Slashdot Mirror
Canada To Mandate ISP Deep Packet Inspection
An anonymous reader writes "The Canadian government has proposed new legislation that would require ISPs to install deep-packet inspection capabilities. The proposal includes a laundry list of
surveillance requirements, police review of ISP employees and technologies, and the mandated disclosure of a broad range of
subscriber information without any court oversight."
....that it fails.
...you don't need a department of Homeland Security to trample on your rights.
This sounds expensive. Who is going to pay for it? The ISPs? The government?
Strong encryption, it's not just for financial/health/etc. transactions anymore!
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I hope the Pirate Party of Canada runs in my riding this year. Digital privacy is obviously not a priority for the current government.
And use ssh or equivalent for everything else. The criminals/terrorist will already be doing this , its only ordinary Joe Public who the authorities will be snooping on. As usual.
it won't do them much good without my PGP key. Packet inspection will just trample the rights of those with nothing to hide in the first place. Those with something to hide will just use encryption and/or other concealment methods like steganography.
are so many governments so assholish?
Hi. Can we stop using the term "laundry list" please? Nobody makes a list of their fucking laundry anymore because it's all disposable now. Thanks!
Yeah, and get ready to be flogged with a wet noodle until you give up your passwords... And if that doesn't work, just expect an outright ban on "unauthorized" encryption... unreadable packets will be dropped
For justice, we must go to Don Corleone
Looks like Canada will be "inspecting your packets" like the TSA here "gropes" and "x-ray's" our "packets".
I am starting to wonder when VPS companies will start taking off, stock-wise. With the screws tightening all around the globe, it is only a matter of time before the average person starts using a VPN for all their Internet traffic, most likely in another country.
Canada forcing this is stupid -- as of now, the crooks are fairly easy to catch (as few use encrypted services). However, if countries keep pushing, everyone (including the bad guys) will start moving their traffic offshore. Result, police work which was moderately difficult becomes completely impossible without international cooperation on even the smallest case. Even with treaties making it easy, there will be exit nodes (Tor or commercial VPNs) in countries who have not signed them.
Of course, the next step is trying to actively block VPNs, but that changes the game from passive eavesdropping to active censorship, and escalates the cat and mouse game.
- source: infowars.com
Way to drain all credibility from your post. :P
"That which does not kill us makes us stranger." -Trevor Goodchild
>>>Strong encryption
Tell me how to implement it on Firefox and Utorrent. Please and thank you.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
So basically, you are sending them a red flag that you got something to hide? SMART!
PGP-nerd: "Gosh, I got a 4096 key, nobody is ever going to break this, I am safe"
Agent A to Agent B: "We can't break his key, break his knees."
Freedom is NOT won by finding loopholes around laws but by fighting bad laws.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Firefox supports https, not sure on utorrent, but most of them support talking to only encrypted peers.
The second prong requires Internet providers to dramatically re-work their networks to allow for real-time surveillance. The bill sets out detailed capability requirements that will eventually apply to all Canadian Internet providers. These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.
OUCH!
So who is Big Brother NOW? And what's the difference between this and tapping your phone and intercepting your mail?
He who knows best knows how little he knows. - Thomas Jefferson
And open every letter and package in the postal system? Nobody would consider eavesdropping on every phone call acceptable, so why do sheeple accept the idea of eavesdropping every single internet connection?
Congrats! Canada is now even more like the US. You guys must feel proud.
I'm sure there's a video floating-around to back-up the website..... if not that specific event, then another one where a citizen is having his/her computer scanned for nudie pics. Doesn't Australia have a similar law that carrying even one photo of a topless woman across international border is a crime? I wouldn't be surprised if Canada has the same restriction.
Just now I heard on the radio that an American is being punished $11,000 by the U.S.G. because he refused to be scanned, or prodded, and they told him, "You cannot fly." So he canceled his ticket, got a refund, left the airport, and was arrested.
Apparently once you enter an air terminal, you no longer have any rights... except to submit to the US Gestapo.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
It is a heck of a lot easier to store indexes of people's communications via the Internet than it is to do physical objects. If someone wants to dig up dirt on a target (say to find charges to put them in jail as revenge for them dating an ex), it isn't hard to do. Disk is cheap, and it is easy to filter out chaff and store the juicy stuff indefinitely.
To boot, the information also has a lot of secondary value to marketers and advertisers.
Check the "Enable Encryption" checkbox in setttings. I thought that it was defaulted to enabled for years? Maybe I'm mistaken.
DNA -- National Dyslexic Association
Bleah, hate to reply to my own post, but the reason why people don't care about DPI as a whole is because they don't know or don't care. They are also used to "well, SOMEONE knows what I do on the Internet at all times", and being watched constantly online, either by LEOs, or private companies looking to slurp knowledge about someone to sell for a buck.
morons.
Yours In Osh,
Kilgore T.
Infowars? Okay. Maybe you can point to me where in the criminal code this is, because it's sure not in my 2011 edition. And it's sure not part of the CBSA code.
Om, nomnomnom...
Gamers in Canada are fucked! That's right, filtering hardware will be over-subscribed for their network. At least at first. Then, your monthly bill is going to go up to pay for all that hardware and bureaucracy.
And the best part. American politicians are CRYING because they do not have that kind of POWER....yet. That's right, they're jealous of what Canada now has.
Life is not for the lazy.
There is currently a by election in Winnipeg North, Dauphin-Swan River-Marquette and Vaughan.
The Pirate Party is present in Winnipeg North, and will stand against the spying on everyone mentality of the Conservatives and Liberals.
http://www.pirateparty.ca
The only way to get rid of bad politicians is to elect new ones.
Nuitari
Proud member of the Pirate Party of Canada
http://www.pirateparty.ca
Firefox supports https, not sure on utorrent, but most of them support talking to only encrypted peers.
Ah, but the majority of Web sites do not. Although it is nice that Google supports it now, it only matters until you click on a link that takes you to a site that does not.
Yes, I think all the major torrent clients support required encryption, with different levels of encryption in some cases.
The higher the technology, the sharper that two-edged sword.
This is what having no freedom of speech gets you. They want to be lemmings, so let them.
What don't you like about Geist? He's done great work at slowing down bad copyright legislation (though I'm a bit out of the loop recently).
Surveillance is 99% traffic analysis (constructing the social network, and colouring certain nodes red) and only 1% about the particulars of the conversation. SSH won't raise any red flags, unless you SSH into a well known onion router. Suppose one person in a thousand does this. These people take a moderate hit on their spook agency credit rating, and a smaller stain spreads outward to their primary affiliates.
I think you have to do a bunch of stuff to have your credit rating fall low enough to devote human resources to sussing you out. Too many sheep, not enough shepherds, who cost real money. Purchasing a holiday condo in Peshawar would really rack up the points if you're desperate to justify wearing a tinfoil hat.
The big Canadian ISPs won't complain because this creates a barrier to entry for small ISPs who can't afford to staff an office of conformance.
What sucks in this plan is the lack of judicial oversight. That's just plain wrong. Oversight is foundational to democracy. This is the same PM who is trying to gut Statistics Canada (on the bogus pretext there has ever been a privacy issue) because the data they produce is too credible, and can be used to justify social spending.
I would like to think it would be practical to have all (judicially supervised) surveillance requests opened to the public 50 to 75 years after the fact, so that we can look back and form an accurate opinion about the past scope of abuse. Every democracy needs the occasional dental checkup.
I wonder what ever happened to those checks and balances /sigh
Coming soon to a computer you once thought you owned.
Sounds like a bonanza for hardware vendors. That can't possibly be the reason, can it?
Firefox - Install Perspectives and HTTPSeverywhere plugins
uTorrent - there is a setting somewhere in the control panel to allow only encrypted connections. Set that, and install PeerGuardian/moblock.
"When information is power, privacy is freedom" - Jah-Wren Ryel
C50: Modifies existing wiretap laws so that instead of having to rely only on mechanical interception it allows the use of actual monitoring tools on internet connections. But you still have to have a warrant for it. And extends the existing tap law to cover internet related crime such as: "if there's mention of another crime, or purpose of trying to commit another offence, or planning to commit another offence, or is working as part of a conspiracy, or commissioning an offence", and the AG must be a party to the understanding of the warrant, and extentions to the warrant my only be extended by a SC judge, or AG, and my not exceed 3 years.(useful to know that the average long-term investigation in canada is ~4yrs), blahblabhblah, 1yr major criminal issue(terorrism, criminal enterprises aka organized crime) warrants may be allowed, exigent circumstances and so on. Usual stuff, if you need the warrant modified you must go back and have a judge authorize it.
C51: I'm not seeing anything earth shattering. Except that if someone commits a criminal offence to which has been modified, the ISP isn't to delete the offending content which wasn't admissible before, but rather they must preserve all information to ensure that there's a continuity of evidence. And it modifies existing mischief, and impersonation of a person(aka written/published/print/etc) to cover electronic communications.
C52: Again nothing earth shattering, but rather it requires ISP's to be able to allow CSIS, the RCMP and other police services the ability to monitor communications with a warrant, and as such be able to it within a reasonable period of time. This includes that the ISP must have up to date information on their subscribers, including their home address and IP address, but this can only be disclosed by warrant. However if exigent circumstances exist and an officer has reasonable and probable grounds to believe a person is in immediate harm, they must be able to disclose this information. Even then the officer must still within 24hrs, submit a request and a full explanation of why they used exigent circumstances for the information. And like all 3 of these bills, the officer must maintain a chain of evidence, and have it submitted on a regular basis. It can not be done without permission, all requests will be audited on a regular basis, and will be tracked. And police services that request any of this will pay a fee for such information. Oh and earlier on it covered that any form of interception must not impede the networks in any shape or form, or violate the telecommunications act.
To me it looks like Giest is going off on a tangent, I don't see anything covering deep packet inspection or to mandate it. Rather that ISP's must be able to have the tools, and allow police to use the tools with a warrant provided by a superior court judge, or via the AG of the province--who will have to explain to the court why he gave permission for the warrant, the ability to track, copy, and find information. Again with a warrant.
Now the interesting thing in Canada is, warrants are very hard to get. When I say very hard, I mean very hard. They're not that common place.
Om, nomnomnom...
I don't live in leaf world but I think realtime survallence as in realtime tap to remote LEA is overkill and unecessary. Recording local capture files in response to a lawful request is a good enough balance and ususally much easier for all sides including LEA to deal with for legal challenge reasons.
Requirement to provide personal records to LEA with no warrent requirements or oversight is unacceptable.
DPI means interpreting and understanding higher layers of the OSI stack. I find it difficult to see how the label applies here to collect user information for intercept purposes. All you need to do is check the L3 header and record everything to/from the user. Hardly rocket science and NOT something that requires a reasonable interpretation of DPI to do. In all sane systems LEA is responsible for decoding (Applying DPI) to any collected data. You may need to filter the capture file to meet minimization requirements but thats about it.
Not a chance. NO WAY! This opens a million opportunities for abuse from police. Worse than cops putting their business in places they have no legitimate business, there is also the enormous problem of idiots disclosing everything and anything about all and sundry. Its not just a matter of 'oh, look out, the cops may be listening' but also 'the cops have sniffed all and sundry, and then left the keys to the kingdom lying outside the castle gate, with plans to the castle, current troop strength in the castle, where the treasure is kept, all the secret doors, and potential contingencies to worry about and methods connected to each to bypass normal security to 'get at the good stuff'. Normally what happens when millions of people have their privacy breached, the cops will go running around crying out "Hey, I'm just a dumb flat foot. They never gave us any training in this 'pewter stuff. We dunno nothin bout it. We need billions more in training". Usually there is a top cop standing at a microphone uttering the words 'we apologise for any inconvenience this may have caused', while collection agencies scoop up peoples houses, cars, and the same silly cops try to find all the bad guys who cleaned out peoples bank accounts, due to police incompetence. NO! We don't need cops screwing with the internet. They already have a presence there, and don't need this.
This is a tired and irrelevant argument, when talking about using encryption to prevent widespread passive trawling.
If "they" come to you, and they are more powerful and willing to use force against you, you have lost. Just give 'em the passwords (assuming you have them). And at that point you know that they are interested in you, so assuming they allow you any recourse (i.e. they don't just disappear you) then you can take it. OTOH when you are passively snooped because you didn't encrypt, you have no recourse at all, because you don't even know it happened.
And if "they" have to go after a hundred million people, their budget will probably be exhausted long before they get to you.
The rubber hose is almost never relevant. We're not talking about corner cases where a spy or captured soldier is having to keep an important state secret; we're talking about mainstream resistance to protect your love letters and bank codes and the party RSVP that a burglar can use to determine you won't be home tomorrow night. Encryption is a damn good answer.
Cross that bridge when you come to it. If they insist, then let them install h264 decoders on all their routers to figure out which low-entropy packets are ciphertext and which ones aren't. Let them tell all their campaign contributors, "Sorry, you can't have a VPN. You'll just have to trust your competitors to not pay attention to your trade secrets."
Banning (or preventing) encryption ain't gonna happen. I'm not saying they'll be powerless to prevent privacy, but the odds are on the citizenry's side here, big time.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Gee, and here I am supporting a bill to make deep packet inspection illegal.
We told you folks who dislike intrusive state surveillance regimes that breaking IPsec with NAT would come back to haunt you. Did you listen? No. This is what your carelessness bought for us all, so you can suck it up and enjoy the loving caresses of police protection like the rest of us.
jhw
If you're really concerned about government observing your web browsing habits, use Tor (http://www.torproject.org/) for any browsing where personally identifying user information is not present and ensure you're using https over Tor for the cases where you pass user names/etc or information about you is being passed back. Tor and Firefox play quite nicely together as long as you're smart about it.
Utorrent would probably get some benefit out of Tor as well, but I don't really know how Utorrent works. If it provides some sort of "node identifier" when it downloads a file, encryption of Utorrent would be necessary to hide that node identifier. If it doesn't ship a node identifier across the network when it downloads a file, I suspect Tor by itself would be enough to mask what you are doing.
If you decide to use Tor, please fully understand how it works before trusting that you are truly anonymous. This is especially true if you're running a service over Tor that you do not fully understand (aka, Utorrent). If you don't eliminate user identifiable data, Tor can't help you.
HAHA, Wtf?! (please mod this as insightful)
I'm sure there's a video floating-around to back-up the website..... if not that specific event, then another one where a citizen is having his/her computer scanned for nudie pics. Doesn't Australia have a similar law that carrying even one photo of a topless woman across international border is a crime? I wouldn't be surprised if Canada has the same restriction.
Just now I heard on the radio that an American is being punished $11,000 by the U.S.G. because he refused to be scanned, or prodded, and they told him, "You cannot fly." So he canceled his ticket, got a refund, left the airport, and was arrested.
Apparently once you enter an air terminal, you no longer have any rights... except to submit to the US Gestapo.
That was John Tyner. He wasn't arrested for refusing to be scanned or patted down and as of Nov. 16, 2010 had not been fined. Please cite your source.
Actually, he claims he was detained at the airport while he should have been free to go and said he is considering a "False Imprisonment" lawsuit.
Peter predicted that you would "deliberately forget" creation 2000 years ago...
No. Australia has laws against certain kinds of pornography (not all) and Aussie customs was warning people to be careful of what they brought in.
You're also apparently confusing Canadian customs with US customs. Considering all the factual errors and conflations, I don't think it's likely your claims about Canadian customs and pornography are accurate.
Utorrent offers encryption just go to options and preferences you can find it there under the bit torrent settings. Its there and I use it. I don't know how good it really is, but I haven't had any problems at all, and I have been using it for about year now.
And this is a government led by the same prime minister who said (of the recent failure to scrap the national gun registry) that Canadians "will never accept being treated like criminals". Fuck you , Mr. Harper. Fuck you.
What possible incentive would the phone company have to get in the way of local law enforcement? Perhaps there are Canadian ISPs that need encouragement to set up the needed infrastructure to allow the convenient monitoring currently possible with voice. Perhaps that is actually what is behind this proposed legislation.
Speech and expression are not the same thing. Speech is a kind of expression, but not all expression is speech. Though the definition of "speech" has been broadly interpreted by U.S. courts to include many forms of expression.
However, there is still a substantial difference in emphasis. Speech is primarily understood in terms of communicating ideas. The tradition of free speech is tied to the Enlightenment conception of rational political discourse, according to which reasoned argument between informed individuals can rise above their particular interests to arrive at universal truths and a consensus about the public good.
Expression encompasses ideas, but it is also closely associated with individual feelings and identity. It is not focused on truth, implying a more relative understanding of individual experience in the tradition of the romantics. Furthermore, it does not suggest a separation of form from content. The form, in many cases, is the expression.
I think this is a fundamental difference. Take the idea/content distinction in copyright, for example. This makes pretty good sense when dealing written political argument (and copyright was designed for written texts). It breaks down when applied more broadly to expression, in which the form becomes inseparable from content which is not really "ideas." How do we separate the idea of a song from the form of the music?
You talk about communicating a "message." In reality, decades of research have found that communication is not so straightforward: expression is always interpreted by the audience, often in ways that the originator did not intend. This ability to interpret and make one's own meanings is also an important freedom of communication.
I am not a lawyer. Courts define terms in their own ways that may or may not connect to common understandings or empirical evidence. However, as a scholar of communication I find that expression is closer to how people actually communicate, debate, and engage in public life than is rational ideal on which the concept of free speech is based.
Oops. I those equal signs lost their angle brackets. I didn't notice they needed to be escaped in t post title. I meant to say expression => identity, speech => truth.
Right now, I am sending and receiving my email via public SMTP and IMAP servers that my mail client connects to over SSL. There are several major email providers that offer this option, and it's not difficult to set that up on a server of your own, either, if you so choose.
This takes my ISP out of the equation: SSL was specifically designed to be secure against eavesdroppers *and* to prevent man-in-the-middle attacks. The only way around this would be to ban SSL altogether, or cripple it with a government-mandated back door. This is going to be fun.
It implies that any government with any power will misuse it.
There are checks and balances in our system for a reason. They are based on a model of human nature that brought us democracy in the first place. It is a thoroughly conservative model of human nature by modern standards.
So... my question to you is, why should the government be circumventing judicial oversight? Why is the government all of a sudden so trustworthy, as do deny what we know about human nature? Is it because it is Harper, and you are a conservative yourself? That would be ironic.
Like all pain, suffering is a signal that something isn't right
Corruption of the highest order, when you get right down to it.
Agreed. But don't forget that conservative do-gooders really believe that they are doing the right thing, and cannot see the ironic nature of what is going on. After-all, the unwashed masses need to be controlled for their own good. Moral authoritarianism is as much an ideology as it a business proposition for the private-sector profiting from the "war".
For anybody conservative or liberal who smugly thinks that they are the one who has thought it through, consider this: when identical twins are separated at birth, and tested in adulthood, their political attitudes turn out to be similar with a correlation co-efficient of 0.62 (Bouchard et al. 1990; Eaves, Eysenck, & Martin, 1989; Holden, 1987; Martin et al. 1986; Plomin et al., 1997, p. 206; Scarr & Weinberg, 1981)
So, the next time it seems a political argument is entrench -- consider that it may be far more entrenched then anyone realizes.
Like all pain, suffering is a signal that something isn't right
Between things like firesheep and things like this, it has reached the point where it is irresponsible to NOT be running private VPN and/or a HTTP ssh tunnel out of your device.
When will developers start building apps with that establish sessions built-in one-time self-signed certificates? When will we all get our own static IPv6 address space from our ISP/cable company?
Canada used to be viewed (especially in the post 9/11 world of "anti-terror" laws and restrictions) as a sane place to move to if you wanted to escape the crap going on in the USA. What happened to make Canada get so bad and is there another suitable country that is a viable alternative?
In the US they're not supposed to be allowed to monitor phone calls without a court warrant. It's not difficult for them to get, usually, but at least there's supposed to be some *effort* to demonstrate a *reason* to monitor this phone, this person, at this time, with a signed approval of someone outside the police force. Not a random fishing expedition.
uTorrent - there is a setting somewhere in the control panel to allow only encrypted connections. Set that, and install PeerGuardian/moblock.
Encryption yes, blocklists no (they're so 2006).
If you're using public trackers and therefor need blocklists you're doing it wrong. A quality private tracker does all the screening you need by way of peer review and server-side monitoring. I'll trust my tracker admins long before I'd trust the idiots who run PG (PG has been known to block entire ranges and ISPs for scant reason).
Switching to only private trackers seems like admitting defeat to me. Blocklists are sort of a ham-fisted approach, but only using the most important blocklists is a good start and will keep too many innocent people from being blocked (bogon ranges, governments, known anti-p2p enforcers, maybe corporate ranges).
"When information is power, privacy is freedom" - Jah-Wren Ryel