December 23, 2011

Online Privacy and the Police

Tory government pulls controversial online security bills, but concerns remain

by Kimberly Croswell

The Dominion - http://www.dominionpaper.ca

The federal government is likely to once again push for "Lawful Access" measures to greatly expand its online surveillance capacity. Photo: Stephanie Law

Share

Del.icio

VICTORIA—It won’t be long before Canadian privacy laws regarding telecommunications come under attack again. These laws apply to technologies everyone relies on—from cell phones to the Internet. And as seen before, the federal government is likely to soon change them in a push towards facilitating online surveillance of individuals’ lives. If the government succeeds, it would mean online monitoring could be done without a warrant and other impingements on Canadians’ rights to privacy.

When parliament started with a Conservative majority in fall 2011, many privacy rights experts and advocated worried that the Conservative were going to push for “Lawful Access” measures in the Omnibus Crime Bill C-10. These measures, which failed to pass the last parliament, would change the rules around what the state can and cannot monitor. They’re designed to expedite the passing of a variety of laws, from raising mandatory minimum sentences, to harsher sentencing for young offenders, and even providing victims of terrorism the right to sue for compensation.

Canada’s Federal Privacy Commissioner, Jennifer Stoddart, supported by many Provincial Privacy Commissioners opposed the “Lawful Access” measures in an open letter, dated October 26, 2011, to the Deputy Minister of Public Safety, Mr. William V. Baker. After outlining how the new laws would “make it easier for the state to subject more individuals to surveillance and scrutiny,” Stoddart went on to point out that there is a lack of evidence to support those measures.

“At no time have Canadian authorities provided the public with any evidence or reasoning to suggest that CSIS or any other Canadian law enforcement agencies have been frustrated in the performance of their duties as a result of shortcomings attributable to current law, [telecommunications service providers] or the manner in which they operate,” she wrote.

Stoddart wasn’t alone in the mobilization against “Lawful Access”. Many NDP government critics penned letters condemning the proposed laws, and grassroots groups such as Openmedia.ca opened a petition, “Stop Online Spying”, that was signed by more than 70,000 Canadians.

The “Lawful Access” provisions, however, were in the end removed from the omnibus crime bill before it was formally tabled in September. But even though they aren’t currently up for consideration, many critics believe they will undoubtedly return to the table. Whether they are to be reintroduced with or without changes remains uncertain.

The “Lawful Access” measures were first introduced in the 40th parliament in November 2010 via three complimentary internet crime bills, designed to tighten governance of Canada’s cyberspace: Bill C-50, Improving Access to Investigative Tools for Serious Crimes Act; Bill C-51 Investigative Powers for the 21st Century Act; and Bill C-52, Investigating and Preventing Criminal Electronic Communications Act.

Looking at the bigger picture, the government was presenting each new item of Internet law as a stand-alone policy necessary to “modernize” telecommunications (ie, the Internet) in a bid to hide the interlocking nature of what is emerging: each new law, once passed, sets the stage for the next, facilitating unprecedented powers to implement mass online surveillance.

To begin, let’s look at some of the “modernization” items included in Bill C-51, The Investigative Powers for the 21st Century Act. Firstly, the bill has been crafted to take advantage of technological developments in order to extend surveillance powers. For example, if a warrant to secretly install a tracking device is obtained, this legislation “upgrades” its use to permit an officer to take advantage of the tracking capabilities installed in some cell phones and vehicles by allowing their remote activation. Then, there are changes in terminology within existing laws, such as the replacement of out-dated vocabulary like “telephone” and “pager” with an umbrella term, “telecommunication device.” The new term is intended to be vague enough to include current and future technological developments, covering all possibilities of surveillance in ways never imagined before the technology came along and anticipating the seamless integration of ever newer and more robust capabilities.

Reflecting the desire of authorities to have the ability to track and contain information in a timely fashion, C-51 also includes new data retention and retrieval powers in the form of Preservation Demands and Preservation Orders directed at Telecommunications Service Providers (TSPs). Preservation Demands may be made by police officers, and judges authorize Preservation Orders. The purpose of both Preservation Demands and Orders is temporary: to preserve data on file to ensure it is not deleted or altered while waiting for a search warrant or a Production Order, which is yet another new tool.

Production Orders are like search warrants, but instead of requiring officers to physically search and seize equipment and data, the individual or business entity on the receiving end of a Production Order must obtain and deliver the requested information to the authorities. The information obtained in a Production Order, is historical, which includes anything the TSP has available in data storage at the time. However, requests for “real-time” data, in other words, information that can be captured or recorded as events unfold, do require a warrant. Furthermore, in an aside comment in the legislative summary, Production Orders are viewed as tools specifically designed to obtain information from other countries, which indicates reciprocal agreements between countries are in effect.

Moving on, one of the main concerns around Bill C-52 is the legitimization of warrantless wiretapping. This is the concern of Bill C-52, which concentrates on TSPs obligations to upgrade and retrofit infrastructure to enable data reporting to policing authorities. The bill provides extensive lists of fines and punishments if TSPs do not comply. The most invasive point of compliance in the proposed legislation is the creation of a new class of authorities, to whom the TSPs must supply information. The Commissioner of the RCMP, the Director of CISIS, the Commissioner of Competition, and any head of a police force constituted under the laws of a province may appoint such individuals who are “designated” to ask for such information, but the number of officers authorized with these new powers cannot total more than 5% of a policing agency. Interestingly, C-52 also establishes a new class of administrator whose role is to verify whether the TSPs have complied with the Act: they can test, investigate, search, examine, and print or reproduce any information at any telecommunications facility, all without a warrant, except when the facility is located in a personal residence.

If Bill C-52 becomes legal reality, TSPs have 18 months to fulfill their obligations and install the appropriate software to facilitate these measures and must submit a status report outlining their progress within the first 30 days. Smaller service providers (less than 100,000 subscribers) need only provide a physical access point to conduct interceptions. In the past, opponents to “Lawful Access,” speculated costly upgrades Canadian TSPs will have to undergo to enable their transformation into surveillance state tools might derail the legislation, but Bill C-52 stipulates government assistance will be provided to help integrate surveillance technology for newly “deputized” TSPs.

In anticipation of the government’s current move, Canadian TSPs actually began writing into their service agreements the right to disclose customer information, should they be required by law to do so, as early as 2006. Indeed, elements of “Lawful Access-like” cyber-legislation already exist in current copyright and privacy bills.

Recently, at a September 2011 press conference announcing Bill C-11 (previously Bill C-32), The Copyright Modernization Act, evidence of the current capacity to retain users’ data and identify content was offered by Bell Canada representatives, who discussed past incidents of having to turn over some of their customers’ IP addresses to investigators.

In the same month, Bell Canada, Videotron, and Cogeco were hit with a court order to provide the IP addresses of customers who had violated copyright by downloading pirated copies of The Hurt Locker. The movie was released a year ago, in October 2010, and the first American copyright court cases emerged last May, with Canadian court orders served in September. Whether Bell is capable of retaining its users’ data for the entire year the movie was available, or if limited storage capacities affected the amount of data they have on their users, is unclear. What is certain is that changes to Canada’s copyright laws will undoubtedly benefit from the pending expansion of online investigative capacities.

Another “Lawful Access” puzzle piece has recently turned up in the form of an amendment to a law originally written to protect the online privacy of business transactions, The Personal Information Protection and Electronic Documents Act (PIPEDA), passed in 2000. The proposed amendment has been compared to the U.S. Patriot Act. It allows companies, of their own volition, to hand over personal files to the authorities without a warrant and, if the authorities deem it necessary, they may also be required to sign a non-disclosure agreement to keep the individual in question in the dark.The specific circumstances under which some companies may consider it necessary to hand over personal information is unclear, but presumptions of illegal behaviour are undoubtedly a factor.

The range of bills by which personal information can be disclosed without judicial oversight demonstrates an alarming trend in the government’s disrespect for privacy standards. Critics need to expand the parameters of analysis to reveal the larger pattern, but targeting the re-introduction of Bills C-51 and 52 is a start. As Lindsay Pinto, spokesperson with Openmedia.ca reflects, “Public pressure knocked online spying out of the omnibus though, and it seems to be delaying the release of the bills—we at OpenMedia.ca are still confident that Canadians can convince [Public Safety Minister] Toews to do the right thing and adjust the legislation to include comprehensive internal controls, clear oversight from the courts, meaningful deterrents, and a system of enforcement.”

Kimberly Croswell is a freelancer who lives on
traditional Lekwungen Territory in in Victoria, BC. Questions? Comments? Drop us a line: info@mediacoop.ca.

Comments