dennis.ca

The ghost of Lawrence MacAulay haunts me. It may haunt all of Canada if we don't get our heads straight and start beating down overreactive and intrusive legislation drafted by people who don't understand technology.

Various Canadian police organizations have long clamoured for significantly expanded wiretapping rights. Lawrence MacAulay, Martin Cauchon and Allan Rock were involved in developing "Lawful access", as it has come to be known, which can be loosely defined as a requirement for Internet and telephone companies to "save data". In reality, the implications are far more involved and intrusive than simply logging calls.

Michael Geist is a law professor and a privacy advocate. He's ringing the bell again over lawful access in a recent Toronto Star article (also see this alternate version with the author's hyperlinks). There are those who claim that Geist is a sensationalist looking for attention -- personally, I am willing to provide that attention as it applies to government regulation of electronic communications. Overreaction is all the more dubious when the answer to every privacy concern is to summon visions of September 11th, 2001 (as seems to be stylish on both sides of the border).

A standard invocation of fear/uncertainty/doubt is the order of the day because, as we all know, terrorists, child molesters, and other miscellaneous evil-doers are just wild about telephones and computers.

Let's examine a few of the finer points of lawful access that would save us from such deviancy:

* "It must be technically possible for police to lawfully intercept all telecommunications services offered in Canada without exception."

Where to start? Didn't the FBI already cover this? Spock would be very upset to learn that the suspicion of a few outweigh the rights of many.

• "Communications Service Providers should pay for installing lawful access capability on new or significantly upgraded services. The government should specifically prohibit CSPs from directly or indirectly recovering infrastructure costs from law enforcement agencies through any cost recovery scheme, such as burying them in operational or hook-up charges."

That almost makes sense until you read this follow-up: "These costs should be distributed over a broad base (like the existing 911 fee) rather than being recovered from individual police services." Will this be just as effective as the airport security fee?

• "To help combat increasing international crime, Canadian lawful access powers need to be harmonized with those available in other countries. Australia, the Netherlands, New Zealand, the United Kingdom and the United States are ahead of Canada in adopting lawful access legislation in line with today's technology."

Let's be clear -- this is to become part of an international monitoring system, regardless of the name.

• "The interception of unviewed e-mail and similar digital communications traffic in transit should be considered interception of a "private communication" and therefore subject to the protections contained in a Criminal Code Part VI authorization."

If unopened electronic communication is protected in the same way that letter mail is protected, what possible reason could there be for collecting it en masse?

• "A search warrant or production order should be required for law enforcement to access opened e-mail that a user has chosen to retain."

Does 'retain' mean 'retained in an email inbox archive', or an email that has been read, deleted, but still physically reconstructible from bits on a hard disk platter? This may seem nitpicky and trivial, but unless there are clear controls and definitions surrounding these requirements there exists the possibility of abuse.

• "Some important terms such as 'basic intercept capability' are not defined. Clear consistent definitions in line with those used internationally are essential to the success of the proposed legislation."

Where 'internationally' = 'in the United States'...

• "The government should pay for the 'basic intercept capability' until lawful access solutions are readily available for the transmission equipment used by service providers that can be deployed and maintained at minimal incremental cost to the service provider."

So, the government will initially pay for the tapping capabilities. This is an interesting statement in and of itself, since there is certainly going to be specific new technology needed to fulfil these requirements. Will the Canadian government get into the business of writing firmware for routers, too?

• "There is strong opposition against obliging service providers to collect, maintain or guarantee the accuracy of subscriber information beyond that needed for their own business purposes."

My address is 150 Front Street, Toronto. My Internet provider is a wi-fi hotspot at Timothy's.

• "...most cybercriminals are quite capable of using false names, hacked accounts or public access terminals to communicate or transact."

Again, for all of the effort there exists little assurance that the intended targets will be traceable. No mention is made of encryption technologies or their related impact.

I hate to pick on Lawrence MacAulay again, but he has a a penchant for heavy-handed enforcement followed by a change of heart. Take a look at a letter he wrote in the capacity of Solicitor General to (then) Privacy Commissioner George Radwanski. Radwanski's reply does an admirable job of debunking a lot of the falsehoods and half-truths being tossed around as the basis for new legislation. It should be noted that both MacAulay and Radwanski were forced to resign after tussles over questionable ethics.

Where is our Privacy Commissioner now? Are these not the types of issues the office is intended to publicize? If you're at all concerned about these sorts of issues, consider writing to your Member of Parliament and/or the Privacy Commissioner.