CBA Speaks Out on ISP Snooping

The Canadian Bar Association has spoken out forcefully against lawful access and the growing concern that ISPs are monitoring or investigating their customers’ communications. In a public letter to the Justice Minister, the CBA notes that ISPs action "seems to be introducing a corporate or industry content monitoring scheme, without the necessity of prior authorization or oversight. This initiative appears significantly more intrusive than the previous legislative proposal."  The CBA is particularly concerned with the privacy and legal implications arguing that "our concerns focus on the profound impact on the privacy of individual Canadians, and particularly on the potential to destroy solicitor client privilege by seizing communications between lawyers and clients."  This is an important development – the CBA has the potential to be a major voice on privacy matters and the quick public letter suggests that they are ready to become more engaged on these issues.


  1. Corporate Espionage and Insider Trading
    It isn’t just solicitor client privilege that they should be worry about. Many business transaction are preceded by e-mails. Just being able to data mine e-mail traffic (without reading the subject and body) will give you an idea that something is going on. This has implication for business, governments, and the TSE.

  2. Daniel Koffler says:

    President, RSM Experts
    If the CBA believes that standard e-mail delivery is currently secure and protects solicitor-client communication, they are dead wrong. Sending clients anything via e-mail is the equivalent of shouting your message to a client across a noisy room.

    If on the other hand, law offices use secured e-mail systems for client communication, then any ISP content monitoring system will not be able to violate any confidentiality requirements.

    I think the CBA doesn’t fully understand the issue. The Internet as medium does not provide nor claim to provide any form of privacy. It is up to the end user to apply a sufficient level of encryption to their communications to suit their needs.

  3. Legal naivite?
    What lawyer wouldn’t argue for privacy and privilege and that email should be a private communication… so should the telephone. Alas how naive might Canada’s lawyers be to suggest that what should be private, any longer IS? Let no one forget that the communications of Canada’s national privacy advocate, the Federal Privacy Commissioner Jennifer Stoddart herself, were not only accessed, but were monitored, opened, and blackberry email messages were read without her even knowing… and this was done 3rd party from the USA. When there is no security in the first place, there cannot be any expectation of privacy nor considerations of legal implications in the second place. Obviously the downside of the remarkable Internet and we are forever different as a society for this reason.

  4. People need to understand the technical
    Many of the comments in this section and related topics are based on a simplistic look at one aspect of snooping and email monitoring. If the public was fully aware of the extent of monitoring options, they would have the right level of concern about the potential impact of ISP monitoring.

    Internet monitoring is based on the fact that all data sent trough the internet is contained in a packet. Each packet contains data and a wrapper. The data is the content, a part of a file, picture, text message etc. The wrapper has the sending information that internet routers use to transmit content from the sender to the receiver(s). If you can assemble all of the packets, you can reconstruct all of the content in an internet session.

    China already has implemented extensive internet traffic monitoring and filtering. Every time unacceptable content is detected, the sending/receiving IP address, ISP etc. data is retained about that person and the offending material is “dumped”. This level of state sponsored filtering requires a significant investment in equipment at the edges of the internet backbone servicing the country. In a communist state, that investment is justified to maintain their ideology.

    ISP’s on the other hand are “for profit” oriented so there are limits to how much they will invest in surveillance assets. Since surveillance assets typically do not provide value added for the customer, the costs cannot easily be passed to the customer unless the government mandates a user charge to pay for monitoring assets.

    Real time, or near real time monitoring of internet traffic only provides a coarse view of the content that is traveling thought the ISP’s system. Typically these are enforced as rules on the router, but since this type of monitoring uses router CPU, it restricts the number of users that each router can support and will slow traffic when the monitoring load on the router exceeds a certain point. This is a frequent occurrence with internet traffic to China. The workload on the router increases proportionately with the number of rules that are being enforced, so a high number of rules will further reduce the number of customers that a router can support. Because router filtering tests limit the economic value of a router, they are typically only used to test for broad conditions, like who is accessing known “bad” servers, domains, countries etc.

    The next type of testing uses multiple servers to perform after the fact analysis on the router logs. Router logs provide a record of every packet that the router handled. Due to the volume of traffic that most ISP routers handle, these logs are HUGE. Analyzing these logs requires huge amounts of storage and large banks of computers to keep up with the work. To perform extensive analysis of router logs could require a service similar to Google in method and size. Again, due to economic factors, I suspect that ISP’s will only use this technology to find high risk candidates.

    Using the first two methods, ISPs or the government are only able to cast a wide and broad net over the traffic in their network and the people who create that traffic. These methods are only likely to catch uninformed and inexperienced (the majority of internet users) performing blatantly inappropriate use of the internet. You need to break a specific rule in order to trigger and event that brings attention to you. Experience internet users have several methods to hide from this type of surveillance.

    Where it gets interesting is when an internet users becomes the focus of an investigation. At that time, a forensic investigation tool is placed on the ISP’s equipment that provides the internet connection for the suspect user. This device captures every packed moving to and from that user’s computer in a database. Investigative tools can then reassemble every layer of the internet communication protocol allowing the investigator to completely reconstruct every session that the user operates over the internet. Essentially, every web site, email, file transferred, can be reconstructed leaving no doubt about the activities of the individual. These tools are even able to decrypt many of the common security methods used to hide internet activity. This method is similar to a telephone wire tap.

    However, for the sophisticated users, there are methods to beat this system as well.

    The bottom line is that inexperienced users are at high risk of being identified and caught in what ever activity the ISP decides is inappropriate. Criminals have methods to avoid the monitoring and censorship.

    Without clear guidelines of what is to be monitored, ISP’s can focus their search on activities that pay lip service to government guidelines and on other monitoring that can give them competitive advantage i.e. eliminating VOIP, movie downloads or music downloads, or demanding a premium toll to pass that traffic. Or worse, errant ISP employees can insert tests on a “for hire” basis to monitor the internet activities of specific individuals.

    This is a serious topic and we need an informed government to set appropriate rules to protect the mass users, while making it easier to investigate real criminals.