More CASL enforcement

Last week the CRTC published a CASL enforcement action wherein they fined an individual $15,000 for 10 violations of the act.

The Commission imposes an administrative monetary penalty of $15,000 on William Rapanos for 10 violations of section 6 of Canada’s Anti-Spam Legislation. Specifically, Mr. Rapanos sent commercial electronic messages (i) that did not identify the sender, (ii) that did not include information that enables the recipient to readily contact the sender, (iii) without prior consent from the recipients, and (iv) that, in certain cases, did not include a functioning unsubscribe mechanism.

I do encourage folks who are concerned about CASL to read through the full article on the CRTC website. They write out how hard they tried to work with the individual in question. They really seem to have tried to do what they could to get compliance with the act without assessing a fine. As the CRTC says, the aim of penalties is to promote compliance, not to publish people who violate the act. We’ve certainly seen other CASL cases involving much more mail, that proportionally smaller penalties assessed.
One thing that I noticed in the article was the description of the individual under investigation. The CRTC walks through the discussions with him and the investigations into sending. The documented behavior is very “spammer” to me, especially the “someone is doing this to frame me” and “someone must have stolen my identity.” No one really believes that someone would steal your identity, break into your house, use your wifi and … only send spam. There’s so much more that can be done with that level of access.
None of his behavior is any surprise to any of us who have worked with spammers.

Related Posts

CASL botnet take down

biohazardmailThe CRTC served its first ever warrant as part of an international botnet takedown. The warrant was to take down a C&C (command and control) server for Win32/Dorkbot. International efforts to take down C&C servers take a lot of effort and work and coordination. I’ve only ever heard stories from folks involved but the scale and work that goes into these take downs is amazing.
Bots are still a problem. Even if we manage to block 99% of the botnet mail out there people are still getting infected. Those infections spread and many of the newer bots steal passwords, banking credentials and other confidential information.
This kind of crime is hard to stop, though, because the internet makes it so easy to live in one country, have a business in a third, have a shell corp in a fourth, and have victims in none of those places. Law enforcement across the globe has had to work together and develop new protocols and new processes to make these kinds of takedowns work.
 

Read More

What do you think about these hot button issues?

bullhornIt’s been one of those weeks where blogging is a challenge. Not because I don’t have much to say, but because I don’t have much constructive to say. Rants can be entertaining, even to write. But they’re not very helpful in terms of what do we need to change and how do we move forward.
A few different things I read or saw brought out the rants this week. Some of these are issues I don’t have answers to, and some of them are issues where I just disagree with folks, but have nothing more useful to say than, “You’re wrong.” I don’t even always have an answer to why they’re wrong, they’re just wrong.
I thought today I’d bring up the issues that made me so ranty and list the two different points of views about them and see what readers think about them. (Those of you who follow me on Facebook probably know which ones my positions are, but I’m going to try and be neutral about my specific positions.)

Read More

Another CASL fine assessed

This week the Canadian Radio-television and Telecommunications Commission (CRTC) announced a $50,000 fine against Blackstone Learning Corp. for violations of CASL.
gavel
In early 2015, the CRTC identified over 380,000 emails sent without the consent of recipients and fined Blackstone $640,000. Blackstone appealed the ruling and the Commission lowered the fine to $50,000.
I strongly recommend folks who are interested in how the CRTC is enforcing CASL read the full release. In it, the CRTC walks us through the process of investigation. In this case, Blackstone argued that they had implied consent based on the public nature of the recipients email addresses and the fact they’re published on different websites. The commission disagreed.

Read More