I spy with my little ISP

This week’s CBC tech column and podcast is all about lawful access legislation. The podcast features a special extended interview with Tamir Israel of CIPPIC. It’s online now in written and audio form [mp3 download].


“Stop spying.”

That’s the message from, a Vancouver-based internet advocacy group, to government and law enforcement officials. They’ve set up an online petition at to protest something called “lawful access legislation.”

I’ll admit, it’s an unfortunate name. When you say “lawful access legislation” out loud, it sounds like pretty much the most boring thing ever. But it’s not. I promise.

When Parliament resumes in September, the debate surrounding this controversial legislation will start to heat up, and it’s well worth paying attention.

In a nutshell, lawful access has to do with how law enforcement can access your communications. That includes activities like wiretapping, and obtaining access to your email or your web surfing history.

Of course, right now, police can get access to any of that stuff, but it requires legal authority (like a warrant) and reasonable grounds to believe you’ve done something wrong. But proposed new lawful access legislation could change things, making it easier for police to get detailed information about you from your internet service provider, your social networking accounts, or from your cellphone company (in some cases, without a warrant or without reasonable grounds to believe you’ve done something wrong).

Understandably, these proposed changes freak some people out.

So why are we hearing about this now? There are a couple of reasons.

First, because new legislation is expected soon. Over the past several years, there have been a number of attempts to pass new lawful access legislation, but for a variety of reasons (including Parliamentary prorogation), nothing has materialized. The most recent attempt took place in the last Parliament, in the form of three separate bills: C-50, C-51, and C-52. They all died on the order paper.

During the last election, the government promised to bundle these three lawful access bills together (along with a bunch of other related legislation) into an omnibus crime bill. And they promised to pass this omnibus bill within 100 days of taking power.

The other reason the lawful access issue is heating up is that stateside, a U.S. House of Representatives committee recently approved similar legislation. It’s not exactly the same, but the bill would compel American ISPs to store detailed information about their customers’ online activities.

People have been asking, “Could the same sort of thing happen here in Canada?” The answer seems to be yes.

Warrantless internet snooping

From a civil liberties perspective, warrantless internet snooping is a big deal. But when it comes to the day-to-day online activities of most Canadians, the effects are harder to explain.

Right now, almost everything you do online is being tracked. Your browsing history, e-mail communications, and GPS location data — it’s all being collected, and police can already get access to that information ifthey have legal authority (like a warrant). If new lawful access legislation is passed, it could become much easier for police to get access to that kind of information.

Police could approach your ISP or your email provider and compel them to keep their logs about you for longer than they ordinarily would. In some cases, police could force service providers to hand over identity or tracking information, even if they don’t have reasonable grounds to believe you’ve done something wrong.

Privacy advocates worry about the lack of oversight in this whole process. And they worry that this could turn private companies like internet service providers into state agents who spy on their customers.

Why it matters

“But Dan,” you might say, “I have nothing to hide. Why should I care?”

Even if you have nothing to hide, there are plenty of reasons to care about lawful access.

For instance, you might care about this on principle. You might not like the idea of your ISP or your cellphone company violating your reasonable expectation of privacy, even if all your communication is along the lines of, “Honey, do you need me to pick up anything at the grocery store?”

Personally, my concern has to do with personal data security. My ISP or cellphone company has the ability to keep a staggering amount of information about me and my family. Those detailed records could become a really attractive target for hackers with nefarious intentions. Imagine what you could do if you knew everything about someone’s online activity: where they went online, when they went there, who they talked to, what they said. Simply collecting and preserving this information presents a security risk.

In addition to the petition (which has upwards of 40,000 signatures), there have been several other strong reactions to this proposed legislation. For instance, the Privacy Commissioner of Canada and her provincial and territorial colleagues have written an open letter to William Baker, Deputy Minister of Public Safety, expressing their concerns about lawful access.

This issue is just starting to heat up, and I suspect we’re going to hear much more about it in the coming weeks and months. I’ll definitely keep a close eye on it, from underneath my tinfoil hat.

#cippic #lawful access #tamir isreal