
Dutch Zombie Children Welcome You

Free Books, Free Ants

A Little Park But Wait It’s Not For You, Poor Person


Contrasting Footpaths

Cool-Ass Little Seed Library
Dutch Zombie Children Welcome You
Free Books, Free Ants
A Little Park But Wait It’s Not For You, Poor Person
Contrasting Footpaths
Cool-Ass Little Seed Library
The list of resources for local residents on this site continues to grow with a new page on newsletters you can subscribe to from local community organizations and businesses.
Also added to the Kingston drop-down menu.
I continue to be fascinated — maybe uniquely so? — by puffery. Probably because of the marketing background, but the notion that being untruthful is okay if the lie is extravagant enough that a layperson wouldn’t believe it 1my own words; I’m working on a set of definitions in case law, which will be interesting (to me, anyway). is not only intriguing, but I’d argue in some ways necessary to modern advertising.
At the far end, it makes perfect sense. If you watch an ad for Skittles and a unicorn touches a couch with its horn and the couch turns to Skittles, it would be preposterous for somebody to sue the Skittles people if a furniture-transforming unicorn fails to appear when they open a pack.
But at the other end of the spectrum, there’s a line past which the grey starts shading into black, and judges are making very nuanced decisions based on, I’d argue, very little guidance. Looking at CanLII, the word ‘puffery’ has been used a lot in court decisions in the last few years, with subtypes of puffery including…
Nothing substantial here today, but a bit of a placeholder to remind myself that I’d like to unpack this a bit more.
As reported by Law360, CanLII is filing suit against the Caseway AI chatbot over allegations of a mass scrape of CanLII’s content.
I’m a big CanLII fan. I use it all the time, including on multiple blog posts on this site, and recorded a podcast episode about it some time ago. It’s a phenomenal resource.
There are a few things that will be unpacked here, in the courts or otherwise.
CanLII’s main claim to fame isn’t original content, but being a central resource that consolidates legal decisions in Canada.
That said, the very first point in the Statement of Facts, per CanLII, is
This would be tricky to defend on copyright grounds. The Supreme Court has upheld copyright in “headnotes, case summary, topical index and compilation of reported judicial decisions” in the past.1CCH Canadian Ltd. v. Law Society of Upper Canada, [2004] 1 S.C.R. 339, 2004 SCC 13 Broadly speaking, most of what CanLII does isn’t original work.
But some of it is! From the Statement of Facts, 18(i) CanLII:
summariz[es] court decisions and generating an original analysis containing case facts, procedural history, parties’ submissions, legal issues, disposition, and reasons for judgment, with links to the pertinent paragraph numbers within the body of the corresponding decision;
This clearly aligns with the SCC decision above, and if it’s found that Clearway included and used the original works in their scrapes, that’s not great for them.
What’s really interesting is that CanLII is approaching this as a breach of contract, via the Terms of Use for the website. It feels, to my eyes, like they know the copyright case is inherently a bit shaky, and the clearer path is to reinforce the copyright infringement claim with the breach of contract.
This distinguishes CanLII from other high-profile lawsuits against AI by creators claiming copyright violation. Sarah Silverman, for instance, doesn’t have terms of use. (I’m sure Sarah Silverman could make a great and filthy joke about her “terms of use,” but I digress.)
The TOS tack is novel, to my knowledge.
Caseway’s counter-arguments to CanLII’s claims are, well, kinda stupid. Per the Law360 article:
“Our AI is built to pull and analyze unaltered court documents directly from public sources, ensuring compliance with copyright and intellectual property laws. CanLII’s attempt to restrict us from using their data is essentially moot, as we’re already avoiding it,” [Alistair Vigier, co-founder of Caseway AI] said in a statement.
But… Caseway did. Whether or not the documents are publicly accessible doesn’t alter the fact that they pulled them from CanLII.
And
He added that he had never seen or accepted CanLII’s terms of service and noted that Caseway does not incorporate CanLII’s works in any way that masks, frames, or misrepresents their origin.
Yeah, nobody ever reads those things, huh? That doesn’t mean they don’t exist (digging in the crates again, I did a fun podcast episode several years ago with Peter Kissick about the contracts nobody reads). But they’re there. Ignore them at your peril.
Vigier noted that an injunction restricting Caseway from using CanLII’s data would not impact its operations as it is not using any CanLII data in its system.
Whether or not they’re presently using the data is again immaterial to whether or not they violated the TOS and copyright of CanLII.
I’m looking forward to seeing how this plays out. Hopefully not an out of court settlement; there are some nuances around the value of categorization and analysis that seem to fall under the SCC threshold established in CCH that could be interesting to see threshed out in court.
And the recursive loop of looking all this up in CanLII will be fun.
This took a long time to do! And I suspect will take a bit of effort to maintain over time.
The biggest issue being to create the table with icons, it wound up being necessary to pull the table out as HTML, manually insert the Font-Awesome icon codes, and then update the table manually every time I wanted to add a line with the icons.
Compounded by the fact that I’m an idiot, and thought that doing a find-and-replace at the code level for “Street,” St.,” etc. to “St,” and “Road,” “Rd.”, etc. as “Rd” was a good idea. But I had RegEx turned on, so when I replaced “St.” and Rd.” every string with St* and with Rd* was replaced, including the word “Kingston,” strings like “Bistro,” and so on — including their URLs. But by the time I noticed it was too late to undo. So half my time on the table was spent fixing those mistakes.
Ultimately, I’d prefer to live in a world where chain restaurants are rare, Facebook is extinct, and people curate local information without being reliant on algorithm driven search. I use Google Sheets and Google MyMaps for this, so I’m not angling to make this some sort of weird purity test — but I’m hoping to use those tools to make people less reliant on Google’s primary product, and do a small bit to eradicate Facebook/Meta.
The sporadically-updating horror podcast Tear Them Apart did an episode on one of the great sleeper horror movies of all time, Pontypool, last month.
Horror fans that don’t know much about south-eastern Ontario likely don’t know that Pontypool is a real place — in fact, I went to high school one town over, and spent a fair bit of time in Caesarea and Nestleton with friends, a short hop away.
Caesarea is even name-checked in the movie, and is the title of the third of a three-book trilogy by the author of the novel that Pontypool the movie was adapted from.
Visiting my folks last weekend, I thought I’d swing by the town to take some pictures for Evan Dorkin and Paul M Yellovich, the podcast’s hosts.
The Pontypool sign, with a quick best-efforts “Tear Them Apart” podcast call-out. I took it down after. I was really angering all the goats in the weird-ass half-farm next to the sign so I had to make it quick.
“Downtown” Pontypool, facing north. Note the telephone pole “TAKE BACK CANADA” sign. People think Ontario / Canada is pretty progressive, but it’s more like New York State: once you’re out of the cities, you’ll find a lot of the same regressive racist yahoos you find in any rural place. This was the part of the drive to my folks’ place where farms have STAY OFF MY LAND GUBBERMINT signs, and vaccine conspiracy lawn signs sprouted like weeds during COVID.
Grant Mazzy would probably be more at home here as a shock jock than the station staff would like to believe.
Same position, turning south:
That’s it. That’s Pontypool. The streets stretch out about a kilometre in all directions with mostly two-story houses of a mid-19th-century vintage.
The sign on the left of this photo is for the town’s only gas station (with integrated Tim Horton’s naturally; there’s nothing more faux Canadian than this foreign-owned chain that’s somehow convinced people it’s a Canadian icon, and that its coffee doesn’t taste like battery acid that briefly had a coffee bean dipped in it).
Tim Horton’s has grown in my mind in recent years to really represent the rise of the right in Canada: symbols are more important than reality, and being “Canadian” is more important than being Canadian. It’s not a Canadian chain any more, and the coffee and food are terrible, but it’s “Canadian,” so Doug Ford shills for Smile cookies and — okay, I’m getting off-topic. Tim Hortons sucks.
Behind the grocery store across the street you can see a little red sign; that’s the pharmacy on the first floor of a house. Facing the pharmacy, the only grocery/convenience store, and the only restaurant:
That’s it. That’s Pontypool. The streets stretch out about a kilometre in all directions with mostly two-story houses of a mid-20th-century vintage.
Not pictured is the town arena, which if you live in Ontario and I say “small town arena,” you’re already picturing.
The most unrealistic thing about Pontypool (the movie) is that it has a radio station that employs at least three people full-time. The most realistic thing about Pontypool (the movie) is the syndicated news break at the beginning that mentions a major drug bust in Caesarea. That 100% checks out.
The above probably sounds like I’m dunking on Pontypool; I kind of am, because I’m a bit triggered by the TAKE BACK CANADA garbage and have less than fond memories of COVID-area rural lunacy.
I grew up in a town about this size, and I’m sure it’s as much a mixed bag as that town was.
Anyway, that’s Pontypool-the-town, if anyone is watching the movie (it’s really, really good!) and wants to see what the real-deal place looks like.
Catching my breath after my first week in my new role as Executive Director of the Chess Institute of Canada; onboarding in Toronto while meeting the Board, the staff and many of the instructors.
I’m really excited to be joining CIC at a pivotal moment in their history. “Chess for life” is their mission: imparting valuable and lasting life skills through the medium of the world’s greatest game. There’s so much you can learn from the “gymnasium of the mind” — strategy, forethought, patience and planning, yes; also good sportspersonship, how to deal with adversity, creative problem-solving and perseverance through setbacks.
Student enrichment was dramatically altered over COVID, and while this is an organization built on excellence from a firm footing based on the vision of its founder, Ted Winick, in many ways this is also a new era for CIC in terms of how it instructs, where it reaches, and who it benefits. Chess is for everyone, and I’m incredibly excited to be working with a dedicated, passionate and innovative team in making sure everyone can benefit from what it brings.
I’m still drinking from the fire hose, as they say — lots to learn, lots to do — but honoured and thrilled to be entrusted to lead this organization from greatness to… even more greatness. Super greatness.
I’m sure I’ll have many incredibly apt chess metaphors at the tip of my tongue very soon, but for now, I’m just very happy to be here, and especially to be working with a visionary and committed board, incredibly dedicated and passionate staff, and immensely talented and compassionate instructors.
Background photo by Vlada Karpovich: https://www.pexels.com/photo/chess-pieces-on-the-chess-board-6114952/
This is part eleven of a multi-part series reviewing Canada’s Anti-Spam Legislation in practice since its introduction in 2014 and the beginnings of enforcement in 2015. Crosslinks will be added as new parts go up.
Part 4: Case File – Compu-Finder
Part 5: Case File Anthology, 2015-2016
Part 6: Case File – Blackstone Education
Part 7: Case File Anthology, 2017-2018
Part 8: Case File – Brian Conley/nCrowd
Part 9: Case File Anthology, 2019-2022
Core resources:
Enforcement Actions Table (CASL selected)
I’ve been taking various runs at a wrap-up of almost 10 years of CASL being on the books, and keep kind of bouncing off this summary. In part because it’s hard for me – as somebody who needs to interpret the regime, but who is also interested in looking at its effects over time – to get a firm grip on how it is implemented and practised based on the last 9-and-a-bit years of enforcement.
I’m going to break this down into a few components:
CASL isn’t just for “spam”. Frankly, they should rename it. “Anti-Spam legislation” is a snappy phrase but causes more confusion than is warranted. The conventional understanding of spam is junk email, but this legislation applies to texts, intrusive software (malware), browser extensions… essentially, if it’s delivered digitally, it falls into the remit.
ALL Commercial Electronic Messages (CEMs) are prohibited. By default. Assume any commercial message is not allowed to be sent, and CASL carves out exceptions to the general prohibition.
ANY CEM contaminates a non-CEM. Even if a message is 99% non-commercial, any inclusion of any content that – from the Act:
having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that
(a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
(b) offers to provide a business, investment or gaming opportunity;
(c) advertises or promotes anything referred to in paragraph (a) or (b); or
(d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.
The Act, 1(2)
Requests for consent are also CEMs per s1.3 of the Act. This results in a Catch-22 – you can’t market without permission, but asking for permission is marketing. Added value is therefore key – or couching a consent request in an otherwise legitimate communication. I can’t email you out of the blue (except under a certain set of circumstances) asking you to opt into my newsletter, but I can post on LinkedIn telling people I’ve created a free white paper on best practices in Z, and require people to sign up for my newsletter to download that white paper.
From Compu-Finder:
From Porter Airlines:
From Blackstone:
From Ghassan Halazon:
From 514-Billets:
From Datablocks/Sunlight Media:
From Brian Conley / nCrowd:
From Orcus Technologies:
From Scott William Brewer:
Who wants spreadsheets? We got spreadsheets.
Wuxtry! Wuxtry! Getcher spreadsheet heah!
When I tabulate all issued penalties from decisions to date, I arrive at $3,163,000. Imposed penalties – admittedly with fuzzy math around coupon redemption rates for the 514-BILLETS issue – come in at $1,185,750.
The differential is $1,977,250 – about 63% of issued penalties wound up not being imposed. We’re also assuming that all imposed penalties were, in fact, paid – in several cases the companies that had imposed penalties then seem to have gone out of business, so the likelihood of the Canadian Government having seen that money is dim.
I also can’t account for about $500,000 that CRTC summaries say were imposed; more on that under “CASL as a marketing exercise,” below.
This kept running through my head as I tried to look at decisions and figure out if there was any clear logic to an external user regarding:
As somebody raised in the church, the more I poked at it the more I felt I understood the terror of the, I don’t know, Hittites: there’s a baseline set of behaviours you’re expected to follow, but it’s impossible to know when the eye of judgment will fall upon you, and when it does, there’s no real way to predict the extent of your punishment.
Beyond those examples, it’s hard to know how evenly the law is applied – or even what the specific triggers and determinants of a penalty are. It doesn’t feel entirely random, but since most decisions are posted without the number of campaigns or scope of sends, there’s no way to draw a line from the violation to the penalty in a way that makes sense in terms of whether it’s being evenly applied.
The other thing is that the pattern of CASL actions – from the perspective of somebody that works in marketing – seems to be more about creating the impression of enforcement than consistently and rigorously applied penalties.
The most recent snapshot contained the following now-familiar text:
Payments and Penalties Under CASL
Since CASL came into force in 2014, compliance and enforcement efforts have resulted in administrative monetary penalties and undertakings totalling over $3.6 million.
I can’t account for these numbers: even the $3.6 million is $0.5M higher than a manual tally of NOVs from the CRTC site (I’ve made a spreadsheet).
My own numbers land at $3,163,000 in issued penalties, but only $1,185,750 in imposed penalties – about 37% of the issued penalties wound up being actually imposed.1The imposed penalties number does include a bit of my own math, as the 514-BILLETS case resulted in the issuing of $75,000 worth of rebates, which I calculated at far less than that value in terms of what the ultimate cost to the company would have been.
But there’s also a pattern of big shock-and-awe announcements that get quietly walked back after the fact, or that lead to follow-on penalties much smaller than the initial ones:
A journey through CRTC CASL “Snapshots” show a pattern of reporting actions that weren’t actually taken under CASL – things done by the CRTC as a whole, but as far as I can tell unrelated to CASL or its enforcement.
For instance, in the most recent snapshot, headlines include:
In the previous snapshot, the headlines are all about various CRTC activities – a CRTC decision regarding botnet blocking (its development being the sole headline of an earlier snapshot), a report on a Canadian “dark web marketplace” (actually a reference to the previous snapshot, and not new news) and vigilance over malware called QAKBOT.
And so on. I won’t blow-by-blow this, but if you go back through the snapshots, the bulk of reporting isn’t actually about CASL, but other CRTC activities.
This makes perfect sense from a certain perspective. If you’re a parent, or a teacher, or have ever run a volunteer organization, there are times when you have a rule that you can’t practically enforce, and for whatever reason the common good isn’t enough to get people to follow it. Telling people there is a rule, and enforcing it sporadically, but with harsh enough penalties that it scares everyone into compliance, makes a lot of sense.
Starting with the assumption that the CASL team is smart, works hard, and is just not adequately staffed to provide perfect enforcement nationally at all times (which would take a preposterous scaling-up), big penalty announcements with quiet walkbacks, trumpeting non-CASL achievements in a way that makes CASL look vast and vigorous, is a good move. In the day to day, risks of getting caught are relatively low (see below), but when $1M+ penalties are making the headlines, the idea of getting caught in that net is scary.
But is scary enough?
Back when I started this analysis, I said my interests were:
What have we learned?
On the first front, the answer is clearly that complaints are not going down.
Arguably there are many reasons for this – including CASL’s own effectiveness in sensitizing the public to spam and fraud, driving reporting numbers up.
But – given the sporadic nature of enforcement, and the amount of fuzziness around what CASL is claiming, both in terms of penalties and its own vs. taking credit for other CRTC activity in its snapshot – I don’t have a great feeling about it.
Maybe it can’t “work”. Maybe the digital world is too big, and too global, and evolving too fast, for us to “beat” online fraud in any meaningful and lasting way, and stemming the tide is the best we can ever hope for. I don’t have the time or resources to really meaningfully compare CASL to other national spam protection regimes, so there aren’t any comparators out there I can easily index against.
It’s possible that looking at CASL through the same lens as other public-service organizations and criteria – is crime going down, as a measure of police effectiveness; wellness and death rates, as a measure of public health effectiveness – is a fool’s errand.
This leaves me with an aggregate shrug. Does CASL work? Shrug. Could it be doing better? For sure. Should we, as a society, allocate the kinds of resources to it that it would take to do better? Shrug.
But if my read of CASL actions, and their own snapshot headlines, is correct and the slow pivot is from enforcement to awareness, and there’s been a general slide from “we can stop this” to “our best chance is to educate the public, focus only on the worst offenders, and rely on private enterprise to develop better detection and protection algorithms,” that’s a big change over the last 10 years that’s never been explicitly acknowledged.
Low. Like, real low. The math remains 218,465 complaints per eventual financial penalty. The “lowest” threshold of effort CASL imposes, a notice to produce, still only happens once per 1000 complaints. That’s not a threshold, I’m not saying “nothing happens until you get to 1000 complaints,” that’s just how it averages out.
But, as detailed in the “Old Testament” section above, also horrifyingly arbitrary.
I am not a lawyer and this is not legal advice, but if I were to get one takeaway from all of this, it’s really a two-part maxim:
If I step back and squint and try to make sense of this decade of decisions, the pattern that seems to come through the fog is that getting CASL to focus on you is rare, and best-effort attempts to follow the rules seem to buy a lot of, if not absolute, forgiveness.
CASL decisions tend to land on unequivocal wrongs. There’s not a lot of stuff in the archives that suggests that they penalize innocent mistakes, or even grey-area decisions. There’s never been a decision that has come down on a public service organization, charity, or non-profit. Not to say there won’t ever be, but the focus seems to be on parties that are clearly doing wrong, should have known better, and did scammy, spammy things anyway.
Don’t break the law! Never break the law!
In principle, CASL is a good thing. It’s reasonably clear. We would all live in a better world if everyone followed these rules. So we should.
But… if you make an inadvertent mistake, or you look back at a campaign and say “oh, we should have done X,” or “I don’t know if we were in full compliance with Y,” I wouldn’t let it ruin your lunch. Learn, pull up your socks, and do better on the next one.
With text-based phishing and malware and online casinos and a whole planet of scammers, the top-of-mind analogy is the city’s on fire and there are riots in the streets. Jaywalking is still wrong, but if you forget to check the traffic lights at 2 a.m., you’re not the kind of problem the CRTC is looking for.
I didn’t mean for this to hit 3,000 words! I’ll stop here.
Next up, stepping a bit outside the review mandate, but bringing it back to my own interests: poking at whether or not students and academic institutions can be considered to be in a “business relationship,” which has a heavy impact on CASL but a lot of other things too. This might take a while. Expect more quick observations on IP, privacy and marketing in the interim while I chip away.
This is part ten of a multi-part series reviewing Canada’s Anti-Spam Legislation in practice since its introduction in 2014 and the beginnings of enforcement in 2015. Crosslinks will be added as new parts go up.
Part 4: Case File – Compu-Finder
Part 5: Case File Anthology, 2015-2016
Part 6: Case File – Blackstone Education
Part 7: Case File Anthology, 2017-2018
Part 8: Case File – Brian Conley/nCrowd
Part 9: Case File Anthology, 2019-2022
Core resources:
Enforcement Actions Table (CASL selected)
A quick late 2023 update: the CRTC has published an NOV for Sami Medouini for what appears to be text-based phishing campaigns; NOV below:
File No.: 9110-2021-00606
To: Sami Medouni
Issue Date of Notice: 11 July 2023
Summary of investigation
The Canadian Radio-television and Telecommunications Commission (CRTC) is responsible for the administration of sections 6 to 46 of Canada’s Anti-Spam Legislation (the Act), and the Electronic Commerce Enforcement (ECE) division of the Commission investigates potential violations pursuant to the Act.
In March 2021, CRTC staff launched an investigation into a series of high-volume phishing campaigns and potential violations of paragraph 6(1)(a) of the Act.
Paragraph 6(1)(a) of the Act states that it is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message (CEM) unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.
Pursuant to section 22 of the Act, a notice of violation has been served on Sami Medouni for committing six violations of paragraph 6(1)(a) of the Act.
Between 22 December 2020 and 14 January 2021, Sami Medouni sent or caused or permitted to be sent at least 31,925 phishing Commercial Electronic Messages (CEMs) without the consent of recipients, from fraudulently obtained telephone numbers.
Specifically, Sami Medouni sent the following commercial electronic messages without express or implied consent by using six different telephone numbers:
In accordance with section 13 of the Act1Section 13 – Burden of proof: A person who alleges that they have consent to do an act that would otherwise be prohibited under any of sections 6 to 8 has the onus of proving it., the person who sends a CEM has the onus of proving that consent was obtained. There was no evidence obtained during the investigation to indicate that Sami Medouni obtained the necessary consent to send CEMs.
Information and evidence to support this investigation were gathered from multiple sources, including Notices to Produce pursuant to section 17 of the Act, and provided reasonable grounds to believe that, by using six separate phone numbers, Sami Medouni sent 31,925 CEMs without consent, representing six violations of paragraph 6(1)(a) of the Act.
Based on the information gathered in the investigation, the Director of the Electronic Commerce Enforcement division has issued a Notice of Violation, imposing an administrative monetary penalty of $40,000 to Sami Medouni.
Violations are connected to the number of phone numbers used — a “campaign” is a violation, not an individual message, so if Medouni allegedly bought a phone and used it to send CEMs until there were enough spam reports for carriers to block it, each phone would therefore represent a “campaign”. Ergo: six campaigns, comprised of 31K messages.
These are identified as phishing messages in the NOV itself; the CASL violation is strictly consent, but phishing is fraud under s380(1) of the Criminal Code. Unlike with Orcus, the CRTC does not mention investigations or criminal charges here.
This is only an NOV — I’ll update my overall stats when time allows, but this doesn’t change the math on final decisions (the differential between issued and imposed penalties is of interest, but I can’t update it until we get to the “imposed” part.
We’ll stay tuned on this, and move on to our wrap-up.
Noted in passing — a PIPEDA-related FCA decision (2023 FCA 189) validating a Federal Court ruling of a “stalemate” (2023 FC 166, [102]) that gives more standing to bodies that refuse information requests because the requesting party cannot provide adequate identity verification. In this case it’s Amazon, a password reset and its identity verification steps not being followed.
I’m not a huge fan of Amazon, but on its face this seems correct. I don’t have an issue with this decision per se, but it does raise questions about what kinds of structures a company (or organization; you can see my interest in FIPPA and higher ed institutions here) can put in place to verify a user’s identity, and at what point those systems become burdensome to the point of being unreasonable for the end user.
In the FC decision, there’s an interesting point made about Amazon requiring new terms of service to be accepted as part of the verification process — again, I don’t think Amazon was in the wrong here, but the idea that terms of service can be revised, and that a user is forced to accept them to access data established under the former terms of service, doesn’t sit entirely well.