Lawful Access Could Close Smaller ISPs
5 Comments
Recent Posts
Yet Another Trade Battle Brewing: Why a Kids’ Social Media Ban Could Put Canada on a Collision Course With the U.S. 
Everything You Wanted to Know About a Kids’ Social Media Ban (But Were Rightly Afraid to Ask): A FAQ on Age Verification and Mandated ID for Everyone 
Bill C-22’s Clause-by-Clause Problem: The Government Includes Agencies Seeking Lawful Access Powers But Blocks the Privacy Commissioner’s Return 
You Can’t Put the Toothpaste Back in the Tube: Why the Government’s Reported “Temporary” Plan for a Kids’ Social Media Ban Would Mean Mandated ID for Everyone 
The Law Bytes Podcast, Episode 271: Taking Stock of a Wild Week in Canadian Digital Policy With the Online Streaming Reversal, AI Strategy Release, and Lawful Access Review
The 90’s called, they want their gov’t back!
Is this ANOTHER case of our government enacting a law that technology has already made irrelevant?
With the proliferation of public wi-fi (airports, coffee shops, even McDonald’s offers it) more and more users are sensitized to casual eaves dropping. And web sites are responding by offering secured HTTP (that is HTTPS) connections.
So what would the government or the police gain from spying on my secured traffic? If I understand correctly there’s no way (apart from lengthy brute force) that they could decode what passes through my ISP? They’d have to get a search-warrant for either my computer or for the servers of the web site I was communicating with.
This isn’t some esoteric secret message system used by spies; any web site can easily offer it, every web browser supports it, and any user can easily use it.
And HTTPS has been around for how long? And we’re getting a law now predicated on it’s non-existence? How ’bout a law requiring governments not waste our tax money – oh, never mind!
@Schultzter
There is a way to do a man-in-the-middle attack on SSL traffic, and the police could use it easely since it requires to compel a Certificate authority to create a certificate for a domain, but it would be immoral to do so… but then again Lawful Access, by it’s very definition, is immoral since there is no oversight to prevent abuse or prevent the use of that technology to create profile on an citizens.
@anonyme
And then you throw self signed or “cooperating hobbyists” into that cert mix. Lots more of them (and there are lots of them already).
Schultzter is right. Useless waste of time and money – for everyone.
Countries are already using the “Man in the Middle”
Iran, Egypt, Syria, even Israel (Israel is where a LOT of anonymous HTTPS proxies are to overcome that, if you know where to look). For the US to throw a couple billion at it and have Canada kick in some quid to get a look at the data would be a non-issue.
(don’t chuckle, how do you think the border security deal is going to be done? Days after Lawful Access is in)
Ridiculous
This law is ridiculous. It will do nothing to deter crime, illegal online activities or cyber terrorism. Here in North America we are so blinded under the guise of big security that we fail to look at the big picture.
We should be training entire armies on how to defend the nation’s critical infrastructure from foreign cyber espionage. Last week it was a pump in Illinois. What happens when a complete fire sale happens. What are we doing to ensure that it never happens. It happened in Georgia, Iran (stuxnet) …so what makes us believe that it won’t happen here. Canada doesn’t even have cyber command center in place. Yikes! If you don’t believe this old guy, then just see what Kevin Mitnick and Mark Russinovich have to say about this subject lately.
Lawful access ….really. If you are going after such a high profile criminal, then they are probably smart enough to use tor, proxy and a myriad of other technology to evade these filters from the get go.
Just another lame attempt by the feds to snoop into our lives. Wake up and smell the coffee!