Bills C-46 and C-47: New Threats to Privacy on the Net
The conservative government, supported by the liberal opposition, is presently working hard to pass two laws which greatly expand telephone and electronic surveillance. Bills C-46 and C-47 are amendments to the Criminal Code and Criminal Records Act, respectively. While they are presented as criminal legislation they contain provisions of profound concern to Koumbit, as an Internet Service Provider (ISP). Canada presently enjoys an international reputation as a place of relative freedom on the internet - these changes would impose a level of surveillance similar to that practiced for decades in China, since 2001 under the Patriot Act in the United States, and in recent years in the European Union.
The proposed changes would force ISPs to log user activities and provide these logs and personal information on demand to any police officer. No warrant would be required, and the ISP could be required to conceal this breach of confidentiality from the user. The information in question includes a users:
- name
- address
- phone number
- e-mail address
- IP address
- mobile identification number (uniquely identifies your phone)
- the serial numbers of the equipment you have used
- the identification of your local ISP
- International Mobile Subscriber Identity (Uniquely identifies you worldwide but you don't have access to it!)
- cell phone's SIM card number (uniquely identifies you)
In addition to this information, ISPs would also be required to keep the content of all communications by their users. This includes encrypted communications, meaning that an ISP could also be required to decrypt and store a users communications with their bank or encrypted e-mails sent via Hushmail or using PGP. Access to this information would require a warrant, but it could still be subject to a gag-order that would prevent a user from learning that their communications were read.
The material costs of keeping all this information around will be tremendous, so the law plans compensation for these new spy services. ISPs have a legal and ethical responsibility to respect user confidentiality - inherent in this change to criminal law is the introduction of a substantual conflict of interest for ISPs.
It's important to note that all this information is already available to law enforcement; a judge can order you to reveal your passwords and decrypt your communications, and can issue warrants for the seizing of logs and other information from ISPs. What the proposed changes enable then, are ways of systematically accessing this information in secret and without judiciary oversight.
Koumbit will be taking position on these changes in the new year; in the meantime, we encourage you to inform yourself:
