News

Bill C-30’s “Voluntary” Warrantless Disclosure Provision

The debate over Bill C-30, the online surveillance bill, has thus far focused on the mandatory disclosure of subscriber information, including name, address, email address, and IP address. The provision represents a significant change in the law, which currently allows ISPs to disclose such information but does not require them to do so. In response to the criticism, Public Safety Minister Vic Toews has emphasized that the content of emails or web surfing habits would still require a warrant.

Yet Toews has not talked about a provision in Bill C-30 that creates a voluntary warrantless system that would allow police to ask for the content of emails or web surfing habits and allow ISPs to comply with the request without fear of liability. Section 487.0195 states the following:

(1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.

(2) A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so.

This provision opens the door to police approaching ISPs and asking them to retain data on specified subscribers or to turn over any subscriber information – including emails or web surfing activities – without a warrant. ISPs can refuse, but this provision is designed to remove any legal concerns the ISP might have in doing so, since it grants full criminal and civil immunity for the disclosures.

While many would hope that ISPs would not hand over personal information without a warrant, revelations that they already provide customer name and address information about 95 percent of the time suggests that police have little to lose in asking for more detailed data preservation and disclosure. Bill C-30 increases the likelihood of “voluntary” warrantless disclosures, creating a legal framework that makes it easy and risk-free from a provider perspective.

27 Comments

  1. black-listed
    and the black ops will use posts to shut the system down.

    it happened with BBSing.. one US senators hate campaign and a flood of porn from US army bases and the regs to control the system got out thru.

    want to see your adress get spoffed, hijacked (a valid address can be used from anywhere…
    just type it in and Your 256.256.256.127 is the culprit)

    issues are being missed here.

    packrat

  2. @pat donovan
    While it’s rather trivial to spoof UDP trafic, it’s mutch harder(read impossible usually) to do so with TCP/IP trafic. The reason lies in the 3 way handshake mechanism used in the protocol to establish the link between 2 devices. Basically, it’s impossible to spoof TCP/IP connections (however, it is possible to trick a bit-torrent tracker to list IP adresses of unaware 3rd party).

    It is sorta possible to send packets using UDP while spoofing the IP adress(Since UDP is actually a connectionless protocol) but don’t expect to recieve anything back (UDP is sorta like posting a letter. You can change the expeditor adress to whatever you want, but don’t expect to see that letter return to you if you misstyped the destination adress).

    The fact that TCP/IP is nearly unspoofable does not mean that IP adresses are actually a fool proof way to discover who pirated the latest attempt by Harper to play music(… who would want to pirate that anyway) on Bit-torrent since it’s possible to spoof trackers (Read a white paper about someone successfully tricked a tracker to say that one of the peer was a printer and the RIAA actually sent a Cease and Dessist letter for that printer).

  3. Doesn’t PIPEDA Trump C-30 Section 487.0195?
    “(1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.”

    Given PIPEDA limits collection and storage for the purpose being used by the organization to provide service to the end user / customer … wouldn’t that prohibit the organization from “preserving or to voluntarily provide” information to the officer without a court order?

  4. Chad English says:

    The absurdity of giving these authoritarian powers to police is bad enough, but what about the worry of private interests exploiting these provisions? Wouldn’t this encourage the CRIA to get/pay a police officer to get the name, address, and possibly online activities of individuals for the sake of suing them? The lack of a warrant means they only have to find one police officer somewhere willing to do it. It also allows some of the less honourable officers to spy on their spouses/girlfriends/boyfriends.

    I have yet to hear a single good argument why warrants should be avoided. The only excuse I’ve heard is that warrants can take too long. But that’s just a justification for making a more efficient warrant system, not to bypass it.

  5. @Chad English “But that’s just a justification for making a more efficient warrant system, not to bypass it.”

    Well said, and this line of thought goes even further. There are so many attempts today to bypass our rights or put patches on old legislation (and dare I say ‘old business models’) to maintain the privileges of the powerful and connected over the people.

    The internet has changed the way our society deals with information, both in access and dissemination. We are seeing now how this is affecting governments to pass laws that in the past would have slipped through unopposed. Of course governments see this as a threat and try to pass laws to limit it, further stirring the pot.

    Popular on-line protests have recently proven effective. This is so very encouraging a turn for democracy, too long has the voice of the few driven the agenda. While I don’t support the tactics of groups like anonymous, as the governments fail to respond to people’s concerns, we can only expect more.

    The outcome I hope to see from all this? … Laws and governance drafted to truly serve the citizens rather than the privileged. I know, I’m a hopeless optimist đŸ˜€

  6. Re: Doesn’t PIPEDA Trump C-30 Section 487.0195?
    The you should probably be paying close attention to the changes the government has proposed to PIPEDA as well …

  7. I would worry more about “public officer”
    @harper would just appoint a copyright officer, and they are now a public officer, they can just start emailing ISP’s request for IP addresses and names and then go trolling the waters, this is just to create a legal loophole for the monopolies extortion that is being shut down in the UK, US and other parts of the world because…it is wrong.

    This way, they don’t ever have to file a complaint in court…just create mass mail marketing campaigns demanding money or we will tell everyone you downloaded Ann of Green Gables….

  8. Oh yeah?
    My first ever successfully seed .torrent was Anne of Green Gables (they day after Megaupload got shut-down). Proud of downloading Anne of Green Gables.

    http://phillipsjk.ca/VPN/Anne_of_Green_Gables.torrent

    (Guntenberg text and Google PDF of a book scan)

  9. If they can have warrantless access, then it’s not inconceivable that they would, at least occasionally, end up requesting copies of content that turns out to be entirely innocent. This is even more likely than it is with a warrant simply because warrantless access would allow it to happen with greater frequency. Wouldn’t such creating of unauthorized copies of those documents, however, still constitute a standard copyright violation?

  10. From Saturday’s PMO

  11. “Our proposed legislation does not allow police officers to read emails or any other private communications without a warrant. Any claim to the contrary is inaccurate.”

    From Saturday’s PMO InfoAlertBot via Kady

    http://www.cbc.ca/news/politics/inside-politics-blog/2012/02/pmo-infoalertebot-watch-so-not-a-lot-of-warrantless-online-surveillance-fans-out-there-huh.html

  12. @Allison
    That is because they have not read the bill, which is based on previous Liberal legislation.
    http://www.cbc.ca/thehouse/news-promo/2012/02/18/internet-surveillance-bill-up-for-broad-review/

  13. Schedule 2 Provisions
    Schedule 2 lists those providers that are excluded from the act. These include restaurants (so I can use a WiFi at my local StarBucks/Second Cup), and libraries. Regular businesses that provide access to the internet for their employees where there is an authenticated logon are not excluded. We should considers ourselves blessed that private dwellings are also excluded in Section 34, but according to our analysis and opinions we have received, anyone with an IT group and a NAT router is going to be subject to this bill. Canada will definitely become “Cloud-unfriendly”. We have already discussed cancellation of a major Cloud investment in Canada because of this.

  14. I can only speak to the public issues, as I am not technically sound. This bill would revolutionize the way in which I use the internet. Every consumer bill I receive, all banking statements (yup – I don’t believe this will in-practice be exempt), and any legal documents would become “paper” only – a boon to Canada Post at the cost of the vendors. All email accounts except one would be closed, and that would contain NO personal information. I will not vote in any election online. All banking will be conducted in-branch. I will not shop online. I will switch to cash only. I will never complete an online survey again, unless it is absurdly frivolous.
    I have not stopped to consider consequences other than the broader ones until today, and with 20 minutes of though, I now realize that this bill will have profound implications on the way in which I communicate and conduct commerce. And I’m not even doing anything that I wouldn’t tell my Mother about …..

  15. playing roulette?
    If police will not need a warrant, what would keep them from playing roulette? Why not just ask records for a random IP address and then see if you can find something that could be illegal?

    We’re moving away from “innocent until proven” to “we’re finding stuff to make you guilty of something, whatever it’ll be”. That’s one way of getting Harper’s new jails filled-up…

  16. maybe I am paranoid…
    Is it conceivable that since they would have warrantless access and the ISP is prevented with big fines from telling consumer he is being spied on, they could PLANT something to frame someone they don’t like. An ecologist, a feminist, anyone really?

  17. after all…
    The RCMP (acting like Harper’s political police, but is is not their mandate do to that) made sure student who had photographs of themselves with NDP MPs were prevented from atending one of his town halls.

    Irrelevant to Internet surveillance but, if you recall, they also had the reporters frisked and sniffed by bomb (and drug?) detector dogs and kept them many feet away.

    I think — I am serious — if you piece it all together, that Harper has a mental health problem. He is not at ease surronded by a crowd, and other humans he sees as potential assassins/terrorists. Who else shakes their children’s hand on their first day of school? One more reason not to give this dude power over us. He sees enemies everywhere.

  18. Is this warrantlessly spied information what harper agreed to share with the united states to smooth corporate border relations?

    Traitor. Who actually authored this bill… as if that’s hard to guess.

  19. Schedule 2
    With the exceptions listed in Schedule 2 (Part 2), I have to wonder how effective these measures will really be. Seems like an awful lot of trouble, time, and money for a sketchy, if not minimal, result.

    This will also get “interesting” for those ISP’s that masquerade users out through a single IP. I know of several G3 and satellite providers that will face this issue.

    This situation will only get worse in the near future, not better. The pool of IPV4 addresses is exhausted, and until every device, router, server, and ISP on the planet is converted to IPV6, masquerading will continue to be used heavily.

  20. This bill is not about email, your online activities or even the internet. The police desperately want the ability to search without warrant. If passed, this bill will just be the opening wedge and will be followed by similar legislation covering other aspects of your life.


  21. @Ed: “The police desperately want the ability to search without warrant.”

    They actually can. Most laws have provisions that allow police action without a warrant if they have sufficient reason to believe that there is an immediate danger to the life of persons or property.

    If the internet one had the same kind of provisions no one would had objected.

  22. ISP_NetAdmin says:

    data that the person is not prohibited by law from preserving
    “For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.”

    Let me see. Given a standard EULA for an ISP, contract law, privacy, law, criminal law, Charter law, and so forth, the data I, as an ISP Network Administrator, am allowed to preserve voluntarily on any client is their name, address, phone number, email address, and IP address.

  23. Application of Principles to Freedom of Info Act
    Surely the same level of disclosures desired by the proponents would be desireable for citizens on 95% of the data now-restricted by the opposite-to-intention-named Freeddom of Information Act

  24. subpeonas
    as someone who regularly recieves and provides information for all levels of law inforcement with the proper subpeona about ip addresses for a webhosting/colocation company my first thoughts are wow. upon recieving a subpeona i normally tell the agency lookong for information i strongly suggest getting a keytrap which in all reality is what this bill is attempting to do without the subpeona/warrant.

    if the police want information do it the proper way.

  25. Don’t want to register my typewriter
    Bill C-30 in Canada would conjure a world like the former German Democratic Republic as portrayed in “The Lives of Others” where an individual member of the police could use
    personal motives and police surveillance to manipulate and to record the most private moments of another and where in reality, expression was monitored to the degree that typewriters were registered.

  26. Cheap Nike Dunks says:

    http://www.cheapnikeduckssales.org/
    So you have to think about all these things

  27. Richard Simon says:

    With all the talk about warrants or not, the early reports say that ISPs have already been voluntarily supplying
    information 95% of the time for authorities requests. We’ve not followed up on that. What does this mean?
    Is there any oversight? What is being done with this information? Where can we find out more about this ongoing practise?