The Canadian Radio-television and Telecommunications Commission ("CRTC") has executed a warrant under Canada's anti-spam law (commonly known as "CASL") to investigate the installation of malware and the alteration of transmission data.

CASL

CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit unsolicited or misleading commercial electronic messages, the unauthorized commercial installation and use of computer programs on another person's computer system, the alteration of transmission data in an electronic message and other forms of online fraud. CRTC has the primary enforcement responsibility under CASL, and has various enforcement tools for that purpose (e.g. preservation demands, production notices and warrants).

For most organizations, the key parts of CASL are the rules for CEMs. Subject to limited exceptions, CASL creates an opt-in regime that prohibits the sending of a CEM unless the recipient has given informed consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (including an effective and promptly implemented unsubscribe mechanism) and is not misleading.

CASL also prohibits, in the course of a commercial activity and subject to limited exceptions, the installation and use of a computer program on another person's computer system without the express consent of the owner or authorized user of the computer system. The computer program rules apply to almost any computer program (not just malware, spyware or other harmful programs) installed on almost any computing device (including mobile phones) as part of a commercial activity (regardless of expectation of profit).

CASL also prohibits, in the course of a commercial activity and subject to limited exceptions, the alteration of transmission data (e.g. data that identifies the address, date, time, size, origin or destination) in an electronic message so that the message is delivered to a destination other than or in addition to the destination specified by the sender.

Enforcement Action

On January 27, 2016, CRTC announced that it executed a CASL warrant as part of an ongoing investigation relating to the installation of malicious software and the alteration of transmission data.

The announcement explains that the investigation resulted from a lead from FireEye Inc., a commercial cybersecurity vendor. The announcement does not provide details of the warrant or its execution. The announcement explains that CRTC is using enforcement tools and cyber investigative techniques to investigate alleged CASL violations.

CRTC's Chief Compliance and Enforcement Officer explained: "We are working to protect Canadians from online threats by pursuing those individuals and entities who violate Canada's anti-spam legislation. We are grateful for the assistance that FireEye Inc. provided which led to the execution of this warrant, and we will continue to work closely with our domestic and international partners in the fight against cyber threats."