lawfulaccess

youtube
youtube

Definitely one of the better (and more accessible) discussions of Bill C-13, aka the federal government of Canada’s lawful-access-in-disguise-legislation. Of note: that piece of legislation is “now under a time allocation order that will likely see it sent to committee by mid-week.” If the Committee is rushed, then it’s entirely plausible the legislation could be passed into law before this session of parliament closes for the summer.

ctvnews.ca
Police investigations show even BlackBerry messages can be intercepted

Touted as one of the most secure ways to communicate, BlackBerry smartphones have been put in the spotlight after several police investigations said they were able to track criminals who used the device’s encrypted technology.

“It’s a problem in the way that BlackBerry has marketed some of its services to the consumer market,” said Christopher Parsons, a fellow at the University of Toronto’s Citizen Lab, which specializes on how privacy is affected by digital surveillance.

“It’s a very difficult security posture and probably one that most users … don’t fully understand.”

Parsons said many BlackBerry owners assume incorrectly that their smartphones meet the same standards as BlackBerrys used by major corporations and the U.S. government, even though they’re not operating on the same high-level security servers that have come to define the company’s advantage over its competitors.

A Lawful Access in Canada Timeline (Work in Progress)

So, this is something that I’ve been building for the past few days. It’s drastically incomplete at the moment - it doesn’t include any of the news articles in 2012 or 2013 - but this content issue can be corrected over time. I also (still) have to weed out links that have rotted over the past few years.

So, with those caveats in mind: what do you think? A useful way of following the press coverage of the issue in Canada?

But an attempt by Canadian ISPs to garner an all-access pass that would let them secretly install software to monitor potentially illicit user activity was thwarted, at least in part.

According to the note accompanying the draft regulations, industry representatives “had argued for exemptions from the requirement for consent to install software to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks.”

Under the revised rules, service providers would only be permitted to install software “where illegal activities pose a threat to [their] networks.”

news.nationalpost.com
Cyberbullying law would let police ‘remotely hack into computers, mobile devices, or cars’

Experts say police would be able to install viruses, or malware, into the electronics of anyone suspected of a crime, after gaining judicial approval.

“There’s a series of different tactics that they could adopt. They could engage in phishing schemes — deliberately serving infected files to computers — or it could involve sending URLs to people’s emails and when they click it, it infects their computers,” he said, adding that it could also involve installing malicious apps onto Canadians’ smartphones that work as listening devices. Police could even hack into a car’s OnStar to keep tracking of location, and call logs.

While C–13 is intended to target transmission data — call information, IP address, and location data — Mr. Parsons said it’s entirely possible that C–13 could capture basic data from Canadians’ Skype conversations, as well as a vast field of other digital information. “That’s the way that it reads,” he says.

The powers would still be subject to judicial oversight. The warrants are valid for two months for most crimes, but extends that to a year if the crime is terrorism-related, or if the suspect is connected to a criminal organization.

“Compounding that, there’s no reporting required,” Mr. Parsons said. “We won’t know if it’s 10 requests a year, a hundred requests a year, a thousand requests a year, or a million requests a year.”

Mr. Parsons calls it the dawn of Canadian ‘‘Govware.’’ Passing this bill, as is, said Mr. Parsons, “risks introducing significant, and poorly understood, new powers to the Canadian authorities.”

Mr. Fraser and Mr. Parsons raise the practical implication of the procurement process for this sort of software. If Ottawa contracts out the creation of a digital snooping program, it risks legitimizing the creation of malware, said Mr. Parsons, adding that Ottawa should be fighting to improve the security of our electronics, not exploiting their weaknesses.

Another good piece by Justin Ling, who is quickly becoming a key go-to reporter for all federal government issues privacy- and surveillance-related issues.

cbc.ca
Stockwell Day calls for changes to cybercrime bill

Former public safety minister Stockwell Day says he hopes the Conservative government takes “another look” at its bill to fight cybercrime and curtails some of the powers it would give to police.

This is a unexpected voice, now added to the chorus of experts calling for the lawful access provisions of C-13 to be split from the anti-sexting aspects of the legislation.

motherboard.vice.com
Canada's New Cyberbullying Law Is All About Surveillance

The Conservatives promised that transmission data would not include anything relating to the content of what Canadians are doing online. Fraser disagreed. He told the committee that it included everything from a user’s IP address, details on what computers and browsers are being used, the URL of the website, and ultimately, some level of content from what users are browsing.

Then he moved on to immunity—the complete legal protection for any company that voluntarily forks over Canadians’personal information to police, even without a warrant: “This provision, I believe, should be removed. It can’t be fixed, and will only encourage overreaching by law enforcement,” Fraser said.

Chu says that police have the onus to always take the least intrusive route to an investigation. He, however, incorrectly believed that companies would not have immunity if the requesting officer was acting in bad faith, like if a cop called up Bell to request his ex-wife’s call logs. The language in the bill is clear though: if a peace or public officer requests the information, and the company is legally allowed to disclose it, the company “does not incur any criminal or civil liability for doing so.”

The Tories admitted that, yes, companies can volunteer our personal data without a warrant, but, they maintained, those companies already have that ability. C-13, they argued, just codifies and clarifies it in the law.

However, re-wording the provision will make it a whole lot easier.

I think that the author is bullish in thinking that the legislation might be stopped, but then I was equally depressed at the prospect of C-30 being halted. 

youtube

An excellent rant from Rick Mercer on the lawful access legislation that was recently tabled by the Government of Canada.

ottawacitizen.com
Cyber-bullying, privacy measures should be dealt with separately

“I am concerned about some of the other unrelated provisions that have been added to the bill in the name of Amanda … and all of the children lost to cyberbullying attacks,” she told the committee. “I don’t want to see our children victimized again by losing privacy rights.

“We should not have to choose between our privacy and our safety. We should not have to sacrifice our children’s privacy rights to make them safe from cyberbullying, sextortion and revenge pornography.”

Carol Todd showed a tremendous amount of courage Tuesday. The government should honour her request to split out the cyber-bullying provisions, accept the NDP’s offer to fast-track them, and then turn its attention to finding a more reasonable solution to fighting online threats.

Based on comments during that hearing, I and highly doubtful the government of Canada will split the legislation in two. Still, we can always hope…

nowpublic.com
(Un)Lawful Access: Canadian Government Wants to Spy on You

A snippet:

Without presenting a single shred of evidence that Canadian police need any more power than they already have (arguable too much as it is, if Toronto’s disastrous G20 summit is any indication), you are being asked to believe that handing law enforcement agencies a blank cheque to snoop through your life is actually for your own good.

This is, of course, nonsense. Passing legislation whose only benefit is police convenience comes nowhere close to justifying the dismantling of Canadians’ privacy rights. 

davideby.net
Provincial Liberals Policy Launder for Federal Conservatives?

David Eby, formerly with the British Columbia Civil Liberties Association and now a MLA with the NDP, has written a brief piece about forthcoming BC provincial legislation. The Missing Persons Act would let provincial authorities:

issue emergency orders to telephone companies and internet service providers to get access to your browsing history, text messages, e-mail, voice mail, banking records, you name it. If the companies or individuals don’t consent to the access, police can go to court without notice to you to get your records ordered to be handed over. Any record you can think of is covered by the new law.

However, there would be no notice to the individual(s) affected that such a request had been made, regardless of whether it was appropriate. 

This kind of concern over finding missing people before they’re formally missing is something that the federal government of Canada has previously used to justify its lawful access legislation. Access to subscriber data (though less expansively than envisioned under the BC legislation) was presented as useful in missing persons’ cases, to return stolen property, and more. To date, the federal government has failed to push through its lawful access legislation, though the recent version (C-13) is scheduled for second reading in the coming weeks.

Of note, the BC Liberal party has a substantial number of past-lieutenants from the Prime Minister’s Office that have passed through. Also, the Chief Constable of Vancouver has been amongst the most fervent advocates for the federal lawful access legislation. As such, I have to wonder how much the proposed BC Act is an attempt to address genuine provincial issues and how much it is meant to quietly start introducing or laundering a flavour of the federal lawful access legislation. I also have to wonder if, after this legislation is passed, the Chief Constable of Vancouver will back off of his federal advocacy: was he trying to solve a particular provincial issue by way of lobbying for changes to federal laws?

It’s quite sad, though, that the meagre consensus that was achieved in the federal lawful access fights - that there would be some reporting system, however sad - was excised by the BC Liberals. It’s hard to claim transparency as a political party when you actively undermine attempts to inject it into new (to say nothing of previously past) legislation.

While policies may vary, the sensitive nature of the data produced does not. Traffic data analysis generates more sensitive profiles of an individual’s actions and intentions, arguably more so than communica- tions content. In a communication with another individual, we say what we choose to share; in a transaction with another device, for example, search engines and cell stations, we are disclosing our actions, movements, and intentions. Technology- neutral policies continue to regard this transactional data as POTS traffic data, and accordingly apply inadequate protections.

This is not faithful to the spirit of updating laws for new technology. We need to acknowledge that changing technological environments transform the policy itself. New policies need to reflect the totality of the new environment.

—  Alberto Escudero-Pascual and Ian Hosein, “Questioning Lawful Access to Traffic Data”
smh.com.au
Police spy on web, phone usage with no warrants

Just so it remains clear just how much surveillance can happen in Commonwealth countries when authorities enjoy broad lawful access to communications data without needing warrants:

Law enforcement and government departments are accessing vast quantities of phone and internet usage data without warrants, prompting warnings from the Greens of a growing “surveillance state” and calls by privacy groups for tighter controls.

Figures released by the federal Attorney-General’s Department show that federal and state government agencies accessed telecommunications data and internet logs more than 250,000 times during criminal and revenue investigations in 2010-11.

(…)

Access is authorised by senior police officers or officials rather than by judicial warrant.

Federal agencies making use of telecommunications data include the Australian Federal Police, Australian Crime Commission and Australian Taxation Office, departments including Defence, Immigration and Citizenship, and Health and Ageing, and Medicare and Australia Post.

Data is also accessed by state police and anti-corruption bodies, government departments and revenue offices, and many other official bodies.

Needless to say, that’s an awful lot of parties accessing an awful lot of information about Australian citizens. Not included: statistics on telecommunications data access by the Australian Security Intelligence Organisation.