Focus, Build, HackLawful access legislation was recently (re)tabled by the Government of Canada in November 2013. This class of legislation enhances investigative and intelligence-gathering powers, typically by extending search and seizure provisions, communications interception capabilities, and subscriber data disclosure powers. The current proposed iteration of the Canadian legislation would offer tools to combat inappropriate disclosure of intimate images as well as extend more general lawful access provisions. One of the little-discussed elements of the legislation is that it will empower government authorities to covertly install, activate, monitor, and remove software designed to track Canadians’ location and ‘transmission data.’

In this post I begin by briefly discussing this class of government-used malicious surveillance software, which I refer to as ‘govware’. Next, I outline how Bill C–13 would authorize the use of govware. I conclude by raising questions about whether this legislation will lead government agencies to compete with one another, with some agencies finding and using security vulnerabilities, and others finding and fixing the vulnerabilities such tools rely. I also argue that a fulsome debate must be had about govware based on how it can broadly threaten Canadians’ digital security. Continue reading