{ texts for nothing }

Michael Geist has reviewed a couple of recent cases here in Canada (including one I wrote about last month) with implications for the privacy of your online activity. His conclusion: As far as the courts are concerned, your ISP’s terms of service override your privacy rights. When you signed up for Internet service, you agreed to let your provider decide whether to hand over your personal information to the cops without a warrant.

These decisions place the spotlight on the fact that customer privacy on the Internet is not guaranteed by national privacy law. Rather, the law actually leaves the disclosure decision in the hands of the organization that has collected the information, which can choose whether to turn over personal information in certain circumstances without a warrant.

Moreover, most Internet-focused organizations such as ISPs have drafted user agreements in which their customers have consented to such disclosure policies. These cases confirm that courts will typically enforce user agreements regardless of whether subscribers have taken the time to read them.

While most companies are reluctant to publicize their disclosure practices, according to government documents recently obtained under the Access to Information Act, the RCMP estimates that 30 percent of Canadian organizations do not reveal personal information to law enforcement without a warrant.

The RCMP estimates did not include specific data on ISPs, but their estimates are borne out by current practices. Bell and Rogers chose to reveal customer information in the Wilson and Vasic cases, however, not all Canadian ISPs would have followed suit. For example, in Atlantic Canada, Bell Aliant requires law enforcement to obtain a warrant in an all non-emergency situations.

Privacy hint: If you use Tor, your online activity will be anonymous, even to your ISP. For other tips on how to protect your privacy when using information technology, check out the Electronic Frontier Foundation’s Surveillance Self-Defense Project.

An Ontario superior court has ruled that there is no reasonable expectation of privacy to subscriber information. If cops have your IP address, the judge says, they don’t need a warrant to get your name and physical address from your ISP.

Not surprisingly, the judge’s ruling is based on a faulty understanding of how the Internet works:

Judge Leitch accepted the arguments of Crown attorney Elizabeth Maguire that the information is similar to what is in a phone book.

“One’s name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state,” Judge Leitch said.

But an IP address is not biographical information. It doesn’t identify me, it identifies my computer on a network. It’s also visible to every website I visit — and the sites I visit, like the books I check out of the library, should be kept private from the state (in the absence of a warrant). Why? Because they reveal a lot of personal information about me, including some information that I would consider no one’s business but mine. If an IP address were biographical information, that would mean you were giving your name and physical address to every website you visit … and I think most people would find that disturbing. Which means there is a reasonable expectation of privacy, quite literally: most people think, quite reasonably, that their online activities should be private.

I wonder how this decision will affect the Conservatives’ forthcoming lawful access bill.

Michael Geist reports that lawful access is back on the legislative agenda in Ottawa. And — surprise, surprise — both the Liberals and the Conservatives are backing it:

First, the Globe and Mail reports today that new Public Safety Minister Peter Van Loan has indicated that lawful access legislation is being prepared that will force ISPs to allow law enforcement to monitor Internet-based conversations.  The power to compel will apparently be subject to court order.  Second, Liberal MP Marlene Jennings has reintroduced her lawful access private member’s bill, called the Modernization of Investigative Techniques Act.  The Jennings bill is a virtual copy of a failed Liberal lawful access bill that died in 2005.

In that Globe and Mail article, Peter Van Loan justifies the proposal as follows:

“If somebody’s engaging in illegal activities on the Internet, whether it be exploitation of children, distributing illegal child pornography, conducting some kind of fraud, simple things like getting username and address should be fairly standard, simple practice. We need to provide police with tools to be able to get that information so that they can carry out these investigations.”

Mr. Van Loan said there have been situations where the police want to act quickly to stop a crime, but can’t because of the current laws.

“In some of these cases, time is of the essence,” he said. “If you find a situation where a child is being exploited live online at that time — and that situation has arisen before — police services have had good co-operation with a lot of Internet service providers, but there are some that aren’t so co-operative.”

Sure. Remember all those cases where the cops were watching some evil pedophile abuse a helpless child live on the Internet, but those dastardly ISPs were refusing to help them out because they don’t care about poor innocent children, or something?

Oh, wait. The one time that happened, the ISP gave the cops what they needed and they arrested the guy two hours later.

The Conservatives say that their bill would require cops and spies to get a court order of some kind. But there are different kinds of court orders, and it’s not yet clear what sort of evidentiary standards will be required. One of the many objections to the original lawful access proposals, way back in 2002, was that the cops and spies wanted a very low standard of evidence, which would substantially reduce our freedom from search and seizure (section 8 of the Charter of Rights and Freedoms).

What? You don’t remember the lawful access proposals of 2002? Okay, then. Here’s a brief history of lawful access in Canada:

• In the mid-1990s, cops and spies began lobbying Jean Chretien’s Liberal government for increased powers of surveillance. They said they just couldn’t keep up with all this new-fangled technology and needed “lawful access” legislation to make up for it. Critics objected that the police proposals would entail a drastic expansion of the state’s power to spy on its citizens.
• In 2002, the Liberals held a round of public consultations on lawful access. They encountered strong objections from the telcos, who hated the costs it would impose on them, and from civil society groups. The effort was postponed.
• In 2005, there was a second round of consultations. This time, the Liberals tried a divide-and-conquer strategy: they met separately with the telcos to deal with their concerns and held a laughably short two-week consultation with the general public. After all, if you can get big business on your side, who cares what civil society thinks?
• Following those consultations, the Liberals introduced the Modernization of Investigative Techniques Act, which contained less-controversial provisions like requiring telcos to make it technologically possible for cops and spies to intercept communications on their networks, and forcing them to give basic subscriber information to cops and spies without a warrant (as opposed to, say, requiring them to keep copies of actual communications for a period of time). Fortunately, the bill died when Paul Martin’s government fell.
• In 2007, Liberal MP Marlene Jennings reintroduced the Modernization of Investigative Techniques Act as a private member’s bill. As usual with such bills, it went nowhere.
• Later that year, the Conservatives launched a new consultation on lawful access — deliberately excluding the public from the process altogether. During the resulting controversy, Stockwell Day attempted to mollify public opposition by saying, “We have not and we will not be proposing legislation to grant police the power to get information from internet companies without a warrant.” Meanwhile, the National Post complains that words get in the way of saving children.
• Now, in 2009, we’ve got a Conservative government giving the same old song and dance routine about pedophiles and ticking time bombs and technologically inept cops — and Marlene Jennings reintroducing her reintroduction of a failed Liberal bill from the Paul Martin era.

In short, successive Canadian governments have been trying to pass lawful access legislation for seven years. They’ve failed, partly because electoral politics got in the way, but also because civil society groups have strongly and consistently objected to unnecessary expansions of state surveillance powers. Fundamentally, though, the Liberals and Conservatives are in agreement on this issue — which means it’s only a matter of time before the cops and spies get their way, and we lose a little more of our freedom.

Well, his nominee for Attorney General does, anyway:

President-elect Barack Obama’s nominee for attorney general has endorsed an extension of the law that allows federal agents to demand Americans’ library and bookstore records as part of terrorism probes, dismaying a national group of independent booksellers.

Eric Holder said at his confirmation hearing Thursday before the Senate Judiciary Committee that he supports renewing a section of the USA Patriot Act that allows FBI agents investigating international terrorism or espionage to seek records from businesses, libraries and bookstores. If not renewed by Congress, the provision will expire at the end of 2009.

The searches must be authorized by a court that meets secretly and has approved the government’s requests in nearly all cases, according to congressional reports. The target of the search does not have to be suspected of terrorism or any other crime. A permanent gag order that accompanies each search prohibits the business or library from telling anyone about it.

Happy Coronation Inauguration Day.

Canada’s Privacy Commissioner, Jennifer Stoddart, is concerned that Google’s new Street View feature could break Canada’s privacy laws.

Street View is a feature in Google Maps that displays street-level photographs for various cities in the US. It allows you to see what those cities look like “on the ground.” Unfortunately, the photographs in Street View include candid images of people who happened to be in the street while Google’s photographers were taking pictures.

Street View isn’t currently available for Canadian cities, but that could change. In her letter to Google, Stoddart wrote, “I am concerned that, if the Street View application were deployed in Canada, it might not comply with our federal privacy legislation. In particular, it does not appear to meet the basic requirements of knowledge, consent, and limited collection and use as set out in the legislation.”

Stoddart’s letter also points out that Immersive Media, the company that supplied Google with the photos it uses for Street View, has already collected similar photos for six major Canadian cities, including Vancouver.