Text: Small Text  Normal Text  Large Text  Larger Text
  • Blog
  • Lawful Access is Back: Controversial Bill Returns Under the Guise of Cyber-Bullying Legislation

Blog Archive

PrevPrevApril 2014NextNext
SMTWTFS
  12345
6789101112
13141516171819
20212223242526
27282930

Lawful Access is Back: Controversial Bill Returns Under the Guise of Cyber-Bullying Legislation

PDF  | Print |  E-mail
Thursday November 21, 2013
In February 2012, then-Public Safety Minister Vic Toews introduced Bill C-30, the "Protecting Children From Internet Predators Act". While the government marketed the bill as an attempt to protect children from Internet predators (and infamously accused opponents of siding with child pornographers), it soon became readily apparent that the bill was really about adopting a wide range of measures that increased police powers, stripped away privacy rights, and increased Internet surveillance. The overwhelming negative publicity led the government to put the bill on hold. Earlier this year, then-Justice Minister Rob Nicholson announced that Bill C-30 was dead:

We will not be proceeding with Bill C-30 and any attempts that we will continue to have to modernize the Criminal Code will not contain the measures contained in C-30, including the warrantless mandatory disclosure of basic subscriber information or the requirement for telecommunications service providers to build intercept capability within their systems. We've listened to the concerns of Canadians who have been very clear on this and responding to that.

Nicholson's commitment lasted less than a year (the same was true on lawful access in 2007, when Stockwell Day promised no warrantless access to subscriber information only to have Peter Van Loan backtrack a year and a half later). Yesterday, Peter MacKay, the new Justice Minister, unveiled Bill C-13, the Protecting Canadians from Online Crime Act. The similarly-named bill is now marketed as an effort to crack-down cyber-bullying, yet the vast majority of the bill simply brings back many (though not all) lawful access provisions.

There were hints that this might be the government's plan. In October 2012, the Canadian Association of Chiefs of Police renewed its call for lawful access (the bill was still on hiatus at the time), shifting away from child predators to cyber-bullying:

Criminal bullying is extremely concerning to all Canadians, especially the parents of young children, and Bill C-30 also provides new legislation to help police intervene and investigate cyber bullying in their early stages to prevent needless tragedy. The Bill makes it an offence to use telecommunications, including social media and the Internet, to injure, alarm, and harass others.

As I noted at the time, the government had not mentioned cyber-bullying in any of its materials on Bill C-30.  In April 2013, Jesse Brown noted that cyber-bullying might lead to a reboot of the lawful access bill. Rumours this fall that lawful access might be on the agenda started when Peter MacKay gave a speech in August indicating that cyber-bullying legislation could be forthcoming. As I blogged on August 26th, the press reported that:

MacKay said he also won't be intimidated or deterred from considering new lawful access provisions despite privacy concerns that ultimately led to the death of previous bills.

MacKay was asked about the issue in a Hill Times piece in September with a spokesperson confirming the latter part of the Nicholson's commitment, but not the first part:

“[W]e have no plans to move forward with measures related to the warrantless mandatory disclosure of basic subscriber information or the requirement for telecommunications service providers to build intercept capability within their systems."

Of course, Nicholson's commitment went further than that since he stated that attempts to modernize the Criminal Code would not include measures contained in Bill C-30. The government has simply ignored that commitment by focusing on cyber-bullying and claiming that the remaining provisions are a response to the Federal/Provincial/Territorial Ministers Responsible for Justice and Public Safety June 2013 report on cyber-bullying that recommended bringing back lawful access:

The Working Group strongly recommends that the Federal Government enact investigative tools and procedures which will enable law enforcement to keep pace with modern technology, similar to those elements which have previously been introduced by the Federal Government.

With that foundation, Bill C-13 includes several provisions designed to target cyber-bullying and dozens of pages of reforms that come straight from prior lawful access bills. The bill excludes warrantless mandatory disclosure of basic subscriber information and the requirement for telecommunications service providers to build intercept capability within their systems, yet that is cold comfort given the Snowden revelations about ubiquitous surveillance that may include access to subscriber information and the collection of seemingly all Internet and communications traffic.

Cyber-bullying

As for the cyber-bullying provisions, David Fraser does a good job of parsing the legislation, which focuses on creating an offence for:

Everyone who knowingly publishes, distributes, transmits, sells, makes available or advertises an intimate image of a person knowing that the person depicted in the image did not give their consent to that conduct, or being reckless as to whether or not that person gave their consent to that conduct, is guilty
(a) of an indictable offence and liable to imprisonment for a term of not more than five years; or
(b) of an offence punishable on summary conviction.

The law also includes the prospect of an Internet ban for offenders, with Section 162.2 allowing a court to prohibit someone convicted under the law from using the Internet or other digital networks.

Criminalizing Software

Once the cyber-bullying provisions are done, the bill includes a wide range of computer-related provisions and new warrant powers. For example, the Criminal Code will be expanded to cover computer programs (currently limited to devices) that can be used to gain access to telecommunications service without payment or lawful excuse (this would include a cable television service, wifi service, Internet services, or phone service) or cause mischief such as interfering or obstructing lawful use of computer data. The expanded provision may mean that coding such a program or merely downloading it will now be a criminal offence.

Harassing Emails

The bill also expands provisions covering false messages or harassing communications. The harassment provision is drafted in a very broad manner, suggesting that multiple harassing communications to a person would be a crime:

Everyone commits an offence who, without lawful excuse and with intent to harass a person, repeatedly communicates, or causes repeated communications to be made, with them by a means of telecommunication.

One can certainly envision repeated emails from an angry constituent or customer now falling under the Criminal Code. The law currently restricts harassment to telephone calls.

Warrant Powers - Metadata

The new warrant powers include a new court-ordered preservation warrant and order requiring the recipient to preserve computer data. There is also a new court-ordered production order, requiring recipients to produce a document in their possession. The production order links closely to a reduced standard for accessing metadata. The bill includes a provision defining "transmission data", which covers the much-discussed metadata created from telecommunications. The production order can be used to order to production of any transmission data (ie. metadata). The standard is lower than for other warrants.

Ironically, the lower standard for metadata comes just as the Supreme Court of Canada has warned that "it is difficult to imagine a more intrusive invasion of privacy than the search of a personal or home computer" in the R. v. Vu case. The court specifically points to metadata as one of the reasons why:

most browsers used to surf the Internet are programmed to automatically retain information about the websites the user has visited in recent weeks and the search terms that were employed to access those websites. Ordinarily, this information can help a user retrace his or her cybernetic steps. In the context of a criminal investigation, however, it can also enable investigators to access intimate details about a user’s interests, habits, and identity, drawing on a record that the user created unwittingly: O. S. Kerr, “Searches and Seizures in a Digital World” (2005), 119 Harv. L. Rev. 531, at pp. 542-43. This kind of information has no analogue in the physical world in which other types of receptacles are found.

While this discussion is in the context of a personal computer, the same metadata may be generated on the ISP side.

Warrant Powers - Location Data

The bill also creates new tracking orders, which involves data that relates to the location of a transaction, individual or thing. The production order can also be used to obtain tracking data as well as financial data. The tracking orders can also be used to install tracking devices.

Ban on Disclosure of Warrants

The bill grants a judge the power to prohibit the disclosure of the existence or content of a preservation order or production order. The judge must be satisfied that disclosure would jeopardize the investigation.

Voluntary Disclosure With Legal Immunity

The bill also encourages telecom companies, ISPs, and others to disclose information on their customers without a court order. The bill establishes immunity from criminal or civil liability for such disclosures.  The bill states:

(1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.

(2) A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so.

This particular provision is enormously problematic as it opens the door to cooperation on the widespread surveillance revealed by the Snowden documents. It has become increasingly clear that many telecom companies willingly provided millions of documents on their subscribers. With this immunity in hand, Canadian telcos could "voluntarily" provide surveillance data without fear of any liability.

There are also pages of forms and provisions on mutual legal assistance (along with a very confusing set of coordinating amendments that involve the anti-spam legislation - I could not figure out what they mean).

Law enforcement have been asking for some of these provisions for many years and there could be a good debate on the merits of many of the proposed reforms. As this post suggests, some of the provisions raise some serious concerns. Yet the government is signalling that it would prefer to avoid such debates, wrapping up the provisions in the cyber-bullying flag and backtracking on a commitment made earlier this year to not bring forward Criminal Code amendments that were contained in Bill C-30.
Comments (36)add comment

drive by commentor... said:

Neo-Cons at it again...
Darn, now I have to go give money to the Liberals and the NDP.

I feel it my patriotic duty to write checks to the other guys every time the Harper Gang screws up my country.

And yes it does get expensive. Thanks Harper!
November 21, 2013

Paul said:

...
No surprise here. This government is determined for any reason to watch Canadians every move. With the only recourse of this legislation through the courts it will potentially be a form of cyber bullying all by itself. Privacy be damned in Canada
November 21, 2013

drive by commentor... said:

Tell them you hate this...
I just found this link to protest this latest 'think of the children' attack on privacy.

https://openmedia.ca/ourprivacy

November 21, 2013

The kind said:

Of volunteerism I don't like
The "voluntary" provisions sound scary. Correct me I'm wrong. But doesn't it basically completely circumvent the need for a warrant?
November 21, 2013

Yvan Boily said:

...
So, 342.1 seems to make aggregation of password lists (such as a list of default passwords) illegal, and also seems to induce liability on developers of security testing software. Anyone with a better understanding of legalese want to comment?

November 21, 2013

David Harvey said:

Voluntary disclosure provisions
The new voluntary disclosure provisions have me confused. It says telcos, etc, can hand over a document "that the person is not prohibited by law from disclosing". Then it provides immunity from civil or criminal liability for so doing.

If the person was not prohibited by law from disclosing the document, what civil or criminal liability do they need immunity from? Of course, I'm assuming that "prohibited by law" includes all law - privacy legislation, contract law, tort, etc. Maybe I'm reading that too broadly.

Michael - comments?
November 21, 2013

Telco Guy said:

Mr.
Yet another dreary example (on top of the nonsense in the TPP) of policy laundering. It is clear that the Harper Tories, in pandering to the police, are going to add the C-30 language to any bill ("A Bill To Establish Milk Production Quotas And To Implement Lawful Access") that they think will get past Parliament without being carefully read or debated.

Obviously we have learned nothing from Snowden. What a terrible mistake the people of Canada made, in electing Harper.
November 21, 2013

"But the NSA knows me" said:

warrantless surveillance is still warrantless surveillance, regardless of it's name
This stuff is only needed to know if the people get wise to their deceit.

Current laws are useless against crime inside the government. So, Why do they bother with this shit?

It's been established in Ontario that you can avoid prosecution simply by deleting emails proving your guilt even if it's not permitted. Even the staff that made them disappear got away with it. And if someone went home with a backup tape and blow the whistle, THEY become the criminal.

The perfect crime!
November 21, 2013

Bob said:

...
I'm wondering how those sections on Voluntary Disclosure with legal immunity are that different from s. 487.014 as it currently stands. There are some difference, in that the new section provides that the ISPs can request the preservation orders, but they both provide immunity to the ISPs, no?
November 21, 2013

Brad said:

Ẁhat does this accomplish?
If the government is already spying on everything we do online, what does a bill like this even accomplish?
November 21, 2013

Anon said:

@Brad
NOTHING AT ALL!


November 21, 2013

.... said:

...
once again Harper and his band of idiots think they can trick Canadians what will this bill accomplish other than becoming a masked version of c30 it will not only cost millions of dollars but realistically have no benefit to a majority of Canadians this government is out of control making decisions that they want and not whats best for the people of this country dont forgot they work for us the tax payers we must stop this government
November 21, 2013

Proventus said:

Don't we have a constitution?
If our constitution is so weak that politicians can just legislate their way around it then we need a new one.
November 21, 2013

Dick Tracy said:

There's nothing voluntary about it
It's neither an independent, nor a singular request.

Revists MCI. They lost the US Federal telecoms contract, despite having the best bid. They were the one company not to cooperate in breaking what was then the law (as evidenced by the retroactive immunity given by congress to avoid a truly embarrassing and expensive lawsuit.)

AT&T got the contract, they were the most eager to break the law. In return they got: anti-trust and anti-competitive protection, rental and fee income for their part in the hacking, the elimination of the price competitive alternative, and favorable spectrum auction rules.

It's not in the public realm exactly, but look at everything Apple and Microsoft have done in trying to win favor of the US government since 2010 or so. Not just from direct US government aid either. It's very relevant for why Blackberry suddenly found its secure+private architecture under attack from so many countries all at once -- there were intentionally designed insecure and non-private alternatives being pushed.

Divide and conquer, cooperating oppressors remain standing at the end of repeated trials.

As long as cellular providers and operating system purveyors enjoy monopoly profits, expect the cozy arrangement to continue. Too much to lose and too much to gain all at the same time.
November 22, 2013

Kf said:

They're at it again...
How stupid does the current government think the populace is? The most Machiavellian government of all time.
November 22, 2013

Ki said:

@Kf
Very stupid. Which, to be honest, they probably is probably not that far off.
November 22, 2013

pat donovan said:

info leaks
and ANY info the police get will be monitized in both political and corp ways.
(above the law, parts one two and web 3.0)
November 22, 2013

Cocanut said:

...
"For example, the Criminal Code will be expanded to cover computer programs (currently limited to devices) that can be used to gain access to telecommunications service without payment or lawful excuse (this would include a cable television service, wifi service, Internet services, or phone service) or cause mischief such as interfering or obstructing lawful use of computer data."

Is it just me or does it sound like they're targeting proxy services with this?
November 22, 2013

Brian Kovic said:

ISP Surveillance
"The bill also encourages telecom companies, ISPs, and others to disclose information on their customers without a court order."

Does this mean that ISP's are being given authorization to conduct widespread surveillance to find e.g. people sharing a song or TV show? Does this allow Bell and Rogers to search for people watching streams of Blue Jays games online, even do so on a massive scale and then report the users and receive immunity for what would otherwise be unlawful mass surveillance? Could they do so even without any cause, at the behest of government surveillance agencies or even ad companies, perhaps finding a token infringement somewhere to guarantee immunity? It seems very poor law to provide anyone with blanket immunity for anything besides specific whistleblowing actions.

It seems that what is needed is companion legislation that outlines our right not to be searched or spied on without an individualized warrant that provides specific evidence or suspicion of wrongdoing. It should be expressly illegal for anyone to monitor someone's internet activity, or gather IMEI codes, license plate numbers, or wifi MAC addresses on a large scale without a warrant.
November 22, 2013

Maynard Krebs said:

Network tools are now illegal
SO network diagnostic tools like "Wireshark" https://www.wireshark.org/ just became illegal.
Have it on your computer, go to jail.
November 22, 2013

end user said:

...
SO how does this work with digital hydro meters? Is that mean since they use wifi/cell that if this bill is passed the RCMP can track peoples power usage with out proper court orders?
November 22, 2013

hrmmm said:

software made illegal
all media software
all file transfer programs as one can use them in an illegal capacity as well as legal, THIS ACTUALLY INCLUDES ALL WEB BROWSERS....
all web servering software as one can actually serve illegal uses
all operating systems as you can use htem for legal and illegal purposes
all image editing software as one can use them to alter a picture without permsion which is illegal
all virtual disk software as you cold use that to use any of the above
all open source software as you could alter the software and do "illegal" stuff

there nice law literally makes using the internet a crime
November 22, 2013

philosopher-animal said:

Questions, questions ...
I wonder what "can be used" means. Determining whether or not a program has a specific effect is (in general) a computationally unsolvable problem. Does the prosecution have to demonstrate the malicious operation, or simply can they go with "can" in some unspecified sense? Also, if one's legimate software is exploited and injected with malware, which is the program? Boundaries of "software" are not easy things to determine.
November 22, 2013

hrmmm said:

section 7 and 8 of the charter of rights and freedoms
I'd like to hear mister geist on how these sections and this law pertain from a legal stand point.


In R. v. TELUS Communications Co., the Supreme Court of Canada found that the reasonable expectation of privacy protected by Section 8 of the Charter applies to modern communications technologies such as text messages, even if the data in question is located on a third-party server.[8]

Not every form of examination constitutes search. A search within the meaning of section eight is determined by whether the investigatory technique used by the state diminishes a person's reasonable expectation of privacy. The focus of analysis is upon the purpose of the examination. A police officer who compels someone to produce their licence would not be invasive enough to constitute a search (R. v. Ladouceur, [1990][9]). Equally, an inspection of the inside of a car is not a search, but questions about the contents of a bag would be. (R. v. Mellenthin [1992]

So might one say if i encrypt everything on my pc you can see what is on it but then need a warrant etc and a damn good reason to see said encrypted files? Just cant be "cause we think this and that"
November 22, 2013

hrmmm said:

Cruel and unusual punishment
how does having wireshark on your pc giving me 5 year sin prison for it be fair and just when i could really harm a human and get less time in prison?

peter mackay said they consulted with legal experts, what he meant to say is he consulted with his american nsa overlords.

heck if i have two network tools on my pc i get more time then a drug dealer would or a manslaughter conviction

5 such tools i might as well kill a person

http://en.wikipedia.org/wiki/ Section_Twelve_of_the_Canadian_Charter_of_Rights_and_Fr
eedoms

ya know mandatory minimums mackay goes on about
November 22, 2013

hrmmm said:

5 years in jail for each of the following
posting a picture wihtout consent
having wireshark
having encryption tools that encrypt like filezilla,putty, WinScp,eraser ( to protect your box frm data theft )
having process detectors, rootkit detectors, virii detectors.....all that WE CANT MAKE if we do and possess it , because it could be used also for nefarious purposes could be illegal?????

It's confirmed all conservative mp's , supporters and friends and allies are mentally deranged and need immediate help.

so to sum up i could put 5 pics of my dog without its permission on the internet and get 25 years in prison and have 5 programs above and get 25 years....see why i mentioned cruel and unusual punishment.

how many phone apps and millions of kids have programs on pcs i haven't mentioned....
November 22, 2013

hrmmm said:

clearing browser cache and cookies NOW 5 years in jail?
clearing browser cache and cookies NOW 5 years in jail?
lolwhat

come arrest me mackay it costs 110,000 dollars per year you put me inside
go on jerk put me away for life 30 years will cost 3+ million

vs educating kids about using anonymous profiles and not putting up there phone and address on the net
vs enhancing security and privacy of canadians you not only put it in hands of your friends but those friends whom can't be trusted to keep it safe ( use search engine to find out about how many leaks of OUR data there have been since 2006 )
November 22, 2013

Ray said:

Constitutional?
The problem with constitutionality arguments is that the law remains constitutional until the courts rule otherwise, and that can take a long time. It doesn't help when one doesn't have any factual knowledge that his rights have been violated.

The fundamental dishonesty about the Harper regime will lie in that those who object to excessive intrusion into privacy will be characterized as supportin child pornography.
November 22, 2013

hrmmm said:

huh you mkae little sense ray
no it will be in that im against you making software illegal cause the person mkaing the law is an utter idiot retard who needs mental care ( this comment cant be made after it's law cause ill get 5 years ) which is another aspect of STIFLING SPEECH and like people kill themselves in droves from being bullied and harrassed? YET 99.99999999% of us get our rights shot to hell so they can do bad stuff and when we speak up they will definately have something now on EVERYONE , EVERYONE OF YOU has software on your pc that COULD FALL UNDER THE SOFTWARE PROVISIONS OF THIS LAW....thats 5 years when you mess with da harper
November 22, 2013

@Kf said:

...
There's lots of people who support this bill,they think it's good just because the Gov. tells them this it's for cyber bullying and I'm sure they know nothing about technical stuff of the Internet,but to be fair to the mother of Amanda Todd she's hurting and not seeing this clearly.
November 22, 2013

MEL said:

Petition!!!
Strike this bill down people get this out to everyone petition we need to do something this can't pass!! This bill is just a complete mess.
November 22, 2013

@Mel said:

........
I have a feeling this bill won't get the same outcry as the Lawful access bill and mostly this one will pass this time.
November 22, 2013

drive by commentor... said:

I have a feeling ... this one will pass this time ->> So take action! FAST!
This bill will not pass if we rise up and tell them we hate this junk...

Use this link to protest this latest 'think of the children' attack on privacy.

https://openmedia.ca/ourprivacy
November 23, 2013

Kelly Richard said:

IMPORTANT EVIDENCE RELATING TO THIS ISSUE...
"The bill also encourages telecom companies, ISPs, and others to disclose information on their customers without a court order. The bill establishes immunity from criminal or civil liability for such disclosures."...Connect the dots that expose very serious conflicts of interest...

http://www.rcmp-grc.gc.ca/pd-dp/contra/2013-06-30/000022-eng.htm

http://www.fasken.com/bell-canada-in-10-year-45-billion-outsourcing-contract-with-cgi/#.UpL1XCf8tZs

"Support the transformation of – and maintain 1,500 applications for – 6 of the 10 largest global telecom service providers"...

http://www.cgi.com/en/telecommunications-media

"At CGI, we’re in the business of satisfying clients. For more than 30 years, we’ve partnered with U.S. defense, civilian, and intelligence agencies"... http://www.nhdf.org/7-national...biting/cgi

http://jobs.cgi.com/key/NSA-Langley-VA-jobs.html

"Big data presents big opportunities, and the right way to capitalize on it is different for each organization. Data volumes for most organizations are growing rapidly, along with the variety of non-traditional data sources, such as social media."...

http://www.cgi.com/en/business-intelligence-services/next-generation-information-warehouse




November 25, 2013

Kf @Kf said:

This bill has nothing to with Amanda Todd and will be ineffective in preventing or fighting "cyber-bullying"...
The events surrounding Ms. Todd's death are appalling and disgusting, but educating children and young adults would have a much greater impact than passing broad-reaching and vague internet legislation. Visual images uploaded to the internet can not be removed, no matter what anyone tells you; similarly, sharing private or personal information can be equivalent to telling the whole world.
November 25, 2013

— Rob McVey, T4B said:

...
You should have a prominent link to the petitiion against c-13; I signed here:
http://www.avaaz.org/en/harpers_web_pa/
March 31, 2014

Write comment
smaller | bigger

busy
Tags:
, , ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterEmailPrintPDF
Related Items: