So, Bill C-30. Man that shit really blew up last week, didn’t it? It was such a disaster, respectable news organizations like CTV Montreal have turned to your barely respectable blogger for an interview today on the noon news (update – check the video player on the right at montreal.ctv.ca and click on Newsmaker: Allen Mendelsohn for the vid). Want a preview of what I am going to say? Join me for a tour through the Bill after the jump.
The whole mess of the Bill starts with its title. The internet has named the bill the “Internet Spying Bill” or the “Internet Surveillance Act.” In reality, Bill C-30’s official title is “An Act to enact the Investigating and Preventing Criminal Electronic Communications Act and to amend the Criminal Code and other Acts.” It was also given the short title “Protecting Children from Internet Predators Act.” Now that one sounds like a good thing, right? Well, sure, but it was only given that title at the very last minute (literally, an hour before it was introduced in the House of Commons). Originally it was the “Lawful Access Act.” But protecting kids is always a good idea, so the Conservatives jumped on it, thinking we’d all be fooled. We were not.
The reason we were not fooled is we actually read the Bill! The Bill says absolutely nothing about protecting children. The bill says a lot about giving the police and the government powers to spy on people online. Sure, those powers could be used to protect children, but the powers are written so broadly they could be used for anything. So let’s take a look at some of the big stuff in there.
The Bill will create a new law, called the “Investigating and Preventing Criminal Electronic Communications Act.” Already, you can see that “criminal electronic communications” can be just about anything. So what does the Act do? It would give the police powers (which we’ll get to), but first it requires the ISPs (called “telecommunications service providers” here) to do the following:
Obligations Concerning Interceptions
6. (1) For the purpose of enabling authorized persons to exercise their authority to intercept communications, every telecommunications service provider must have the capability to do the following:
(a) provide intercepted communications to authorized persons
So basically the ISPs have to install equipment that will be able to intercept any communications from their customers. Fun! And who will pay for this equipment? Well the Bill doesn’t say. But you can bet it will show up on your monthly bill somehow. There is no choice btw; the ISP must provide this capability. The Act further goes on to say that if the ISP doesn’t have the capability, the RCMP or CSIS can ask for an order that the ISP get it. Like, now. What could possibly go wrong?
So that’s fun. But what mostly got the internet’s collective panties in a bunch is this:
Obligations Concerning Subscriber Information
16. (1) On written request by a person designated under subsection (3) that includes prescribed identifying information, every telecommunications service provider must provide the person with identifying information in the service provider’s possession or control respecting the name, address, telephone number and electronic mail address of any subscriber to any of the service provider’s telecommunications services and the Internet protocol address and local service provider identifier that are associated with the subscriber’s service and equipment.
So what we have here is a system of “designated persons” (basically the police will just name a bunch of people that work for them) making written requests to the ISP for six points of subscriber information. The issue here (well, one of many) is that the ISP must provide the info. No choice. This is the biggest change from the way it works now, when ISPs may give the information.
Perhaps more importantly, there is no independent arbiter of when the information is given. The designated person asks, the ISP must give. C’mon, who needs oversight? Especially considering that there is no legal standard as to when the designated person can ask for the subscriber info. The Act only says the person must be acting in service of their police duties when he requests the info. It is only after the fact that the person must say why getting the subscriber info was relevant. Again, what could possibly go wrong?
At least the procedure involves a written request which would leave a paper trail, right? Not so fast! The Act goes on to say:
17. (1) Any police officer may, orally or in writing, request a telecommunications service provider to provide the officer with the information referred to in subsection 16(1) in the following circumstances: (…)
Oh FFS. Already the Act is making exceptions for itself. So the police can just ask over the phone if the circumstances that come next apply. Here’s what caught my eye:
(b) the officer believes on reasonable grounds that the information requested is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property
I bolded that last part so you can see my big problem here. WTF does protection of property have to do with protecting children from online predators? Absolutely nothing of course. This is just one egregious example of how the Bill overreaches, and makes it clear that how it was drafted really had nothing to do with protecting children and everything to do with online spying.
Oh and btw, this part of the Act dumps the whole “designated person” business and replaces it with “any police officer.” Nice job, drafters! It even surprised Mr. Toews.
If I may pause for a minute to inform you of your rights, from our hard-won Canadian Charter of Rights and Freedoms:
7. Everyone has the right to life, liberty and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice.
8. Everyone has the right to be secure against unreasonable search or seizure.
There may be some issues here. Just sayin’.
But wait, we’re totally not finished with the juicy stuff. A lawyer at the Department of Justice who shall remain anonymous pointed me to sections 33 and 34 of the Act, which provide for the enforcement of the Act via an inspection power. According to section 34, these inspectors can “enter any place owned by, or under the control of, any telecommunications service provider” in order to enforce the Act. When they go in for an inspection, they can examine any document, test any equipment, use any equipment to get any information they want (seriously), and make copies of it all to take with them. And the ISP can’t stop them. In fact, the Act says the ISP must help the inspector. Again, what could go wrong?
Well, plenty. There are all sorts of quasi-criminal penalties in the Act, in the form of fines. This is often called “penal liability”. And if you will forgive a bit of a legal discussion, there is precedence here! The case was R v. Jarvis, and in it the Supreme Court said that when the government was doing investigations that brought about the penal liability under the Income Tax Act, there are a whole other set of considerations than when they are just doing an audit. And those considerations are the Charter and warrants. This Act has penal liability, not to mention the fact the the whole point of the Act is to catch criminals! Thus, the Charter and warrants should be in play. The government might want to read the Jarvis case sooner rather than later.
There is plenty more juicy stuff to go through, but I think this post is long enough already. Geist has a good piece today on one of the other provisions that updates the Criminal Code’s warrant provisions. It is pretty ugly too. This whole thing is pretty ugly, and everyone let Vic Toews know it. The government may actually be listening, as they have sent the Bill to committee before second reading, which most likely means there will be some changes. We can only hope they are significant. Protecting children is a good idea; a system that grants police and officials massive powers of warrantless spying is not.