Lawful access ‘enormous financial burden’ for business

Better ways to interpret data, not more access to private information, is what law enforcement agencies need, according to opponents of the so-called “lawful access” bills – a set of proposed laws that would make it easier for police to access and track information about individuals through communication technologies such as the Internet, smartphones and other mobile devices.

The proposed legislation, known in the last session of parliament as Bills C-50, C-51, and C-52 were not passed before the spring 2011 election. But many observers believe they could enjoy greater support this time around in a Conservative majority government.

Last Friday, privacy advocates in academia, government, and public sectors got together in a symposium to explain why the bills should be strongly opposed.

“My two main issues with these bills are that: 1) The powers given to the police and lack of judicial oversight erodes civil rights; and 2) this will be an enormous financial and management burden for telcos, ISPs (Internet service providers), social networks and other business,” said Ann Cavoukian, information and privacy commissioner of Ontario.

Cavoukian, who has long espoused embedding privacy safeguards in technology and business processes through such initiatives as Privacy by Design and Privacy by Re-design, spearheaded last Friday’s event that was aptly called Beware of ‘Surveillance by Design:’ Stand up for freedom and privacy.

It’s NOT ‘just a number!’

Included in the panel were: Alan Borovoy, general counsel emeritus of the Canadian Civil Liberties Association (CCLA); Ron Deibert, director of the Canada Centre for Global Security Studies and the University of Toronto’s Citizen Lab; John Villasenor, professor of electrical engineering at the University of California, Los Angeles and senior fellow at the Bookings Institute; John Ibbitson, Ottawa bureau chief of the Globe and Mail; Natahlie Des Rosiers, general counsel of the CCLA; and David Fraser, lead counsel of McInnes Cooper Privacy Practice Group.

They are calling on people to demand amendments to the bills in order to curtail its overarching powers.

Cavoukian hopes these three civil rights safeguards could be added:

  • Requirement of a court warrant to access private data.
  • Elevating the bar for obtaining a warrant from “reasonable suspicion” to “reasonable grounds to believe.” The former has a lower standard of threshold.
  • Inclusion of a judicial oversight.

Speaking before a crowd of about 300, Cavoukian explained that under the proposed bills, the fields of customer data that law enforcers could compel companies to release go beyond “phone book information.”

She said the information would include IP (Internet Protocol) addresses; GPS (global positioning system) location, online search information and other digital data.

“Your IP address is not just a number,” Cavoukian said. The information can be linked to other personal data which will create a digital trail that reveals where you have been and when, who you see or collaborate with, what are your likes, beliefs or political affiliations. “Right now there is no assurance that once in their hands, authorities can protect that data or prevent its misuse,” she added.

‘Stop those bills’

Under current laws, ISPs can voluntarily release customer information to the authorities. However, they are only required to do so if they are served a warrant for it. The proposed bills will further make it easier for law enforcement agencies to acquire individual private information.

  • Bill C-52 would require telecommunication service providers to build and maintain intercept capability into their own networks for use by law enforcement agencies and give the police warrantless powers to access subscriber information.
  • Bill C-51 would give the police new powers to obtain court orders for remote live tracking as well as suspicion-based orders which would require telecom service providers and other companies to preserve and turn over data of interest to the police.
  • Bill C-50 would make it easier for the police to obtain judicial approval of multiple intercepts, tracking warrants, production orders as well as access to and tracking of e-communications.

The scope of the data haul is staggering to contemplate and it poses a grave risk to civil liberties and individual rights, according to Borovoy. Admittedly, he said, lawful access has the potential to make police work easier and may help “catch the bad guys.

“But such a practice will also expose data associated with innocent third parties. These are the innocent people who may have been linked by the data to the police’s target person,” he said.

Moreover, Burovoy said, examples from the United States indicate culling massive amounts of data through surveillance has not been very effective. He said authorities south of the border revealed that during a two year period of electronic bugging of some 1,5000 persons, they had recorded more than half a million conversations. “By their own admission, a vast majority of that information was irrelevant to the case and turned out to be useless.”

Less data more analysis

Deibert, whose organization is largely responsible for uncovering government online censorship activities and digital espionage, said there is actually no need for law authorities to compile such a huge a mount of data.

“Proponents of these bills have not demonstrated the need for more power to gather personal information,” he said. “There’s already too much information everywhere.”

Deibert argued that law enforcement agencies should be spending more of equipment and training that will help their personnel “navigate” a new tech-driven environment.

“Tool that will help them analyze the data they now have access to, is what the police needs. Otherwise the deluge of information will just bog them down,” he said.

Erosion of business-customer relations

Another peril posed by Bills C50, C-51 and C-52 is the erosion of relationships between businesses and their customers, according to Des Rosier, counsel for the CCLA.

“These days consumers entrust a lot of their information to companies they do business with. When these companies are by law compelled to divulge that information, that trust is eroded,” she said.

Fraser, of McInnes Cooper agrees. “This turns business into proxy spies for the cops. They become agents of the state.”

He said the proposed bills could destroy many business models. For instance, Research in Motions, BlackBerry smartphone is used by millions the world over because the company’s message encrypting technology and backend data protection protects the security and privacy of user’s transmissions. Skype’s popular ree and cheap video conferencing service relies on a peer-to-peer system “where there is no single control point and anyone can plug in,” said Fraser.

Over the past 18 months, several countries had in fact demanded that RIM provide them with the backdoor access.

“By introducing a backend door that authorities can tap into at will, the police can have a a wholesale data dump and you destroy the privacy by design,” he said.

Cavoukian also said that installing technologies that would allow authorities to collect customer information would be an enormous drain to companies. “They are requiring all these tool but it will be up to the businesses to provide for it.”

“It’s not just the large telcos and ISPs that will be on the hook. Even smaller ISPs and businesses providing online services will be hit,” Cavoukian said.

Nestor ArellanoNestor Arellano is a Senior Writer at Follow him on Twitter, read his blog, and join the IT Business Facebook Page.

Share on LinkedIn Share with Google+