TMGT 7133 Law for Intelligence-Based Business

Instructor Dean Palmer

Assignment 4
Due Date May 30, 2010
Student ID A00242330
Student Name Arthur (Wesley) Kenzie

Risk Management Report

for Secure WISP Inc.

Introduction ............................................................................................ 2
Risk – (1) Government Regulatory Environment ........................................... 2
Risk – (2) Copyright ................................................................................... 4
Risk – (3) Employment Contracts ................................................................ 5
Risk – (4) Customer Contracts ..................................................................... 6
Conclusions .............................................................................................. 7
References ............................................................................................... 8

Copyright © 2010 Arthur (Wesley) Kenzie. All Rights Reserved. Page 1 of 11

 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

Introduction

This risk management report is addressed to a potential new entrant into the Internet
Service Provider (“ISP”) market, named Secure WISP Inc. The geographic target market for
the company is initially to be centred in Metro Vancouver, British Columbia but it is
understood that expansion will allow coverage east through the Fraser Valley to Hope, west
to the coast of Vancouver Island from Victoria to Campbell River, and north to Whistler. The
business of the company is to be the provision of secure, wireless access to the Internet
from any location in the supported geographic coverage area(s).

The risks discussed in this report are as follows:

(1) Government Regulatory Environment

(2) Copyright
(3) Employment Contracts
(4) Customer Contracts

(1) Government Regulatory Environment

There are numerous government regulatory entities that must be acknowledged and
respected in the business of providing Internet access. The primary risk associated with this
government regulation is that any one of the licensing, registration or other requirements
might be missed, with the result being that - at the very least - the business would be
distracted in the short term to ensure it is compliant as quickly as possible. At the other end
of the scale, the risk is that the viability of the business may be at stake in some instances.
An associated primary risk is that being dependent on such a large number and wide variety
of regulations, the business is vulnerable to changes in any of the regulations, since
governments do not always adequately consider the impacts of their actions.

At the Federal level, the Canadian Radio-television and Telecommunications Commission

(“CRTC”), Industry Canada, The Privacy Commissioner, Public Safety Canada, Corporations
Canada, The Department of Justice, Canada Revenue Agency, Human Resources and Skill
Development Canada, and the Commissioner for Complaints for Telecommunications
Services (“CCTS”) all have significant parts to play in the regulation of wireless Internet
service providers.

The CRTC is the “independent public authority” charged with regulating and supervising
Canadian broadcasting and telecommunications [1][2] with specific reference to the Federal
Broadcasting Act [3] and the Federal Telecommunications Act [7]. The CRTC, however, does
not regulate any “new media broadcasting” undertakings [4], which it defines as “those
undertakings that provide broadcasting services delivered and accessed over the Internet”,
and it is not responsible for regulation of rates, quality of service, or business practices of
ISP’s as they relate to retail customers [5]. Whether a wireless ISP is legally considered to
be a “broadcaster” is still to be determined [6].

The CRTC does regulate wholesale Internet rates and quality of service, as well as the
relationship between the cable and telephone companies who own the underlying

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 2 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

infrastructure and their wholesale customers [5]. In so far as the business is required to
purchase bandwidth from cable and/or telephone companies in order to gain access to the
Internet for its customers, the CRTC’s mandate would come into play and likely have a
critical influence on the business.

As for the other Federal regulatory entities:

(a) Industry Canada is responsible for spectrum licensing [8][9], certification of
wireless equipment [10], and for filing of reports on Wireless Broadband Service
stations [11];
(b) Public Safety Canada is responsible for “lawful access” [12][13] legislation which
is currently before Parliament in the form of Bill C-74 [14];
(c) The Canada Revenue Agency is where registration is done for GST/HST, income
taxes, and payroll taxes;
(d) Human Resources and Skill Development Canada is where the Employment
Insurance Commission [15] and Canada Pension Plan [16] are administered;
(e) The Department of Justice has a mandate to uphold the Broadcasting Act [3],
Telecommunications Act [7], and all other relevant federal statutes and laws such
as the Copyright Act, Competition Act, Trade-marks Act, Criminal Code, etc.;
(f) The Privacy Commissioner is responsible for the Privacy Act [24] and the
Personal Information Protection and Electronic Documents Act (“PIPEDA”) [25];
(g) The CCTS is an independent organization established in 2008 in order to resolve
complaints from consumers about their telecommunications service [26];
(h) Corporations Canada is responsible for incorporation and registration of a
federally incorporated businesses [27].

Provincially, the business must be incorporated and registered with the British Columbia
corporate registry [17], it must be registered with Worksafe BC [18], and with the BC
Ministry of Finance for collection of the Harmonized Sales Tax (“HST”) [19].

If located in the city of Vancouver, a business license [20] must be obtained and all
municipal by-laws and regulations [21] understood and obeyed. If any property is owned,
there are annual property taxes [22] and municipal utilities [23] to pay as well.

Clearly the business needs to have a strong legal voice on its management team, in order to
ensure it can navigate through existing regulations, to comply with all regulations, and to
provide an understanding and perspective on potential and future changes to any of these
regulations. A reasonable budget must also be established to cover the costs of this vital
work.

One specific cause of action that the business needs to plan for, and implement measures to
protect itself against, concerns the pending parliamentary Bill C-74, “An act regulating
telecommunications facilities to facilitate the lawful interception of information transmitted
by means of those facilities and respecting the provision of telecommunications subscriber
information”. This proposed law, also called the “Modernization of Investigative Techniques
Act”, introduces a number of new obligations on ISP’s that previously did not exist. It
essentially forces ISP’s into becoming an extension of our national security and law
enforcement agencies.

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 3 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

Paragraph 6 (1) is where the list of obligations begins: “Telecommunications service

providers, in connection with the interception of a communication, shall, in accordance with
any regulations, have the capability to do – and, when requested to do so by an authorized
person or by that person’s authority, do – the following:

(a) Provide the intercepted communication to the authorized person;

(b) If the intercepted communication is encoded, compressed, encrypted or
otherwise treated, (i) in cases where the service provider has applied the
treatment, either remove the treatment or, if the treatment cannot readily be
removed using the telecommunications facilities controlled by the service
provider, provide the authorized person with the means to remove it; and (ii) in
cases where the treatment has been applied by another, either remove the
treatment or, if the service provider does not control all the means necessary to
remove it, provide the authorized person with the means – other than
transmission apparatus – for removing the treatment that the service provider
controls;
(c) Provide the authorized person with the prescribed information that is in the
possession or control of the service provider respecting the location of equipment
used in the transmission of the communication; and
(d) Comply with any prescribed confidentiality or security measures respecting
interceptions.

“Small” ISP’s – those with less than 100,000 subscribers - are given a three-year timeframe
in which to include the required intercept capabilities. However, they are still required to
immediately provide a “physical connection point” for an authorized person to effect an
interception with their own devices, and it appears that all ISP’s will be required to pay for
their own intercept hardware and software themselves. Provision of subscriber personal
information to authorized persons is also an important part of this new law, likely in
response to BMG Canada Inc. v Doe, 2005 FCA 193, where the Federal Court of Appeal
ruled that alleged copyright infringement is not sufficient reason for ISP’s to be compelled to
disclose such information.

Overall this is a significant added cost to the business, and likely a significant challenge to
the business plan to provide “secure” wireless connections to the Internet. Secure in this
context is now relative to this new law, as opposed to absolutely secure. Penalties for non-
compliance can be up to $50,000 in the case of an individual, and up to $250,000 for the
business.

(2) Copyright

As per the Copyright Act, s. 2.4(1)(b) “For the purposes of communication to the public by
telecommunication, ... (b) a person whose only act in respect of the communication of a
work or other subject-matter to the public consists of providing the means of
telecommunication necessary for another person to so communicate the work or other
subject-matter does not communicate that work or other subject-matter to the public;” an
ISP, in acting only as a provider of the means of communication to the public, is legally
protected from allegations of copyright infringement.

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 4 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

The Copyright Act also states in s. 2.2(1)(c) “For the purposes of this Act, “publication” ...
does not include (c) the performance in public, or the communication to the public by
telecommunication, of a literary, dramatic, musical or artistic work or a sound recording”.
And in s. 2.3 “A person who communicates a work or other subject-matter to the public by
telecommunication does not by that act alone perform it in public, nor by that act alone is
deemed to authorize its performance in public”. It seems clear that an ISP is not considered
to be “publishing” copyright protected material, and so is therefore legally protected from
allegations of copyright infringement.

However, the Copyright Act will soon be updated and changed [28][29] and part of these
changes are specifically targeted at “clarifying the liability of Internet service providers”.
“Caching” and “hosting” of copyright protected material, for example, has been added to the
proposed new Act [29] - so has the required procedure regarding “notice of claimed
infringement”.

Clearly there is a shifting regulatory environment with regards to copyright, and this is an
added risk to the business. As a provider of Internet access, the business is - and will
continue to be - an intermediary in the communication and transmission of copyright
protected material. It will need to pay close attention to the issue of copyright in order to
remain in business, and this will require access to accurate, timely and insightful intellectual
property law services. Both local customers, global copyright holders, and governments at
all levels have an interest in how the business handles this risk.

(3) Employment Contracts

Both employees and independent contractors are likely to make up the work force of the
business, and there are a number of risks to be addressed in terms of employment
contracts. Employees are typically required for their relative cost-effectiveness and their
reliability, flexibility and (presumed) commitment to the business. Contractors are typically
required for special-purpose, limited term projects that are not effectively or efficiently done
by employees.

All workers without written contracts, of course, have both the Employment Standards Act
[30] and ample common law to draw upon in order to protect their rights. In addition, the
Human Rights Code [31] provides a framework for many discriminatory issues of
employment, and the Workers Compensation Act [32] does the same for health and safety
issues of employment. In the area of collective bargaining, the Labour Relations Code [33]
is the framework of primary importance.

Written employment contracts cannot take precedence over any regulations in any of these
Acts but they do provide far more certainty than employment terms and conditions without
a written contract. The risks are usually overlooked as long as the business and the workers
are moving forward in a positive, mutually-rewarding way. But they can be very distracting
and costly once things start to diverge, such as when a worker is terminated, or their
performance is no longer considered acceptable, or some inappropriate action comes to
light.

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 5 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

Employment contracts should clearly specify as many of the following items as possible:

(a) Is the worker an employee, independent contractor, or agent?

(b) Is there a specified end date or expiration of the employment?
(c) On termination, what is the notice period and how is it to be calculated?
(d) On termination, what is the severance and how is it to be calculated?
(e) What are the grounds for immediate dismissal with cause?
(f) What are the standard hours of work?
(g) What are overtime hours and how is it to be calculated?
(h) What are the benefits and how are they to be calculated?
(i) What is the required notice period when the worker is resigning?
(j) What is the description of the position the worker is to be doing?
(k) What is the pay rate for the position the worker is to be doing?
(l) Who are the person(s) the worker is to report to?
(m) Who are the person(s) - if any – that are to report to the worker?
(n) How often are reviews to be done on the worker’s performance?
(o) Who owns copyright in the work created by the worker?
(p) Are the worker’s moral rights to be waived?
(q) Are there any security clearances required for any of the employer’s workers?
(r) What are the employer’s policies regarding harassment?
(s) What are the employer’s policies regarding work safety?
(t) What are the employer’s policies regarding trade secrets?
(u) What are the employer’s policies regarding information privacy?

Besides providing clarity in employment contracts, the business must ensure that it
undertakes to reasonably perform its own specified responsibilities. The risk here is in acting
as though putting something in writing is sufficient. This is definitely not the case, and the
managers of the business must review their own actions - and inactions – both honestly and
completely if they are to avoid significant potential costs and distractions with regards to
their workers.

(4) Customer Contracts

The importance of customer contracts, and the associated risks, is very similar to
Employment Contracts described above, except that the relationship is between the
business and its customers, rather than between the business and its workforce.

Similar to Employment Contracts, there are many regulations which specify the various
frameworks that apply to the relationship between the business and its customers. At the
provincial level there is the Business Practices and Consumer Protection Act [34], Electronic
Transactions Act [35], Frustrated Contract Act [36], Personal Information Protection Act
[37], Privacy Act [38], and Sale of Goods Act [39]. Federally and municipally there are a
range of regulations as well that must be respected and adhered to, as described above in
(1) Government Regulatory Environment.

Essentially, what the business must do to reduce its many risks in this area is develop a
clear and complete contract describing the terms and conditions of the relationship between

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 6 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

it and its customers. This contract must cover issues of jurisdiction, acceptable use, term or
expiry, performance, warranty, breach of contract, remedies, mitigation, injunctions,
privacy, termination, damages, frustration, payment terms and conditions, etc. It must also
be presented fairly and clearly to its customers in order to ensure each customer has ample
opportunity to review it, and to accept it.

Reviewing these contracts on a regular basis is also recommended to ensure they continue
to reflect prevailing regulations and standard practices. Risks can then be managed on an
ongoing basis, and confidence in the overall business plan can be maintained.

Conclusions

Risks to a business are present in every area of its operation. Four of these areas are
described in this report, since they represent the most significant risks that Secure WISP
Inc. faces as it prepares to start out.

Each of these risks – government regulation, copyright, employment contracts and

customer contracts – represent separate but significant challenges that will require time,
effort, skill and resources to address. If the business is to be successful it must prepare well
and it must commit to a regular review of its progress and its changing environment.

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 7 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

References

[1] Canadian Radio-television and Telecommunications Commission, Reference found on

May 25, 2010 at http://www.crtc.gc.ca/eng/home‐accueil.htm

[2] Canadian Radio-television and Telecommunications Commission, Home > Consumers >
Canadian Content, Mandate, Reference found on May 25, 2010 at
http://www.crtc.gc.ca/eng/cancon/mandate.htm

[3] Department of Justice Canada, Broadcasting Act (1991, c.11), Reference found on May
25, 2010 at http://laws.justice.gc.ca/eng/B‐9.01/20091006/index.html

[4] Canadian Radio-television and Telecommunications Commission, Home > Decisions,

Notices and Orders, Public Notice CRTC 1999-197, Exemption order for new media
broadcasting undertakings, Reference found on May 25, 2010 at
http://www.crtc.gc.ca/eng/archive/1999/PB99‐197.htm 

[5] Canadian Radio-television and Telecommunications Commission, Home > Consumers >
Phone and Internet Services, Internet, Reference found on May 25, 2010 at
http://www.crtc.gc.ca/eng/INFO_SHT/t1003.htm 
 
[6] Canadian Radio-television and Telecommunications Commission, Home > Decisions,
Notices and Orders, Broadcasting Order CRTC 2009-452, Reference to the Federal Court of
Appeal – Applicability of the Broadcasting Act to Internet service providers, Reference found
on May 25, 2010 at http://www.crtc.gc.ca/eng/archive/2009/2009‐452.htm 

[7] Department of Justice Canada, Telecommunications Act (S.C. 1993, c.38), Reference
found on May 25, 2010 at http://laws.justice.gc.ca/PDF/Statute/T/T‐3.4.pdf

[8] Industry Canada, > Radio, Spectrum and Telecommunications > Spectrum Management
and Telecommunications > Radiocom > Spectrum Licensing, Reference found on May 25,
2010 at http://www.ic.gc.ca/eic/site/smt‐gst.nsf/eng/h_sf01734.html 
 
[9] Industry Canada, > Radio, Spectrum and Telecommunications > Spectrum Management
and Telecommunications > Radiocom > Broadband Wireless Access, Reference found on
May 25, 2010 at http://www.ic.gc.ca/eic/site/smt‐gst.nsf/eng/h_sf07029.html 

[10] Industry Canada, > Radio, Spectrum and Telecommunications > Certification and
Engineering Bureau > Wireless Program, Reference found on May 25, 2010 at
http://www.ic.gc.ca/eic/site/ceb‐bhst.nsf/eng/h_tt00010.html 
 
[11] Industry Canada, > Radio, Spectrum and Telecommunications > Spectrum Direct >
Wireless Broadband Services, Reference found on May 25, 2010 at
http://www.ic.gc.ca/eic/site/sd‐sd.nsf/eng/h_00033.html 
 
[12] Geist, Michael, The Lawful Access Spin, Reference found on May 25, 2010 at
http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1009&Itemid=89&nsub 

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 8 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

 
[13] Public Safety Canada, > Newsroom > 2009 News Releases > 2009-06-28: Technical
Assistance for Law Enforcement in the 21st Century Act, Reference found on May 25, 2010
at http://www.publicsafety.gc.ca/media/nr/2009/nr20090618‐1‐eng.aspx 
 
[14] Parliament, House of Commons of Canada, Bill C-74, Reference found on May 25, 2010
at http://www.parl.gc.ca/PDF/38/1/parlbus/chambus/house/bills/government/C‐74_1.PDF 
 
[15] Human Resources and Skills Development Canada, Home > Employment >
Employment Insurance, Reference found on May 25, 2010 at
http://www.hrsdc.gc.ca/eng/employment/ei/ceic/index.shtml 
 
[16] Human Resources and Skills Development Canada, Home > CPP-OAS, Reference found
on May 25, 2010 at http://www.hrsdc.gc.ca/eng/oas‐cpp/index.shtml 
 
[17] British Columbia Government, Ministry of Finance, Corporate Online, Reference found
on May 25, 2010 at
https://www.corporateonline.gov.bc.ca/corporateonline/colin/static/colin/html/index.html 
 
[18] WorkSafeBC, Register your business/firm with WorkSafeBC, Reference found on May
25, 2010 at 
http://worksafebc.com/insurance/registering_for_coverage/register_with_worksafebc/default.asp 
 
[19] British Columbia Government, Ministry of Finance, Harmonized Sales Tax, Reference
found on May 25, 2010 at
http://www.sbr.gov.bc.ca/business/Consumer_Taxes/Harmonized_Sales_Tax/hst.html 
 
[20] City of Vancouver, Licence Office, Who Needs a City of Vancouver Business Licence?,
Reference found on May 25, 2010 at
http://vancouver.ca/commsvcs/LICANDINSP/licences/business/index.htm 
 
[21] City of Vancouver, Licence Office, By-laws and Regulations, Reference found on May
25, 2010 at http://vancouver.ca/commsvcs/LICANDINSP/licences/bylaws.htm 
 
[22] City of Vancouver, Property Tax, Property Tax General Information, Reference found on
May 25, 2010 at http://vancouver.ca/fs/treasury/index.htm 
 
[23] City of Vancouver, Utility Billing, Utility Billing General Information, Reference found on
May 25, 2010 at http://vancouver.ca/fs/treasury/utility/index.htm  
 
[24] Office of the Privacy Commissioner of Canada, Home > Legal Corner > Legal
Information Related to the Privacy Act, Reference found on May 26, 2010 at
http://www.priv.gc.ca/leg_c/leg_c_a_e.cfm#contenttop 
 

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 9 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

[25] Office of the Privacy Commissioner of Canada, Home > Legal Corner > Legal
Information Related PIPEDA, Reference found on May 26, 2010 at
http://www.priv.gc.ca/leg_c/leg_c_p_e.cfm#contenttop 
 
[26] Commissioner for Complaints for Telecommunications Services, Let’s Talk Solutions,
Reference found on May 26, 2010 at http://www.ccts‐cprst.ca/en/ 
 
[27] Industry Canada, Industry Canada > Business Tools and Resources > Corporations
Canada, Reference found on May 26, 2010 at http://strategis.ic.gc.ca/eic/site/cd‐
dgc.nsf/eng/home 
 
[28] The Globe and Mail, article by Omar El Akkad, May 5, 2010, Pending copyright bill to
mimic U.S.: Geist, Reference found on May 27, 2010 at
http://www.theglobeandmail.com/news/technology/globe‐on‐technology/pending‐copyright‐bill‐to‐
mimic‐us‐geist/article1557849/ 
 
[29] Parliament, House of Commons of Canada, Bill C-61, Reference found on May 27, 2010
at http://www2.parl.gc.ca/content/hoc/Bills/392/Government/C‐61/C‐61_1/C‐61_1.PDF 
 
[30] Queen’s Printer, Employment Standards Act, Reference found on May 27, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_96113_01 
 
[31] Queen’s Printer, Human Rights Code, Reference found on May 27, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_96210_01 
 
[32] Queen’s Printer, Workers Compensation Act, Reference found on May 27, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/96492_01 
 
[33] Queen’s Printer, Labour Relations Code, Reference found on May 27, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_96244_01 
 
[34] Queen’s Printer, Business Practices and Consumer Protection Act, Reference found on
May 28, 2010 at http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/04002_00 
 
[35] Queen’s Printer, Electronic Transactions Act, Reference found on May 28, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_01010_01 
 
[36] Queen’s Printer, Frustrated Contract Act, Reference found on May 28, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_96166_01 
 
[37] Queen’s Printer, Personal Information Protection Act, Reference found on May 28, 2010
at http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_03063_01 
 
[38] Queen’s Printer, Privacy Act, Reference found on May 28, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_96373_01 

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 10 of 11

 
 TMGT 7133 Assignment 4
Risk Management Report for Secure WISP Inc.

[39] Queen’s Printer, Sale of Goods Act, Reference found on May 28, 2010 at
http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_96410_01 
 

Copyright (c) 2010 Arthur Wesley Kenzie. All Rights Reserved. page 11 of 11