Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":889,"date":"2014-11-03T18:19:14","date_gmt":"2014-11-03T18:19:14","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=889"},"modified":"2019-04-17T10:25:47","modified_gmt":"2019-04-17T10:25:47","slug":"casl-goes-medieval-on-software-january-1","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2014\/11\/03\/casl-goes-medieval-on-software-january-1\/","title":{"rendered":"CASL Goes Medieval on Software January 1"},"content":{"rendered":"

$\"Canada$ On July 1st of this year, the Canadian Anti Spam Legislation (CASL) grew up from an ethereal entity into a law that, assuming it could be enforced, is the toughest of its kind in the world. With stiff penalties and a decidedly stiffer take on who could invade your inbox with spammy messages, CASL promised to be Canada\u2019s response to the war on spam in a most righteous way. Of course, intentions aren\u2019t reality and time decides what\u2019s what, and nearly six months later, the Canadian Radio-television and Telecommunications Commission (CRTC)<\/a>, the independent body tasked with enforcing the law, has received more than 120,000 complaints. So far, it\u2019s \u2018enforced\u2019 only one case, that of an Internet provider in Saskatchewan whose servers were unwittingly infected<\/a> with the Windigo exploit. No fines were levied in that investigation, and much ado about something really wasn\u2019t.<\/p>\n

It should have been obvious to anyone watching the launch of CASL in July that all the big talk was just that. While companies in Canada, from very small to very large businesses, scrambled to ensure that they would be compliant, people wondered exactly how international compliance would work. After all, the law is very clear: whether you\u2019re based in Canada or elsewhere, you need implicit consent if you want to send email to Canadian users. In addition, the CRTC itself has expressed hesitation<\/a> that it will be able to effectively enforce the law.<\/p>\n

With all its issues, things are about to get even dicier as CASL prepares to move to phase two on January 15th, when it begins its enforcement of software installations. According to the CBC<\/a>, \u201cstarting on Jan. 15, 2015, companies will have to get consent before installing a program on a person’s computer if the software has the ability to covertly send electronic messages or has other functionality outlined in the legislation.\u201d And if you think that enforcing errant spammers is a tall order, imagine what will happen when software enters the mix.<\/p>\n

Think about it. Every smartphone, every tablet, every PC. Every game console, every set-top box, every smart TV. Every device that relies on an Internet connection to routinely update its firmware will be affected by the software rule. Exemptions will be given for operating systems, cookies, HTML and executable code like JavaScript, and software updates if a company can prove a user previously consented, but how that consent will be established remains to be seen.<\/p>\n

And lest you think that this applies to malware makers only, as the CBC points out, \u201cWhile the law has been framed as an attack on the creators of malware and spyware, it also affects legitimate software companies, which face fines of up to $10 million for non-compliance.\u201d<\/p>\n

Michael Geist, a professor at the University of Ottawa and the Canada Research Chair in Internet and E-commerce Law, points out that \u201cconsumers are putting a plethora of stuff on their systems often without knowing much about it. This raises the bar in terms of consumer awareness when they’re installing software, better awareness about what that software will do, and greater disclosure requirements on the part of businesses seeking to install those programs.\u201d<\/p>\n

There\u2019s little grey area in what companies need to do in order to be compliant. \u201cCompanies must also clearly disclose to users if its software could collect personal information, interfere with the normal operation of a computer, alter settings or preferences or data on a computer, or allow a third party to access a computer. The law states that the disclosure must be described \u2018clearly and prominently and separately and apart from the licence[sic] agreement.\u2019\u201d<\/p>\n

Things get even more interesting when you consider Apple\u2019s recent woes as they thought giving the world a dose of U2 wouldn\u2019t have any repercussions. According to Huffington Post<\/a>, the CRTC got an earful from Canadians over the sudden appearance of U2\u2019s new album \u201cSongs of Innocence.\u201d Apple, of course, got an earful from the world<\/a> when they spent $100 million in what was meant to be a massive goodwill campaign. Instead, people were either Googling U2 to find out exactly what that was, or hitting the Twitterverse to beat up on Apple for invading their iTunes collections. But it raised an interesting question when Canadians decided to lodge complaints with Canada\u2019s spam watchdog.<\/p>\n

According to HufPost, the CRTC\u2019s \u201cnot so sure if U2\u2019s move would have been legal under new, expanded regulations coming into force in January.\u201d It\u2019s probably safe to say that there will be much confusion in the ensuing months over how this is going to play out.<\/p>\n

Let the games begin.<\/p>\n","protected":false},"excerpt":{"rendered":"