The federal government has yet to release its response to last year’s national security consultation, but at least one thing is increasingly apparent. Lawful access, the regulations that govern police access to Internet and telecom subscriber information, will be back on Public Safety Minister Ralph Goodale’s legislative agenda. My Globe and Mail column notes that the details of the complex new rules that would grant warrantless access to some telecom and Internet information system are still a work-in-progress, but the final outcome is sure to raise concerns with the privacy advocates as well as telecom and Internet providers.
A cybercrime working group comprised of senior officials from federal, provincial and territorial governments have spent months developing the new lawful access framework. It recently held two invitation-only consultations on the issue with Canadian telecom and Internet companies as well as civil society groups and academic experts. I participated in the latter event, which was held under Chatham House rules that allow for disclosure of the content of the meeting without attribution to specific commentators.
Read more ›
The U.S. government’s attempt to invoke a centuries-old law to obtain a court order to require Apple to create a program that would allow it to break the security safeguards on the iPhone used by a San Bernardino terrorist has sparked an enormous outcry from the technology, privacy, and security communities.
For U.S. officials, a terrorism related rationale for creating encryption backdoors or weakening user security represents the most compelling scenario for mandated assistance. Yet even in those circumstances, companies, courts, and legislatures should resist the urge to remove one of the last bastions of user security and privacy protection.
My weekly technology law column (Toronto Star version, homepage version) argues that this case is about far more than granting U.S. law enforcement access to whatever information remains on a single password-protected iPhone. Investigators already have a near-complete electronic record: all emails and information stored on cloud-based computers, most content on the phone from a cloud back-up completed weeks earlier, telephone records, social media activity, and data that reveals with whom the terrorist interacted. Moreover, given the availability of all of that information, it seems likely that much of the remaining bits of evidence on the phone can be gathered from companies or individuals at the other end of the conversation.
Read more ›
Yesterday’s Trouble with the TPP post examined some of the uncertainty created by the surprising e-commerce provision that involves restrictions on source code disclosures. KEI notes that governments have not been shy about requiring source code disclosures in other contexts, such as competition worries. Yet this rule will establish new restrictions, creating concerns about the implications in areas such as privacy. For example, security and Internet experts have been sounding the alarm on the risks associated with exploited wifi routers and pointing to source code disclosures as potential solution.
Dave Farber, former Chief Technologist of the Federal Communications Commission, warns:
Read more ›
Another Trouble with the TPP is its foray into the software industry. One of the more surprising provisions in the TPP’s e-commerce chapter was the inclusion of a restriction on mandated source code disclosure. Article 14.17 states:
No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.
The provision is subject to some limitations. For example, it is “limited to mass-market software or products containing such software and does not include software used for critical infrastructure.” The source code disclosure rule is not found in any other current Canadian trade agreement, though leaked documents indicate that it does appear in a draft of the Trade in Services Agreement (TISA).
Read more ›
Edward Snowden burst into the public consciousness in June 2013 with a series of astonishing revelations about U.S. surveillance activities. Snowden’s primary focus has centered on the U.S., however the steady stream of documents have laid bare the notable role of allied surveillance agencies, including the Communications Security Establishment (CSE), Canada’s signals intelligence agency. The Canadian-related leaks – including disclosures regarding surveillance over millions of Internet downloads, airport wireless networks, spying on the Brazilian government, and the facilitation of spying at the G8 and G20 meetings hosted in Toronto in 2010 – have unsurprisingly inspired some domestic discussion and increased media coverage on privacy and surveillance issues. Yet despite increased public and media attention, the Snowden leaks have thus far failed to generate sustained political debate in Canada.
I am delighted to report that this week the University of Ottawa Press published Law, Privacy and Surveillance in Canada in the Post-Snowden Era, an effort by some of Canada’s leading privacy, security, and surveillance scholars to provide a Canadian-centric perspective on the issues. The book is available for purchase and is also available in its entirety as a free download under a Creative Commons licence. This book is part of the UOP’s collection on law, technology and media (I am pleased to serve as the collection editor) that also includes my earlier collection on the Copyright Pentalogy and a new book from my colleagues Jane Bailey and Valerie Steeves titled eGirls, eCitizens. All books in the collection are available as open access PDF downloads.
Read more ›