{"id":2572,"date":"2012-05-15T09:00:42","date_gmt":"2012-05-15T16:00:42","guid":{"rendered":"http:\/\/www.nexusnewspaper.com\/?p=2572"},"modified":"2012-05-28T15:20:43","modified_gmt":"2012-05-28T22:20:43","slug":"a-surveillance-society-10-things-you-should-know-about-bill-c-30","status":"publish","type":"post","link":"https:\/\/www.nexusnewspaper.com\/newsite\/2012\/05\/15\/a-surveillance-society-10-things-you-should-know-about-bill-c-30\/","title":{"rendered":"A surveillance society: 10 things you should know about Bill C-30"},"content":{"rendered":"

[One of our most-read feature stories from this year makes a return appearance in the spotlight, as relevant as ever.]<\/em><\/p>\n

Bill C-30 is the lawful access legislation proposed by current minister of public safety Vic Toews. The bill is also known as the Investigating and Preventing Criminal Electronic Communications Act<\/em> or Protecting Children from Internet Predators Act<\/em> and it\u2019s a complex, 100-page piece of legislation that outlines changes to access to digital information by the RCMP, police, and government agencies such as the Canadian Security Intelligence Society and Communications Security Establishment Canada.<\/p>\n

The next move for the bill is unclear. The Conservatives seem to be responding to public backlash against C-30. However, most critics believe this important piece of legislation won\u2019t be on the backburner for long.<\/p>\n

Nexus<\/em> talked about the bill with Chris Parsons, PhD candidate in the political science department at the University of Victoria, and Michael Geist, the Canada research chair in internet and e-commerce law at the University of Ottawa. Parsons also worked at the University of Guelph doing network security and management, while Geist is a respected columnist who writes extensively about technology law issues. Here they help explain Bill C-30 and the implications it would have on Canadian society.<\/p>\n

\"\"<\/a>
(Graphic by Jessica Tai)<\/figcaption><\/figure>\n

1. What happens to your information?<\/strong><\/p>\n

Currently under Canadian law, police and RCMP officers are allowed to approach Internet and telecommunications service providers (ISPs and TSPs) for subscriber information, and the service providers have the option to share this information, which is usually only done in rare circumstances to aid in an ongoing investigation. If the service providers don\u2019t feel comfortable sharing information about their customers for any reason, they can refuse.<\/p>\n

What some find disturbing is that although the title of the bill implies it will apply to serious crimes, the surveillance techniques could be applied to anyone. According to Geist, this is going to create an extensive surveillance infrastructure that doesn\u2019t exist right now, because those authorized will be able to demand information about anyone, at any time, and without a warrant.<\/p>\n

\u201cObviously, it does apply to crimes, but it can be applied in much broader ways as well,\u201d says Geist, \u201cand that\u2019s unquestionably one of the big concerns that has arisen. If we\u2019re serious about dealing with these [privacy] issues, then the bill could limit the law specifically to criminal activity, which is something we don\u2019t have right now.\u201d<\/p>\n

Beyond the powers of lawful access, those authorized would also have the authority to inspect service providers to make sure they are using surveillance as directed. Under Section 14, \u201c[The bill] even goes so far as to allow the state to install its own surveillance technology, directly at private ISPs,\u201d says Geist.<\/p>\n

 <\/p>\n

2. Will your privacy be protected?<\/strong><\/p>\n

Privacy protection by ISPs and other web-based services is a controversial topic. Many of us just click \u201cagree\u201d when privacy policies pop up and don\u2019t think about it again. Most of those policies do outline circumstances when a company will release your data, but with ISPs it\u2019s generally only in extreme circumstances, as mentioned above. The information shared is usually things like address, phone number, and name. But with increased monitoring, a person\u2019s subscriber information would likely be more revealing, including things like browser history and emails.<\/p>\n

Under Bill C-30, the privacy agreements would change radically. Section 487.0195 exempts ISPs and TSPs from both criminal and civil liability for voluntarily giving away any and all of their customers\u2019 information to police or government agencies.<\/p>\n

\u201cIt opens the door to ISPs engaging in all sorts of activities without any kind of liability,\u201d says Geist. \u201cThat\u2019s not to say every ISP\u2019s going to do it, but especially a small local ISP would want to be seen as helpful with law enforcement, and they might engage in all sorts of activities. This bill really seeks to encourage them to do that, by providing them with this statutory immunity.\u201d<\/p>\n

 <\/p>\n

3. Vulnerable information\u00a0<\/strong><\/p>\n

One of the risks that comes with setting up the types of real-time interception and storage capacities outlined in C-30 is that the network opens itself to certain security vulnerabilities. These vulnerabilities are what allows the third-party access to the information, but could potentially be exploited by hackers. One of Parsons\u2019 concerns is that smaller ISPs will be more susceptible to outside forces.<\/p>\n

\u201cNot to besmirch any of Canada\u2019s ISPs, but there is a difference in the kind of technical and security resourcing that, say, a Rogers, Bell, Shaw, or Telus can bring into their lawful access environments, and an ISP that\u2019s only serving 5,000 or 10,000 people,\u201d says Parsons. \u201cThere\u2019s a better chance that they just might not have staff on hand that have the same level of expertise you might get in a multibillion dollar corporation.\u201d<\/p>\n

Beyond the threat of hackers, Parsons outlines concerns that networks could have with employees who would be trusted with all this sensitive information.<\/p>\n

\u201cYou have to make sure the people on the insides, the administrators, are equally trustworthy,\u201d he says. \u201cAnd you have to ensure that there\u2019s no way for them to circumvent auditing mechanisms, no way for them to basically use the powers at their fingertips. Most instances of hacking actually tend to start from the inside with a disgruntled employee, or an employee that\u2019s bought, or just an employee who\u2019s suggested to look the other way.\u201d<\/p>\n

 <\/p>\n

4. Insufficient oversight<\/strong><\/p>\n

Both Geist and Parsons feel that effective oversight regulations of the authorities are key in any kind of surveillance law. Geist says that although Bill C-30 does have some oversights and reporting mechanisms, they don\u2019t go far enough.<\/p>\n

\u201cWe\u2019ve seen some suggest, and I think it\u2019s a good idea, that we need a surveillance commissioner, one that extends beyond what a privacy commissioner might do, to focus more specifically on these issues,\u201d he says.<\/p>\n

Parsons agrees that there needs to be a series of checks and balances when this kind of blanket power is given to the state, and has done extensive research on the oversight system in Europe.<\/p>\n

\u201cIt\u2019s really critical that we have not just insight into how many times they use these powers, but why,\u201d says Parsons. \u201cHow many times do they screw up? Not necessarily by malice, but certainly in the UK, if you look at their examples, you get amazing numbers of inaccuracies, just because someone hit a four instead of a three. Routine clerical-style errors will lead to inappropriate uses of the technology. But one of the reasons we know what we do in the UK, is because they have a third-party, independent, resourced commissioner keeping track of this information.\u201d<\/p>\n

 <\/p>\n

5. Social impacts of surveillance<\/strong><\/p>\n

\u201cMost Canadians probably lead fairly mundane lives. They\u2019re not generally that concerned if the police monitor what they do because they have nothing to hide. But that misses a lot,\u201d says Parsons. In his opinion, citizens will pay for their own surveillance in one way or another.<\/p>\n

\u201cIt will create a culture or environment of concern,\u201d he says. \u201cI don\u2019t think it leads to trust between citizenry.\u201d<\/p>\n

More significantly, though, he feels that most Canadians don\u2019t quite understand how contemporary policing functions.<\/p>\n

\u201cThey start using open-source techniques, pulling together who are you, who are you speaking to, who they are speaking to, and in that way they start developing communities of interest,\u201d says Parsons.<\/p>\n

So what does this mean in terms of digital surveillance?<\/p>\n

\u201cIt means that if you\u2019re speaking with me and the police think that I\u2019m someone of interest, those who I communicate with, who are marginally involved in projects I\u2019m involved in, all of a sudden they get tied to me somehow,\u201d says Parsons. \u201cThere\u2019s an implication on them, just by associating with me. And so if you want to ensure that you don\u2019t fall under police surveillance, or you\u2019re not looked at by intelligence or whoever else, then you have to start thinking, \u2018Do I really want to talk to that person?\u2019\u201d<\/p>\n

 <\/p>\n

6. Intelligence appropriate\u00a0<\/strong><\/p>\n

According to Parsons, the majority of the information collected by ISPs under C-30 is more suited to intelligence gathering than solving serious crimes.<\/p>\n

\u201cFor the low-hanging fruit they might catch some more child pornographers [under C-30],\u201d he says. \u201cBut they\u2019re far more likely to start monitoring other \u2018extremist\u2019 statements and comments. We can\u2019t forget that days before C-30 was introduced, environmental groups, such as Greenpeace, were identified as extremist.\u201d<\/p>\n

Greenpeace, PETA, some First Nations groups, anti-capitalists, and others have been labelled extremist by the Conservative government. The political implications are strong and apply to a huge range of people.<\/p>\n

\u201cIf you\u2019re a journalist, and you\u2019re doing work on a controversial story, you can imagine concern about protecting your sources,\u201d says Parsons. \u201cYou [would] really need to start doing things like going to land lines, or going back to the few remaining public telephone booths, or just meeting face-to-face.\u201d<\/p>\n

The issue with the majority of information that could be gathered is that, although these topics may be politically sensitive, they don\u2019t usually involve crimes, especially of a serious nature.<\/p>\n

Parsons believes C-30 will without a doubt lead to more arrests, but the truly serious criminals will always remain one step ahead of police.<\/p>\n

\u201cWhen we\u2019re talking serious organized crime, the real bad guys, they\u2019re savvy,\u201d he says. \u201cThey\u2019ve been fighting this fight for a long time. What law enforcement is asking for now is unlikely to catch up.\u201d<\/p>\n

 <\/p>\n

7. What will be required of ISPs?<\/strong><\/p>\n

If Bill C-30 is passed, ISPs will be required to dramatically update their networks, both technically and on a security level.<\/p>\n

\u201cAll networks will be required to allow for real-time surveillance, to intercept communications, to isolate communications to a particular individual, and to engage in multiple simultaneous interceptions,\u201d says Geist.<\/p>\n

ISPs and TSPs will also be subject to inspection by the state to ensure their capabilities meet the standards outlined in the bill, and will have to file a report if they acquire new technologies.<\/p>\n

Beyond that, employees involved in communication interception and access at an ISP or a TSP will be subject to RCMP background checks.<\/p>\n

\u201cIf you\u2019re to be a citizen working for, say, Facebook, or Rogers, or whoever, the notion that you\u2019re going to have to get security screening in order to do the job you were hired to do, I think many people would find that invasive and offensive,\u201d says Parsons.<\/p>\n

 <\/p>\n

8. Cost<\/strong><\/p>\n

The estimated cost of Bill C-30 by the Public Safety Commissioner is $80 million over the first four years, and about seven million per year after that.<\/p>\n

Both Geist and Parsons have doubts about that estimate, and feel the bill would likely end up costing Canada more, at least as it\u2019s tabled right now.<\/p>\n

\u201cIf we look at the experience in other jurisdictions, I think that massively understates the actual costs,\u201d says Geist. \u201cThat\u2019s also only the cost on the surveillance infrastructure side. This will actually bring in all sorts of new costs. Where ISPs comply with requests for information they\u2019ll be able to charge for it. So we\u2019re talking about significant costs that at the end of the day the public is going to have to pay, whether it\u2019s in the way of higher taxes or by way of higher fees to ISPs.\u201d<\/p>\n

Parsons says it\u2019s possible to implement Bill C-30 for what the government estimates, but there wouldn\u2019t be much point.<\/p>\n

\u201cYou could do this on the cheap; it\u2019s possible. It wouldn\u2019t be very effective, but you could do it,\u201d he says. \u201cOr, you could do it in a very professional way, in which case we\u2019re going to blow past $80 million dollars in a year.\u201d<\/p>\n

 <\/p>\n

9. The case of the missing regulations<\/strong><\/p>\n

Geist, Parsons, and others who have studied Bill C-30 say there are many unspecified regulations. Section 64, in particular, has many scratching their heads. This section of the bill gives cabinet the power to fill in the blanks after the bill has passed, when it wouldn\u2019t be subject to a review or vote.<\/p>\n

\u201cWhat it\u2019s done is left out a lot of the details and the implementation of the legislation remains an unknown,\u201d says Geist. \u201cIt leaves so many different issues to regulation, so that in terms of trying to really effectively judge what the government\u2019s got in mind, it\u2019s very tough to do when they\u2019re not telling you what they\u2019re planning.\u201d<\/p>\n

Among the missing regulations are things like what, exactly, in terms of equipment and staff, ISPs and TSPs will need to do to comply with the new regulations. Other things, like cost, have also been left out. As a majority government, the Conservatives have the power to pass the bill as is, leaving the door open for quick changes down the road.<\/p>\n

\u201cThey\u2019re in a position to add a lot of meat on the bones, so to speak,\u201d says Geist, \u201cand do it without having to go through the House of Commons for approval again; it happens just at cabinet level.\u201d<\/p>\n

Parsons says this situation isn\u2019t entirely abnormal for such a complicated bill, but that this piece of legislation is particularly important.<\/p>\n

\u201cThis has the capability of reshaping the internet in Canada as we know it,\u201d he says. \u201cI don\u2019t want that left to regulators, or to administrative panels. This needs to be front and centre in the debate, and it\u2019s absolutely inappropriate for the government to try and hide it or move it away to the back stage.\u201d<\/p>\n

 <\/p>\n

10. Is Bill C-30 really needed?<\/strong><\/p>\n

According to Geist, the biggest issue with Bill C-30 is that, in his opinion, a sufficient case hasn\u2019t been made by law enforcement that this bill is even necessary.<\/p>\n

\u201cThe issue is whether or not law enforcement is in a position, based on the current rules, to deal with [online crime], and if they\u2019re not, is that a function of the rules, is that a function of a lack of resources, or is it a function of a lack of knowledge of how to deal with these issues?\u201d asks Geist. \u201cThere may be many factors behind the challenges faced by law enforcement. But enacting Bill C-30 doesn\u2019t really move the ball forward on those very much.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

[One of our most-read feature stories from this year makes a return appearance in the spotlight, as relevant as ever.] Bill C-30 is the lawful access legislation proposed by current minister of public safety Vic Toews. The bill is also known as the Investigating and Preventing Criminal Electronic Communications Act or Protecting Children from Internet […]<\/p>\n","protected":false},"author":3,"featured_media":2659,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10,70],"tags":[],"class_list":["post-2572","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-features","category-march-7-2012"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/posts\/2572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/comments?post=2572"}],"version-history":[{"count":14,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/posts\/2572\/revisions"}],"predecessor-version":[{"id":2681,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/posts\/2572\/revisions\/2681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/media\/2659"}],"wp:attachment":[{"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/media?parent=2572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/categories?post=2572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nexusnewspaper.com\/newsite\/wp-json\/wp\/v2\/tags?post=2572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}