Come back with a warrant by Rosalyn Davis (CC BY-NC-SA 2.0) https://flic.kr/p/aoPzWb

Lawful Access

How to Fix Canada’s Online Surveillance Bill: A 12 Step To-Do List

Over the past ten days, I’ve been asked repeatedly what should be done to fix Bill C-30, the online surveillance bill. While the bill will require considerable study, below I’ve posted 12 amendments or undertakings that are needed to begin to address the massive public concern with the legislation. Given recent events, many understandably believe the bill is beyond repair and should be scrapped. However, assuming the government sticks with it and send the bill to committee with a mandate to consider a wide range of reforms and submissions, I’d start with the following non-comprehensive to-do list:

Evidence, Evidence, Evidence
No Mandatory Warrantless Access to Subscriber Information
Reporting Warrantless Disclosure of Subscriber Information
Remove the Disclosure Gag Order
“Voluntary” Warrantless Data Preservation and Production
Government Installation of Surveillance Equipment
Reconsider the Internet Provider Regulatory Framework
Improve Lawful Access Oversight
Limit the Law to Serious Crimes
Come Clean on Costs
The Missing Regulations
Deal With The Failure of Privacy Laws To Keep Pace

Details on each follows:

February 24, 2012 — 37 comments — News

Estimating the Costs of Online Surveillance

The CBC reports that the online surveillance bill will cost $20 million per year for four years. ITBusiness.ca highlights some of the problems with the estimate.

February 23, 2012 — 4 comments — News

Why Bill C-30 Gives the Govt the Power To Install Its Own Surveillance Equipment on ISP Networks

Over the past few days, I’ve posted on some of the implications of Bill C-30, including the mandatory disclosure of subscriber information, the “voluntary” warrantless disclosure of emails and web surfing habits, and the stunning lack of detail on a wide range of issues including costs and surveillance capabilities. While the bill includes some detail on surveillance capability requirements, perhaps the most dangerous provision is Section 14, which gives the government a stunning array of powers:

to order an ISP or telecom provider to install surveillance capabilities “in a manner and within a time” specified by the government
to order an ISP or telecom provider to install additional equipment to allow for more simultaneous interceptions than is otherwise specified in the law (the government sets a maximum and then can simply ignore its own guidelines)
to order an ISP or telecom provider to comply with additional confidentiality requirements not otherwise specified in the law
to order an ISP or telecom provider to meet additional operational requirements not otherwise specified in the law

Given these powers, Section 14 essentially gives the government the power to override the limits and guidelines it establishes in the bill (it must pay the provider an amount the government decides is reasonable for doing so). If that wasn’t enough, Section 14(4) goes even further. It provides:

The Minister may provide the telecommunications service provider with any equipment or other thing that the Minister considers the service provider needs to comply with an order made under this section.

February 22, 2012 — 28 comments — News

Rick’s Rant on Online Privacy

February 22, 2012 — 4 comments — News

The Devil is in the Details: How Bill C-30 Leaves Many Surveillance Questions Unanswered

The introduction of Bill C-30 has generated enormous public debate (I focused yesterday on the “voluntary” warrantless disclosure of subscriber information) but less discussed is how the bill leaves out many crucial details on the new surveillance rules will actually function. Indeed, for a bill that is ten years in the making, it is shocking how much is still unknown.

At the top of the uncertainty list are cost questions. The cost of new surveillance equipment could run into the tens of millions of dollars, yet the government has not said who will pay for it. Surveillance mandates in other countries have typically come with government support. For example, when the U.S. passed the Communications Assistance for Law Enforcement Act (CALEA) in 1995, $500 million was granted to cover provider costs. In addition to the surveillance equipment costs, there are fees and costs associated with surveillance “hook-ups” to law enforcement as well as fees for disclosing subscriber information. Bill C-30 leaves these issues for another day by opening the door to fees but leaving specifics to future, unspecified regulations that can be passed by the Governor-in-Council without gaining Parliamentary approval.

Surveillance capability specifics are also still largely unknown.

February 21, 2012 — 18 comments — News