Opposition to Lawful Access Mounts Drew Wilson | October 22, 2007 The lawful access consultation got off to a rocky start. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes The controversy started on Michael Geist’s blog where it’s suggested that Geist had to leak the information before the consultation went public. The official response from the Canadian government was that the information was public all along. Since the public consultation allows anyone to respond, some organizations and interest groups are not only responding, but publicly posting their responses as well. So far, Slyck has learned that CIPPIC (Canadian Internet Policy and Public Interest Clinic) and the CWTA (Canadian Wireless Telecommunications Association) have posted their responses online. The CWTA’s response (PDF) proved to be interesting. Essentially they said: – TSPs [Telecommunications Service Provider] must be compensated for the significant costs incurred responding to the requirements of LEAs. [law enforcement agencies] – Any new technical requirements must be based on international standards, and provide an adequate phase-in period. – The scope of CNA [Customer Name and Address information] information and the circumstances under which it would be provided by TSPs to law enforcement should be explicitly identified and clarified in whatever legislation or regulations are enacted. – CNA requirements should be applied in a technologically and competitively neutral fashion. – TSPs should not be required to collect customer information beyond what is already collected for business purposes.” The one point that stands out is the first point which deals with compensation for the Internet Service Provider. It closely resembles a much larger case brought on by the CRIA (Canadian Recording Industry Association) against 29 alleged copyright infringers. Among other things at the time, Telus argued in the federal court that, “(28) Compliance with the order as presently sought would prejudice TELUS by requiring that: numerous investigations be conducted on short notice; without consideration for TELUS’ own business and customer needs […] This will be extremely distruptive and costly to TELUS’ business.” They further argued, “(29) Each request by CRIA will consume TELUS resources and CRIA has asked that these requests be complied […] without compensation or consideration for TELUS’s other commitments.” It seems as though history is repeating itself in a way. Only instead of CRIA demanding information, it’s essentially the Canadian government demanding customer’s information. With the amount of information that a company like Telus would have to go through, it’s little wonder why they are raising concerns for compensation. Telus, in effect, shed some light on the work that would need to be done in order to follow through on such a request. They also suggested that some archived information is typically destroyed after 30 days, rendering such an investigation much more difficult – specifically when no MAC (Media Access Control) address is provided. Furthermore, Telus argued during the CRIA discovery case that there is absolutely no way to guarantee that the IP address would link to the person responsible given that, among other things, more than one person could have access to that particular computer or that there could be a wireless router in use at the time. CIPPIC has also publicly posted their response. While many arguments resemble CWTA’s arguments, they also note: “(42) Information identifying telecommunication subscribers can be highly sensitive given the electronic trail of publicly available and otherwise accessible data that individuals now leave about themselves on the internet and other digital devices as they go about their daily lives. For this reason, we submit that CNA information raises a “reasonable expectation of privacy” on which a Charter challenge to laws permitting warrantless access could be based. 43. Moreover, we remain skeptical about the need for these potentially intrusive and far-reaching measures. It is not clear that greater access by law enforcement to electronic communications will, in fact, increase the security of Canadians; and it has not been demonstrated that no other, less privacy-intrusive, measure would suffice to achieve the same purpose of enhanced security. In particular, the permitted purposes for demanding CNA information are far broader than required to solve specific problems such as gaining access to next-of-kin information in emergency situations, or acting on tips quickly in exigent circumstances. 44. Finally, the safeguards proposed are insufficient, in our view, to protect individuals from over-reaching and abusive exercise of police powers. In particular, there should be no expansion of police investigatory powers without a corresponding increase in independent oversight.” The debate surrounding lawful access has become increasingly heated ever since the consultation news broke in the first place. George Radwanski of the National Post last month published a commentary on lawful access suggesting that unless there is a demonstrable need to obtain the personal information, privacy laws should be protected. Meanwhile, the co-chairman of the law amendments committee of the Canadian Association of Chiefs of Police counter-argued this in the Times Colonist by saying how law enforcement laws are out of date – specifically, he suggests that the laws in question were written when “rotary phones were the norm.” Interestingly enough, the Privacy Commissioner of Canada conducted a poll on privacy across the country and found that while most Canadians greatly valued privacy, few are aware of what is happening in the realm of privacy within Canada. The poll’s finding might suggest that if Public Safety Canada did try to hide the fact that there was a consultation, they may have had an incentive if the goal was to bring lawful access into force sometime after the consultation took place. Of course, some time after Geists original blog posting, the consultation was posted online for anyone to view. With polls suggesting that Canadians are unaware, but deeply concerned over their privacy, it’s not hard to point out that as these issues get more publicity, the more likely a public outcry may occur. With the wireless industry essentially opposing this and at least one public interest organization more or less slamming the idea of lawful access as proposed, the likelihood of lawful access being put in place unchanged is increasingly becoming bleak. Drew Wilson on Twitter: @icecube85 and Google+.