A few months ago, I blogged about the possibility that the EU would be reviewing our privacy laws due to the NSA disclosures and Canada’s role in US surveillance. Since that date, there have been staggering disclosures regarding warrant-less access to subscribers’ information by the telecommunications companies in Canada, legislation drawn up that is a blatant attempt to expand warrant-less access, and a lawsuit launched this week on the constitutionality of the misuse of our current privacy laws by government and telecommunications companies.
Conveniently Canada for the most part has entered this debate under the radar of the EU Justice Commission most likely as a result of the EU being busy dealing with the US disclosures of its citizen’s data, and being in an election campaign for EU Parliament. Politically this would be the best time for the Canadian government to try and squeak surveillance legislation through under the noses of the EU Justice Commission. Judicial redress has been a big sticking point for US and EU trade negotiations, something the cyber bullying legislation seeks to dismiss for Canadian telecom and is most likely a result of heavy lobbying by the telecom industry to avoid accountability for essentially being accessories to constitutional crimes against the Canadian citizenry, and quite possibly breaking EU and international law.
The last review of our privacy laws by the EU was in 2006, in which found no evidence of abuse at the time. Abuse has certainly occurred over the years, and the EU Parliament in recent months have been steadfast on curtailing warrant-less disclosures that are being abused by the US Government and US law enforcement. I have a hard time believing that EU Parliament and the EU Commission would agree to such abuse that has been now disclosed. Simply put recent comments that were made in the media by Canadian government officials over the months regarding the adequacy of our laws with the EU are out of date, and sorely inaccurate considering recent disclosures of current warrant-less access by our telecom companies. From following the diplomatic stance the EU Justice Commission has taken in recent months with the US that the EU will have stark issues with what the Canadian Government and Canadian Law Enforcement have been up too.
This week I’ve tweeted out a few links to Paul Nemitz who is a director at the EU Justice Commission making him aware of the situation and public debate in Canada in hopes to put pressure on the government to abide by the constitutional rights of not just Canadians but ensure that going forward, any breaches of EU law are dealt with accordingly. Next week is when Vice President to the EU Commission Viviane Reding returns back from paid leave. Reding has been extremely outspoken regarding data privacy in recent months with the US, and I would find it hard to believe that if the information sent to Nemitz landed on her desk, that Reding wouldn’t pipe up either through diplomatic channels or publicly on the abuse and subsequent adequacy of our privacy laws.
Next week is when a large portion of our legal community in Canada will be also speaking out on the current lack of privacy on the cyber bullying bill C-13 in committee in which I’m expecting calls from the legal community to have government split the bill. Pass the cyber bullying portion of it, and separate the surveillance portion of it for further study. That maybe a wise move, in order to ensure that Canada’s economic trade isn’t put at risk with the EU under the leadership of Defense Minister Peter McKay and Prime Minister Harper.
Yesterday Netflix released it’s ISP speed index. Essentially these are speed tests to Netflix services to determine the speeds in which ISP’s are connecting to the service, which have an impact on the quality of video delivered to Netflix customers. Rogers reached the lowest on the speed index. In response Rogers has released the following statement (emphasis added):
“Netflix’s test was done just before we virtually doubled Netflix capacity and we’ll continue to add more capacity as it’s needed. These results only apply to customers’ specific Netflix connection and not overall internet speeds.”
This statement strongly suggests that Netflix connections are being specifically targeted and slowed down by Rogers, using the same technology that’s been used in the past to slow down file sharing applications in which the company in the past has publicly stated they don’t use anymore. If this proves to be the case, than Rogers had an obligation under CRTC regulations prior to this admission to disclose the use of traffic management on Netflix specific applications, and hasn’t.
The return of connection throttling has always been a concern of mine. The misuse of traffic management by ISPs needs to be fully addressed at the CRTC with the regulator doing regular audits to ensure compliance with disclosure policies.
I would like to introduce to my readers my new political blog called: “Mind Bending Politics”. When I was in school for journalism, I had one professor that everyone loved, that took me under his wing. He was a great guy, and got me very much interested in current events and politics. One of the things I remember my journalism prof said, is that politics is the “soap opera” of journalists. What came after that statement was one of ethics and responsibilities journalists hold within our democratic society to ensure accountability within government. As a result of my education around journalism I watch maybe 3 Canadian political shows daily, and 4 news casts per night before I go to bed, and read a lot during the day thanks to my professor on getting me addicted to politics and current events. I’ve been doing this since 1996. I also used to cover local politics, and pretty much ran the newsroom in my college years. I’m well informed as a result.
I’ve been politically active for a while now on twitter and on this blog regarding digital rights issues. I’ve been a long standing advocate not just on digital rights issues, but on government policy, civil liberties and the need to bring more oversight and accountability in our bureaucracy, and within our elected officials and system of government as well. I’m hoping to move that forward as an independent political pundit with my new blog, and offer up commentary on issues I feel are important for Canadians to learn about to stay informed politically.
If you’ve enjoyed this blog, you will love my Mind Bending Politics blog. I will be posting on that blog almost daily on issues and events. I will still be posting on this blog regarding digital policy issues, but not as often as I have in the past.
Last week, information became available through access to information requests which threw the spotlight on exactly what Canadian telecommunications companies (one would suspect independent providers who apparently support the “pro-internet” community and have remained for the most part completely silent on this issue) are doing with respect to subscribers information and data requests by law enforcement.
Our telecommunications companies are handing over data of thousands of subscribers per year without a warrant to law enforcement. Apparently this is all “legal” due to an exemption in our privacy laws. Michael Geist explains:
The absence of court oversight may surprise many Canadians, but the government actively supports the warrantless disclosure model. In 2007, it told the Privacy Commissioner of Canada that an exception found in the private sector privacy law to allow for warrantless disclosure was “designed to allow organizations to collaborate with law enforcement and national security agencies without a subpoena, warrant or court order.”
Last week, the EU and US submitted a joint statement after the EU threatened the US to veto trade agreements starting with immediate suspension of the EU safe harbor provisions to US companies. The joint statement released last week, seems to suggest that court oversight on subscribers information is a big sticking point for US and EU trade relationship. The statement stated that both the US and EU agree to stronger private sector judicial oversight:
We are committed to expedite negotiations of a meaningful and comprehensive data protection umbrella agreement for data exchanges in the field of police and judicial cooperation in criminal matters, including terrorism. We reaffirm our commitment in these negotiations to work to resolve the remaining issues, including judicial redress. By ensuring a high level of protection of personal data for citizens on both sides of the Atlantic, this agreement will facilitate transfers of data in this area.
Viviane Reding, European Commissioner for Justice, Fundamental Rights & Citizenship, has given the US until this summer to shape up, with very strong language suggesting that if this doesn’t happen, immediate suspension of safe harbour provisions will most likely go through, and veto’s on US trade deals will be possible by the new year as a new parliament sets to fully address this issue. Reding gave her US counter parts a 13 point “to do list”. Reding’s office has not been available to further explain exactly what that 13 point list details, however judicial oversight looks to be on that list from the joint statement. From the sounds of it, the US seems to be committed to working with the EU on the issue of data privacy.
In light of all of the developments in the EU the United Stated Trade Representative (USTR) has just piped up in regards to branches of Canadian government that have taken the approach of stopping data transfers to the US.
The strong growth of cross-border data flows resulting from widespread adoption of broadband-based services in Canada and the United States has refocused attention on the restrictive effects of privacy rules in two Canadian provinces, British Columbia, and Nova Scotia. These provinces mandate that personal information in the custody of a public body must be stored and accessed only in Canada unless one of a few limited exceptions applies. These laws prevent public bodies such as primary and secondary schools, universities, hospitals, government-owned utilities, and public agencies from using U.S. services when personal information could be accessed from or stored in the United States.
The Canadian federal government is consolidating information technology services across 63 email systems under a single platform. The request for proposals for this project includes a national security exemption which prohibits the contracted company from allowing data to go outside of Canada. This policy precludes some new technologies such as “cloud” computing providers from participating in the procurement process. The public sector represents approximately one-third of the Canadian economy, and is a major consumer of U.S. services. In today’s information-based economy, particularly where a broad range of services are moving to “cloud” based delivery where U.S. firms are market leaders; this law hinders U.S. exports of a wide array of products and services.
Rather than taking this as a diplomatic threat to Canada by the USTR, it’s representative on how weak the US tech sector has become economically on the issues of privacy protections, when the USTR is coming out with statements like this.
This should serve as an example of a potential downfall in the Canadian tech sector, should the Government continue with it’s approach towards lawful access legislation in the cyber bullying legislation, and not get in front of all of this, to strengthen our privacy laws. I think it could be devastating to Canadian tech companies when eventually the EU comes knocking looking for change in our laws, and forcing that change, rather than implementing that change before it’s forced upon us, at a time when our democracy is currently under the microscope internationally due to the Government’s Election Reform Act.
While the two most powerful economic bodies are working on solutions to enhance data privacy protections for citizens, the Canadian government doesn’t seem to want to let go of the idea of warrentless wiretapping. Even though it’s legal in Canada already, the point continues to be made clear with Harper’s cyber bullying bill, which reaffirms the stance of the Canadian government that it is extremely reluctant (even after all of the diplomatic dance between the EU and US on data privacy) to recognize that this provision can and most likely will cost Canadian jobs if they don’t change it.
Do Internet providers profit from disclosure of subscribers information? It shouldn’t cost very much to get a low wage data admin to search a database full of IP addresses and correlate those assigned IP addresses to a subscriber. Being a qualified database admin myself, setting up such a system would be relatively easy, and extremely cost effective. Most ISP’s should already have a system like this in place to ensure the normal day to day operations, so essentially all that would be needed would be to have someone search a database of the IP addresses to find assigned subscribers. Let’s take Teksavvy for instance.
2000 IP addresses were searched through this database to find the matching subscribers. Manually inputting the IP addresses shouldn’t take more than a few hours, however getting a digital list of IP addresses, and running an SQL script to automatically search the database should take no more than 15 minutes for the development of the script (assuming you’re not using MS SQL and manually inputting the script and running test searches). It should only take a few seconds once the script is run to query the database and come up with subscribers tied to those IP addresses.
I’ll be conservative here with the numbers. This can easily be done with 2000 records manually within one 8 hour working day. At $20/hour x 8 hours = $160. This cost gets even lower when the database system gets automated. An estimated initial cost of maybe $500 would be required to automate this type of database search, secure the database, and send e-mails out automatically. After that, it should take maybe less then 10 minutes from receiving IPs in digital form to send notices out to customers. I’ve actually developed this type of database system for a small business client over a decade ago to handle his account receivables on payment due and automatically notify his clients through e-mails and texts of past due accounts (by using businesses records not IP addresses). This can be easily adapted to the copyright notice to notice regime, in fact most businesses, let alone telecommunication companies are already using this type of system.
What exactly are the legitimate expenses incurred by an ISP when having to search through their databases to identify subscribers? This question should be kept in minds of Canadians when looking at the current situation within copyright law, and mass surveillance. Torrentfreak did an excellent article today regarding getting a system like this in place for copyright in Canada, which will allow for copyright trolling, as long as the internet providers are paid a good profit out of the deal:
“The notice-and-notice law permits the government to set a fee for sending a notice that an ISP can charge. At the moment, it does not look like the government will establish a fee, preferring to wait to see how the system develops. Were this [business model] to come to Canada, the government might face increased pressure from ISPs to allow them to charge for their participation in the process,” Geist concludes.
Things get even scarier when looking at Telus’s response to the Teksavvy vs Voltage decision, comparing this with the prospect of future lawful access legislation:
“We respect our customers’ privacy and would not voluntarily provide such information,” said Telus spokesman Shawn Hall. ”That said, we fully support law enforcement’s need to access information to conduct investigations, and would comply with proper court-ordered warrants or any changes in privacy legislation.”
In my opinion, upping the costs associated with identifying subscribers will not deter abuse of privacy rights of Canadians, in fact what we’ve learned with the NSA disclosures, is that technology companies seem to be looking the other way regarding net citizens privacy. At least in Canada it comes with a cost, however what would be way more effective, would be to strengthen our privacy legislation to deter abuse, and profitability of that abuse of subscribers rights and allow for more targeted investigations by law enforcement.
Profiting from the abuse of the legal system, and abuse of users rights should be the last thing on the minds of our telecommunications providers. As Edward Snowden suggested yesterday in his presentation, it erodes trust within our digital communications network, and makes us less secure when those who would profit on such activities, are thinking more about their bottom line than actively participating in the democratic values of the society they serve. In order to build that trust back, those telecommunications and technology providers have to step up to the plate. Many already have from Microsoft to Yahoo, however Canadians need to be comfortable this is not going to happen within our telecommunications companies considering their position within copyright laws, let alone positions they have taken regarding government surveillance.
The equilibrium will be established through emerging technology currently in development. Technology innovation cycles are around 18 months, and we are now in the 10th month of the NSA disclosures. This means that tools being developed to secure communications due to the failure of the communications industry to date, will be soon available with ease of use to the regular net citizen. These tools will essentially force an end to mass surveillance used by governments and the copyright lobby. Not even you’re ISP will know what you are doing. The only way to route around that would be through installed spyware or malware, making it extremely hard to mass surveil anyone, and force law enforcement and government towards targeted investigations.
As a technology developer myself, I cannot wrap my head around technology companies not thinking about securing their customers information from abuse, let alone making a profit from such abuse. That to me is a breach of the fundamental trust of the principles most developers and service providers are taught. It’s made us less secure, and a huge uphill battle to regain that trust, when profitability and the bottom line comes first above everything else.
In August last year I wrote a post regarding the Lack of Privacy Is A Matter Of National Security . A lot of Snowden’s presentation does touch up on that subject regarding mass surveillance making our communications systems less secure. You can also view Snowden’s written testimony to the EU Parliament here. The EU will be voting on a resolution on Wednesday to delay trade agreements with the US over mass surveillance, and stripping US companies from immunity over legal liability over EU citizens privacy. It’s worthy to note, that the EU also has Canada’s privacy laws in it’s sights as well.
Snowden’s SXSW presentation is about an hour long presentation, however a must see for those of you in the tech development fields. An earlier copy of Snowden’s presentation today released by the ACLU was very hard to understand due to the audio eco’s. Here is a more cleaned up copy of Snowden’s SXSW presentation. Enjoy:
Industry Canada has released it’s priorities for 2014 – 2015. These priorities seem to suggest the government is extremely concerned about barriers put up by telecom sector to the use of e-commerce. It also suggests that days before the EU starts slapping the US around on privacy concerns, the Canadian government has sent a message that it’s willing to co-operate with the EU on changes to our privacy laws after a threat from the EU to review our privacy laws and possibly put the newly signed CETA trade agreement at risk as a result.
A few points worth highlighting regarding telecommunications policy:
This program develops legal and policy frameworks in the areas of spectrum, telecommunications, privacy protection and online security. It promotes the efficiency and adaptability of the Canadian digital economy by regulating commercial conduct and discouraging misconduct in the use of electronic means to carry out commercial activities and by working with the private sector to remove barriers to the use of e-commerce.
The above sounds like an attack on the use of bandwidth caps to me, considering governments previous language on the issue of usage based billing. If I was CRTC Chair Jean-Pierre Blais right now, I’d be very careful on how he moves forward on the bandwidth cap issue. It seems to me from the language displayed here, that Industry Canada is watching these “Let’s Talk” proceedings with a keen interest on the wider digital economy.
The below regarding telecommunications policy seems like the government got the message from the EU regarding our privacy laws:
Other elements will include: modernizing the privacy regime to better protect consumer privacy online; monitoring the implementation of Canada’s anti-spam legislation; and deepening analysis of Canada’s communications infrastructure.
Industry Canada will develop a multi-year work plan to fulfill its mandate within the Cyber Security and the Critical Infrastructure Protection strategies. The Department will also work internationally to develop standards that address cyber security and privacy concerns.
On March 12th, 2014 the EU Parliament is expected to raise it’s voice big time over the US’s NSA spying on EU Citizens. The threats thus far from the EU have been related to putting trade agreements on hold, and suspending the US’s safe harbor for EU data. The EU has even threatened Canada with a review of our privacy laws to see if they are adequate enough to protect EU citizens from unwarranted interception, which could put the newly signed CETA trade agreement between the EU and Canada at risk.
Will the language on privacy thwart a review of Canadian privacy law by the EU? I would suspect not, as the EU is extremely upset over the NSA spying, and those that have helped the US in this regard including Canada. What the language will provide however, is talking points for Industry Minister Moore should the EU have Canadian privacy laws in it’s sights.
On the surface the priorities of Industry Canada regarding telecom and privacy seem to be in-line with Canadians on these issues, however the devil will be in the details regarding future legislation to bring these priorities into law. Considering pressure from the EU on the privacy front, I’m hopeful that meaningful changes in our privacy laws are about to occur.