Submission to
"Lawful Access Consultation Process"
 
Learn More: Click Here Now!

"LAWFUL" ACCESS: STILL IN THE WINGS
Below is a submission made regarding possible changes to Canadian laws that would enhance the ability of Canadian spy and police agencies to eavesdrop on Canadian citizens. More than one attempt has been made at passing some form of these ill-advised citizen-unfriendly changes, which appear to have yet failed to gain passage only because of the minority government situation in Ottawa. The threat remains real, and bears opposition by all persons concerned with privacy and personal liberty.

SUBMISSION TO "LAWFUL ACCESS CONSULTATION PROCESS"
Click Here to read in HTML web form.

Copyright © 2002, 2006 Keith E. Risler. All rights reserved. Special copyright permission: 

LEARN MORE!
Visit these additional "Lawful" Access sites (standard HTML pages) that are working in favor of you, the citizen of Canada:

"LAWFUL" ACCESS NEWS
CNet (Washington) backgrounder - Will Canada's ISPs Become Spies?
CNEt's "Lawful" Access 2002 news report that first alerted Canadians

ONLINE RESOURCES
Lexinformatica -  Detailed resources, copies of many submissions re "Lawful" Access
Privacy Info.ca web site - Info on Privacy Commissioner Decisions in Canada

SPECIALIZED CITIZEN-FRIENDLY  WEB SITES
Online Rights Canada (ORC)  and  ORC Petition Against Latest Spy Attempt
Canadian Internet Policy & Public Interest Clinic (CIPPIC) - Info and Issue Analysis


TEXT OF LAWFUL ACCESS SUBMISSION BY KEITH E. RISLER:

(Note: This text references Web pages that existed in 2002, but may have since been removed or relocated.)

Lawful Access Consultation
Criminal Law Policy Section
5th Floor
284 Wellington Street
Ottawa, ON  K1A 0H8
Canada  

Gentlemen:

Re: “Lawful Access” Proposals – Comment Submitted Herein

As the deadline for submission of public comments on the “Lawful Access” proposals has been extended to 16 December 2002, the following comments are submitted at this time.  This submission is posted online at http://members.execulink.com/~kerisler/accsub.htm [Editor's Note: this page is now at http://kerisler.fp.execulink.com as of 2007] in HTML and in Adobe Acrobat PDF format:

“Lawful Access” Proposals Flawed

The Canadian government proposals re what it terms “Lawful Access” sound superficially reasonable in principle. These proposals are outlined in the Lawful Access Consultation Document as posted in Adobe Acrobat and in HTML format at: http://www.canada.justice.gc.ca/en/cons/la_al/.

The document asserts that: The public policy objectives of this process are to maintain lawful access capabilities for law enforcement and national security agencies in the face of new technologies and to preserve and protect the privacy and other rights and freedoms of all people in Canada.

The document seems to imply that in order to fight “cybercrime,” and to meet a claimed treaty obligation, enforcement and spy authorities must be assigned a similar power to intercept communication, with appropriate  authorization, as now exists regarding telephone records and other pre-Internet communications.

The proposals are over-reaching in that the Internet and other new communications systems are not simple structures with direct parallels to the earlier analog telephone technology.

The fault lies in a failure to appreciate that the Internet as well as service providers who would be required to log citizen activity are not simply connective mechanisms that keep logs. They are in practice a collective services mechanism that accepts, stores, and offers data from telephone calls, broadcast sources, print sources, citizen sources, and other mechanisms. Logged records of Internet activity are by nature highly revealing of the user’s private life.

The consultation document also asserts that “There is currently no legislative mechanism in Canada that can be used to compel service providers to develop or deploy systems providing interception capability, even if a legal authorization is obtained by law enforcement or national security officials to intercept the communications of a specific target.”

The assertion begs the question as to why there should necessarily exist such a mechanism. We could argue that people meet commonly in malls and other public places and yet we would not seriously entertain the assertion that some sort of “intercept” system need be in place at malls and on public streets to facilitate listening in on citizens.

It also presumes that the referenced “cybercrime” treaty truly mandates such a requirement at all. The neutral observer may wonder whether the cybercrime treaty in context is more a rhetorical prop than a guiding justification.

Internet Logs Reveal More than Telephone Records

Once we decide to log a person’s Internet connectivity we are not merely creating the equivalent of a telephone call log, to draw a parallel with the process whereby telephone companies—creatures of the previous pre-Internet era—routinely log numbers called for all customers.

When we create a parallel kind of log for the Internet we are creating a record of a person’s life that goes far beyond the mere equivalent of telephone number records. The hyperlink record, after all, normally specifies not just web pages, but may capture picture file names, document file names, audio and print information file names, and more.

Consider these examples.

This hyperlink displays a news story on so-called “Lawful Access” proposals:

http://news.com.com/2100-1023-955595.html?tag=fd_top

This hyperlink is to an Adobe Acrobat PDF-format file:

http://members.execulink.com/~kerisler/downloads/msi/RDRAGMSI.exe

This hyperlink is to an Advanced Photo System (APS) photograph of anonymous graffiti:

http://members.execulink.com/~kerisler/images/LPS_Bridge_Graffitti.jpg

The above hyperlinks, were they part of a person’s web browsing record, could tell us something about the individual beyond what a simple pre-Internet log of dialed telephone numbers could tell us.

The first hyperlink suggests an interest in civil liberty issues; the second is to an article (albeit password-locked) which details how to keep one’s software properly updated to assure proper PC functionality; the final hyperlink is to a photo—and the adage that does apply here is that a photo is worth a thousand words. A browsed-to photo’s content might reveal a great deal about the person—but not reveal anything illegal at all.

But in all of the above examples, all of the hyperlinks listed above suggest more information about the person who browsers to them than a superficial record of a telephone number they might have dialed pre-Internet would reveal.

The fact that the “Lawful Access” proposals talk about more than the Internet, and even reference database possibilities, extends the threat proposed by Internet/services logging even further than simple web browsing.

Much content intended for cellular telephones, as well as sent from such phones, may now also be transferred via the Internet. Logging these data transactions  as web activity would in fact extend the eavesdropping rights of the authorities, as it would mean that lots of cell phone activity (SMS text messages, browsing from cell phones) would also be captured in Internet logs.

Moreover, Canada’s official federal Privacy Commissioner George Radwanski has noted similar concerns in stating that:

Although the proposals outlined in the consultation paper purport to adapt or maintain law enforcement access to communications data, it is clear that this new instrument will go far beyond accessing a simple record of numbers called or received to include very intimate details and a much larger profile of our activities, thoughts, preferences, and lifestyle.[1]

“Lawful Access” Elevates Some Eavesdropping Entitlements

So the “Lawful Access” proposal is not in itself neutral or merely extending to cyber realms what already exists; with respect to cellular text transmission and web browsing, the proposals would actually broaden the eavesdropping rights of enforcement bodies.

“Lawful Access” Parallel with Old Tech Invalid

The foregoing does suggest that the inferred parallel made by the “Lawful Access” proposals between pre-Internet access entitlements and Internet/services access needs is significantly over-reaching and therefore invalid.

If we say that a parallel between previous technologies and new technologies must be established to allow law enforcement an equal chance to police new technology realms, we must fairly and reasonably apply an effects-grounded test for such needs, rather than the crude pseudo-parallelism that is oddly and uncomfortably applied from the get-go in the euphemistic phrasing “Lawful Access.”

If we take telephone records as a log example, we can clearly see the need for cybercrime log limits. When telephone companies retained call logs in the past—such dialed-number logs being available to law enforcement with proper authorizations—such records did not relate to or indicate content directly or indirectly.

A record that says Joe Smith called (555) 672-2372 on 21 November 2002 at 9:00 A.M. tells us potentially the location and account holder name of the number called, but in itself imparts no information as to content. It does not even tell us who picked up the telephone that was dialed!

Presumably honest law enforcement personnel would seek proper court authorization for any desired telephone wiretap that might, with the benefit of such authorization, monitor any content of calls. But until then the important and essential reality is that no content is revealed by the pre-wiretap log itself.

Genuine Parallel Entitlement Much More Limited

We should apply a similar parallel in defining what an ISP may log. Taking the valid old technology parallel, it is reasonable that ISPs should not be required by law, and indeed should be expressly prohibited from logging, any hyperlinks or other records that might reveal contents.

A reasonable limitation is that an ISP should morally and legally only log times of log-on and log-off , and possibly the base URLs of sites visited, but no hyperlinks to files, pages or pictures beyond single top-level web page links. And such hyperlinks to main web site home pages should be legally logged only in so far as they may be needed to meter online charges or other customer uses for the purposes of maintaining a customer-business relationship.

At bottom we do not have telephone companies log called numbers for the purpose of facilitating spying on citizens when police or other agencies feel the urge to do so. And yet the tone and tenor of the “Lawful Access” proposals, starting with the rhetorically loaded straw man of the term “Lawful Access” itself, struggles hard to convince us, quite weakly overall, that this is the case.

We should not enshrine any greater entitlements regarding logging of “cyber” services, or in other future communication services. Limitations on logging as suggested above would move toward a more reasonable citizen-respecting model for the online and new communications services realms.

Further, there should be no weakened standards of proof used in the process of justifying electronic eavesdropping on the Internet and in any other new communications realms. The  “Lawful Access” proposals seem to suggest weaker standards than in the past, and that is unacceptable.

Limitations Needed Even When Spying Properly Authorized

We must also be concerned beyond the point where state enforcement and spying authorities gain by warrant or whatever method the silent right to spy on the end user.

Logically, the obtaining of whatever warrants or other (unacceptable) lesser permissions may be required for such spying should not holus bolus permit the sudden use of file-, page-, photo-, and/or document-specific web link records unconditionally, but should be highly specific authorization-wise, even post-warrant, about exactly which kinds of links may be tracked  actively once warrants have been obtained.

Further, such permissions to track the user, if enacted at all, should be far more strictly regulated than previous permissions such as those allowing phone tracking, precisely because the data that will be captured will certainly be greatly revealing of the targeted citizen’s private life, as noted previously....

Terms of Use: Use of this web site is subject to your agreement to terms of use which you may click here to read in full. Your use of this web site indicates your acceptance of these terms of use. Except as noted all text, graphics and photographic images contained in this Internet Web Site/Home Page, and on all of the locally linked pages (those that are part of this Web Site/Home Page) are Copyright © 1980-2008 Keith E. Risler. All rights reserved. No part of the contents of this Web Site/Home Page may be copied, electronically transmitted or stored in any form, mechanical or electronic, re-used in whole or in part in another Web Site/Home Page, cached by any Internet, web, Intranet or any  other online service for display or other communication, or reproduced in any form other than in the temporary process of Web viewing this Web Site/Home Page, or without the explicit permission in writing of the copyright owner, except with respect to content labeled expressly as licensed under a Creative Commons License. In such cases Creative Commons License terms spell out the allowed uses and all other uses remain prohibited. Content marked as "Blog" either via text or via graphics represent  opinions of the named author expressed in the public interest. Trademarks and/or registered trademarks are used herein only in an editorial fashion strictly for reference purposes, and are acknowledged to be trademarks and/or registered trademarks of their respective owners. Click here for photo copyright information.

Disclaimer
This information is believed to be accurate at the time of original publishing, based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Please Note: Some content herein was written and published several years ago and features content that may not be current. Allow for changes that may have taken place since first publication when reading such content.

For written permissions, contact Keith E. Risler, London, Canada, Tel: +1 (519) 439-5413, FAX: +1 (519) 439-5413. Email: Click Here. To send us encrypted secure email, Click Here. DO NOT MAKE, DISTRIBUTE, OR PUBLISH ILLEGAL COPIES OF THIS COPYRIGHTED MATERIAL. Country of first publication: Canada.

Go to Table of Contents