On March 29, 2021, the Canadian Radio-television and Telecommunications Commission announced a notice of violation imposing a $75,000 penalty on an individual for conducting high volume spam campaigns in violation of Canada’s Anti-Spam Legislation (commonly known as CASL). The $75,000 penalty is the largest penalty imposed to date on an individual spammer.
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit the sending of unsolicited commercial electronic messages (CEMs), the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud. Following are some key aspects of CASL:
- CASL creates an opt-in regime that prohibits, subject to limited exceptions, the sending of a CEM unless the recipient has given consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (e.g., information about the sender and an effective and promptly implemented unsubscribe mechanism).
- CASL also prohibits, subject to limited exceptions, the installation and use of a computer program on another person’s computer system, in the course of a commercial activity, without the express consent of the owner or authorized user of the computer system.
- CASL imposes liability on organizations and individuals (including corporate directors and officers) for direct and indirect/vicarious CASL violations. CASL provides a due diligence defence.
- CASL violations can result in regulatory penalties of up to $10 million per violation for an organization and $1 million per violation for an individual. CASL includes a private right of action that is not in force.
The Canadian Radio-television and Telecommunications Commission (CRTC) is responsible for enforcing CASL’s rules regarding CEMs and computer programs. Since CASL came into force in 2014, CRTC has taken enforcement action against organizations and individuals who have violated CASL, and has issued enforcement decisions and accepted voluntary undertakings (settlements). See BLG bulletins CASL – Year in Review 2020, CASL – Year in Review 2019, CASL – Year in Review 2018, CASL – Year in Review 2017, CASL – Year in Review 2016 and CASL – Year in Review 2015.
Notice of violation
The CRTC’s announcement and published notice of violation allege as follows:
- Between December 2015 and May 2018, Scott William Brewer conducted at least three high-volume spam campaigns in which he sent, or caused or permitted to be sent, at least 671,342 CEMs without the recipients’ consent.
- At least one campaign used a hailstorm-type spam technique to send a high volume of CEMs in less than one week, before anti-spam defences could respond and block the CEMs.
- The spam campaigns promoted Brewer’s online marketing and webpage development services and independent online casinos that would compensate Brewer through their affiliate marketing programs for referring new customers.
- There was no evidence that Brewer obtained the necessary consent to send the CEMs.
- The CEMs were sent using alias email addresses that were attributed to Brewer.
- Other spam campaigns attributed to Brewer were not investigated. Information indicates that Brewer may have been responsible for sending, or causing or permitting to be sent, several million non-compliant CEMs.
- The CRTC investigator gathered evidence from a variety of sources in Canada and abroad.
The $75,000 penalty imposed by the notice of violation is the largest penalty imposed to date on an individual spammer.
CASL’s enforcement procedures require Brewer to either pay the penalty, contest the Notice of Violation, or negotiate an undertaking (settlement) with the CRTC. Brewer may appeal to the Federal Court of Appeal from a decision rendered by the Commission.