National Security: Investigative Capabilities Consultation

Dec 2, 2016 17:34 · 1721 words · 9 minute read Canada politics

Do you care about your privacy in the digital age? Please answer this Canadian Government questionnaire if you do.

It takes some time (it took me over an hour to do enough research to be able to answer these questions), but I’ve assembled some information to help you that will make it far shorter.

Thank you for your time in answering this. I feel it is important.

My Answers

How can the Government address challenges to law enforcement and national security investigations posed by the evolving technological landscape in a manner that is consistent with Canadian values, including respect for privacy, provision of security and the protection of economic interests?

There does not appear to be any evidence presented here that there are any challenges to law enforcement that are unique to the rise of technology. Taking into consideration articles written in the past couple months in the national media, I still find doubt. The articles written seemed entirely one sided and did not present any of the implications of what the law enforcement where requesting.

From what I’ve inferred here, you’ve shown that the law enforcement are annoyed by having to follow procedure and not being able to gain unfettered access immediately to our private data. This is not a problem, this is a feature.

In the physical world, if the police obtain a search warrant from a judge to enter your home to conduct an investigation, they are authorized to access your home. Should investigative agencies operate any differently in the digital world?

No, a search warrant and all related procedure and requirements should be followed when investigative agencies operate in the digital world. In fact, it appears that much of what is in the digital world of Canadians is expected to be more private than what is in there physical space.

Houses do not keep a log of every conversation held within their walls, however many digital devices do. There is a higher expectation of privacy in the digital world than the physical.

Section 8 of the Canadian Charter of Rights and Freedoms (CCRF) protects Canadian’s against unreasonable search. Judiciary rulings (e.g.: R. v. TELUS Communications Co., [2013] 2 SCR 3, 2013 SCC 16) have shown that our reasonable expectation of privacy extends to private data held in confidence on remote servers as well.

Currently, investigative agencies have tools in the digital world similar to those in the physical world. As this document shows, there is concern that these tools may not be as effective in the digital world as in the physical world. Should the Government update these tools to better support digital/online investigations?

No. Evidence needs to be provided that this is required, I have seen no such evidence that tools in the digital world are not adequate. Just because could potentially track the conversations online does not mean we should be extending the powers of the law enforcement—effectively the government—to allow for it with ease.

Two people having a conversation on the street corner do not have an reasonable expectation of privacy, however, two people having a conversation within a private domicile would. Digital communications between two or more people are equivalent to a private domicile, tools should not be developed to break this trust.

I would also like to state this question is leading and has a pre-conceived ends, I find this distasteful and greatly concerning to see from the government of our people.

Is your expectation of privacy different in the digital world than in the physical world?

Yes. I expect the privacy of my digital world to be greatly superior to the privacy of my physical world. I have a greater control over what is private and public on my own devices than I do of the physical world.

Since the Spencer decision, police and national security agencies have had difficulty obtaining BSI in a timely and efficient manner. This has limited their ability to carry out their mandates, including law enforcement’s investigation of crimes. If the Government developed legislation to respond to this problem, under what circumstances should BSI (such as name, address, telephone number and email address) be available to these agencies? For example, some circumstances may include, but are not limited to: emergency circumstances, to help find a missing person, if there is suspicion of a crime, to further an investigative lead, etc…

The law is designed to protect the privacy of Canadians and their CCRF Section 8 rights. Abusing these rights removes the trust of the police—and government—from citizens, resulting in a lack of cooperation when it is within the investigators interests. A controlled and abused population has no interest in helping their government/protectors and will result in far more losses than police would gain by defeating R. v Spencer’s decision.

BSI should only be available to law enforcement once they have received an order from a court authorizing such information be made available—and ONLY the information requested and detailed, and ONLY if it is available. The onus cannot be placed on the data provider to harvest and maintain a record of this information if they choose not to and no negative consequences should be placed on the data provider if they are unable to comply.

BSI should also be considered suspect, as this information can change and other physical persons could be identified with the same information. As we move forward with technology, information pointing to one individual may no point to someone new (IP addresses are not 1:1 with users, neither are email addresses or telephone numbers).

Do you consider your basic identifying information identified through BSI (such as name, home address, phone number and email address) to be as private as the contents of your emails? your personal diary? your financial records? your medical records? Why or why not?

Yes, with this information someone (stalker, abusive spouses, con-artists, etc) could cause a large amount of harm.

I consider it to be as private as my financial records, something I would only disclose when I know far more information about the body requesting it.

Knowledge is power and when one party has more knowledge over another it creates a power gradient.

Do you see a difference between the police having access to your name, home address and phone number, and the police having access to your Internet address, such as your IP address or email address?

Yes, email addresses and IP addresses are far more fluid and easily changed than physical locations (home addresses). Even telephone numbers are more difficult to change as they require non-automated action from the provider (contacting a representative).

The Government has made previous attempts to enact interception capability legislation. This legislation would have required domestic communications service providers to create and maintain networks that would be technically capable of intercepting communications if a court order authorized the interception. These legislative proposals were controversial with Canadians. Some were concerned about privacy intrusions. As well, the Canadian communications industry was concerned about how such laws might affect it.

Is this a question? I will restate what I wrote above: The onus cannot be placed on the data provider to collect and maintain a database and registry, outside of their normal actions, for lawn enforcement—and government—to have access to. No repercussions should be enacted upon these corporations for not “complying”. I point to the actions of other governments, such as Russia, as an example of repercussions for non-compliance: has had their CEO and business restructured multiple times do to what their government feels is “non-compliant” with data collection and mining.

Should Canada’s laws help to ensure that consistent interception capabilities are available through domestic communications service provider networks when a court order authorizing interception is granted by the courts?

This is an impossibility. There is no way to implement this without putting the privacy of Canadians at risk. This would also greatly increase the bar for entry into market for small businesses.

Also of note, if it cannot be procured domestically it should not be pursued from non-domestic contacts either.

If the Government were to consider options to address the challenges encryption poses in law enforcement and national security investigations, in what circumstances, if any, should investigators have the ability to compel individuals or companies to assist with decryption?

This would be in violation of Section 11 of the CCRF. In no circumstances should investigators have the ability to compel individuals to divulge information that could incriminate themselves. There are other ways and lines open for investigation by law enforcement.

How can law enforcement and national security agencies reduce the effectiveness of encryption for individuals and organizations involved in crime or threats to the security of Canada, yet not limit the beneficial uses of encryption by those not involved in illegal activities?

This is impossible. You cannot reduce the effectiveness of encryption for one actor and not another. That is not how encryption works and it concerns me that the writers of this consultation do not understand or are aware of this.

Should the law require Canadian service providers to keep telecommunications data for a certain period to ensure that it is available if law enforcement and national security agencies need it for their investigations and a court authorizes access?

No. As I’ve previously stated, the onus cannot be placed on service / the data providers to maintain a database and registry for law enforcement or the government’s usage. This raises the bar for new entrants and sways the government into direct conflict with the desires of the public.

If the Government of Canada were to enact a general data retention requirement, what type of data should be included or excluded? How long should this information be kept?

It should not, if it is not part of the business of the service provider to keep this information and the government does not use it for other administrative purposes there is no reason for it to require retention.

Resources I used to answer these questions:

The government’s greenpaper to the correct section

Monk School of Global Affair’s Canada’s National Security Consultation: Digital Anonymity & Subscriber Identification Revisited… Yet Again

Section 8 of the Canadian Charter of Rights and Freedoms (CCRF) from wikipedia

Section 11 of the CCRF from wikipedia

Open Media’s crowd sourced Privacy Plan

OpenParliament’s Public Saftey Committee records

Sarah Jamie Lewis’ answers

tweet Share