Jeneroux: A misuse of power, Chair.
    I've now used up a minute.
    On page 7 of your presentation, you talk about the complaints initiated by a number of potential sources, “consumers, businesses, industry associations, the media and stakeholders”. Do you have a percentage breakdown of where those are predominantly coming from?
    Again, our work is guided by section 29 of the Competition Act, the confidentiality provisions of the act. Any information we receive, whether it's from the targets of an investigation or a business or any sources of information to a third party, we protect that information, whether it's given to us through compulsion or through compulsory orders or a voluntary process. The only two instances where we would share that information is where we're sharing with another Canadian law enforcement agency or where we're in the administration of the enforcement of the act—for example, if we're filing an application before a court.
    Could you provide even a percentage breakdown?
    It'll be difficult for us to go granular in terms of our sources of information. We're an independent law enforcement agency. We have investigative tools we need to use, and individuals and enterprises that come before us expect that we will vigorously protect the information they provide to us.
    Sometimes there are multiple sources, and we also develop our own intelligence. We receive intelligence on fraud, for example, from the Canadian Anti-Fraud Centre. We are part of the joint management team of that organization. Sometimes this information and other sources of intelligence can corroborate other multiple and varying sources provided us.
    Would you say there's a link between the anti-competitive marketing and the circulation of malware through electronic messages?
    Malware doesn't fall within our mandate, quite frankly. There are areas where the conduct can overlap, but again we would be looking at it within the confines of false or misleading representations in the material aspect as outlined within our Competition Act.
    Sometimes the lines are blurry between the types of complaints we might see in conjunction with our delivery partners at the CRTC and OPC. For example, there might be a false or misleading representation in the body of the message or in the locator or sender information in a message that's used to distribute malware or, for example, to obtain consent to obtain private information from an individual where we'd be concerned about the representation being made to obtain that consent.
    Thank you.
    Mr. Sheehan, you have three minutes.
    We have heard various testimony about social media and about other forms of communication, such as text messaging. The anti-spam legislation is pretty technology-neutral in its concept. For the record, because we've heard different opinions, does the law apply not only to promotional emails but to text messages, instant messages, or posts on social media?
     Yes, ours does. False and misleading representation by any means will be pursued by us under these provisions.
    Thank you very much.
    How is commercial activity in CASL different from the business interest in the Competition Act?
    The Competition Act talks about promoting a product or a business interest. The test that we apply is that which is “false or misleading in a material respect”. In terms of “material respect”, has it influenced the consumer to purchase a product or to engage in a particular conduct or behaviour? We look at the general impression as well as the literal meaning in assessing whether or not the representation is false or misleading.


    In testimony we also heard that CASL does not apply to charities or not-for-profits. For the record, what's your opinion?
    We do not have a carve-out for charities; we apply the law as it is. In fact, recently we had an alternative case resolution in a matter of charity bins, where they seemed to suggest they were helping charities and they actually were not. Our law doesn't distinguish that. In fact, it includes charities.
    Perfect. Thank you very much.
    You mentioned in your testimony as well that you work with the other two organizations involved in CASL. Is that relationship good? Maybe a better question is how might it be improved going forward in the future?
    I think the relationship is very positive. We work well with the other two agencies, the CRTC and the OPC. We know that the SRC, for example, has been a very useful tool for us in terms of a source of information for our own investigations. That's hosted by the CRTC. They have had, I believe, 40 million records and one million complaints since 2014, so that's an interesting source of information for us. We use it. We rely on it.
    There are some anomalies or observations that we've recognized with respect to the SRC. The majority of the records that appear in the SRC actually fall outside of the mandate of the bureau. We also find that many of these records relate to mass-marketing fraud. Again, that's a very narrow area. Also, a lot of the records in the SRC that are not mass-marketing fraud deal with health-related products. The result of all of this is that we find that within the bureau's mandate, only 97% to 99% originate from outside of Canada and are, therefore, again beyond our jurisdiction.
    The SRC has been useful to a certain extent. We have provided some guidance to the SRC and to the CRTC in terms of how the SRC can organize its information a little bit better for the benefit of the bureau's analysis.
    In terms of information-sharing, we have the MOU—
    I'm going to have to stop you there. We could go on for hours.


    Mr. Bernier, you have three minutes left.


    I have one question. I will share my time with Jim.
    You said that you received a big sum of money from Amazon. They were not respecting the legislation. What are you doing when you receive an amount like that? Do you keep that for your own investigation?
    No, not at all. The million-dollar administrative monetary penalty is payable to the Receiver General for Canada and goes into the consolidated revenue fund. It doesn't go to the bureau. The costs that are levied against a company will also not go to the bureau. They will go to the Receiver General for Canada and the consolidated revenue fund for broader distribution.
    Perfect. Thank you.
    I noticed that you talked about spoofed websites and the technical support scams. The other one is the one you've been talking about quite a bit.
    Drip pricing?
    Yes, the drip pricing.
    A spoofed website to me is a strictly criminal action. Have you had any dealings with this, and have you referred anybody through the courts regarding spoofed websites?
    Can you finish off by talking about technical support scams?
    I'll start off and then I'll pass it over to my colleague.
    We currently have 41 ongoing digital economy investigations. Again, given the nature of the work we do as an independent law enforcement agency, I cannot share the details of those, but we currently have digital economy cases that have criminal components to them.
    Well, kick butt, then, on that.
     Yes, absolutely. There are some challenges with those aspects of the law as well, because the criminal spammers are going to great lengths to hide their identity. We've seen several spoofed websites. My colleague mentioned RBC. We've seen, with the Bank of Montreal. “” up in the locator information, with all the sites of the different banks and advertisements. It looks like a real website.
    What is amazing, and a little frightening to us, is that a lot of this originates from countries that are outside of our jurisdiction, although we are victimized by it. This is why our international co-operation is so important. When we can actually make a connection and lay hands on somebody in Canada, that is extremely vigorously pursued by our organization. The technical support scams, unlike ransomware where your computer is actually affected by malware, that's where you get a pop-up that says your computer is infected but it isn't.


    Thank you.
    Very quickly, Mr. Jowhari, you have three minutes.
    Thank you.
    I have two questions. If I get a chance to ask both of them, that would be great.
    One of them has to do with the information-sharing effectiveness among the three departments, and the other one has to do with the PRA scope overlap with CASL and CB.
    Let me start with the information-sharing. The Office of the Privacy Commissioner gave testimony that the current rules and regulations do not allow for effective information-sharing among the OPC, the CRTC, and the Competition Bureau with respect to those provisions outside of CASL.
    Do you concur with that? If you do, where do you think the shortcomings are, and where can we make specific improvements?
    Let me start by saying again, greater co-operation is always welcomed, but we also have to work within our statutory mandate. Under section 29 we have a statutory obligation to maintain confidential certain information and we cannot divulge that unless we are within those two requirements.
    Obviously, the MOU, I think, clarifies the roles and responsibilities and allows for some information-sharing between agencies, and we have shared information. Further development can certainly be helpful, but it has to be done within the confines of our statutory limitations.
    Do you recommend that we change that or make a recommendation so it allows for freer information-sharing?
    I think that could help.
    That could help. Great.
    With 30 seconds left, let me go to the PRA scope. There has been some discussion that the Competition Bureau already has a process that holds small businesses or individuals accountable. We talked about the $1 million and $10 million under CASL. Do we need to amend CASL and PRA in any way to say that these are the areas that are being dealt with by CB, and these are the areas that are with CASL, so if we limit or narrow CASL's PRA, then it becomes more complementary rather than an overlap?
    The three agencies, though, have three different responsibilities. They do overlap, but we each have our different mandates and I think those are clearly delineated within the MOU. So it could be a bit of a challenge, I think, to try to amalgamate the two. We have a statutory duty to look at false and misleading representations with respect to sender, subject matter, and locator. That's our statutory mandate. The CRTC and the OPC have other statutory mandates.
    Morgan, I don't know if you would like to add anything.
    I don't think so.
    We haven't taken a position on private right of action, perhaps because we're a mature law enforcement agency. We've had it for a long time, and have not intervened ourselves.
    Thank you.
    Very quickly, we did it....
    Mr. Masse.
    I'm good. Thank you.
    You're good?
    Thank you, yes.
    Oh, good. I could use up that time.
    I know. That's very fair. Thank you.
    I want to thank our guests for coming in today. It was very enlightening. I think we'll go back and have a lot of conversations about this. Thank you very much for coming.
    On Thursday we are in committee business. We will be discussing the draft report of IP. We'll also talk about some future committee business.
    Thank you all very much. Have a wonderful day, and happy Halloween.
    The meeting is adjourned.
Publication Explorer
Publication Explorer