In recent years, some groups have claimed that Canada has become a “piracy haven.” These inaccurate perceptions have been fuelled in part by the Special 301 process. However, evidence suggests the contrary. In 2010, the World Economic Forum found that global executives actually rank Canadian intellectual property protection ahead of the United States, the United Kingdom, Japan, and most of Europe.  The WEF's Global Competitiveness Report ranked Canada 13th for IP protection, including anti-counterfeiting measures.  That is ahead of Australia (14th), Norway (16th), United Kingdom (17th), Japan (21st), and the United States (24th).

Evidence even from industry sources suggests that rates of infringement have been declining in Canada. For example, the Business Software Alliance’s annual Global Piracy Report  shows Canada steadily declining as it stands among the 15 lowest piracy countries in the world. Canada's is well below the Western European average and well below the other countries on the USTR Special 301 Watch List. While the BSA noted an increase in the dollar amount, this is due almost entirely to currency fluctuations given the stronger Canadian dollar. According to Michael Murphy, Chairman of the BSA Canada Committee, "at 28 per cent, Canada's piracy rate is at an all time low, dropping six percentage points since 2006."

This decline in piracy is not limited to software. In the aftermath of anti-camcording legislation, the Canadian Motion Pictures Distributors Association acknowledged that illegal camcording had largely disappeared from the Canadian market.  

Not only have piracy rates been declining in Canada, the legal markets for content have been expanding and revenues of the creative industries have been growing. Statistics Canada reports that operating revenue for motion picture theatres in Canada has grown steadily since 2005, with the industry enjoying operating profit margins of 11.3% in 2010. 

Canada is a leader when it comes to online music sales. It is the 6th largest market for recorded music in the world, ranking 6th for digital sales and 7th for physical sales. In fact, the Canadian digital music market has grown faster than the U.S. market for five consecutive years.  The Canadian Recording Industry Association recently cited new survey data confirming that young Canadians are music buyers, which it said leads to the conclusion that Canada "is a digital greenfield opportunity."  In fact, Canada has been home to a robust digital music market with download services such as iTunes, Hip Digital, Puretracks, Archambault, HMV Digital, 7Digital; non-interactive streaming services such as Galaxie Mobile and Slacker Radio; on-demand streaming such as Rdio, BBM Music, and Zune Music Pass; and streaming music videos such as YouTube and Vevo.

The entertainment software industry has also enjoyed remarkable growth in Canada. The industry is now the third largest in the world, employing 16,000 skilled workers. In 2010, the Entertainment Software Association of Canada commissioned a study by SECOR Consulting that surveyed the industry and asked for the top three risks faced by the Canadian video game industry over the next two to five years.  Copyright and piracy concerns ranked near the bottom, well below issues such as changing industry dynamics, lack of talent, government support, rising costs, lack of funding, and outsourcing. In fact, the reference to copyright as a concern was so low - barely above concerns about an economic recession - that SECOR did not discuss it further.

A long section assessing many provisions in C-11 follows, with the conclusion that:

While the Trade Act directs the USTR to ensure that other countries provide adequate and effective protection to US IP rights, it does not define the scope of those rights. In pursuing the Trade Act’s mandate, the USTR must not interpret copyrights to mean unlimited rights tolerant of no limitations and exceptions. Rather the USTR should be guided by U.S. law in evaluating the laws of other countries.  Viewed from a U.S. law perspective, Canadian copyright laws provide adequate and effective protection to US IP rights owners. Limitations and exceptions in current Canadian law as well as proposed limitations and exceptions do not derogate from the effectiveness of these protections. Furthermore, Canadian authorities effectively enforce copyright laws. Consequently, rates of infringement in Canada are low and the markets for creative works are expanding. Placement of Canada on the Special 301 Watch List or Priority Watch List in the face of this evidence would be unjustified. It would only lead to undermining the legitimacy of the Special 301 process. br style=

What does this mean? In short, it gives the government the power to decide what specific surveillance equipment must be installed on private ISP and telecom networks by allowing it to simply take over the ISP or telecom network and install its own equipment. This is no small thing: it literally means that law enforcement has the power to ultimately determine not only surveillance capabilities but the surveillance equipment itself. 

As Privacy International revealed late last year, there is a massive global surveillance industry that specializes in selling invasive surveillance technologies directly to governments and law enforcement. Companies like Gamma Group offer "turnkey lawful interception projects" that includes SMS interception, speech identifying tools, and data retention, while Innova offers "solutions for the interception of any kind of protocols and IP-based communication, such as web browsing, e-mail and web-mails, social networks, peer to peer communication, chat and videochat." Endace offers the "power to see all for Government" and Hacking Team provides a suite of tools for governmental interception. Last year, Wikileaks published a powerpoint presentation from Glimmerglass that shows how law enforcement can link email addresses, online chat, and social media activity to generate detailed profiles of individuals (pages 10-12).

There are dozens of these companies operating around the world, servicing steady demand from the Middle East and Asia. If Bill C-30 becomes law, the Canadian government will be positioned to require private ISPs to install these kinds of technologies directly within their networks.

Bill C-30 requires Internet providers to have the ability to engage in multiple simultaneous interceptions but a wide range of questions - minimum and maximum simultaneous interceptions, how interception requests are made, maximum number of agencies making requests, etc. are all left to future regulations. Bill C-30 doesn't even specify what communications must be interception-capable. Section 7 identifies a series of requirements including enable the interception of communications and isolate the communication. But what is a "communication" for these purposes? That is left to the unspecified regulations.

The mandatory disclosure of subscriber information without a warrant has been the hot button issue in Bill C-30, yet it too is subject to unknown regulations. These regulations include the time or deadline for providing the subscriber information (Bill C-30 does not set a time limit) and "prescribing any confidentiality or security measures with which the telecommunications service provider must comply." In other words, disclosing the disclosure could be subject to further restrictions.

These are just some of the uncertainties. Section 64, which identifies the issues subject to future regulations by the Governor-in-Council cover almost every major substantive issue in the bill. In case the government has forgotten something, there is a catch-all regulatory power "generally, for carrying out the purposes and provisions of this Act."

Public Safety Minister Vic Toews has indicated that he is open to amendments and that the government welcomes debate on the bill at committee. However, it is difficult to propose amendments to an incomplete bill. The public should not be asked to accept lawful access legislation that leaves so many issues to future discussion and regulation. A full debate and reform process necessitates the government coming forward with the accompanying regulations before the hearings on Bill C-30 get underway.

(1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.

(2) A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so.

This provision opens the door to police approaching ISPs and asking them to retain data on specified subscribers or to turn over any subscriber information - including emails or web surfing activities - without a warrant. ISPs can refuse, but this provision is designed to remove any legal concerns the ISP might have in doing so, since it grants full criminal and civil immunity for the disclosures.

While many would hope that ISPs would not hand over personal information without a warrant, revelations that they already provide customer name and address information about 95 percent of the time suggests that police have little to lose in asking for more detailed data preservation and disclosure. Bill C-30 increases the likelihood of "voluntary" warrantless disclosures, creating a legal framework that makes it easy and risk-free from a provider perspective.

Yet the CPCC told the government a much different story in its submission to the Bill C-32 committee. Addressing concerns that the levy could be applied to inappropriate devices, the CPCC assured the government:

The Act also makes provision for the Governor in Council to limit the scope of qualifying “devices” by regulation. Specifically, the definition of "audio recording medium" at section 79 of the Act permits the Governor in Council to prescribe by regulation that a particular type of "recording medium" is not an "audio recording medium".

The process set out in the Act is one that would provide advance notice of any medium or device on which the CPCC wished to collect a levy. The CPCC must file a proposed tariff by March 31st of the year prior to the year in which the levy would come into effect. If the CPCC sought a tariff on a device deemed inappropriate, the Governor in Council could issue a regulation that prevented the Copyright Board from considering such a request. There is, therefore, no legitimate basis for fear that a levy would be imposed on all devices with a hard drive or on any device to which a levy should not apply.

In other words, the CPCC told the government it could use the power to prevent the Board from considering a request on a device deemed inappropriate. The question for cabinet is therefore not whether stopping the hearing is fair. It is whether it believes that expanding the private copying levy system to include microSD cards is appropriate.

The emphasis to date has been on copyright, but it is about more than just copyright. From the SOPA protests in the United States that successfully stopped dangerous legislation to the anti-ACTA protests in Europe that led tens of thousands to take to the streets to the Canadian fight against Bill C-11's digital lock rules and potential incorporation of SOPA-style amendments, Internet users are reacting to efforts to impose restrictions on privacy, free speech, and consumer rights by fighting back.

Yesterday's Twitter-based #tellviceverything was the perfect illustration for how the Internet can fuel awareness and action at remarkable speed. Through thousands of tweets, Canadians used humour to send a strong message that the government has overstepped with Bill C-30 (my favourite remains @kevinharding's Hey @ToewsVic, I lost an email from my work account yesterday. Can I get your copy?). Alongside the Twitter activity are dedicated websites, hundreds of blog postings from commentators on the left and right of the political spectrum, thousands of calls and letters to MPs, and nearly 100,000 signatures on the Stop Spying petition at Open Media.

The numbers are also big on the copyright front in Canada. Nearly 50,000 have signed the No Internet Lockdown petition focused on copyright reform and more than that number have sent emails to MPs opposing the current digital lock rules in Bill C-11. Canadian Heritage Minister James Moore may defend the bill as rejecting American style approaches, but in light of the DMCA-like provisions on digital locks, those claims are no more credible that Toews' assertions about lawful access.

Politicians and political parties have been anxious to tap the Internet as a funding source and as a platform to disseminate their message. Many have been slow to recognize that it is a two-way conversation, however. In recent weeks, Internet users - who are now the overwhelming majority of Canadians - have found their voice. It is informed, funny, and loud. As I wrote last week in the context of copyright, can you hear us now?

In 2007, Public Safety launched a consultation specifically on this issue, which ultimately led to Stockwell Day's promise not to introduce the kind of provisions found in C-30. That consultation assumed mandatory disclosure without a warrant, but the response from various stakeholders was very critical. The Privacy Commissioner of Canada wrote:

Referring to all of this information as customer name and address information is misleading, as is calling these data elements "basic identifiers." This list goes well beyond the customer names and addresses associated with a given telephone number...the assumption behind the consultation paper is that CNA information carries a low expectation of privacy and as such does not require judicial authorization. We disagree: many individuals consider much of this information to be private.

The Information Technology Association of Canada, representing many telecom companies, argued:

ITAC notes that the “basic identifiers” listed in the discussion paper go well beyond what most people would consider to be basic.  IP addresses, email addresses, IMSIs, ESNs, IMEIs and SIM numbers are not the “tombstone” data that is usually associated with CNA information.

The Canadian Wireless Telecommunications Association adopted the same position:

CWTA notes that the types of “basic identifiers” sought for wireless services go well beyond what virtually anyone would consider basic and are much more onerous than those for TSPs using other  technologies. IP addresses and dynamic IP addresses, IMSIs, ESNs, IMEIs, and SIM numbers go well beyond basic “tombstone data” normally associated with CNA.

Civil society groups were of the same view. For example, the Public Interest Advocacy Centre's response:

PIAC further views the CNA information sought to be collected as clearly personal information, either under legal interpretations of various privacy commissioners and courts, or the opinion of the public. Therefore the Minister’s statements to the press that: "We have not and we will not be proposing legislation to grant police the power to get information from internet companies without a warrant. That's never been a proposal," and "It may make some investigations more difficult, but our expectation is rights to our privacy are such that we do not plan, nor will we have in place, something that would allow the police to get that information" should not be based on a semantic game if it is an attempt to define CNA as something other than “information” or to suggest it is not private in this context.

Should the government wish to troll through online personal information without judicial oversight, or under a greatly reduced standard of judicial oversight, it should at the least be subject to serious public oversight (by Parliament and the general public), there should be severe penalties for misuse of the information and its collection and use should be restricted to only highly serious and defined offences.

Yesterday, I posted on the prospect of reaching a compromising on the issue. The starting point is for the government to acknowledge that the information at issue is not mere "telephone book data" but rather personal information that cannot be subject to mandatory disclosure without a warrant.

Consider the biggest privacy concern with Bill C-30: the mandatory disclosure of subscriber information without court oversight. With ISPs and telecom companies complying with law enforcement requests roughly 95 percent of the time, at issue are a relatively small number of cases that to date have required warrants prior to any disclosure. I still think law enforcement has failed to produce a compelling series of examples where the current law has proven problematic. Further, it is not clear whether law enforcement was able to obtain the sought-after information through a warrant in the remaining five percent of cases, though anecdotal evidence suggests they typically were. Regardless, law enforcement wants greater assurances that the information will be available expeditiously in appropriate circumstances.

Bill C-30 actually addresses two significant concerns associated with this issue. First, the prior lawful access bill included a very broad list of data points that could be disclosed, raising serious security concerns and the potential for misuse (eg. the IMEI disclosure that could allow cellphone users to be tracked without a warrant). The number of data points has shrunk from 11 to six, with some of the cellphone data removed. While some of the data points still constitute potentially sensitive personal information (particularly IP and email addresses), a smaller list is better than a larger one. The decision to remove the cellphone identifiers confirms the legitimacy of privacy and civil society criticisms and reminds us that every bill benefits from scrutiny and potential reforms.

Second, with ISPs and telcos providing subscriber data without a warrant 95 percent of the time, there is a huge information disclosure issue with no reporting and no oversight. This is a major issue on its own, particularly since it is not clear whether these figures also include requests to Internet companies like Google and social media sites such as Facebook and Twitter. The RCMP alone made over 28,000 requests for customer name and address information in 2010. These requests go unreported - subscribers don't know their information has been disclosed and the ISPs and telecom companies aren't talking either. Bill C-30 would add new reporting requirements to these disclosures, which should allow for insights into what ISPs and police are doing with subscriber information.

In order to make these two reforms effective, however, two loopholes should be closed. First, the legislation should expressly prevent law enforcement from bypassing the reporting regime by continuing to voluntarily collect some of this information. Second, while the latest changes to Bill C-30 prevent police from forcing telecom companies to hand over mobile device identifiers, they will still be able to collect such identifiers using IMSI catchers. Whether telecom companies will be forced to identify customers associated with mobile device numbers acquired in this manner will depend on the regulations. This is a potential loophole that must be closed, or it will facilitate potential real-world tracking of Canadians that could lead to abuse.

The remaining issue is the inclusion of warrantless disclosure of the six data points. This strikes at a bedrock principle of privacy law and will be rightly opposed by the privacy and civil society community. Yet in talking with law enforcement, it is clear what they want is timely, guaranteed access in appropriate circumstances. They argue the current warrant system does not meet this standard nor do the current privacy rules. But what if a new warrant specific to subscriber information could be developed? Such a warrant could feature a low threshold along with rapid authorization and lower costs. For law enforcement, it would provide the access they want, while for privacy advocates it would maintain the oversight principle.

Mandatory disclosure isn't the only issue with the bill - the oversight of surveillance capabilities remains underdeveloped, the costs associated with surveillance equipment is a giant question mark, and the fears of surveillance misuse based on the experience in other jurisdictions continues to cause concern. There are also issues related to the easy access some of the new production orders provide to potentially sensitive data such as GPS data or transmission data generated during our communications. None of these issues will be easy to solve, but the starting point must surely be a moratorium on the inflammatory us vs. them rhetoric from the government which fosters alienation rather than cooperation.