Another CASL fine assessed

This week the Canadian Radio-television and Telecommunications Commission (CRTC) announced a $50,000 fine against Blackstone Learning Corp. for violations of CASL.
gavel
In early 2015, the CRTC identified over 380,000 emails sent without the consent of recipients and fined Blackstone $640,000. Blackstone appealed the ruling and the Commission lowered the fine to $50,000.
I strongly recommend folks who are interested in how the CRTC is enforcing CASL read the full release. In it, the CRTC walks us through the process of investigation. In this case, Blackstone argued that they had implied consent based on the public nature of the recipients email addresses and the fact they’re published on different websites. The commission disagreed.

23. Paragraph 10(9)(b) of the Act does not provide persons sending commercial electronic messages with a broad licence to contact any electronic address they find online; rather, it provides for circumstances in which consent can be implied by such publication, to be evaluated on a case-by-case basis. Pursuant to section 13 of the Act, the onus of proving consent, including the elements of implied consent under paragraph 10(9)(b) of the Act, rests with the person relying on it. Various publications on both the Commission’s website4 and on the Department of Industry’s web page related to the Act5 stress the importance of detailed and effective record-keeping for this reason.
24. The notice to produce issued to Blackstone required it to produce information with respect to how it obtained consent, whether express or implied, to send commercial electronic messages. Blackstone did not respond to this notice, despite a Commission decision requiring it to do so.

There was a question at the EIS conference that was similar. An audience member asked (very roughly paraphrased) why do marketers have to comply with this and other companies don’t. A panel member responded that they did, but turned the question around and asked how the audience member would justify not complying. The conversation went on, but the thing that struck me was that the onus was on the audience member and on the sender to prove compliance or defend their lack of compliance. The same thing occurred to me reading the CRTC findings. The CRTC is looking for folks to do the right thing, or give them a good argument as to why the rules don’t apply.
I see a lot of people arguing against CASL, against it’s overreach and against the underlying rules. But everything I’ve seen in how the CRTC is enforcing CASL is that they’re taking a thoughtful approach. Even in this case, where the reports says “Blackstone did not cooperate with the investigation” the CRTC still attempted to work with the company. In fact, they even lowered the fine to less than 10% of the original amount. As they say:

As stated in the Act, the purpose of a penalty is to promote compliance with the Act, and not to punish. To this end, the penalty set out in the notice of violation places great emphasis on the principle of general deterrence. The Commission accepts that this is a valid principle to be considered in the imposition of an AMP, but considers that the specific circumstances of Blackstone’s case, and the violations that have taken place, require a lower AMP.

This is probably the 4th or 5th enforcement action I’ve seen the CRTC take. None of those showed any evidence of government overreach or business ending fines, something CASL detractors have been saying will happen. In fact, many actions involved no fines and even in the case where the fine was over $600,000 and the company didn’t cooperate, the CRTC lowered the fine based on an appeal.
CRTC enforcement actions have not brought email marketing in Canada to a screaming halt. But have made email better for Canadians. I call that a win.

Related Posts

4 things spammers do legitimate marketers don't

I’ve never met a spammer that claims to be a spammer. Most that I’ve met claim to be legitimate marketers (or high volume email deployers). But there are things spammers do that I never expect to see a legitimate marketer doing.
I’ve written about these things throughout the blog (tag: TWSD), but it’s probably time to actually pull them together into a single post.

Read More

Are botnets really the spam problem?

Over the last few years I’ve been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they’re not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email.
Botnets are a problem online. They’re a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins. They can be used to host viruses. They can be used to send spam. They are a problem and a lot of people spend a lot of time and money trying to take down botnets.
For the typical end user, though, botnets are a minor contributor to spam in the inbox. Major ISPs, throughout the world, have worked together to address botnets and minimize the spam traffic from them. Those actions have been effective and many users never see botnet spam in their inbox, either because it’s blocked during send or blocked during receipt.
Most of the spam end users have to deal with is coming from people who nominally follow CAN SPAM. They have a real address at the bottom of the email. They’re using real ISPs or ESPs. They have unsubscribe links. Probably some of the mail is going to opt-in recipients. This mail is tricky, and expensive, to block, so a lot more of it gets through.
Much of this mail is sent by companies using real ISP connections. Brian Krebs, who I’ve mentioned before, wrote an article about one hosting company who previously supported a number of legal spammers. This hosting company was making $150,000 a month by letting customers send CAN SPAM legal mail. But the mail was unwanted enough that AOL blocked all of the network IP space – not just the spammer space, but all the IP space.
It’s an easy decision to block botnet sources. The amount of real mail coming from botnet space is zero. It’s a much bigger and more difficult decision to block legitimate sources of emails because there’s so much garbage coming from nearby IPs. What AOL did is a last resort when it’s clear the ISP isn’t going to stop spam coming out from their space.
Botnets are a problem. But quasi legitimate spammers are a bigger problem for filter admins and end users. Quasi legitimate spammers tend to hide behind ISPs and innocent customers. Some send off shared pools at ESPs and hide their traffic in the midst of wanted mail. They’re a bigger problem because the mail is harder to filter. They are bigger problems because a small portion of their recipients actually do want their mail. They’re bigger problems because some ISPs take their money and look the other way.
Botnets are easy to block, which makes them a solved problem. Spam from fixed IPs is harder to deal with and a bigger problem for endusers and filters.

Read More

What do you think about these hot button issues?

bullhornIt’s been one of those weeks where blogging is a challenge. Not because I don’t have much to say, but because I don’t have much constructive to say. Rants can be entertaining, even to write. But they’re not very helpful in terms of what do we need to change and how do we move forward.
A few different things I read or saw brought out the rants this week. Some of these are issues I don’t have answers to, and some of them are issues where I just disagree with folks, but have nothing more useful to say than, “You’re wrong.” I don’t even always have an answer to why they’re wrong, they’re just wrong.
I thought today I’d bring up the issues that made me so ranty and list the two different points of views about them and see what readers think about them. (Those of you who follow me on Facebook probably know which ones my positions are, but I’m going to try and be neutral about my specific positions.)

Read More