The Canadian Association of Chiefs of Police (CACP) recently made a plea for increased access to e-mail and Internet monitoring provisions during its conference in Vancouver in August. The association’s spokesman said police are losing the battle against crime because they are hampered by wiretap
access legislation that hasn’t been updated since 1974.
Lawful Access is a proposal to amend several federal acts, including the Criminal Code and the Canadian Security Intelligence Service Act to add specific provisions to allow law enforcement to gain access to advanced communications technologies such as e-mail, Web browser activity and other Internet-based communications. These provisions include requiring Internet service providers (ISPs) to maintain equipment that would allow them to record and store the Internet activities of their customers for police to examine at a later date. The Department of Justice collected public input on the proposal throughout the latter half of 2003. Most of the input, including that of several provincial privacy commissioners, was very cautionary and advocated for further public consultation.
The Lawful Access proposal is the prelude to what will likely become one of the most important legislative changes in our lifetime with respect to communications privacy. Not too surprisingly, most Canadians appear to be happy to snooze through the entire process. Even the mainstream media seem to have failed to notice that the comments of the CACP have been made in response to a detailed proposal that could have a significant effect on the balance of interests between privacy and law enforcement.
Canadian communities have become virtually besieged by criminal activity that the police and court systems are unable to suppress. It’s also clear the police are fighting a losing battle against technology-savvy criminal organizations. The legislative changes necessary to provide access to Internet communications is likely still several years away. Meanwhile, criminals are free and financially able to adapt technologies to their operations at a pace that law-makers are unlikely to match. Even the most liberal version of Lawful Access will fall short of placing law enforcement on an even footing. It’s unlikely, however, that anything more than a highly watered down version of Lawful Access will survive the public consultation process. Our society wants something done about crime, but we are unwilling to make the sacrifices in terms of privacy and civil liberty that are necessary to give the police the tools they need to respond.
Ironically, the point that is being missed by both police and privacy advocates is that the Lawful Access provisions are easily defeated by a computer user with only moderate skill, using only the tools included as standard with Microsoft Windows. Every current version of Windows is capable of creating and using a compressed (zipped) folder. One of the rarely used features of compressed folders is the ability to add an access password that encrypts the entire content of the folder. The encryption algorithm used is extremely difficult to defeat using the kind of computing power that is commonly available in the Intel/Windows environment. Using one or two symbols in the password makes the possibility of decryption exponentially more difficult. Criminals need only to make use of this and the 128 bit encryption features of Internet Explorer to defeat all but the most sophisticated and heavily funded law enforcement initiatives.
The system of invoking the Lawful Access provisions has the checks and balances necessary to ensure that it is used only for legitimate purposes. Those who fear the unlawful use of these provisions need to remember that privacy on the Internet has always been an illusion. Information flowing through the Net is accessible from a number of points and the technology to tap this flow is readily available, an ability exploited by spam advertisers regularly. Failing to equip our police similarly makes no more sense than insisting they chase speeders on a skateboard.