Lawful Access: spyware for cops - Macleans.ca

Lawful Access: spyware for cops

Everyone else is using “bots”, so why shouldn’t the police?

by

When I caution people about the coming Lawful Access spying laws, there’s often some confusion. Many assume that spying on the Internet is like putting a wiretap on a phone. So the police will be able to listen to my Skype calls and read my emails?

Sure. But it’s much worse than that.

Lawful Access does make traditional web surveillance easier, but it will also give the police access to your “basic information” without them having to get a warrant. “Basic information” covers your real name, your online identities, your email addresses, your I.P. address, your home address and your home phone number. If the police have one of these ingredients, they can use it to get the rest.

If you’re still not concerned, wait a bit…

Under Lawful Access, ISPs will have to build surveillance technology that stores this info and makes it available to the police. Right now, if cops go to your ISP and ask for your info (this happens all the time anyhow, often without a warrant) some human at your ISP will have to dig through your digital footprints to find it. Under Lawful Access, a police web portal will be built to automate the process.

This is hugely problematic.

First of all, what happens if (when) this portal gets hacked?  It won’t need to be a sophisticated hack, either.  If thousands of cops are assigned logins, how much do you want to bet that one of them will use “abc123” as a password?

But let’s assume this somehow never happens. Warrantless data-tracking is still very scary, for reasons the police themselves likely haven’t considered. As anyone who compulsively checks their email knows, once you automate information requests, remove every obstacle, remove human communication from the process and throw it all online with a big shiny “search” button, usage skyrockets.

When Sprint built a similar portal for cops to track cell phone users’ GPS coordinates, usage shot up to 8 million pings in just over a year. In their idle time, police can just fish around, see where folks are at, see which avatar belongs to which human, and play the portal like a video game, hoping to stumble upon a lawbreaker.

The next step, of course, is for the police to get automated as well. With unfettered access to a massive dataset of “basic information”, why manually run hunt and peck searches when you could just write an algorithm that’ll mash it all up and spit out the names of those statistically likely to be up to no good?

Does that sound like paranoid sci-fi? Maybe, but it’s all possible with existing technology, and is really just an extension of current trends in data analysis into law enforcement. If data is accessible, machine-readable and has predictive value, someone will build an app for that. Everyone else is using “bots”, so why shouldn’t the police?

When RoboCop comes, he will look like a line of code.

Jesse Brown is the host of TVO.org’s Search Engine podcast. He is on Twitter @jessebrown.