In response to the news that Canada is further strengthening its cybersecurity law enforcement with the enactment of universal anti-spam legislation that changes how business communicates with consumers, Tim Erlin, director of security and risk at Tripwire says:
“Without meaning to, this law inherently asks the legislature to define ‘malware.’ There are a number of cases where software fails to deliver sufficient value to the user, or performs unintended actions along with legitimate ones. If I install a weather application that also collects my web surfing habits, is that malware? What if that software doesn’t collect such details, but is “capable” of doing so? Anyone familiar with software development would be hard pressed to argue that any program isn’t capable, through updates and other modification, of covertly sending data.
With laws, language really matters. The terms used will determine which companies are required to comply. Transparency is a laudable goal, but broad applicability will have a material impact on legitimate vendors. Despite vendor concerns, that impact may ultimately be beneficial for Canadian citizens."