Toews’s ‘child pornographers’ gaffe aside, Bill C-30 has real dangers
theglobeandmail.com/news/technology/digital-culture – viral
Published Tuesday, Feb. 21, 2012. Last updated Thursday, Feb. 23, 2012. Ivor Tossell
In a way, we owe a debt of gratitude to Vic Toews. The hapless Minister of Public Safety, who informed Canadians that they stand with child pornographers unless they support his government’s electronic-snooping bill, sparked a well-deserved uproar where others have failed for so long.
The law isn’t new; similar bills had been tabled by previous governments, only to die when the minority governments fell. Privacy watchdogs have sounded the alarm time and again, but there was no outcry until Mr. Toews added his rhetorical fillip – that dash of George W. Bush – that turned a bit of workaday fear-mongering into a grand national insult.
The uproar that followed was enough to make the Conservatives blink, indicating that they’re open to amending the bill – but Mr. Toews has continued to grab headlines: Nasty Twitter accounts about him, hacker threats against him, investigations and demands for more investigations.
So, with thanks to Mr. Toews for volunteering for pinata duty, it’s time to move past the minister. Vic Toews’ flying circus is a cartoonish distraction from troubling legislation. The dangers hidden in this bill are subtler than they might seem.
Contrary to what you might have heard, the new bill, C-30, doesn’t invite police to monitor your every online move without a warrant. It does, however, require Internet companies – loosely defined – to cough up your name, Internet protocol address and a few other identifiers if the police ask for them, even without a warrant. This means that the police could conceivably collect a pseudonym you’ve been using to comment on websites, present it to the relevant company, and say, “Who is this person?”
By trading pseudonyms for IP addresses, then IP addresses for real names and addresses, and repeating the process, police could get a pretty clear picture of what you’ve been up to online. (The list of exactly which identifiers police can present to Internet service providers in exchange for information has yet to be nailed down.)
“Investigations are going to change in character, to what we call fishing expeditions,” said Tamir Israel, a lawyer at the University of Ottawa’s privacy-minded Canadian Internet Policy and Public Interest Clinic, who’s been following this bill’s evolution for years.
What’s more, there is no guarantee that details uncovered in the course of this work will stay tucked away in police notebooks. For better and for worse, police do leak. Just ask Rob Ford, Toronto’s beleaguered mayor, whose 911 calls wound up in the national news. One of the many uses of online anonymity is to let people in the public service raise their voices in public. Knowing that the local police force has the power to unmask anonymous commenters at will can only cause a political chill.
But another part of this bill could have even further-reaching impacts. The Internet today, for all its vulnerabilities, is not really built to facilitate centralized, wiretap-style surveillance. The Tories want to change that. This bill would require Canada’s ISPs to rework their systems, at considerable expense, so that just such an option exists.
Now, actually carrying out this surveillance would require a warrant. This law is not designed to give anyone unfettered access to your online connection. But once we’ve rebuilt the Internet machine to feature a big, red “Spy” button that wasn’t there before, we’ll never be entirely sure who’s using it.
After all, a system that allows for real-time surveillance, or for the archiving and sorting of your data, would be the holy grail for criminals (and possibly the office intern), whether they’re out for profit, political ends or a good time. You can’t bring oil barrels full of honey to the forest and then act surprised when bears show up.
Security disasters already happen with alarming regularity. The Government of Canada got hacked. Sony got hacked, compromising customer data. Google itself got hacked. Do you trust your ISP’s security know-how more than Google’s?
Finally, consider what could happen if other laws changed, too. Woe betide all of us if, a few years down the line, copyright infringement should become a criminal offence. (This isn’t inconceivable: After all, video recording in a movie theatre already is.) If it did, these surveillance powers and tools could be turned against people who break digital locks by ripping DVDs, or download the tools to do so.
The enemy here is not Vic Toews, that inept amplifier of talking points. Nor is it law enforcement – the police have a job to do, and will use every tool at their disposal to do it.
The enemy here is the law of unintended consequences. By stripping away checks and balances, and turning the Internet into a wonder of surveillance, we lay ourselves at its mercy.