Online privacy

Vic Toews released an op-ed to many Canadian dailies, including the Winnipeg Free Press, on Feb. 25. He sought, in his words, to clear up “confusion and misunderstanding” around Bill C-30, the rather noxiously named “Protecting Children from Internet Predators Act.”

A veritable circus of Twitter pranks, radio gaffes and public apologies has grown around the bill.

Almost lost in the noise is the very exciting fact that for once in their majority reign, the federal Conservatives have been made to blink.

Their steamroller of legislation has stalled, and the bill has been forced back to committee.

While legislative review brought on by Toews’s extraordinary political buffoonery is by no means surprising, it is at least sufficiently rare that we should seize this chance to effect some real change. 

Likely this bill will pass, but consolidating the public outcry into substantive requests could make all the difference in how it affects Canadian’s privacy rights and the county’s Internet infrastructure. To safeguard these structures, we need to ignore the circus and attack the issues.

Central to the debate is the trade-off of cost and benefit.

Although the bill spans 216 pages, neither costs or benefits are explicitly laid out.

Toews is correct in saying that many police organizations have been requesting this expansion of power. They have, but they have also, since 2002, been categorically unable to make a case for their need - that is that their current investigative powers are insufficient., a non-profit organization that works to protect and advocate for the digital rights of Canadian citizens, released an internal email from the Canadian Association of Chiefs of Police, in which they canvassed members of police forces to submit cases where privacy laws interrupted with their investigations, admitting that they could not find “a sufficient quantity of ‘credible examples.’”

As to costs, even the Conservatives admit at this point they are unknown.

Building surveillance capabilities into the structure of the Internet is going to be an expensive proposition. Having this surveillance regulated and protected will cost more yet.

In addition, both costs will be incurred before a single bit of information reaches a police station. Will these costs be covered by the Internet service providers (ISPs) themselves, possibly forcing them out of business, or by the taxpayers at large?

Toews is being circumspect on the issue.

The scope of Bill C-30 is enormous - many times larger than is usually reported. In addition to the warrantless mandatory information that ISPs would be forced to provide, there is a wide scope of warrantless “voluntary” information, including email content and web browsing, that ISPs can submit to law enforcement, with no oversight, and with total civil and criminal immunity.

Since 95 per cent of ISP requests from the police are currently voluntarily fulfilled by ISPs, this should give you a good sense of the safety of your personal information.

A gag order established by Section 23 prevents any subscriber from finding out if their information has been released to anyone, ever.

Building surveillance capabilities into the structure of the Internet is going to be an expensive proposition. Having this surveillance regulated and protected will cost more yet

Furthermore, Section 14 of the bill defines the surveillance capabilities the government will expect from these ISPs, and it makes a daunting read.

The phrase “not otherwise specified in the law” is mentioned four times, meaning that this section gives the government exemption from all previously stated restrictions to the scope of the bill.

The section goes on to order that ISPs install any equipment deemed necessary by the Minister - meaning the government will be making the surveillance network, essentially according to its whims.

Will such a system be secure, ensuring only lawful access? If so, the government would have to have more technical savvy in network security than Google, whose email servers were hacked in January.

To ensure that their web is built, the government is granting itself enormous regulatory powers (while ignoring the requests for oversight powers asked for by the Canadian Privacy Comission).

Section 34 allows unlimited police inspection powers over any space owned by an ISP, containing even a single document suspected to come under the (enormous) purview of this Act.

Most troublesome of all, internal documents from the Ministry accept the fact that subscriber information will be accessed in non-emergency police work, meaning IP addresses might be traced for something as mundane as the return of stolen property.

So, what concerns you the most?

The warrantless access to your private correspondence? The gag orders? The undisclosed, potentially unknown costs? The total lack of evidential justification? Or the unlimited scope of government powers, involvement and enforcement, granted to themselves by override clauses?

A step backwards with this government is a rare thing to waste, and I urge all of you to contact your MP and raise specific concerns about this untenable bill.

Steve Currie blogs at Read his letter to MP Joyce Bateman there.

Published in Volume 66, Number 22 of The Uniter (March 7, 2012)

Related Reads