CRTC issues notices of violation to Datablocks and Sunlight Media

THE Canadian Radio-television and Telecommunications Commission (CRTC) on Wednesday took enforcement action to combat the installation of malicious software through online ads for the first time under Canada’s anti-spam law.

The CRTC’s Chief Compliance and Enforcement Officer has issued Notices of Violation to Datablocks and Sunlight Media for allegedly aiding in the installation of malicious computer programs (also known as malware) through the distribution of online advertising. The companies are required to pay $100,000 and $150,000, respectively, in penalties.

The companies allegedly violated Canada’s anti-spam law in the following ways:

  • Sunlight Media accepted unverified, anonymous clients who used their services to distribute malware.
  • Datablocks provided Sunlight Media’s clients with the necessary infrastructure and software to compete in real-time for the placement of their ads, which contained malware.
  • Neither Datablocks nor Sunlight had:
    • written contracts in place with their clients that would bind them to comply with Canada’s anti-spam law
    • monitoring measures in place governing how their clients use their service, or
    • written corporate compliance policies or procedures in place to ensure compliance with Canada’s anti-spam law.
  • After being alerted in 2015 to reports by cybersecurity researchers, and made aware in 2016 by the CRTC, neither company implemented basic safeguards, which are well known to the industry.

Datablocks and Sunlight Media have 30 days to file written representations to the CRTC or pay the penalties.

“As a result of Datablocks and Sunlight Media’s failure to implement basic safeguards, simply viewing certain online ads may have led to the installation of unwanted and malicious software. Our enforcement actions send a clear message to companies whose business models may enable these types of activities. Businesses must ensure their commercial activities do not jeopardize Canadians’ online safety,” said Steven Harroun, Chief Compliance and Enforcement Officer, CRTC.

 

Quick Facts:

  • Datablocks and Sunlight Media operate in the online advertising industry. Online advertisements are one of the leading sources for malware distribution.
  • Most online advertisers use ad networks to distribute their ads on websites.
  • Sunlight Media, the ad network, uses Datablocks’ bidding platform to operate as a broker between advertisers and publishers.
  • This highly complex investigation included the use of the CRTC’s formal powers, such as the execution of a search warrant, and consultation with experts in the field of cybersecurity.
  • The CRTC is working with its partners, both within Canada and internationally, to protect Canadians from online threats and contribute to a more secure online environment.
  • Canada’s anti-spam law protects Canadians while ensuring that businesses can continue to compete in the global marketplace.
  • The CRTC will continue to provide guidance and assistance to stakeholders to help them comply with Canada’s anti-spam law.
  • Canadians are encouraged to report spam to the Spam Reporting Centre. Their submissions help support the enforcement activities of the federal agencies responsible for ensuring compliance with the legislation.
  • Since Canada’s anti-spam law came into force, enforcement efforts have resulted in payments of over $568,000 further to undertakings and penalties totaling over $1.75 million.