CASL Software Provisions Explained – Sort Of…
I’ve had some time to reflect on the CASL software provisions as interpreted by the CRTC . As I’ve said before, the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry. The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers. While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being. (Lawyers advising clients would be well served to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.)
Software providers should review CASL with their legal counsel to determine how they fit within this labyrinth, but here is my take from a simplified high level on how it applies to the installation of software on a device I own.
I acquire the “Sliced Bread” software by Softco. It doesn’t matter how I get it – could be an app store, download, CD, etc. I install Sliced Bread on my computer – or my phone, tablet, car, drone, thermostat, fridge, server, router, etc.
Since I’m installing it myself on my own device, CASL doesn’t apply.
BUT IF Sliced Bread does one of the things CASL deems undesirable – things like collecting personal information, changing or interfering with data / operations / control, or sending information to someone;
AND IF those things are something I’m not reasonably expecting Sliced Bread to do (this expectation issue is a huge grey area and will vary depending on what Sliced Bread does);
THEN Softco is deemed to be installing it on my device, and Softco has to obtain my express consent outside of the EULA as detailed in the act.
Is it my imagination or are we seeing increasingly poor draftsmanship, year over year?
In computer science, drafting laws looks rather like “writing a program in terms of universal rules, all applying simultaneously, using all global variables”. Each of those three is a warning that you’re doing something genuinely hard, and you’d better be quite careful.
Anyone else seeing a lack of care?
Anyone want to suggest some mitigations?
The professionals at Justice Canada are as good at drafting as they ever were.
The real issue is not with Public Bills, but with the plethora of quasi-subordinate legislation which doesn’t go through the same sort of internal review processes. Add to that the current government’s penchant for lumping everything into mega-bills and smuggling legislation through as Private Members Bills, and one can see that keeping drafting standards up is tricky.
A CRTC policy statement like this might not have even been reviewed by the Justice Department.
The entire CASL experience hasn’t left me optimistic about legislation being clear and normative.
I agree with Simon. My experience with provincial and a few federal drafters, and with reading their products, is that Canadian government drafters are first rate. If a statute is not clear, that is probably because the instructions were not clear, or the text had – for political reasons, usually – to be produced too quickly for the kind of rigorous thinking needed to produce clear text.
CASL applies to a lot of varied, complex and evolving phenomena. The government wanted to cover the topic with a broad brush. To draft broad coverage while leaving room for the various activities where the broad rules might not be suitable (and views differ strongly on how many of those there are), is difficult. It is more difficult if the people giving the instructions have not thought their way through the details, or don’t wish to do so.