Canadian anti-malware legislation may impact legitimate software

Canada is further strengthening its cybersecurity law enforcement with the enactment of universal anti-spam legislation that changes how business communicates with consumers. In January 2015, the country introduces a new law targeting software-makers, according to statements released by the Canadian government this week.

An effort to thwart creators of malware and spyware, the law requires companies to receive consent before installing programs onto personal computers that are capable of covertly sending electronic communication, or which have other potential functionality deemed covert. Though malicious intentions are the target, legitimate software companies will also be affected, facing fines of up to £5.5 million for non-compliance.

With exemptions given for operating systems, web cookies, HTML and JavaScript code, and software updates or upgrades if a company can prove a user had previously consented to installing its program, the law states that the disclosure must be described “clearly and prominently and separately and apart from the licence agreement.”

Disagreeing with the broad application of the law, Michael Fekete, a lawyer with the Toronto-based Osler, Hoskin and Harcourt law firm, says the legislation would have been better more specifically focused on malware and spyware. “There's a mismatch between the stated purposes of the legislation as found in the regulations and the scope of the legislation,”says Fekete, going on to imply that the law may inhibit technological advancement within the Canadian market.