Slashdot Mirror
Canadian ISPs Could Take On Big Brother Role
QGambit writes: "C|Net is reporting that the Canadian Government is considering a proposal that would force ISPs to keep logs of web browsing for up to 6 months, allow police to get search warrants allowing them to find 'hidden electronic and digital devices' and ban the possession of computer viruses.
Canada and the U.S. have both endorsed this proposal, contained in a cybercrime treaty of the Council of Europe. Both countries are non-voting members of the Council.
George Radwanski, Canada's privacy commissioner has not yet commented on the proposal."
I'm pretty sure the majority of people who are "in possession" of computer virii would rather not be, if only windows would stop executing them.
In all seriousness, though, how can you ban the possession of something that can be pretty much invisibly placed in your property?
So, here's the question. Why do they need to keep logs of web page accesses?
Such an initiative would likely be subject to a challenge under the Charter of Rights and Freedoms, so much so that it would likely not be introduced in the first place. Endorsing a foreign initiative is not the same as legislating a domestic one, and I think Canadians believe that sufficient personal freedom has been traded for security. Besides, like this would stop evildoers who know how to surf untraceably.
We are keeping Internet logs.
(We are at war with Eurasia.)
We have always kept Internet logs.
(We have always been at war with Eurasia.)
Ignorance Is Strength? Maybe.
But who is made the stronger through ignorance?
I mod down anyone who uses M$ in their posts. I like to live on the edge.
Well, dammit, if they want to violate my privacy on the Turnpike and at the airport, they may as well do something to eliminate spam, too.
Uhm... that's pretty stupid. It's like banning medical doctors from studying real viruses and bacteria.
If you don't know how your enemies weapons work, how can you possibly defend against them?
I, for one, hope that they *Do* institute this restriction... and then squirm and cry as they realize that they've closed themselves off to a huge section of tech development.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
and ban the possession of computer viruses.
So no more Windows?
Anyone who cannot cope with mathematics is not fully human. At best he is a tolerable subhuman who has learned to we
Canadian police agent: Sir, I found something very disturbing in this person's web history!
Canadian detective: Alright let me see it...
Canadian police agent: One second, here it is...
Canadian detective: My god what is that! is that man tearing open his own a.....
Canadian police agent: he followed this link from a site known as Slashdot.org sir!
GoatPigSheep, the 3 most important food groups
It could be a good idea for tracking down all those little script kiddies and real hackers that are out there to do harm, intentional or unintentional. But I know most of us don't want the RCMP being able to look and see what we have been doing on the web, especially if it relates to porn. Cause that is the only thing that is embarrassing. If they had a filter, of some magical sort, that would filter out all the porn transfers and keep everything else in the log, most of us would be ok with them keeping records of our internet use. Porn consumption is something everyone does and doesn't want anyone else to find out about. I know I have nothing else to hide but porn.
I guess it's pretty obvious, I need to set up as many old crufty computers as I can on my home network, and set them to relentlessly spider across the whole damn web. A few automated processes on a 3 megabit pipe ought to generate some pretty nifty monthly logs.
If the goverment is gonna search through my web-surfing logs, they're gonna at least have a hell of a hard time finding anything incriminating among all that pr0n! Nosy bastards, that'll teach them. If I feel particularly vicious I'll set one or two to recursively spider through Celine Dion's website. They'll go blind before they hit any good stuff.
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Also: Who decides if it is a virus? Would that include trojan horses? Computer virii are kind of like guns. I may personally hate both (especially guns), but how can you make one illegal without doing the same to other?
If the discussion draft were to become law, it would outlaw the possession of computer viruses, authorize police to order Internet providers to retain logs of all Web browsing for up to six months, and permit police to obtain a search warrant allowing them to find "hidden electronic and digital devices" that a suspect might be concealing.
Oh no! My BE-300 might become illgeal (and not for the valid reason of Casio shipping it with Windows CE 3.0.)
Seriously though, I doubt that any action will come of this in Canadian government. Speaking as a Canadian, hardly anything gets done nationally - if anything, the provincial government takes on a liberal or extremist form and enforces/creates what they want to.
Arguing that more and more communications take place in electronic form, Canadian officials say such laws are necessary to fight terrorism and combat even run-of-the-mill crimes.
I can say that monitoring gas stations for criminals is necessary, as the majority of criminals use cars. Besides, other things are necessary to fight terrorism and crimes, including proper funding for education and other non-invasive things.
The article does point out some truth; Canadian use of wireless and mobile electronics is significant and any database or cyberpolice created would kill anonimity. However, I feel that the average user (here, at least) is aware of the fragility of their situation, both with issues such as this (to 'prevent terrorism') and others, such as the DMCA and RIAA.
"CNN is reporting that the Canadian Government is considering a proposal that would force all convenience stores, transportation departments, department stores, ATM vendors, banks, owners of parking lots, institutions of public education, government offices, operators of sporting events, mass transit operators, and others to keep video tapes of the activities of others for up to 6 months, allow police to get search warrants allowing them to find 'bad things' and ban the possession of 'bad things.' Canada and the U.S. have both endorsed this proposal."
"There ought to be limits to freedom"
Wouldn't the law require the government to reimburse companies for the storage and equipment costs associated with such a mandate? I remember reading something once that the government could borrow or utilize property under certain circumstances and, in doing so, the government is required to provide compensation. I don't see how the same rule wouldn't apply to a circumstance merely because it involves technology.
"There ought to be limits to freedom"
Arguing that more and more communications take place in electronic form, Canadian officials say such laws are necessary to fight terrorism and combat even run-of-the-mill crimes.
Isn't it great how taking away basic rights can be justified by "We're doing it to stop terrorism." I don't see how taking away the rights of millions of people (and pissing alot of them off) will STOP terrorism. I do see how it could lead to more terrorism, by people from within the country.
If the discussion draft were to become law, it would outlaw the possession of computer viruses, authorize police to order Internet providers to retain logs of all Web browsing for up to six months, and permit police to obtain a search warrant allowing them to find "hidden electronic and digital devices" that a suspect might be concealing.
How do you even enforce that? How will they know if I poses a virus or not? How do you tell the difference between posessing a virus and being infected by one? If they have logs of all web browsing for up to six months what does that include? I'm pretty sure that the police need to ask the ISP for the logging to start on a particular user (they can't keep 6 months logs for everyone's web usage), but what would count as web usage? Will they be able to log my FTP usage and see all the unencrypted passwords?
I'd call this uneconomical. I've seen the records for one user for one year, and they take up megabytes of space for just that user. I can imagine a business with hundreds of customers, or even thousands. Furthermore, the ease of avoiding detection definitely makes this useless. Who cares if the feds have millions of packets labelled with the destination proxy.dude-on-a-t3.ca I'd also say that "possession of a computer virus" is a terrible thing to make a crime. Guess what? I possessed a computer virus on an old unpatched server until Norton caught it this morning! I didn't even put it there.
On that note, does anybody know if there's a canadian version of slashdot? Not necessarily the same thing, but some tech site which chronicles tech rights and such in Canada? Reading about the states is truly depressing, but I can do something in Canada.
It's been a long time.
As surprising as it can be for our friendly southern neighbours, this consultation isn't simply a formality for an already decided soon-to-become law. They put out this document as a point of departure for discussion on modernising Canada's laws with regard to the recent advances in telecommunications. This isn't the official stance of the government, it's a "well, we'd like to achieve such-and-such, and here's a possible way we could do it, waddayathink?" And here comes the really shocking part, they *really* do care about what we think.
/. that everything is going to hell in a hand basket, open your favourite mail reader and write to la-al@justice.gc.ca telling them why this proposal is a bad idea *and* what we should be doing instead.
Admittedly, I've never participated in a Department of Justice consultation before, but I've been quite active in the CRTC (Canadian Radio-television and Telecommunications Commission) public proceedings regarding the telecommunication industry (phone companies) and boy, did that restore my faith in the democratic institutions of Canada. What struck me as the most insane (in a good way) was that our voice as simple citizens was treated with the same importance as was BCE's (Bell Canada Enterprises) President! Several of my comments were even highlighted by the commission in it's final regulation proposal documents.
So don't panic, don't wine on
That's what I'm gonna do. Will you?
-Earthling
"I'm sorry, I had to; the irony was just too thick."
As an admin (like so many of you) for a small to medium sized regional ISP, I'd like to throw out some numbers here to give some people the idea of why ISPs monitoring users for very long is generally massively irritating to try to manage. For e-mail tracking (as merely my humble example), let's look in our example at an SMTP (not even counting POP, here) server which processes about 60k messages per day. We don't use unusually verbose logging, and we generally keep 24 hours of logs on rotation. Each 24 hours varies from about 120-200 MB. Okay, the math is easy enough to do. Let's monitor all e-mail transactions for 6 months (using the more conservative 120 MB figure): 120 x 7 x 4 x 6 = about 20.2 GB. That's not too bad in terms of our MP3 and DivX collections, but text logs? Yuck! I don't want to keep 20 gigs of logs on my server! If anyone comes to me (from an authority of some sort) and asks for logs that old, I have no problems givng them the explanation, "Sorry, we rotated them out. Buy me a new SCSI hard disk and pay us for the time to install it on our box, then we'll talk about old logs."
I am seriously concerned about the state of affairs everywhere. Noone would have ever even thought about doing this before 9/11. Every time something like this pops up, they say it's for my own safety? To protect me from terrorists that may use the internet as a tool to send messages to each other? That is utter bullshit. EVERYONE IS NOT A TERRORIST OR A CRIMINAL!! Whatever happened to "considered innocent until proven guilty"? Is everyone in Canada a suspect for a crime now? Everyone who has an internet connection should be worried about what type of precedent this sets. Even though I recognize that the events of 9/11 and other terrorism acts are truly atrocious, I cannot help but think that simple civil liberties are being abandoned for the sake of "safety".
What good is safety if I have no freedom to enjoy it?
in girum imus nocte et consumimur igni
I'm sorry for saying "wow, I'm so glad I am living in Canada when I see all the stupidity that Bush and his corporate cartel is pulling...." Seems like I should have kept my mouth shut.
Still, I'm surprised at this... I never thought I'd see this coming HERE in canada. Our prime minister is a Wanna-be, acts like one, and about everyone with common sense in Canada is often ashamed of him when he's doing public display. He wanted Canada to follow the war on afghanistan with united states to be in Bush's good will, just like that little guy trying to hang with the school's bully, while I understand this behaviour (and it was funny because our military here is such a joke. Not the soldiers themselves, but the vehicles are such a mess and almost a shame to drive/fly), ANYWAYS, that type of following is understandable (and for those who opposed, it's stille excusable in some perspective)
but if that kind of blattantly syping CRAP goes through, we might as well adopt the US dollar, adopt US legislation, give them 1/2 of our land in return to clear our debt and let them dump their waste here, and while at it, let them clear-cut our forrests so that there are no more Wood disputes with crazy duty taxes at the borders. I won't feel like I am in Canada anymore, sheesh... I can't beleive that only European countries are not dumb enough to be dictated by a few people and especially from other countries... Not that I hate the US, but I sure wouldn't want to live there as long as Bush is running the Country, I'd rather have a monkey with a water pistol as a president, than a monkey with a uzi.
--- Metamoderating abusive downgraders since my 300th post.
While I agree that this is definitely double-plus ungood, this has to make the front of national newspapers (in US and Canada) and be an issue that makes the evening news before anyone can even think of putting up a fight.
Big brother help us if this eavesdropping prevents a terrorist act or, more topical (and I don't mean to sound callous), another little girl from being abducted and murdered. There will be no going back there, since it WILL make the news with the wrong spin.
Look at the knee jerk terrorism laws that were suggested after 9/11. Once the MPs looked at them seriously, cooler heads prevailed nothing happened. Same shit all over again.
As for the Charter of Rights,this law would easily be shot down in court on a number of counts including:Any law that infringes on this even a little will get thrown out by the courts the first time the police come hunting for a search warrant. The fact that the ISPs are not stupid means they will not be willing to shell out the cash for an infrastructute of a law that would collapse on the first court challenge.
Just won't happen.
Having looked at the document on the Department of Justice's web site, it seems to me that the C|Net report exaggerates more than a little bit.
:)
The document isn't itself a proposal, it's a "Consultation Document," and has as its purpose to guide the modernization of Canada's Criminal Code, with respect to "lawful access" to electronic information. There are laws that are explicit about what the authorities have to do to be allowed to search my home and seize documents, for example; this document is directed towards coming up with similar laws for dealing with electronic property, which currently isn't so explicitly covered in the Criminal Code. The document lists many of the issues involved, and raises the questions that result, such as how long should an ISP be expected to preserve data when ordered to do so (i.e., not by default), and such as how the Criminal Code should cover interception of e-mail.
The only thing really proposed is this: "that all service providers (wireless, wireline and Internet) be required to ensure that their systems have the technical capability to provide lawful access to law enforcement and national security agencies." That's it; the rest of the document deals with how this should be implemented.
There. That should keep CSIS (Canada's version of the CIA) from putting me at the top of their "must eavesdrop" list. At least for a while.
Assuming that most coders who would be asked to do sucha despicable thing such as this, here are a few options:
1) Write it badly and/or ineffectually. Who'd know? They're all suits!
2) Backdoor it all to hell.. ala Ken Thompson's C compiler follies. Pass r00t access about globally via IRC. Render it all useless.
3) Share it with all your hacker buddies, via snail-mail.. (no radar)
I think it utterly impossible that these boobs can find enough skillful lackeys to carry these mandates out without creating a situation far more dire than the one they're fearful of.
Rebel! Don't collaborate!
They can't do this without US!
Don't be a Traitor!
Be a PATRIOT!
Brak: What's THAT?
Thundercleese: A light switch.. of TOTAL DEVASTATION!
Sorry for the grammatical irregularities. :)
I should have previewed more carefully.
You should get my drift
Brak: What's THAT?
Thundercleese: A light switch.. of TOTAL DEVASTATION!
I'd like to have the contract to sell them all the storage to hold 6 months of logs for every ISP.
Canadian officials say such laws are necessary to fight terrorism and combat even run-of-the-mill crimes.
Okay, so why exactly is it now easier to get a student visa or an immigration? Oh I guess that doesn't count, because they'll be bringing in some money.
If they're so concerned about our security, why have they yet to sign the Kyoto protocol?
Apparently, ripping us off from our money is not enough, they also need to control us.
Would this make the wearing of a T-Shirt, with say the source code for the "concept" Macro Virus printed on it illegal in Canada?
Can someone point out how this would be different than requiring the phone companies to keep 6 months of recordings of your home phone?
I think if it were looked at that way, people would realize how stupid and wrong this is. Why don't we start wearing embedded tracking devices and keep logs on that too?
Who said Freedom was Fair?
CRTC = Commission for Restrictions and Thought Control
With Linux CDs in hand I hope.
You are being MICROattacked, from various angles, in a SOFT manner.
"crimes get solved, missing people's last movements can be determined, terrorists located," ...
...
...
...
ISP employees get paid off, battered women get located by abusive husbands, children kidnapped by non-custodial parents, victims tracked by their stalkers,
All sorts of "good things"... yeah, right.
"Don't assume that everyone in power is corrupt"
Don't assume that everyone in power now will always remain in power (even if they do), or that there will never be a corrupt person in power, ever. The Clinton presidency "borrowed" a huge number of confidential FBI files. Adolph Hitler was democratically elected, and one of the first things he did was confiscate privately owned firearms using registration information that was not collected for the purposes of government confiscation.
"If you're clever enough to surf anonymously"
It's not the stupid bad guys we need to worry about.
-- Terry
Based on your arguments:
All programs are a form of discrete mathematics, and mathematics is in my books an artform. The freedom and creativity involved in writing a program is infinite and the people who right viruses can be very crafty.
I will say:
All biological agents are a form of DNA/RNA sequences, and all the possible DNA/RNA sequences is in my books an artform. The freedom and creativity involved in manipulating a DNA sequence is infiniute and the people who create biological agents can be creafy.
-- Note: These Comments are Generated by ME! Not You! ME!
After reading the article it is obvious that news.com's Declan McCullagh didn't read the discussion draft either.
As has been asked here already, how is this different from the phone company keeping recordings of private phone calls? I'll tell you, it's an order of magnitude worse. Web browsing isn't even a conversation. It's like recording which magazine articles one reads and which ads one looks at. The because-we-can philosophy is no excuse to treat web browsing any differently from any other form of reading. The practice of recording surfing habits at the ISP level may very well provide crime-fighting information, but the inhibiting effects of this level of surveillance could harm society far more than any bomb could.
Western governments may turn out to be Osama bin Laden's most effective weapon.
If you caught spreading a computer virus, the candian government would cram you in a jail with 11 other annoying "big house"-mates, put you on canadian televion for 24 hours a day, and the last person to get anally violated would get $500,000.
Ergonomica Auctorita Illico!
Well then thank God for pr0n. It's a sad comment on North American society that it's only the makers of commercial sleaze who are willing to stand up for our rights. You're right about it, most people wouldn't give a shit about restrictions on privacy or free speech if it wasn't for dirty little secrets. And the porn industry knows it, and laughs all the way to the bank. The sex industries have been at the forefront of free expression and privacy battles mostly because they directly concern their profits. But at least somebody's trying to draw a line in the sand. It's just too bad so few are willing to draw such lines on the principles involved, which are far more important than your (admittedly important) right to look at goatse man in the privacy of your own home, or to buy a lap dance....
Better check out href="http://www.perl.com/language/misc/virus.html #English
If you browse using your ISP's proxy servers, there are log files generated that can be retained. But I never do that. If you're going direct to the web, I don't think there are any logs generated, unless your ISP logs every packet. So I don't see how they can retain them.
..."how would the data both be recorded by and kept secure FROM the ISP?"
Short answer: it wouldn't.
There have been several instances, not well publicized for obvious reasons, where soon-to-be-former (8-)) ISP empoyees have sold mail server logs to SPAM'mers to obtain sender and recipient email addresses.
If the data is available, it's available. Even a crypto FS can be defeated (copy raw data, write zeros to file, read file, thereby retrieving the ciphertext pad, XOR - or whatever operation - the pad vs. the data, boom: cleartext back again, write data back to raw file: evidence of hack erased).
-- Terry
Sure, you can probably arrest a paedophile or two by monitoring his emails, but drug dealers and organised crime in general will be the first people to move to encrypting *all* their emails. Which is something even techies cannot do all the time. Why, you may ask. Well, it's simple: most e-mail users out there has no clue whatsoever about using encryption. When would Outlook Express, Mozilla Mail and Eudora have standard built-in OpenPGP encryption... (yes, I know plugins are available) Encrypt your mail today!
Michel
Fedora Project Contribut
How do you stop non-techies from going "Oh, somebody loves me! I'll just read this message... OHNOS MY HARDDRIVE!"?
- Peter
How is this a troll? It's early and short, but looks on-topic to me.
Every morning I possess about 20 KLEZ worms. After a few months
of KLEZ mailbombing I got "POP3 Scan Mailbox" and set it to schedule
anything over 50kbytes for removal, so at least they don't wear out
my modem any more.
CRTC = Canadian Roadblock to Telecommunications Competition
You back up that server regularly, right? As long as you include the logs in those backups, you're fine. You can just restore the backup somewhere else, and let the authorities look at them there. This is probably a better idea than letting them log onto your mail server (w/the rights to mess w/the logs) anyway.
Not having lived in Canada for the past seven years, I was a little surprised to read that they even considered such a plan (but only a little, since I remember the Federal and Provincial governments just loving to be intrusive into people's personal lives).
I looked up information on this issue, and found "CRTC WONT REGULATE THE INTERNET" at the CRTC website.
Seems someone, somewhere, had a flash of insight about the magnitude of even attemping such regulation (thank goodness).
First, if this is something else they're trying to use 9/11 as an example for... It won't do a bit of good. "Oh, there's one of the terrorists getting out of his car..." Six months after the fact, you can't stop the crime, and they've had six months to flee the country. Yes, maybe it'll catch a criminal or two, but I think actively trying to stop crime is more important than watching it happen six months in the past.
Another issue is the sheer amount of space ~180 days of logs could take up. Let's take the example of a camera... A really good time-lapse camera might be able to squeeze 24 hours onto a single tape. But now rather than having a couple tapes and rotating them, you now need 180 tapes, and somewhere to store them. Storing the URL of every file I access could grow really quickly. And if they're investigating truly illegal use, the URLs might not even work six months later. So are they now going to save local copies of all the pages I visit? I have 3 Mbps. In 8 seconds, I could get 3 MB of space. My entire neighborhood could fill up a few terabytes real quick. This is going to add massive costs to ISPs, and a lot of them seem to be in financial trouble anyway.
On a side note, if I advocated that the US Postal Service photocopy every envelope you send/receive (I won't even say that they open it), I don't think even the most conservative people would consider this a good idea. But why is it different if it's on the Internet?
________________________________________________
suwain_2
Also, it says that ISPs won't have to pay to bring existing networks into compliance (pate 10, item 3)
Since the internet is an "existing network", I guess this is just more blah-blah, blah-blah-blah, and that an argument could be made that, since the ISP doesn't have to pay, it doesn't have to comply
The requirement for a "data-preservation order" (page 14) would mean that ISPs would have to preserve the virus.
You shold be more worried about the rest, which includes new powers to search and sieze email
I'd file this under "more stupid lawyer tricks"
Yeah. And he should take Sheila "Long Live The Cable And Satellite Monopolies" Copps with him. I can wait to see her out of public office for good.