I’m incapable of offering this accounting. The same is true for every other Canadian, whether they are a government bureaucrat, private citizen, corporate agent, or government Minister, because the legislation itself remains murky. Thus, rather than suggest that the legislation will cost X dollars, in this post I outline why people cannot cost out the bill if they solely rely on existing public information.
I begin this post by quickly outlining what the Canadian government suggests that the legislation will cost. Having done so, I move to critique the origins of the government’s numbers. This entails first examining the issue of interception capabilities, second, of storage costs, and third, of the status of Telecommunication Service Providers’ existing lawful access capacities. I conclude by noting the lack of clarity surrounding C-30’s breadth and the need for clarity during the legislative, rather than regulation-setting, stage of the bill’s development.
Lawful access legislation is upon Canadians. Introduced by Minister Toews as ‘with the government or with the child-pornographers’ legislation, lawful access will radically expand the scope of Canadians’ personal information that government authorities can collect without a warrant. Personal information would be turned over to the government under new powers regardless of whether an individual’s actions had violated the Criminal Code. Lawful access powers will be granted to formal policing organizations, including municipal, provincial, and federal police, to Canada’s spy agency, CSIS, and to the Competition Bureau. Since the legislation has been tabled, media and experts alike have been scratching their heads to understand the significance of changes between the previous and current versions of the bill. In a subsequent post, I’ll be writing about how the delimited subscriber information fields that authorities want to access is excessive, and I will demonstrate how these fields will be used and can be abused.
In this post, however, I am taking a step back from the legislation proper. Rather than talk about lawful access, I want to make available a book chapter, written for the Canadian Centre for Policy Alternatives, that unpacks some of the surveillance capacities within Canada’s current telecommunications networks. The chapter, titled “Is Your ISP Snooping On You?” (.pdf) first appeared in The Internet Tree: The State of Telecom Policy in Canada 3.0. Specifically, the chapter focuses on a technology that is popularly called ‘deep packet inspection.’ Canadian network agents, such as Internet Service Providers, have deployed these technologies to manage their networks, throttle some kinds of data traffic (e.g. P2P file sharing-related traffic), and track subscriber usage of the networks. This same technology, however, has significant privacy and surveillance implications, insofar as it examines the depths of a data transmission: it is the metaphorical equivalent of not just looking at a postcard, but examining the photo and colour of ink on the postcard to make decisions about how to deliver/treat the message on the card. It is with these network-based technologies in mind that we should reflect on the significance of expanded police access to digital transmissions.
Why is deep packet inspection significant? Because lawful access in Canada might be understood as ‘level one’ of a three-stage surveillance process. The United Kingdom is arguably at ‘level two’ at the moment, on the basis that it possesses an embedded surveillance culture and infrastructure that sees over half a million requests for ‘transactional’ (i.e. everything but the words/pictures of a postcard) data each year. The third level, also being contemplated in the UK, would see deep packet inspection devices repurposed/installed by law enforcement and national security organizations to monitor, mine, and mediate data transmissions between UK citizens in near-real time. Canada isn’t at level three – we’re not even at level two just yet – but our ISPs have experience with embedding technologies that make level-two and -three scenarios possible. Thus, to understand the potential surveillance trajectory associated with lawful access, Canadians must understand existing Canadian network configurations to recognize that this legislation is the first of many stages, and question whether we really want to start down this path in the first place.
Despite some cries that the publishing industry is at the precipice of financial doom, it’s hard to tell based on the proliferation of texts being published year after year. With such high volumes of new works being produced it can be incredibly difficult to sort the wheat from the chaff. Within scholarly circles it (sometimes) becomes readily apparent what books are above middling quality by turning to citation indices, but outside of such (often paywall protected) circles it can be more challenging to ascertain what texts are clearly worth reading and which are not.
While I can hardly claim to speak with the weight of scholarly indices, I do read (and rate) a prolific number of texts each year. In what follows, I offer a list of the ‘best’ books that I read through 2011. Some are thought-provoking, others were important in how I understood various facets of the policy process, and still others offer interesting tidbits of information that have until now been hidden in shadow. For each book I’ll identify it’s main aim and a few points about what made the book compelling enough to get onto my list. Texts are not arranged in any particular ranking order and all should be available through your preferred book seller.
Elections Canada recently stated that sometime after 2013 it intends to trial online voting, a system that lets citizens vote over the Internet. Fortunately, they are just committing to a trial but if the trial is conducted improperly then Elections Canada, politicians, and the Canadian public may mistakenly come to think that online voting is secure. Worse, they might see it as a valid ‘complement’ to traditional voting processes. If Canadians en masse vote using the Internet, with all of its existing and persistent infrastructural and security deficiencies, then the election is simply begging to be stolen.
While quick comparisons between the United States’ electronic voting system and the to-be-trialed Canadian online voting system would be easy to make, I want to focus exclusively on the Canadian proposition. As a result, I discuss just a small handful of the challenges in deploying critical systems into known hostile deployment environments and, more specifically, the difficulties in securing the vote in such an environment. I won’t be writing about any particular code that could be used to disrupt an election but instead about some attacks that could be used, and attackers motivated to use them, to modify or simply disrupt the Canadian electoral process. I’ll conclude by arguing that Elections Canada should set notions of online voting aside; paper voting requires a small time investment that is well worth its cost in electoral security.
The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.
Parsons, Christopher; and Molnar, Adam. (2021). “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” David Murakami Wood and David Lyon (Eds.), Big Data Surveillance and Security Intelligence: The Canadian Case.
Parsons, Christopher. (2015). “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” Michael Geist (ed.), Law, Privacy and Surveillance in Canada in the Post-Snowden Era (Ottawa University Press).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.
Parsons, Christopher. (2015). “Beyond the ATIP: New methods for interrogating state surveillance,” in Jamie Brownlee and Kevin Walby (Eds.), Access to Information and Social Justice (Arbeiter Ring Publishing).
Bennett, Colin; Parsons, Christopher; Molnar, Adam. (2014). “Forgetting and the right to be forgotten” in Serge Gutwirth et al. (Eds.), Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges.
Bennett, Colin, and Parsons, Christopher. (2013). “Privacy and Surveillance: The Multi-Disciplinary Literature on the Capture, Use, and Disclosure of Personal information in Cyberspace” in W. Dutton (Ed.), Oxford Handbook of Internet Studies.
McPhail, Brenda; Parsons, Christopher; Ferenbok, Joseph; Smith, Karen; and Clement, Andrew. (2013). “Identifying Canadians at the Border: ePassports and the 9/11 legacy,” in Canadian Journal of Law and Society 27(3).
Parsons, Christopher; Savirimuthu, Joseph; Wipond, Rob; McArthur, Kevin. (2012). “ANPR: Code and Rhetorics of Compliance,” in European Journal of Law and Technology 3(3).