News

Everything You Always Wanted to Know About Lawful Access, But Were (Understandably) Afraid To Ask

Public Safety Minister Vic Toews is expected to introduce lawful access legislation tomorrow in the House of Commons. An Act to enact the Investigating and Preventing Criminal Electronic Communications Act and to amend the Criminal Code and others Acts, likely to be Bill C-30, will mark the return of lawful access in a single legislative package. While it is certainly possible for a surprise, the bill is expected to largely mirror the last lawful access bills (C-50, 51, and 52) that died on the order paper with the election last spring.

This long post tries to address many of the most common questions and misconceptions about lawful access in Canada. The questions and answers are:

  • What is lawful access?
  • What is Bill C-30 likely to contain?
  • Isn’t ISP customer name and address information similar to phone book data that is readily available to the public without privacy concerns? (first prong)
  • Isn’t the mandatory disclosure of ISP customer information necessary for police investigations? (first prong)
  • Didn’t former Public Safety Minister Stockwell Day pledge not to introduce mandatory disclosure of ISP customer information without court oversight? (first prong)
  • Who pays for the surveillance infrastructure required by lawful access? (second prong)
  • Does lawful access create a new regulatory framework for the Internet? (second prong)
  • Does lawful access create new police powers? (third prong)
  • Does opposing lawful access mean questioning the integrity of law enforcement?
  • Don’t other countries have the same lawful access rules as those found in Canada?
  • What do Canada’s privacy commissioners think about lawful access?
  • Are these lawful access proposal constitutional?
  • Does the government seem somewhat inconsistent on its crime and privacy policies?
  • Where can I learn more about lawful access and what can I do?

Update: Bill C-30 was introduced on February 14, 2012. One important change from the last bill to the current bill is that the list of data points subject to mandatory disclosure without court oversight has shrunk from 11 to six. The IMEI numbers, discussed further below, are no longer on the list. What is lawful access?

The push for new Internet surveillance capabilities goes back to 1999, when government officials began crafting proposals to institute new surveillance technologies within Canadian networks along with additional legal powers to access surveillance and subscriber information. There have been several attempts at passing lawful access legislation, but each has died on the order paper without progressing through the legislative process.  In fact, no lawful access bill has even made it to the committee stage for hearings and detailed examination.

What is Bill C-30 likely to contain?

Assuming the bill mirrors the previous Conservative government approach, the bill will likely feature a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers. 

The first prong mandates the disclosure of Internet provider customer information without court oversight.  Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so.  The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers. 

While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person.  Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community.

The second prong requires Internet providers to dramatically re-work their networks to allow for real-time surveillance.  The bill sets out detailed capability requirements that will eventually apply to all Canadian Internet providers.  These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.

Moreover, the bill establishes a comprehensive regulatory structure for Internet providers that would mandate their assistance with testing their surveillance capabilities and disclosing the names of all employees who may be involved in interceptions (and who may then be subject to RCMP background checks). 

The bill also establishes numerous reporting requirements including mandating that all Internet providers disclose their technical surveillance capabilities within six months of the law taking effect.  Follow-up reports are also required when providers acquire new technical capabilities.

Having obtained customer information without court oversight and mandated Internet surveillance capabilities, the third prong creates a several new police powers designed to obtain access to the surveillance data. These include new transmission data warrants that would grant real-time access to all the information generated during the creation, transmission or reception of a communication including the type, direction, time, duration, origin, destination or termination of the communication.

Law enforcement could then obtain a preservation order to require providers to preserve subscriber information, including specific communication information, for 90 days.  Finally, having obtained and preserved the data, production orders can be used to require the disclosure of specified communications or transmission data. 

While Internet providers would actively work with law enforcement in collecting and disclosing the subscriber information, they could also be prohibited from disclosing the disclosures as court may bar them from informing subscribers that they have been subject to surveillance or information disclosures.

Isn’t ISP customer name and address information similar to phone book data that is readily available to the public without privacy concerns? (first prong)

No. The last bill included the following data points:

  • name and address
  • telephone number
  • electronic mail address
  • Internet protocol address
  • mobile identification number
  • electronic serial number (ESN)
  • local service provider identifier
  • international mobile equipment identity (IMEI) number
  • international mobile subscriber identity (IMSI) number
  • subscriber identity module (SIM) card number that are associated with the subscriber’s service and equipment.

This data goes well beyond phone book data and can be used for invasive investigations without court oversight.  For example, IMSI catchers can be used to capture all IMEI numbers in a geographic location so that anyone with mobile device would have this information captured. Law enforcement could use this tool to capture information all cellphones in a given area – say at a G20 protest, visiting Parliament Hill, or at a community event – and then require Canada’s telecom companies to disclose the corresponding names and addresses. All without court oversight.  Christopher Parsons provides a detailed look at this issue.

Isn’t the mandatory disclosure of ISP customer information necessary for police investigations? (first prong)

No. To date neither the government nor law enforcement agencies have provided evidence that the current law – which permits disclosure without a warrant but does not mandate it – has created an investigatory barrier. Indeed, earlier this month, police in Ontario arrested 60 men on child pornography charges after obtaining information on hundreds of IP addresses using the current law. This is but one example of numerous successful child pornography investigations in Canada in recent years (here, here, here, and here).  These successes have not stopped Toews from arguing opponents of lawful access will make things easier for child predators  Similarly, the succesful anti-terror investigations involving the Toronto 18 involved computer and Internet-based investigations using current law.

Given the lack of evidence on the need for these changes, politicians and police have been scrambling to find justifications for the change. In 2009, then-Public Safety Minister Peter Van Loan pointed to a 2009 kidnapping case in Vancouver as evidence of the need for legislative change, describing witnessing an emergency situation in which Vancouver police waited 36 hours to get the information they needed in order to obtain a warrant for customer name and address information. That sounds like a credible case, but according to documents obtained under access to information, no Internet provider records were actually sought during the investigation. More recently, Open Media obtained internal police documents seeking examples of why legislative change is needed. The document acknowledged that previous efforts “lacked a sufficient quantity of good examples.” David Fraser has also looked at this issue here.

Didn’t former Public Safety Minister Stockwell Day pledge not to introduce mandatory disclosure of ISP customer information without court oversight? (first prong)

Yes. Former Conservative Public Safety Minister Stockwell Day stated in 2007:

“we have not and we will not be proposing legislation to grant police the power to get information from Internet companies without a warrant. That’s never been a proposal. It may make some investigations more difficult, but our expectation is rights to our privacy are such that we do not plan, nor will we have in place, something that would allow the police to get that information.”

Toews has now backed away from that pledge. According to a letter sent to NDP MP Charlie Angus in November 2011, Toews wrote:

It is correct that former Public Safety Minister Stockwell Day did, at one time, endorse a subscriber information regime that would have required a warrant in order to access the information. However, since that time, the Government has consulted further with law enforcement and justice officials and determined that a warrant requirement for basic subscriber information would negatively impact the ability to carry out investigations and would introduce an additional burden on the criminal justice system.

I have filed Access to Information requests with Public Safety, Justice, the RCMP, and CSIS on these consultation. Thus far no one has provided any documentation or evidence.

Who pays for the surveillance infrastructure required by lawful access? (second prong)

Cost is a big question mark on lawful access, though costs will ultimately borne by the public.  According to documents obtained under the Access to Information Act, many telecom and Internet providers have been primarily focused on the costs associated with installing surveillance equipment and with processing law enforcement requests. The government may provide financial assistance to smaller Internet providers to help address their costs or provide an implementation delay. Some smaller providers have indicated they may be forced to close if they bear the costs alone. Providers will likely also be able to charge fees for complying with law enforcement requests.

Does lawful access create a new regulatory framework for the Internet? (second prong)

The lawful access proposals create what can only be described a new regulatory environment for Internet providers. Every provider must:

  • submit a report within six months on their equipment and surveillance capabilities
  • submit a report on new equipment if acquire another provider
  • face possibilities of audits from the RCMP and others
  • assist law enforcement with testing facilities for interception purposes
  • provide the names of all employees involved in interceptions. The RCMP may conduct background checks with consent
  • meet operational requirements to enable interception, isolate communications, provide proscribed information, and conduct multiple interceptions

Does lawful access create new police powers? (third prong)

Yes.  As noted above, it envisions at least three new warrants. By definition, these involve court oversight. The warrants are:

  • Transmission warrants, which cover information related to the transmission of information such as routing or addressing, along with all the additional header-type information created by messages.
  • Preservation orders, which require the temporary retention of data on particular subscribers or communications
  • Production orders, which can require disclosure of transmission data, tracking data, financial data or information on specified communications

Does opposing lawful access mean questioning the integrity of law enforcement?

In Toews’ November 2011 letter to Angus, he states:

For you to suggest that authorities would use these identifiers to track individuals without first obtaining the necessary judicial authority is to question the integrity of those entrusted to keep our communities safe.

We can expect more of this line of argument in the months ahead. All Canadians recognize the need for security and to ensure that law enforcement has the tools they need. Yet the experience in other jurisdictions points to the dangers of blanket powers with no oversight. For example, in the United States, the National Security Administration has admitted in “over-collection” of domestic email messages and phone calls.  In Greece, more than 100 cell phones owned by the Prime Minister and senior government officials were surreptitiously wiretapped. Despite the best of intentions, mistakes happen which is why oversight and reporting is crucial.

Don’t other countries have the same lawful access rules as those found in Canada?

Some do, but the experience in other countries is illustrative of why the Canadian approach is so dangerous.  Christopher Parsons recently released a detailed paper that examines the experiences in countries such as the UK and the U.S.  In the U.K., there are dozens of examples of errors over the last few years. Moreover, the rules hae been used for things such as ascertaining “a family’s eligibility to send their children to a local school.” In the U.S., similar surveillance powers have been used thousands of times with ISPs and Internet companies. Targets have included journalists conducting investigations.

What do Canada’s privacy commissioners think about lawful access?

Canada’s privacy commissioner have been unanimous in their criticism of the government’s lawful access proposals. A letter signed by all Canadian commissioners can be found here. Privacy Commissioner of Canada Jennifer Stoddart posted a follow-up open letter in late October 2011 (an As It Happens interview here). Ontario Privacy Commissioner Ann Cavoukian has also been very active on the lawful access issue with a full website that includes video from a symposium, a public letter to Toews with detailed legal analysis, an op-ed, and a Search Engine podcast.

Are these lawful access proposal constitutional?

The Supreme Court of Canada may ultimately be asked to answer that question. One of the most comprehensive legal and constitutional analyses of the lawful access proposals comes from Pippa Lawson in a recent paper titled Moving Toward a Surveillance Society: Proposals to Expand “Lawful Access” in Canada, commissioned by the BC Civil Liberties Association.

Does the government seem somewhat inconsistent on its crime and privacy policies?

If by inconsistent you mean supporting the creation of widespread surveillance capabilities,  removing foundational privacy principles requiring court oversight, and claiming the need to support police investigations, while:

  • killing the long gun registry over the objections of the Canadian Association of Chiefs of Police
  • planning to delete the data from the long gun registry on privacy grounds (Toews: “to maintain the registry and the information is a complete violation of law and the principles of privacy that all of us in the House respect”)
  • scrapping the mandatory long-form census on privacy grounds

then, yes, they seem somewhat inconsistent.

Where can I learn more about lawful access and what can I do?

Given the widespread concern, there are many excellent resources on lawful access.  These include:

If you are concerned with lawful access, speak out:

font-weight: bold;/li

53 Comments

  1. Pry prop info
    Except for their contacts, naturally. I’m betting corp esp (spying) gets a higher sentance than child-molesting or pot-dealing.

    (80% of security incidents are inside jobs. Money not only talks, it buys a LOT of friends.)

    this info will be used to track and destroy political enemies first, economic threats like netflicks+ commonculture.ca second
    and as an afterthought, (long after the public starts doing it themselves) actual threats to canadian society.

    bah, humbug!

    packrat

  2. But won’t someone think of the children!

    That’s what the justification for the law sounds like. You can’t have complete security without giving up freedom. To have freedom means that you or others may be at risk. The thing to do is find the right balance, and this does not strike a balance due to the lack of oversight to make sure it’s not going to be abused. And if there’s one thing history has taught us is that when people are given power to do something, some will abuse that power.

  3. Regarding the Long Gun Registry
    Killing this has been the policy of the Reform wing on the CPC ever since it was the Reform Party… I don’t see why you would have expected it to change… remember, the registry doesn’t do anything to prevent long guns from getting into the hands of people that shouldn’t have one; that is implemented in the Possession and Acquisition License requirement (and even then it isn’t perfect). Nor does it reduce crime; those that quote the reducing rate of gun crime in Canada are lying in tying it to the introduction of the registry; looking at the longer term stats the rate of decrease was the same after the introduction of the registry as before, so you cannot assert that the registry has reduced gun crime… its a case of correlation vs causation.

    Getting rid of the data, to me, makes sense. This prevents people from non-government data via an Access to Information request. For instance, the Ottawa Citizen got a download of the data for a story it was doing a few years ago. The names and addresses in the “owner” section had been blanked out, and the postal codes reduced to the first two characters. However, for some of the entries the name and address of the owner was there; this was a case where the gun was built from a kit, so the Firearms Centre put the owner in as the manufacturer. Glen McGregor (one of their columnists) got pissed off with the idea of forcing the data to be deleted and pushed the data to a file sharing site and then bragged about it in his blog.

    As far as the census is concerned, the jury is still out. StatsCan still hasn’t published the response rates to it (remember, the number of forms sent out was increased from 20% of the population to 33%). In any case, I don’t see where this is concerned with law and order.

    There is two issues to consider here with respect to lawful access. The first is that there is already a law requiring landline telephone providers to provide lawful access. As many of the ISPs are now offering Internet telephony (for instance, my provider does and they don’t provide POTS service) to not extend the provisions to them means that the POTS providers could, with justification, demand that the lawful access laws no longer apply to them. The other thing to consider is the intent of the original lawful access legislation. This provides what would normally be considered to be wiretap evidence to by used in a trial. Exclusion of the newer forms of communication can throw reasonable doubt into a number of cases, especially where someone is charged with accessory to a crime or counseling to commit one, since they can claim that they tried to convince the person of not doing the crime by email, even if they didn’t; the police have no way to access that data stream. This can go either way; the accused may have no means to prove that they tried to counsel against and they get convicted when they are innocent, or the police have no way to prove that they didn’t and the guilty person is acquitted.

    Now certainly I don’t agree with the idea of access without a warrant; the warrant provides checks and balance into the system. If the reason the police want warrant-less access is because of how long it can take to get a warrant, then THAT is the problem that needs to be addressed rather than eliminating the check and balance step.

  4. Don’t let them claim this is just an update!
    Most of all, the first thing to remember is that law enforcement can still do physical surveillance – it’s not like the internet has somehow made crime virtual. The reason these vast new powers are unnecessary is because law enforcement can and should simply use physical, IN-PERSON means to gather evidence. Sure, it’s far cheaper to do automatic, virtual surveillance, but that inherently brings up the kinds of invasion Michael is pointing out. Laziness is not a reason to violate our liberties!

  5. Average guy
    I feel for you Canadians. Your government gets more and more like ours (U.S.) every day. My sympathies……

  6. Canadian
    This is going to drive criminals further underground while law-abiding citizens have their privacy stripped away.

    They should at least require that criminal convictions increase by a significant margin within 1 year or the provisions are scrapped.

  7. Stay alert and engaged
    Putting the lawful access bill up at the same time as they are debating C-11 makes me wonder if they think two bitter spoonfuls will taste no worse than one. Get the fuming over with and carry on.

    I hope the current atmosphere of awareness continues to increase as these bills are put forward. One might think it is too late but as evidenced by events further south, the public voice actually does seem to have some power today after all.

  8. Curmudgeon
    All this concern about privacy in this new legislation is overblown. Somehow, without this new legislation, someone was able to monotor enough tweets and such so that a Quebec man of the Muslim faith was detained, his house searched and his wife browbeaten with statements that her husband was a terrorist to try and make her cough up more evidence of his nefarious activities when the only thing they had to go on was a rah-rah comment about blowing up the competition he made to his sales team before going to a trade show.

    What a world we live in where any statement can be taken out of context to create a situation that makes plain citizens doing nothing wrong out to be criminals.

  9. Ready Freddy says:

    If only Michael Geist had any actual experience in lawful access [sorry Michael a couple of years as an actual prosecutor in this space might help, but cowering behind the shield of academia doesn’t get you any marks in this subject. You certainly dont know anything special that others do not so please drop the pretense of being somehow better informed than others]. It’s one thing to sit there and snipe, mislead and smear from the sidelines on behalf of all your like minded friends, quite another to have serious cases fall apart due to obstructionist corporate lawyers, outdated laws and ineffective investigative solutions. Those of this in “the business” of lawful access need this legislation, and needed it yesterday (aka several hundred unresolved cases ago.)
    So go ahead and write your media articles and organize your Facebook protests, the common sense of Canadians will prevail over the anarchy that you seem to blisfully ignore.

  10. @Crockett
    “I hope the current atmosphere of awareness continues to increase as these bills are put forward. One might think it is too late but as evidenced by events further south, the public voice actually does seem to have some power today after all.”

    We don’t have the culture for it. Most Canadians don’t know about either bill, and most of those who do, don’t care enough to do anything about it. It’s all too obvious to me that Harper, Moore, et al, are being controlled by their American taskmasters. Or perhaps it’s much more simple than that…perhaps the CRIA (They will never be MC to me)/RIAA/MPAA et al, simply gave them $h1tload of money to turn the blind eye. 100 years ago, they’d all be up for treason, for allowing foreign bodies to influence local government.

    I have absolutely zero faith our government will do what Canada wants and have already purchased space on a server in the Netherlands that I will be moving my web sites to. This includes my movie database, in which I generate a list of movies I own, with cover scans (Which could be considered copyright infringement, for the overly staunch), which I can look up on my phone. The sole purpose is so I don’t purchase duplicates. This includes some pictures of my kids which might have some copyright protected content in the background (TV shows, Movies, games, etc.). This stuff, I’m not willing to give up…so I’ll just move it off North American soil. The server in the Netherlands is infinitely faster and has more space anyway.

    If our government doesn’t want to protect us, I’ll simply take my business elsewhere, out of their jurisdiction…problem solved…at least for the time being. The Internet makes the decision that easy.

  11. @Ready Freddy
    And what are your qualifications?

    I live in rural Northern Canada and the ISP I use (And the ONLY high speed provider I have access to) only has a few thousand subscribers, if that. Now there is NO WAY with such a small subscriber base that they could afford to buy and monitor the incredibly expensive tracking hardware that will be required by “Lawful Access”. Their only option would likely to be to shut down, leaving me with dial-up as my only option for Internet access.

    So, are you, from your high horse, going to be donating to “the cause” so that small ISPs can afford to stay in business? I have my doubts!!

    Get the facts before you criticize!!! Not everyone lives in major centers with 12 ISP options!! MOST people should have concerns ANY time changes are made to access to private information. ESPECIALLY, when there is a great deal of real concern that this could be paired with C-11 and we’ll start seeing baseless “John Doe” copyright lawsuits here in Canada on the basis if IP address information alone.

  12. @Ready Freddy
    So Freddy, why do you need the ability to monitor people on the Internet without need to get a warrant first? While I’m not happy about the ISP portion (I would hope that the government would help fun that, but I doubt it which would force many smaller ISPs to close) it’s the fact that it can be done without a warrant that worries me more than anything else. I’m all for catching the bad guy, but not at the expense of my freedom and privacy.

  13. Ms. Nanny Cliche says:

    Protecting the children
    This is not about the children. The government doesn’t care about children, this is about wide-scale profiling and surveilling of the public. Like the fences and big production at the G20, this is about intimidation and ensuring the populace doesn’t get out of line. It’s about protecting corporate interests and their own pocketbooks. A follow up to the recent agreement with the surveillance state to the south, we will now have our privacy stripped so our policies can be harmonious with America. By allowing warrantless surveillance of your internet activity, your CIA/CSIS profile can be completed, in case you haven’t already handed all your data over to Facebook. And then your activities can be monitored for known terrorist patterns, so they can declare you guilty of things like seed-selling and ship you off to prison in another country.

    The pedophiles will continue using Tor. This is about making normal people think twice before thinking for themselves. The commenter above who believes he is working for the good side is only fooling himself, he is a cog in a gigantic machine which sees pedophilia as a gift from god. Really, how else would they shove legislation like this down our throats?


  14. Ki said:
    “(I would hope that the government would help fun that, but I doubt it which would force many smaller ISPs to close)”

    Even if they “do” help, it will be in the form of a tax increase, so we’ll ultimately be paying the government to spy on us and those in cities will be subsidizing rural Internet. Like Nanny Cliche says It has nothing to do with pedophiles, that’s just a convenient ruse because it looks bad for anyone who opposes it then. Those smart enough to not get caught now, will still be using TOR or i2p or dark-nets or something similar to hide their tracks. None of this will be trackable through Lawful Access. Those caught “as a result” of lawful access were careless and would have been easily caught otherwise.

    The fact that they’re relying so heavily on the pedophile thing suggests they have no other real proof of the justification. The pedophile card is nothing more than a red herring. GOD I wish federal laws went to a public vote.

  15. It’s all about fishing
    They need to be able to fish for new “criminals” in order to fill their super-prisons so they can “prove” the new laws, mandatory sentences, etc. were necessary.

  16. John Wunderlich says:

    PrivacyCDN
    Michael;

    Thanks for this ‘reference’ posting. It’s a great resource!

  17. Simple Solution: Carrier Pigeon
    Now what’s our contingency plan when the H5N1 virus jumps?

  18. I thought all of this was science fiction and a scary one at that but the more I read about it it does look like Canada becoming an Orwellian state is being proven as fact. Scary times we are living in and yes, most Canadians are too busy wondering how to make ends meet while this is all taking place right under our noses.

  19. Response from Lisa Raitt’s office
    Thank you so much for taking the time to pass on your concerns on lawful access legislation to us.

    Our Government is strongly committed to ensuring that Canadians’ rights under the Canadian Charter of Rights and Freedoms are respected.

    The new lawful access tools proposed in our legislation will not derogate from existing safeguards and privacy protections. The need to respect a person’s reasonable expectation of privacy, as protected under the Charter, always guides law reform.

    In addition, such authority will continue to be exercised bearing in mind privacy rights under other legislation, such as the Privacy Act and the Personal Information Protection and Electronic Documents Act.

    Police will still be required to obtain judicial authorizations in order to obtain information under our legislation. None of the lawful access tools in this legislation will reduce existing privacy safeguards such as warrants, court orders, and other judicial authorizations.

    Law enforcement agencies cannot intercept private communications or obtain transmission data without being authorized to do so by law. The investigative tools created in this legislation preserve existing safeguards, such as requirements for warrants, court authorizations or other lawful authority to target specified communications. These investigative tools are time-limited, and nothing put forward in the proposed legislation would reduce the existing safeguards. Notably, the legislation will also enhance privacy protections in the current tracking warrant provisions.

    As the Minister of Public Safety said today in Question Period, “Outrageous claims that private communications will be intercepted with a warrant is complete fabrication…This legislation would not allow access to private communications without a warrant. That being said, our message is clear. If someone uses technology to commit crimes, such as distributing child pornography, the police will apprehend the individual and he or she will be punished to the full extent of the law.”

    We have forwarded your comments to our policy and research department. Should they need any further information or have any questions, they will follow up with you shortly.

    Once again, thanks for taking the time to send this to us. Should you have any further questions, comments or suggestions in the future, please don’t hesitate to contact us.

    Respectfully yours,

    —-
    Office of The Honourable Lisa Raitt, PC, MP
    Member of Parliament for Halton | Minister of Labour
    613.996.7046 | lisa.raitt@parl.gc.ca

    ————————————————————

    So from her perspective everything is great and everyone who doesn’t think so is lying. And they have a majority and can do what ever they want. Nice, great.

    The most great thing is that no matter how ‘tough on crime’ she wants to be she will never be held accountable for her lies.

  20. Well done…
    Thank you for pulling all this information into one place. This proposed legislation is even worse than the similar bill currently going through the process in the States. (H.R. 1981.)

    Hopefully you guys will manage to quash this thing.

  21. Trojan horse?
    In these modern times where criminality is decreasing doesn’t make any sense in increasing any form of crime control. All this draconian and expensive lawful access business do not havy any rationale. That is way I do question the integrity of law enforcement.

  22. And strangley enough, so is this comic
    http://www.explosm.net/comics/1391/

    … at least if they try prohibition on the internet once they analyze the data from this law.

  23. Thank you
    Just a quick note to express my gratitude for the work you and other Canadian freedom fighters do on the behalf of all Canadians. Keep up the excellent work!


  24. @Brandon
    Too bad there’s very few of us to even get heard and to stop any of these crap bills from being passed. : (

  25. Stevey Harper says:

    PM
    @Ms. Nanny Cliche…….you are spot on

  26. If you’re not doing anything wrong, then get a warrant.
    If a serious crime is suspected, get a warrant. What is wrong with that?

    Anon-K said it best: “If the reason the police want warrant-less access is because of how long it can take to get a warrant, then THAT is the problem that needs to be addressed rather than eliminating the check and balance step.”

    I’ve often heard “If you’ve got nothing to hide, then you don’t have anything to worry about.” How about applying something similar here for the police? “If you’re not doing anything wrong, then get a warrant.”

  27. Does the government seem somewhat inconsistent on its crime and privacy policies?
    They are very consistent – the determining criteria of what proposals etc. they support/create vs. turn down/scrap is whether or not big business will get more profits out of it.

  28. A Dangerous Position
    “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

    -Benjamin Franklin

  29. Friends, speaking as a semi-retired U. S. law enforcement officer, currently a civiliam member in an investigative support capacity, I would observe that there are some degrees of power and authority with which I would not trust myself, let alone anyone else.

    I had hoped that Canada would not try to race the United States to the bottom on individual liberty, yet it appears that your MPs in Ottawa are aping our Congresscritters in DC. It’s your country, so run it how you wish, but I urge you not to repeat our mistakes…

  30. So?
    All the ISPs should form a cartel and charge an arbitray, identical, itemised fee per month per customer. Ideally personlise the bills. “Government mandated privacy deprivation fee, endorsed by your representative John Smith (party name). He is paid $x,xxx,xxx per year”.

    Stick it to the Man.

  31. 509 Bandwidth Limit Exceeded
    The link “http://www.realprivacy.ca/write-my-mp” to allow me “to send a message to your MP” is not working.

    It says:
    “509 Bandwidth Limit Exceeded
    The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.”

    I guess a few people are passing along their thoughts.

  32. “Lawful access” comes from the mindset of those who believe all citizens are potential criminals and must be monitored by government agents in order to preempt their criminal drive, while all government agents are virtuous and thus can be trusted to never ever abuse their power and thus secrecy is a no issue.

    In truth, the opposite is desirable, it is the citizens who seriously need to monitor their government, and we really to be very concerned by this current government’s drive to become less accountable to the population while at the same time to demand that the population be more accountable to the government.

    The future looks seriously bleak with more Harper years ahead.

  33. Aaron Sheldon says:

    Mathematician
    To implement this legislation will require mandating man in the middle attacks on all backbone infrastructure in Canada. Effectively the public key exchange handshakes will be spoofed with surveillance keys. As long as this is done at the trunk level even certificate authorities and signing authenticators can be spoofed.

    In the short term this will break a lot of server maintainence the occurs through SSH, because the server certificates and public keys will be invalidated. The only servers that will be unaffected will be ones where the public key exchange was done a priori, and are configured to do encrypted initial handshakes with know hosts.

    In the mid-term this will result in an arms race between the open source encryption community and the surveillane community.

    In the long term this will result in the development of secondary physical channels of communication.

    This legislation, because it requires evesdroppping on all channels would give the goverment access to everything: our health records, our banking records, cloud applications, industrial and technical records, you name it. The legislation would give them to power to intercept every piece of secured traffic, with or without backdoors.

    God help us if any other nation or group figures out how to hack into these surveillance systems.

  34. concerned person
    Now we are all ‘guilty of something’ including our children, now that most records are on line, how do you feel about having your records including tax & health banking information scrutinized for no good reason except a certain law official may feel you are guilty of something – those that are exempt from this scrutiny will be all government officials – that thin blue line etc. Anyone who disagrees with them will be on the ‘side of the pedaphiles’……. what about the pedaphiles in government office etc?

  35. Citizen
    Well stated poster girl. Todays Toronto newspaper contains an appropriate article about a Toronto top cop in charge of their ride program was sent home for reeking of booze. 2 things to note here. Only cops can afford booze in Ontario and secondly he’s working with less than 100% of his brain function and is armed to boot. We are expected to believe law enforcement will not abuse their duties and break public trust? As the Tech world grows so do the enforcement break downs follow.

  36. What if the Supreme Court strikes down this proposed law?
    If the Supreme Court strikes down the proposed law, every person accused of child porn or terrorism will have his/her charges/convictions overturned. Those individuals may end up suing the Canadian government for Charter of Rights violations.

  37. Citizen
    SD, are you not getting a little ahead of yourself? The law has not yet been changed so no-one has yet been charged. Read what postergirl wrote then stop and think if you really want our cops to have this kind of power over our privacy in their untrustworthy hands? I think NOT!

  38. Concerned Canadian
    I don’t think that most Canadians want a police state where the police have the power to access private information without a court order. This would be too open to abuse.

  39. Bill C-30,lawfull access
    Thank you Mr Geist for alerting us.
    Look at how the police have made a mess of “use of force”.But more importantly where is the oversight?

  40. How it could be used?
    Rather than survalince of individuals could this not be useful/restricted to recording repeated visitors to Child Porn or other “illegal” sites and creating a data base that would then require a warrant to further investigate individual cases?

  41. Mr.
    This is total lunacy; a sign of being drunk with power, the absence of sincerity, and the luck of fortitude to guard the constitution of Canada. The minister should know that when one has to resort to such a tactic; “you are either with us or the pedophiles”, that you have just sunk too low and you do not deserve the office you hold. NO, NO, NO and NO Mr. Minister you cannot coerce the citizenry in this manner. Withdraw the bill NOW!

  42. FeistyCanuck says:

    What EXACTLY is to be logged for lawfull access
    This is in regards to prong 1/2.

    What exactly is being asked to be logged here on an ongoing basis for a regular Joe that is not currently under any suspicion and prior to any request?

    Is it simply his electronic address type info?
    OR
    Is the ISP obliged to now log all connections, web sites visited, information posted to web sites (like credit card info and bank password hashes.. anything you enter into a form).

    The former strips away anonymity, the latter… whoa… would create a security nightmare for the ISP.

  43. Citizen
    I do believe Minister Toews owes ALL Canadians a genuine apology for his contemptable remark about “you’re with us or the pedophiles”. What we are for Minister, is protection against abuse upon us innocents from your so-called law enforcement agencies. Did they not recently arrest one of our enforcers for producing child porn? Apologise or seek new employment preferabley outside of law making. You’ve lost your sense of lawfull fair judgementand reasonableness. Punish the damn criminals and don’t be spying on the rest of us.

  44. @FeistyCanuck
    “Is it simply his electronic address type info?
    OR
    Is the ISP obliged to now log all connections, web sites visited, information posted to web sites (like credit card info and bank password hashes.. anything you enter into a form).”

    It gives them the power to force ISPs to install hardware that will intercept and track ALL your internet traffic in real time, which means normal encryption will be broken from the get-go since it will have to be circumvented in order to track in real time. It will be an identity thief’s heaven. They will be profiling user activity and categorizing people, which, I believe, is illegal under current privacy law. This is all without cause, court oversight or a warrant. There was a big stink a few years back about companies tracking your activity and tailoring ads based on your activity. It was deemed an invasion of privacy and illegal. They still do it. They’ve just moved operations to a “more friendly” country, so it’s out of Canadian jurisdiction.

  45. I find it interesting that in every article I have come across concerning this new law from newspapers to blogs…A member of the cons has posted trying to explain themselves… Seems to me they are already monitering the internet!

    All hail King Harper (gotta keep my buty covered)

  46. Blind Faith
    We should trust those in authority because they know what’s best for us. Nothing bad will happen to our data. Sure, they will be monitoring the children who use the internet and cellphones, too, but that is for their own good.

    http://www.lfpress.com/news/london/2010/06/22/14474911.html
    http://www.genzel.ca/?tag=child-porn
    http://www.thestar.com/news/canada/article/963615–child-porn-found-on-russell-williams-computer-but-no-charges-laid-book

  47. It literally BLOWS MY MIND that the government has the gall to create a series of bills like this, then EXPECT US TO PAY FOR IT.

    That’s like having a cop walk up to your door, walk right in without knocking, look at everything you own to make sure you don’t have one little bit of illegal anything, and then having the homeowner pay them on the way out.

    Meanwhile tuition is sky high, joblessness is high, taxes are ridiculously high, healthcare needs fixing…

    I support the IDEAS behind these bills, but they way they’re implemented is insane.

  48. Vic Toews
    If there is any doubt!

  49. Online security
    hi Mike,

    Wonder if you have seen this clip from TED.

    http://www.zdnet.com/blog/security/ted-video-three-types-of-online-attacks/10144?tag=nl.e550

    Thanks

  50. Winnipeg Blue Bombers
    After the implementation of “Homeland Security” following 9/11/01 my yahoo.ca e-mail account was “monitored” for quite sometime after I sent an e-mail contain the word “Bombers” (as in the Winnipeg Blue Bombers football team)… So if you think you aren’t already having your e-mail, facebook, etc., etc., etc. “monitored” for no good reason, you’re wrong… BUT, with Bill c30 the “Feds” (aka CPC) can do some real election manipulation come next election, and THAT my friends is what bill c30 is really all about…

  51. background verification says:

    background verification
    Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me.