Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proposed Canadian Anti-Spam Rules Restrict Secret ISP Monitoring

Posted by timothy on from the shouldn't-they-call-spam-moose? dept.

New submitter Fnordulicious writes "Although Canada's anti-spam legislation is already in place, the rules to implement it have been under development for more than a year. This weekend the proposed rules from the Department of Industry were published in the Canada Gazette. Kady O'Malley reports on the CBC Inside Politics Blog that Canadian ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

24 comments

  1. Yay by Kinthelt · · Score: 4, Interesting

    Happy news, for a change!

    Now, if we could only do something about the Copyright Modernization Act...

    --

    "Evil will always triumph over good, because good is dumb." - Dark Helmet (Spaceballs)

    1. Re:Yay by Anonymous Coward · · Score: 2, Interesting

      I dunno, they left a loophole you could drive a truck through.

      is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

      So, a rubber stamp judge, and a good lawyer to prove that anything that anyone does after a fishing expedition falls into those guidelines.

      I mean, it's a far, far better run at this than the USA, but it seems very, very easy to exploit.

  2. one word by schneidafunk · · Score: 1

    encryption

    --
    Some people die at 25 and aren't buried until 75. -Benjamin Franklin
  3. This sounds good, but what is consent here? by Anonymous Coward · · Score: 1

    Commonsense guidelines on Internet usage are deliberately overdue as everyone knows. From the headline, this sounds like a step in the right direction.

    I worry though that an ISPs contract, or a website EULA, can constitute consent for monitoring.

    Any insights here?

    1. Re:This sounds good, but what is consent here? by gl4ss · · Score: 2

      probably not.
      the problem is the "illegal and represents an 'imminent risk to the security of its network.' ".

      how do you know without looking though if it's illegal. and anything can be thought of as imminent risk to security.

      --
      world was created 5 seconds before this post as it is.
    2. Re:This sounds good, but what is consent here? by kelemvor4 · · Score: 2

      anything can be thought of as imminent risk to security.

      That's exactly what I was thinking. If the ISP is able to make the decision on their own, this won't prevent much other than the general monitoring of all traffic. It would still be very easy for them to see a large amount of traffic to one customer and decide that it might represent an imminent risk for one reason or another.

    3. Re:This sounds good, but what is consent here? by Samantha+Wright · · Score: 1

      There's probably a more fleshed out definition to "imminent risk to security" they had in mind, although the proposed regulatory text doesn't mention it. As usual, we have to rely on the sanity of judges. (But that's nothing new, now is it?)

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    4. Re:This sounds good, but what is consent here? by Anonymous Coward · · Score: 0

      Nothing stops them from monitoring everything that crosses their lines. They're only stopped from installing monitoring software on your machine directly:

      But an attempt by Canadian ISPs to garner an all-access pass that would let them secretly install software to monitor potentially illicit user activity was thwarted, at least in part.

      According to the note accompanying the draft regulations, industry representatives "had argued for exemptions from the requirement for consent to install software to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks."

      Under the revised rules, service providers would only be permitted to install software "where illegal activities pose a threat to [their] networks."

    5. Re:This sounds good, but what is consent here? by Meneth · · Score: 3, Insightful

      Even if the ISP looks, they can't determine if something is illegal or not. A court of law is required for that.

    6. Re:This sounds good, but what is consent here? by Stan92057 · · Score: 0

      Email boxes loaded with spam? If its making it to the email its proving spammers are using the network. Complaints by the ISPs members?

      --
      Jack of all trades,master of none
    7. Re:This sounds good, but what is consent here? by Beardo+the+Bearded · · Score: 2

      anything can be thought of as imminent risk to security.

      That's exactly what I was thinking. If the ISP is able to make the decision on their own, this won't prevent much other than the general monitoring of all traffic. It would still be very easy for them to see a large amount of traffic to one customer and decide that it might represent an imminent risk for one reason or another.

      ISP decision making in Canada:

      1. Will this cost more money than doing fuck all?

      2. Do fuck all.

      3. Profit.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  4. In the open until prove by Anonymous Coward · · Score: 0

    ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network

    Does this mean they will monitor all the traffic in public and then when they see something illegal they will turn around and do it in secret?

  5. Some scary stuff therw by Lieutenant_Dan · · Score: 4, Interesting


    Limited exemptions for protecting, upgrading and updating computer networks
    The proposed Regulations include an exemption for telecommunications service providers (TSPs) from the requirement to have consent to install a computer program for the limited purposes of preventing illegal activities that present an imminent risk to the security of its network.

    The proposed Regulations also include an exemption for TSPs from the requirement to have consent to install software on devices across an entire network for update and upgrade purposes.

    Does this mean that Rogers/Bell can start pushing agents/SW on their subscribers computers which in turn allow them to control your access?

    This is pretty messed up.

    They should be within their rights to cut off access to the node. I suppose the TSPs need to have a higher level of assurance that the node is no longer compromised.

    --
    Wearing pants should always be optional.
    1. Re:Some scary stuff therw by Anonymous Coward · · Score: 0

      The rules are being written so that they can install monitoring software without your permission, yes, but only if it's illegal and a direct threat to their own networks. For example, Bell couldn't install something to monitor a person that seems to be trying to hack into Rogers' network, though they could tell Rogers and Rogers could then install it themselves.

      On the other hand, I would hope that they would be restricted from telling you to install monitoring software in order to continue using their systems. I am quite a bit leery of this statement:

      Consent would still be needed to install software to "prevent legal activities that are merely unauthorized or suspicious, or where an installation is not required for a system-wide upgrade or updates."

      Re-arranged a little: "Consent would (not) be needed to install software...where an installation is...required for a system-wide upgrade or updates."

    2. Re:Some scary stuff therw by dskoll · · Score: 3, Insightful

      Does this mean that Rogers/Bell can start pushing agents/SW on their subscribers computers which in turn allow them to control your access?

      It may read that way, but I don't think that's the intent. I think it's meant to allow Bell and Rogers to remotely update the firmware on their modems and routers. My mother uses Bell, but she runs Linux so Bell would have a fairly difficult time installing anything on her computer anyway. (To monitor her, they wouldn't need to... they could just install something on the router they provided.)

  6. People can't read anymore. by Anonymous Coward · · Score: 1

    here is door wide open:

    "except in the case that the activity is illegal"

  7. Boilerplate by bmo · · Score: 2

    This consent will just make its way into subscriber agreements as a sentence in 6 point type on page 34 of the 42 page TOS/Privacy agreement, which nobody ever reads anyway.

    --
    BMO

  8. "except in the case that the activity is illegal" by denis-The-menace · · Score: 1

    IOW, everything will still be logged because we could be criminals in the future or might already be and we (the criminals) just don't know it yet.

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  9. existing law by junkgoof · · Score: 1

    There is an existing antispam law that is sufficiently broad as to be difficult for businesses to adhere to. I expect the goal of these changes is to appear to work in the public interest while obtaining lobbying money from spammers to make sure the antispam rules impede normal business, from businesses that don't want to spend money on compliance, and on spammers again once they are free to do as they please. The current Canadian government follows the GWB game plan for fun and personal profit.

    --
    You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
  10. Misfortune by Anonymous Coward · · Score: 0

    While we're at it, let's get rid of the spam messages in Chinese fortune cookies. They are getting pretty insulting.

    Last year a fortune cookie's message to me was: "You are not illiterate." No joke.

    My response to it was: "Who said I was?"

  11. No faith by Anonymous Coward · · Score: 0

    I wouldn't put too much faith in this law Canada. Like here in Texas, the authorities will probably just ignore it. The example here in Texas is that when a judge orders a person's police file to be destroyed and deleted from their intel system, the order is just ignored and the file is never destroyed and deleted.

    As the famous American political columnist Robert Novak said: "Always Love Your Country, But Never Trust Your Government".

  12. Terms of Use by Anonymous Coward · · Score: 0

    You hereby grant your consent to [ISP Company] employing monitoring for technical improvements and security.

  13. Right, yep, sure... uhuh. by mark-t · · Score: 2

    In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

    And I somehow suspect there'd be absolutely nothing to stop them from terminating your service if you don't consent.

    --
    File under 'M' for 'Manic ranting'
    1. Re:Right, yep, sure... uhuh. by davecb · · Score: 2

      There is a duopoly of ISPs in Canada, so anything Bell Telephone or Rogers* Cable does affects a huge number of people, and an attempt to require anything that could be characterized as spyware would cause complaints to the Cabinet**.

      --dave
      * or any of the other local cable monopolies
      ** the Prime Minister and his heads of department

      --
      davecb@spamcop.net