Lawful Access: a creepy Valentine from Vic Toews

No one will ‘read emails without a warrant,’ he says. Indeed, it may be much worse than that.

(Sean Kilpatrick/CP)

Vic Toews wants to make one thing clear: He does not want to read my email. His office reached out to me after I wrote this post, which detailed the inability of our police to find one good example of why they need new Lawful Access laws, to be tabled today.  Toews’ flack was eager to set me straight: “No legislation proposed by our Conservative Government will allow police to unlawfully read emails without a warrant.” Thanks, got it. Of course, I never said that it would.

What I said is that Lawful Access may actually be much worse than that. Lawful Access demands that cell phone providers and Internet companies (this could mean websites as well as Internet providers) re-engineer their networks for the purpose of surveillance.  To make sure these companies get and stay in line, the police will have new regulatory authority over these providers–the cops will be able to audit our networks and websites for compliance. Then, the police will have far easier access–in many cases warrantless access–to our data. I doubt the police themselves understand how invasive this is, and how much of a liability it presents.

Here’s a rule: If it is collected, it will be leaked. Forcing ISPs and websites to store vast reams of personal information, and to then build systems that allow the police to access it basically guarantees privacy seepage. And how many Videotron or Fido technicians will also need access to our private data, just to make sure the systems function? All it takes is one disgruntled employee posting their password online, and millions could be compromised in seconds. Toews should start writing his press release for this inevitability right away.

But wait, it gets worse. Michael Geist points out just one way of many in which Lawful Access will give police frightening new capabilities. With a push of a button, police could gather the mobile identity numbers of every person present in a certain area. It’s as good as a name. Geist uses the G20 protests as one instance where it may have been useful for police to instantly generate a list of people to keep a close eye on, or to arrest later. But hey, why stop there? If no warrant is needed, why not take mobile ID snapshots of crime-ridden corners every night? They could know who is standing where at all times.

If I was a cop, I’d take that over your Gmail password any day.

Jesse Brown is the host of TVO.org’s Search Engine podcast. He is on Twitter @jessebrown




Browse

Lawful Access: a creepy Valentine from Vic Toews

  1. Well see, Vic Toews is watching you to tell you he’s not watching you.

    I hope you feel safe now.

  2. What the…
    Did they just seriously write back to you to say, “No legislation will allow someone to break the law”?  I’m not sure which is worse.. how stupid they are or how stupid they think we are.

    What’s most scary is that I’m seriously starting to wonder at what point is armed insurrection justified?

    • You could just shoot a warning shot over their heads…

      • My aim is lousy, so with luck…

        Actually.. thinking about it more, that’s exactly the point Miller was making right? If a government becomes intolerable, the people should be able to rise up violently against it, which is why we shouldn’t register long guns, so the government can’t prevent it, right?

        So hell, even the CPC is suggesting we should take arms up against them.

        • If they thought the opposition was arming up, they’d have some sort of registry, compulsory purchase reporting  mechanism up and running in no time. 

    • “What’s most scary is that I’m seriously starting to wonder at what point is armed insurrection justified?”

      Careful…talk like that may result in your ISP being first on the cops’ to-do list. 

      • Mine’s one of the big major ones, so I’m sure it already is.

    • If this should go through serious thought should be given to a sort of : “Here we are and we are all armed and dangerous” protest. You know, gum up the works, flood them with useless bogus data…like in Zoro..”.I’m zoro, no i’m zoro”, sort of thing…but maybe a little more contemporary eh!

  3. Sounds like retread of the “nothing to hide nothing to fear” argument. How many times does that one have to be torn apart?

    “…The deeper problem with the nothing-to-hide argument is that it myopically views privacy as a form of secrecy. In contrast, understanding privacy as a plurality of related issues demonstrates that the disclosure of bad things is just one among many difficulties caused by government security measures. To return to my discussion of literary metaphors, the problems are not just Orwellian but Kafkaesque. Government information-gathering programs are problematic even if no information that people want to hide is uncovered. In “The Trial”, the problem is not inhibited behavior but rather a suffocating powerlessness and vulnerability created by the court system’s use of personal data and its denial to the protagonist of any knowledge of or participation in the process. The harms are bureaucratic ones—indifference, error, abuse, frustration, and lack of transparency and accountability…”

    http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

  4. “…Another potential problem with the government’s harvest of personal data is one I call exclusion. Exclusion occurs when people are prevented from having knowledge about how information about them is being used, and when they are barred from accessing and correcting errors in that data…”

    “…This kind of information processing, which blocks subjects’ knowledge and involvement, is a kind of due-process problem. It is a structural problem, involving the way people are treated by government institutions and creating a power imbalance between people and the government. To what extent should government officials have such a significant power over citizens? This issue isn’t about what information people want to hide but about the power and the structure of government…”

    http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

    • I agree with and admire your arguement, but don’t you think all of this is way over the head of Vic Toews and probably most folks who sit around the cabinet table with Stephen Harper?  You need to reduce your arguement to a sound bite that will enage with conservative voters, such as “the government is taking away your liberty”.  For Harper “the message” is a substuitute for policy. 

  5. “No legislation proposed by our Conservative Government will allow police to unlawfully read emails without a warrant.” 

    Technically true maybe, but then again, the Criminal Code of Canada ALREADY allows for the police to “lawfully” read emails without a warrant, in some circumstances:

    Section 184.4:  
    A peace officer may intercept, by means of any electro-magnetic, acoustic, mechanical or other device, a private communication where
    (a) the peace officer believes on reasonable grounds that the urgency of the situation is such that an authorization could not, with reasonable diligence, be obtained under any other provision of this Part;
    (b) the peace officer believes on reasonable grounds that such an interception is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property; and
    (c) either the originator of the private communication or the person intended by the originator to receive it is the person who would perform the act that is likely to cause the harm or is the victim, or intended victim, of the harm.

    • Exactly.

      What people don’t seem to get is that “merely” having the information allows them to do all sorts of things that are essentially untraceable. Unless there’s a willing “snitch” within the system, there’s virtually nothing to stop them from tapping a person’s cellphone, reading their emails, texts, facebook pages, nothing to stop them from checking people’s bank accounts, spending habits, sexual preference etc etc and there’s also nothing to stop them from following someone’s physical location via their cellphone 24/7.

      And as our society becomes even more integrated with technology, the list only grows.

      Essentially this law will create everything needed for a surreptitious police state, and once they accumulate enough information on a “target”, it becomes easy to source secondary evidence they can use for the “warrant” while revealing nothing about how they got that information in the first place.

      That may seem fine to some, but given the secret nature of it, surely no one honestly believes that it won’t be abused?

      Coming from a party that excludes people based on perusing their facebook pages, I should hardly think that greater hidden power would be less abused.

    • I was about to sign up LKO, but I am now fearful of putting this kind of info on-line! I fear that the Cons want to use it to infiltrate anyone who would protest against them. I’ll bet we haven’t seen anything yet as far as what they’re planning to do, and they know us “lefties” may revolt.

      • Sign it. Don’t get scared yet; it’ll just increase their chances of ramming this kind of shit through.

        • Agreed. If enough people sign it you’ll be fine – there’s protection in numbers; heck i bet there’s more than a few conservatives signed up. This shouldn’t be a partisan issue. 

      • I get that, but if they round up everyone who signed that petition they’ll be rounding up a LOT of Tory supporters. Check out the comments to the stories on this over at the National Post. People that I often disagree with VEHEMENTLY, and who would only vote for a party other than the Tories if they could find a party to support to the Tories’ RIGHT are EXTREMELY upset about this legislation.

        The people who truly believed that the Gun Registry and the Mandatory Long Form Census were an invasion of privacy will not stand for this b.s. Not all of the Gun Registry and Census opponents were sincere in their advocacy of the privacy rights of Canadians of course, but MANY were, and they’re not happy.

  6. This might be an easier pill to swallow if one had confidence in our police, who have done little to earn that confidence with their death-tasering, “Mr. Big” stings, sexual harassment and documented rapes and beatings of innocent Canadians. Suppose you lip off a cop over a jaywalk or traffic ticket confrontation — the potential for ‘revenge’ is frightening to say the least. This government obviously believes that the majority of Canadians are criminals. I don’t think they have received a life-time mandate — a couple of years and they will all be tossed out on the street by angry voters.

    • For the past six years, the police have modelled their behaviour on that of the Prime Minister of Canada.  This is personified when Toews says “you are either with us or with child molesters”. 

  7. “But hey, why stop there? If no warrant is needed, why not take mobile ID snapshots of crime-ridden corners every night? They could know who is standing where at all times.”

    Indeed why stop there, when there are eco terrorists, pipeline critcs and ungrateful FN’s to be labellled adversaries?

    Question for you geeky types – is it conceivable if this were to go through as is that new technology, even black market technology will become available to block or confuse police access to our private data info? Or are we screwed once they pu the arm on the servers and ph guys?

    • Extremely difficult to get around, unless you use satellite internet/phone, because the people who provide that last mile of service between the internet and you are the ones the police are allowed to monitor.  

      If you go to satellite providers, however, they can be based in other countries without such draconian laws over internet monitoring, for example Chavez’ Venezuela.

      That said, you could choose to encrypt everything you send, but they’d still be able to see what you received, unless you choose to only use sites that are similiarly encrypted. And while I expect most forms of encryption can be broken by certain U.S. intelligence agencies, I don’t know if Canadian agencies have similar capabilities. Certainly the cops don’t.

      Or, if you’re not worried about getting other people into trouble, hack into your neighbor’s wireless and use their connection. This also saves you from having to pay the fees, and lets you know when the cops have you under surveillance when the swat team hits that house down the block.

      edit: Thinking about this more, as ever, the law of unintended consequences suggest that this law may have the absolute opposite effect than even that hoped for by the CPC. Why, one might ask, are our police forces able to find and arrest child pornographers now? Mostly because they feel fairly confident in being able to be lost among the internet.

      Will this law cause them to take additional steps (such as encryption) to protect themselves that they normally wouldn’t have? Steps which are actually effective?

      • The law of unintended consequences will almost certainly apply in any case, that’s a given.

        Encrytion eh…i could get some one to run up a one time pad in Dene for me but that’s likely googleable theses days…. maybe i’ll go back to snail mail and encyclopedias, that oughta fool em for a while.

    • To get around the internet monitoring, one invests in a proxy server or an another form of internet anonymity tool like TOR. With tools like this, all your ISP can respond to a request for information with is “They spent 4 hours talking to that server over there. Good luck getting them to tell you what they did”, because now all your requests are being handled by a third party and it’s just feeding the results back to you.

      That’s the easy stuff: the various darknets are where things get really fun.

      This is why the law is pointless internet side and  why we really shouldn’t have people who have no clue how the internet really works trying to write/defend laws about it: actual criminals know how to get their ISPs out of the loop and, in the case of Child Predators, they share this information widely because they are very aware they’re being hunted.You could use this to argue against programs like TOR – “We Should Outlaw this evil software!!!!!” – and even point out the reality that it’s used by actual child pornographers but…. then…. it’s also used by political dissidents/residents in China and Iran to communicate with the outside world while avoiding their firewalls and security forces. This stands to remind us that it’s not the software that’s evil, it’s the uses that people choose to put it to.

      • Thx.So basically this new law will act as a drag net to round up the little fish on the internet and harass the rest of us? All the while the pols will brag about how they are keeping us all safe. Why am i not surprised.

      • Curious.. how does your home internet connection reach the proxy server without going through your local ISP?  Does a magical cable connection that runs directly from your house to the proxy server suddenly get laid?  Your bits go somewhere from your house — if they run through any sort of cable, then they run through equipment that is controlled by companies that have to pay attention to this law.

        Things like TOR may hide who you’re sending to, but they still don’t make your emails and traffic invisible to your ISP.

        • Your ISP can’t log anything other than what you’re connecting to unless one expects them to log every bit you transfer which basically becomes fruitless once you throw an encryption layer over it and would, in addition, be ridiculously insane to try and implement a requirement to log all that data for everyone, all the time on data storage requirements alone. 

          So the most one can legitimately expect is that the ISP will know you’ve connected to TOR, but that doesn’t really tell anyone where you went from there and TOR exists explicitly to hide that information.

          Meanwhile, as long as you don’t use your ISP’s email server – or move your email to a server specifically out of country: expect parties to start providing such if the law passes – you’ve bypassed any legal requirement to comply with Canadian law for your email and… we’re back to having to store every bit that moves “the last mile” from your ISP to your computer in order to read it. 

          Again, something that’s technically infeasible. You could do it for a person – and in compliance with a warrant that is something that should be available – but to do it for everyone, all the time, would require a server farm that would make 1960′s computer rooms look positively small in comparison and never stop growing unless you hard capped time to deletion requirements. Even then, as bandwidth increases and people move more data…

          • Perhaps you should understand what the bill says before you make yourself look even more foolish.

            Tracking everyone all the time is not the point, nor the concern. The concern is the cops being able to go to the ISPs, without a warrant, and say “Give us what this guy is doing, right now, and start providing us copies of all of that in future.”

            Neither TOR, nor proxy servers, do anything to alleviate this.

            And you’re right, if it’s encrypted, they’re hosed. But who gives a crap? The question is should we have to encrypt all of our activities in order to ensure that government doesn’t misuse any information we might send?

  8. Hmm.  Having achieved this turn of the ratchet, does this suggest that the next stage will be mandatory cellphone use?  I mean, how can the fuzz keep tabs on you if you don’t have one of these things?  Might you be more suspect if you don’t?  

    • I have a cell but don’t use it very often so I just store it in the local crackhouse.

      I am so screwed.

      • Only a crack user wouldn’t use their cell phone very often. I see a case building…

  9. “If it is collected, it will be leaked.”

    Then throw the people in jail who leak it. Telcos collect the information today for lawful access, and have proper security procedures in place to protect it. When was the last time that was leaked? Journalists acting illegally in the UK have demonstrated that the media are the ones to be frightened of.

    • You’ve heard of hacking? Of course you have.. that’s what the media did that you’re so upset about.

      Collections of information are prized targets for hackers. Especially internet transactions, because they enable identity theft. Simply saying, “Well we’ll jail the hackers” is no answer, because often we have no clue who they are, and often they aren’t even in our own country. Far better to alleviate the problem by not collecting the information in the first place.. especially when there’s no need to do so, as has been amply shown for the case of what this legislation provides.

    • Doesn’t have to be leaked. It can be lost. Look at the UVic security breach of a few weeks ago – unencrypted SINs and banking info of thousands of employees stolen in a casual break-in. Do you trust everyone who collects and stores that information to be competent? 

  10. Vic Toews also thinks torture is okay.

  11. I’m sure Vic wouldn’t mind if we citizens were allowed to look at every last scrap of data on any computer he’s accessed, and read his e-mails.

    You know, just to make sure he’s not one of those child pornographers he claims the bills opponents are.  Can’t be too sure, right?

  12. wow these guys are idiots! the constitution does not allow legislation to violate our rights for fuck sakes,,, when are they going to fuck off with theri statute laws and remember section 52,,,, NO FORCE OR EFFECT! LEGISLATION,,,,,, IT ONLY APPLY S TO THEM!

  13. Just look at his nose, he has an alcoholic nose and his eyes are that of a physopath! 

  14. I am disgusted at Vic’s comments.  I really hope Canadians wake up and nip this one in the bud.  

  15. The G20 is a useful and poignant example of what lengths police will go to when incited by paranoia, suspicion and partisan propaganda. With the completely unsatisfactory follow-up investigation and failure to address that massive breach of civil liberties by the three largest police forces in Canada, it’s difficult to trust  police with the powers they have now, let alone more.

  16. I just wanted to point out that this legislation comes from the government that deep-sixed the long-form census because it was too intrusive.

    Principled bunch, these guys.

  17. When this goes through, there will be no such thing as privacy anymore. 

  18. I’ve been surfing and searching the internet heavily for random data on random items since early 1996.
    not ONCE have I came across child porn or anything like it. It’s an excuse…plain and simple, and if there is actually a bunch of child porn guys out there…….nobody in the Canadian Government’s spy system is going to catch them….that will be up to the US Government, because they already own us.

    This is one more creation of the Harper (used to be Canadian) government to get yet more control.

  19. This comment was deemed inappropriate by the RCMP.  Macleans’s has sent poster’s personal information to RCMP headquarters, Ottawa.

  20. The government is planning to solicit high school students to monitor Internet activity.  Brown Shirts, as they are to be known, will peruse the Internet as police deputies, reporting to Vic Toews’ Centre Bloc Office. 

  21. Yes Vic, and criminals are the only ones who need rights.

    Great.  As if police don’t have the ability to do whatever the f they want to do now.  Our government has a hell of a lot more faith in this already power-crazed bunch of high school graduates than any member of the public.

    The usual question remains — Who is going to police the police?

    The ‘internal investigation’ invariably erodes trust and respect for police.  This law would hugely expand the scope of their ability to abuse their position of power.  If any cop doesn’t like this post, they can  trace my IP address through my ISP and ruminate on how to make me pay.

  22. If the data is properly encrypted using a strong algorithm like 256-bit AES, I don’t understand how the cops can read any data without the key.  It stands to reason they can get the key from a central registry if a third party generates and furnishes the key and ensures the key is uniquely associated with every particular individual’s data.  If I generate and maintain secrecy of the key, I don’t understand how the cops can use the data as it will simply appear as gibberish.  i.e. they can identify who participated in the communication because the IP addresses won’t be encrypted, but the data payload or ‘conversation’ will remain indecipherable.

    If they are poking a hole in AES so ‘the good guys’ can break encryption, that means ‘the bad guys’ can break it too.  Say hello to a brave new world for online commerce.

    With a symmetric (meaning the same key is used for encryption and decryption) algorithm like AES, every participant in that conversation has plausible deniability of the encrypted content of the communication.  i.e. any and every participant in that communication can encrypt anything before sending it out over the wire, using the same key.  Thus every participant can claim ignorance and disproving their claim would be difficult, under the burden imposed on criminal prosecution.

    The fly in the ointment for data security resides in the new frontier of quantum computing.  Candidly, I do not know enough about quantum computing to discuss how it would affect the security of AES encrypted data.  I know enough to say that it has cryptographers worried.  Do ‘the good guys’ have the ability to break encryption using quantum processing?  There again, ‘the bad guys’ can do whatever ‘the good guys’ can so this would render encryption pointless.  If the content of the data stream includes credit card numbers, this sort of high value information would give organized crime the incentive to spend a few million on a quantum machine and pay off a few ISP tech’s to provide them with access to the same information the cops can get.

    The bottom line here is, by engineering a security hole into their networks so the cops can see whatever they want, the same hole will ASSUREDLY be exploited by organized crime.  Engineers are not being heard in this regard, I suspect.  Never let a politician or a cop near math or technology they don’t understand.

  23. They’re arguing that for the sake of catching a certain type of criminal representing less than 1% of the population; they need warrantless access to 100% of the population’s personal life?
     
    Are you kidding me?
     
    Do you know what your average computer expert can do with your IP details related to your computers and phones? All without anyone being the wiser? For Pete’s sake, I can track my kid’s location within 10 metres via his cell phone with just conventional technology I downloaded from the internet!
     
    Are we going to rely on the ISPs to rat out cops if they abuse the backdoor access?
     
    Do we really believe this isn’t an expressway to personal information that hackers will have a field day with?
     
    Cops already routinely get in trouble for conducting searches without proper warrants. The incidents of abuse of the license plate database are well known. For god’s sake they cover each other with lies all the time, even when people get KILLED ON VIDEO IN THE PRESENCE OF DOZENS OF WITNESSES!
     
    So what do you think will happen when they can troll the internet tracking anyone’s IPs with so little oversight?
     
    Does anyone honestly think they’ll be concerned about the warrant when they can get everything they need to fish around in people’s accounts without it?
     
    They can get the information they need to sneak around without a warrant, but honest, they won’t use it until they get the warrant… Yeah right!
     
    Again, who do they think they’re kidding?

  24. This government is completely out of control and, should never have been allowed to govern let alone with a majority.  The only way to stop the Harper led CONservatives is to vote them out.  As it is now, Harper is reforming Canada as a country under the rule of a fascist style government. 

  25. and he gets paid by our tax dollars to think and talk like this!!!!!!!!!!  only in Canada you say, pity

  26. Why are we even having to argue with these jerks about what is clearly an egregious overstepping of their mandate?

  27. To advocate political change through armed insurrection is a crime in Canada. A terrorist crime. A crime strengthened by Trudeau’s Liberals which made Marxism illegal. Marx’s material determinism and Hegelian idealism dictates a dialectic with an end result or armed conflict between the one percent and the 99. If my theoretical, even though inevitable, philosophy is illegal, then the specific targets and modus operandi are grounds for a search warrant or hot pursuit if the threat is immediate. In addition to the open calls for assassination (Pat Robertson on democratically elected Hugo Chavez, Fox News regarding Obama, and all the Republican candidates for promising war against Iran (and Syria, and Libya, and Egypt, and Lebanon, and Iraq, and Afghanistan, and Pakistan, and Russia, and Venezuela…..). Unfortunately, these calls to arms are justification for legislation to round up the criminals on the Net. Every Comment section, of every major mainstream publication, is in constant breach of the Hate Literature Section of the Criminal Code of Canada. One newspaper in Toronto, (not a broadsheet), lead editorial actually advocated acts of piracy against refugee ships approaching Canada’s water. The first bomb would cross the bow, and the second, if necessary would be midship. The refugees, almost all women and children, were accused by the federal government of containing amongst them, a shadow terrorist government of Tamils, common criminals and terrorists and a multitude of infectious diseases. They were rumoured to be armed. None of it turned out to be true. If Canadians are permitted to commit terrorist acts, advocate armed insurrection, murder, piracy, war crimes, torture, invasion, extraordinary rendition, in the mainstream press, is it any wonder the lawlessness of the internet. Use the Criminal Code and moderators to remove illegal material. There is no room in political discourse for violence or for condoning violence in Canada. It is not only unacceptable it is illegal. Toews’ gutter life and gutter finger-pointing is wrong and actionable. It is not the first time the Tories have accused the majority of Canadians of being pedophiles. Harper did it in the 2004 election. It is a libel. And it is an insult to the process.
     

  28. If this country is “the true north strong and free”, why do law-abiding citizens have to be monitored like criminals?

Your email address will not be published. Required fields are marked *