CRTC Issues Penalties for Malware Distribution

The Canadian Anti-Spam Law (CASL) does not just prohibit non-consensual commercial messages.  The  Canadian Radio-television and Telecommunications Commission also enforces CASL’s prohibitions on  the non-consensual installation of software onto a person’s computer.

As reported by FTC (CID) investigation defense lawyer Richard B. Newman, on July 11, 2018, the CRTC issued Notices of Violation to Datablocks and Sunlight Media for purportedly  aiding in the installation of malicious computer programs through the distribution of online advertising.  The CRTC alleges that Sunlight Media accepted unverified customers that used their advertising services to distribute malware.  The CRTC also alleges that Datablocks provided the clients of Sunlight Media’s unverified customers with the means to place ads that contained malicious computer code.

The CRTC cited various compliance issues, including, but not limited to, the failure to monitor service usage, the absence of written compliance programs (despite having been warned about cybersecurity issues in 2016) and deficient contracts that failed to mandate compliance with CASL.  Attorney general (AG) defense lawyer Richard Newman has previously blogged about advertising regulatory policy in the U.S. regarding the importance of monitoring marketing partners.

According to the CRTC, the action included penalties of $100,000 for Datablocks and $150,000 for Sunlight Media.

The Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission, stated “[a]s a result of Datablocks and Sunlight Media’s failure to implement basic safeguards, simply viewing certain online ads may have led to the installation of unwanted and malicious software.  Our enforcement actions send a clear message to companies whose business models may enable these types of activities.  Businesses must ensure their commercial activities do not jeopardize Canadians’ online safety. ”

Online advertising is one of the primary ways that malware is distributed.  This matter marks the first time that the CRTC has taken action against the installation of malicious software through online advertisements under CASL.

Written compliance policies and responsible contracts are critical in today’s hyper-aggressive online advertising regulatory landscape.  The FTC and state AGs expect all those in the digital marketing ecosystem to responsible vet and monitory marketing partners.

Richard B. Newman is an FTC compliance and defense lawyer at Hinch Newman LLP focusing on advertising and digital media matters.  Follow him on Twitter @FTCLawDefense.

Informational purposes only. Not legal advice. Always seek the advice of an attorney. Previous case results do not guarantee similar future result. Hinch Newman LLP | 40 Wall St., 35th Floor, New York, NY 10005 | (212) 756-8777.