Columns

Lawful Access Bills Would Reshape Internet in Canada

The push for new Internet surveillance capabilities goes back to 1999, when government officials began crafting proposals to institute new surveillance technologies within Canadian networks along with additional legal powers to access surveillance and subscriber information.  The so-called lawful access initiatives stalled in recent years, but my weekly technology law column (Toronto Star version, homepage version) notes that earlier this month the government tabled its latest proposal with three bills (C-50, C-51, C-52) that received only limited attention despite their potential to fundamentally reshape the Internet in Canada.

The bills contain a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers.  

The first prong mandates the disclosure of Internet provider customer information without court oversight.  Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so.  The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers.  

While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person.  Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community.

The second prong requires Internet providers to dramatically re-work their networks to allow for real-time surveillance.  The bill sets out detailed capability requirements that will eventually apply to all Canadian Internet providers.  These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.

Moreover, the bill establishes a comprehensive regulatory structure for Internet providers that would mandate their assistance with testing their surveillance capabilities and disclosing the names of all employees who may be involved in interceptions (and who may then be subject to RCMP background checks).  

The bill also establishes numerous reporting requirements including mandating that all Internet providers disclose their technical surveillance capabilities within six months of the law taking effect.  Follow-up reports are also required when providers acquire new technical capabilities.

The requirements could have a significant impact on many smaller and independent Internet providers.  Although the bill grants them a three-year implementation delay, the technical capabilities extend far beyond most of their commercial needs.  Indeed, after years of concern over the privacy impact associated with deep-packet inspection of Internet traffic (costly technologies that examine Internet communications in real time), these bills appear to require all Internet providers to install such capabilities.

Having obtained customer information without court oversight and mandated Internet surveillance capabilities, the third prong creates a several new police powers designed to obtain access to the surveillance data.   These include new transmission data warrants that would grant real-time access to all the information generated during the creation, transmission or reception of a communication including the type, direction, time, duration, origin, destination or termination of the communication.

Law enforcement could then obtain a preservation order to require providers to preserve subscriber information, including specific communication information, for 90 days.  Finally, having obtained and preserved the data, production orders can be used to require the disclosure of specified communications or transmission data.  

While Internet providers would actively work with law enforcement in collecting and disclosing the subscriber information, they could also be prohibited from disclosing the disclosures as court may bar them from informing subscribers that they have been subject to surveillance or information disclosures.

Few would argue that it is important to ensure that law enforcement has the necessary tools to address online crime issues.  Yet these proposals come at an enormous financial and privacy cost, with as yet limited evidence that the current legal framework has impeded important police work.

85 Comments

  1. Ugh.
    So much for just cause

  2. editor, the wire report
    Instead of lawful access, should we be calling this the “warrantless spying bill”? Or “warrantless surveillance”?

  3. Write your MP!
    I wrote my MP, let them know what you think!


  4. So what happened to the Canadian Charter of Rights?

    “8. Everyone has the right to be secure against unreasonable search or seizure.”

    Looks to me like they want to bypass the court. Which is the only qualified institution to decide if a search is reasonable or not.

    Otherwise we’ll have Officer Bubbles wiretapping and suing everyone.

    Nap.

  5. caninecasbah says:

    charter of rights
    Ontario already has marginalized and criminalized pet owners by enacting the DOLA – which allows any AC officer or any police person to enter any home without a legal search and seizure warrant under the guise of looking for a ‘pitbull’. That this was upheld by the Supreme Court of Canada effectively means we have already lost our rights and freedoms. This is also being touted for CPA records as a way to have ‘checks and balances’.

  6. DOLA
    Not really. It is the “prevent imminent bodily harm or death to any person” clause that police always had. They can even shoot you down on the spot under such circumstances. BUT they’ll have to justify their action later in court if it was deemed an abuse.

    What the new laws say is that Officer Bubbles would have the authority to freely look through YouTube logs to see who posted the “ZOMG I CAN HAZ BUBBLES!” comments, without ever having to justify to anyone why he did that.

    DOLA: “In exigent circumstances, designated peace officers will have a right of entry without warrant. Exigent circumstances include circumstances where there are reasonable grounds to believe that entry without warrant is necessary to prevent imminent bodily harm or death to any person or domestic animal.”

    Nap.

  7. Un-Trusted Computing says:

    Write your MP and have a backup plan
    Due to political opportunism, pressure from law enforcement agencies, and required propaganda about Child Pornography and Terrorism some ill thought out version of this law will eventually surface.

    It isn’t a matter or “if” it’s a matter of “when”

    Which isn’t to say that pressure shouldn’t be brought down on our elected officials, and that the idiots that vote this in shouldn’t be trounced it just means that something like this is coming.

    Which brings me to my next point… seeing as we now all know this is coming let’s take the time to learn about proxies, VPNs, and the various encryption technologies that will protect us from our ISPs and make this more than a simple admistrative process.


  8. I guess that these laws were what was holding them from finding Ben Laden.

    Nap. :-)

  9. bite me
    As the owner of a very small ISP in Canada the government will have to lock me up before I provide customer information without warrant. I understand the need for retaining information in the event a crime was committed, hence the need for warrants to subpoena possible information. Never will government have access to my servers.

    I don’t buy the whole concept behind ‘If you’ve done nothing wrong, you should have nothing to hide’ motto. This proposed legislation is a clear violation of human rights and would enable automated trolling by the government – putting people on watch lists based on keywords.

    What’s next – the ability for cops to download our cars ‘speed and GPS logs’ then backdate speeding tickets for every time the speed limit was breached? Or maybe auto-upload the information from our cars to the ‘big brother’ network and automatically send us tickets.

  10. Well in theory I can understand what is being proposed, and for things like terrorism and human rights abuses like kiddie porn.. And I am all for that type of use.. But we all know it will abused by the Media giants and RIAA file sharing.. So somehow downloading an MP3 will warrant the same punishment as terrorism, at least according to internet laws.. And thanks to the donations made to the current political by these companies who will benefit by these laws will get in.. Kinda scary when the people of North Korea are starting to have more rights and freedoms as us Canadians..

  11. Software Tester for an ISP
    “seeing as we now all know this is coming let’s take the time to learn about proxies, VPNs, and the various encryption technologies that will protect us from our ISPs and make this more than a simple admistrative process.”

    So it looks like my idea for a unique cipher encryption program could actually be marketable. Thanks Canada! At least I’ll know what to do if the ISP I work for goes under.

  12. who should i contact?
    hi
    who should I be contacting to try and stop this?

    Could you post a name,email or number if its one person?
    If it a level of government thing then which level?

    Thank you

  13. RE: charter of rights
    >Ontario already has marginalized and criminalized pet owners by
    >enacting the DOLA – which allows any AC officer or any police person
    >to enter any home without a legal search and seizure warrant under the
    >guise of looking for a ‘pitbull’.

    This is also true of gun owners. Bill C-68 grants the police the power to enter a firearm owner’s home, without a legal search and seizure warrant, under the guise of safety inspections. This is country-wide, as C-68 is a federal bill.

  14. Anyone catch the ‘new methods’ mentioned in the recent murder investigation in langley bc?
    I saw a tv news item where the police PR person mentioned ‘new methods’ that allowed them to catch the murderers.

    Seemed to me that we’re already being spied upon, and the announcement was made in the most politically supportive way – during a murder investigation.

  15. let’s not forget – where does this data get stored, and by who?
    In the US a lot of the warrantless wiretapping data is outsourced to companies with links to Israeli Intelligence.

    With the latest Zio-loving statements by our esteemed douche of a Prime Minister I would not be suprised if he is in their pocket.

    This warrantless wiretapping should be fought against by ALL canadians.

  16. The requirements should
    be the same as for intercepting telephones. Period. Mind you, the requirements would apply not only to law enforcement but also to the ISPs. If we want to treat them as a telecommunications providers, then lets do so.

    Its not like the police in the past haven’t abused the resources available, either rogue officers accessing databases when they had no cause to do so (wasn’t an officer with the Ottawa police recently convicted of doing so?) or as a concerted effort (for instance, the G20 and “10 meter” thing related to public works, mining the databases at the Canadian Firearms Centre for “Project Safe City” in Toronto seizing guns).


  17. @Abysmal: “Well in theory I can understand what is being proposed, and for things like terrorism and human rights abuses like kiddie porn..”

    It used to be War On Communism to justify government abuses. Remember McCarthy’s era? Whoever objected was declared a communist and fought full force.

    When people got bored of that, they came with War On Drugs. Objections? We’ll do a search and find you’re guilty of possession. Who could tell it was planted.

    Then we got bored of that one too, so here comes War On Terror. Objections? You must be a terrorist too and thou shalt be water-boarded until you confess.

    Now we got bored and disgusted of that one too, so here comes War On Pervs. Objections? You must be one of them. How disgusting. Show us your hard drive now or else.

    Nap.

  18. Ways around this:
    1. Use or rent a proxy server to tunnel your traffic out of Canada. They can’t see what is in your packets if the only destination you communicate is encrypted.
    2. Use TrueCrypt or other hard drive encryption that support plausible deniability. If they want to search your hard drive, give it to them. They won’t know what to make of the mess that is encrypted 1′s and 0′s.
    3. If you want to download whatever you want, obfuscate your protocol. Many P2P applications support this as do Torrents.

    Disclaimer: I don’t support the downloading of illegal material. I only offer options that protect privacy.

  19. Systems admin
    I myself have turned away RCMP inquiries about users because they had not provided me evedence of warrent or court order. Im sure they had a good reason to ask questions, but user privicy is supposed to be protected by our bill of rights. I have also helped initiate lawful surveilance with all the proper paperwork filed out. I have no problem with that. The current system works fine and this bill clearly violates section 8 of the canadian charter of rights and freedoms.

  20. RE: Ways around this
    The real solution is to fight bad laws, not merely be satisfied that a select few can find loopholes around them.

  21. Good time
    Now more than ever, encrypt your emails, and require that others do the same.

  22. Rural HighSpeed….
    So anywhere outside of major cities and such, this will cause highspeed internet to take even longer. Along with phone and other data services!

    So I will declare – Greed of Music and Movie Companies, along with the Terrorists who wish to destroy our freedoms and force us to live in a police state have won if this passes!! What are we willing to sacrifice in order to be “safe”? I am not saying we should encourage deviant behavior – that is not preferred at all! In doing this though we have to ask – are we giving up too much?

    If it is just the police, and they are able to stay clear of impropriety I am fine with this – but that will not be the case. I can almost hear Movie and Music companies salivating at this.

    http://www.zeropaid.com/news/86333/uk-file-sharers-download-19b-worth-of-content-annually/

    They have lied before to make it seem they lose a lot more with pirating than is really possible! Get ready to bow to your new corporate masters!!!!

  23. The main thing that bothers me is the warrant-less part. They should at least need to get a warrant to be able to monitor your Internet traffic.

    I’m also concerned about who’s going to end up bearing the brunt of the extra costs these laws are going to add to the ISPs. My suspected answer is, of course, the consumer, but it would be nice if the government/police ponied up the money since they are the ones asking for this.

  24. Too little too late, technology is already beyond this.
    Technology has already made these kinds of things obsolete. The majority of email is already using TLS or SMPTS. More and more web sites are going to SSL (HTTPS) as their default. VPN connections are quite common. Even VoIP is being encrypted.

    This is not being driven by police surveillance concerns, but by privacy concerns from everywhere. Wireshark or even simplified tools like Firesheep make *any* unencrypted connection subject to “snooping”.

    The upshot of this is that the individuals that police forces *need* to catch won’t be affected by this. The only ones that will be affected are the innocent.
    The “right” answer is still old fashioned police work. Abet into a new technology environment. Infiltration and old fashioned evidence gathering.

    In terms of modern technology, it appears our lawmakers (and the lobbyists who are advising them) are at the stage of attempting to outlaw or brand “getaway horses”. They are constantly looking backwards, and finding solutions for yesterday’s problems. When will we get something that is forward looking? Or at least recognizes that technology has already moved beyond what they are trying to solve?

  25. re: Too little too late, technology is already beyond this
    re: “Technology has already made these kinds of things obsolete. The majority of email is already using TLS or SMPTS. More and more web sites are going to SSL (HTTPS) as their default. VPN connections are quite common. Even VoIP is being encrypted”

    The deep packet inspection technology is ahead of the game too though. Just because the data is encrypted, doesn’t mean it’s unreadable. The average hacker doesn’t have the resources to read real-time encrypted data communications, but multi-billion dollar ISP’s and governments do. Don’t be fooled into thinking encryption is the way to freedom.

    We need to stop this human rights violating legislation, not find ways around it to feel secure.

  26. Michael Richardson says:

    President, Sandelman Software Works
    This is simply an attack by incumbent telcos on smaller ISPs.
    They already have this equipment, they use it to abuse their customers.

    Now they want to make sure that everyone has to buy this equipment, and they found a “partner” in the form of overzealous, under-educated law enforcement.


  27. @Greg: “The average hacker doesn’t have the resources to read real-time encrypted data communications, but multi-billion dollar ISP’s and governments do.”

    Is this why so many governments went ballistic on RIM to remove encryption from Blackberry mail?

    Nap.

  28. “I’m also concerned about who’s going to end up bearing the brunt of the extra costs these laws are going to add to the ISPs.”

    No worries it’s already been taken care of by the Usage Based Billing bill:
    http://www.crtc.gc.ca/eng/archive/2010/2010-802.htm

  29. “… mandates the disclosure of Internet provider customer information without court oversight.”

    Last I checked, this is what the law requires of phone numbers, which is a reasonable comparison to IP addresses. This information is required so that law enforcement can then acquire the warrants needed to conduct surveillance. Frankly this article seems to be fear mongering. The preponderence of evidence is that there are sufficient criminal activities on the internet to justify the implementation of this bill. The bill seems to include the right amount of infrastructure requirements and judicial oversight. If you don’t trust the judiciary then the bill is only a symptom of a bigger illness.

  30. They suck
    This is retarted. i don’t agree with it at all. Thre must be a better way. If this goes though,256 bit encryption here i come.

  31. Think about the wonderful opportunities these laws will present to identity thieves, bank card compromisers, and bank account riflers.

  32. What tools are necessary?
    Is it reasonable to allow the police to warrantlessly put cameras wherever they want?

    Is it reasonable to attach or integrate remote tracking devices to every car, just in case some police officer wants to warrantlessly turn it on?

    Is it reasonable to… well, I think you can come up with more examples.

    Personally I think that obtaining details or tapping of entire internet streams ought to require a warrant –even an automated digital one would do, as long as some judge reviewed the thing and signed it–, and I also think that if you require ISPs to overhaul their entire network and get effectively all network technicians background checks and security clearances, that you’re being a tiny mite high-handed.

    Most of all, I think that a competent but restrained police force is preferrable to an all-capable but barely competent one. These bills seek to give lots of powers to a bunch that isn’t known for their grasp of technology. This doesn’t strike me as a shining example of effectiveness.

  33. Re: DW on revealing personal data
    Well, why would that be “necessary” for any other reason than that the procedures are written that way? You could perfectly well write a request for a warrant on the phone number, asking for customer data as well as call logs and such. I don’t see why it should be available without warrant even for telephone communication.

    Of course, warrants then ought to be quick to review and issue, but that’s another issue. The question here is whether, apart from sheer practicalities, judicial oversight is needed. And I think it is.

    Experience teaches us that warrantless easy access will be abused this way or another. In extremely lawful interception happy the Netherlands, last year there were some 80k “dips” for telephone info with only some 12k ending up actually being used for cases. That appears to be endemic in police attitude there, with unoversighted requests rampant and no justification necessairy. So no, I don’t see warning against the risks as fearmongering. We need that judicial overview, and we need it more than ever.

  34. Un-Trusted Computing says:

    @liberty
    “The real solution is to fight bad laws, not merely be satisfied that a select few can find loopholes around them.”

    Using VPNs, proxies, and encryption is like securing your property, locking your door or bicycle.

    It isn’t bullet proof but it does create an additional step for law enforcement to go through and chances are they would require some type of legal paper work to get information from an overseas VPN provider, which in turn would make them accountable to someone.

    The issue here is not that the police should never come knocking on your door. The issue is that if they make a case to invade your privacy, they do so with full disclosure and that there are checks and balances in place to make sure that whatever they find can only be used in conjunction with what they requested the warrant for.

  35. Shawn Halayka says:

    What a strange proposal.
    Let’s see… We have a proposed violation of rights and privileges granted to Canadian citizens by law.

    Let me guess… this is Prentice’s goodbye present to Canada?

    I want the gift receipt for anything he touched, ever.

  36. waste of money
    Why do they waste time and money proposing detailed rules for bills that would require millions of dollars to implement, without promising funding, and that violate section 8 of the charter of rights and freedoms?! And what do these bills accomplish? Nabbing a handful of criminals. Maybe we need to stop the ‘gravvy train’ in federal politics now.

  37. Making the Internet Wiretap Friendly
    In this great video on the same issue in the states, Snuggly the Security Bear asks, “Is your network wiretap friendly?”

    http://www.markfiore.com/political-cartoons/watch-snuggly-the-security-bear-internet-privacy-civil-liberties-domestic-spying-animated-video-mark-fiore-an

  38. Who can argue against catching child pornographers and terrorists?

    But then who is to say it will not also be used to catch ‘Radical Extremists”? The same people who just want to protect their privacy against undue inspection will use the same type of encryption as the perverts and criminals, then how will we tell the difference?

    There better be some strong controls and accountability to reign in temptation for the authorities.

    Technological measures and countermeasures are like a dog chasing it’s tail, spending a huge amount of resources and energy to go nowhere.

  39. Speaking of access …
    Another ‘well’ intentioned effort by the **AA to again overreach their control as the sky falls in upon them. [Chicken little if you only knew]

    http://arstechnica.com/tech-policy/news/2010/11/bill-would-nuke-visa-cards-adwords-dns-records-for-pirates.ars?comments=1#comments-bar

    No chance for abuses here .. 0_o

  40. Junji Hiroma says:

    Lao Tzu Already Knows what will happen
    “The more laws and order are made prominent, the more thieves and robbers there will be”

  41. Mr Geist A Question.
    The Australian government a while ago proposed as sort of mandated Internet filter, It has sort of been put on the back-burner , not for reasons of principle but because it is unworkable.
    Purely pragmatically ; China has to employ millions of people and spend a lot to maintain a fair degree of control/surveillance of the Web.
    The ISP surely would have grounds to demand public payment for what is clearly a public policing role.
    And even then can canda afford the bill?

  42. Doubts about storage
    I doubt the police can set up a secure system to hold all that data.

    There’s probably stronger arguments against, but this is like asking for more than one can handle.

    I always find it strange to see Windows screen savers on laptops in police cars.

    Stephan

  43. re: Too little too late, technology is already beyond this
    Greg: “Just because the data is encrypted, doesn’t mean it’s unreadable.
    …read real-time encrypted data communications, but multi-billion dollar ISP’s and governments do”

    This isn’t Hollywood.

    First thing to remember, is that if you can trust your online banking transactions, you can trust the encryption used.

    Second thing to remember, is that various non-government organizations also have access to equivalent computing power.

    Nothing is uncrackable. But strong encryption takes staggering amounts of compute power, and time, to crack. For a single encrypted message/connection. The next connection (web click/hit) is a new connection with new encryption and has to be cracked all over again.

    Because of the first 2 points above, the whole technology industry has a strong interest in strong encryption, and stronger versions are always on the horizon. Yes, large organizations have the required compute power to crack such, but none of them (yet) have the power to crack it in “real time”, never mind for billions of connections per second. Once they get to that point, the finance industry will have ensured that even stronger encryption is already in common use.

    The key is to get people (and web sites) to actually use the encryption for everyday things like search, web surfing, email, etc. Recent “public” threats have already raised the awareness levels sufficiently for it to become more and more common.

    The people that have “something to hide” are already aware of strong encryption, and use it. The only ones that would be at risk are the innocent, the ones that never had any need to investigate the state of today’s art. In today’s environment, even they have reasons to do so.

    Too little, too late.

  44. I guess Canada is not exactly free from tyranny, anymore.

  45. Why wasn’t this FRONT PAGE in the media?!
    Hey! How come the comments section at the Ottawa Citizen isn’t up for this article today?! I can see why they stuck it in the business section – if even the big biz guys’ emails can be monitored by the cops w/o having to go through a judge first, the obvious result would be a LOT of pretty rich, early retired cops, holding some surprising patents & copyrights, and some “astrangely” bankrupt businesses; if the big biz boys won’t get on Harper’s case about this, they’re done, along with the rest of us, too.

  46. Plausibility and Legality
    Realistically there is nothing that with crack a strong encryption method in real time. VPNs and proxies will become popular. Privacy tools such as Tor and I2P will become much more popular. I2P, for instance, uses both 256-bit AES encryption along with 2048-bit ElGamal encryption, along with IP obfuscation. I don’t think either encryption method has any known attack weakness other than brute-force. Unfortunately this security currently comes at a pretty serious performance hit. Like C-32 these bills will do nothing to catch those they would like. This just opens us up to all kinds of litigation possibilities. I can just see copyright Trolls drooling over these.

    What about the legality of it. Currently, I believe it is illegal to spy on encrypted traffic in Canada and, as others have mentioned, it violates the charter of rights and freedoms.

  47. You’re ALL Guilty Until Proven Innocent!
    You’re ALL Guilty Until Proven Innocent!

    A Law is a Law is a Law (and no, we’re not muslims)!

    Are you writing software, or a collaborative screenplay or book online? Then we want access! Do you know how much they pay us? Not enough!

    Thanks for funding our retirement, consumer/citizen-suckers!


  48. Oldguy said: “The people that have “something to hide” are already aware of strong encryption, and use it. The only ones that would be at risk are the innocent, the ones that never had any need to investigate the state of today’s art. In today’s environment, even they have reasons to do so.”

    …and those have become complacent. Downloading has become second nature to today’s youth. This is nothing more than another wedge that will generate further disrespect for copyright. They can say it’s to catch terrorists all they want, but any respectable terrorist is smart enough to use decent encryption. This will end up being nothing more than a way to locate and sue copyright infringers with John-Doe trolling suits…just as it has in the US, UK and France.

  49. hmmm
    I’m a little late coming in on this. You know…the only feasible solution for what they want to do would be to make encryption illegal. Of course, that would mean gutting the Internet, destroying e-business and giving identity thieves free reign. But hey, they can hire all those who lost their jobs as result to monitor the traffic. Really all this to ensure some fat-a$$ media execs can afford another Ferrari eh??

  50. …also…
    Wouldn’t this be in direct conflict of the “notice in notice” approach proposed in C-32?

  51. Man in the middle
    Don’t forget that the ISPs are in the favorable position of being the “man-in-the-middle”:

    http://en.wikipedia.org/wiki/Man-in-the-middle_attack

    Nap.

  52. Ap Palled
    I have said to all and sundry for years now that politicians are nothing but hypocritical, opportunistic, dishonest, self-serving scumbags [have I left any relevant adjective out?]. Now I can say, without fear of intelligent contradiction, that they are also fascist, stupid weasels. Unfortunately, I cannot say in print what they deserve. What is the difference between Canadian politicians and their historical precursors, Stalin, Hitler, Mao, given their proposed and soon-to-be adoption of police state policies such as unmitigated spying on us as citizens of this former democracy? Not a lot, as far as I can see.

  53. DarwinSurvivor says:

    Telephones
    What is the big difference between the internet and your telephone? Lots of people now use the internet AS their phone. VOIP, Skype, instant messenger and even email (to a point) are all replacements for a standard telephone.

    Law enforcement is only allowed to look at who you called, when and for how long, they cannot record you or tap your phone without a WARRANT and once they get a warrant, they can only tap you from that point on. They can’t record you for weeks, then get the warrant if something “interresting” happens.

  54. SurvivorOfPoliceAbuse says:

    Old History
    Imagine if Harry Jacob Anslinger never was the large jackass he was. The Canadian government would then be able to allow us all free education, or some thing more interesting then just a remake of 1984. Do all Canadian that run the country suck up to the USA? This all seems very un-Canadian to keep this kind of stupidity running at this level. Watching me fix my ASCII in real time…

  55. Democracy
    Do governments really want democracy, or do they want power? I think it should be up to the people to decide how we should promote the useful arts, and if the opportunity to police the flow of information lies too far beyond what we feel is a safe power to grant some people, then we should not grant it. We can promote art without believing in Intellectual Property, it happpens in food, fashion, and can happen with data, too.
    Be anonymous. Just run open software and pay cash as you go. Do it for democracy, that should be our motto.

  56. @Nap
    “Don’t forget that the ISPs are in the favorable position of being the “man-in-the-middle””

    I don’t consider this to be a desirable situation as it’s most likely an impossible task. As I read this, ISPs are going to be given the, yes impossible, task of monitoring traffic in real time. Our moron U$-a$$-ki$$ing bureaucrats have no idea of what this means or exactly how impossible it really is. Just to rattle off some stats… There is an estimated 500 exabytes of data on the Internet. That is 500,000,000 terabytes or 500,000,000,000,000 MB. To put that in to perspective, the entire US Library of Congress would fit in to about 20 terabytes. Now, a high-bandwidth connection can download an entire book in a matter of seconds or even less. Even unencrypted, to “meaningfully” parse and process that much data in real time, say with some sort of data mining, Bayesian, or fuzzy logic algorithm, would require an enormous amount of processing power. Now add in encryption, TCP/IP protocol compression, software compression (Such as ZIP and RAR), binary file-types (Such as PDF or EXE)….you can see where I’m going. Now compound that with many users since ISPs don’t typically serve only one client. The complexity gets exponentially higher as does the processing requirements. Another approach would be to look at file names, but an ISP cannot feasibly verify the content. Just because I’m sending someone an AVI file named KickAss.avi does not mean I’m sending someone the movie. It could just as easily be a video of me kicking my wife in the butt. Yes, silly, but my point is that unless you have literally an army of people monitoring this stuff, like in China, it would be even more error prone than even IP lookups on bittorrent. Automated tools like the monitoring they suggest will never possess one VERY key element, the power to “reason”, and as a result will always be prone to errors and false positives while missing something completely obvious to a human observer.

    P.S.
    Before someone gets their panties in a bunch, I actually own KickAss on BD and have never sent anyone a digital copy…awesome movie BTW.

  57. Re: Man in the middle
    Napalm said: “Don’t forget that the ISPs are in the favorable position of being the “man-in-the-middle””

    That only works if you can properly impersonate one or both endpoints. If one or both ends are part of a certificate “trust chain” (public or private), then this is again generally impossible.

    ISP’s are no more privileged than any public access point. Libraries, hotels, restaurants, coffee shops, etc.
    There are also tricks and techniques to become the “man in the middle” even on these, and home networks. Some are based on features built into routers. Check into the full potential of UPnP for routers to see some of the glaring holes in this commonly used tech. Nearly all commercial sites disable this feature, and it is highly recommended that public access sites do so as well.

    This is why when you are involved in network security, you need to know about encryption *and* authentication. And why they are often rolled into one package (eg: HTTPS).

    The systems we have in place today are pretty good. The financial industry, among many others, depend on it.

    “Any sufficiently advanced technology is indistinguishable from magic.”
    It appears that a goodly portion of our policy makers, the people that influence them, and even the public, have subconsciously categorized all this tech as magic. Magic has no bounds, technology surely does. Even if those bounds are expanding (on all fronts) every day.

    BTW.. Once you truly understand this tech, it becomes quite plain why DRM as applied in the entertainment distribution industry cannot ever be “secure”. It’s a misapplication of the technology, outside of it’s bounds. The “magic” fails.

  58. Encryption make not always work for those using the Internet with criminal or paranoid or privacy intent. In some countries they can put you in jail for not revealing your password to the police when they ask for it after they have seized the data from your equipment or by wiretapping without a warrant. Can anyone confirm whether this is true or not in the new proposed or existing legislation for Canada?

  59. Vitio Grokly says:

    ever read the ‘charter’??? it Only applies as long as someone somewhere thinks its ‘reasonable’… reasonable is a legal concept so large you can, as they say, drive a truck through it…
    1. The Canadian Charter of Rights and Freedoms guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.

  60. this
    A solution to Deep packet inspection. Encrypt your packets. With the new “anti-circumvention” law, the ISP’s will have to break the law to read your packets. When the cops show up with a warrant, you can sue them for breaking digital locks. Hey why not copyright each packet? That way they will be infringing on copyrighted works.
    These measures will only lead to widespread use on encryption technologies, which we should be doing now anyways!!

  61. shit
    the internet is the last realm of freedom ni the west. lets make sure that ‘government’ and ‘law enforcement’ have no jurisdiction there.

  62. @SolarSauna
    To my knowledge there is no such provision in the lawful access bills, however another Canadian law has similar provisions. It is only a matter of time until such a requirement would be added to such a law.

    “Duty to assist inspectors
    103. The owner or person in charge of a place that is inspected by an inspector under section 102 and every person found in the place shall
    (a) give the inspector all reasonable assistance to enable him or her to carry out the inspection and exercise any power conferred by section 102; and
    (b) provide the inspector with any information relevant to the enforcement of this Act or the regulations that he or she may reasonably require.”

    The law which this is part of is The Firearms Act, and described the requirement for the person running a business that sells firearms and crossbows to provide assistance to inspectors. The definition of business from section 2 (1):

    “business” means a person who carries on a business that includes
    (a) the manufacture, assembly, possession, purchase, sale, importation, exportation, display, repair, restoration, maintenance, storage, alteration, pawnbroking, transportation, shipping, distribution or delivery of firearms, prohibited weapons, restricted weapons, prohibited devices or prohibited ammunition,
    (b) the possession, purchase or sale of ammunition, or
    (c) the purchase of cross-bows

    and includes a museum;

  63. I will shut down services first
    I am owner of a small isp servicing otherwise un-connected rural communities.
    If this bill is imposed on us I’ve made the decision to shut down our service rather than comply with this law

    Let the gov deal with the very upset 1500 rural clients for whom the only option is our service. Its simply not worth it to deal with this crap

  64. Wiretapping
    This is essentially wiretapping law version 2.0.

    As I understand it, wiretapping in Canada requires a warrant. This should be no different. In fact, for those of you who use VOIP services like Vonage or Skype, it is exactly wiretapping, as the monitoring software could be used to listen in on IP phone calls in real time.

    Again, I think we have a case where our MLA’s are not technology savvy enough to understand the implications of the proposed Bill(s).

    Best bet, write to your MLA to help educate them.

  65. Kevin Beckford says:

    Hollywood Harper
    The man acts like his constituency is in L.A. Our laws might as well come with “20th Century Fox” at the beginning! What we need is what the americans got a couple of weeks ago: recognition that the protections given to “wire conversations” apply to TCP/IP as well.

    The police should have to adhere to a higher standard: They are the only ones who are able to use deadly force in this country.

    I’m sick of being sold out by companies, and especially sick of being sold out to foreign interests. I can’t describe the anger I feel.

    I used to live in China, behind the great firewall. To see that here, in the true north betrays every damn thing I ever believed in.

    I lived in the Philippines, where an expose on police corruption often meant a “vigilante” or “robber” would shoot either them or the judge on the way to testify. I said a lot of crap, because I was proud of this country. I’m not eating those words. Here’s my diet plan:

    OpenVPN: Creates your VPN via SSL.
    SSL is the protocol used to shop online, so the ISP’s ( Remember that sweetheart deal they got last week? About keeping their practical monopoly, and crushing the little guys? ) won’t be able to wantonly block it.

    Encrypt everything, all the time: We want to force the ISP’s to do something crazy, something that Facebook will howl about, that google and status.net will howl about.

    Assume the switches are there now:

    We all know they are. The party in power has not been able to gain a majority, even when running against a nebbish and a man who’s name we can’t say, his current primary opposition. The party in power is the total right wing, the votes for center and left split three main ways. Still no majority. Somebody, somewhere, must be thinking about a leadership convention…

    It seems to me that the solution is to gain control of the internet hubs. If positions were reversed or changed , the outcome would be the same. Nobody who makes a career in politics would say no to this. You could seize power for a decade.

    We have to at least go down fighting here!

  66. Kevin Beckford says:

    The party is over
    @oldguy

    SSL certs were compromised in 2009. There is a company that _sells _ them in California. Schiener on security’s blog has the link. ISPs _are_ the man in the middle. I suspect that ‘fair play’ will be retroactively applied to the tactics used. :(

    I hope i’m just crazy, but SSL is broken. That is a fact. Sorry.

  67. @Kevin Beckford
    “I hope i’m just crazy, but SSL is broken. That is a fact. Sorry.”

    Ya, perhaps, but in real time? I’m not so sure. However tools like I2P and TOR are not broken and the more strict the government gets the more elaborate and more commonplace the tools will become.

  68. @Kevin Beckford: “SSL certs were compromised in 2009. There is a company that _sells _ them in California.”

    Banks were robbed in 2010. Not every bank, but some. Please don’t attempt to generalize from a few specific cases.

    I have a Cert server with which I can sign other certificates. I have lots of systems, and individuals, using those certs. The “trust chain” is one *I* built and control. Nobody has compromised those certs, or selling them. I would know (and quickly revoke those certs and generate new ones).

    Don’t confuse the technology with implementation. The tech works. Mistakes can be made in implementation. What you are pointing out is mistakes in implementation. Some people take advantage of those mistakes, and some people learn from them.

    The tech isn’t broken. Even if you don’t understand it, a simple perusal of the financial industry should tell you that it’s not.

  69. How to get rid of Stephen Harper altogether?
    How to get rid of Stephen Harper altogether is what I want to know. But yes, this recent proposal is deeply concerning. But after hearing it was proposed in the U.S., I knew that Canada was not far behind. We mimic our Big Brother all the time.

    But can someone just answer this one question for me: What is this donkey ass doing running Canada? I’m so pissed off with this guy it is incredible!

    I willingly admit that I need some catching-up-to-do when it comes to Canadian politics, but I would like to see a fresh new face in power, now.

    I thought Canada was a progressive country when it came to things like technology, democratic freedoms, environmental policies, etc.

    I just heard today about a climate change bill that totally bit the dust thanks to Harper. This is unacceptable! Harper does not care about the people, he cares about the bottom dollar! Does this ring a bell anyone??? Harper claims the climate change bill will destroy jobs, but tell me this, how are we going to benefit from these jobs when the damn earth is burning? I’m catching a whiff right now.

    I say put David Suzuki in charge of Canada!!!

    Thanks for listening. Sorry, back to what you guys were saying…

  70. What’s next
    Interesting reading:

    http://www.osnews.com/story/24038/Naked_Scanners_Big_Content_and_Groin_Groping

    I predict mandatory spyware and backdoors so Biden’s friends can look inside your computer any time they feel like.

    Nap.

  71. Privacy, What’s that !!
    Will there be no end to this ?
    Educate this people 

  72. Interesting  

  73. @Nap
    Very Interesting article. Hasn’t France or somewhere in the EU already talked about doing this? It would be on a voluntary bases, but would protect you from becoming a target of copyright trolls. The problem is that it could never work, for a number of reasons.

    ** The Linux/opensource cummunity would never submit to it.

    ** The entire system could easily be bypassed by employing something like a proxy server. Install the software SPY software on the proxy and have wide open devices connecting through it. Let’s be reasonable, hardware is CHEAP CHEAP CHEAP these days. One could build a proxy for about $200 (Even less in the US)…it doesn’t have to be a super powerful machine. It would be transparent to the outside world and the copyright trolls still get their clean nightly reports.

    ** It would be so loathed by the consumer community that it itself would become a major target of Spyware attacks that it would quickly render it useless. Once someone figures our how it works, and it won’t take long, someone will create spyware to cause false positives. And let’s not delude ourselves…NO software is uncrackable and to say so is a fools errand that is nothing more than issuing a challange to every hacker in the world.

    ** The technology is simply beyond this being a workable solution to anything. It’s a desperate suggestion made by desperate people who don’t understand the tech. Like any other TPM, and that’s what this is, it is doomed to be a miserable failure.


  74. @IanME: “Hasn’t France or somewhere in the EU already talked about doing this? It would be on a voluntary bases, but would protect you from becoming a target of copyright trolls.”

    Yes, the French HADOPI. It would be as “voluntary” as in a restaurant owner “voluntarily” paying the protection racket.

    “Ecoute, Marcel, installe ce logiciel-ci et tu sera bien protege; pas question alors que nous brisons tes vitres eh pardon que nous porterons plainte contre toi”.

    Nap.


  75. Nap said:
    “Yes, the French HADOPI. It would be as “voluntary” as in a restaurant owner “voluntarily” paying the protection racket.”

    That’s what I thought. My original statements stand though. This type of system is easily bypassed, will get hacked and will become ultimately useless.

  76. No fu@king way says:

    Advice for ISP Owners
    As the owner of a very small ISP in Canada the government *will have to lock me up* before I provide customer information *without warrant*. – bite me

    I advise all ISP owners to act the same.


  77. @No fine way:

    Sooner or later you’ll have to… but you can always sent it by snail mail, printed with size 6 font with a nearly empty recycled toner cartridge on recycled paper.

    If they object, you point out to being green and helping reducing deforestation.

    Nap. :-)

  78. Surveilance on police
    There is a good idea. Every police officer must be equipped with a camera mounted on the right eye to record video and audio for everything (s)he does while on duty. These logs must be preserved forever and accessible without warrant in any court proceeding. If there is no such recording then the officer should be deemed not on duty and anything (s)he sais is not evidence. This should apply to police officers working in the office as well. Apply to other enforcement agencies as needed.

    Now would this ever happen, or it’s always going to be one way, surveilance on regular citizens only.

  79. Sad Canadian says:

    Hi, Would you like to enable encryption to defeat C-51, C-52, or any other hair-brained ideas they come up to spy on citizens? Y/N?

  80. Corriador Chandri says:

    Casually Frightning!
    I had posted this elswhere on this site and am now relocating it to solicit some feedback. Am I paranoid or is it a given that any use of email legitimizes the revelation of said content to the service provider to do as they see fit, ie. the sale of the information contained within the email to service providers who target you for their wares?

    unimpressed/down right frightened

    I have been using gmail for a while.
    Stumbling across a travel description in the Star or Canoe news online about “tourist” type activities in Baffin Island, my curiosity was piqued and I found videos of people “base jumping” – parachuting from fixed objects- from a mountain on Baffin Island. Having sent the videos of You Tube links to several friends, I am now being sent targetted ads in gmail about skydiving opportunities.
    I have just sent them an email complaint that I find this an “unwarranted and unsolicited invasion of privacy” that they would be monitoring the content or subject headings if my emails!
    This information is obviously being sold to those companies! I did not sign up for this!

  81. I wrote my MP and they didn’t give a sh*t
    I wrote several MP’s in Ontario and got the typical auto-respond reply. They really don’t give a crap what real people think, according to their test groups (which were flawed) the changes were beneficial… To whom I wonder? It just creeps me out thinking that every form of communication we have as humans is being monitored by big brother to make sure we stay helpless sheep for the rest of our lives while they get fat off our tax money.

  82. alexthewelder iweldstuffanditstickstogether says:

    Take a chill pill
    What in the world are you doing that your so afraid the goverment will find out?

  83. Matthew Meredith says:

    Paranoia scares me the most…
    “It just creeps me out thinking that every form of communication we have as humans is being monitored by big brother to make sure we stay helpless sheep for the rest of our lives while they get fat off our tax money.”

    Wait… What?

    Every form of communication is being monitored? So you’re telling me the last time you went over to your neighbours house for dinner there was a government agent in the bushes with a microphone? Or was it when you called your neighbour to make dinner plans that the government agent was listening in to your tapped phone?

    Call me naive, but I can’t think of a single form of communication that the “government” is monitoring. Yes, this Bill brings internet monitoring into the picture, but it’s being done by the police for criminal investigations, not by the big-bad-government to hear you tell your work buddies what you had for breakfast.

    Also, there’s a key part of this that seems to be left out of the negative coverage these bills are getting:

    “… require the government to report annually on the interceptions of private communications made without prior authorization and to notify individuals who have been the object of an interception.”

    I think it’s time to cut all this selfish bullshit. If somehow monitoring a bit of my internet usage could lead to solving a crime and putting a criminal behind bars, I will gladly make my computer open to the police.

  84. “I think it’s time to cut all this selfish bullshit. If somehow monitoring a bit of my internet usage could lead to solving a crime and putting a criminal behind bars, I will gladly make my computer open to the police. ”

    “What in the world are you doing that your so afraid the goverment will find out? ”

    Well, since you’ve read nothing above:

    You aren’t who they’re looking for and they won’t devote resources to you until they decide you should be cataloged for some arbitrary reason. Or worse, something in your history will be misconstrued, or you might say something against the Almighty Harper Government, that will result in your imprisonment.

    Why should they have that right?
    They don’t DESERVE the right to look into my personal life without a warrant!

    This isn’t an issue of “selfish”. It’s about you not taking my rights away against unreasonable searches. You don’t NEED to look there, and if you did there’s nothing wrong with getting a warrant.

    It’s less the fact that it would “make the Internet safer” (which it won’t for the reason I’ve mentioned above) and more the fact that it takes away my rights. I won’t put up with that.

    So go ahead, roll over and give up your rights because arguments like these say you don’t deserve them. So when you get arrested for crimes that you didn’t commit on the Internet… Oh wait- that’s right. You did, because the Harper Government said you did.

  85. CANADIAN CITIZEN
    THIS BILL VIOLATES SECTION 8 OF THE CANADIAN CHARTER OF RIGHTS AND FREEDOMS WHO FINALIZES THESE LAW’S THERE IS A PETITION GOING AROUND TO STOP THIS TYPE OF UNDERHANDED LAW MAKING.