OTTAWA | March 2, 2012

Online surveillance goes ‘Beyond the Border’

Bookmark and Share Print this page Increase font size Reset font size Decrease font size

When Public Safety Minister Vic Toews introduced online surveillance legislation in the House of Commons in February, he said the bill was needed to give police new ways to fight child pornography on the Internet. 

However, some experts say the proposed changes in Bill C-30 may come more from outside pressure than domestic necessity.

A computer with phones being monitoredBill C-30 would give police new powers to monitor Canadians' online activities.

"There's a fair amount of international pressure to tighten surveillance capabilities around people and their everyday activities," says Andrew Clement, a professor and Internet specialist at the University of Toronto.

"I think what we're seeing in Canada is a result of being pushed from elsewhere and that's why they can't explain why we need it," he says.

Bill C-30 would require Internet service providers to provide a user's name, Internet protocol address and several other personal identifiers when police ask for them, without needing a warrant.

And that information could be shared with U.S. officials for use in their investigations, the Ministry of Public Safety says. 

The bill sparked public outcry and prompted Twitter users to flood the site with details of their everyday lives marked with the conversation hash tag #TellVicEverything. 

Some experts say the bill could lead to more information sharing between Canada and the U.S., with data on Canadians' online activites sent south as part of the recently inked border security deal.

Going 'Beyond the Border'

Prime MInister Stephen Harper announced the Beyond the Border perimeter security deal last December after months of negotiations with U.S. officials.

The agreement contains provisions for opening up trade and synchronizing border entry-exit systems. It also contains a section on cyber security.

One of the elements of the perimeter agreement was Canada's agreement to ratify the cybercrime convention domestically.

"One of the elements of the perimeter agreement was Canada's agreement to ratify the cybercrime convention domestically," says Tamir Israel, an Ottawa-based technology lawyer. 

The Convention on Cybercrime was drawn up in 2001 by the Council of Europe and is the first international treaty to address Internet crimes. 

So far, Azerbaijan, Denmark, Moldova and the Netherlands have implemented the convention domestically.

Canada and the U.S. signed on to the convention following the 9/11 terrorist attacks. While the U.S. ratified the convention in 2006, Canada did not.

While Israel says he doesn't think American officials explicitly pressured Canada to implement the surveillance bill, he says it is a response to the perimeter security agreement.

"One of the few commitments in the cybercrime chapter (of Beyond the Border) is to pass legislation in the cyber treaty, and that's what we're seeing now," says Israel. 

Negotiations leading up to the perimeter security agreement were kept under wraps, with little indication from either government as to what it might contain.

Israel says secrecy still surrounds many of the initiatives proposed in the agreement's cyber security chapter. 

Who can use the interceptions?

The surveillance bill is another example of the ways the Canadian government could collect information that could be shared with the Americans, says Gar Pardy, a retired director general of the consular affairs bureau in the Department of Foriegn Affairs and International Trade and former liaison to the CIA.

The foreign agency must intend to use that information in the interests of the administration of justice in that country.

"It's all part and parcel of the same effort," Pardy says. "One should not see these as being separate things because they all have the same philosophy behind them, and that is to give the government access to information that should, under the Privacy Act, remain private."

Section 7 of the bill will give several security agencies the power to order Internet service providers to intercept concurrently the communications from muliple users.

Only Canadian agencies would have the legal authority to monitor Canadians' Internet communication, said Jessica Slack, a spokeswoman for Public Safety.

However, Canadian authorities do participate in international investigations that sometimes see information shared with foreign counterparts under the Criminal Code, she said.

"The foreign agency must intend to use that information in the interests of the administration of justice in that country," Slack said in an email.

When asked about cross-border data sharing concerns, a spokesperson said Privacy Commissioner Jennifer Stoddart is analyzing the bill and will report to Parliament soon.

The government says it plans to send the bill to the Public Safety and National Security Committee for examination but so far has not set a date for when that will happen.

Monitoring the new world of online opposition

The Twitter bird.Canadians took to Twitter to voice their opposition against Bill C-30 with the #TellVicEverything trend.

Israel says he would like to see a scaled-back version of the bill that will help police do their jobs without the easy access offered in the current form.

"There are legitimate things we should be doing to update powers but they have to be done in legitimate ways," he says. 

The Internet is increasingly used by activists to organize political and social movements. 

Hacker groups like Anonymous routinely use the Internet to raise awareness of such issues through targeted acts of cyber-vandalism.

The group hacked the website of the Ontario Association of Chiefs of Police on Feb. 24 after it endorsed Bill C-30, revealing sensitive login information and passwords. 

As well, Arab Spring uprisings turned to social media to organize political opposition. 

"Being able to keep tabs on the Internet is an important capability," says U of T professor Clement. "If that escapes oversight, it represents a risk."

He says that the surveillance bill is vague enough to potentially allow its provisions to be used for many crimes besides child pornography, including increased monitoring of domestic political opposition. 

What leaves many scratching their heads is that existing laws already allow for punitive measures against those who hack computers or commit crimes online, including child pornography, says Pardy.

"If you've got a problem in that area, the existing law is more than sufficient to deal with the problem."

Phone book information vs. Bill C-30

In a typical phone book, the following information is listed about an individual:

Name

Home address

Home phone number

The information about an individual that Bill C-30 would make available to police is as follows:

Name

Home address

Permanent phone number

Email address

Internet Protocol (IP) address

Mobile Identification Number (MIN)

  • The number associated with a particular mobile device, like a cell phone.

Service Provider Identifier (SPIN)

  • A unique number identifying the company associated with a mobile device that tracks usage and links financial relationships between the customer and the company.

Electronic Serial Number (ESN)

  • A number encoded into a mobile device that helps to prevent fraud.

International Mobile Equipment Identification (IMEI) and International Mobile Subscriber Identification (IMSI) numbers

  • These numbers show when a mobile device was made, serial number of the device and version of its software, the nation of usage-origin, carrier-of-origin, and the subscriber code of the carrier associated with the device.

Subscriber Identification Module (SIM) number

  • This identifies information about the telecom operators such as the country and network codes. It also signifies the manufacture date of the SIM, its configuration code, the SIM code itself, and the code confirmation digit.

Source: Technology, Thoughts, and Trinkets