News

Why a Lawful Access Compromise Can Be Found

Consider the biggest privacy concern with Bill C-30: the mandatory disclosure of subscriber information without court oversight. With ISPs and telecom companies complying with law enforcement requests roughly 95 percent of the time, at issue are a relatively small number of cases that to date have required warrants prior to any disclosure. I still think law enforcement has failed to produce a compelling series of examples where the current law has proven problematic. Further, it is not clear whether law enforcement was able to obtain the sought-after information through a warrant in the remaining five percent of cases, though anecdotal evidence suggests they typically were. Regardless, law enforcement wants greater assurances that the information will be available expeditiously in appropriate circumstances.

Bill C-30 actually addresses two significant concerns associated with this issue. First, the prior lawful access bill included a very broad list of data points that could be disclosed, raising serious security concerns and the potential for misuse (eg. the IMEI disclosure that could allow cellphone users to be tracked without a warrant). The number of data points has shrunk from 11 to six, with some of the cellphone data removed. While some of the data points still constitute potentially sensitive personal information (particularly IP and email addresses), a smaller list is better than a larger one. The decision to remove the cellphone identifiers confirms the legitimacy of privacy and civil society criticisms and reminds us that every bill benefits from scrutiny and potential reforms.

Second, with ISPs and telcos providing subscriber data without a warrant 95 percent of the time, there is a huge information disclosure issue with no reporting and no oversight. This is a major issue on its own, particularly since it is not clear whether these figures also include requests to Internet companies like Google and social media sites such as Facebook and Twitter. The RCMP alone made over 28,000 requests for customer name and address information in 2010. These requests go unreported – subscribers don’t know their information has been disclosed and the ISPs and telecom companies aren’t talking either. Bill C-30 would add new reporting requirements to these disclosures, which should allow for insights into what ISPs and police are doing with subscriber information.

In order to make these two reforms effective, however, two loopholes should be closed. First, the legislation should expressly prevent law enforcement from bypassing the reporting regime by continuing to voluntarily collect some of this information. Second, while the latest changes to Bill C-30 prevent police from forcing telecom companies to hand over mobile device identifiers, they will still be able to collect such identifiers using IMSI catchers. Whether telecom companies will be forced to identify customers associated with mobile device numbers acquired in this manner will depend on the regulations. This is a potential loophole that must be closed, or it will facilitate potential real-world tracking of Canadians that could lead to abuse.

The remaining issue is the inclusion of warrantless disclosure of the six data points. This strikes at a bedrock principle of privacy law and will be rightly opposed by the privacy and civil society community. Yet in talking with law enforcement, it is clear what they want is timely, guaranteed access in appropriate circumstances. They argue the current warrant system does not meet this standard nor do the current privacy rules. But what if a new warrant specific to subscriber information could be developed? Such a warrant could feature a low threshold along with rapid authorization and lower costs. For law enforcement, it would provide the access they want, while for privacy advocates it would maintain the oversight principle.

Mandatory disclosure isn’t the only issue with the bill – the oversight of surveillance capabilities remains underdeveloped, the costs associated with surveillance equipment is a giant question mark, and the fears of surveillance misuse based on the experience in other jurisdictions continues to cause concern. There are also issues related to the easy access some of the new production orders provide to potentially sensitive data such as GPS data or transmission data generated during our communications. None of these issues will be easy to solve, but the starting point must surely be a moratorium on the inflammatory us vs. them rhetoric from the government which fosters alienation rather than cooperation.

79 Comments

  1. I’m sure there is one. But based on the way the government has framed the debate, they are not interested in one.

  2. “the prior lawful access bill included a very broad list of data points that could be disclosed, raising serious security concerns and the potential for misuse”

    These were the practices of NAZI Germany (Germans rock but NAZI was wrong) and the evil CZARS.

    Also, http://news.slashdot.org/story/12/02/14/2236214/uk-law-enforcement-starts-seizing-music-blogs

    (in ref: to warrant overhaul) You’re right Mr Geist that the system needs to become more flexible along with the changing times. This is the fall of any government is its inability to change along with changing times. (aka down with CRTC, and the big cell phone providers, and also corporatism to some extent).

    Cheers,

  3. I heard your interview on CBC this morning, and to be honest I don’t think they will compromise. When it comes to any attempted government invasion like this they pull out the “child porn” card or “terror” card to silence objectors and as a trump card to justify any loss of freedoms.

    And the fact that they know they have the power to ignore us all takes away any incentive for them to listen to the rest of us.

    It’s a very sad day for a nation I use to be very very proud of for not getting so caught up in the modern western decline into police states like some of the others are :(

  4. Not That Anonymous says:

    Personally I think the Conservative party has completely botched their majority and are going to end up like the Conservative party post Brian Malroney, waiting twenty years for the next majority

  5. For the As It Happens audio, fast forward to 08:30.
    For the As It Happens audio, fast forward to 08:30.

  6. When It Says “email address” what does that mean?
    Almost everyone has an email address with their ISP. But as people do things like move between ISPs and access email from work and on the road, they find that services such as Hotmail, Google and Yahoo are more convenient. The ISP one is still there, but it is rarely used.

    So, if an ISP is providing an email address in response to a query, I would assume they are providing the email that they are responsible for. To do anything else would require them to report on the content of their customers’ web traffic.

    This may seem like a minor item – but if the access legislation is specifying items that have little meaning, it reduces the effectiveness of the legislation. Moreover, this can become a point on which to hang much larger access requirements – think “well, the ISPs email address is not what is needed, so the law will now require warrentless access to web traffic as well”.

  7. I’ve never had to keep up with news in fear that the government might screw my country.
    I would rather have government stealing my money but holds up my values of freedom and rights instead of one that wastes the money on useless military power(come on… were canadians we don’t go to war), or using that money to make our lives harder.


  8. “These were the practices of NAZI Germany (Germans rock but NAZI was wrong) and the evil CZARS.”

    These are practices of any tyrant ruler, be it communist, socialist, fascist, dictatorship, monarchy, etc. The question is, what does Herr Harper consider himself to be? He is going to destroy everything Canada stands for if not reigned in!!

    Personally, I don’t think any single person or party should have the right to pass laws in the light of such overwhelming opposition.

    Sign the petition people, tell your friends, broadcast it on Twitter, get it out there!!! http://www.stopspying.ca/

  9. Why a Lawful Access Compromise Won’t Occur
    The current federal government is not willing to work with anyone internal to this country. Not the provinces and certainly not the opposition.

  10. Please don`t be fooled by this government!!
    This is all a huge lie! This government has given us no real evidence that it is needed, and the evidence it offers is full of holes.

    It can’t even work, not until the last open wi-fi, the last Intenet cafe, and the last library terminal is shut down. Until then, it will only create a “darknet”, and feed a black market, and help organized crime.

    No, the REAL reason for this law can ONLY be that making communication traceable will go a long way toward curbing criticism of the government.

    People will not be critical if future employers could trace all of their comments and conclude that they are trouble makers or have authority issues.

    Business leaders, people most in the know, will not be critical of the government if it risks alienating some of their customers, or polarizing their workplaces.

    Mostly, people will not be critical because they will fear being put on the “watch list”. Many people won’t comment online, petition, rally, demonstrate, or even risk joining the opposition, unless they can be assured of the anonymity that we enjoy today.

    Also their proposed copyright law, returns an unfair advantage, through “digital locks”, back to all of the old media monopolies, because they are the only ones who`s digital locks will be protected.

    These two laws, Internet monitoring and media locking, destroy the great promise the Internet once held for democracy. They MUST be stopped, whatever the cost may be.

  11. Sarbjit Singh says:

    Why???????????????
    Why a Lawful Access Compromise Won’t Occur?????????? Needs Answer

  12. Reading the bill and came across something. I know what it sounds like to me but I am no expert on law at all and would mind some clarification.

    “33. (1) The Minister may designate persons or classes of persons as inspectors for the purposes of the administration and enforcement of this Act.”

    …followed by…

    “34. (1) An inspector may, for a purpose related to verifying compliance with this Act, enter any place owned by, or under the control of, any telecommunications service provider…”

    “…(a) examine any document, information or thing found in the place and open or cause to be opened any container or other thing…”

    Somebody with more expertise than this please tell me I’ve misread this or just don’t understand law.

  13. @Joe
    It means the “inspector” has full access to everything at any facility owned/rented/leased by the ISP/telecom provider.

    Basically, “auditors” or might even be considered compliance officers. In any case, it’s another layer of law enforcement and it spells bad news for our already out of date and uncompetitive telecom/Internet industry.

    Like China, soon encryption will essentially be illegal here, so this will be a cushy job…perhaps it’s time for a career change.

  14. @IanME
    Okay, so it is exactly as I read it. Lovely. The definition of telecom provider is quite vague, enough to include data centres I should think.

    So it’d be safe to say the government could send anyone they wanted in to any data centre & copy everything? Ugh.

  15. @IamME
    IamME writes “…soon encryption will essentially be illegal here…”

    Yes, this would be the next logical step, but it can’t work, so this path must fail.

    Police can’t prove that a file is encrypted, rather than just random noise.

    Moreover, most software can create a hidden file, so if a court could force you to decrypt it, it just looks like say, tax info,
    but inside of that there is still more data.

    So the only way to enforce these laws will be to ban computers that run any program, we would be forced to use only approved “apps” on closed systems like Apple’s app store.

    And this is what will hust us competitively, because people will be unable to learn how to program, until they pass police checks and become “approved” Apple programmers.

    I’d rather we just had GPS implants, if a crime occurs we can prove who was there. But leave me with the freedom to speak.

  16. I can’t help but wonder if there isn’t a way to challenge such a bill from being signed into law on the basis of violation of the charter of rights.
    Specifically looking at sections 8, and 11(d):
    #8. Everyone has the right to be secure against unreasonable search or seizure.

    #11. Any person charged with an offence has the right
    (d) to be presumed innocent until proven guilty according to law in a fair and public hearing by an independent and impartial tribunal;

  17. @Annie O’
    “Yes, this would be the next logical step, but it can’t work, so this path must fail.”

    You and I know this can’t work, but I don’t think minor semantics like this are going to stop them. And I don’t think any amount of public outcry is going to work, like in the US and SOPA. SOPA would have made TOR illegal in the US, because it could be used to circumvent blocks against nefarious web sites. TOR was originally developed by the US Navy and endorsed by the US State Department as an effective communication tool in repressive regimes. I just love the irony there!!!

  18. Charter of Rights
    No problem…Herr Harper will just rewrite them.

  19. Cyber Crimes
    Since this legislation is now disgustingly called “Protecting Children from Internet Predators Act” doesn’t it apply to any other kind of cyber crime? Such as for example copyright infringement?

  20. Even if this bill is aborted, as it should be, the scary part is Vic Toews’ remarks can have work. His words could have been, and still can be viewed as a warning to people who disagree with him or this act, and that can chill speech.

    I think he has done more to harm democracy in Canada than any else in at least the last 10 years.

    As someone who has made a living in the IT sector for the last 10 years, I want to echo what IamME said (or my reading of it). I feel increasingly responsible for empowering people like Vic Toews who want to invade my privacy and threaten my individual liberty using the technology I fell in love with as a child, so yeah, I too am beginning to wonder if I still want to work in this field.

    I got into IT because it was exciting and anything was possible. It felt like a bright future, and I was spreading that tool. In that sense, I feel successful. There are people all over the world using computers and the Internet to communicate under oppressive regimes, some of which I had a hand in. Yet here in Canada, my home, this man (Toews) has the contempt for human dignity to propose something that would put us on par with the worst human rights violators in the world.

    Information is a wonderful thing, and by today’s standards, a decade ago we were all dying of thirst.

    Today we’re stamping out GPS-enabled smartphones with one hand and stamping laws that would allow us all to be spied on with the other.

    We may have the Internet tomorrow, but I think I’d be afraid to use it. I mean, only a criminal would use the tools of liberty like encryption. I don’t want to have to have that arguement. It reminds me of the FBI “suspicious behavior” pamphlet going around. Have you ever used Tor? Do you care about your privacy? to you believe in free speech? Do you still use cash at Starbucks? You’re probably on a list.

    No wonder noone want’s to work i
    n IT. No wonder politician’s don’t have backgrounds in science. Statistics are practically a hanging offence.

    Things looked a lot rosier for freedom (democracy and individual liberty) when governments acknowledged their ignorance and didn’t even attempt policies. The world didn’t end, and we got Google and thousands of others.

    So yeah, I guess I feel some responsibility for giving the people in charge (politicians, sometimes business leaders) the confidence to do dumb **** like this through watered-down comparisons and analogies. None of them do the Internet justice.

  21. Maybe there is the possibility of a compromise but as many here note, the Conservatives do not appear interested. They have taken the Canadian citizen’s meaning of majority vote to new heights and gone beyond the elected mandate. They are taking the initial steps to dictatorship.

  22. Pretty Simple says:

    The real reason for the pushing through of the various privacy and freedom destroying laws and amendments is actually pretty simple, no matter how they title them.

    What we are seeing is rapid drastic reform of Canadian Laws, so that ACTA can be adopted “without changing domestic laws” as was promised.

    The real “Protecting Children” momentum comes from Hollywood.

  23. Couple things

    Maybe we should just kill all of our children? This would stop all child abuse, sexual abuse, save money on schools and school programs, reduce piracy, reduce juvenile crime and many more things.

    As of right now if a warrant can’t be approved for the things they want to investigate with C-51 that means the gov. wants the remove the due process and be allowed to break the law. Which right there is a dictator ship and they are now not accountable to the Canadian people WHICH.

  24. It’s Not “Lawful Access”
    Correction: it’s been changed to the “Protecting Children From Internet Predators Act”, in a last-minute rebranding.

    http://blogs.canada.com/2012/02/15/can-you-spot-the-difference-on-lawful-access-bill/

    The new name gets around the thorny issue of what some might consider “Awful Access”, or “Unlawful Access”, or what have you. What else will be slipped in without our notice?

  25. Jack
    Who is putting the “jackboot of fascism on the necks of our people” now, Mr. T.? I dare say it’s not Svend Robinson.

  26. Vic Toew
    If there is any doubt!

  27. So what is the Harper Government hiding? If they have nothing to hide they wouldn’t be renaming “Lawful Access” to “Protecting Children From Internet Predators Act” to fit in with the words of Vic Toews – “He can either stand with us or with the child pornographers”

  28. @end user
    The Harper Government is trying to hide the fact that there’s little factual justification for the bill. So rather than try to find some or just scrap the bill, they’re using fear tactics to make it seem necessary. It’s the same thing other people have done using whatever the biggest boogieman at the time was.

  29. Think about all the data a PM could get with this
    For example, he could very well listen to every conversation any oposition party will make.
    Every single document/email/chat/tweet that comes and goes to any Canadia server could be read, printed and “checked up” (being that in the most liberal of the ways, pun intended).

    This is the supreme of the powers any Gov. would desire.

    Next is to abolish and prohibit the usage of any cryptographic tool and voila! you are A God. Add to that some data mining applications and you can manipulate the entire population through the media with all that data!

    62% of the population of Canada didn’t vote for a new God.

  30. Encryption is next.
    This bill is essentially toothless unless encryption is made illegal. It’s been done in other parts of the world and Harper repeatedly shows his lack of respect for the Canadian people. Next up, bill C-XX, the bill to ban the use of anomylizing and cryptography technologies. No need to go through the formalities though, Harper has his little group of cronies that will ensure the bill gets passed regardless of the amount of opposition, so might as well just put it right in.

    Might as well move to the US, they might have crappy laws there too, but at least the government listens to them AND they have vastly better Internet service(s). With all the garbage bills coming here, they’re going to keep us in the dark ages for years.

  31. A new warrant process?
    I have serious doubts about this idea.

    First, I don’t think lowering the threshold actually is such a great idea. In most of the cases they want us to be concerned about (eg. child pornography) it’s not that hard to demonstrate a reasonable belief that a crime has occured; it’s pretty black & white. If you lower that to “reasonable suspicion” or somethign else, I don’t think you’ve eliminated the possibility for abuse.

    Moreover, your suggestion presumes–without evidence–that there actually is an administrative problem in obtaining a warrant. Like everything else in the justification for this bill, I think that’s just hot air. Even the cops who argue that the warrant is a “burden” will admit that they can obtain one in less than 24 hours–they just don’t like it. I hate to diminish the concerns they express, but it’s honestly a matter of balancing a slight inconvenience against the privacy interest.

    (In non-emergency cases of course. In emergencies, if someone’s at risk of harm, no one requires a warrant.)

  32. Easy to Achieve
    A compromise is easy to achieve. The police finds evidence of wrong-doing, go to a judge and get a court order to collect data on the persons suspected of a crime, start collecting evidence from the ISP, and prosecute them in court. What could be easier?

  33. Ramblin' Rose says:

    Canoe76 wrote of privacy invasion…
    “I feel increasingly responsible for empowering people like Vic Toews who want to invade my privacy and threaten my individual liberty using the technology I fell in love with as a child, so yeah, I too am beginning to wonder if I still want to work in this field. ”

    I ask…where is the Canadian Press/Media who “respected” the “privacy” of Vic Toews a Minister of the Crown, a former Crown Attorney of Manitoba and a former Attorney General of Canada when he had been found to have been “diddling” in the workplace with a young female parliamentary assistant?

    Where is the investigative reporting that should logically ask even if in retrospect…”If the Man can say the other day words to the effect, “you’re either with us or with the pedophiles”…what subtle or not so subtle “tactics” has he used in past in an attempt to seduce others to his way of thinking”?

    Curious he was briefly on an anti-bullying youtube video with John Baird among others…

    I’m not feeling particularly seduced by Vic’s approach, but the threat does hang over us all, does it not?

  34. Ramblin' Rose says:

    Twitter feed ‘leaks’ Vic Toews’ alleged divorce details Montreal Gazette‎ – 10 minutes ago
    Phew…finally some others got it…

    http://bit.ly/zlB2Az

    How does one spell vindicated?

  35. Really?
    Correction: it’s been changed to the “Protecting Children From Internet Predators Act”, in a last-minute rebranding.

    At this point I am not expecting any truthfulness or transparency from this government. This is so blatant an act of covering one’s own ass in regards to unfortunate remarks as to be beyond redemption. I try to be an optimist, but this government is sucking it all out of me.

    le tit be known that the more our freedoms are taken away the less there will be for the gatekeepers of those freedoms. Further invasive tactics will just drive more innocent people underground, with more systems and tools being devised to protect ones privacy. This, as a side effect will MAKE IT HARDER to catch predators of all types.

    Why (oh why!) could technological policy be founded upon facts and reasonable solutions by people who understand the issues and ramifications? Instead we have bureaucrats who listen to special interest lobbyists, and proceed to make things worse for everyone else in the process.

    We are governed by idiots, and ‘we’ put them there. God save us all.

  36. A reply from my MP
    Thank you for your recent email regarding our government’s “lawful access” legislation and for sending your comments to my attention.

    Our Government takes the safety of our communities, and – particularly children – very seriously. The technology available today makes crimes – such as the distribution of child pornography – EASIER to commit, and HARDER to investigate. Criminals should not have better access to tools and technology than police!

    Our legislation is intended to give what Canada’s police officers and chiefs have asked for: vital tools to stay ahead of the tactics adopted by today’s sophisticated, organized criminals. Unfortunately, evolving communications technologies have provided new ways of committing crimes such as distributing child pornography, as well as enabling criminals to coordinate and plan a wide range of other crimes.

    The technology available today not only makes these crimes easier to commit, but also harder to investigate. Our Government’s legislation to give police the tools they need to investigate crimes in a high tech world. 21st Century technology calls for 21st Century tools for police to effectively investigate crime.

    The proposed Protecting Children from Internet Predators Act would provide law enforcement agencies with new, specialized investigative powers to help them take action against Internet child sexual exploitation, disrupt on-line organized crime activity and prevent terrorism by:

    · enabling police to identify all the network nodes and jurisdictions involved in the transmission of data and trace the communications back to a suspect. Judicial authorizations would be required to obtain transmission data, which provides information on the routing but does not include the content of a private communication;

    · requiring a telecommunications service provider to temporarily keep data so that it is not lost or deleted in the time it takes law enforcement agencies to return with a search warrant or production order to obtain it;

    · making it illegal to possess a computer virus for the purposes of committing an offence of mischief; and

    · enhancing international cooperation to help in investigating and prosecuting crime that goes beyond Canada’s borders.

    The Bill would also strengthen and add new safeguards to protect the privacy of Canadians and we have been clear – the Protecting Children from Internet Predators Act will NOT allow the Government to monitor private conversations, web surfing or the emails of Canadian NOR will it allow police to monitor online activity without a warrant. It will only compel telecommunications service providers to provide basic subscriber information to designated police, CSIS and Competition Bureau officials upon request. This identifying information would be limited to a subscriber’s name, address, phone number, email address, IP address, and the name of their service provider.

    Our approach strikes the right balance between the investigative powers used to protect public safety and the necessity to safeguard the privacy of Canadians.

    I appreciate your input as a local constituent.

  37. My response to him
    I understand the need to protect the children, though I consider it a “boogieman” in this case. In a recent poll, 83% of Canadians were against warrantless access to private information. Other that spouting off the usual “think of the kids” line or even worse, Vic Toews outrageous accusation that anyone that doesn’t support this bill supports child pornographers. Again, that’s 83% of the population, every privacy minister in Canada and every opposition party. Now, I appreciate the concern for the children, but has anyone asked if this is what they and/or their families want. Where are the documents? My wife’s father was a convicted pedophile and I can guarantee that privacy is of the utmost concern to her and she will be appalled by this bill.

    Where in the bill, since the short title was recently changed to “Protecting Children from Internet Predators Act”, does it say this ONLY applies to “Internet Predators of Children”? If it doesn’t, the title is misleading, and given the lateness of the title change, I’d say intentionally so to fear-monger support. (http://blogs.canada.com/2012/02/15/can-you-spot-the-difference-on-lawful-access-bill/) In 77 minutes it went from “Lawful Access Act” to “Protecting Children from Internet Predators Act”. This is very suspicious to me? Why change the bill title so late in the game?

    Where in the bill does it say law officials can’t arbitrarily and/or randomly monitor an individual’s Internet usage?

    Where does it state that my right to privacy, as given under the Charter of Rights and Freedoms is upheld and that only in cases where there is cause to investigate AND a warrant in place will private information be disclosed?

    Given the rural nature of where we live, particularly troubling to me are clauses 6 (Obligation to have capabilities) and 7 (Operational requirements for transmission apparatus). These “capabilities” and “apparatus” are extremely expensive to buy and run, especially given the requirements. Has consideration been given to how small ISPs, like our local ISP, will be able to afford to buy and maintain such equipment?

    This bill gives officials carte blanche rights to spy and, as far as I’m concerned, violates the Charter of Rights and Freedoms. This has also been stated by several privacy ministers as well as other officials. Convince me otherwise. Vic Toews’ wild comments have certainly done nothing to convince me. And don’t try to tow the company line and try to convince me he didn’t say it (http://www.youtube.com/watch?v=A1BAHc4Mr5M) or that it’s out of context. I’ve watch other news clips and interviews and know the context it was use in.

    There is currently a petition against this bill that, as of yesterday or the day before, had over 84000 signatures? Has any consideration been given to this or is the government planing to simply ignore it?

    The biggest issue I have with this bill is that there is no documented evidence or justification that it will help and that there is no evidence that a study has been done to determine if the bill will even be effective. Everything coming over the media from the conservative party is either the standard rhetoric or verbal badgering, “Think of the children”, “those not with us support child pornography”, c’mon, is this really considered professional these days….baseless accusations and fear-mongering? Where is the real evidence? Where are the documents and studies that show this bill is necessary, is technologically feasible, is cost effective, will benefit society as a whole AND will be ultimately be effective in it’s goal, WITHOUT eroding every person’s right’s and freedoms? Where are the documents that show we’re not going to have tons of unintended negative consequences, like happened with the Patriot Act in the US?

    I have the bill open on my desktop right now and am eagerly awaiting your reply.

    I don’t expect a reply…

  38. David Collier-Brown says:

    And it doesn’t help the police…
    This is a tool for counterespionage, based on what has been done in the past with voice telephony. Regrettably, what the police need is to be able to do “traffic analysis”, to find the crackers, spammers and scammers who depend on no-one noticing them amid the other traffic.

    To detect a spear-fishing attempt against a company, I need to know who’s been infected with the tailored virus, by seeing who’s sending ssh packets to a remote port 26. One the remote machine, I need to see who’s using this botnet’s control port, 666, and where the command and control center is. And I need to find all the other bots the C&C center is controlling, and warn their root users.

    The only person I need a warrant for is the owner of the command and control center, and that’s to search his house and seize his computer.

    All that I can do with the law as it stands. What is needed is agreements about what voluntary disclosures are allowed, to start the process, and some regulations to prevent the misuse of non-personal-information collected during an investigation.

    Plus a significant chunk of money to provide the police with the hardware and staff to do the work. Billing the ISPs or making them buy equipment that doesn’t help … doesn’t help!

    –dave
    davecb@spamcop.net

  39. Conservative talking points may have killed this bill
    If Vic Toews didn’t answer criticism in such a “with us or against us” boneheaded way that backfired, I could see the Tories passing this bill quite easily.

    As a result of their aggression in promoting this bill, and the strong backlash that’s provoked, I suspect they are now compromised and in a position where they must either substantially water this bill down or let it languish forever.

  40. I disagree Mr. Geist
    Sorry, but I don’t want compromise on this. If anything I want a law stating that ISPs shall NOT disclose ANY subscriber information without a valid warrant.

    “ISPs and telcos providing subscriber data without a warrant 95 percent of the time” – how in the hell do they do that legally? Strengthen the Privacy Act if they are doing this!

  41. Warrants Just Get In The Way
    Ah, c’mon, warrants just slow down the enforcement of the law:

    http://www.thestar.com/news/crime/article/1131727–caretaker-mesmerized-by-the-mess-after-police-search-trial-told?bn=1

  42. Paraguay
    So, can Vic Toews explain why the Canadian government has opened a visa office in Paraguay, a country known for human trafficking? He has made trade deals for Canada during his trips to Paraguay, but did it ever once occur to him to bring up the topic of human rights abuses? Odd, for one who is so concerned about children. I guess he didn’t use the internet to browse the U.S. government website about that.

    http://paraguay.usembassy.gov/tip.html
    http://www.embassyofparaguay.ca/eng/visa/index.shtml

  43. What’s the other hand doing?
    This proposal is so beyond the pale, Toews’ remarks so over the top, and the public response so predictable that I have to wonder if it’s a simple case of misdirection, a la the “proposed” changes to our national anthem a few years ago.

    What’s the other hand doing while our attention is focused here?

  44. I agree with “ENO” and “Pretty Simple” and offer some rhetoric of my own:
    Bill C-30 will serve mostly to empower representatives of the MPAA and RIAA. It will be great for their tracking down and prosecuting of file-sharing copyright infringers, and probable digital-lock crackers, but also likely take law-enforcement resources away from the investigation of crimes that prove a far more serious threat to society.

    So, Honourable Mr. Toews, you are either for Bill C-30, or in support of murderers and rapists. Rhetoric(TM)

  45. Let me restate that…
    Honourable Mr. Towes, if you are for Bill C-30, you are *in* support of murderers and rapists. Rhetoric(TM)

    All of this rhetoric is confusing.

  46. @Crockett “Could this be Canada’s ‘SOPA’ moment?”
    Apparently!

    It is so heart warming to see the voice of the concerned public finally finding the power they deserve. To those who say the ‘groupthink’ should be ignored, take your elitist balls and go home :D

  47. Let’s hope for a compromise
    Working in IT I know that a lot of information is transitory. They go into logs and are not saved, they’re deleted periodically in accordance to what ever maintenance schedule is deemed prudent. Some logs where I work are rolled over every 24 hrs at midnight and the information is gone. Even backup tapes are written over given sufficient time depending on requirements (I know since I lost my old emails because they delayed restoring them for backup too long once). So the Demand and Order to preserve clauses could be important to ensure that the information needed in a case is available by the time a warrant to produce is issued.

    I’ve seen headlines saying that the police have had no trouble acquiring the customer information the Lawful Access Bill now so people are questioning the need to require ISPs to provide the information when it’s been given voluntarily. So I’m wondering what the legal ramifications to a case or to the ISP where customer information that has been given voluntarily to date. I’m not a lawyer so I thought I’d ask the question but it strikes me that there could be some sort of legal implications here.

  48. More on the public consiousness
    One wonders if the people ‘on the hill’ somehow exist outside of reality. The 11th hour switch from the Lawful Access bill to ‘Protect our children from perverts’ has got to be one of the starkest examples of desperate incompetence. This, after the universal backlash from Towes comments the day before, was surreal in its bizarness even for the Tories.

    An amazing thing has happened in the last months, the public has tasted the fruit of mass public opposition to obviously stacked legislation and seen the politicians blink. And they like it! Rightly so and about time.

    While the individual is easily duped (how many email forwards do we all get about Obama being Indonesian born & the dangers of WiFi in the classroom), the public as a whole can grasp the larger issues. There were times (1940′s Germany for example) when the masses could be led astray but we live in a time of greater information and connected awareness, at least those who have free and open access to the Internet. Now is the time to hold onto those freedoms and not let the few take them away for the sake of their own persona paper castles.

    SOPA, PIPA, ACTA, Lawfull Access and next C-31. Lets stay the course and hold these governments accountable to the people rather than the privileged.

  49. Anonymous Coward says:

    Entertainment lawyers as inspectors?
    Does this mean that representatives of the entertainment industry could be designated as inspectors, and “enter any place owned by, or under the control of, any telecommunications service provider…”

    “…(a) examine any document, information or thing found in the place and open or cause to be opened any container or other thing…”

  50. “Voluntary” disclosure
    For what it’s worth, there are several cases before the courts on so-called “voluntary” disclosure by ISPs . Some judges say it violates the Charter. Other judges–a lot of them–say that it doesn’t, but based on a variety of reasons, all of which are problematic.

    I think a proper interpretation of the current law (both PIPEDA and the Charter) is that ISPs don’t have the discretion to disclose voluntarily. (Nor should they–it’s easy to get a warrant, and in true emergencies no warrant is required.)

    I’m really surprised that this aspect hasn’t gotten more notice.

  51. SOPA moment?
    I don’t know if I’d call it a SOPA moment. If Toews had of simply kept his big mouth shut, it probably would have passed mostly unnoticed by the general public. But that incredibly moronic child pronography statement popped up everywhere and got a lot of people, even including some Tory ministers, pretty riled up.

    So, thank you Vic Toews for being such an a$$hole, you’ve done us a great service in raising public awareness!!

  52. Some words in favour of C-30
    Imagine that police investigate a murder. On the victim’s cell phone, they find threatening messages, and a direction to meet at the location where the victim’s body is found.

    Identifying the sender of the messages may identify the killer. How long will the data persist which identifies the killer? It depends upon the technology used to send the messages. Some data will be lost within hours.

    The reason that this legislation circumvents judicial oversight is that getting a warrant is a slow and painstaking process. In such an application, police must make “full, fair and frank disclosure”. R. v. Araujo, 2000 SCC 65. http://canlii.ca/t/5231

    For very simple matters, this requires about 2-4 hours of careful legal drafting in the office and an application before a justice or judge (1-2 hours). Complex matters require weeks of drafting.

    In the murder example, if the victim complained for years about being stalked by an unknown aggressor, then the application must summarize all the relevant detail accumulated over those years.

    Then, the police must actually get the identification from the telephone or IP provider. Depending upon Bell’s or Rogers’ or Telus’ workload, that may take hours too.

    Police usually want subscriber information in order to draft further warrant applications allowing them to search places or intercept communications relating to criminal activity.

    Once they get the subscriber information, they start again with another warrant application.

    They can re-use portions of the first application for the second, but they must reveal everything they know about the suspect before they can get further warrants which permit them to search his car or track his phone.

    Police find the most evidence in the 48 hours after the killing. This two-step process can consume some or all of that time, Meanwhile the killer burns the clothes he wore, and buries the knife.

    What matters to their investigation isn’t just who sent the messages, but what evidence remains in the killer’s house or car.

    Requiring police to obtain and execute two warrants slows them down a great deal, and risks losing information critical to catching the killer.

    So the search warrant hurdle is a significant one.

    Is it necessary? Subscriber information reveals relatively little about the suspect. Further warrants are required to intrude on his residence or car.

    Is judicial pre-authorization effective at preventing abuse? It certainly controls the release of information to a police officer, but it doesn’t, of itself, create much accountability over the use of the information afterwards.

    Suppose a rogue police officer seeks private information relating to his ex-girlfriend. If he swears a false application for a warrant, he can abuse of her privacy all too easily.

    There is some judicial supervision of violations of privacy after the fact. Section 489.1 requires officers to report seizures of property to the court which authorized them. This provides some transparency, particularly if the cop lays charges. (Of course, the rogue cop wouldn’t lay charges.)

    I think that the accountability requirements of Bill C-30 would be more effective at catching the rogue cop than the existing legislation under s.489.1. Only designated offices can make demands for identifying information. They are obliged to report every such demand, and there’s a mandatory internal audit process.

    I agree that we should supervise police, for fear they might abuse their powers. I disagree that existing judicial supervisory methods are always the best way. Costs of policing are high, and rising. The tools we give them must be efficient and effective; so too should the supervision be efficient and effective.

  53. @Waldock
    “So the search warrant hurdle is a significant one. Is it necessary?”

    In an ideal world…no. If we were all robots and incapable to do wrong, no. But this is not an ideal world and we’re not programmed automatons. Giveng this kind of power to authorities, most will use it wisely, others will be less scrupulous. Profiling will being, fishing expeditions it’s a fine line to a police state from there. I refer to perhaps one of the most famous quotes in modern times:

    “Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men.” – John Emerich Edward Dalberg Acton

    In your murder case however, I would argue that most, if not all, telecom providers would fully cooperate, without a warrant.

  54. …that being said…
    I think, they should still need to get the warrant after the fact. Otherwise, should they fail to get a warrant or if a judge refuses to issue a warrant, I think any information recovered should be inadmissible. Police NEED those checks and balances to ensure they follow proper procedure!!!

  55. @Waldock
    A rogue police officer spurned by an ex-wife or girlfriend, an MP seeking re-election in an embattled riding, both upstanding Canadian citizens, who would never abuse this new found power, given their positions in the public trust. Perhaps, more likely, a curious service provider employee who is charged with maintenance of these new surveillance systems, a private citizen who has not sworn an oath to public office.

    More disconcerting would be a hi-jacking of the investigative resources detailed in Bill C-30 by corporate copyright holders seeking litigations against infringers. Overwhelmed by these investigative requests, the infrastructure established by Bill C-30, at great financial burden to the public, is unable to meet the demands of law enforcement officials and those crucial 48 hours are further stressed.

    Bill C-30, aside from its invasiveness, is far too vague in its granting of powers.

  56. Smells like…………
    “Second, with ISPs and telcos providing subscriber data without a warrant 95 percent of the time”

    ……B U L L S H I T

  57. “…most, if not all, telecom providers would fully cooperate, without a warrant.” “…95 percent of the time…”
    I teach officers how to apply for search warrants. The officers I work with disagree with Vic Toews’ estimate that 95% of the time, the telcos voluntarily provide the information sought. Some telcos cooperate, and some don’t.

    I understand that most do when the officers ask for subscriber information for the purposes of wiretapping extortionists and murderers.

    I do not have formal statistics about less serious offences like stalking, child pornography, death threats or trafficking in firearms, but the anecdotal information I receive from cops trying to catch crooks suggests that Toews’ number is optimistic, especially relating to IP information.

  58. @KF – rogue cops, MPs & corporations
    KF – I don’t know if you’re being facetious or serious when you rely upon the scrutiny on people in public office. I agree with the others that bad apples turn up everywhere. Rogue cops are a problem. Not a common problem, but a big embarassment for everyone, especially the honest cops.

    I agree that checks and balances are necessary. I disagree that JUDICIAL supervision is best method. Existing procedures unnecessarily hamper urgent investigations, but do little to prevent or expose the rogue cop. Bill C-30 proposes different checks and balances.

    I don’t see how an MP could use this legislation to gain advantages in an election. If someone thinks an MP could abuse this legislation, please identify the sections for me.

    I share KF’s distaste for the idea that this legislation could be used to prepare copyright prosecutions. Perhaps warrantless acquisition of subscriber information should be limited to the investigation of offences in the Criminal Code.

    As for the curious service provider employee, I think this legislation changes little. The sysadmins and telephone linesmen have always been able to snoop on their customers.

    Privacy advocates fear that authorities will abuse their privacy by snooping on their private conversations without good reason. Yes. Surely, that may happen sometimes.

    Police fear that completely secure communication facilities will be abused by criminals to organize and commit serious crime. The police fears are well-founded. They find abundant evidence of sophisticated use of communication equipment. Judicially granted wiretap is one of the few tools available which effectively exposes this kind of organized criminal.

    Emerging technologies, such as Blackberry Enterprise Server, permit these groups to defeat completely judicially authorized wiretaps.

    As I understand it, the main idea of C-30 is to require every communication company to build a back door which police can only open when a judge permits it.

    If you argue that there must not be such back doors, then you must be prepared to live in a society in which organized criminals can safely communicate without police ever listening, no matter how solid their grounds. Judicial supervision becomes irrelevant.

    I’m a prosecutor. I’ve met some of these guys in the court room. I’ve met their victims who survived, and I’ve met their victims’ families. I don’t like that idea.

    If you concede that there must be such back doors, then the only remaining questions are how to implement them so that they work, but don’t get abused.

    There is a real tradeoff between privacy and public safety. I see it every day. Police work isn’t as easy as CSI. Lots of crooks escape detection and/or prosecution. If you want perfect privacy, you must be prepared to live in a world where people like Pickton are much more difficult to catch.

  59. Waldock is a fear mongerer, Pickton was a drug using, pig farmer who lived in the middle of nowhere, he was not updating his facebook profile, emailing his dealers, or tweeting when he was about to go to downtown vancouver, making a suggestion that c-30 would have caught him any sooner is a joke. I bet he didn’t even have a computer or cellphone. nice try though.

    Nobody

  60. @Waldock
    Part 1

    Waldock, your post really made me think. I wanted to try to distill what I am seeing as the pro/and con sides of this, so I tried to point-form things. Here goes…

    Some reasons I’ve heard in favor of surveillance:

    -It’s getting harder to catch criminals; “criminals shouldn’t have better tools than law enforcement!” (I agree.)

    -The Picktons and gangs of the world are terrifying and are a real problem. (I agree, this is scary stuff. I’ve certainly lived long enough to know that bad people exist, and I really wish they didn’t. I get the impression you’ve reached a similar feeling.)

    -There is a general desire to protect victims (which I certainly agree here – most of us have experienced being victimized in some way and want some way to see justice) and the general impression that we should be do something beyond what we are currently do (I think that’s really the question we’re all trying to answer here…).

    Some reasons I’ve heard against surveillance:

    -It’s not clear that C-30 or any level of surveillance can solve the stated problem (criminal uses of the Net) since it doesn’t remove criminal access to encryption which everyone will continue to use, ex for banking. Even outlawing encryption (the blackberry case you mention above) wouldn’t do that by itself, nor would banning anonymizers like proxies, Tor, and Freenet, since criminals don’t have to respect the prohibition by definition. In the pursuit of criminals we’d have to greatly ramp up enforcement, which could not just undermine privacy, but basically make it illegal, further accelerating us towards…

    -The big one: if absolute power corrupts absolutely, extensive surveillance powers might simply be too tempting to abuse or misuse by corrupt, or simply negligent officers or agents (for example, pranksters, “looky-loos”, or disgruntled employees), and that these opportunities and risks are multiplied by the increased retention and by-design back-door access being proposed. Basically the whole gamut of “the 1984 scenario”, ranging from the chilling effect on free speech and criticism (political / religious / financial / copyright / whistle-blower / Wikileaks / anonymous dissent), even if the bill works as intended, to outright witch hunts and fishing expeditions by government or corporations. This could be a precedent-setting move down the slippery-slope towards a surveillance state.

    It’s also getting to the point that net neutrality (and copyright reform) supporters could be viewed as “separatists,” and since most of that discussion is taking place on the Internet there is real reason to worry about political abuse of any new surveillance capabilities, and to worry that effects might snowball rapidly.

    -Where are the statistics? 1) Is there a demonstrably new problem or a material reason to consider changing the current law? (In what areas is crime up or down?) 2) Would this do really the job? 3) What would the associated financial and social costs likely be? 4) Are the police using existing resources effectively? It’s hard to have a real discussion without stats, pro or con.

    -Privacy is a human right. It’s written up in the UN declaration and the corresponding Canadian charter. So, what has changed that would possibly warrant giving up a basic human right? (Trick question… It’s a right! It’s not really on the table, IMHO.)

    -We mostly all agree that it would place a large burden on ISPs — Bell for example predicts large costs, and others are on record saying they may have to close. Of course, the costs would ultimately be born by tax payers, which noone likes.

    -Lastly, there is a view that the law is hypocritical, casting doubt on its basic design and the government. Toews is seen as promoting privacy invasions while at the same time crying afoul for Vikileaks30′s publishing of what looks like information from the public record (seems legal to me, but I’m not a lawyer). This might be an ad hominem attack but, if what’s good for the goose isn’t even good for the gander, why should Canadian’s buy what they’re being sold? Ie: smells fishy.

  61. @Waldock
    Part 2

    Some common approaches to making any tough situation better:

    -Sharing responsibility, for example, by having all interests represented at each key stage.

    -Direct oversight, for example, warrants.

    -Indirect accountability, for example, responsible commissioners, and reporting.

    -Small-scale implementations, for example, to test for effectiveness and cost.

    Possible alternative approaches to crime reduction:

    -Well, we could just raise RCMP staffing up to the level of cost we would expect from the bill.

    -We could also try giving more training to RCMP, for example, in computer surveillance techniques, to do more with the same levels of access and person-power, as well as simply promote more internal coordination. There might be better ways to do what we already do, for example if the warrant process is onerous, it might be possible to expedite it, as Mr Geist has suggested.

    -There might also be new ways that have not been considered. For example, by thinking of new ways to cooperate, like crime stoppers (hello — a positive use of anonymity), amber alert (simple, quick response systems), panic buttons / systems, formalized response and reporting protocols and general preparedness plans (think fire drills) for possible scenarios and deterrents. For example, in web forums, showing the subnet of the logged IP address of a poster can discourage abuse. Heck, simply saying “smile, you’re on camera” can prevent theft or destruction in a problem zone. The difference being that this is already within the rights of systems operators and site usage terms, so we wouldn’t be removing rights. At least it wouldn’t require a nation-wide surveillance system. Not surprisingly, people are always kind of put off by just giving a group with the guns more power. The RCMP could help here by recommending and promoting ways in which the community can help. Netizens and communities have a lot of options for self-governance and self-help available to them. An example of this approach in real life is “restorative justice” programs, which have been shown to be effective in relieving some of the burden from courts.

    -As long as we are looking at ways of relieving the current framework, we might as well consider strategically legalizing some common “victimless” activities that have been argued to be a burden on the justice system. For example, we might legalize pot to cut down on the funds of crime and the nuisance on police. Prostitution has also been argued as a burden on the police / courts and that de facto criminalizing it, as we do, makes it difficult to make it safe, creating a whole class of surrounding crimes. It’s been called “the oldest profession” so, I don’t think it’s going to do away, but they could be paying income tax like everyone else and at least be doing it in a safe regulated environment. Similarly, we could (should) outright legalize non-commercial copyright infringement before we make the mistake of trying to enforce THAT one broadly at society’s expense. To paraphrase Steve Jobs: focusing is about knowing what NOT to spend time on.

  62. @Waldock
    Part 3

    Any other thoughts that don’t fit above:

    -Just because someone jumps off a bridge doesn’t mean we have to. Just because some countries ignore human rights, doesn’t mean we should. We should not strive to reach “parity”, “harmonize” or “catch up” with other countries, but rather to do what is right for Canada.

    -If criminals are getting more savvy at hiding their tracks, I would agree that police should try to be at the same level. That’s not to say it is a failure on their part, or that that can only happen at Canada’s expense. This simply might not be the right law to address our problems.

    -It seems to me that wiretapping can already happen on a case-by-case basis, and does not require that the network generally support that feature at our expense. Police could (I assume they do) have a box that can be inserted easily, given a warrant or appropriate control, for the purposes of focused fact-finding. I’m OK with compelling ISP cooperation for this (I assume that is already the case). In any event, I don’t think we should be mandating the capacity for surveillance nation-wide when that is a function we would normally expect the RCMP to source and employ, using money specifically allocated to them, on a case-by-case basis. If this is a cost issue, we can talk about it like that. If the RCMP are acting alone developing tools, and finding it especially difficulty, that doesn’t necessarily have to be the case.

    -Encryption exists and is not going away. I can write the formulas on a napkin. It’s like the DVD DeCSS key. It’s not going to go away for the same reasons DRM is universally broken. There’s also the “Streisand effect.” to keep it alive. At the same time, the Internet is nothing but proxies (routers), so outlawing anonymizers is also a ban in the Internet. Only the law-abiding people suffer, making due without. So, this isn’t going to take the the tools out of the hands of criminals unless we’re willing to go back to the stone age to try to cover it all up, and frankly, I’d be at least as scared of this possibility as the Picktons of the world. This is basically “the copying problem” if you can call it that. General purpose computing challenges a huge host of assumptions and will continue to make us uncomfortable until we confront them.

    -Maybe it’s an unfair comparison, but it’s also worth pointing out that Pickton did not commit or coordinate his crimes, to my knowledge, using the Internet and a bill like this would not have saved anyone from him, if that’s the bar. In fact, the RCMP has recently apologized for not doing more in the Pickton case ( http://www.vancouversun.com/news/RCMP+apologizes+delay+Pickton+arrest/6062816/story.html ), suggesting increased diligence may have as much of an effect as anything. I suppose the up-side for crime-prevention, if you can call it that, is that it always takes a real person to commit a crime, so there will always be a physical criminal and a physical victim and a physical circumstance surrounding them both. That’s where the community and the RCMP can help, and that’s where the law should focus, IMHO. Ironically, bringing prostitution out in the open and making it safer for sex trade workers (referring back to one of the options above) might have made a difference in the Pickton case.

    -I actually don’t see how to prevent any act without trampling on someone’s rights (and this is about prevention for the most part); prevention always clobbers someone’s rights. Doors hide crime. Privacy hides crime. Arguably, all human rights enable crime because criminals are human. At some point the public good will inevitably step on the private good. Should we get rid of human rights? IMHO, the power of law to sidestep rights should be limited and taken back quickly, so no. They’re still living with the PATRIOT Act in the USA because power is so hard to take back. I really don’t want my life to be about preparing for that 1 in 12000-year event ( http://reason.com/blog/2007/07/26/preparing-for-that-once-in-twe ). Yes there are bad people, and we should work together against them, but I’m not willing to live in fear either. (Franklin D. Roosevelt said something to that effect.)

  63. @Waldock
    Part 4

    -If we can’t take way these tools, all we can really do is empower good people to level the playing field. Raising the skills and tools available to law enforcement and good people generally raises the bar for them and lowers it for the criminal, relative to the rest (exemplifying the line “the price of freedom is eternal vigilance”). If the criminals are indeed working harder or smarter, we should also be — rather than talking about giving up freedom. The only reason we live in a free society is because enough people continue to demand it and, since confidence and privacy and empowers good people too, so long as you believe the good people outnumber the bad, it’s still a net win. In that sense, the potential for communication is also a positive thing that empowers good people and that can, in itself, prevent and address crime and abuses of power. For all the bad things the Internet is used for, it has also saved lives and touched all our lives for the better. Encryption saves lives. Sometimes you get the good with the bad.

    That is not a dismissal of crimes that use the Internet, just an observation that life is rarely black or white. It seems like we are increasingly having to choose between facing uncomfortable facts in the light of day, as a group, or blanketing them to “protect” ourselves. the Internet seems really really good at not letting sleeping dogs lie and at forcing us to think more about what we want to achieve through law, whether we are achieving it, and how far we are willing to go to achieve it. It’s ethics.

    -In stark contrast to the current laws, something (admittedly, a little disturbing) to consider is that at least one child-abuse survivor group ( http://boingboing.net/2010/03/25/child-abuse-survivor.html ) has suggested that we may be doing more harm than good by policing the distribution of images of child abuse. I wasn’t willing to include this in the alternatives above, because of the potential for controversy, but there is the idea that we are making it easier for abusers to hide by hiding their abuse. If that is true, this debate is largely hypocritical. Out of sincere respect and deference to victims (of all crimes, not just child abuse), I’m not claiming to be in any position to make such a call — very few of us are — however, it’s hard to ignore the words of victims.

    I certainly won’t be tweeting THAT @ Toews, but then I suspect that was the desired effect: preventing discussion. Frankly, I was a little uncomfortable even hunting for that link. At the same time, there are people who would say Wikileaks (with a W) made the world a better place by leaking the “collateral murder” video, even if the truth is a bitter pill.

    -It is interesting to note that a first use of a surveillance system would probably be an Internet filter list. It is also interesting to note that this was tried in Germany for 1 year and repealed in April, 2011.

  64. @Waldock
    Part 5

    -I further would argue that net neutrality or encryption would be outright impossible under this bill. Net neutrality is already at the discretion of ISPs, and traffic is being throttled anticompetitively (VoIP, P2P, business-grade features, etc), yet we would be pushing them to install more equipment with more capabilities, that would almost certainly be used for more anti-competitive behavior. Similarly, since surveillance doesn’t on its own break encryption, all encryption would need a back door too. Encryption with a back door, if it comes to that, is basically useless: so say good bye to online banking and shopping. Commercial activity on the Internet would be changed drastically by
    both of these.

    This is kind of off-topic, but I had to include it because of all the drama:

    - Vic Toews, speaking to the Ottawa Citizen’s report that the Vikileaks30 account traces to a House of Commons IP address, said, “even at that point [having found the IP address], noone can go inside a computer with simply the use of an IP address” ( http://www.cbc.ca/thehouse/news-promo/2012/02/18/internet-surveillance-bill-up-for-broad-review/ ).

    I see another side of this. The location HAS been deduced and, if you believe it’s accurate and the circumstances warranted it, I don’t think the RCMP would have any difficulty in the current framework to preform an investigation. What I see, however, is the Ottawa Citizen having published some “private” information. Not much, but it annoys me as a privacy advocate. (I hope they treat their confidential sources better.) If I actually believed Vikileaks30 did something wrong (for the record I don’t, but IANAL), that would have been something to report to the RCMP if you believed it could help a case. From that IP address, the RCMP could have installed a filter in order to “catch” Vikileaks30 in the act, so to speak. If anybody thought Vikileaks30 was doing anything illegal, tipping that person off is what removed the ability to investigate, not the lack of system-wide surveillance.

    As for Vikileaks30, I don’t even care if it was someone affiliated with the NDP — why shouldn’t someone affiliated with a political party voice an opinion using legal means, albeit anonymously. It certainly doesn’t warrant speculative accusations in Parliament, which testifies to the ease with which people go on witch hunts simply because they can. (And yes, I’d say the same thing if it were the Conservatives that I thought was being legally “ironic”.) That said, most of us would rather see someone find a way to “object, without being objectionable.”

    Should have written a blog post.

  65. My suspicion
    Ladies and Gentlemen,

    After looking at the recent goings on in Ottawa, I think what may be happening is that Mr. Harper is setting us up to be annexed by the United States.

    He will intentionally cause riots, and then the U.S. will be called in to ‘keep the peace’. And hey, they might as well stay around for a bit, just to make sure everything is calm, no?

    Canada is soon to be obsolete. We are the new Afghanistan.

  66. @Waldock
    My comment about the trust placed on those in public office was sarcasm, given the hypocrisy demonstrated by Honourable Mr. Toews.

    As far as abuse by Ministers of Parliament, I suppose that my concern was
    Section 33 and 34, but my reading may have been overzealous.

    Waldock, you make it seem as if the power of technology is all in the hands of organized criminals and the police currently have none, or, at least won’t until legislation like Bill C-30 is passed. I don’t know anything about the current laws governing wiretapping, but is it true that, even with a warrant, police aren’t legally able to break encryption? Assuming that’s what you mean when you refer to BlackBerry Enterprise Server. I agree that the police should have this capability, but don’t believe that it should be without the legal authorization provided by a warrant. Surely, criminals can’t conduct all of their dirty business behind closed doors, by talking in code, or through encrypted communications.

    I don’t agree that foisting the burden of maintaining a back door upon service providers and demanding their compliance based upon an affidavit is the proper legal or technological solution. Aside from a rogue cop or prying ISP employee, I echo Canoe76, in their concern for its potential abuse by ISPs themselves, for the purpose of anti-competitive practises. Not to mention the fact that such a catch-all resource maintained by the ISPs would be a beacon to criminal groups in its own right. There must be a more secure solution available that does not require so much ISP involvement, they could certanly tell the police who’s behind an IP address, but why must *they* have the capability to break encryption and intercept communications? Shouldn’t the police have officers specially trained to perform this role? Do telephone and wireless subscirbers pay the phone company to spy on them as well?

    As nascent as my understanding of the law and police capabilites is, an IP address is much different than a voluntary listing in a telephone directory, the IP address provides an opportunity for real-time tracking of an individual’s location and communications, certainly not to be treated as haphazardly as the Yellow Pages.

    @The Tories – The short title of the Bill is disingenuous and makes it seem as if such legislation is necessary as Canadian society is rife with child predators.

  67. @KF – Abuse by politicians – s.33 & s.34
    You have a point. The inspector’s job is to determine whether a telecommunications service provider has actually built the necessary facilities (“back door”) into their service so that if a judge orders wiretapping, it can be accomplished.

    Theoretically, a government Minister could direct such an employee to use this power to gather information unrelated to the employee’s job.

    This kind of abuse of power has occurred for as long as there was power to abuse. A minister who directed such activity would be taking huge risks with his/her career, because there are now many ways for this to blow up:
    - the telecommunications company would be watching the inspector
    - the inspector would be abusing powers in a way which would justify his or her termination; any experienced civil servant knows to get the direction in writing.
    - any exposure of such a written direction from the Minister would terminate the politician’s career.

  68. @KF & Canoe76 – The Back Door
    I agree that the government’s sales job is lousy. The name of the Act is misleading.

    Attack the salesman if you want, but I’m interested in the product. We can vote the salesman out of office; but are we better or worse off with his product?

    This act does not authorize police to intercept communication without a warrant. It does not authorize police to search computer systems without a warrant. It does require phone companies to build what I call a “back door”.

    Historically, telephone communications were always susceptible to interception by the phone company. This legislation wasn’t necessary.

    Now, it is possible to build a telecommunication system which encrypts communications so that nobody can overhear the conversation. Not even the phone company.

    What this legislation does is compel communications companies in Canada (think Blackberry) to build into their equipment the ability to comply with a judicial order. (see s.6 of “Investigating and Preventing Criminal Electronic Communications Act”)

    Imagine a phone company built a new “secure” network, and got lots of people using it. Following up on tips from concerned citizens, police gather enough evidence to satisfy a judge that a specific group of criminals are using it to organize . The judge is satisfied that wiretap is appropriate, and so she orders the phone company to let the police listen to the suspects talk. But the company replies “Sorry, our system can’t be intercepted, not even by us.”

    Without legislation like C-30, the police can’t use wiretap to save the kids or stop the bombers or identify the hackers or take down the credit card scammers.

    If you have some alternate suggestions for tools that would satisfy you, please propose them. Please don’t assume that police have unlimited resources (they don’t; and we have to pay for them).

    KF says that the phone company shouldn’t be able to spy on its own customers. They might abuse their power, and criminals might seek to take advantage of that power.

    For the last several decades, phone companies have always had that power.

    As far as I know, it hasn’t been a problem. I can ask the guy in charge of the wiretap system in my province if you like. He’s been there since the beginning.

    KF asks why the telecommuncation companies have to do the work. Because nobody else can. They build the systems. They have the expertise to build the back door. The legislation doesn’t require them to “break” encryption in the sense of brute-force decryption. It requires them, when handing out keys to their customers, to keep copies or master keys.

    And KP, yes, at present, part of your phone bill pays for the security department at your phone company to connect and disconnect wiretaps ordered by judges. Wiretap isn’t done any more by attaching a device to a phone line, or inserting a microphone into a handset.

  69. @”nobody” – fear mongering
    “Nobody” thinks I’m fear mongering.

    “Nobody” thinks Pickton is the last psychopath to terrorize Canadians (Bernardo, Olsen, Driver,…)

    “Nobody” thinks that the next serial killer will be too dumb to use devices connected to the internet.

    (http://www.serialkillers.ca/cody-alan-legebokoff/)

    Perhaps “nobody” missed my point.

    The reason I named Pickton is that an expensive inquiry is underway to discover why it took police so long to catch him. We’ll hear lots about the human errors, but there are some fundamental influences to consider as well. We aren’t a surveillance society. His victims were private people, so police didn’t know much about their movements.

    (Did you know that when police receive a report of a “missing person”, they can’t get any warrants at all under the Criminal Code? That’s because they don’t have “probable cause” to believe that a crime was committed.)

    Police information was incomplete.

    For a long time, police had multiple suspects. That meant that they could not say “probably it’s this guy”. Until they had “probable” cause, they could not get a warrant. Only when they had reliable information about an illegal handgun could they enter his property.

    What police hear from the public uproar about Pickton is that the public expects them to follow leads swiftly, and apprehend bad guys before more damage is done.

    Willie Pickton picked his victims from the streets of Vancouver. The next Pickton will find them on Craigslist or Facebook or some other internet-based communication facility.

    The internet investigation side of C-30 offers police tools so that it doesn’t take them quite so long to follow internet-based leads. It allows them to get started on a comprehensive search warrant without first obtaining a warrant for basic subscriber information.

    And it contains checks and balances to prevent abuse.

  70. @Waldock
    I realize that I really put my foot in my mouth when suggesting that the police should have the ability to break encryption. Encryption would be useless if it was susceptible to brute-force attack, the police would need access to the keys from whichever service provider. However, this would be limited to commercial enterprises who are legislated by Bill C-30 to provide the police this luxury. Since encryption software is open source and public knowledge, the truly organized criminals would establish their own communications networks outside these boundaries. I think that corporate customers would also be leary then, if say RIM needed to have keys to their customer’s systems, even if it was for special police purposes. Unfortunately, I still fail to see where the benefit of Bill C-30 outweighs its compromising the privacy of average Canadian citizens.

  71. @Waldock
    “Willie Pickton picked his victims from the streets of Vancouver. The next Pickton will find them on Craigslist or Facebook or some other Internet-based communication facility.”

    Of course, and we should “target” such places when promoting safety and pro-actively preventing victimization. However we should not lump (my) private uses of the Internet with these “public” sites. I do not even have a Facebook account.

    Bill C-30 treats everything on the Internet as public, with a few exceptions, when we could (should) treat everything on the Internet as private, with a few exceptions (websites with certain social features, like Facebook, etc). We should certainly focus on making those communities safe and welcoming. We do not need to sacrifice the principal of privacy to do it. Unfortunately the outer/major premise is inverted compared to what I want. That would not be an amendment though. Since I would not settle for less, I am rejecting the whole thing. Bill C-30 is built on the assumption that the ISP is the right place to focus to work on positive change, and I strongly disagree.

    As if they wrote it to mock me, the bill even excludes certain (somehow-special) uses on privacy grounds (schedule 1).

    I don’t know how to “ammend” bill C-30 to escape it’s “all or nothing,” “with us or against us (and with the child pornographers!),” “if you have nothing to hide, you have nothing to fear,” approach to social wellness. That’s not democracy.

    I see you are concerned about preventing crime and exploitation, and you’re not alone. I also think this is a chance to get it right.

    I could describe why privacy is important enough to keep as a minimum starting point, and I could even point out that that’s how we use it in real life when we return to the safety of our homes to eat and think and sleep. I could outline what loosing that foundation would mean, and how it has nothing to do with finite resources of those who would use it, or “trust.” People have written enough books on that already.

    Privacy and prevention are both good, and both are worth keeping, and there’s no reason not to have both.

    I could point at Facebook, and the people who use it and similar services, as having created many of the problems they now want to fix, and I could rattle off an endless stream of ways we could all be doing things better on a case-by-case basis. But that would assumes we can agree that’s the right place to solve it.

    I am a kind person, but I would not install cameras in my bathrooms to satisfy anyone’s curiosities. That’s not freedom.

    Instead I will say: we need to empower people, and I think we are underestimating the Internet community’s ability to solve many of it’s own problems.

    Unfortunately, Bill C-30′s biggest effect would be to turn the Internet upside down — at great costs to individual liberty and democracy — and I’m not willing to do that.

  72. @KF
    You’re right. Technologies exist that C-30 wouldn’t open to police investigation, even with a warrant.

    Does that mean that large-scale generally-accessible commercial networks should also be impervious to police investigation, even if a judge agrees that such an investigation is warranted?

  73. @canoe76
    You write a lot.

    I suggest that you read the text of the bill some more.

    You wrote “Bill C-30 treats everything on the Internet as public”. It doesn’t.

    It provides that police engaged in the execution of their duty can obtain subscriber information without a warrant. That’s not the content of your internet communications, but the geographic location of your IP address and who’s responsible for it.

    After that, getting private information requires warrants, as usual. One thing C-30 does is help the police figure out which house to attend to execute any warrant a judge might grant them. But it doesn’t let the police into the house or any computer in it without a warrant.

    Schedule 1 has nothing to do with your internet activity. It addresses those people who set up telecommunication services, as defined in the act.

    The other big thing C-30 does is make sure that the government can tell people who provide telecommunication services to create a back door to their service. But nobody is allowed to use that back door to acquire private communications unless a judge authorizes it. This matches the current situation with telephone services.

    Equating C-30 with putting cameras in everyone’s bathrooms, or an upside-down internet is great rhetoric, but it’s misleading. It’s not what C-30 actually says or does.

    If, as seems likely, popular opposition kills C-30, I predict the next public complaint on this issue will be “Why are the police using investigative tools of the 1980′s to investigate internet crime?” Some of what the cops rely on now was drafted when a leading case of the Supreme Court of Canada determined that a computer system does not provide “telecommunication”.

    R. v. McLaughlin, [1980] 2 SCR 331
    http://canlii.ca/t/1z48m

    For example, look at s.487(2.2) of the Criminal Code, and see how it contemplates computer systems as large machines attached to printers, attended by geeks in white lab coats.

    The legislation has not kept up with the times. It’s time to catch up.

    Here’s another example.

    Internet providers keep logs of their customers’ activity for days or weeks. Police investigations react to past events, and often take days, weeks or months to gather write warrant applications.

    For example, suppose yesterday, Sally recieved a death threat delivered by some messaging technology. And then someone killed her. If, by some luck, police manage to determine the IP address of the sender of that message, they should get a warrant to find out whose subscription sent it. At best, the judge might issue the warrant tomorrow. If the IP provider deletes its logs every 24 hours, then even with a warrant, the officer finds nothing. That loss of evidence can make the difference between conviction and acquittal.

    That’s why the proposed 487.012 would authorize the officer to order the messaging service provider: “preserve anything in your logs relating to messages to Sally while I go get a warrant”.

    Right now, there’s nothing permitting the officer to compel the preservation of relevant evidence.

    Collecting enough evidence matters. This isn’t CSI. The police don’t always win. For example, the prosecution dropped the first case against Mr Pickton for beating up a prostitute. There wasn’t enough evidence to make the charges stick. It was the word of a drug addicted prostitute against a businessman farmer. When the burden of proof is “beyond a reasonable doubt”, and there’s no independent evidence to support the complainant’s version, the judge is obliged by law to side with the defendant. (In that case, she did have some injuries, but the question was going to be whether he caused them while defending himself against her attack, or whether he attacked her.)

  74. @Waldock
    Part 1

    Q) How do we already handle your “crime post-threat” scenario in the real world?
    A) We do the best we can using the resources available in the course of normal events, and focus our time and resources on statistically significant risks.

    We do not require, for better or worse, that people (shops or individuals) maintain a record of location information (was they guy who bought gum going North or South?) for everyone who comes through our doors. Nor should we. We do our best, but we recognize that this is prohibitive to society in the real world. It is just as prohibitive in the digital world.

    Of course, I also think we should make an effort to manage risk online. However, that effort is (and should remain) the voluntary result of collaboration (again, the RCMP could step up) unless (as I have mentioned already) there is some very good and very specific reason to focus on a particular provider. We certainly shouldn’t jump all the way to the scale’s edge, which this bill does, by obligating every service provider and — arguably, every device connected to the Internet — to maintain a record of user details.

    > You wrote “Bill C-30 treats everything on the Internet as public”. It doesn’t.

    Yes it does: it’s basic philosophy is that the Internet is a public space and we need cameras at every highway, offramp, city block, garage, living room, and bathroom — all the places be might carry our laptops, phones, or tablets. I’m saying that while there is a valid case for calling some sites public places (Facebook, or similar) — lumping all uses of the Internet together is inappropriate.

    The current legal framework treat networks traffic, in principal at least, as private since it 1) requires a warrant for subscriber information (among other things), which is considered sensitive by a large number of people — even if the practice of disclosure by ISPs has historically been voluntary — and 2) surveillance capability is not currently mandatory. With respect to 1) there’s a big difference between “with consent,” and “by force,” obviously. It’s the difference between consenting sex and rape. (Now, does that mean Vic Toews “stands” with rapists?) With respect to 2) I actually appreciate some of the reporting obligations built into Bill C-30, and the production/preservation order, amendments at the end (I don’t really get the point of the numerous amendments that just insert the word “computer”). My concerns with the main content of the bill however, are still too broad to warrant suggesting trivial amendments to preserve the good parts.

    Bill C-30 does invert the status quo, and it is fully appropriate to describe Bill C-30 as turning the Internet “upside down.” That is my reading of it. More importantly, Bill C-30 takes an extreme approach that is not a net win. I might not be able to convince you of that, but I’m still willing to try.

    We have to remember that the Internet is a peer network. Unfortunately most people don’t even know what that means. But that’s what makes the Internet different from cable TV. It is not a 1-way, top-down, feeding tube (broadcast tree). Everybody can talk, and any centralization that exists today (Telus, Rogers, Facebook, Google) is mere circumstance, and highly likely to change in the future. For all intents and purposes, all the routers on the Internet are general-purpose computers (and mass-producing them got us to today’s networks), and it’s a basic principal of computer science that all computers can solve the same set of problems, within the constraints of their available memory. Some might be able do things faster than others, but all nodes on the Internet have the same possible set of features.

    I think this may be the reason you don’t see Schedule 1 as hypocritical from a privacy standpoint. Schedule 1 acknowledges some “household” and private services, but doesn’t conceive that those services might transit the Internet, for example, to take advantage of global reach. I would argue, however, that the Internet is used significantly for private traffic. (Unfortunately, since schedule 1 is amendable by the Minister, I wouldn’t expect this single line of reason to stand for too long against the numerous pressures to extend surveillance.)

  75. @Waldock
    Part 2

    In actual fact, everyone is a “service provider” since the bill defines “transmission apparatus” to include anything that provides “switching or routing of communications.” That’s basically everything I have in my network closet, including the computer I’m sitting in front of.

    I can run a webserver and I can turn my computer into a router with a command shorter than this sentence. Would I need to comply with these rules? Almost certainly.

    (I’ll just ignore that we could wind up needing interception capabilities on every interception device, ad infinitum. This is what we get for casting our nets all the way to the edges of something like one of Escher’s Circle Limits)

    If a computer eventually is interpreted as communication equipment, and I am considered a service provider for common router-like activities we all perform, wetehr we know it or not, it’s a very short jump to requiring all computers (or operating systems) to support hardware (or software) resident “back doors” (location-tracking and interception, etc, capabilities). (Section 11 even suggests we would have some limitations on our choice of the source of software. It’s also nice of them to clarify: it doesn’t matter if it means you’ll have to buy extra licenses. It sounds to me like someone might own stock in Cisco or Microsoft.) IT people have been concerned about these issues for years, and the temperature change recently is palpable.

    Some people here, and elsewhere, suggest that running Tor, or similar software could be a way to stand up for privacy. Actually, it looks like anyone using Tor would be considered a telecommunication service provider under this bill. The purpose of Tor is to route communications, so it falls under the direct interpretation of this bill to regulate. Depending on your interpretation of Schedule 2 (Tor arguably modifies the communication as part of its algorithm, and so probably isn’t excluded), the Tor software would probably have to maintain location information or intercept features in order to comply with Bill C-30. Of course, it does not provide this currently since Tor targets privacy advocates who would balk at that requirement. Running Tor then, or similar software, without also running some extra interception and recording software, would likely be a violation under the act, which is punishable by up to a 50000 (for individuals) or a 250000 (for organizations) fine. This fine is PER DAY! (See section 48.) If you do this willfully, it might be an offence, with much worse liability. (See section 55. Again: PER DAY! See section 66). If your computer or network is used by anyone remotely or physically (your web browser runs JavaScript, for example, and may be acting as a transmission apparatus whether you expect it or not), you too could be on the hook (64.2 leaves a lot of room for interpretation).

    Who in their right mind run (or write) a peer-to-peer program again? Bye bye Tor, bye bye Bittorrent. Hello cable TV, brought to you by your well-entrenched providers over whatever is left of the Internet by then. I am highly involved in networking and network software development, and I consider this bill the equivalent of a full frontal lobotomy of the Internet. Vic Toews’ rhetoric (and your assessment of mine) is dismissive of this reality: this bill doesn’t seem to be about protecting victims at all.

    If you think I’m reaching, I suggest you read your own link, and notice that the supreme court appeal in 1980 was denied on a very technical semantic argument. It is quite easy to imagine that a computer would be brought under the interpretation of transmission apparatus, with users then becoming telecommunication service providers. Again, the de-facto usage of “service provider” may (and in all likelihood will) shift drastically in the future. Since Bill C-30 does not expressly exclude private individuals, I have no reason to believe individuals would not have to comply.

  76. @Waldock
    Part 3

    While centralized services like Google and Facebook have had a bit of a hayday lately, people are constantly bucking them when they are used against privacy. Bill C-30′s proposal in itself is destabilizing. Case in point: people are promoting Tor more. There are also very real efforts to remove conventional ISPs from the picture all together, for example using wireless mesh networks. These efforts could work — they only need a critical mass — but if Bill C-30 passes, they might be illegal. I find that thought revolting. It puts us on par with Iran and China. Before you say “that’s not what this bill is about,” the language doesn’t differentiate, and just because we haven’t targeted individuals today doesn’t mean we won’t.

    So what’s next? Mass monitoring for tax fraud? Will we delegate inspector status to US representatives to enforce copyrights?

    Will people with “too much” technical knowledge have to register themselves as cyberweapons, and be subject to security clearance and export controls? This bill already suggests that anyone who operates network equipment may need security clearance (section 6 obligations, 28.3, and 64.l.ii). It feels like an assault on science (which has some recent context: http://boingboing.net/2012/03/02/canada-to-science-drop-dead.html ).

    Noone will want to start a business or develop the next network hardware or software when it comes with a 50000+ per-day fine, or the burden of complying with bill C-30 and requirement that you cave in on principals that MOST IT professionals share. Even if you are acting on behalf of an employer as a system or network administrator, failing to comply with the act might leave you personally liable (section 45). Say goodbye to IT. Canadian’s won’t be making the next big anything.

    This bill is a disaster, and it’s part of a larger alarming and accelerating international context that does not lead me to believe the powers in C-30 will be used to any significant degree to actually help people. If it focused specifically on public sites (Facebook, etc), I’d be more inclined to believe it, and would be willing to revise it on a technical level (though many of the same complaints that have been raised would still apply).

    I don’t think many people realize how far wrong this first stab is. Bill C-30 is almost a ban on networked computing and unregulated technical knowledge. As a programmer, a networking specialist, and a believer in free speech, I am quite disgusted with the full implications of the bill.

    Let me be clear. I am not willing to revise this. Picking at it quote by quote would only give it too much credit. Others have already criticized the massive interception, recording, disclosure of sensitive identifying information, sweeping physical access, and obstacles to transparency. I most certainly support public safety, but I also support human rights, and in order to preserve balance, we should file this one under “trash.” Luckily, good people are standing against it, despite Vic Toews’ offensive remark.

    I assure you, I could have written a lot more on this topic.

  77. Chris Brand says:

    @Waldock
    I’d like to focus on just the “back door” part, and to make two points.

    First, since I first attended consultations on “lawful access” back in … 2002, I think ? The police and other assorted people asking for these powers have been asked “how many investigations have been thwarted because you don’t have these powers today ?”. I understand that they’ve finally been able to come up with one example.
    The simple fact is that your hypothetical network that’s so secure that even the operators can’t intercept communications really isn’t that big a problem. Police today will (with suitable warrants) use parabolic microphones and keylogging software to perform the interceptions before the content even gets into the network, or after it leaves.

    Secondly, as soon as you build a backdoor into any system, you make it less secure. Unfortunately, you then have no guarantees that the only people to use your backdoor are the good guys. These “lawful access” systems make extremely attractive targets for all manner of “bad guys”. The canconical example is, of course, from Greece (https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004–2005), where over 100 phones, including that of the Prime Minister, were tapped illegally. the perpetrators have yet to be caught.

    I like evidence. When I see both evidence of harm where these proposals have been adopted and little to no evidence of need, that makes me say that the proposal is a bad idea.

  78. @Waldock
    You make some interesting arguments. I appreciate the dilemma. Unfortunately, your points don’t seem to appreciate the breadth and scope of the technology in use today.

    I have had a few conversations with police officers in the field. Even the more “internet savvy” of these officers don’t have more than a simplistic understanding of the various technologies in use, or the scope in which they are used. I’m sure there are specialists within the police force that do have a better understanding, but those are not the ones I have had contact with, or the ones we have heard from concerning the measures in C-30.

    Take the comparison of an IP address with a phone number. To the extent this is true, there already exists the DNS system for forward and reverse lookups, and it is publicly available. Continuing the comparison, C-30 would be the equivalent of making every business and organization release their internal numbers without a warrant. And those internal assigned numbers can and do change daily. To exasperate the situation, there are the equivalent of “conference room phones” where you don’t have any idea of “who” is assigned to use them – lots of them.

    Don’t get me wrong, we support the goals you espouse. But the approach laid out in C-30 won’t help in those goals. There are assumptions that C-30 will help in these situations, but the fact is that they will be very rare cases, and getting rarer every day (exhaustion of IPV4 has driven a LOT more “conference room” style usage).

    On top of this, there are various “anonymizer” systems that have become available over the years. Some driven by technology efficiency, and some by the desire to avoid tracking (mostly by data gathering for advertising). Think of it as a “burner phone” – lots of them, and free. These have become very simple to use.

    The list goes on, and continues to grow. Even for those of us deeply involved in the industry, we encounter a new approach 2-3 times a year. Some catch on in a widespread way, others don’t.
    The industry has been battling, and cooperating, on related kinds of issues for over 25 years. Email spamming, virus infection paths, hackers, keyloggers, etc, etc. From a society perspective they aren’t even close to your issues, from a technology perspective they are similar. We have a pretty good idea what works, and what is a dead end. The measures proposed in C-30 are effectively a dead end, and carry too much liability for abuse.

    We need a different approach. A simple short term answer would be to streamline the warrant process for these cases, and intensify the “internet technology” training required for officers. Even that won’t be enough in the long run, so we need to get creative as well. Recognize that we won’t find an “all in one” answer that has any chance of lasting, we will need to be constantly adapting.

    The issues are a society one, as well as a technology one. The rapid change of technology is driving rapid society changes. We need to come up with new answers, and new questions, from a society perspective. Consider the differences in the following.

    http://www.wired.com/wired/archive/4.12/fftransparent_pr.html