About the Other Day: Lawful Access and ISPs in Canada
The other day I pounded away madly on the keyboard about global internet regulation. I was perturbed by the preliminary ‘e-G8’ meetings convened by President Sarkozy that seemed mostly designed to push a regulated Internet on the basis of bringing order to a disorderly and criminal Internet. It was a bad idea I said.
Here, though, I want to speak about the push for similar measures in Canada. As I see things, an open network is caught in the cross-hairs of several forces at the present moment:
- first, we have the well-known issues of UBB and bandwidth caps that are transforming the open and user-centric Internet into the pay-per Internet;
- second, we have the copyright industries pushing for ISPs and search engines to become extensions of the copyright enforcement regime;
- third, each of the ‘big six’ ISP’s ‘acceptable use policies’ contain extensive measures that constrain what people can and cannot do with their Internet connections;
- fourth, proposals in the Investigative Powers for the 21st Century Act (Bill C-51) introduced in the last Parliament and set to be reintroduced with the new Government’s omnibus crime bill sometime soon aim to retool communication networks in Canada for greater surveillance capabilities and to make it mandatory for telecoms providers, ISPs and search engines to disclose subscriber information, including name, address, IP address, and email address law enforcement official without court oversight.
This post focuses on the latter initiative, and what is known as ‘lawful access’. As with the rhetoric mobilized by Sarkozy, underpinning the push for greater surveillance power and easier access to records of Internet users is the idea that the Internet is disorderly and unruly place.
Yet, we must remember that in Canada, the Criminal Code already covers the Internet and crimes in real space are also crimes in cyberspace, notably child pornography, ‘hate crimes’, and obscenity. In other words, the Internet is not the wild west without the rule of law in place.
The Government wants to, it says, simply update and ‘modernize’ the existing arrangements with the Investigative Powers for the 21st Century Act (Bill C-51), a move which they say is long overdue because the existing laws were put into place when there was no such thing as the Internet. The Canadian Internet Policy and Public Interest Centre (CIPPIC) offers a good historical review of the current bill and its predecessors here.
In some ways, the Government claim is true. Public communication networks have always been intertwined with the interest and operations of the nation-State. That was as true for Roman roads and Venetian canals in the past, as it has been for the telegraph, postal and other media networks that have evolved up until today.
From emergency 911 services, spectrum grants to police and firefighters, and the Defense Early Warning (DEW) line in Northern Canada during the Cold War (and lucrative development ground for what eventually would become Nortel, before it crashed and burned on the embers of dot.com stupidity), the state and communications providers often work hand in glove. Silicon Valley North, as some in Kanata like to say, ain’t next to Ottawa (and the DND, or CSIS, or the Communication Security Establishment) for nothing.
In the past, some heterodox media political economists such as Dallas Smythe and William Melody complained that building networks to high-end national security, military, law enforcement and business needs created gold plated networks that were effectively subsidized by the general telephone subscribers.
Yet, just because there is nothing new in telecoms companies being deeply involved in matters of the state and law, this does not mean that there is not a lot that is new in the Government’s proposed legislation.
The new legislation:
- is not based on compelling arguments that it will deal better with crimes in cyberspace — child pornography, ‘hate crimes’, and obscenity –than the Criminal Code, without unduly stifling the free of expression in network media spaces.
- would require telecoms providers, ISPs and search engines to adopt expensive ‘network upgrades’ that expand their capacity to collect and retain ‘general contact data’ for all of their subscribers and even for specific contents of our online communications.
- to disclose this information to law enforcement and national security agencies upon request.
- to do so without a court-authorized warrant.
A few journalists and bloggers have issued alarmist calls that the new legislation would effectively outlaw anonymity and certain kinds of hyper-linking. I don’t think so. Michael Geist and the legislative review of the Investigative Powers for the 21st Century Act done by the Library of Parliament show convincingly enough that that’s not likely to happen.
It will, however, implement several new measures that will skirt, or bypass existing practices: no court orders, wide-scale implementation of news surveillance technologies, and procedures that have left all of Canada’s provincial Privacy Commissioners and others strongly opposed to the Conservative’s proposed new law.
One virtue of the Investigative Powers for the 21st Century Act (Bill C-51) is that it will bring out into the open and formalize in law a set of ‘voluntary’ practices that are already used to combat ‘cybercrimes’, but currently conduced behind closed doors.
Project Cleanfeed, for instance, involves ISPs working hand-in-hand with police to identify and block problematic URLs, mostly for the purposes of blocking access to child pornography and to facilitate investigations of such activities. The RCMP works hand-in-hand with the Immigration and Customs Enforcement (ICE) in the United States and thirty some odd similar agencies worldwide to disable access to ‘illegal websites’, so-called ‘domain name seizures’. The new law would match up with the facts on the grounds as they’ve already been established by ‘the State’.
The problem, however, is enrolling telecoms providers, ISPs and search engines in such processes to begin with. Up until now, ISPs act in tandem with the police through secret lists, no CRTC oversight, no court orders, etc. in Project Cleanfeed. Formalizing the requirement that they continue to take on this role, and to do so at the beck and call of national security agencies and cops rather than a court authorized warrant, takes a very bad route to a potentially good thing. Legalizing ‘rough justice’ and a murky role for ISPs does not sound like a good idea to me.
As I said earlier, telecoms companies have always had to build their networks equipped for national security and law enforcement purposes, and to comply with court orders when they are presented with them. That should continue to be the case today, with more candour and conformity to the concerns of privacy raised by, among others, all of the Provincial privacy commissioners pointed to above.
Basic rule in all of these cases, and regardless of whether it is the state or market interests that are bending basic networks and functionalities (i.e. search, storage, surveillance, etc.) to their purposes, is that gateways (telecom networks and ISPs) should never be gatekeepers. The goal should be to minimize rather than to maximize surveillance and ‘gatekeeper’ powers.
The idea of badly authorized and murky intelligence operations running roughshod on the public Internet is not a dystopian and remote fantasy. Over three quarters of U.S. military communications runs on the public netowrk. All submarine cables landing on U.S. shores must be equipped with electronic surveillance capabilities built to the specs of the U.S. state. Aspects of the common carrier/network neutrality obligations for telecoms and ISP providers in the U.S. were traded off in 2005 in return for major telecoms providers upgrading their networks in line with the asserted needs of a ‘post 9/11 world’.
Under the guise of the ‘global war or terrorism’, all of the major US telecoms and ISPs — AT&T, Verizon, SBC, Sprint, etc. (except, to its credit, Qwest) turned over these capabilities to the National Security Agency to eavesdrop on telephone, email and Internet communications between people in the US and elsewhere in the world. Again, while the objectives may have been legit, the operation skirted the existing laws and the courts found such activities illegal and claims that President Bush had unbound ‘wartime powers’ unjustified as New York Times’ reporters James Risen and Eric Lichtenblau revealed in December 2005 — albeit, after the New York Times had sat on the article for a year.
Congress rewrote the law in 2008 to bring the law into line with the facts that the Bush Regime had established on the ground. The new law also gave AT&T, et. al. retroactive and future immunity from prosecution when dealing with similar requests. A Second Circuit Court of Appeal in New York put the issues back into play recently when it reinstated a lawsuit by human rights groups, journalists, media organizations, labour unions and others who argue that Internet and telecoms surveillance violates their rights to privacy and freedom of expression (See here for a fuller treatment of the issues).
I am concerned that, from the general drift of things in the Investigative Powers for the 21st Century Act, as well as the lessons from the past decade in the U.S. and the choir of voices coming from the G8 last week about the need to ‘civilize’ cyberspace, point in the wrong direction: a more tightly regulated, closed and murky Internet. Basic standards of judicial oversight are removed and capacities expanded. There are pressing issues at hand, but they need to be handled with dexterity rather than the iron-fist of the national security state.
Just for fun, let me point to just one alternative way of doing things: the Icelandic Modern Media Initiative, a drive to adopt the most open and freedom of the press and communication-friendly environment in the world. Here’s a Youtube video outlining some of its ideas and ideals. Imagine. .