On March 29, 2021, the CRTC announced a $75,000 fine to an individual for sending “millions” of emails with no ability to prove consent. This is the first Notice of Violation issued under CASL since the Orcus Technologies Notice Of Violation on December 12, 2019 ($115,000) – https://crtc.gc.ca/eng/archive/2019/vt191210.htm
According to the CRTC, a Notice of Violation has been sent to Scott William Brewer for sending emails to individuals without consent. According to the CRTC: (CRTC Official statement – https://crtc.gc.ca/eng/archive/2021/vt210329.htm)
“Summary of investigation
The Canadian Radio-television and Telecommunications Commission (CRTC) is responsible for the administration of sections 6 to 46 of Canada’s Anti-Spam Legislation (the Act), and the Electronic Commerce Enforcement (ECE) division of the Commission investigates potential violations pursuant to the Act.
In January 2019, CRTC staff launched an investigation into a series of high-volume spam campaigns and potential violations of paragraph 6(1)(a) of the Act.
Paragraph 6(1)(a) of the Act states that it is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message (CEM) unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.
Pursuant to section 22 of the Act, a notice of violation has been issued to Scott William Brewer for committing three violations of paragraph 6(1)(a) of the Act.
Between 1 December 2015 and 23 May 2018, Brewer sent or caused or permitted to be sent a minimum of 671,342 Commercial Electronic Messages (CEMs) without the consent of recipients.
Specifically, Brewer sent the following commercial electronic messages without express or implied consent:
829 CEMs between 1 December 2015 and 20 January 2016;
72,944 CEMs between 24 February 2016 and 20 March 2016; and,
597,569 CEMs between 18 May 2018 and 23 May 2018.
Additional spam campaigns have been attributed to Brewer; however, due to operational priorities and in order to maximize resource efficiency, only the three campaigns noted above were investigated.
In accordance with section 13 of theAct, the person who sends a CEM has the onus of proving that consent was obtained. There was no evidence obtained during the investigation to indicate that Brewer obtained the necessary consent to send CEMs.
The scope of the investigation focused on three unique spam campaigns, which have been categorized into two themes:
Affiliate Marketing – 597,569 CEMs were sent from one email address over six days. The messages included an embedded link to casinoonlinesoftware[.]com; a blog-style website registered by Scott Brewer, promoting four online casinos that would compensate Brewer through their affiliate programs for new customers referred through casinoonlinesoftware[.]com.
Web Marketing – 73,773 CEMs were sent from two email addresses over a period of approximately four months. The messages promoted Scott Brewer’s services for online marketing and webpage development.
There were 671,342 records in the Spam Reporting Centre (SRC), which contained information attributable to Brewer, including phone numbers, mailing addresses, domains, email addresses and IP addresses. Evidence was gathered from a variety of sources, in Canada and abroad, which support the conclusion that Brewer was responsible for sending or causing or permitting the non-compliant CEMs to be sent.
All of the CEMs in the above-noted campaigns were sent using alias email addresses from major email service providers, which investigators were able to attribute to Brewer.
Evidence reviewed during the investigation demonstrated that Brewer registered and hosted the domains which were being promoted in the CEMs. Investigators also identified other indicators of non-compliance, including several mailing lists and millions of records of failed email delivery attempts. Conversely, no exculpatory evidence, such as records of consent, was found.
Brewer used a hailstorm-type spam technique to send a high volume of CEMs, particularly in relation to the Affiliate Marketing campaign, where 597,569 CEMs were sent in less than one week.
In hailstorm spam campaigns, email messages are sent out in a very high volume over a short time span and may end before the fastest traditional anti-spam defenses can update in response.
Corroborating information reviewed during the investigation indicated that Brewer may have been responsible for sending, causing or permitting to be sent, several million non-compliant CEMs. During a sample period in the investigation, approximately 11 million emails were sent from Brewer’s IP address over a 24 day period.
Information and evidence to support this investigation was gathered from multiple sources, including Notices to Produce pursuant to section 17 of the Act, and provided reasonable grounds to believe, that through the three spam campaigns, Scott William Brewer sent the 671,342 CEMs without consent, representing three violations of paragraph 6(1)(a) of the Act.
Based on the information gathered in the investigation, the Director of the Electronic Commerce Enforcement division has issued a Notice of Violation, including an administrative monetary penalty of $75,000 to Scott William Brewer.
Caveat:
A person who is served with an NOV has the opportunity to make representations before the Commission with respect to the amount of the penalty or the alleged violations pursuant to sections 24 and 25 of the Act, and may further bring an appeal in the Federal Court of Appeal from a decision rendered by the Commission pursuant to section 27 of the Act. As a result and at this time, the above-mentioned information constitute allegations made by persons designated by the Commission pursuant to section 14 of the Act.
A person who is served with an NOV has also the opportunity to enter into an Undertaking in connection to these acts and omissions pursuant to subsection 21(4) of the Act, under the conditions provided by subsection 21(2) of the Act.