In an effort to limit distribution of malware, the government of Canada has enforced legislation that prohibits businesses to install software on someone else’s computer system without the express accord of the user.

The law is part of Canada’s Anti-Spam Legislation (CASL) and applies since January 15. It addresses the businesses that install or cause the installation of programs on another person’s device during commercial activity.

Exceptions to the rule

CASL has no effect in the cases where users themselves decide to add software to their devices, such as computers, mobile phones or tablets.

To make matters more clear, “under CASL, it is prohibited for a website to automatically install software on a visitor's computer without getting consent, or for software to be updated without first obtaining consent.”

There are some exceptions to the law, which refer to cookies and JavaScript (as long as they are already enabled in the web browser), HTML, operating systems or programs added through a different one that has already received permission from the user.

On the same note, telecommunication service providers are allowed to add software designed to mitigate a risk to its network from an identifiable threat. The same applies in the case of updates or upgrades from such providers.

As far as updates from other makers are concerned, they do need consent from the user in order to be applied, but only if previous agreement regarding this activity was not obtained.

Running the operation in the background, as does Google Chrome, Mozilla Firefox and Adobe Flash Player, is banned without prompting the user, at least initially.

Malware installation requires permission

CASL also applies when a program causes the installation of other software that could be malicious in nature. A clarification for this has been provided:

“Sometimes, malicious software (malware) is installed along with other software. For example, a free Tic Tac Toe app may include concealed malware that is not disclosed to the user. In this situation, the user would be installing the Tic Tac Toe app, so CASL would not apply. However, CASL would apply to the installation of the malware since the software developer would be causing it to be installed.”

The legislation also aims at programs concealed on media, which are executed automatically when the disc is inserted in the computer system. In this situation, the vendor must inform the user and obtain consent.

An important note must be made: the new legislation impacts only businesses and users in Canada.