Myth: Basic subscriber information is way beyond “phone book information”.
Fact: The basic subscriber information described in the proposed legislation is the modern day equivalent of information that is accessed from the phone book. These identifiers are often searchable online and shared between individuals in online communications.
The government persists in justifying its mandatory disclosure of subscriber information without a warrant on the basis that the information is as openly available the phone book, yet this is plainly untrue.
Referring to all of this information as customer name and address information is misleading, as is calling these data elements “basic identifiers.” This list goes well beyond the customer names and addresses associated with a given telephone number…the assumption behind the consultation paper is that CNA information carries a low expectation of privacy and as such does not require judicial authorization. We disagree: many individuals consider much of this information to be private.
The Information Technology Association of Canada, representing many telecom companies, argued:
ITAC notes that the “basic identifiers†listed in the discussion paper go well beyond what most people would consider to be basic. IP addresses, email addresses, IMSIs, ESNs, IMEIs and SIM numbers are not the “tombstone†data that is usually associated with CNA information.
The Canadian Wireless Telecommunications Association adopted the same position:
CWTA notes that the types of “basic identifiers†sought for wireless services go well beyond what virtually anyone would consider basic and are much more onerous than those for TSPs using other technologies. IP addresses and dynamic IP addresses, IMSIs, ESNs, IMEIs, and SIM numbers go well beyond basic “tombstone data†normally associated with CNA.
Civil society groups were of the same view. For example, the Public Interest Advocacy Centre’s response:
PIAC further views the CNA information sought to be collected as clearly personal information, either under legal interpretations of various privacy commissioners and courts, or the opinion of the public. Therefore the Minister’s statements to the press that: “We have not and we will not be proposing legislation to grant police the power to get information from internet companies without a warrant. That’s never been a proposal,” and “It may make some investigations more difficult, but our expectation is rights to our privacy are such that we do not plan, nor will we have in place, something that would allow the police to get that information” should not be based on a semantic game if it is an attempt to define CNA as something other than “information†or to suggest it is not private in this context.
Should the government wish to troll through online personal information without judicial oversight, or under a greatly reduced standard of judicial oversight, it should at the least be subject to serious public oversight (by Parliament and the general public), there should be severe penalties for misuse of the information and its collection and use should be restricted to only highly serious and defined offences.
Yesterday, I posted on the prospect of reaching a compromising on the issue. The starting point is for the government to acknowledge that the information at issue is not mere “telephone book data” but rather personal information that cannot be subject to mandatory disclosure without a warrant.
What a misleading name for a bill
The first thing that they should do is changing the misleading and terrible, awful, dreadful, frightful, fearful name they dubbed this bill “Protecting Children from Internet Predators Act”.
@Geist “The government persists in justifying its mandatory disclosure of subscriber information without a warrant on the basis that the information is as openly available the phone book, yet this is plainly untrue.”
As is the statement that anyone who is concerned about privacy rights is a supporter of pedophilia. Hopefully this obvious cognitive disconnect will give more people pause and reason to scrutinize the rest of the minister’s claims.
I think even the telephone book exposes too much information these days and am glad my number, name and address are not listed.
>Fact: The basic subscriber information described in the proposed legislation is the modern day equivalent of information that is accessed from the phone book. These identifiers are often searchable online and shared between individuals in online communications.
I’m sorry but a phone book does not store the info of where I have been, driven, walked or who I talked to every day. Also what if there are several names like mine in the phone book. You don’t know which one of them I am so now everyone on the list with the same name is guilty?
What if my name is unlisted?
If I’m posting on a forum with a nick name no personal info of mine is available unless I fill out my profile with my phone # and address. 99% of the forums out there never show IPs and any IP info is private company info that should only be accessed with a warrant for the forum owner.
This is beyond absurd.
SOPA moment?
SOPA moment?
I don’t know if I’d call it a SOPA moment. If Toews had of simply kept his big mouth shut, it probably would have passed mostly unnoticed by the general public. But that incredibly moronic child pronography statement popped up everywhere and got a lot of people, even including some Tory ministers, pretty riled up.
So, thank you Vic Toews for being such an a$$hole, you’ve done us a great service in raising public awareness!!
No Compromise!!!
Sorry, but this is not a situation where we need compromise – we need a stronger Privacy Act.
The Bill needs to be WITHDRAWN IN ITS ENTIRETY!
Ignoring the fact that some people have unlisted numbers for valid reasons, such as curtailing marketing or harassment, it is a false comparison. A telephone number cannot be used to find where a person is at any given time: not without a warrant. You can even have the telephone company block your phone number from showing on the other side’s caller id screen (*67), and if the RCMP need that information, they can still get it — with a warrant.
Whereas an IP address actually is a record of your location. Why, Google maps has me within 30 meters just from my IP address. (If that were based on GPS, it’d be down to the foot.) That is one of a number of things being asked for here, and that should certainly be the subject of oversight. (Just because I can ask Google where it thinks I am, giving consent as part of the act, doesn’t mean anyone else has the right to invade my privacy without a damn good reason.)
I also have the right to be treated fairly and not stripped and de-liced in public simply because someone wants me to be. This is about witch hunts and dynamite fishing and I guess copyright wasn’t a strong enough reason; surveillance is just another obvious digital power grab.
Some people lock their doors at night, and have a fenced in yard and yes, even wear a full set of clothes, because they care about their privacy. I have the right to cover my body.
My IP, and other numbers — are like my “private parts.” Not by copyright or patent or trademark. I don’t claim ownership — I claim privacy. I’m not complaining that access to this information would be “theft” — it would be invasion of privacy.
I agree fully with the federal privacy commissioner on the other aspects of this bill: we should not be building surveillance in, by design. That’s not what Canada should be about. This would be like mandating cameras in all public restrooms because that’s where people do drugs. No thanks.
This is not a commentary on the RCMP. I really sympathize with the RCMP who for the most part seem to genuinely want to to help, or are simply “doing their jobs” like all the machines of history. They are human beings, and our local branch has always been diligent and helpful whenever I needed them. They typically support this in the name of prevention. I do not want dehumanize the RCMP for supporting this, as Vic Toews arguably did me for opposing it.
Justice is hard, but there is a right way and a wrong way. The best prevention is always the example set through accurate warranted conviction. Justice is hard, but there is a right way and a wrong way and dehumanizing everyone by pulling away privacy as a basic right. Everyone deserves to be treated fairly, most notably: as though they are innocent, unless proven otherwise through an unbiased rational process.
I expect justice to reflect high ethical standards so yes, warrants are strictly necessary.
“Warrant” means “reason” and sidestepping reason in the name of prevention, even in the name of children, is just a witch hunt.
I can’t even believe, as a society, we would still seriously consider trading freedom for convenience; dignity for control. I feel like an urchin for even having to espouse the basics of freedom and think, as Vic Toews suggested, that I could be “standing” with child abusers. I do not. So, in that sense, he has won: he has made me — probably others — feel a little disgusted towards democracy.
Phone books
Phone books are documents available to anyone, not just law enforcement. I have one dropped off at my door every year.
If the comparison is accurate, then this information should be made available to anyone for the asking, not just the police. If doesn’t sound like something desirable, then the comparison isn’t accurate.
Treaties, Traitors and Thugs…
What most people fail to recognize is ACTA came into being as a response to counterfeit products like toxic toothpaste, etc. that contained dangerous and possibly fatal compounds.
Big content realized, or their lobbyists most likely realized, that if they could get their “products” included in this treaty they could avoid most democratic legislatures because “trade” treaties like ACTA are not often required to be presented to their legislatures or even debated in public light.
So with the hijacking of what started out as a fairly straight-forward trade treaty to protect citizens from toxic toothpaste complete they (big content) set about to pack as much protection for their business models as possible. They also sent armies of their high paid lobbyists to sponsoring countries while the “trade treaty” was being negotiated in absolute secrecy to help push through legislation to make simple copyright infringement criminal instead of civil.
Why you might ask? Because copyright infringement, in most countries, is considered a civil matter it is the responsibility, including financial, of the copyright holder to enforce and protect their copyrights. By getting countries to criminalize simple copyright infringement big content shifted the litigation and all it’s financial costs from it’s private, for-profit wallets to the public purse.
Now armed with trade treaty protection and a publicly funded army of law enforcement officers at their disposal, big content is set to extract every measure of wealth from whom ever they please.
As a Canadian, it is no mystery to me why Prime Minister Harper and his right-wing nut ball party members a have just tabled legislation that will give police new sweeping powers, including the ability to perform unwarranted surveillance WITHOUT A COURT UNDER and require ISPs to track and store citizens emails, mobile phone calls and Internet travels for up to three months so that they can have the information at their disposal to protect our children from pedophiles. (:
Like the Patriot Act in the United States, after which it is modeled, Canadians can expect an all out blitzkrieg on their privacy and pocket books by big content as they will surely begin to immediately implement their newly crafted business model of legalized extortion with very little if any real or new criminal activities being thwarted by the new surveillance machinery in place. US officials have time and time again been caught having to admit that the Patriot Act has been used many times more for law enforcement activities that DO NOT involve terrorism or anything else even close to what the Patriot Act was designed to catch. Think the same thing is NOT going to happen in Canada? Think again!
Don’t be fooled by the dogs that bark about saving our children. These are the same dogs that bark about wars to save freedom and MASSIVE public bailouts to save free markets and many of them attend Catholic churches where many a pedophile priest remains untouched by law enforcement and a Vatican that cares little about the suffering it’s clergy have and continue to inflict on our children to save the freedom of religion.
It’s time for citizens or every stripe to stand up and fight back against the corrupt forces that are trying to hijack our democracies. Be they for the sake of fighting terrorism, “public” deficits or “free” markets.
http://freejafarpanahi.wordpress.com/2012/02/16/urgent-saeed-malekpours-death-sentence-to-be-carried-out-any-moment/
The phone book analogy
Since they insist on using the phone book analogy….how do we get an ‘unlisted’ IP address?
Evey person had the choice to preserve their privacy and not be listed in the phone book. We have no such option with IP providers – so the analogy breaks there…
Plus – staying with the phone book analogy – it is as if the phone book listed not just the person’s name and address, but also every single phone call made to and from that phone number.
You’re too late!
Once something is out there on the internet, Mr. T., you can’t take it back:
http://twitter.com/#!/search?q=#TellVicEverything
http://donttoewsmebro.ca/
http://en.wikipedia.org/wiki/Vic_Toews:
“This line of argument is often referenced as one of the Four Horsemen of the Infocalypse. Public response followed, with an anonymous Twitter account posting personal information of Toews’ court proceedings during his divorce, around this time Conservative support appeared to back away from the bill and open up to amendments.[115] Toews also later denied that he had made the “child pornographers” reference, despite his comments being available in Hansard and on video.”
If this information is already available in the phone book or elsewhere online then why do the police need new laws? Oops logic fail.
Don’t Fence Me In!
http://bit.ly/yVBUsd
Vancouver police officers caught viewing porn on the job
There is of course no reason whatsoever to delve deeper into their private lives…in Canada we are above drawing any correlation between on the job performance and how we conduct ourselves in private!
http://www.theglobeandmail.com/news/national/british-columbia/vancouver-police-officers-caught-viewing-porn-on-the-job/article2340916/
Vancouver police officers caught viewing porn on the job
robert matas
Vancouver— Globe and Mail Update
Published Thursday, Feb. 16, 2012 3:07PM EST
Last updated Thursday, Feb. 16, 2012 3:11PM EST
Fourteen Vancouver police officers ranging in rank from constable to inspector and one civilian employee are facing internal disciplinary reviews for viewing pornography and other inappropriate and offensive images while at work.
The images ranged from photos that would only be found by searching the Internet for pornography to those that could be seen in a daily newspaper, Superintendent Jeff Sim, who headed the internal investigation, told reporters Thursday. He declined to provide further details.
The police department employees had each looked at roughly “a dozen†still and video images, although some viewed “a significantly higher†number, he said.
The employees, who continue on the job, were first caught during an unrelated internal investigation in August, Supt Sim said. In response to questioning, Supt. Sim refused to identify where the officers worked. “We don’t want any employees regardless of where they work to distribute material that is inappropriate,†he said.
All the officers were male.
None of the images were considered to be illegal and neither the public nor staff within the Vancouver police department have lodged a complaint related to the e-mails or Internet viewings.
However viewing the images and sending them in e-mail was considered to be inappropriate use of police department equipment and their time, Supt. Sim said. Police Chief James Chu later said the focus of the officers should be on their work and they should not use the equipment at work for viewing these images.
Both Chief Chu and Supt. Sim said they had not seen the images.
Some officers have already been disciplined while the investigation continues into the activities of others. The disciplinary measures range from a written reprimand to demotion and include suspensions, transfers and temporary restrictions from the promotion process, he said.
Police consulted with several people inside and outside the police force, including the Office of the Police Complaints Commissioner, about appropriate disciplinary measures. The police complaints commissioner confirmed the situation was an internal discipline matter, Supt. Sim said.
Disciplinary action reflects consideration the rank of the employee, nature of material, volume, previous warnings, the workplace and any mitigating factors. Higher rank officers faced harsher discipline, Chief Chu said.
As a result of the incident, the police department now plans to install software that will automatically track and identify e-mail and internet activity that involves “inappropriate images,†Supt. Sim also said.
Ammendments
http://www.theregister.co.uk/2012/02/16/canadian_internet_privacy/
“The government has signaled it is willing to consider amendments, such as allowing ISPs 18 months to install surveillance equipment instead of just 12, reducing the amount of personal information that the police can access, and promising a review of the legislation in five years’ time.”
These aren’t amendments, these are a bad joke!!!
Tor
“Since they insist on using the phone book analogy….how do we get an ‘unlisted’ IP address? ”
Tor
“Canada is free and freedom is its nationality.” – Wilfrid Laurier
I don’t want to be more like Iran, particularly today.
The bill would remain unenforcable, since they do not, and probably can not, define what is an ISP
The bulk of the ire aimed at this bill, has to do with the warrantless access to information which the ISP is, or should, maintain. Further, that the bill would require ISPs to be properly equipped, in advance, should a warranted intrusion be needed.
However, what i don’t see, and where i think this whole thing fails, is the definition of ISP.
the obvious targets would be Bell, Rogers, TekSavvy, etc, who self-identify as being ISPs.
however, the level of information expected from the bill, can only be obtained if the ISP is maintaining the info of the ‘last mile’, and in this context, ‘last mile’ means the link (cable or wifi) from the last router to a given laptop/PC/mobilephone/etc.
so, in this context, if a coffee shop provides internet access to its customers, is it responsible for tying each connection to the personal information of the user? or is that passed up the chain to their provider?
if the coffee shop is exempted from maintaining this information, then we have a quite similar argument against the bill as the Conservatives objection to the long gun registry. in effect, the criminals would knowingly use outlets that are exempt from the bill, while the bill would only result in obtaining information on law abiding citizens.
I haven’t had my name or number in the phone book for years, nor would I know if it was. At the kind of rates bell charges I can’t underatand why anyone would still have a land line except for DSL.
I do enjoy not getting harassing sales calls or people knowing exactly where I live unless I tell them.
This would just open a can of worms on par with KGB style witch hunts. I for for a fact once you have an IP its just a matter of time to find an open port. What’s stopping someone to misuse this situation to frame someone by uploading said illegal material?
Online Surveillance Everywhere
EXPECT MORE GOVERNMENT/POLICE CORRUPTION WITH NO-WARRANT SEARCHES
Note: Canada will have the same loss of electronic privacy and civil liberties that the Obama Government proposed for Americans. See where Canada is headed. Canada signed with the U.S., asset forfeiture reciprocal sharing agreements that allow the U.S. and Canadian Police to share assets seized from Canadians. Canadian police want the power to search Canadian’s business and private electronic communications without a warrant—perhaps among other objective—to seize billions of dollars in property from Canadian Citizens. Isn’t it usually about money?
Compare: U.S. Government wants the power without a warrant, to introduce as evidence in criminal prosecutions and government civil trials, any phone call record, email or Internet activity. That would open the door for Police to take out of context, any innocent—hastily written email, fax or phone call record to allege a crime or violation was committed to cause a person’s arrest, fines and or civil asset forfeiture of their property. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay.
If the U.S. Justice Department has its way, any information the FBI derives from circumventing the Fourth Amendment, i.e. (no warrant searches) of Web Server Records; a Citizen’s Internet Activity, personal emails; fax / phone calls may be used by the FBI for (fishing expeditions; to issue subpoenas in hopes of finding evidence or to prosecute Citizens for any alleged crime or violation. Consider that neither Congress nor the courts—determined what Bush II NSA electronic surveillance, perhaps illegal could be used by police or introduced into court by government to prosecute Americans criminally or civilly. If U.S. Justice Department is permitted (No-Warrant) surveillance of all electronic communications, it is problematic state and local law enforcement agencies and private government contractors will want access to prior Bush II /NSA and other government illegally obtained electronic records not limited to Americans’ Internet activity; private emails, faxes and phone calls to secure evidence to arrest Americans, assess fines and or civilly forfeit their homes, businesses and other assets under Title 18USC and other laws. Of obvious concern, what happens to fair justice in America if police become dependent on “Asset Forfeiture†to help pay their salaries and budget operating costs?
The “Civil Asset Forfeiture Reform Act of 2000†(effectively eliminated) the “five year statue of limitations†for Government Civil Asset Forfeiture: the statute now runs five years (from the date) police allege they “learned†an asset became subject to forfeiture. It is foreseeable should (no warrant) government electronic surveillance be approved; police will relentlessly sift through Citizen and businesses’ (government retained Internet data), emails and phone communications to discover possible crimes or civil violations. A corrupt despot U.S. Government too easily can use no-warrant-(seized emails, Internet data and phone call information) to blackmail Americans, corporations and others in the same manner Hitler utilized his police state passed laws to extort support for the Nazi fascist government, including getting parliament to pass Hitler’s 1933 Discriminatory Decrees that suspended the Constitutional Freedoms of German Citizens. A Nazi Government threat of “Property Seizure†Asset Forfeiture of an individual or corporation’s assets was usually sufficient to ensure Nazi support.
Under U.S. federal civil forfeiture laws, a person or business need not be charged with a crime for government to forfeit their property. Most U.S. Citizens, property and business owners that defend their assets against Government Civil Asset Forfeiture claim an “innocent owner defense.†This defense can become a “Catch 22†a criminal prosecution trap for both guilty and innocent property owners. Any fresh denial of guilt made to government when questioned about committing a crime “even when you did not do the crime†may (involuntarily waive) a defendant’s right to assert in their defense—the “Criminal Statute of Limitations†past for prosecution; any fresh denial of guilt even 30 years after a crime was committed may allow Government prosecutors to use old and new evidence, including information discovered during a Civil Asset Forfeiture Proceeding to launch a criminal prosecution. For that reason many innocent Americans, property and business owners are reluctant to defend their property and businesses against Government Civil Asset Forfeiture.
Re: waiving Criminal Statute of Limitations: see USC18, Sec.1001, James Brogan V. United States. N0.96-1579. U.S. See paragraph (6) at:
http://www.law.cornell.edu/supct/html/96-1579.ZC1.html
Canoe76, that was a great, well thought out post. One of the best I’ve read in a while.
like the info in the phone book?
Right on – my info isn’t listed in the phone book. Guess they can scrap this bill then.
The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation.
Adolf Hitler – Mein Kampf
@Anonymous
That’s a chilling quote given the context. Perhaps Harper’s favorite read? I’ve heard it’s an awful book, filled with nothing more than fascist/racist rhetoric and random ranting. A friend of my uncle’s used to run an antique store and came across a signed 1st edition in a random lot he purchased, it’s worth an obscene amount of money.
Security Geek
I’m a computer systems security and administration professional, and
have earned my living at it since 1969.
Bill C-30 won’t work.
The Black Hat can simply use TOR (The Onion Router) and obtain a
multiply-encrypted data connection to an offshore server.
I’m assigned a different IP address (from my IPS’s pool of IP
addresses) every time my DSL connection comes up. This means that ISPs
will have to keep track of the time I connect and disconnect, and that
the police, courts and ISP agree on the time, which is a non-trivial
computer problem.
Each ISP will have to:
– Accurately collect this data (IP address, UserID, start time, end
time).
– Store the data reliably.
– Prevent Black Hat access to this valuable data.
– Allow for “secure” access the data by “secure” police computers
anywhere in Canada, or, I suppose, Canada’s treaty partners.
– Maintain this ever-growing lump of data forever.
Can we trust that all parties have sufficient computer security mojo
to make this work?
Taking a step back, and considering the implementation of Bill C-30 as
a “project”, I see:
Two different user communities that don’t share a common goal.
The police are geographically dispersed, individual computer
literacy varies, not generally known for computer security
skills.
ISPs are competing businesses, whose computer security competency
varies from adequate to abysmal.
Each ISP will implement its own solution.
No one knows how the many police entities will demand access.
The implementation schedule varies from 3 years for smaller ISPs,
to immediate for the other ISPs and the police.
I’ve had enough experience to recognize the “shape” of this
project. It could become a classic in the field of project disasters.
@Walt
It could only work if they ban encryption…and really, would I put it past them?
@Walt
Then, Walt want to speculate on which consultants and/or lobbyists are advising them and who do they represent and who stands to benefit the most?
Just read all the detail of the new Privacy Policy at Google — especially on chrome and android. You will see that they will be intercepting data shipped to google and what you thing is encrypted may or may not be. The internet is a public place now. The government does not even need a bill to start scanning and monitoring. It is done now to apparently show us relevant advertising.
Security Geeks
Walt, you are right, but your comments don’t go far enough. Although I suspect you know these issues as well.
To make these measures actually work, especially the (warrant required) wiretapping ones, they will need to make all masquerading routers illegal. This means every home router, coffee shop, real estate office, nearly every hotel, marina, campground, businesses, etc, etc, will be forced to have their equipment upgraded at major costs. Won’t happen. Businesses cannot afford it, people cannot afford it. Wifi access points will need to be tightly locked down. Mobile smartphone “hotspots” will be unrealistic or illegal.
And as IamME has stated, encryption will need to be banned. Likewise TOR, VPN’s, and many other technologies.
Whoever put this bill together, focusing on the “ISP”, doesn’t have a clue about the technology or how it is currently deployed. It won’t accomplish the goals, and it needlessly exposes individual privacy.
From a technology viewpoint comparison/analogy, this bill would put up traffic cameras every 10th intersection on even numbered streets only, in order to catch specific jaywalkers. The fact that a lot of those cameras just happen to point into apartment and home windows is an acceptable loss of privacy.
From a society perspective, it would be a better use of our money to double the police and judiciary staff, and equipment/training. This government has a strong focus on economics. We need to get them to pay attention to the economics of an interconnected and interlocking society.
The Solution
Either you’re for Hitler, oops I mean Harper, or you’ll go to http://www.torproject.org to download TOR and support free speech and democracy.
Who Guards the Guardians?
The problem with this type of access is that it won’t be limited to child pornography. Once the police realize they can access the information at any time, they will start using it for other investigations. The reason we have due process is to stop the police from conducting witch hunts; something this legislation will allow. As was said long ago: Quis custodiet ipsos custodes?
….
@Annie:
Encryption and TOR don’t solve anything. Eventually encryption can be broken, TOR infiltrated etc. They just make you look like you’re trying to hide something.
The problem is that, given the nature of internet, all this can be automated and operated on a very large scale with little expense.
Now imagine for a while that you would revert to plain old mail via Canada Post. Sure it can be opened/scanned/filed in a database too, but that would require tremendous manpower to be operated on such a large scale as they plan with internet.
So why not. Go buy a roll of stamps. At least it would create jobs. Lots of them.
@Napalm Feb 18
“Eventually encryption can be broken”. Yeah, eventually the sun will collapse into being a red-dwarf. Tor and GPG are excellent solutions to protect our privacy. We should be using them whether or not the government _explicitly_ spies on us:
1. https://www.torproject.org/
2. http://www.gnupg.org/
…
@Ush:
Do you really know what’s running on your computer?
Michael, I am so grateful you’re keeping an eye on things in Ottawa and that you can keep things plain for us common folk.
As usual, great, amazingly articulate comments.
It makes you wonder how the idiots who govern us got elected, and why we we don’t have a mechanism for making these great insights be heard by those whose duty is to govern us for our interest instead of that of the privileged who manipulate them through their powerful lobbies, something that should be illegal in any democracy.
This
I wonder what affect this will have on ottawa.