News

Why Bill C-30 Gives the Govt the Power To Install Its Own Surveillance Equipment on ISP Networks

Over the past few days, I’ve posted on some of the implications of Bill C-30, including the mandatory disclosure of subscriber information, the “voluntary” warrantless disclosure of emails and web surfing habits, and the stunning lack of detail on a wide range of issues including costs and surveillance capabilities. While the bill includes some detail on surveillance capability requirements, perhaps the most dangerous provision is Section 14, which gives the government  a stunning array of powers:

  • to order an ISP or telecom provider to install surveillance capabilities “in a manner and within a time” specified by the government
  • to order an ISP or telecom provider to install additional equipment to allow for more simultaneous interceptions than is otherwise specified in the law (the government sets a maximum and then can simply ignore its own guidelines)
  • to order an ISP or telecom provider to comply with additional confidentiality requirements not otherwise specified in the law
  • to order an ISP or telecom provider to meet additional operational requirements not otherwise specified in the law

Given these powers, Section 14 essentially gives the government the power to override the limits and guidelines it establishes in the bill (it must pay the provider an amount the government decides is reasonable for doing so). If that wasn’t enough, Section 14(4) goes even further. It provides:

The Minister may provide the telecommunications service provider with any equipment or other thing that the Minister considers the service provider needs to comply with an order made under this section. What does this mean? In short, it gives the government the power to decide what specific surveillance equipment must be installed on private ISP and telecom networks by allowing it to simply take over the ISP or telecom network and install its own equipment. This is no small thing: it literally means that law enforcement has the power to ultimately determine not only surveillance capabilities but the surveillance equipment itself. 

As Privacy International revealed late last year, there is a massive global surveillance industry that specializes in selling invasive surveillance technologies directly to governments and law enforcement. Companies like Gamma Group offer “turnkey lawful interception projects” that includes SMS interception, speech identifying tools, and data retention, while Innova offers “solutions for the interception of any kind of protocols and IP-based communication, such as web browsing, e-mail and web-mails, social networks, peer to peer communication, chat and videochat.” Endace offers the “power to see all for Government” and Hacking Team provides a suite of tools for governmental interception. Last year, Wikileaks published a powerpoint presentation from Glimmerglass that shows how law enforcement can link email addresses, online chat, and social media activity to generate detailed profiles of individuals (pages 10-12).

There are dozens of these companies operating around the world, servicing steady demand from the Middle East and Asia. If Bill C-30 becomes law, the Canadian government will be positioned to require private ISPs to install these kinds of technologies directly within their networks.

28 Comments

  1. Not Otherwise Specified?
    Those are frightening words that encompass just about anything.

    This should be called the “Rumpelstiltskin” law. It involves a lot of foot-stomping by Vic Toews, and the spinning of straw into gold. What’s next? A clause that includes rights to firstborn children? Hopefully, it will end the same way as the fairy tale.

  2. Unbelievable
    The bill may as well be written as “we can order an ISP to do whatever we ask”. Would be a lot simpler :S

  3. Governments around the world are losing more than just sleep over anonymous security breaches, and rightly so given their corruption and lies (including our own). This attempts to side-step the whole issue by removing all anonymity and introducing a 1984-esque provisions. Disgusting.

    Though it’s far more likely this is to help shape more than just future elections, silence nay-sayers either through exposure or blackmail, fill prisons (now that we have minimum drug sentences), arrest pirates (not pedos), and to satisfy Harper’s obvious paranoia and control issues.

  4. This is consistent with the authoritarian DNA of the Harper Government. How cynical of them to have scraped the long-form census and the gun registry in the name of privacy !

  5. Protecting Children From Internet Pornographers Act
    I didn’t know that USA has a similar law, HR1981, proposed by Lamar Smith (SOPA) and called “Protecting Children From Internet Pornographers Act”. We are not alone…
    http://www.networkworld.com/community/node/79854

  6. For what it’s worth…
    This should make my friend who moved to Canada rethink his “Canadian law is so much nicer and more civil than US law” stance.

  7. Who’s footing the bill?
    All these expenses will be incurred by who exactly? If it’s the taxpayers, shouldn’t we have a say?

    So let me get this straight… Allow the government to eavesdrop on our lives and make us pay for it. Sounds like a win-win situation here.

  8. Yeah Right !
    This bill has nothing to do with “protecting the children” More like a way to provide big media with easy access to our personal information so they can sue Canadians for downloading and file sharing.

  9. Now we see the Conservative’s “Digital Strategy”
    Drive Canadians off the Internet so they don’t have to define one…

  10. I think Harper just doesnt want another overthrow of a dictator…if he installs all these 3rd world country communication controls, he can consolidate power, identify the naysayers and then put them
    nothing good comes of tyranny.

  11. remember
    Any public officer can demand the information from ISP’s including his own “public officers” and they can do whatever they want with the information including blackmail/intimidate censure…etc..

    It gets rid of the whole “leak protection” that MP’s have in cases where the PM is out to lunch…he can silence those leaks and make sure everyone toes the PM’s line…hook and sinker…

  12. Is an enterprise considered an ISP to its employees at work?
    According to #C30:
    “7. […] the telecommunications service provider operating the apparatus have the capability to do the following:
    […]
    (b) isolate the communication that is authorized to be intercepted from other information, including
    (i) isolating the communications of the person whose communications are authorized to be intercepted from those of other persons”

    Well, there is no technical way Bell can reach into a private network and do that. Does that mean the enterprises would be expected to install that same equipment?

  13. SURVEILLANCE WOULDN’T EVEN HELP FIGHT CRIME!
    I just heard Stockwell Day compare Internet surveillance to telephone surveillance!

    Does anyone in politics understand technology?

    Internet conversations can be encrypted, and anyone trying to hide, for good OR bad reasons, would communicate using encryption.

    What’s next, then, a law against encryption, or only ineffective encryption? A law against blinds, or blinds that don’t fall down when you’re changing? Or, maybe blinds for politicians and RCMP, but not *all those potential criminals who can’t be trusted with blinds*?

    Gimmie a break. This is broken BY DESIGN and needs to be withdrawn.

  14. It is more about data retention then lawful access
    A friend who is the head of a division when asked said, they don’t need this bill to retrieve records. They call the ISP’s and say, we have a warrent coming can you send over the files for this IP/time. The ISP’s always comply. The only time they have ever had an issue is when the ISP’s don’t keep records after 30/90/120 days.

    I think this is more an issue of data retention and access to non warrent “public officer” then it is to solve any crime. I think it is just the PM doing the whole smokescreen thing. They need the ability to sift through dissdent emails and blog postings so they know who to target in the next round of budget cuts…rendition training.

  15. sorry update
    A friend who is the head of a division
    should have read
    A friend who is the head of a police division

  16. http://arstechnica.com/tech-policy/news/2012/02/white-house-announces-new-privacy-bill-of-rights-do-not-track-agreement.ars

    As the USA moves begins to retreat from its post 9/11 invasion of privacies, Harper is gung-ho to repeat their mistakes.

    Why?

    Repeal the long gun registry and shorten the census in the name of preserving privacy … then install Orwellien surveillance equipment on every citizen.

    Why indeed?

    The current laws are sufficient to deal with protecting children, this law will not improve on that. Don’t stand for this PMO dysfunctional need of control. Our rights and freedoms are way more important than that.

  17. Fraud?
    Maybe this should be investigated by police, instead of spending $80 million on bill C-30:

    http://www.ottawacitizen.com/news/Elections+Canada+investigating+robocalls+that+misled+voters/6194146/story.html

  18. Giordano Bruno says:

    the end of internet as we know it
    This doesn’t have anything to do with fighting crime but it is part of an international plan to control internet by putting surveillance equipments anywhere they can. In USA is happening with H.R.1981 the “Protecting Children From Internet Pornographers Act” which according to Electronic Frontier is a bill that would order online service providers to keep new logs about people online activities.
    Cybersecurity Bill Erodes Digital Rights
    Furthermore on Feb. 27, a diplomatic process will begin in Geneva that could result in a new treaty giving the United Nations unprecedented powers over the Internet (i.e. to subject cyber security and data privacy to international control).
    The U.N. Threat to Internet Freedom
    If we allow the Canadian government to put surveillance equipments in place will be another neil in the Internet coffin.

  19. Giordano Bruno says:

    links
    Sorry I don’t know how to show links in this envirnoment:

    Cybersecurity Bill Erodes Digital Rights: http://bit.ly/zSWEyJ

    The U.N. Threat to Internet Freedom: http://on.wsj.com/ArPvUp

  20. A few options
    http://www.reddit.com/r/darknetplan

    http://www.reddit.com/r/fia/comments/p25k0/the_free_internet_act/

    http://wiki.pirateparty.ca/index.php/Operation_Electronic_Leviathan

    A search engine with https-by-default search results (if you start from the https page), like HTTPS Everywhere, and a pro-privacy mantra:

    https://www.duckduckgo.com

  21. A good article on threats to our privacy and the Internet in general …
    A lecture by
    http://arstechnica.com/business/news/2012/02/schneier-gov-big-data-pose-bigger-net-threat-than-criminals.ars?src=fbk

  22. Does Vic hae any sense at all?
    http://fullcomment.nationalpost.com/2012/02/23/vic-toews-responds-to-matt-gurney-and-vice-versa/

    Give this man a shovel and he’ll bury himself in Sh1t. The conservatives, I think, are hoping this will just fade a way once they have time to ‘fix’ the bill, or they can fool enough people with the ‘protect the children’ distraction.

    Well, I hope for one Canadians will live past their own stereotype and hold this government to the fire for the long haul.

    I mean even the Nation Post is tying into them so anything is possible 😀

  23. http://www.jordanconcordsshoe.org/
    Things do something great, detail achievement perfect.

  24. Software Akuntansi Laporan Keuangan Terbaik says:

    Software Akuntansi Laporan Keuangan Terbaik
    I used to be curious should you ever considered changing the structure of your blog? Its very well written; I love what youve

    acquired to say. However perhaps you could just a little more in the way of content material so individuals may connect with it better. Youve received an terrible lot of text for only having 1 or two pictures. Maybe you could possibly space it out
    higher?Software Akuntansi Laporan Keuangan Terbaik

  25. Read Bill C30 carefully
    I’ve spent the past hours reading this bill and besides the obvious we should all be afraid of, there are a few ‘gems’ buried deep down you need to look for.
    One such “gem” eludes to:
    ‘If you use any electronic means (your computer, cell phone etc.)to deliberately and intentionally cause a person to become uncomfortabel, or to harrass that person, (Phone calls to your MP/MLA consecutive letters to the editor of your paper,???), you are guilty of a crimnal offence and subject to jail and or fine.
    This Bill has you and me, both comming and going. Be afriad my friends, ‘Uncle Stephen” is watching

  26. ISP Administrator
    BILL-C30 is a joke written by people who don’t understand technology. People should not accuse a specific government for this. They are politicians, not network engineers. Some companies stand to make millions off this deal and they are probably the consultants saying this will work. Remember the woman who introduced the long-gun registry bill? Someone who knew very little about guns trying to control them. Where did that get us? Who cares, let’s increase taxes again to pay for this.

    What crimes are they trying to prevent? What happened to old fashioned detective work? They should specify what kind of crimes you can be charged for if caught using this type of survailence. Child pornography and Fraud would be a good start. We transfer 50 terrabytes of data from/to our customers every month and we are a very small ISP. That is alot of information to be stored.

    Is it just me or are these bills getting out of hand? I don’t even know if waking up on the left side of the bed is legal anymore. More concentration on economy and less policing please.

    I love Ontario. I love Canada. (Sarcasm)

  27. Supporter of Liberty
    U.S. Expanding Cross-border Police Integration With Canada & Asset Forfeiture Sharing

    Concurrent with Obama’s proposed law legalizing and expanding cross-border police integration in North America, Canadians earlier this year discovered introduced (Commons Bill C-30 touted to protect children on the Internet—would also give any Canadian police officer—without a warrant—the power to request Internet service providers turn over customers’ information (see section 17 of C-30); allow Canadian police to seek into Canadians’ private computers. C-30 was strongly opposed by Canadians in April 2012. Canadians further discovered Canada had signed with the United States an array of (Asset Forfeiture Sharing Agreements) for Canada to share Canadian and Americans assets civilly or criminally confiscated using Asset Forfeiture laws that resulted from U.S. and Canada sharing information gleaned from electronic surveillance of Canadian and American Citizens’ communications, e.g., emails, faxes, Internet actively, phone records.

    Compare: The Obama Government wants the power (without a warrant) to introduce as evidence in U.S. Civil; Criminal and Administrative prosecutions any phone call record, email or Internet activity. Police can take out of context any innocent—hastily written email, fax or phone call record to allege a crime or violation was committed to cause a person’s arrest, fines and or civil asset forfeiture of their property. There are more than 350 laws/violations that can subject property to Government forfeiture that require only a civil preponderance of evidence.

    The U.S. “Civil Asset Forfeiture Reform Act of 2000” (effectively eliminated) the “five year statue of limitations” for Government Civil Asset Forfeiture: the statute now runs five years (from the date) government or a police agency allege they “learned” an asset became subject to forfeiture. It is foreseeable should (no warrant) government electronic surveillance be allowed; police will relentlessly sift through business and Citizens’ (government retained Internet data), emails and phone communications to discover possible criminal or civil violations. History Repeats: A corrupt or despot U.S. Government/Agency can too easily use no-warrant—(seized emails, Internet data and phone call information) to blackmail Americans, corporations and others in the same manner Hitler used his police state no warrant passed laws to extort support for the Nazi fascist government, including getting members of German parliament to pass Hitler’s 1933 Discriminatory Decrees that suspended the Constitutional Freedoms of German Citizens. A Nazi Government threat of Asset Forfeiture of an individual or corporation’s assets was usually sufficient to ensure Nazi support.

    Under U.S. federal civil asset forfeiture laws, a person or business need not be charged with a crime for government to forfeit their property. Most U.S. Citizens, property and business owners that defend their assets against Government Civil Asset Forfeiture claim an “innocent owner defense.” This defense can become a criminal prosecution trap for both guilty and innocent property owners. Any fresh denial of guilt made to government when questioned about committing a crime “even when you did not do the crime” may (involuntarily waive) a defendant’s right to assert in their defense—the “Criminal Statute of Limitations” past for prosecution; any fresh denial of guilt even 30 years after a crime was committed may allow U.S. Government prosecutors to use old and new evidence, including information discovered during Civil Asset Forfeiture Proceedings to launch a criminal prosecution. For that reason: many innocent Americans, property and business owners are reluctant to defend their property and businesses against Government Civil Asset Forfeiture. Annually U.S. Government seizes Billions in assets without filing criminal charges. Increasingly local police are turning their criminal investigations over to Federal Agencies to receive an 80% rebate of forfeited assets. Federal Government is not required to charge anyone with a crime to forfeit property.

    Re: waiving Criminal Statute of Limitations: see USC18, Sec.1001, James Brogan V. United States. N0.96-1579. U.S. See paragraph (6) at:
    http://www.law.cornell.edu/supct/html/96-1579.ZC1.html

  28. money
    So even though this is wrong is so many ways in terms of c-30 being wrong in so many ways. Lets share a thought… Why are these companies paying the companies we pay to use their service while paying taxes to pay the people to watch us? so if you ask me the loop should be- Internet is free due to no privacy if you use it. and rogers and bell and wo ever still get paid. So it just gets paid from our taxes as it always has. Jesse Toronto canada, Spread the word stay in formed people, the police state is coming.