Internet Surveillance Bills (Aka Lawful Access) Need Scrutiny

This is not about the election – it is about the need to consider this issue carefully before passing any new laws.

Michael Geist and David Fraser (here and here) have written detailed articles on this issue that I concur with and recommend. I want to weigh in as well as this is an important issue. I have a problem with legislation that erodes privacy and requires ISP’s or others to retain information for the sole purpose of government access to it. And when that access is not tempered by the need for a warrant.

Issues include erosion of privacy, the potential for misuse of the information (intentionally, accidentally, or creeping uses) the costs of ISP’s to comply, and whether the measures will actually have any meaningful impact on crime.

We are critical when countries like France pass data retention laws that trash privacy. Or when other countries use personal information to control and persecute and go way beyond criminal investigations. All justified, of course, by the claim that it is somehow criminal. We should be no less critical when our own governments try to pass similar laws. 

(I’m convinced, by the way, that if Julian Assange was in China revealing Chinese documents the way he has revealed US documents, he would be hailed by the US as a hero, not vilified as a traitor. But I digress.)


  1. The claim is not just that the information will help reveal ‘criminal’ activity; it is driven by the desire to detect terrorism, in the name of fighting which, all civil liberties are at risk.

    It is interesting to look at the statistics about the arrests and prosecutions done with the evidence seized under the USA PATRIOT Act or the British equivalent. Generally minor druggies and the like. One English municipality used its spy powers under the anti-terrorism law to prosecute a couple who claimed to live in a school district other than where they did live, in order to get their kid into a better school.

    Got to stamp out that kind of thing, and no means are too extreme…

    I will look to Michael and David’s posts to see what the Cybercrime Convention might really require, as distinct from what law enforcement folks put on their wish lists – things that they would not have even bothered to dream about pre-2001.

  2. David Collier-Brown

    This is a problem that librarians have faced since time immemorial: someone wants to know what you’ve read, because the say they fear it was a bomb-making manual. In fact, they want to know if it was Lady Chatterly’s Lover, hoping to use that against you.

    Many years ago, when I was postmaster at a local university, we were concerned with what records we should keep, and what information should be available to anyone. We asked the librarians, who directed us to large poster on the wall, outlining the Canadian Library Association’s position. It wasn’t the solution to all our problems, but it was a wonderful, clear statement of principle, and the first step to an understanding of what we needed to consider.

    The very same record-keeping policy of the CLA was the one we, and the commercial ISPs, needed to use. The record of who borrowed a book existed until they returned the book, or paid for it if it was lost. Once it was returned, the record linking the patron to the book was expunged, and only a count of the times a book had circulated that year survived. The same applies to the the loan of an IP address: once it has been returned, the record of who borrowed it should be expunged.

    Interesting, at least one DHCP/BOOTP server was written by a librarian, and it and several other standard ISP programs implement the librarian’s standard for the prompt destruction of personally identifying information.

    Years later, I worked for a company writing library software, and we were told that at least one of the countries we sold to mandated exactly the same standard. We were overjoyed: it was illegal in at least one country to keep the kind of information the proponents of “lawful access” wanted, and we could legitimately reply to them, “Sorry, that’s illegal”.


  3. The problem, as I see it, lies with the legislated requirements for covert surveillance capability to be built-in to telecom and other communications infrastructure from the get-go.

    Governments come and go; policies change — however, communications
    infrastructure is long-lived, often persisting for decades. Once such a capability is available to the authorities, it is absolutely inevitable that it will be used/abused.

    The Harper government may be well-intentioned — but I sincerely doubt it — their behaviour during the G8/G20, these bills, and their proposals to create massive new prison projects state otherwise.

    Remember, there is NO guarantee that future governments will be honourable. Once the covert surveillance infrastructure is deployed, there is no going back.

    Frankly, just over a year ago, the G8/G20 showed us a vision of the future. Any vestiges of trust I had in the legislatures, courts–and especially police–died that weekend, with the largest mass-arrests in Canadian history.

    Why would any thinking person place their trust in government(s) that treat their citizens in such a manner? I lived in Montreal during the FLQ crisis, when the War Measures Act was imposed, and what was done during the G8/G20 was not only worse, but done with far, far, less justification!

    Knowing that my privacy has been legally violated (as opposed to illegally violated) gives me scant comfort — the net effect to me is precisely the same. (I’m sure that the millions of Americans who have been illegally spied-upon would agree with me.)

    I prefer to place my trust in the laws of mathematics, rather than in the laws of men. My email is PGP-encrypted, with frequent sub-key changes so as to provide forward secrecy — I couldn’t decrypt older email if I wanted to.

    Same goes for my phone calls — I use Zfone — my calls are encrypted with AES-128/256, and the keys are destroyed at the end of the call.

    Nobody listens-in to my calls, or reads my email, PERIOD — the courts be damned, the law be damned. Technology trumps law.

    Events a little over a year ago proved beyond the shadow of a doubt that there is one law for them, and another for us. Any respect I had for politicians, courts and police alike is now gone. Their own actions have brought both the law and the administration of justice into disrepute.

    FWIW, I have never broken any laws, but I damn-well intend to break this one! If they want to examine my comm traffic, they’ll have to find me first.

    Even then, they can pound sand, and I’ll tell the judge to do just that. Let ’em send me to jail for contempt, because I DO hold the law and the justice system in contempt!

  4. David Collier-Brown

    As T. Ruth Sayer says, the problem is that the “back doors” now have to be built in to the software. We, of course, were forbidden to put in a back door or an illegal-record-keeping feature, and were genuinely pleased to have our policies backed up by statute.