When the Conservative majority government recently opted to not include their lawful access provisions in the crime omnibus bill, non-profit advocacy group OpenMedia chalked it up as a victory. Their online petition against lawful access, entitled “Stop Spying,” currently has about 70,000 signatures from Canadians who are opposed to the legislation. The Conservatives still appear set on introducing the bill early next year, leaving the future of the Internet in Canada uncertain.
WHAT'S IN THE BILL?
When the idea of “lawful access” was most recently introduced by the Conservative minority government in 2010, it was split into three separate pieces of legislation: bills C-50, C-51 and C-52. Together, the bills provide the framework for a drastically different version of the Internet, with increased focus on police interception of communications. Critics refer to it as “warrantless Internet wiretapping,” but what do the bills actually contain?
Bill C-50, or the “Improving Access to Investigative Tools for Serious Crimes Act,” requires Canadian Internet service providers to disclose specific information to authorities about their customers. At request of the government, Canadians ISPs (Internet Service Providers) will be forced to disclose your name, address, home phone number and Internet protocol address to investigators without court oversight. Additionally, Canadian ISPs are required to disclose a series of device identification numbers associated with the hardware you use to access the Internet, such as your router and modem.
“While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person,” said Micheal Geist, Canada Research Chair in Internet and E-commerce Law at the University of Ottawa. “Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community.“
Bill C-51, or the “Investigative Powers for the 21st Century Act,” requires ISPs to reconfigure their networks to allow for real-time surveillance. The bill establishes a regulatory structure for Internet providers to intercept communications, monitor individuals online, and monitor multiple individuals at once. It also establishes mandatory reporting requirements that force ISPs to disclose their technical surveillance capabilities, as well as give follow-up reports when their capabilities are increased.
Bill C-52, or the “Investigating and Preventing Criminal Electronic Communications Act,” creates new police powers to deal with the surveillance data collected by the new Internet structure outlined in Bill C-51. This includes a new type of data transmission warrant that grants real time access to communications of suspected individuals, including metadata such as the type of communication, the time it was sent and received, the duration of the communication, and its destination.
Additionally, police could obtain a “preservation order” to force the ISP to log all of a specific customer's information, including the content of their e-mails, instant messages, and their browsing history, for 90 days.
Once these two things are done, law enforcement can use a “production order” to force the disclosure of this communications data for their investigation. However, section 17 of Bill C-52 allows for Law Enforcement to supersede the need for these new warrants in “exceptional circumstances.”
The first bill allows for law enforcement officers to get access to your subscriber information from your ISP without a warrant; the second modifies the very nature of the hardware of the Internet in Canada to allow for real time surveillance; the third allows for law enforcement to access the browsing history, e-mails, and communications of Canadians. Altogether, they allow law enforcement to track you, monitor you, and intercept your communications based on poorly defined variables without court oversight.
WHO'S AGAINST IT?
The bill has been extremely unpopular with the official opposition (the NDP) and civil liberties groups, and has been spoken out against by all fourteen Privacy Commissioners in Canada.
“What we have been hearing from experts and citizen is that this new law gives the government and police way too much power to snoop into our lives,” said Charlie Angus, New Democrat Privacy and Digital Affairs Critic. “Canadians are right to feel that the Conservatives are not protecting their privacy and that we need to curb this bill.”
Lindsey Pinto is the Communications Manager for OpenMedia, a national, non-partisan, non-profit organization best known for their campaign against usage based billing. “These bills are warrant-less, invasive, and costly,” says Pinto.
OpenMedia is now leading the charge against lawful access with their online petition “Stop Spying.” On Oct. 3 of this year, they released a 15 minute short film called (un)Lawful Access, which is comprised of interviews with legal and privacy experts and can be found on their website.
The NDP, the Canadian Civil Liberties Association, and privacy experts are not alone in their ideological opposition to the legislation either. According to a recent survey published by the Office of the Privacy Commissioner of Canada, eight out of ten Canadians are opposed to “giving police and intelligence agencies the power to access e-mail records and other Internet usage data without a warrant from the courts.” The survey also indicates that Canadians are "deeply suspicious about the collection and use of personal information by public- and private sector organizations."
WHY THEY ARE AGAINST IT
The issues that these critics have with the lawful access can be broken down into five categories:
1) Spying on personal communications without a warrant is a violation of our right to privacy. “We understand that there is a need for law enforcement to have tools, but this method is intrusive and doesn't have any respect for the privacy rights of Canadians,” says Pinto.
2) Canadians generally don’t trust the government with this technology. “The Orwellian type fears that often get raised have some truth to them.” says Geist, “If you establish rules with no court oversights, if you establish new levels of surveillance within the network – you’re setting yourself up for uncharted territory, one that I think many may find disturbing.”
3) The cost of upgrading Internet infrastructure to the specifications of Bill C-51 is very large, and it’s not clear where the money is going to come from to pay for it. “That will mean, ever so neatly, that we pay for our own surveillance. We pay for them to check on us,” says David Lyon, Director of the Surveillance Studies Centre.
Additionally, some suggest that the cost of implementing the infrastructure could severely Big Brother is Lawfully Accessing You Creepy new Internet spying bill threatens the future of the free Internet and your privacy damage smaller ISPs who cannot afford to upgrade their capabilities.
4) There is insufficient evidence to show that this type of surveillance technology is necessary or effective. “The case has never been made that there is this problem. Before you bring forth this type of legislation surely the onus is on law enforcement to demonstrate where the problems have been” says Geist, “so at least we can draw a correlation between where the problems are and what the legislation is looking to achieve.”
According to public data about the two year period that the European Data Retention Directive, a similar law that was in effect in Germany, only 0.002 per cent of investigations relied on traffic data. As the founder of the Swedish Pirate Party Rick Falkvinge points out; “That’s nowhere near motivating a blanket surveillance of the entire population at this cost to finance and civil liberties.”
5) It appears as though the Conservative majority is looking to push this through without significant debate. “These are bills about the shape of liberty in Canada,” says David Fewer, Director of the Canadian Internet Policy and Public Interest Clinic (CIPPIC). “They deserve a full parliamentary debate. And we haven’t got a promise from the government that they will.” Pinto agrees: “They're not going to be given a proper amount of debate, especially for what they are, which is something that's very different from what we've seen in Canada.”
IN DEFENSE OF LAWFUL ACCESS
Lawful access has been introduced many times by members of both the Liberal Party and the Conservative party. Variations have been introduced repeatedly to parliament under different names over the last ten years.
Clearly, this is a desirable piece of legislation for the government, and it's easy to understand why: to say that full access to communications would be a very valuable tool for law enforcement is an understatement. If it were possible to monitor all of the data on the internet, the RCMP could end the distribution of images of child pornography, crack down on the illegal sharing of information and bring copyright criminals to justice, end the illegal drug trade by monitoring cellular data networks, and reopen old investigations based on new leads, such as private online confessions.
SIMILAR THINGS HAVE BEEN PREVENTED ELSEWHERE
The aforementioned European Data Retention Directive was a controversial piece of legislation in European Parliament. Seeing that it required all ISPs in Europe to log all Internet activity for a minimum of 90 days, it is no surprise that it was wildly unpopular and hotly debated.
In Germany, this initiative was put into law in January 2008. However, the Federal Constitutional Court of Germany ruled it unconstitutional in 2010, and it was struck down as a violation of the guarantee of secrecy of correspondence.
Additionally, the Czech Constitutional Court shut down mandatory data retention earlier this year, ruling it as unconstitutional. Likewise, the implementation in Romania was struck down by the Constitutional court of Romania as a violation of the constitutional rights to privacy, free speech, and confidentiality of communications.
The European Data Retention Directive is still in place in the United Kingdom, Denmark, Italy, Spain, Portugal, Poland, Slovakia, Slovenia, Ireland, France, Finland, Estonia, Latvia, and Lithuania.
INVASION OF PRIVACY CLOSE TO HOME
Deep Packet Inspection (DPI) is a type of data filtering that can be used to eavesdrop on an individual’s web connection. It’s used in China to find censor offensive material that they claim harm the Chinese people or the interests of the state, such as pornography, swear words, discussion of alternative religions and/or political theory, or discussion of the Tiananmen Square protests. The same process is used in Iran to spy on political dissidents.
There was a public uproar in 2006 when it was revealed that the United States’ National Security Agency (NSA) had been working together with AT&T using DPI to listen in on VoIP calls and read e-mails without a warrant. There’s a good chance these could have been your e-mails and VoIP calls, because the vast majority of the undersea Internet cables leaving Canada travel through the United States first. The NSA policy is still in place today.
DPI is used in Canada too, by major ISPs. The very same DPI they use in China is being used right now by Bell and Rogers to determine who is participating in illegal downloading of movies and music so they can slow down their Internet speeds. While officially this is the only purpose that DPI is used for, it is impossible to tell if it is being used for any other purpose.
Paranoia about the use of this technology isn't unfounded – a leaked United States Embassy cable has revealed that the Canadian government has taken part in illegal wiretapping.
FIGHTING FIRE WITH FIRE
For those people most opposed to this type of surveillance technology, there are several ways to protect your information from prying eyes. As the language in this section may be a little bit technical, I encourage you to use an Internet search engine to seek the definitions of terms you don't understand.
Encrypting your e-mail is a simple way to prevent your communications from being read by someone other than the intended recipient. It’s not hard for unencrypted e-mail to be intercepted and read by others on wireless networks, or by law enforcement through DPI. Sending unencrypted e-mail can be likened to mailing a letter without an envelope.
The Onion Router (TOR) is used around the world by political dissidents to anonymize their web traffic. TOR works by relaying users' web usage through an international network of volunteer’s Internet Protocol addresses. As IP addresses are assigned based on geographic region, this prevents the location of a user from being accurately determined by authorities, and allows users subject to regional censorship by their authoritarian government to access the full web. It also allows you to visit secret .onion domains not accessible on the regular Internet.
Because information sent over TOR can be read at exit nodes, it’s recommended that you also use GNU Privacy Guard (a type of web encryption) for an extra layer of protection. According to the TOR website, it is only intended to be used for web surfing. It negatively affects the network when it is used for torrenting or other large downloads. Another similar service is Java Anon Proxy.
For those of us who want to share files with friends anonymously, the I2P project is for you. It’s structured in a similar way to TOR, but is designed to allow for encrypted torrent transfers. It protects better against traffic analysis and offers strong anonymity and end-to-end encryption. 12P offers anonymous browsing, e-mail, instant messaging, file sharing, and web hosting. Internet Relay Chat (IRC) can be done securely and anonymously in a number of ways, including through TOR and I2P.
Another way to hide the location of your web traffic is to use a virtual private network. These can prevent law enforcement from identifying you based on your location, but the technology is not perfect. It varies in price and effectiveness from service to service, and as it does require a monthly fee, it is recommended that you do some research before committing, particularly if you are going to be giving them your credit card information.
Any of these individual methods may fail if not done correctly, but with care and research, it is possible to combat this legislation with technology. All of this software is freely available on the Internet with extensive documentation to guide you through the process of securing your data. Encrypting your e-mail is a good habit that can also make you feel like an ultra-cool cyberpunk battle hero.
COMING SOON TO A COMPUTER NEAR YOU
Even with fiery opposition from across the political spectrum, it is likely that the Conservative party, due to their standing majority, will rush this legislation through parliament. They consider the introduction of the bill to be a campaign promise, which means that empirical data that discredits the effectiveness of the policy may not be enough. It is now in the hands of the public to make clear their opinion of this controversial legislation if it is to be prevented. Are you willing to sacrifice your privacy for security?
// Shawn Vulliez, Writer
// Illustrations by Chris Dedinsky
|
