EPIC logo

April 3, 2006

Canadian Radio-television and Telecommunications Commission
Central Building
Les Terrasses de la Chaudière
1 Promenade du Portage, Room 206
Gatineau, Quebec J8X 4B1

Re:       Proceeding to establish a national do not call list framework and to review the telemarketing rules
Reference: 8665-C12-200601626, 8662-C131-200408543, 8662-F20-200409814, 662-B48-200409228, 8662-A84-200410035
Dear Commissioners:

Pursuant to the notice published by the Canadian Radio-television and Telecommunications Commission concerning a national do not call list framework,[1] the Electronic Privacy Information Center (EPIC) submits the following comments.

EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. We were extensively involved in advising the Federal Trade Commission in its implementation of a Do-Not-Call Registry in the United States.[2]  We maintain a timeline on the Registry, complete with an archive of our coalition comments on telemarketing, online at http://www.epic.org/privacy/telemarketing/dnc/.

In our brief comments below, we urge the CRTC to adopt a national DNCL and provide information from the experience in the United States that we hope will inform your deliberations.  In order to have a successful DNCL, we recommend that it:

The Do-Not-Call Registry Has Been an Enormous Success in the US

The United States Do-Not-Call Registry was an enormous victory for privacy rights.  Prior to its creation, the United States followed a company-specific opt-out scheme, one where the burden was upon the consumer to object to every single sales call.  This regulatory posture even allowed a single call center to repeatedly call the same consumer on behalf of many different clients.  Under this company-specific scheme, many consumers found that telemarketers hung up or became abusive once an opt-out request was made.[3]

The Direct Marketing Association (DMA) and many businesses that used telemarketing strongly opposed the Do-Not-Call Registry.  They pointed to the availability of the DMA's "Telephone Preference Service" as a self-regulatory approach to the problems caused by telemarketing.  But the Telephone Preference Service was a failure by any objective measure.  For starters, the DMA's system only applied to the industry association's members. Telemarketers who had not joined the group were not bound to comply with consumers' desire to opt-out. Second, the DMA's list was named the "Telephone Preference Service." The name and acronym, "TPS," had no meaning to the public. To some, it could mean a list of people who preferred to be telemarketed.  Third, the DMA's list required the consumer to actually write a letter for free enrollment. To enroll online, the consumer had to pay a fee and give their credit card number to the DMA.

These forces combined to make the DMA's market approach to telemarketing ineffective. The numbers speak for themselves. USA Today commented in 2002 that: "In 17 years, just 4.8 million consumers have signed up with the DMA's do-not-call list. By contrast, just five states -- New York, Kentucky, Indiana, Florida and Missouri -- have signed up roughly the same number in far less time."

Just three years later, over 100,000,000 numbers are in the national Do-Not-Call Registry.  Individuals who enroll report a marked decline in telemarketing.  A Harris Poll recently found that: "Among those who have signed up, 18% say they haven't received any telemarketing calls, a decrease from 25% in January 2004, and 61% say they have received "far less" calls than before they signed up on the registry."[4]

This success was not an accident.  The Federal Trade Commission made choices to make the Do-Not-Call Registry easy to use.  These public policy choices, which are detailed in the next section, are critical in making the Canadian experience a success.

A Successful Implementation Requires that the DNCL Be Consumer-Friendly

In order to have a successful DNCL, we recommend that it:

Expansiveness in Coverage

A successful DNCL will reject special-interest exemptions.  The US system is expansive, covering all businesses, but exempting non-profit fundraising calls and political calls.  The Federal Trade Commission rejected special-interest pleas from newspapers and other groups that sought exemptions.  We recommend the elimination of industry-specific exemptions, such as the one included for general circulation newspapers at ¶ 40.  Prior to the creation of the national Do-Not-Call Registry, state versions of the regulation contained all sorts of industry-specific exemptions.  These exemptions confuse individuals, and result in the perception that that DNCL is not effective. 

The Established Business Relationship Loophole

When crafting exemptions, the CRTC should ensure that they are narrow and consistent with consumers' expectations.  In the US experience, this is an area where policy makers have failed.  Specifically, the Do-Not-Call Registry contains an exemption for a "established business relationship" (EBR) that allows telemarketing inconsistent with consumers' expectations.  EBR allows telemarketing to any customer up to 18 months after any purchase has been made.  A mere inquiry allows telemarketing to the consumer for 3 months. 

There is no dollar threshold for the EBR, meaning that even miniscule purchases or merely calling a company to determine its hours of operation can trigger the exemption.  Under the definition, a consumer may have thousands of business relationships.  In a majority of these cases, the consumer will have no expectation that telemarketing will arise from them.  But under the rule, a gift bought on vacation, a purchase of a cup of coffee, or even a ride in a taxi could create an exemption to the Do-Not-Call Registry's protections.

This EBR exception has contributed to consumer frustration and confusion; it also encourages businesses to collect personal information from consumers both online and off.  Often, this information collection is obscured by businesses.  For instance, some companies exploit the EBR exemption by engaging in "enhancement" or list "appendage," the practice of buying more personal information on a consumer based on data collected during a transaction.  A retailer may ask for a consumer's phone number, and then use the number to purchase the consumer's address or other information about the consumer.  By merely giving a name to a retailer, the store can buy address and phone information from a data broker such as Acxiom.

Second, data is collected through "ANI," or Automatic Number Identification.  ANI is similar to Caller ID, but the caller cannot disable ANI. ANI reveals the name, address, and phone number of the telephone subscriber when the line is used to call a toll-free (800, 888), charge (900, 976), or police phone number (911).  Companies can collect ANI and use it to add to personal information databases.

Third, some companies have sold linkage products that allow a retailer to obtain a name and address based on the consumer's credit card number.  For instance, a Federal Trade Commission investigation into Trans Union revealed that the company sold a product called "TransLink" that provided merchants with the names and addresses of persons who used a bank card.  Such systems are used to mask the practices of companies--instead of asking a consumer for their phone number (and presumably permission to telemarket), they allow surreptitious identification and data collection.

In creating an EBR exemption, it is important to be mindful of what telemarketing expert Robert Biggerstaff has labeled, the "'Fax First, Look for EBR Later If Caught'" Business Plan.  Commenting on the related area of junk faxing, Biggerstaff argued in a submission to the US Federal Communications Commission that:

The illegitimate businesses, such as fly-by-night junk fax broadcasters, regularly try to exculpate themselves from TCPA[5] violations after the illegal fax was sent by attempting to discover and claim an EBR only if a complaint is made. This illegitimate EBR claim is the standard business plan of junk faxers. This must be taken into account when the Commission reviews the record.
2. Examples

For a real-world example of this tactic, I received a junk fax from a hotel soliciting me to stay at the hotel on New Year’s Eve. After bringing a claim under the TCPA, the hotel then demanded bank statements, credit card receipts, and other documents attempting to "discover" if I had been a customer of any other hotel in the past. They demanded to know where I had gone on my vacations and where I stayed. All of this was an attempt to "discover" if I had done business with one of their affiliates in the past, so they could claim the fax was sent within an EBR with the hotel. A year later, more junk faxes from yet another hotel came, and the same tactics were employed to try to "discover" an EBR with me, after the fax was already sent.

In truth, I was never a customer of either hotel, and neither hotel was sending the faxes to existing customers or anyone else on the basis of an EBR. They both had purchased lists of anonymous fax numbers and sent the faxes indiscriminately. Thus any claim that the faxes were sent based on an EBR was not a legitimate claim.
This opprobrious tactic of "fax first, look for EBR later if caught" is a standard business practice for junk faxers. For example, a local computer store sent me multiple junk faxes and then even denied sending them. When presented with telephone records proving the faxes were sent, the store owner then claimed that because I was employed in the "computer industry" that I "must "have at least called their store in the past at some time to inquire about their products, and thus they had an EBR with me that permitted the faxes at issue. A Wal*Mart store in my state tried the same excuse for its junk faxes, arguing that most people at some time enter a Wal*Mart store so the faxes were received by people who likely had an EBR with Wal*Mart, despite the fact that the faxes were broadcast to an anonymous list of fax numbers obtained from a third party and Wal*Mart had no knowledge of who the recipients were. Some junk faxers have even demanded in court to examine a victim’s computer hard drive claiming that the victim "might" have at some time in the past visited the company’s website and "might" have created an EBR.[6]

Again, in the junk fax context, it has been our experience that junk faxers will employ many different dubious excuses to argue that an EBR exists.  For instance, if a recipient says that he does not have an EBR with a specific company, the junk faxer will claim that the recipient's spouse falls under the EBR.  If the recipient does not have a spouse, the sender will claim that it was the recipient's roommate.  If the recipient does not have a roommate, the sender will claim that the previous holder of the phone number falls under the EBR, and so on.

Accordingly, in creating an EBR exemption, we urge you to require the calling party to have evidence of the business relationship at the time the telemarketing call is placed.  To allow otherwise will encourage callers to make illegal calls, wait to see if they are caught, and then assert that the EBR exists.  The regulation should explicitly state that the burden is upon the calling party to demonstrate the existence of the EBR. 

Generally, we urge the CRTC to be circumspect in the creation of exemptions to the DNCL, and to craft exemptions so that they are consistent with the expectations of a reasonable consumer.

The DNCL Should Be Free for Consumers

The DNCL should be free for consumers.  Requiring payment will cause many people not to sign up.  It will also make the system more privacy-invasive, as personal information will be collected as part of the payment scheme.

Payment is a serious barrier for consumers.  The failure of the DMA's Telephone Preference Service was in part due to payment--in order to enroll online, one had to pay $5 (and give their credit card number to the direct marketers).

Costs should be transferred to telemarketers.

The DNCL Should Have Simple Enrollment Procedures

The DNCL should have an easy-to-use mechanism for enrollment.  The US Registry allows enrollment online, by phone or by mail.  We suggest a similar implementation for CRTC. 

Minimizing authentication burdens also makes it easier for consumers to enroll.  Few security measures are necessary to ensure that only those persons who wish to register are placed on the DNCL registry.  It is unlikely that individuals will attempt to register others without consent.  Additionally, greater security measures hinder legitimate efforts to register for opt-out programs.

If the CRTC is excessively concerned with authentication in implementation of the DNCL, it will create unjustified privacy risks.  We support collecting and maintaining the minimum necessary information for enrollment.  In sum, all that need to be retained from the consumer is the telephone number and date of enrollment.  If an e-mail or postal mail address is collected to send a verification, that information can be expunged soon after it is received by the consumer.

Any line user should be able to enroll. In the US, some industry advocates claimed that only the line subscriber--not even a spouse or the roommate of the subscriber--should have authority to enroll on the list.  Requiring the person requesting enrollment to prove that they are the line subscriber will make enrollment more difficult, and perhaps impossible in cases where the line is owned by a business, or where a person is trying to enroll an elderly relative.

Do Not Require Frequent Reenrollment

After failing to get industry-specific exemptions, several industries tried to water down the effectiveness of Do-Not-Call Registry by requiring consumers to reenroll frequently.  For instance, the Newspaper Association of America argued individuals should have to reenroll every year.  A consumer-friendly implementation would last 5 years or longer.

The DNCL Should Be Complemented by Other Protections Against Telemarketing

The Do-Not-Call Registry is effective, in part, because it is supplemented by a series of other protections against telemarketing.  Most notably, telemarketers are required to transmit accurate Caller ID when placing calls.  This was a big step forward for consumer rights, because just three years ago, telephone companies deliberately marketed systems to telemarketers that sent no Caller ID.  There are also limits on the use of autodialers and dropped calls, limits on the representations that telemarketers can make, limits on hours when telemarketers can call, and importantly, limits on pre-acquired account number telemarketing.

Other Considerations

Telemarketing Advocacy

We urge you to skeptically view industry-sponsored studies that suggest devastating economic effects from a DNCL framework.  In the US, the telemarketing industry presented studies that employed bogus methods and suggested improbable results.

For instance, the DMA suggested that telemarketing accounted for $668 billion in sales and 6 million jobs prior to the creation of the Do-Not-Call Registry.[7]  It became clear later that these figures represented both inbound and outbound telemarketing, and so the numbers were only partially relevant to the Do-Not-Call Registry, which only affects outbound telemarketing.  Furthermore, the definition of telemarketing was so broad as to include huge business-to-business orders, such as situations where an airline called a company to order a jet engine. 

Other indications also suggested that these studies were cooked.  In a 2002 article in the Washington Post, the telemarketing industry was quoted for the proposition that "people spent $276.6 billion on purchases from outbound telemarketers."[8] If one divided the sales figure by the number of households in the United States using Census statistics, this would mean that the average household spent over $2,600 on outbound telemarketing in 2001.  A week later, the President of the DMA claimed at a convention that: "Americans spend $296.2 billion on outbound telemarketing offers."[9] If that figure were correct, the average household spent over $2,800 on telemarketing annually.  Despite these improbable implications, the DMA refused to open their raw statistics to inspection upon request. 

In 2003, the American Teleservices Association claimed that outbound telemarketing accounted for 2 million jobs.[10]  These figures differed substantially from US-government sponsored statistics that measured telemarketing.  The 1997 US Economic Census showed that telemarketing accounted for $8 billion in sales, and 500,000 jobs.[11]

The Role of List Brokers

A search for "Canadian" on Direct Magazine's List Finder[12] returns 638 different databases that contain phone numbers, presumably for telemarketing.  Some databases are marketed as listing "impulsive" or "mature" consumers--code language for individuals who can be targeted for scams.  List brokers play a major role in the proliferation of spam, junk mail, and telemarketing.  The CRTC should consider how list brokers contribute to unwanted telemarketing and the targeting of the mature or vulnerable for scams.

Conclusion

We applaud the CRTC's effort to give individuals more rights by creating a DNCL system.  We urge CRTC to implement it in a consumer-friendly way, drawing upon the successes and good policy choices made by the Federal Trade Commission, such as the elimination of industry-specific exemptions.  But it is also important not to follow the bad policy choices--most notably, the permissive established business relationship exemption, an exemption so broad that it threatens to swallow the Do-Not-Call Registry.  A consumer-friendly DNCL will cover all telemarketers, be free for consumers, have simple enrollment procedures, not require frequent reenrollment, and be complemented by other consumer protections against telemarketing.

Respectfully Submitted,

/s

Chris Jay Hoofnagle
Director
Electronic Privacy Information Center
West Coast Office
944 Market St. #709
San Francisco, CA 94102 USA
+1 415 981 6400
Hoofnagle@epic.org

[1] Telecom Public Notice CRTC 2006-4 (Feb. 20, 2006), available at http://www.crtc.gc.ca/archive/ENG/Notices/2006/pt2006-4.htm

[2] EPIC's resources on telemarketing are online at http://epic.org/privacy/telemarketing/.

[3] See, e.g., EPIC Telemarketing Complaints, available at http://www.epic.org/privacy/telemarketing/complaints.html.

[4] Do-Not-Call List Reduces Telemarketing, Poll Finds, Wall Street Journal, Jan. 12, 2006, available at http://online.wsj.com/article/SB113700020905443899.html

[5] Author's note: The Telephone Consumer Protection Act of 1991 is a US law that prohibits "junk faxes" and regulates some aspects of telemarketing.

[6] Comments of Robert Biggerstaff, Docket 05-338, filed Jan. 9, 2006, available at http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518307829.

[7] FTC Defends Plan For 'Do Not Call' Telemarketing List, Washington Post, Jan. 23, 2002, at http://www.newsbytes.com/news/02/173871.html.

[8] Have We Reached the Party To Whom We Are Speaking?; Telemarketers Aren't So Bad. Really. Just Ask 'Em, Washington Post, Oct. 20, 2002.

[9] Wientzen: Legislative Challenges Threaten DM Industry, DMNews, Oct. 22, 2002, at http://www.dmnews.com/cgi-bin/artprevbot.cgi?article_id=21924.

[10] See e.g. Richard H. Levey, Trade Groups Criticize FCC Telemarketing Sales Rule Changes, Jun. 26, 2003, available at http://www.directmag.com/news/marketing_trade_groups_criticize/index.html.

[11] Industry Statistics Sampler: NAICS 561422 Telemarketing bureaus, US Census, 1997, available at http://www.census.gov/epcd/ec97/industry/E561422.HTM.

[12] http://directmag.com/resourcecenter/listfinder/.

EPIC Privacy Page | EPIC Home Page

Last Updated: April 3, 2006
Page URL: http://www.epic.org/privacy/telemarketing/crtcdncl4306.html