#OpKillBillz C-30

February 18, 2012

Contents

What lawful access is all about and why it matters
Online surveillance bill opens door for Big Brother
Relevant Posts

#OpKillBillz

The mainstream| corporate media has been reporting about it.

Public Safety Minister Vic Toews has introduced a bill that assumes all Canadians are criminals
until proven guilty of this Government’s criminal Bill C-30.

After severe backlash on Social Media

Vic Toews has now admitted he has not read the bill that he has introduced and advocated for.

While we have the attention of the public.

This is the time for a massive national informational campaign:

schools, office buildings, malls, public transit stations, etc…

We need volunteers, designers, writers, experts to join this national campaign:
experts, students, artists, unions, non-profit organizations, community organizations, etc.

This is the time to contribute & collaborate: resources, skills, ideas & expertise, space, energy…

Calling on all Canadians and global citizens who value their freedom & privacy to join us.

#OpKillBillz C-30 Stage 1: Network

#OpKillBillz C-30 Stage 2: Organization

#OpKillBillz C-30 Stage 3: Execution

Call for action & more information on CanAnon

What lawful access is all about and why it matters

[source]

The Canadian federal government is expected to table its latest iteration of “lawful access” legislation in Parliament this week. This is a BIG DEAL.

First, let’s set the record straight: Assuming this bill is roughly the same as the last one that fell off the order paper, it will NOT allow warrantless access to the contents of any online communications. They can’t read your email or watch you surf the internet, unless they get a warrant. But what it does is requires anyone who offers telecommunications services to the public (which would include Microsoft’s MSN, Google Talk, Skype, etc.) to build in a backdoor so the police can wiretap it with a warrant. This involves, in many cases, compromising the security of these systems.

But it is expected to set up a system under which the police can get a huge list of non-content personal information without a warrant. And this is very bad.

Ask yourself this:

Should the police be able to get access to the names and addresses of anyone who shows up at a G20 protest? An Occupy* protest? A Stanley Cup riot? Parliament Hill? The PM’s residence? An abortion clinic? A sketchy part of town? If this bill looks anything like the last, they will be able to on a whim without any judicial oversight. (All they need is an “IMSI Catcher” (here’s an example of one meant for law enforcement and one made by some guy for $1500), which grabs the unique identifiers of all the cell phones within range and a request to the relevant telcos to hand over the names and addresses associated with the phones. Heck, they can ask for your e-mail address while they’re at it.)
Should be police be able to get the name and address of someone who seems to be spending an inordinate amount of time perusing the Criminal Code on the Department of Justice website? They’ll be able to do just that.
Should the police be able to get your name and address based on your web browsing activities without having to swear before a judge that there is any compelling reason to get it? If this bill looks anything like the last, they will be able to.
Should the police be able to get your e-mail address, IP address and phone numbers without any probable cause? Yup, they’ll be able to get that too.

The Internet is not quite like the real world. When you go to a library or a book store, you don’t have to provide ID or leave a record of what you looked at or that you were even there. When you step into a store in the real world, you don’t necessarily leave a trace of what you perused and what you bought (if you paid cash). You can send an anonymous letter to the editor of your local newspaper to voice an unpopular opinion without giving your name or any other identifying information. (They probably will not publish it, but that’s beside the point.) But the Internet doesn’t work like that.

Every device on the network has an IP address. IP addresses can be tied to an individual computer or a range of computers sitting behind a firewall or a router. Every mobile device, such as a cell phone or a smart phone, has a number of unique identifiers that it chirps out to the network that it’s attached to. Every interaction that you have online, you can assume is being logged in some fashion in connection with that IP address. Many e-mails you send include in the headers the IP address of the computer it was written on.

It’s just the nature of how networks work. That IP can perhaps be traced to you, to your household or to your employer. In most cases, where residential internet accounts are concerned, they are connected to the name and address of the account holder. With phones, that identifier is connected to the individual who owns the phone.

Every mobile phone regularly chirps out its location so that the phone company can route calls to your device. Your phone company always knows where you are (if you have your phone with you and it’s on). That chirping is also a transmission of identifying information about your phone, which can be readily intercepted by the police or national security organizations. If your phone can be connected to you personally, it’s a beacon about you and under lawful access, it’s readily available to them.

In short: Everywhere you go on the internet or with your mobile phone, you leave digital footprints. That’s the nature of the modern, networked world. So what protects your privacy when you do anything online? The fact that whoever allocated that IP address or provides your cell phone service has to keep it confidential unless a judge decides that the public interest (or the state interest) overrides your privacy interest. That’s why we have a Charter of Rights and Freedoms in Canada and why we have an independent judiciary. There is no absolute anonymity online, but there is effective privacy by obscurity because anyone who can connect your IP address to an individual is bound to keep it confidential unless a judge says otherwise.

However, lawful access takes that important balance away. It would give police forces and national security folks virtually unfettered powers to connect those otherwise anonymous footprints to an actual person (or small group of persons).

Don’t get me wrong … The police should be able to tap phones, track people and search computers, but all with a warrant. The only thing that stands in the way of police over-reaching and the destruction of civil rights is the Charter and independent judges who are called upon every day to decide where to strike the proper balance.

The government has suggested that we shouldn’t sweat it, since the information the police would have access to is just like “phone book” information. That’s simply not true. Only name and phone number appear in the phone book, which you can opt out of. Lawful access would permit the police to obtain any of the following:

name,

address,
telephone number and
electronic mail address,
Internet protocol address,
mobile identification number,
electronic serial number (ESN),
local service provider identifier,
international mobile equipment identity (IMEI) number,
international mobile subscriber identity (IMSI) number and
subscriber identity module (SIM) card number that are associated with the subscriber’s service and equipment.

The phone number analogy is completely inappropriate. With a phone book, if you know the name you can get the number. If you know the number, you can get the name. Not a big deal. In this case, the police can have one piece of the above information and demand the ten other pieces of data. And they’d never be asking for it in isolation, but rather they think they’ve seen something sketchy and want to connect it to a person.

When lawful access was last before Parliament, it was completely devoid of any measures that could be used to protect against abuses other than a closed recordkeeping requirement and the ability of the privacy commissioner to audit. It did not require any report statistics of its usage to Parliament, as is the case for most wiretaps. No requirement to notify the subject of the investigation after the fact. No requirement that there be probable cause. No requirement that the requesting officer justify the demand. No requirement that there even be an actual investigation under the Criminal Code. No oversight whatsoever.

Supporters say “think of the children!” Or we in a war against terrorism! The law could have been tailored to only apply to actual lawful investigations of child exploitation or terrorism offenses, but the government did not do that. Instead, they designed a system that could be used to target people who — shudder — violate parking by-laws or engage in lawful expression. It seems purpose-built for fishing expeditions.

Some supporters suggest that getting a warrant is too cumbersome and time-consuming. This suggestion is often misleading: if it’s an emergency (exigent circumstances), the cops can get this information right away. And every province has a system where warrants can be issued 24/7 over the phone from a duty judge. If it’s too inefficient for most routine investigations, get more judges or streamline the process.

This is important and Canadians should educate themselves about it. Here are some great resources:

Past blog posts about lawful access
CIPPIC FAQ on lawful access
OpenMedia’s Stop Online Spying campaign
Michael Geist’s blog posts on lawful access and his great comprehensive guide to lawful access.
Christopher Parsons on lawful access and his report “Lawful Access and Data Preservation/Retention: Present Practices, Ongoing Harm, and Future Canadian Policies” (PDF)
BC Civil Liberties Association: Moving Towards a Surveillance Society: Proposals to Expand “Lawful Access” in Canada (PDF)
Archive of the Ontario Information and Privacy Commissioner’s Symposium on “Beware of Surveillance By Design”
Legislative Summary of Bill C-51 by the Library of Parliament

_______________________________

Online surveillance bill opens door for Big Brother

Section 34 gives Orwellian powers to government-appointed ‘inspectors’

By Terry Milewski, CBC News Posted: Feb 17, 2012 4:54 AM ET

There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. - George Orwell, 1984.

It’s often forgotten that, for Orwell, 1984 was far in the future — a distant and imaginary hell. Published 35 years earlier, in 1949, his book conjured up a surveillance state filled with chilling new concepts: “Big Brother,” “Thought Police” and “Newspeak.”

Today, 1984 has come and gone but Big Brother is real and present in ways Orwell never imagined. In China, the very names of imprisoned dissidents are banned from the internet. In Saudi Arabia, an unholy tweet can bring you a death sentence.

Here in Canada, though, freedom reigns. A sign of that may be that the government’s new plan for policing cyberspace is in big trouble.

Within 24 hours of its unsteady launch, the government pledged to send its new legislation straight to committee for amendments — some of which may come from the restive Conservative back benches. The bill is “too intrusive,” said New Brunswick Conservative MP John Williamson. Conservative voices across the land agreed — to say nothing of NDP and Liberal ones.

Conservative MPs don’t usually grumble about Conservative legislation — especially when one of their front-line cabinet ministers has declared that Canadians must “either stand with us or with the child pornographers.”

That remarkable statement by Public Safety Minister Vic Toews may have much to do with the anger at his bill — but it hardly accounts for all of it. When his critics described the comment variously as “stupid,” “insulting” and “disgusting,” Toews at first denied having said it — which, of course, led everyone to replay the tape of him saying it.

But it was not the only comment made by Toews that he may have cause to regret.

Just as remarkable were the unequivocal statements made by him and by his senior officials that the bill, known as C-30, includes no extension of the state’s power to conduct warrantless searches. None at all, said the officials — and the minister agreed.

“In terms of access, nothing has changed in the law,” Toews declared.

But his bill would, in fact, dramatically change the law to allow the government much, much more access to our online lives and identities.

To date, much of the commentary has focused on one aspect of this change: the fact that information identifying internet users must be disclosed to the government, upon demand and without a warrant, by internet service providers, or ISPs. Those facts include your name, address, phone number, email address and IP address — the latter being the unique code identifying your computer so that a webpage you click on is sent to you, not someone else.

In that sense, the bill would definitely change the law on government access, which currently provides for voluntary, not mandatory, disclosure of your identity by ISPs. And, let it be said, the information can be crucial to the police. If an investigator sees a crime on the internet — be it fraud, hate or child pornography — he may be able to get the IP address of the source computer. But that does not reveal whose computer it is. Connecting the number to a name makes all the difference and, under the new law, the officer would be spared the bother of going to a judge and getting a warrant to find that name.

But, then, there’s Section 34. After reading it, you wonder whether it’s just pandas we’re getting from China.

Government-appointed inspectors

Among other things, the bill requires ISPs to install surveillance technology and software to enable monitoring of phone and internet traffic. Section 34 is there to make sure ISPs comply. So what, exactly, does it say?

Essentially, it says that government agents may enter an ISP when they wish, without a warrant, and demand to see absolutely everything — including all data anywhere on the network — and to copy it all. If that seems hard to believe, let’s walk through it.

First, Section 33 tells us that, “The Minister may designate persons or classes of persons as inspectors for the purposes of the administration and enforcement of this Act.” So we’re not talking about police officers necessarily. We’re talking about anyone the minister chooses — or any class of persons. (Musicians? Left-handed hockey players? Members of the Conservative Party? Sure, that’s absurd — but the bill allows it…)

Next, Section 34 spells out the sweeping powers of these “inspectors.” And, if they sound Orwellian, welcome to the world of Section 34.

The inspectors may “enter any place owned by, or under the control of, any telecommunications service provider in which the inspector has reasonable grounds to believe there is any document, information, transmission apparatus, telecommunications facility or any other thing to which this Act applies.”

And, once he or she is in, anything goes.

The inspector, says the bill, may “examine any document, information or thing found in the place and open or cause to be opened any container or other thing.” He or she may also “use, or cause to be used, any computer system in the place to search and examine any information contained in or available to the system.”

You read that right. The inspector gets to see “any” information that’s in or “available to the system.” Yours, mine, and everyone else’s emails, phone calls, web surfing, shopping, you name it. But, if that sounds breath-taking enough, don’t quit now because the section is still not done.

The inspector — remember, this is anyone the minister chooses — is also empowered to copy anything that strikes his or her fancy. The inspector may “reproduce, or cause to be reproduced, any information in the form of a printout, or other intelligible output, and remove the printout, or other output, for examination or copying.”

Oh, and he can even use the ISP’s own computers and connections to copy it or to email it to himself. He can “use, or cause to be used, any copying equipment or means of telecommunication at the place.”

In short, there’s nothing the inspector cannot see or copy. “Any” information is up for grabs. And you thought the new airport body scanners were intrusive?

Finally, note that such all-encompassing searches require no warrant, and don’t even have to be in the context of a criminal investigation. Ostensibly, the purpose is to ensure that the ISP is complying with the requirements of the act — but nothing in the section restricts the inspector to examining or seizing only information bearing upon that issue. It’s still “any” information whatsoever.

Even before seeing the above details of the bill, many privacy advocates were concerned about its scope.

“It does not even mention that there should be a criminal investigation behind the request — it’s completely broad,” says Chantal Bernier, the federal deputy privacy commissioner.

“As the legislation is written now, it could impact any law-abiding Canadian citizen.”

Another expert, Michael Geist of the University of Ottawa, adds that “This legislation is building and mandating the creation of an extensive online surveillance infrastructure within Canada’s internet.”

In the past, the government’s critics have often complained that it seems exquisitely sensitive to the privacy concerns of citizens compelled to fill out long census forms, or to register their hunting rifles.

Perhaps that line of criticism will now fade. Section 34 gives a resounding answer.

________________________________