Text: Small Text  Normal Text  Large Text  Larger Text

    Blog Archive

    PrevPrevApril 2014NextNext
    SMTWTFS
      12345
    6789101112
    13141516171819
    20212223242526
    27282930

    How to Fix Canada's Online Surveillance Bill: A 12 Step To-Do List

    PDF  | Print |  E-mail
    Friday February 24, 2012
    Over the past ten days, I've been asked repeatedly what should be done to fix Bill C-30, the online surveillance bill. While the bill will require considerable study, below I've posted 12 amendments or undertakings that are needed to begin to address the massive public concern with the legislation. Given recent events, many understandably believe the bill is beyond repair and should be scrapped. However, assuming the government sticks with it and send the bill to committee with a mandate to consider a wide range of reforms and submissions, I'd start with the following non-comprehensive to-do list:
    1. Evidence, Evidence, Evidence
    2. No Mandatory Warrantless Access to Subscriber Information
    3. Reporting Warrantless Disclosure of Subscriber Information
    4. Remove the Disclosure Gag Order
    5. "Voluntary" Warrantless Data Preservation and Production
    6. Government Installation of Surveillance Equipment
    7. Reconsider the Internet Provider Regulatory Framework
    8. Improve Lawful Access Oversight
    9. Limit the Law to Serious Crimes
    10. Come Clean on Costs
    11. The Missing Regulations
    12. Deal With The Failure of Privacy Laws To Keep Pace
    Details on each follows:

    1.    Evidence, Evidence, Evidence

    The starting point for discussion on C-30 should not be the problem of child pornography or online crime. The starting point must be to shift the onus to law enforcement to provide compelling evidence that its current investigative powers are insufficient (that is not the same as saying access to subscriber data is valuable). Despite ten years of debate on lawful access, law enforcement has yet to make that case. In 2002, the Public Interest Advocacy Centre wrote on lawful access:

    Having reviewed the Consultation Document, and participated in a day-long consultation with government officials, it is PIAC's view that the Government's proposals for greater lawful access to private communications have not been demonstrably justified, according to the test articulated by both the Supreme Court of Canada and the Privacy Commissioner of Canada.

    After the Liberals introduced their lawful access bill in 2005, I wrote:

    Yet again, the government has failed to make the case that this is necessary.  While they note that convictions are more likely with lawful access information and that this bill , there is no evidence provided that the current system has somehow led to botched investigations or failed prosecutions.

    Last year, Canadian Privacy Commissioner Jennifer Stoddart wrote:

    Despite repeated calls, no systematic case has yet been made to justify the extent of the new investigative capabilities that would have been created by the bills. Canadian authorities have yet to provide the public with evidence to suggest that CSIS or Canadian police cannot perform their duties under the current regime. One-off cases and isolated incidents should not prove the rule, nor should exigent or emergency circumstances, for which there are already Criminal Code provisions.

    A few months ago, Open Media uncovered documents that indicate even the police forces admit they have not made a compelling case on the need for lawful access. Ten years of debate and there is still insufficient evidence to support lawful access. Given the lack of evidence, some have argued Bill C-30 is a solution in search of a problem. The reality is we don't know. Step one is to provide Canadians with a strong, compelling case that there is a problem with the current law that needs to be addressed. If law enforcement and the government are unable to do so, the bill should be scrapped.

    2.   No Mandatory Warrantless Access to Subscriber Information

    The biggest concern to date is the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so.  The new system would require the disclosure of customer name, address, phone number, email and Internet protocol addresses.

    This strikes at a bedrock principle of privacy law and is rightly opposed by the privacy and civil society community. Yet in talking with law enforcement, it is clear what they want is timely, guaranteed access in appropriate circumstances. They argue the current warrant system does not meet this standard nor do the current privacy rules. I have argued that a new warrant specific to subscriber information could be developed. Such a warrant could offer rapid authorization and lower costs. For law enforcement, it would provide the access they want, while for privacy advocates it would maintain the oversight principle.

    3.   Reporting Warrantless Disclosure of Subscriber Information

    With ISPs and telcos providing subscriber data without a warrant nearly 95 percent of the time, there is a huge information disclosure issue with no reporting and no oversight. This is a major issue on its own, particularly since it is not clear whether these figures also include requests from Internet companies like Google and social media sites such as Facebook and Twitter. The RCMP alone made over 28,000 requests for customer name and address information in 2010. These requests go unreported - subscribers don't know their information has been disclosed and the ISPs and telecom companies aren't talking either.

    Bill C-30 would add new reporting requirements to these disclosures, which should allow for insights into what ISPs and police are doing with subscriber information. In order to make this reform effective, however, the legislation should expressly prevent police from bypassing the reporting regime by continuing to voluntarily collecting some of this information. The new system should ensure that all ISP and telco disclosures of subscriber information are logged and reported.

    4.   Remove the Disclosure Gag Order

    David Fraser has notedthat Section 23 of Bill C-30 imposes a gag order on Internet providers who would be prohibited from disclosing disclosures of subscriber information to affected subscribers. This provision, which is essentially hidden through the complexities of legislative drafting, should be removed from the bill or at least reformed to allow disclosure after an appropriate period of time.

    5.   "Voluntary" Warrantless Data Preservation and Production

    Bill C-30 that creates a voluntary warrantless system that would allow police to ask for the content of emails or web surfing habits and allow ISPs to comply with the request without fear of liability. Section 487.0195 states the following:

    (1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.

    (2) A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so.

    This provision opens the door to police approaching ISPs and asking them to retain data on specified subscribers or to disclose any subscriber information - including emails or web surfing activities - without a warrant. ISPs can refuse, but this provision is designed to remove any legal concerns the ISP might have in doing so, since it grants full criminal and civil immunity for the disclosures.

    While many would hope that ISPs would not disclose personal information without a warrant, revelations that they already provide customer name and address information about 95 percent of the time suggests that police have little to lose in asking for more detailed data preservation and disclosure. Bill C-30 increases the likelihood of "voluntary" warrantless disclosures, creating a legal framework that makes it easy and risk-free from a provider perspective. The immunity should at least be subject to a reasonableness standard so that there are some limits on these disclosures.

    6.   Government Installation of Surveillance Equipment

    While the bill includes some detail on surveillance capability requirements, perhaps the most dangerous provision is Section 14, which gives the government a stunning array of powers:
    • to order an ISP or telecom provider to install surveillance capabilities "in a manner and within a time" specified by the government
    • to order an ISP or telecom provider to install additional equipment to allow for more simultaneous interceptions than is otherwise specified in the law (the government sets a maximum and then can simply ignore its own guidelines)
    • to order an ISP or telecom provider to comply with additional confidentiality requirements not otherwise specified in the law
    • to order an ISP or telecom provider to meet additional operational requirements not otherwise specified in the law
    Given these powers, Section 14 essentially gives the government the power to override the limits and guidelines it establishes in the bill (it must pay the provider an amount the government decides is reasonable for doing so). If that wasn't enough, Section 14(4) goes even further. It provides:

    The Minister may provide the telecommunications service provider with any equipment or other thing that the Minister considers the service provider needs to comply with an order made under this section.

    This gives the government the power to decide what specific surveillance equipment must be installed on private ISP and telecom networks by allowing it to simply take over the ISP or telecom network and install its own equipment. This is no small thing: it literally means that law enforcement has the power to ultimately determine not only surveillance capabilities but the surveillance equipment itself.  Section 14 requires significant reform as 14(4) should be removed and provisions that give the government the right to circumvent limitations in the law should be dropped.

    7.   Reconsider the Internet Provider Regulatory Framework

    Bill C-30 requires Internet providers to dramatically re-work their networks to allow for real-time surveillance. The bill sets out detailed capability requirements that will eventually apply to all Canadian Internet providers. These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.

    Moreover, the bill establishes a comprehensive regulatory structure for Internet providers that would mandate their assistance with testing their surveillance capabilities and disclosing the names of all employees who may be involved in interceptions (and who may then be subject to RCMP background checks). 

    The bill also establishes numerous reporting requirements including mandating that all Internet providers disclose their technical surveillance capabilities within six months of the law taking effect.  Follow-up reports are also required when providers acquire new technical capabilities.

    If all of this wasn't enough, the bill also envisions broad enforcement powers to ensure that Internet providers comply with the law. Section 34 has attracted considerable attention since it grants seemingly unlimited inspection powers that allow for entry into "any place owned by, or under the control of, any telecommunications service provider in which the inspector has reasonable grounds to believe there is any document, information, transmission apparatus, telecommunications facility or any other thing to which this Act applies."

    It is hard to see how such powers are justifiable under the current law. A re-examination of Intenet provider requirements and enforcement is desperately needed.

    8.   Improve Lawful Access Oversight

    Bill C-30 includes several oversight mechanisms that will allow for audits and other reporting by the Privacy Commissioner of Canada. For example, Section 20(4) gives the Privacy Commissioner the power to conduct an audit of the RCMP and the Commissioner of Competition to see how mandatory disclosure of personal information powers are being used. While this is a good start, there are questions about the necessary resources to conduct audits and engage in oversight (similar questions arise within the context of provincial reviews).

    In addition to the role of privacy commissioners, the government should follow the longstanding advice of Ontario Privacy Commissioner Ann Cavoukian by establishing an independent agency devoted to surveillance oversight. In her 2005 submission on lawful access, Cavoukian recommended:

    we call for the creation of an independent, arm’s-length Surveillance and Access Review Agency (SARA) mandated to supervise access to this highly sensitive personal information and report annually to Parliament on the propriety of the operations of the regime. The Commissioner of such an agency should be an independent Officer of Parliament nominated by an all-party committee of the House of Commons and appointed by the Governor-in-Council with sufficient security of tenure to ensure independence and sufficient powers and resources to carry out the mandate of the Office and ensure the desired transparency and accountability.

    The suggestion is a good one - lawful access requires effective oversight and the plan in Bill C-30 is unsufficient.

    9.   Limit the Law to Serious Crimes

    Public Safety Minister Vic Toews introduced Bill C-30 by focusing on child pornography and other dangerous crimes. Yet the law as drafted applies far more broadly. On the issue of warrantless access to subscriber information, a Public Safety document released under the Access to Information Act demonstrates that the intention is to use this data for purposes that do not involve criminal or child pornography concerns. For example, it notes that warrants would be problematic for "non-criminal, general policing duties" such as returning stolen property.
    Further, even the Competition Bureau is entitled to demand disclosure of subscriber information without a warrant. If the government is serious about using lawful access to combat serious crime, it should circumscribe the law by limiting its application to serious crimes and limits its use to law enforcement officials dealing with serious criminal matters.

    10.    Come Clean on Costs

    Evidence is not the only thing that has been missing despite ten years of debate. The cost of lawful access remains a mystery, notwithstanding recent reports of $80 million over the next four years. That seems like a huge understatement as the initiative is likely to cost hundreds of millions of dollars as Internet and telecom providers are forced to invest in surveillance technologies and face significant new regulatory costs. Moreover, law enforcement is also going to see its costs increase as ISPs can seek compensation for their assistance. Smaller ISPs have already expressed concern that the additional costs may force them out of business.  If that happens, the decline in competition could see monthly consumer costs rise as well.

    Years ago, the government tried to argue that lawful access would reduce costs. The myths document for the 2005 bill (Public Safety relies heavily on claiming that criticisms are just myths) stated the following:

    Myth: In the end, Canadians, either as a taxpayer or as a consumer, will bear the burden of additional costs to industry.

    Reality: MITA will actually reduce the overall cost to taxpayers or consumers. Currently the Government of Canada budgets for the development of interception capabilities for existing technologies. The costs would be reduced over the long run by putting in place clear requirements for lawful interception that can be factored in during the design stage of new technologies. When lawful interception capabilities are provided for at the engineering stage of network design, the costs are a fraction of that of a retrofit of existing equipment.MITA will further minimize the financial impact on industry and consumers by allowing service providers to meet the requirements of the legislation in the most cost-effective way.

    Claiming that lawful access will actually reduce costs was so implausible that the government has dropped the argument. While the claim may have disappeared, the costs have not. Before proceeding with the legislation, Canadians are entitled to a detailed, independent regulatory impact assessment that provides a realistic analysis of the costs created by Bill C-30 for both implementation of surveillance technologies, operational costs, and resources needed for oversight.

    11.    The Missing Regulations

    Bill C-30 may be more than 100 pages, but Section 64 makes it clear it is only part of the online surveillance story. Section 64 gives the Governor in Council (ie. cabinet) the power to make regulations related to the implementation of the bill and it is as broad as it comes. For example, the bill requires Internet providers to have the ability to engage in multiple simultaneous interceptions but a wide range of questions - minimum and maximum simultaneous interceptions, how interception requests are made, maximum number of agencies making requests, etc. are all left to future regulations. Bill C-30 doesn't even specify what communications must be interception-capable. Section 7 identifies a series of requirements (enable the interception of communications, isolate the communication, etc.) associated with this requirement. But what is a "communication" for these purposes? That is left to the unspecified regulations.

    The mandatory disclosure of subscriber information without a warrant has been the hot button issue in Bill C-30, yet it too is subject to unknown regulations. These regulations include the time or deadline for providing the subscriber information (Bill C-30 does not set a time limit) and "prescribing any confidentiality or security measures with which the telecommunications service provider must comply."

    These are just some of the uncertainties. Section 64, which identifies the issues subject to future regulations by the Governor-in-Council cover almost every major substantive issue in the bill. In case the government has forgotten something, there is a catch-all regulatory power "generally, for carrying out the purposes and provisions of this Act." In other words, cabinet gets to fill in the many blanks of this law without a House of Commons review or vote. Given the importance of this legislation, the public should see the regulations before the bill is passed. To do otherwise is to enact a lawful access system without knowing dozens of associated rules and regulations.

    12.    Deal With The Failure of Privacy Laws To Keep Pace

    The government emphasized the need to update the law in order to keep pace with technology and the Internet. Yet the same problems exist on the privacy side where laws have failed to keep pace with new realities. For example, the Privacy Act, the public sector privacy law, has not been updated for decades, despite repeated efforts by every federal privacy commissioner to put the issue on the legislative agenda. Bill C-12, which implements 2006 recommended reforms to PIPEDA, the private sector privacy law, is languishing in the House of Commons with no movement whatsoever. In fact, it has taken so long to move on the bill that many of its provisions on mandatory security breach disclosure rules (the flip side of mandatory subscriber disclosure) are already outdated and insufficient.  Throw in the missing anti-spam regulations (which is keeping the anti-spam law from taking effect) and the delayed 2011 statutory review of PIPEDA and it becomes clear that there is much work to be done on the privacy side.  Given the close correlation between privacy and security, the government should commit to moving forward with privacy reforms in conjunction with lawful access.
    Comments (37)add comment

    Anonymous Coward said:

    Comment on #12, Privacy
    One of the arguments that is made in favour of C-30 is that we have no privacy anyhow, so what's the worry? That ignores the real problem: that privacy is badly broken on the net. I am sure that support for fixing it would gain wide support.
    February 24, 2012

    Gregg said:

    *conservative mentality*


    Whuuuuut? Common sense? What, you been readin' them wurdz again, boy?

    *gets strap*




    Frankly, can't really blame them for 100% of the problem - the dumbass voters that put them in are the majority of the problem.
    February 24, 2012

    Hooray for Hollywood said:

    ...
    "Serious crime" must obviously include file sharing, TPM circumvention, and conspiracy to sell fake purses. Canada is a well known haven for piracy and counterfeiting, as the USTR has conclusively proven year after year.

    And we all know that IP theft leads straight to child porn and terrorism. Not to mention that people could be seriously injured by fake eye liner!

    And it's a good thing you are building all those new jails for all of those thieves and pirates in your midst. Those jails should be filled to capacity ASAP!
    February 24, 2012

    pat donovan said:

    cheaper by the dozen
    Like banking CEO's and the CEO of blackberry... AND the muzzled tech-types in NRC (AND the FUD as news services, monsanto, etc)

    encryption, sat services (illegal phones with sec mechs), and sterilzation of data is the only way to go.

    My data is for sale. Will fink-world monetize (vengeance, money, power) by offering rewards/ % of e-crime?

    c-30 will be the BIGGEST black-mail machine ever invented. With spoofed addressing, planted evidence and and granfathered crime to taste.

    There will be no recovery till the corporate cyber-wars need it.

    packrat
    February 24, 2012

    Anonymous Forever said:

    Or we could implement this ONE STEP solution for both C-30 AND C-11
    Step One: Use TOR from torproject.org as a client and, where possible, as an exit node.
    It's easy. Plus you get to defeat fascism.
    February 24, 2012

    Jason K said:

    Cost Analysis Questions For Committee on C-30
    I've drawn up some important questions I would ask as a Systems Analyst in search of a cost effective approach:

    http://jasonkoblovsky.blogspot.com/2012/02/cost-analysis-questions-for-committee.html
    February 24, 2012

    Crockett said:

    ...
    I don't think any sensible person would want to impair an investigation against serious crime on the internet, especially child pornography! In that light, I can sympathize with the police societies wanting this legislation.

    What must take place though is an open dialogue with all the affected parties. Wrapping this problem in a poorly designed bandage will will not stop the pain these crimes cause.

    There are likely two types of internet predators out there, the computer savvy and the, how should we put it ... clueless. The tools and laws we have in place now are sufficient to catch the latter if there are some much needed efficiencies and resources put into improving the obtaining a warrant process.

    To catch the ones who hide their tracks will prove to be much more problematic. The tracking systems the government wants to install is useless if the traffic is encrypted through TOR or other means. The more spying technology that is implemented will just mean some malcontent will design a way to bypass it. The only real way to catch these monsters is through social engineering, old fashioned police work.

    In the meantime we are paying all the costs to have our own non-criminal activities logged and preserved, possibly for some hacker to discover. The US & UK governments have tried to implement similar measures in the past and have found them to be little successful and highly invasive to law abiding citizens. Why repeat their mistakes?

    Let's just pause for a moment and think this all through. I am not against laws and systems to keep our children and society safer, but lets design a comprehensive system (not just a technological band-aid) that includes proper laws, technology and police procedures.
    February 24, 2012

    Eric L. said:

    RE: Crockett
    "I am not against laws and systems to keep our children and society safer"

    But this bill is not close at all to being a bill about that. By all means, I think everybody is not against children and society safer laws, but let's not confuse the issue by suggesting that C30 is one of them (even a bad one). C30 does not deserve that much.
    February 24, 2012

    IamME said:

    Why repeat their mistakes?
    ROTFL!!! Why? Because the Americans are so narcissistic and Harper such a pro-American lackey, that they can't possibly have little 'ol Canada do something better than them. Our conservatives are trying to ram-rod through this legislation while at the same time the Americans are implementing laws to strengthen American consumer privacy and allowing them to opt out of tracking.

    http://www.washingtonpost.com/business/technology/obama-steps-up-fight-for-online-consumer-protection-with-privacy-bill-of-rights/2012/02/23/gIQAT2z1XR_story.html
    February 24, 2012

    Giordano Bruno said:

    Coincidences
    Meanwhile at the same time of C-30...

    In the US: How Internet Companies Would Be Forced to Spy on You Under H.R.
    1981 http://t.co/EieqFvu0

    In the UK: Government spy programme will monitor every phone call, text and email... and details will be kept for up to a year
    http://t.co/bnM8MMim
    February 24, 2012

    Irving said:

    Easy fix for this
    Instead of requiring a judge to issue a surveillance warrant, require the agreement of three separate judges. Problem solved.
    February 24, 2012

    end user said:

    ...
    What's really funny here is if these children are going online to places where the "predators" are, where are the parents? All this happens in the home its not like these kids are sneaking out and walking the back alleys of Vancouver or sneaking out to go to the local internet cafe to talk to strangers.

    The kids probably have much higher chance of getting ran over and killed by a car while walking to school then being lured out of the house by someone. Should be be posting a police officer at every corner from 7am-8:30am and 2:30-3pm?

    I'd rather take the chance of online predators than being spied on all the time without the need for warrants and gag orders.

    Why does the gov need a gag order if they have nothing to hide.
    February 24, 2012

    Context said:

    Context is Everything
    To put Bill C-30 in context, here's what's in the news:

    http://www.thestar.com/news/canada/politics/article/1135548--peter-mackay-says-global-security-economics-require-closer-u-s-canada-military-co-operation?bn=1
    http://news.nationalpost.com/2012/02/24/peter-mackay-runs-from-questions-over-stupid-dirt-digging-on-liberal-critic/

    The first article seems to indicate pre-emptive strikes against what the powers in government perceive as threats to national security: "Domestic security issues begin internationally and it’s best to act before they happen, MacKay said." Presumed guilty and convicted without due process? It also points to information-sharing with foreign countries.

    The second article seems to infer that the Department of National Defence has been used by politicians for political objectives.

    Those two articles, in the context of Bill C-30, should be enough to convince anyone that Bill C-30 is a threat to democracy.
    February 24, 2012

    Norm said:

    @end user
    How dare you question the need for more police power when the crime rate is the lowest it's been in 40 years (and 40 years ago, a lot more was "legal").

    http://www.statcan.gc.ca/daily-quotidien/110721/dq110721b-eng.htm

    I couldn't find the rate of getting hit by a bus (you'd think that would be on the front page considering how often it comes up), but the rate for "child luring" over the Interent based on data from 2006-2007 is 3/100000.

    For comparison, the rate for "self-injury hospitalization" in Canada for 2009 was 65/100000 for both sexes and 75/
    100000 for females.

    ( http://www.cihi.ca/hirpt/?lang...lf_inflict )

    So it's much more likely your kid will cut him/herself out of angst than be exploited on the Internet.

    110% of a very small number, is still a small number.

    How dare you want control of your privacy.

    How dare you wonder if governments have enough control.

    How dare you wonder if we have our priorities straight.

    How.... Well, you get the point.
    February 24, 2012

    Norm said:

    stat
    the 3/100000 number is from this page:

    http://www.statcan.gc.ca/pub/85-002-x/2009001/article/10783-eng.htm
    February 24, 2012

    Crockett said:

    35% ?? ... must be the same % that voted the conservatives in :D
    @mario_canseco: "Half of Canadians (51%) want to see Bill C-30 defeated; 35% would pass it." ... http://t.co/nVfxbSxO

    February 24, 2012

    Chris G said:

    Engineer
    The intent of #6 was not clear until I read the full text. I think what people need to see is a short video showing the full capabilities of systems provided by suppliers such as SS8 and BlueCoat; they would really be shocked. Without pre-specification of the capabilities of the equipment in the Bill, one has to assume that the worst case is possible.
    February 25, 2012

    Context said:

    Phone Hacking
    Police fed information to Rebekkah Brooks in British phone hacking scandal:

    http://www.guardian.co.uk/media/2012/feb/25/rebekah-brooks-police-phone-hacking?newsfeed=true
    http://www.cbc.ca/news/world/story/2011/07/17/rupert-murdoch-phone-hacking-scandal.html

    Brooks admitted in 2003 to paying police for information. Bill C-30 opens the door for this sort of behavior in Canada.
    February 25, 2012

    Context said:

    Robocalls
    Granted, having easy access to the personal information of Canadians would sure make a robocall list easier to compile:

    http://bit.ly/xjZ9zH
    February 25, 2012

    Not a Crimnal said:

    How to chase criminals
    I have spoken to my relatives who work in different police agencies and they tell me that criminals are ever-increasingly resorting to NON-internet methods. For example, sending messages by courier and meeting in restaurants to plan deals. After all, criminals are not stupid. When phones began getting wiretapped in the past - criminals stopped using phones.... The same evolution will happen with the "patrolled" internet.

    The only criminals left to prosecute on the computer will be guys downloading music and watching porn.....
    February 25, 2012

    don't_tape_me_bro said:

    Principles, Mr Teows
    Mr. Teows, the problem lies with your proposed methods of going after perps of heinous crimes such as pedophilia.

    To enforce the law, police must gather evidence, but they should not break the law or break safeguards (such as the right to or expectation of privacy) in collecting evidence. Unless there is a dire need and some specific evidence, in which case a judge can be convinced to permit the police action.

    The question and issue here is the concept of the police "investigation". Certainly police are obligated to "investigate" crimes and reports of crimes, suspicions of crime etc. But keeping the above principle in mind, the investigation is limited to observing what can legally be observed. Police can't break the law in order to "investigate".

    If police are investigating shoplifting but have no evidence, they are free to investigate by observing me in public - at the store. Or they may even park on the street and observe my comings and goings. But not to enter my premises, tap my phone or email just because they are "investigating".

    Rebuild the law around the specific crime and the specific evidence. Police should find real evidence without relying on general surveillance. And when they do, a judge should grant them a warrant and more precise individual surveillance should be merited.

    Finally internet access of all forms could be considered an extension of my personal communications inside my home - private. The exception being those things I post or publish on the internet.
    February 25, 2012

    Doug Webb said:

    Recording all phone calls
    If the government tried to pass a law that says all phone calls made in Canada must be recorded and kept for X years, would people want that? Would you want every phone call you make to everyone to be recorded and kept in some corporate locker somewhere? I wouldn't. I don't engage in illegal activity but I still don't want my phone calls recorded. This legislation would do that, it would record every phone call you make. Phone calls all go on the internet now so every phone call you make will be recorded if this legislation goes through. If this legislation does go through I'll bet it will be conservatives it catches most often!
    February 25, 2012

    Norm said:

    So much for the digital economy
    Canada's privacy laws have been a real asset to IT businesses providing confidence to operators and users. I expect growth to slow just from this being on the table.
    February 25, 2012

    Context said:

    Top Secret Security Clearance For Five-Time Fraudster
    The former commissioner of the RCMP granted top secret security clearance to a five-time convicted fraudster who worked in the Prime Minister's Office:

    http://www.cbc.ca/news/politics/canadavotes2011/story/2011/04/05/cv-election-carson-rcmp.html#
    http://news.nationalpost.com/2011/04/07/what-the-the-bruce-carson-affair/

    This is the kind of person who might have access to your personal financial passwords and private phone calls under Bill C-30.
    February 25, 2012

    ENO said:

    Famous last words
    This is a legislative framework that has been adopted by many leading European countries. --Vic Toews

    We already know that in UK they are still debating and now in Germany...

    Germany's New Right to Online Privacy http://bit.ly/x62jDL

    A ruling against government surveillance of personal computers, delivered this week by a German court, has set a precedent: Computer users have the right to trust their IT equipment.
    February 26, 2012

    John said:

    retired ISP tech
    Thanks to Michael for showing the depths of C-30. Unfortunately we can not count on the MP's who will vote on it to read and understand his (or our) concerns.

    The signals intercepts have been going on for awhile . . . check out http://en.wikipedia.org/wiki/Echelon_(signals_intelligence) driven by that security agreement among Australia, Canada, New Zealand, U.K. and U.S.A.

    "Carnivore" (updated to Magic Lantern) was the FBI's contribution to sniffing email traffic. We might assume that type of monitoring continues and is not limited to the U.S.A. I found it somewhat ironic that the supposedly CIA funded "Safeweb" and "Triangle Boy" software used to be available for free to anyone who wished to try and make their communications anonymous to oppressive governments. They had China and others in mind but the software must have been too successful since it is no longer available. The term "anonymizer websites" on Google gets over half a million hits, so alternatives exist but I'm not sure I'd trust any of them.

    Michael is right about the downloaded costs to the ISP's . . . and then to us. I know by experience that a small number of low volume websites at a small ISP in the early 2000's generated 2 GB of text log files per month detailing every IP connection to each website and every get and put to/from that IP. That did not include any email storage, which was normally erased upon retrieval. Today's traffic is far greater and although costs of storage media have dropped, 2GB times a few hundred million times 12 is still a significant and costly requirement.
    February 26, 2012

    ENO said:

    sorry
    Sorry for the outdated link...
    I cannot find an english article on this topic yet. I read on the Italian news about the constitutional court in Germany stopping a law similar to C-30 and stating that personal information behind an IP address can only be obtain with a warrant.
    This is the link if you know Italian: http://bit.ly/xuNy7b
    .
    February 26, 2012

    Crockett said:

    ...
    #UBB
    #SOPA
    #PIPA
    #ACTA
    #C-30

    #Winning :D
    February 26, 2012

    Crockett said:

    ...
    Seriously ... while there is public momentum on curtailing the overreach of government & industry, the pressure cannot wane. They do not plan to give up and neither must we.
    February 26, 2012

    ENO said:

    UNCONSTITUTIONAL
    German constitutional court rules that the current regulations on delivering user data, passwords, pins as well as dynamic IPs to investigative authorities are a violation of informational self-determination and thereby unconstitutional.

    Here a link if you know German: http://bit.ly/xvtTK3
    .
    February 26, 2012

    skyspy247 said:

    Costs !!
    "The cost of lawful access remains a mystery, notwithstanding recent reports of $80 million over the next four years."

    They spent $1.4 Billion on the Long Gun Registry ... a simple, single purpose database.

    $80 Million over 4 years, how stupid do they think we are?

    February 26, 2012

    oldguy said:

    ...

    Hmmm.. This is quite a bit older, but perhaps apropos in the context of this bill:

    http://www.wired.com/wired/arc...nt_pr.html

    Think about it. We are fast reaching the decision point implied by the above..



    February 26, 2012

    Cheap Jordans Shoes said:

    http://www.cheapairjordansshoesale.org/
    Life, work, and study if it can automatic, the education of the convergence can certainly easier.
    February 27, 2012

    bernadette slosmanis said:

    Freedom
    Freedom, freedom, freedom.........
    April 19, 2012

    kasia yechimowicz said:

    ...
    The only thing to be done with the online surveillance bill is to scrap it. The people who wrote it (and it was not written by the government) should be in prison for interference in democracy, and as we all know the current federal government and the Corruption Party should all be in jail too. I'd like to see capital punishment return and Harper be the first person electrocuted. Enough is enough.
    April 19, 2012

    Ron Tog said:

    retired
    I am in favour of the police petrolling the inernet as they petrol our streets in an attempt to keep us safe. Petrolling looking for trouble doesn't make me uncomfortable.

    However, what I accept the idea the Police/media etc can "GO Public" with the information they gather on me without a Warrent: Some review of the evidence gathered by an authority that I can sue if I think my person/property has suffered unjustified damage.

    I define "privacy" in context. Here is an example of my guideline test for a privacy wiolation: When I apply for a mortgage the people in the bank gather cosiderable personal and financial information and share it with Branches of their organization. That's O.K. But, when I pull into the gas station to fill my car I don't want the pump attendant discussing my mortgage application with me. That's a violation of my privacy!
    April 21, 2012

    TK said:

    user land
    Hand's off our hard drives Harper!

    This is just an other tool the Conservatives can use to find out who doesn't support them.

    A warrant should be required for Police (and the politicians should not have access) to snoop our Internet activity. There is already plenty of open data to support an investigation without allowing the police to hack into our systems.

    I can just imagine how a divorced police officer could uses this new tool to find out information about there ex. or anyone else they don't like. Not even telephone conversations would be safe as many are transmitted through the Internet.
    No disrespect intended, but there may be a few bad apples, that is why the checks and balances and accountability are needed. We do not need to be living in a police state.
    May 10, 2012

    Write comment
    smaller | bigger

    busy
    Tags:
    ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterEmailPrintPDF
    Related Items: