Canadian anti-spam laws take an important step forward

"Guest blogger Michael Argast, director of global sales engineering at Sophos, discusses changes in anti-spam legislation in his home country of Canada. Over to you Michael.."

Michael Argast

The Conservative government in Canada last week introduced the Electronic Commerce Protection Act to help cull sources of spam and other malicious activity from within Canadian borders.

Although it was introduced as “the Government of Canada protecting Canadians” those of us in the industry recognize that this is a global problem, and the amount of spam and other malicious stuff ending up on Canadian’s computers will not likely be significantly impacted as a result.

Our latest threat report had Canadian sources of spam being only 1.1% of the global total, and of course most of that will be from compromised machines forming parts of a botnet.

However, I do think this is a positive step for Canada as a “good neighbour” in the global community. We have seen a lot of previously US-based spam operations move to Canada due to a lack of this type of legislation – hopefully those same people will find it more inconvenient to move further overseas and cease operations.

Another nice thing about this legislation are specific prohibitions on installation of non-desired software such as spyware, keyloggers, adware, etc, during commercial operations.

So, while this is an important step forward, ultimately the spam and malware problem requires a global response.

The person breaking into your house to steal your flatscreen TV likely lives in your community. The one sending you malware via a spam campaign likely lives in Russia, breaks into a site in the US to get you to into the threat tree, delivers the code off a compromised machine in Brazil and fires the spam off a botnet with compromised machines in Canada, China and South Africa. He then sells your credit card number or identity to a mule in your neighbourhood, who may not even be aware they’re part of a global operation.

This sort of problem requires a global response, and the Electronic Commerce Protection Act is a good local step in a global effort.