[Advisors] More from Michael Geist's blog

Gareth Shearman shearman at victoria.tc.ca
Wed, 23 May 2012 12:11:56 -0700


--Apple-Mail-35-863347866
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Michael Geist's Blog
The Secret Lawful Access Regs: What the Gov Told the Telcos While =
Keeping the Public in the Dark
My post yesterday on a secret government - telecom lawful access working =
group attracted considerable attention with many understandably focused =
on the revelations that virtually all major Canadian telecom companies =
(with the notable exception of Shaw) actively worked with the government =
for months on lawful access legislation. Yet perhaps the most important =
document is a lawful access regulations policy document that offered =
guidance on plans for the extensive regulations that will ultimately =
accompany the Internet surveillance legislation. The specific document =
obtained under Access to Information is dated October 2010 and was =
created to support an earlier version of the lawful access bill.  =
However, the same government documents indicate that the policy document =
was provided to telecom providers last fall, including disclosure to the =
Canadian Network Operators Consortium in December 2011 after CNOC was at =
an event a month earlier with Public Safety Minister Vic Toews and =
expressed support for the lawful access bill.

The regulations policy document are not the regulations per se, but =
rather a clear indication of planned regulations under the guise of a =
policy document. The document contains several key sections:
Read More ...

The Interception Regulations, including specific details on interception =
capabilities (as many as 200 simultaneous interceptions), response time =
to interception requests (30 minutes for remote interceptions), =
confidentiality requirements, transmission capabilities (real time =
transmission of intercepted communications), and delivery of intercepted =
communications.
The Interception Equipment Regulations, including very specific =
capabilities for simultaneous interceptions including multiple targets =
and providing intercepted communications to up to five different =
agencies at the same time. These regulations also identify requirements =
on service providers to increase their capacity (up to five business =
days).
The Subscriber Information Disclosure Regulations, including the form to =
be used to request subscriber information (which can come from police, =
the Competition Bureau, or CSIS). These also discuss the concept of law =
enforcement providing at least one identifier (ie. a name, email address =
or IP address) in order to receive the other corresponding subscriber =
information. There are also confidentiality requirements and details on =
telecom provider record keeping. The regulations also identify timing =
requirements for disclosure, typically within two business days but =
within 30 minutes in exceptional circumstances.
The Other Obligations Regulations, including location information =
disclosures that may require telecom companies to disclose location =
information such as street address, longitudinal and latitudinal =
coordinates or cell site. It is not clear whether such information would =
require a warrant. These regulations also will provide details on =
assisting law enforcement in testing equipment, the special rules for =
smaller providers, and categories for administrative monetary penalties =
for failing to comply with the law.
The Payment to Providers Regulations identify when telecom providers =
will be compensated by law enforcement. These include (1) complying with =
a Ministerial Order to obtain equipment, software, or to modify existing =
equipment; (2) provide telecom support related to interceptions; and (3) =
providing subscriber information.
While the actual regulations may change, it is shocking that Public =
Safety has provided this information to dozens of companies but kept it =
secret from the Canadian public. The secrecy associated with the lawful =
access initiative certainly further undermines trust in Bill C-30 and =
highlights the need to scrap the bill and the two-tier policy process =
and start from scratch.



--Apple-Mail-35-863347866
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span =
class=3D"Apple-style-span" style=3D"font-family: Verdana, Geneva, Arial, =
Helvetica, sans-serif; font-size: 13px; =
-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: =
2px; "><div class=3D"componentheading" style=3D"font-family: Arial, =
Verdana, Geneva, Helvetica, sans-serif; font-size: 16pt; font-weight: =
bold; padding-top: 5px; margin-top: 0px; padding-bottom: 10px; =
margin-bottom: 10px; margin-right: 33px; ">Michael Geist's =
Blog</div><table class=3D"blog" cellpadding=3D"0" cellspacing=3D"0" =
style=3D"width: 624px; margin-right: -55px; "><tbody style=3D"width: =
624px; margin-right: -55px; "><tr><td valign=3D"top"><table width=3D"100%"=
 cellpadding=3D"0" cellspacing=3D"0" style=3D"width: 624px; =
margin-right: -55px; "><tbody style=3D"width: 624px; margin-right: =
-55px; "><tr><td valign=3D"top" width=3D"100%"><table =
class=3D"contentpaneopen" style=3D"padding-top: 0px; padding-right: 0px; =
padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: =
-55px; margin-bottom: 0px; margin-left: 0px; width: 624px; "><tbody =
style=3D"width: 624px; margin-right: -55px; "><tr><td =
class=3D"contentheading" width=3D"100%" style=3D"padding-top: 10px; =
padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
font-family: Arial, Verdana, Geneva, Helvetica, sans-serif; font-size: =
8pt; font-weight: bold; "><h3 style=3D"font-size: 16pt; font-family: =
Arial, Verdana, Geneva, Helvetica, sans-serif; font-weight: bold; =
margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: =
0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; =
padding-left: 0px; "><a =
href=3D"http://www.michaelgeist.ca/content/view/6506/125/" =
class=3D"contentpagetitle" rel=3D"bookmark" style=3D"color: rgb(0, 0, =
0); text-decoration: none; font-size: 15px; font-weight: bold; ">The =
Secret Lawful Access Regs: What the Gov Told the Telcos While Keeping =
the Public in the Dark</a></h3></td></tr></tbody></table><table =
class=3D"contentpaneopen" style=3D"padding-top: 0px; padding-right: 0px; =
padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: =
-55px; margin-bottom: 0px; margin-left: 0px; width: 624px; "><tbody =
style=3D"width: 624px; margin-right: -55px; "><tr><td valign=3D"top" =
colspan=3D"2" style=3D"padding-top: 0px; padding-right: 0px; =
padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">My&nbsp;<a =
href=3D"http://www.michaelgeist.ca/content/view/6505/135/" =
mce_href=3D"content/view/6505/135/" style=3D"color: rgb(153, 0, 0); =
text-decoration: none; ">post yesterday on a secret government - telecom =
lawful access working group</a>&nbsp;attracted considerable attention =
with many understandably focused on the revelations that virtually all =
major Canadian telecom companies (with the notable exception of Shaw) =
actively worked with the government for months on lawful access =
legislation. Yet perhaps the most important document is a&nbsp;<a =
href=3D"http://www.michaelgeist.ca/component/option,com_docman/task,doc_do=
wnload/gid,103/" =
mce_href=3D"component/option,com_docman/task,doc_download/gid,103/" =
style=3D"color: rgb(153, 0, 0); text-decoration: none; ">lawful access =
regulations policy document</a>&nbsp;that offered guidance on plans for =
the extensive regulations that will ultimately accompany the Internet =
surveillance legislation. The specific document obtained under Access to =
Information is dated October 2010 and was created to support an earlier =
version of the lawful access bill.&nbsp; However, the same government =
documents indicate that the policy document was provided to telecom =
providers last fall, including disclosure to the&nbsp;<a =
href=3D"http://cnoc.ca/" mce_href=3D"http://cnoc.ca/" style=3D"color: =
rgb(153, 0, 0); text-decoration: none; ">Canadian Network Operators =
Consortium</a>&nbsp;in December 2011 after CNOC was at an event a month =
earlier with Public Safety Minister Vic Toews and expressed support for =
the lawful access bill.<br><br>The regulations policy document are not =
the regulations per se, but rather a clear indication of planned =
regulations under the guise of a policy document. The document contains =
several key sections:<br><a href=3D"http://www.michaelgeist.ca/#" =
class=3D"fulltext_toggle" id=3D"fulltext_toggle_6506" style=3D"color: =
rgb(153, 0, 0); text-decoration: none; display: block; float: right; =
margin-top: 15px; padding-top: 0px; padding-right: 4px; padding-bottom: =
0px; padding-left: 4px; font-size: 8pt; ">Read More ...</a><div =
class=3D"fulltext" id=3D"fulltext_6506" style=3D"clear: both; display: =
block; "><br><ul><li>The&nbsp;<span style=3D"font-weight: bold; =
">Interception Regulations</span>, including specific details on =
interception capabilities (as many as 200 simultaneous interceptions), =
response time to interception requests (30 minutes for remote =
interceptions), confidentiality requirements, transmission capabilities =
(real time transmission of intercepted communications), and delivery of =
intercepted communications.</li><li>The&nbsp;<span style=3D"font-weight: =
bold; ">Interception Equipment Regulations</span>, including very =
specific capabilities for simultaneous interceptions including multiple =
targets and providing intercepted communications to up to five different =
agencies at the same time. These regulations also identify requirements =
on service providers to increase their capacity (up to five business =
days).</li><li>The&nbsp;<span style=3D"font-weight: bold; ">Subscriber =
Information Disclosure Regulations</span>, including the form to be used =
to request subscriber information (which can come from police, the =
Competition Bureau, or CSIS). These also discuss the concept of law =
enforcement providing at least one identifier (ie. a name, email address =
or IP address) in order to receive the other corresponding subscriber =
information. There are also confidentiality requirements and details on =
telecom provider record keeping. The regulations also identify timing =
requirements for disclosure, typically within two business days but =
within 30 minutes in exceptional circumstances.</li><li>The&nbsp;<span =
style=3D"font-weight: bold; ">Other Obligations Regulations</span>, =
including location information disclosures that may require telecom =
companies to disclose location information such as street address, =
longitudinal and latitudinal coordinates or cell site. It is not clear =
whether such information would require a warrant. These regulations also =
will provide details on assisting law enforcement in testing equipment, =
the special rules for smaller providers, and categories for =
administrative monetary penalties for failing to comply with the =
law.</li><li>The&nbsp;<span style=3D"font-weight: bold; ">Payment to =
Providers Regulations</span>&nbsp;identify when telecom providers will =
be compensated by law enforcement. These include (1) complying with a =
Ministerial Order to obtain equipment, software, or to modify existing =
equipment; (2) provide telecom support related to interceptions; and (3) =
providing subscriber information.</li></ul>While the actual regulations =
may change, it is shocking that Public Safety has provided this =
information to dozens of companies but kept it secret from the Canadian =
public. The secrecy associated with the lawful access initiative =
certainly further undermines trust in Bill C-30 and highlights the need =
to scrap the bill and the two-tier policy process and start from =
scratch.</div><div class=3D"commentBlogView" style=3D"display: block; =
text-align: right; padding-top: 6px; padding-bottom: 6px; margin-top: =
4px; margin-bottom: 4px; clear: both; "><br =
class=3D"Apple-interchange-newline"></div></td></tr></tbody></table></td><=
/tr></tbody></table></td></tr></tbody></table></span><div><br></div></body=
></html>=

--Apple-Mail-35-863347866--