News

Can We Please Focus on the Real Lawful Access?

Much like the fears earlier this year over criminalization of linking, Canadians would be better served fighting the real provisions in lawful access. The most recent headlines involve the current claims over warrantless online wiretapping. Open Media, who released several well-produced lawful access videos, unfortunately perpetuate these concerns by focusing on the issue. The NDP, which has been outspoken on lawful access, is now also focusing on warrantless online wiretapping. In yesterday’s debate, NDP MP Charmaine Borg stated:

Mr. Speaker, in the last Parliament, the NDP fought to stop the Conservatives from passing legislation allowing police officers to spy on citizens on the Internet without a warrant. Since this measure is not included in the omnibus crime bill, it is a victory for the NDP and all Canadians. Can the government confirm that it will, once and for all, heed the experts and the vast majority of the population, who are opposed to surveillance without a warrant?

Immediately afterward, NDP MP Pierre-Luc Dusseault asked:

Mr. Speaker, even former Minister of Public Safety Stockwell Day was opposed to electronic surveillance without a warrant. Can the minister confirm that his government is admitting that this surveillance initiative, an even greater intrusion into the lives of Canadians, has been abandoned? Can he guarantee today that it has been abandoned once and for all?

The problem with this line of attack is that lawful access doesn’t envision warrantless online wiretapping, making this fight the equivalent of a political softball. Advocates rail against warrantless online wiretapping and Toews effortlessly swats away the concerns by assuring everyone that the government has no plans to introduce such measures.

If prior lawful access bills are any indication, Toews is right. Lawful access won’t include warrantless online wiretapping, at least in the conventional sense. But to give the government a pass on those grounds is to overlook the real dangers that will be in the bill. If the Conservatives move forward with their complete lawful access package, it would feature a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers.

The first prong will mandate the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers. While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person.  Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community. It should be noted that this issue – mandated access to customer personal information without a warrant – was what Stockwell Day pledged not to do. Day took an important stand on the issue and it is crucial to call the government on it.

The second prong will require Internet providers to dramatically re-work their networks to allow for real-time surveillance. The bill is likely to set out detailed capability requirements that will eventually apply to all Canadian Internet providers. These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.

Moreover, based on the prior bill, it will establish a comprehensive regulatory structure for Internet providers that would mandate their assistance with testing their surveillance capabilities and disclosing the names of all employees who may be involved in interceptions (and who may then be subject to RCMP background checks). The bill will also likely establish numerous reporting requirements including mandating that all Internet providers disclose their technical surveillance capabilities within six months of the law taking effect.  Follow-up reports will also  be required when providers acquire new technical capabilities.

The requirements could have a significant impact on many smaller and independent Internet providers. Although the bill may grant them a three-year implementation delay, the technical capabilities extend far beyond most of their commercial needs. Indeed, after years of concern over the privacy impact associated with deep-packet inspection of Internet traffic (costly technologies that examine Internet communications in real time), these bills may require all Internet providers to install such capabilities.

Having obtained customer information without court oversight and mandated Internet surveillance capabilities, the third prong will create a several new police powers designed to obtain access to the surveillance data.  These include new transmission data warrants that would grant real-time access to all the information generated during the creation, transmission or reception of a communication including the type, direction, time, duration, origin, destination or termination of the communication.

Law enforcement could then obtain a preservation order to require providers to preserve subscriber information, including specific communication information, for 90 days.  Finally, having obtained and preserved the data, production orders can be used to require the disclosure of specified communications or transmission data. 

While Internet providers would actively work with law enforcement in collecting and disclosing the subscriber information, they could also be prohibited from disclosing the disclosures as court may bar them from informing subscribers that they have been subject to surveillance or information disclosures.

Lawful access raises genuine privacy and free speech concerns, particularly given the fact that the government has never provided adequate evidence on the need for it, it has never been subject to committee review, and it would cost millions to implement yet there has been no disclosure on who would actually pay for it. Given these problems, it is not surprising that every privacy commissioner in Canada has signed a joint letter expressing their concerns. Canadians need to speak out to ensure that any lawful access package maintains appropriate oversight and reporting requirements. There is enough to worry about in the real lawful access proposals that critics don’t need to focus on problems that don’t exist.

26 Comments

  1. This may be a good thing
    Sarcastic mode on

    This may force the ISPs to implement IPv6 sooner as the temporary use of NAT444 as a transitional technology may not work if OSPs have to track where users go and what they do on the Internet. Oh wait IPv6 has encryption capability built in. That won’t work either.

    sarcastic mode off

    This legislation will be expensive to implement and all it will do is allow law enforcement to monitor law abiding citizens. Criminals can easily bypass this.

  2. Kerry, what this does do is place the ISPs on a level playing field with the traditional telcos. The traditional telcos have had a requirement to support this for years. In that sense the ISPs have been able to avoid the expense that their competitors had to invoke. As such, your comment about criminals bypassing this is already in place; this becomes a means to reduce the ease with which they can do it. After all, all that they had to do was to get high-speed and use Skype to bypass the current intercept requirements on telecommunications providers.

    I’ve said it here before, and I’ll say it again. The idea of lawful access extensions is not a bad one; I do have an issue with the idea of warrantless access of anything, even the customer identification information. So long as the requirements for the ISPs is the same as is required for the telcos, I have no issue there either; for instance, if someone puts an encrypted phone on the line (for instance, a STU-3) there is no requirement for the telco to decrpyt the conversation for law enforcement, even if they had access to the keys (for instance, your IPv6 encryption comment). Frankly, if they can attach a machine with Wireshark installed, set up a couple of filters and record the data stream, that may well be sufficient. Heck, I use that tool to monitor network traffic for work purposes. And its free!

  3. Whoah, nice billy club …
    Like anything else in these type of debates people (myself included) tend to look at worst case scenarios. For instance … digital locks will be applied to everything thus quashing all fair use rights … education as fair dealing will lead to free copying of full textbooks … warrantless disclosure will lead to a police state.

    There are real concerns in all these issues and the worst cases are certainly possible, but usually unlikely. What needs to take place is clarity and safeguards be put in place BEFORE the legislation is inked. This is why I am pleased that this was de-linked from the omnibus bill and hope that such safeguards can be worked out in committee.

    Of course, the willingness of the conservatives to actually come to the table with meaningful intentions will be a big factor. Let’s hope that now they have the big stick of a majority they will keep it clipped to their pants.

  4. Definitely worth writing to the Minister
    I wrote to Toews about this a few months ago, and received the best response I’ve ever received to a letter to an MP. He’d obviously read my letter, understood what I was saying, and gave a reasonable response – a very pleasant change from the form letter responses I’ve mostly received. So I’d definitely say that it’s worth writing to him to express your concerns about lawful access.

    I think that requiring a warrant is not much of a hardship for the police (there are systems in place that allow them to get a warrant very quickly if they need to), and it does help avoid abuse.

    I also think that it’s stupid to mandate building backdoors into our communications infrastructure. They will always be abused – just look at what happened in Greece. We should be building things to be as secure as possible.

    Finally, it’s important to note that this is a solution in search of a problem. Back when the (former) government actually did a consultation on lawful access, the representatives of the various law-enforcement and security agencies were asked outright whether the lack of these powers had stopped any single case, and the answer was “no”. Since then, every time that question has been asked, the answer is the same. There’s no doubt that having these powers would make their job easier, but there’s also no doubt that they can do their job without them.

  5. Kirk Bannister says:

    I dont support this bill
    This bill would give the RCMP and other Police services the ability to abuse the system, believe me, if they can they will. I am totally against this. It doesnt hurt them to goto a judge and get a warrant if they suspect someone is doing something illegal online. This bill will allow them to infringe on everyones rights. I could see people that dont even have criminal records ending up with one. When the hell did the internet become such an issue that they feel the need to patrol it like as if it was your neighborhood street. I was totally Against Bill C-61, I even wrote the Prime Minister about my concerns over it cause it mirrored the American DMCA, and so does Bill C-32, and Bill C-10 is just an extention of the American DMCA in Canada.

    I wish they would just quit before we canadians form a MASSIVE protest outside Parliament in Ottawa, cause I know we have had enough of this crap. Canada has some of the strongest Copyright laws in the world, I dont see a need to change them, why do they. I think the government needs to be reminded that it wasnt Corporations or the rich that put them into office, but it was almost everyone accross canada that supported them and put them into power again. What they dont seem to realize is, even with a majority government, there are laws that we people can evoke upon them to force another election to get them out of power and maybe get another government in. Heck wouldnt hurt us to have the NDP in. I think we all need a breath of fresh air from the Liberals and Conservatives as it is.

    If they dont quit this crap soon I am going to form a massive protest myself on Facebook, get it started there, and have everyone meet outside of parliament in Ottawa on a certain day, hopefully people are willing to travel like I am, I will fly from Calgary to Ottawa and I plan to make there lives a living hell.

  6. Trained to Pirate says:

    I am in agreement with Kerry Brown on this. It will be expensive and ineffective.

    @Aron-k -
    Telephone and Internet are NOT competitors, so there is no playing field to level. I have yet to see or hear of any evidence showing a sharp decline in the usage of phones(cell/landline). The telephone business is growing as is the internet business and they are independent of each other.

    Secondly, since when are policing tools meant to be economic penalties to industry?

    Wiretapping a phone system is many times over a simpler endeavor then recording all digital communications. That’s a HUGE hunk of data. Personally I do about 200 GB’s of transfer a month. So multiply average data usage per account times the number of accounts over three months… What do you get? I’m guessing a few hundreds or thousands of petabytes?

    It’s not effective. For ten minutes of my time and 5 dollars a month I can legally and effectively bypass this system without any technical knowledge. In fact I will, as have millions of citizens in the UK who felt their lawful access legislation was too invasive. Do you really want hundreds of millions of dollars spent on this? First things first, I want to see some evidence that this is effective in anyway.

    Liability. You might think I am a doomsayer… but when our ISPs do start storing massive amounts of information on basically every citizen in Canada it will become a target for hacking and sooner or later they will leak a whole lot of personal information to the public. Who is going to assume the liability for that? The ISP? Wasn’t their choice…

  7. This is a serious issue, which raises legitimate concerns
    Bashing emotional reactions because they aren’t ‘civilized’ or otherwise politically correct does nothing to help fight this bill, which is nothing more than a new method to control the population.

    Think of it a little bit, why the Conservatives want to build these new prisons, if it’s not for the future criminals this legislation will create out of thin air.

    This is indeed a solution in search of a problem. Just don’t dismiss the anger of the population and its so-called fear-mongering so easily, Mr. Geist. The population may not be expert in the legal field or politics and may not have the skills to debate the issue, but it is more than smart enough to recognize the fundamentals. Although lawyers hate to admit it, there is such a thing as common sense and democracy, which is, may I remind you, the equal right of every person to vote on issues, be they so-called ‘educated’ or not, in total anonymity to prevent any possible intimidation, and this bill, if passed as law would destroy that fundamental democratic right.

    You bet we are mad as hell and have every right to raise the spectre of the rise of tyranny and fascism in this country.

    I, for myself, am dead serious about going to Ottawa to protest IN PERSON against this, because I sincerely believe it attacks the fundamental human rights that are at the very basis of society.

  8. sentient laptop says:

    Re: Chris C. (Castle? The RIAA troll obsessed with Dr. Geist?)
    “Bashing emotional reactions because they aren’t ‘civilized’ or otherwise politically correct does nothing to help fight this bill”

    What? Did you even read the article? Geist didn’t refer to any of the above things you mentioned.

    “Just don’t dismiss the anger of the population and its so-called fear-mongering so easily, Mr. Geist.”

    Actually, Dr. Geist used this post to reiterate his own fears and point out where others were off-the-mark in their understanding of issues.

    “The population may not be expert in the legal field or politics and may not have the skills to debate the issue, but it is more than smart enough to recognize the fundamentals.”

    No.

    If you aren’t an expert in a field, then don’t claim you understand “the fundamentals”. It’s not a case of being smart enough, it’s a case of having education and training.

    “Although lawyers hate to admit it, there is such a thing as common sense”

    Dr. Geist is not a lawyer, he is a Professor of Law at UofO and holds a Doctorate in the field.

    Anyway, I can’t speak for him or any anyone else, but I for one don’t think “common sense” exists in the way you seem to think. Like I said, complex issues that require education and expertise cannot be deciphered by your so-called “common sense”.

    “and democracy, which is, may I remind you, the equal right of every person to vote on issues, be they so-called ‘educated’ or not, in total anonymity to prevent any possible intimidation,”

    What absolute rubbish. Canadians don’t vote directly on issues (except for the occasional referendum), they vote to elect parliaments. The problem is that we have to prioritize, compromise, and vote strategically.

    “and this bill, if passed as law would destroy that fundamental democratic right.”

    So would e-voting. I suggest you get involved and help lobby against Election Canada’s misguided online voting idea.


  9. @sentient laptop: “If you aren’t an expert in a field, then don’t claim you understand “the fundamentals”. It’s not a case of being smart enough, it’s a case of having education and training.”

    Gimme a break. How much “education and training” is needed to understand this:

    “8. Everyone has the right to be secure against unreasonable search or seizure.”

    Nap.

  10. Trained to Pirate says:

    I am inclined to agree with Chris C. Geist does imply people are fear mongering, perhaps on the wrong points. From a lowly pleb point of view I don’t think it matters, so long as people understand it’s not something they want, they can lend support to those individuals that support their cause more effectively.

    For instance, I may not understand the issues at hand, or more likely I misunderstand them to some degree. The bottom line, where ever my understanding lies I am not interested in giving an organization I have very little control over deep and personal access to my life I don’t feel they are entitled too.

    Quite frankly, those that champion for the plebs do so behind closed doors or in ways that we never really see or come to understand.

    In the end all I am left with are my feelings on an issue that may or may not show prudence, cleverness, understanding etc.

  11. Immunization
    We need to get legislation installed to immunize us from this kind of corporate meddling. Its much harder to repeal something nefarious like that once it is installed.

  12. @Trained to Pirate
    I didn’t claim the Internet and the telcos are competitors. I said that ISPs and telcos are becoming competitors. For instance, how many ISPs now offer a competing phone service to the telcos? Any how many have had issues with 911 addresses (for instance, an example in Alberta comes to mind).

    Let’s see. Wiretapping, for the purposes of evidence, requires that all conversations be recorded. Oops, there is that pesky little thing called “call forwarding”. That means that you can’t just attach a pair of alligator clips onto the local loop. Even if you could, the person has DSL…

    Now, where does the legislation require the ISP to hold all data from the last 3 months? Even the legislation that died on the order paper didn’t require that. Nor is the telco required to record all conversations for 3 months. It is forwarded to law enforcement as it occurs. They can forward call history, but then again the telcos need that info for their own billing purposes. So, if you are so worried about the ISPs storing 3 months worth of data, then you should also either be worried about the phone company currently doing that, or take off your tin-foil hat.

    @Chris C. There would be extra prisons built even if the crime bill is defeated. There is already lots of complaints from the John Howard and Elizabeth Fry Societies et al about prison overcrowding. The crime bill, without adding prison space, will simply make a bad situation worse.

    @Napalm: while I agree with you, remember that your definition of “unreasonable” and someone elses may not agree. For instance, in the original draft of the law that created the long gun registry that was introduced in Parliament (not what was actually passed), the police had the right to enter a private premise, without a warrant, to check on the security of registered firearms. There are those, particularly on the anti-gun side, who would consider that to reasonable, and those who wouldn’t. Even the law, as it was enacted, permitted the police to storm into a home and confiscate registered guns without a warrant, given certain circumstances. For instance, the brother of a friend of mine had that happen to him; the son of a woman he was seeing told the police that he was suicidal. The police stormed in and dragged him off for psychiatric eval and confiscated the registered guns that he had. Problem is that the son had been stalking him (my friends brother had a restraining order against him) and the son was a psychiatric outpatient. When the cops came in my friend’s brother was laying on the couch, watching TV; the guns were locked up and the ammo stored separately, as required by the law. Took over a year to get the guns back. The upshot is, was it “reasonable” that they took the guns and carted him off? Some would say, yes, you can’t be too careful. Others would say no.


  13. @Anon-K:

    “When I use a word, [...] it means just what I choose it to mean — neither more nor less.” (Lewis Caroll – “Through the Looking-Glass”, 1872).

    A game perfected by our neighbors in Washington, where they amend the constitution through redefining the meaning of the words it’s composed of.

    In your example the police had information that (mis)led them to suspect that there was an imminent threat to the life of a person. That is covered by law and it is considered “reasonable” to act immediately with the purpose of saving said life. What was less reasonable was to not return his property once the situation was clarified (or maybe it was not clarified that soon – we don’t know the details).

    That was about guns. But how about e-mail. Let’s see… someone calls the police and tells them that Napalm is suicidal in front of his notebook, so in order to save his life, they immediately start to read his e-mails, wiretap his phone and check the websites he visited…. bwahahaha….. this all leads to Michael Geist’s blog, so they wiretap him too… lol….

    Nap.

  14. Rights and wrongs …
    Hmm, it seems the applications of rights is not always an exact science. I know a few people who are convinced their rights are immutable and even insufficient yet fail to consider that rights applied to one party actually can diminish the rights of another.

    As long as ‘its always about me’ there will be no end to the dichotomies.

  15. Focus on the Real Solution to the Lawful Access
    Dr. Geist, your expertise is most valuable in raising the genuine privacy and free speech concerns, and in helping us be clear and precise about them.

    Are you also in a position to suggest what would effectively remove these concerns from the proposed legislation? What legal provisions will protect and promote privacy and free speech, while foreseen internet technology and practice are managed to provide reasonable security and safety for Canadian society?

    What are the key decisions and choices that Canadians need to make to achieve this? What should Parliament enact?

    Thanks.

  16. You’re all over complicating this.
    Any monitoring whatsoever of a person’s private usage of the internet in any form is the same as monitoring a person in their home without their knowledge. It’s wrong, and it will open such an incredible can of worms that no one will be safe using the internet again, for fear of not only being charged for every webpage they visit or every text message they send, but being connected to countless charges that may or may not have any actual links to said persons. It doesn’t matter if these laws are abused or not, (though they will be, guaranteed) they are a direct infringement on a person’s privacy. If this were the US, it would be completely unconstitutional. If any of these policies go into affect, you have NO idea what’s coming, none. All of you are completely underestimating the effects of policing the internet will have on Canadians. This is literally giving the police and other authorities a peephole into all of their personal going-ons without any actual reason or cause to be doing so. They will monitor everyone, and charge them for everything that is even remotely suspicious. This is ridiculous, and I guarantee you that if this goes into affect, your going to be looking at a very real rebellion by the public of this country. Watch if it doesn’t happen, I don’t think the older generation understands how integral the internet is to the world now, and how the youth will react if you try to opress them. Your ignorance astounds me, and frightens me at the same time. The internet should be left alone.


  17. @Devon: “how the youth will react”

    OMG! TARFU! WCA IGGP XOXO

  18. We need to make clear the specific abuses that become possible because of this
    “Lawful access raises genuine privacy and free speech concerns” — agreed, but we need to enumerate these in a concrete way that people can understand. What are the obvious avenues of abuse?

    Examples:

    1. The ability to observe what websites journalists are reading — especially journalists who are tracking down evidence of corruption in government. Spying on journalists enables officials to stay one step ahead of them, in the event that they find evidence of corruption. The same is true for MPs, members of Parliamentary committees, suspected whistleblowers, critics, NGOs, and political opposition in general. Limiting access to particular police officials will not stop this information from falling into the hands of the ruling party.

    2. Once the technology is installed, and databases are maintained storing “customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers”, ISPs will be much sweeter targets for hackers employed by organized crime, since this data will aid immensely in invading individuals’ computers, facilitating identity theft, and establishing botnets.

    3. Similarly, once this data is conveniently summarized and stored, it will be very easy for ISP employees to access and exploit this trove of information.

    I’m sure there are numerous other exploits and avenues of corruption that will emerge once this is implemented.

    If there’s anything we can learn from the hacking incidents of the past decade, it’s that collecting valuable data, concentrating it in one place, and making it accessible over a network is a really dumb thing to do.

  19. This issue affects ALL of us…
    @ Devon: agreed, but I can assure you this issue is not only of grave concern for the young!

    I am from the generation that brought forth the PC Revolution and I have worked too hard to gain the freedom of access to information without interference or manipulation, to accept now being snooped on by tyrants whose only motive is to guarantee that I will do as I’m told and behave in a politically correct manner!

    Believe me, this old timer is mad as hell and will gladly go to Ottawa along with you guys to remind our elected officials who they are supposed to work for: the citizens who elected them, NOT the transnational corporations who, through their almighty lobby, have been subverting democracy and who are the real puppet masters behind the new citizen control regulations passed in all major western countries in the last 10 years!

  20. The Value of Privacy – a must read
    Here is an excellent summary of the issue – from a well respected security expert.

    http://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html

  21. I really appreciate your post. It gives an outstanding idea that is very helpful for all the people on the web. Thanks for sharing this information and I’ll love to read your next post too.
    Regards:
    Doctor Help


  22. @Chris C:

    While I can understand your anger, you have to eventually accept what internet really is these days. A tool of massive surveillance on a scale unimaginable before. With or without a warrant, your info will be harvested by everyone that can, including e-commerce sites, social networking sites, “free” e-mail providers, search engines and yes, even Michael’s blog.

    If you have private matters to discuss the best advice I have is that you learn playing golf.

    Nap.

  23. :D
    @Nap: LOL… Of course, I play the game like everyone else. I’ve been in the system long enough to know how to play it… However, I won’t be intimidated and, after a full career dealing with the manipulation and deliberate lying that is so characteristic of those in power, I can smell the bullshit from miles away and have absolutely no problems naming it for what it is.

    The problem is, the population in general simply don’t know their rights and are generally too scared to object and that’s what the tyrants are counting on to pass these laws. And if those laws are passed, you might as well be kissing democracy good-bye, because democracy depends on the privacy necessary to be able to speak your mind without risk of intimidation.

    Just look at the history of the rise of Nazism. It’s uncanny how many parallels can be made with what’s been happening in the US and major western so-called ‘democracies’ in the past 10-15 years. Just take a close look and think about it. This is no laughing matter.

  24. thank You, Bramemr!
    …For the link to this excellent article. At must read for all. It sums up the fundamentals of the basic right to privacy in a very eloquent manner.


  25. @Chris C.:

    http://www.cnbc.com/id/44656079

    - I want to arrest you
    - What for?
    - Ah, you’re resisting arrest, now I have a reason to arrest you

    Note that these guys are peacefully demonstrating on *Saturday* affecting no business.

    Nap.


  26. - I want to read your e-mail
    - What for?
    - Ah, you’re resisting having your e-mail read, you must have something to hide, now I have a reason to read your e-mail

    There’s one thing you can still do without getting arrested – vote. And vote wisely. BTW we have elections on October 6th. Do your best.

    Nap.