The Canadian Radio-television and Telecommunications Commission (CRTC) is reversing a decision that found two companies installed computer programs without owners’ permission.
A 2015 investigation showed Datablocks Inc. and Sunlight Media Networks Inc. used five IP addresses to redirect users to webpages with exploit kits. The kits are “a collection of multiple exploits that affect unsecure software applications,” the CRTC says.
Investigators issued a notice to produce documents (NTP) to Shared Services Canada (SSC) in June 2016, allowing them to obtain data on traffic directed to or from government IP addresses and the five IP addresses the CRTC was investigating. The two companies were sent notices of violation in July 2018 as there “were reasonable grounds to believe” the companies violated anti-spam legislation (the Act). Sunlight Media faced a $150,000 penalty and Datablocks $100,000.
The two companies argued the evidence didn’t illustrate any legislative violation, ultimately receiving the CRTC’s backing.
On May 19th, 2022, the CRTC issued a decision that said the evidence on record wasn’t “sufficient to conclude on a balance of probabilities.”
“The Commission determines that the companies did not commit violations of section 9 of the Act by aiding in the commission of an act contrary to subsection 8 of the Act, namely the installation of a computer program. Accordingly, the administrative monetary penalties set out in the [notice of violations] will not be imposed.”