Watch on quirksintech.ca
Watch on quirksintech.ca

Definitely one of the better (and more accessible) discussions of Bill C-13, aka the federal government of Canada’s lawful-access-in-disguise-legislation. Of note: that piece of legislation is “now under a time allocation order that will likely see it sent to committee by mid-week.” If the Committee is rushed, then it’s entirely plausible the legislation could be passed into law before this session of parliament closes for the summer.

Touted as one of the most secure ways to communicate, BlackBerry smartphones have been put in the spotlight after several police investigations said they were able to track criminals who used the device’s encrypted technology.

“It’s a problem in the way that BlackBerry has marketed some of its services to the consumer market,” said Christopher Parsons, a fellow at the University of Toronto’s Citizen Lab, which specializes on how privacy is affected by digital surveillance.

“It’s a very difficult security posture and probably one that most users … don’t fully understand.”

Parsons said many BlackBerry owners assume incorrectly that their smartphones meet the same standards as BlackBerrys used by major corporations and the U.S. government, even though they’re not operating on the same high-level security servers that have come to define the company’s advantage over its competitors.

Experts say police would be able to install viruses, or malware, into the electronics of anyone suspected of a crime, after gaining judicial approval.

“There’s a series of different tactics that they could adopt. They could engage in phishing schemes — deliberately serving infected files to computers — or it could involve sending URLs to people’s emails and when they click it, it infects their computers,” he said, adding that it could also involve installing malicious apps onto Canadians’ smartphones that work as listening devices. Police could even hack into a car’s OnStar to keep tracking of location, and call logs.

While C–13 is intended to target transmission data — call information, IP address, and location data — Mr. Parsons said it’s entirely possible that C–13 could capture basic data from Canadians’ Skype conversations, as well as a vast field of other digital information. “That’s the way that it reads,” he says.

The powers would still be subject to judicial oversight. The warrants are valid for two months for most crimes, but extends that to a year if the crime is terrorism-related, or if the suspect is connected to a criminal organization.

“Compounding that, there’s no reporting required,” Mr. Parsons said. “We won’t know if it’s 10 requests a year, a hundred requests a year, a thousand requests a year, or a million requests a year.”

Mr. Parsons calls it the dawn of Canadian ‘‘Govware.’’ Passing this bill, as is, said Mr. Parsons, “risks introducing significant, and poorly understood, new powers to the Canadian authorities.”

Mr. Fraser and Mr. Parsons raise the practical implication of the procurement process for this sort of software. If Ottawa contracts out the creation of a digital snooping program, it risks legitimizing the creation of malware, said Mr. Parsons, adding that Ottawa should be fighting to improve the security of our electronics, not exploiting their weaknesses.

Another good piece by Justin Ling, who is quickly becoming a key go-to reporter for all federal government issues privacy- and surveillance-related issues.

Former public safety minister Stockwell Day says he hopes the Conservative government takes “another look” at its bill to fight cybercrime and curtails some of the powers it would give to police.

This is a unexpected voice, now added to the chorus of experts calling for the lawful access provisions of C-13 to be split from the anti-sexting aspects of the legislation.

The Conservatives promised that transmission data would not include anything relating to the content of what Canadians are doing online. Fraser disagreed. He told the committee that it included everything from a user’s IP address, details on what computers and browsers are being used, the URL of the website, and ultimately, some level of content from what users are browsing.

Then he moved on to immunity—the complete legal protection for any company that voluntarily forks over Canadians’personal information to police, even without a warrant: “This provision, I believe, should be removed. It can’t be fixed, and will only encourage overreaching by law enforcement,” Fraser said.

Chu says that police have the onus to always take the least intrusive route to an investigation. He, however, incorrectly believed that companies would not have immunity if the requesting officer was acting in bad faith, like if a cop called up Bell to request his ex-wife’s call logs. The language in the bill is clear though: if a peace or public officer requests the information, and the company is legally allowed to disclose it, the company “does not incur any criminal or civil liability for doing so.”

The Tories admitted that, yes, companies can volunteer our personal data without a warrant, but, they maintained, those companies already have that ability. C-13, they argued, just codifies and clarifies it in the law.

However, re-wording the provision will make it a whole lot easier.

I think that the author is bullish in thinking that the legislation might be stopped, but then I was equally depressed at the prospect of C-30 being halted. 

“I am concerned about some of the other unrelated provisions that have been added to the bill in the name of Amanda … and all of the children lost to cyberbullying attacks,” she told the committee. “I don’t want to see our children victimized again by losing privacy rights.

“We should not have to choose between our privacy and our safety. We should not have to sacrifice our children’s privacy rights to make them safe from cyberbullying, sextortion and revenge pornography.”

Carol Todd showed a tremendous amount of courage Tuesday. The government should honour her request to split out the cyber-bullying provisions, accept the NDP’s offer to fast-track them, and then turn its attention to finding a more reasonable solution to fighting online threats.

Based on comments during that hearing, I and highly doubtful the government of Canada will split the legislation in two. Still, we can always hope…

David Eby, formerly with the British Columbia Civil Liberties Association and now a MLA with the NDP, has written a brief piece about forthcoming BC provincial legislation. The Missing Persons Act would let provincial authorities:

issue emergency orders to telephone companies and internet service providers to get access to your browsing history, text messages, e-mail, voice mail, banking records, you name it. If the companies or individuals don’t consent to the access, police can go to court without notice to you to get your records ordered to be handed over. Any record you can think of is covered by the new law.

However, there would be no notice to the individual(s) affected that such a request had been made, regardless of whether it was appropriate. 

This kind of concern over finding missing people before they’re formally missing is something that the federal government of Canada has previously used to justify its lawful access legislation. Access to subscriber data (though less expansively than envisioned under the BC legislation) was presented as useful in missing persons’ cases, to return stolen property, and more. To date, the federal government has failed to push through its lawful access legislation, though the recent version (C-13) is scheduled for second reading in the coming weeks.

Of note, the BC Liberal party has a substantial number of past-lieutenants from the Prime Minister’s Office that have passed through. Also, the Chief Constable of Vancouver has been amongst the most fervent advocates for the federal lawful access legislation. As such, I have to wonder how much the proposed BC Act is an attempt to address genuine provincial issues and how much it is meant to quietly start introducing or laundering a flavour of the federal lawful access legislation. I also have to wonder if, after this legislation is passed, the Chief Constable of Vancouver will back off of his federal advocacy: was he trying to solve a particular provincial issue by way of lobbying for changes to federal laws?

It’s quite sad, though, that the meagre consensus that was achieved in the federal lawful access fights - that there would be some reporting system, however sad - was excised by the BC Liberals. It’s hard to claim transparency as a political party when you actively undermine attempts to inject it into new (to say nothing of previously past) legislation.

A Lawful Access in Canada Timeline (Work in Progress)

So, this is something that I’ve been building for the past few days. It’s drastically incomplete at the moment - it doesn’t include any of the news articles in 2012 or 2013 - but this content issue can be corrected over time. I also (still) have to weed out links that have rotted over the past few years.

So, with those caveats in mind: what do you think? A useful way of following the press coverage of the issue in Canada?

But an attempt by Canadian ISPs to garner an all-access pass that would let them secretly install software to monitor potentially illicit user activity was thwarted, at least in part.

According to the note accompanying the draft regulations, industry representatives “had argued for exemptions from the requirement for consent to install software to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks.”

Under the revised rules, service providers would only be permitted to install software “where illegal activities pose a threat to [their] networks.”

Public Safety Minister Vic Toews states that the government’s proposed lawful access legislation is on a par with a phonebook linking phone numbers to a residential address. This is highly misleading (The Poop On E-Snoop – letters, Dec. 3).

Anyone can look up information in the phonebook, but they cannot compel Rogers or Bell to turn over “phone record” data that the government is after. The minister has not noted that his proposal would expand “phone records” from three items (name, address, telephone number) to 11. We are familiar with what those three items mean, but how many can decode the mysterious acronyms of digital and mobile communications: the IP address, the MIN, the SPIN, the ESN, the IMEI, the IMSI, the SIM? The minister isn’t talking about phone records, but about giving authorities access to a range of identifiers that tell a great deal about our personal lives. So, can we please have a debate about the Internet instead of one about “phonebooks”?

—  Colin Bennett, Christopher Parsons, “E-snooped upon

While policies may vary, the sensitive nature of the data produced does not. Traffic data analysis generates more sensitive profiles of an individual’s actions and intentions, arguably more so than communica- tions content. In a communication with another individual, we say what we choose to share; in a transaction with another device, for example, search engines and cell stations, we are disclosing our actions, movements, and intentions. Technology- neutral policies continue to regard this transactional data as POTS traffic data, and accordingly apply inadequate protections.

This is not faithful to the spirit of updating laws for new technology. We need to acknowledge that changing technological environments transform the policy itself. New policies need to reflect the totality of the new environment.

—  Alberto Escudero-Pascual and Ian Hosein, “Questioning Lawful Access to Traffic Data”
Watch on quirksintech.ca

An excellent rant from Rick Mercer on the lawful access legislation that was recently tabled by the Government of Canada.

A snippet:

Without presenting a single shred of evidence that Canadian police need any more power than they already have (arguable too much as it is, if Toronto’s disastrous G20 summit is any indication), you are being asked to believe that handing law enforcement agencies a blank cheque to snoop through your life is actually for your own good.

This is, of course, nonsense. Passing legislation whose only benefit is police convenience comes nowhere close to justifying the dismantling of Canadians’ privacy rights. 

Text
Photo
Quote
Link
Chat
Audio
Video