A newspaper article based on a Criminal Intelligence Service Canada report was much like Kung Fu Fighting. It was a little bit frightening. And they did it with expert timing.
The Reuters story was a straight scalp from CISC’s 2002 annual report – specifically the section devoted to
technology and crime – with no other sources interviewed or, apparently, required. “”It would appear cost is no object”” for crime gangs when it came to “”attaining and developing leading edge technologies”” for use against authorities and rivals, thanks to their “”seemingly limitless resources.””
This prefaced a paragraph noting that Ottawa would introduce legislation giving police more access to information held by ISPs, phone companies and banks. News of which — quelle surprise — turned up the following day.
The timing is too suspect. First plant the seed of fear — organized crime’s use of sophisticated technology is growing — and the public won’t look to closely at legislation that threatens privacy and due process, among other cherished rights. (And no compliments to Reuters, for essentially letting CISC write the article by relying exclusively on the report.)
The legislation — open to public comment by e-mailing email@example.com — would require ISPs to retain traffic logs of all customers for six months to allow monitoring of suspects, and could entail a database of every Canadian with an Internet account.
ISPs say they’re always pleased to help out a police investigation, provided proper procedure is followed. But this is something else. Yankee Group in Canada analyst Mark Quigley fears “”ISPs wouldn’t necessarily have control over what was looked at and when, but it would be in the hands of law enforcement agencies to monitor Internet traffic, Internet use, without discrimination.””
How is this wrong? Let me count the ways …
ISPs co-operate with police already — as long as there’s due process. This would include application for a warrant to establish or examine logs on a User of Interest. With the monitoring left to the discretion of law enforcement, what is protecting us from misuse of that power?
Let’s not forget the potentially large infrastucture costs to ISP, telcos and banks to accommodate the requirements.
Then there’s the report itself. CISC began specifically reporting on the link between organized crime and technology in 2000. The reports vary little in substance from year to year. For example, the 2000 report notes that “”technology is a fact of life in both the legitimate and criminal worlds and there is no question that organized crime groups use computers, wireless phones and the Internet to communicate and do business.”” This isn’t worlds away from the 2002 admonition that “”technology plays a very significant role in our wired world … Organized crime groups not only recognize the significance of this influence, but also the vast economic potential that can be achieved through this exploitation.””
The 2002 report notes increased frequency of system intrusions and data theft, but doesn’t back up the claim with numbers. The only hard figures cited in the report show a $10 million increase in credit card fraud, though there was a second consecutive year-over-year decrease in forged credit card use.
The report singles out the threat of identity theft for particular attention, noting that it is “”on the rise in Canada”” — no supporting figures, bien sur — and that this type of crime is “”devastating to the victim who is faced with trying to re-establish their rightful identity and credit rating”” (no argument from this corner).
“”As society becomes increasingly dependent on the Internet,”” notes the report. “”More information is being made available for exploitation.””
A great argument for not keeping running logs of all Internet users’ activities.