Lawful Access: spyware for cops

Everyone else is using “bots”, so why shouldn’t the police?

When I caution people about the coming Lawful Access spying laws, there’s often some confusion. Many assume that spying on the Internet is like putting a wiretap on a phone. So the police will be able to listen to my Skype calls and read my emails?

Sure. But it’s much worse than that.

Lawful Access does make traditional web surveillance easier, but it will also give the police access to your “basic information” without them having to get a warrant. “Basic information” covers your real name, your online identities, your email addresses, your I.P. address, your home address and your home phone number. If the police have one of these ingredients, they can use it to get the rest.

If you’re still not concerned, wait a bit…

Under Lawful Access, ISPs will have to build surveillance technology that stores this info and makes it available to the police. Right now, if cops go to your ISP and ask for your info (this happens all the time anyhow, often without a warrant) some human at your ISP will have to dig through your digital footprints to find it. Under Lawful Access, a police web portal will be built to automate the process.

This is hugely problematic.

First of all, what happens if (when) this portal gets hacked?  It won’t need to be a sophisticated hack, either.  If thousands of cops are assigned logins, how much do you want to bet that one of them will use “abc123″ as a password?

But let’s assume this somehow never happens. Warrantless data-tracking is still very scary, for reasons the police themselves likely haven’t considered. As anyone who compulsively checks their email knows, once you automate information requests, remove every obstacle, remove human communication from the process and throw it all online with a big shiny “search” button, usage skyrockets.

When Sprint built a similar portal for cops to track cell phone users’ GPS coordinates, usage shot up to 8 million pings in just over a year. In their idle time, police can just fish around, see where folks are at, see which avatar belongs to which human, and play the portal like a video game, hoping to stumble upon a lawbreaker.

The next step, of course, is for the police to get automated as well. With unfettered access to a massive dataset of “basic information”, why manually run hunt and peck searches when you could just write an algorithm that’ll mash it all up and spit out the names of those statistically likely to be up to no good?

Does that sound like paranoid sci-fi? Maybe, but it’s all possible with existing technology, and is really just an extension of current trends in data analysis into law enforcement. If data is accessible, machine-readable and has predictive value, someone will build an app for that. Everyone else is using “bots”, so why shouldn’t the police?

When RoboCop comes, he will look like a line of code.

Jesse Brown is the host of TVO.org’s Search Engine podcast. He is on Twitter @jessebrown.




Browse

Lawful Access: spyware for cops

  1. Brown

    You are seeing too many trees, not enough forest. You are living in authoritarian state where civil liberties can be suspended for weekend and nothing happens when police falsely arrest thousands of people. 

    While I agree your examples are hugely problematic there are bigger battles to be fought than Lawful Access spying laws.

    It’s easy to be skeptical when a police force investigates itself, especially when the investigation gives short shrift to the very events that fuelled public mistrust in the first place. And so while the Toronto Police Service’s “After-Action Review” of policing at the 2010 G20 summit contains good ideas to avert future riots, it leaves some key questions – the “whys” of some of its conduct – unanswered.

    http://www.theglobeandmail.com/news/opinions/editorials/little-trust-is-restored-by-the-toronto-police-g20-report/article2076357/

    • You’re absolutely right that the G20 was a disgusting abuse of civil liberties. But at least we could see the abuses as they happened.

      What scares me about these “Lawful” Access regulations is that civil liberties will be quietly violated. Rather than beating peaceful citizens in the streets, police will spy on their private lives with no oversight and no accountability.

      Our Conservative government is an enemy of basic rights and freedoms, instituting authoritarian powers without even basic controls. Rob Shift (below) calls to mind a cop stalking his ex-wife… does this new law even codify a response to that extreme abuse?

      Canada is getting the government it voted for, and it’s going to get it good and hard.

      • “But at least we could see the abuses as they happened.”

        So it’s ok when Liberals release full fury of The State against protestors because we can watch it on tv but it’s not acceptable that Cons want bureaucrats and private orgs to track people viewing kiddie porn and the like? 

        Why does it make a difference if its Libs or Cons or NDP that remove our civil rights? 

        I don’t like it when either party ignores, or tramples over, our civil rights to protest or assemble or speech. 

        Public hearings into police actions during the G20 in Toronto will help government understand what to do in future situations, Premier Dalton McGuinty said Wednesday as he again rejected a full public inquiry into abuses of civil rights during the summit.

        McGuinty also refused to apologize for the secret law the Liberal government passed last June governing police powers to detain and arrest people during the international summit.

        http://www.ctv.ca/CTVNews/Canada/20110601/g20-public-hearings-110601/

        • “So it’s ok when… but it’s not acceptable that…”

          If you’re going to restate my argument, you should avoid mangling it into a ridiculous caricature.

          The topic of *this* story is a law being written by our Conservative government. It’s not partisan of me to point that out, and I didn’t defend Dalton McGuinty or any other party.

          Sheesh dude, get out of the basement and get some fresh air.

        • Duh. G20 was a federal Conservative neoconderthal ballgame. Your knee-jerk angst is misdirected.

  2. I think the possibility of abuse far outweighs any investigative usefulness.  This is scary stuff.

  3. These projected behaviours make perfect sense.  If you build it, they WILL come (to take you away).

  4. One of the things I like least about this (in addition to the problems inherent in predictive data mining, (see http://www.idtrail.org/files/ID%20Trail%20Book/9780195372472_kerr_06.pdf) is the amplifying effect it has on the actions of “bad cops”.

    It is painfully obvious that there are a number of bad cops out there, I’m thinking Robert Dziekanski, G20, Ottawa Police abuse tapes. With the addition of a portal that police have access to, that allows them to search over all sorts of citizens’ personal data and fish with relative ease, the actions of “just a few bad cops” becomes a major problem.

    ICT amplifies an individual police officer’s abilities to do harm, to steal millions of records, to abuse thousands of citizens, to break the law really easily. With the obvious lack of police oversight hinted to by TonyAdams..ugh…

    The police don’t need lawful access (see Geist), nor do Canadians.

  5. Just wait for the first report of a police officer stalking his ex-wife through her web history; it will happen sooner than you think.

  6. Well I think we should grant police these powers. 

    Of course, in return, all government officials, police officers or any officer of the court must surrender any right to internet privacy. All their internet activity will be made publicly available whether they are on duty or off. 

    It won’t be a problem of course because if they’re doing nothing unlawful, they’ll have nothing to hide. 

    • I was wondering about that myself. 

      Will public employees be under same law as rest of us? 

      Read this story yesterday:

      The failed criminal prosecution of England footballer Steven Gerrard provoked so much interest among police officers that 130 of them breached data protection laws to view his file, it has emerged.

      Although most of the breaches can be attributed to interest in Gerrard, officers were also accessing files to check classified data about relatives, friends and acquaintances who had provoked their suspicions.

      http://www.telegraph.co.uk/news/uknews/crime/8600815/130-police-officers-broke-rules-to-view-files-on-Steven-Gerrards-trial.html

      • This is not new.  It is an old problem in any profession where confidentiality and celebrity collide – the exact thing happens in healthcare when a somewhat celeb enters the hospital.  Many people get caught looking up information that they have no reason to be looking at even though they have the access to it.  Believe me, they get disciplined.  The question is whether they pass the information on.  This employees are bound by the law to keep the information they have found confidential.

  7. Having developed intelligence systems for law enforcement (and having been a cop for over 17 years), I can tell you that a yardstick of ethics must extend into the very core of the technology. While there will always be “bad cops” there are, for the most part ethical minded public servants trying to do just that, protect and serve. The more information given, the greater potential (without guidance) there is to “see” something that isn’t there. A simple measure once told to me years ago by a homicide detective is, “Try to prove the person is innocent rather than guilty”, “If you can’t do that then you probably need to dig deeper”. The meaning being, if you are looking for data/information/evidence of wrongdoing, you will perceive it in the slightest way (because you are trying to do so). Conversely, trying to prove innocence will lead to solid evidence that warrants investigation.

    The other side is simply information being looked at by authorities, which happens all of the time now but usually without you knowing. For instance, you drive your vehicle (the plate is in plain view), you are video-taped hundreds of times per day and those films may be reviewed during an incident or by an automated process looking for activity. Email is scanned while it traverses the internet for phrases that could indicate subversive, terrorist behaviors. These are monitored by intelligence systems, and on, and on….

    The bottom line is this. High quality, ethical law enforcement personnel. Not politically minded or appointed. Citizen review committee for activities and harsh penalties for those that break the rules (not restrict everyone because of a few bad employees).

    • Since police officers rarely receive adequate penalties for indiscretions, I won’t hold my breath on ‘harsh penalties for those that break the rules”.

      At the very least, these tools need to go through a layer of bureaucracy to ensure that requests are being reviewed.  Seriously though, whatever happened to requiring a warrant?

  8. I guess I will have to stop posting when this comes in – someone is sure to come and lock me up.

  9. Why don’t we call it what it really is? The Digital Strip Search Bill. 

  10. Government data will be all over this as well. But not to worry there’s never been a scandal involving a politician, bizarre sexual practices and private emails. Ever! No really! Honest! Trust me!

Your email address will not be published. Required fields are marked *