Legal Definitions - Canadian Anti-Spam Law of 2010: Message Redirection and Software Installation

The Canadian Anti-Spam Law of 2010 (CASL) is a comprehensive piece of legislation designed to protect Canadians from electronic threats like spam, malware, and phishing. While it covers many aspects of electronic communication, Clauses 7 and 8 specifically address two key activities:

• Message Redirection: This refers to intentionally changing the destination of an electronic message so it goes to an "electronic address" (like an email inbox or a server) different from the one the original sender intended. This is generally illegal unless the recipient has given their express permission or a court has ordered it. An exception exists for telecommunications service providers performing necessary network maintenance.
• Software Installation: This involves sending software for download to a user through an electronic message. This is also generally illegal unless the user has given their express consent. When consent is given, the sender must provide clear and detailed information about what the software does and why it's being sent before the user downloads it.

Here are some examples to illustrate these provisions:

• Example of Illegal Message Redirection:

  A malicious hacker gains access to a company's email server and sets up a rule to automatically forward all incoming emails addressed to the CEO to a different, unauthorized email account controlled by the hacker. The CEO's emails are then read by the hacker instead of reaching their intended recipient.

  Explanation: This scenario illustrates illegal message redirection because the hacker has altered the transmission data to send messages to an electronic address different from the sender's specified destination, without the sender's or recipient's consent, and not under a court order or for network maintenance.

• Example of Legal Message Redirection (with consent):

  Sarah decides to switch email providers. Before closing her old account, she logs into her old email service and sets up an automatic forwarding rule to send all new emails from her old address to her new one for the next six months. She explicitly configures this setting herself.

  Explanation: This is a legal form of message redirection because Sarah, the recipient, has given her express consent by actively setting up the forwarding rule for her own messages. She is intentionally altering the destination of her incoming emails.

• Example of Illegal Software Installation:

  An unsolicited email arrives in Mark's inbox, disguised as a notification from a popular online store about a pending delivery. The email contains a link prompting him to "download the tracking software" to monitor his package. When Mark clicks the link, a program automatically downloads and installs on his computer without any clear explanation of its true function, which turns out to be spyware.

  Explanation: This violates CASL's provisions on software installation because software was sent for download via an electronic message without Mark's express consent and without clear disclosure about its actual function and purpose before installation.

• Example of Legal Software Installation (with consent and disclosure):

  A user subscribes to a reputable antivirus software service. During the initial sign-up process, they explicitly check a box agreeing to receive email notifications about critical security updates and new versions of the software, including direct download links. Later, the company sends an email announcing a major security patch, clearly explaining what vulnerabilities it addresses and how it improves protection, along with a secure link to download the update.

  Explanation: This is a legal software installation scenario because the user provided express consent to receive software updates via email. Furthermore, the email provided clear disclosure about the function and purpose of the software (the security patch) before the download was offered.