Slashdot Mirror
Canadian ISPs Could Take On Big Brother Role
QGambit writes: "C|Net is reporting that the Canadian Government is considering a proposal that would force ISPs to keep logs of web browsing for up to 6 months, allow police to get search warrants allowing them to find 'hidden electronic and digital devices' and ban the possession of computer viruses.
Canada and the U.S. have both endorsed this proposal, contained in a cybercrime treaty of the Council of Europe. Both countries are non-voting members of the Council.
George Radwanski, Canada's privacy commissioner has not yet commented on the proposal."
I'm pretty sure the majority of people who are "in possession" of computer virii would rather not be, if only windows would stop executing them.
In all seriousness, though, how can you ban the possession of something that can be pretty much invisibly placed in your property?
Such an initiative would likely be subject to a challenge under the Charter of Rights and Freedoms, so much so that it would likely not be introduced in the first place. Endorsing a foreign initiative is not the same as legislating a domestic one, and I think Canadians believe that sufficient personal freedom has been traded for security. Besides, like this would stop evildoers who know how to surf untraceably.
We are keeping Internet logs.
(We are at war with Eurasia.)
We have always kept Internet logs.
(We have always been at war with Eurasia.)
Ignorance Is Strength? Maybe.
But who is made the stronger through ignorance?
I mod down anyone who uses M$ in their posts. I like to live on the edge.
Uhm... that's pretty stupid. It's like banning medical doctors from studying real viruses and bacteria.
If you don't know how your enemies weapons work, how can you possibly defend against them?
I, for one, hope that they *Do* institute this restriction... and then squirm and cry as they realize that they've closed themselves off to a huge section of tech development.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Canadian police agent: Sir, I found something very disturbing in this person's web history!
Canadian detective: Alright let me see it...
Canadian police agent: One second, here it is...
Canadian detective: My god what is that! is that man tearing open his own a.....
Canadian police agent: he followed this link from a site known as Slashdot.org sir!
GoatPigSheep, the 3 most important food groups
It could be a good idea for tracking down all those little script kiddies and real hackers that are out there to do harm, intentional or unintentional. But I know most of us don't want the RCMP being able to look and see what we have been doing on the web, especially if it relates to porn. Cause that is the only thing that is embarrassing. If they had a filter, of some magical sort, that would filter out all the porn transfers and keep everything else in the log, most of us would be ok with them keeping records of our internet use. Porn consumption is something everyone does and doesn't want anyone else to find out about. I know I have nothing else to hide but porn.
I guess it's pretty obvious, I need to set up as many old crufty computers as I can on my home network, and set them to relentlessly spider across the whole damn web. A few automated processes on a 3 megabit pipe ought to generate some pretty nifty monthly logs.
If the goverment is gonna search through my web-surfing logs, they're gonna at least have a hell of a hard time finding anything incriminating among all that pr0n! Nosy bastards, that'll teach them. If I feel particularly vicious I'll set one or two to recursively spider through Celine Dion's website. They'll go blind before they hit any good stuff.
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Whine, whine...oooh, they're spying on me again !!
So whats the big difference between this and the logs of your phone calls that get tracked right now ? They even get used for good - crimes get solved, missing people's last movements can be determined, terrorists located, etc, by appropriate use of phone call records. This seems pretty much the same to me, albeit on a more detailed scale.
For frig's sake, you live in a democracy, not a perfect system but the best known to man after many centuries of trying. Don't assume that everyone in power is corrupt and that all such record keeping is evil. It might actually be useful to track down terrorist fucktards for example. You don't hear people bleating about Telcos keeping call records.
And before trotting out the lame old slashdot mantra about how people can just surf anonymously or whatever - YES ! Thats the beauty of it ! If you're clever enough to surf anonymously then do it and this needn't bother you. Its there to help catch the stupid or technically challenged criminal, not the slashdotter and certainly not Dr. Evil either.
[x] auto-moderate all posts by this user as insightful
Arguing that more and more communications take place in electronic form, Canadian officials say such laws are necessary to fight terrorism and combat even run-of-the-mill crimes.
Isn't it great how taking away basic rights can be justified by "We're doing it to stop terrorism." I don't see how taking away the rights of millions of people (and pissing alot of them off) will STOP terrorism. I do see how it could lead to more terrorism, by people from within the country.
If the discussion draft were to become law, it would outlaw the possession of computer viruses, authorize police to order Internet providers to retain logs of all Web browsing for up to six months, and permit police to obtain a search warrant allowing them to find "hidden electronic and digital devices" that a suspect might be concealing.
How do you even enforce that? How will they know if I poses a virus or not? How do you tell the difference between posessing a virus and being infected by one? If they have logs of all web browsing for up to six months what does that include? I'm pretty sure that the police need to ask the ISP for the logging to start on a particular user (they can't keep 6 months logs for everyone's web usage), but what would count as web usage? Will they be able to log my FTP usage and see all the unencrypted passwords?
As surprising as it can be for our friendly southern neighbours, this consultation isn't simply a formality for an already decided soon-to-become law. They put out this document as a point of departure for discussion on modernising Canada's laws with regard to the recent advances in telecommunications. This isn't the official stance of the government, it's a "well, we'd like to achieve such-and-such, and here's a possible way we could do it, waddayathink?" And here comes the really shocking part, they *really* do care about what we think.
/. that everything is going to hell in a hand basket, open your favourite mail reader and write to la-al@justice.gc.ca telling them why this proposal is a bad idea *and* what we should be doing instead.
Admittedly, I've never participated in a Department of Justice consultation before, but I've been quite active in the CRTC (Canadian Radio-television and Telecommunications Commission) public proceedings regarding the telecommunication industry (phone companies) and boy, did that restore my faith in the democratic institutions of Canada. What struck me as the most insane (in a good way) was that our voice as simple citizens was treated with the same importance as was BCE's (Bell Canada Enterprises) President! Several of my comments were even highlighted by the commission in it's final regulation proposal documents.
So don't panic, don't wine on
That's what I'm gonna do. Will you?
-Earthling
"I'm sorry, I had to; the irony was just too thick."
As an admin (like so many of you) for a small to medium sized regional ISP, I'd like to throw out some numbers here to give some people the idea of why ISPs monitoring users for very long is generally massively irritating to try to manage. For e-mail tracking (as merely my humble example), let's look in our example at an SMTP (not even counting POP, here) server which processes about 60k messages per day. We don't use unusually verbose logging, and we generally keep 24 hours of logs on rotation. Each 24 hours varies from about 120-200 MB. Okay, the math is easy enough to do. Let's monitor all e-mail transactions for 6 months (using the more conservative 120 MB figure): 120 x 7 x 4 x 6 = about 20.2 GB. That's not too bad in terms of our MP3 and DivX collections, but text logs? Yuck! I don't want to keep 20 gigs of logs on my server! If anyone comes to me (from an authority of some sort) and asks for logs that old, I have no problems givng them the explanation, "Sorry, we rotated them out. Buy me a new SCSI hard disk and pay us for the time to install it on our box, then we'll talk about old logs."
Look at the knee jerk terrorism laws that were suggested after 9/11. Once the MPs looked at them seriously, cooler heads prevailed nothing happened. Same shit all over again.
As for the Charter of Rights,this law would easily be shot down in court on a number of counts including:Any law that infringes on this even a little will get thrown out by the courts the first time the police come hunting for a search warrant. The fact that the ISPs are not stupid means they will not be willing to shell out the cash for an infrastructute of a law that would collapse on the first court challenge.
Just won't happen.
Having looked at the document on the Department of Justice's web site, it seems to me that the C|Net report exaggerates more than a little bit.
:)
The document isn't itself a proposal, it's a "Consultation Document," and has as its purpose to guide the modernization of Canada's Criminal Code, with respect to "lawful access" to electronic information. There are laws that are explicit about what the authorities have to do to be allowed to search my home and seize documents, for example; this document is directed towards coming up with similar laws for dealing with electronic property, which currently isn't so explicitly covered in the Criminal Code. The document lists many of the issues involved, and raises the questions that result, such as how long should an ISP be expected to preserve data when ordered to do so (i.e., not by default), and such as how the Criminal Code should cover interception of e-mail.
The only thing really proposed is this: "that all service providers (wireless, wireline and Internet) be required to ensure that their systems have the technical capability to provide lawful access to law enforcement and national security agencies." That's it; the rest of the document deals with how this should be implemented.
There. That should keep CSIS (Canada's version of the CIA) from putting me at the top of their "must eavesdrop" list. At least for a while.
I've studied computer security in Canada and that involved discussing with the police what's involved with their investigations into IT crimes. In most of the cases, they can't really do much due to lack of resources and manpower. Logs would really help them out a lot in terms of tracking things down and trying to build cases. Our class was told that if we're working for a coproration and we're attacked, they can't really do much for us - the best thing we can do is use our logs to track down the attacker's ISP and deal with them directly.
I also now work for a Canadian ISP, so I've got a general idea as to how likely this is and how soon it'll be implemented...
Feel the fear and do it anyway.
Would this make the wearing of a T-Shirt, with say the source code for the "concept" Macro Virus printed on it illegal in Canada?
CRTC = Commission for Restrictions and Thought Control
"crimes get solved, missing people's last movements can be determined, terrorists located," ...
...
...
...
ISP employees get paid off, battered women get located by abusive husbands, children kidnapped by non-custodial parents, victims tracked by their stalkers,
All sorts of "good things"... yeah, right.
"Don't assume that everyone in power is corrupt"
Don't assume that everyone in power now will always remain in power (even if they do), or that there will never be a corrupt person in power, ever. The Clinton presidency "borrowed" a huge number of confidential FBI files. Adolph Hitler was democratically elected, and one of the first things he did was confiscate privately owned firearms using registration information that was not collected for the purposes of government confiscation.
"If you're clever enough to surf anonymously"
It's not the stupid bad guys we need to worry about.
-- Terry
I must state outright that I agree with the poster to whom you are replying. As I am a Canadian, when I first read this, I almost immediately fired off an email to la-al@justice.gc.ca (the privacy commissioner's office) stating that I was against the act. However, before I did this, I took the time to find the full text and I am very glad that I did.
First of all, this is a proposal. Just that. Nothing more. It is a suggestion that the Canadian Government look into the issue of passing and Act or Statute which will enable the lawful interception of computer data, in conjunction with the EU convention.
Furthermore, as I read the proposal, I realized that most of it made sense and that I agreed with it. It clearly mentioned in the preamble the Charter of Rights and Freedoms and its intent to uphold it. I was actually surprised to find that the documents authors' held true to their word: after every major section or point that they make in the document, there is a section entitled "Issues to be Considered" in which they outline every single one of the privacy concerns that had come to my mind while reading the above section.
As well, all the way through the document, considerable effort was made to insure that due process (namely search warrants) would have to be undertaken before any of these searches could be undertaken.
In all I was quite pleased at how the document was presented, but one item piqued my interest. When reading the subject regarding "Interception of Email" (which btw, dealt as much with criminal's interception of email as it did with law enforcement's) I was initially disturbed to find that previous, already passed legislation had determined that only oral conversations can be considered "extremely private". All letters, bothe written and electronic, are considered to be "private". This means that one only needs a standard search warrant to lawfully intercept these communications whereas to intercept oral communications, a police officer must present extra evidence to obtain a warrant. However, on reflection I think this seems reasonable.
I would now finally like to reply to your direct question by asking you another one: could you not think of ways in which internet logs could possibly be useful in a criminal investigation? Keep in mind this may also include times once a person has already been arrested and the crown is building evidence against them.
As has been asked here already, how is this different from the phone company keeping recordings of private phone calls? I'll tell you, it's an order of magnitude worse. Web browsing isn't even a conversation. It's like recording which magazine articles one reads and which ads one looks at. The because-we-can philosophy is no excuse to treat web browsing any differently from any other form of reading. The practice of recording surfing habits at the ISP level may very well provide crime-fighting information, but the inhibiting effects of this level of surveillance could harm society far more than any bomb could.
Western governments may turn out to be Osama bin Laden's most effective weapon.
Well then thank God for pr0n. It's a sad comment on North American society that it's only the makers of commercial sleaze who are willing to stand up for our rights. You're right about it, most people wouldn't give a shit about restrictions on privacy or free speech if it wasn't for dirty little secrets. And the porn industry knows it, and laughs all the way to the bank. The sex industries have been at the forefront of free expression and privacy battles mostly because they directly concern their profits. But at least somebody's trying to draw a line in the sand. It's just too bad so few are willing to draw such lines on the principles involved, which are far more important than your (admittedly important) right to look at goatse man in the privacy of your own home, or to buy a lap dance....