Privacy & Surveillance

Posts under this category name relate to privacy generally, rather than distinguishing between the various ‘kinds’ of discussing or recognizing privacy.

Canadian Social Media Surveillance: Today and Tomorrow

/ Christopher Parsons / 8 Comments

Image by Maureen Flynn-Burhoe

After disappearing for an extended period of time – to the point that the Globe and Mail reported that the legislation was dead – the federal government’s lawful access legislation is back on the agenda. In response to the Globe and Mail’s piece, the Public Safety Minister stated that the government was not shelving the legislation and, in response to the Minister’s statements, Open Media renewed the campaign against the bill. What remains to be seen is just how ‘lively’ this agenda item really is; it’s unclear whether the legislation remains on a back burner or if the government is truly taking it up.

While the politics of lawful access have been taken up by other parties, I’ve been pouring through articles and ATIP requests related to existing and future policing powers in Canada. In this post I first (quickly) outline communications penetration in Canada, with a focus on how social media services are used. This will underscore just how widely Canadians use digitally-mediated communications systems and, by extension, how many Canadians may be affected by lawful access powers. I then draw from publicly accessible sources to outline how authorities presently monitor social media. Next, I turn to documents that have been released through federal access to information laws to explicate how the government envisions the ‘nuts and bolts’ of their lawful access legislation. This post concludes with a brief discussion of the kind of oversight that is most appropriate for the powers that the government is seeking.

Continue reading

The Danger of Fetishizing BlackBerry Messenger Security

/ Christopher Parsons / 5 Comments

BlackBerry Bold 9780Research in Motion has a problem. For years they promoted themselves as a top-notch mobile security company. During those initial years most of their products were pitched at enterprise users.

Then RIM got into the consumer market.

Most consumers equate RIM’s products with security, email, BlackBerry Messenger (BBM), and a tepid suite of other smartphone features. Most of the people who report on the company tend to agonize over the fact that RIM complies with government surveillance laws. Such reports inevitably emerge each time that the public realizes that RIM meets its lawful access requirements for consumer-line products.

In this post, I want to briefly address some of the BBM-related security concerns and try to (again) correct the record surrounding the security promises of the messaging service. After outlining the deficits of consumer BBM products I briefly argue that we need to avoid fetishizing technology, encryption, or the law, and should instead focus on the democratic implications of the lawful access-style laws that governments use to access citizens’ communications.

In the interest of full disclose: I have family and friends who work at Research In Motion. I haven’t spoken to any of them concerning this post or its contents. None directly work on either BBM or RIM’s encryption systems.

Continue reading

Unpacking the Potential Costs of Bill C-30

/ Christopher Parsons / 6 Comments

Expense Sheet The Government of Canada has, at least temporarily, backed away from pushing through its tabled lawful access legislation. While many critiques of the legislation abound – some of which I’ve recently noted surrounding warrantless access to subscriber information – there have been limited critiques of the actual financial costs associated with the bill. While some public commentators have suggested that the legislation will threaten small Internet service providers’ financial viability, there has yet to be a formal, detailed, and public financial accounting of lawful access-related costs.

I’m incapable of offering this accounting. The same is true for every other Canadian, whether they are a government bureaucrat, private citizen, corporate agent, or government Minister, because the legislation itself remains murky. Thus, rather than suggest that the legislation will cost X dollars, in this post I outline why people cannot cost out the bill if they solely rely on existing public information.

I begin this post by quickly outlining what the Canadian government suggests that the legislation will cost. Having done so, I move to critique the origins of the government’s numbers. This entails first examining the issue of interception capabilities, second, of storage costs, and third, of the status of Telecommunication Service Providers’ existing lawful access capacities. I conclude by noting the lack of clarity surrounding C-30’s breadth and the need for clarity during the legislative, rather than regulation-setting, stage of the bill’s development.

Continue reading

(Un)Lawful Access Panel at University of Victoria

/ Christopher Parsons

UnLawful Access posterThe (Un)Lawful Access event takes place tomorrow (March 8, 2012) at the Fraser Building, room 157, on the University of Victoria Campus. It should be a really interesting discussion; Michael Vonn is one of the sharpest people in Canada on lawful access, and I’ll be addressing some of the technical and international characteristics of lawful access legislation. All are welcome, and it will take place between 12:30-1:30pm. There’s a Facebook event page for the event where you can register or learn more.

BCCLA Releases Electronic Devices at the Border Handbook

/ Christopher Parsons

U.S.-Canada Border Crossing Crossing international borders can be worrying, especially for those carrying confidential or privileged information on their electronic devices. While I’ve seen a variety of documents and advisories explaining how to deal (or not deal) with American border authorities, there hasn’t been what I consider a decent guide for dealing with the Canadian Border Services Agency (CBSA). As of today, this deficit has been significantly remedied.

For the past several months, Greg McMullen has been working on a handbook to help Canadians (and non-Canadians) navigate officials’ demands for electronic devices at Canada’s national borders. The BCCLA has funded his work, and the handbook is intended for educational and discussion purposes; it isn’t intended to replace legal counsel or constitute firm legal advice. The handbook is written for a general audience and does a nice job of walking readers through what rights they enjoy at the border, CBSA policies, best practices, and what to do if you have been subject to a search.

I’d highly recommend the handbook, which is available through the BCCLA and also available for download through my website.

The Issues Surrounding Subscriber Information in Bill C-30

/ Christopher Parsons / 12 Comments

SIMThe most recent version of the Canadian Government’s lawful access legislation is upon us. The legislation expands the powers available to the police, imposes equipment- and training-related costs on Telecommunications Service Providers (TSPs), enables TSPs to voluntarily provide consumer information to authorities without a warrant, forces TSPs to provide subscriber data without warrant, and imposes gag orders on TSPs who comply with lawful access powers. Economic and civil rights costs are, as of yet, murky. Despite being an extremely lengthy piece of legislation, Bill C-30 lacks the specificity that should accompany serious expansions to Canadian policing and intelligence gathering powers.

In this post, I first outline a ‘subscriber data regime’ to discuss what does – and may – be entailed in accessing Canadians’ subscriber data. Second, I explain how subscriber data can be used for open-sourced intelligence gathering. Third, I argue that an administrative process of expanding subscriber identifiers is inappropriate. Finally, I articulate why warrants are so important, and why court approval should precede access to subscriber data. In aggregate, this post explicates the concerns that many civil advocates, academics, and technical experts have with access to subscriber information, why Canadians should be mindful of these concerns, and why Canadians should rebuff current efforts to expand warrantless access to subscriber information.

Continue reading