Improving Technical Security Privacy Reports

Join forces to eliminate spam – read the new report from the CRTC

What are the best ways to reduce spam? How can we work together to reduce this threat and create a more trusted Internet?

Last October, in the vibrant city of Bangkok, the Internet Society joined regulators for an in-depth conversation about how to eliminate spam and its harmful effects. Our kind hosts were the Canadian Radio-television and Telecommunications Commission (CRTC) and the International Institute of Communications (ICC).

The CRTC has published a comprehensive and insightful report on the workshop, capturing the key issues, observations, and ways forward. We encourage you to read it carefully. First and foremost, take note of the answer to “why act now?” – it’s a shared responsibility.

This principle lies at the heart of the Internet Society’s Collaborative Security approach. We have a collective responsibility to care for the Internet for everyone.

Spam is not just a nuisance: it’s a vector for malware, fraud and attack. Gone are the days when spam was just an unwanted email. Today, spam is big business.

Spammers are continually adapting their activities to find new ways to: exploit users; maximize their profits; and avoid law enforcement. Two areas of increasing concern are botnets and ransomware, both of which are propagated by spam. Europol’s Serious and Organised Crime Threat Assesssment for 2017 states that ransomware has become “… the leading malware in terms of threat and impact”. And, one only has to look about to the 2016 Mirai botnet DDoS attacks to understand the risk they pose to the stability of the Internet.

Eliminating spam requires efforts on all fronts: legal, technical, economic and social. It’s a problem that will need a collection of solutions, carried out through collaboration across borders and across disciplines.

What can governments do? Governments can contribute to combatting spam and its harmful effects by:

  • deterring bad actors through law and enforcement
  • empowering citizens to avoid the dangers of spam
  • fostering cross-discipline anti-spam efforts
  • encouraging anti-spam best practices
  • supporting anti-spam research.

What can you do? Join the fight against spam. Go to our anti-spam toolkit to find out what you can do to protect yourself and others.


Public Policy

CRTC Decision Creates a Canadian Framework for Net Neutrality

Yesterday’s decision by the Canadian Radio-television and Telecommunications Commission (CRTC) should be welcomed by advocates of net neutrality. Though not an ideal decision in certain respects, and continuing to make clear the need for specific, updated legislation on online connectivity and communication, it does nevertheless enshrine some of key principles of net neutrality in the CRTC’s regulatory framework.

Originating from a specific complaint against zero-rating data practices by Quebec-based ISP Videotron, the ruling builds a general framework for online traffic treatment practices which effectively bans differential treatment of data based on its origin point. In other words, ISPs, whether fixed or mobile, will no longer be able to offer packages which do not count certain preferred services or websites towards data caps, or to offer preferred speeds to these content providers.

There are, however, some details in which the framework is less effective than it could be and where future rulings will be critical to clarify and strengthen the principles laid out in this initial framework.

The CRTC derived its authority in making the decision from subsection 27(2) of the Telecommunications Act, and specifically dealt with the question of zero-rating or discounting of retail Internet traffic to consumers. Critically, the ruling does not affect the ability of ISPs to manage Internet protocol networks internally or to negotiate between each other for data and bandwidth sharing.

The Commission set out several criteria by which the decision was made, including impact on Internet openness and innovation, but with the main one being if, “the treatment of data is agnostic”; in effect, this puts neutral treatment of data at the heart of the CRTC’s decision-making process in regards to the Internet for the foreseeable future. This decision effectively means that competition between Internet providers and packages will now need to be based on a combination of price, connection speeds, network coverage and data bandwidth, rather than preferentially-treated services. In this respect, the decision builds upon and formally outlines principles underlying previous cases where service providers were forced to disclose bandwidth “throttling” practices and to discontinue using zero-rating practices for branded online television streaming.

With this said, the ruling also contains some unclear elements and potential loopholes for abuse that detract from its overall impact. The major factor is that, rather than adopting clear rules on disallowed practices, the CRTC has opted for a complaints-based approach to violations of the net neutrality framework adopted. Though there are concerns that adopting strict rules would not address quickly evolving ISP practices, creating a complaints-based framework could also lead to an access problem on the part of consumers, particularly those with low incomes or limited amounts of time. Contrary to submissions from net neutrality advocates, including some smaller ISPs, the decision stated that a new code for net neutrality was unnecessary in light of a body of regulations stemming from this and previous rulings. Again, in this respect, it falls short of a full commitment to net neutrality principles, even as it generally adheres to them. The Commission also effectively declined to rule or launch further proceedings on the question of data capping and throttling procedures, instead referring to previous decisions designed to increase network access and facilitated greater consumer bandwidth.

The CRTC’s placing of the onus on consumers to bring forward practice complaints, rather than taking a more proactive approach, is likely to make future action on emerging ISP practices more cumbersome in practice. As well, there are concerns, akin those around to the FCC’s previous use of Title II authority, that utility-like regulation of the Internet could stifle innovation. Those concerns aside, the ruling does create a framework for arguably more consumer-friendly ISP practices moving forward and one which explicitly recognize the goals of openness and innovation online.

This post was authored by Carter Vance, intern with the North American Regional Bureau, and Mark Buell, Regional Bureau Director for North America.