Is Lawful Access Legislation a Good Thing?
Flags are being raised by numerous privacy experts about expected federal “lawful access” legislation. This legislation–expected to be reintroduced–was last seen in the 40th Parliament, 3rd session, which ended March 26, 2011 and includes:
- Bill C-50 – Improving Access to Investigative Tools for Serious Crimes Act
- Bill C-51 – Investigative Powers for the 21st Century Act
- Bill C-52 – Investigating and Preventing Criminal Electronic Communications Act
Excerpted from a commentary by Information and Privacy Commissioner of Ontario Ann Cavoukian published in today’s National Post:
At issue is the anticipated re-introduction of a trio of federal bills that will provide police with much greater ability to access and track information, via the communications technologies we use every day, such as the Internet, smart phones and other mobile devices. I have no doubt that, collectively, the legislation will substantially diminish the privacy rights of Ontarians and Canadians as a whole.
Let’s take a brief look at the surveillance bills, which were introduced prior to the last election:
- Bill C-50 would make it easier for the police to obtain judicial approval of multiple intercept and tracking warrants and production orders, to access and track e-communications.
- Bill C-51 would give the police new powers to obtain court orders for remote live tracking, as well as suspicion-based orders requiring telecommunication service providers and other companies to preserve and turn over data of interest to the police.
- Bill C-52 would require telecommunication service providers to build and maintain intercept capability into their networks for use by law enforcement, and gives the police warrantless power to access subscriber information.
I well understand the attraction for law enforcement officials — the increased ability to access and track our e-communications, with reduced judicial scrutiny, would put a treasure trove of new information at their fingertips.
However, we must be extremely careful not to allow the admitted investigative needs of police forces to interfere with or violate our constitutional right to be secure from unreasonable state surveillance. The proposed surveillance powers come at the expense of the necessary privacy safeguards guaranteed under the Charter of Rights and Freedoms.
A number of privacy and Internet experts weigh in on the matter the UnLawful Access website via this video:
And have a petition from Open Media.ca: http://stopspying.ca
As well, there have been letters and articles written; here is a selection:
- Privacy invasion shouldn’t be ‘lawful’ – commentary by Ann Cavoukian, Information and Privacy Commissioner of Ontario, National Post (October 31, 2011)
- Letters to Ministers Toews and Nicholson re: Lawful Access [pdf] – letters by Ann Cavoukian, Information and Privacy Commissioner of Ontario (October 31, 2011)
- Why Lawful Access legislation should not be allowed – David T.S. Fraser, Canadian Privacy Law Blog (October 31, 2011)
- Privacy Commissioner outlines concerns about potential lawful access legislation – News release: Office of the Privacy Commissioner of Canada (October 27, 2011)
- Letter to Minister of Public Safety Vic Toews – Letter, Privacy Commissioner of Canada Jennifer Stoddart (October 26, 2011)
- Laws of the 21st century: Access legislation clarified – Kathryn Blaze Carlson, National Post (October 22, 2011)
- Canada’s forthcoming surveillance bill and how to rein it in – by Christopher Parsons, Vancouver Sun (October 8, 2011)
- Speech for Minister Toews For the Launch of Canada’s Cyber Security Awareness Month and Public Education Initiative to Promote Cyber Security Awareness – Public Safety Canada (October 3, 2011).
Even worse, the information that these acts seek to collect is less than useful for dealing with real cybercrime problems.
If I want to deal with an attack on a business, I don’t need a way of collecting a list of all the sites a particular individual connected to. What I need is a list of everyone who connected to a particular remote site, where that site was the command and control node of a “botnet” used by the attackers.
At the moment, we’re trying to use the techniques which were successful for catching identified criminals through their use of the telephone.
Alas, that’s a different problem than the one we have.
–dave