Web Hosting Talk : Other Forums : Web Hosting Lounge : Say no to Big Brother plan for Internet. [merged]

[GoTek-JP]

Quote:

During the Internet boom of the late 1990s, Nortel Networks ran an advertising campaign that featured as its slogan, "what do you want the Internet to be?" The implications were obvious — the Internet was a technology of unlimited possibility that could be whatever we wanted it to be.

More than five years later, Nortel's vision is becoming reality. The Internet has become so essential to the every day lives of millions of people — a pillar of communication, information, entertainment, education, and commerce — that at times it seems as if the Internet really is anything we want it to be.

Notwithstanding the Internet's remarkable potential, there are dark clouds on the horizon. There are some who see a very different Internet. Theirs is an Internet with ubiquitous surveillance featuring real-time capabilities to monitor online activities. It is an Internet that views third party applications such as Vonage's Voice-over-IP service as parasitic. It is an Internet in which virtually all content should come at a price, even when that content has been made freely available. It is an Internet that would seek to cut off subscriber access based on mere allegations of wrongdoing, without due process or oversight from a judge or jury.

This disturbing vision of the Internet is not fantasy. It is based on real policy proposals being considered by the Canadian government today.

Leading the way is the federal government's "lawful access" initiative. While the term lawful access sounds innocuous, the program, which dates back to 2002, represents law enforcement's desire to re-make Canada's networks to allow for lawful interception of private communications.

If lawful access becomes reality, Canada's telecommunications service providers (TSPs) will be required to refit their networks to allow for real-time interception of communications, to have the capability of simultaneously intercepting multiple transmissions, and to provide detailed subscriber information to law enforcement authorities without a court order within 72 hours.

Moreover, Canada's service providers will be subject to inspections and required to provide the government with reports on the technical capabilities of their networks. These activities will be shrouded in secrecy with service providers facing fines of up to $500,000 or sentences of up to five years in jail for failing to keep the data collection confidential.

All of these changes come at an enormous cost — both financially (hundreds of millions of dollars in new technology) and to our personal privacy. While some changes may be needed for security purposes, the government has yet to make the case for why the current set of powers, which include cybercrime and wiretapping provisions, are insufficient. There has been no evidence provided that this approach is the least privacy invasive alternative.

Refitting the network is not limited to government initiatives. In recent weeks it has become apparent that the network providers themselves may seek to interfere with the free flow of data. For example, Vonage (the leading independent Voice-over-IP provider) recently filed a complaint with the Federal Communications Commission in the U.S. alleging that an unnamed Internet service provider was blocking its service. Last week, the provider agreed to stop and to pay a fine to the FCC.

In a less publicized incident, the Communications Commission of Kenya last week ordered the state-owned Telkom Kenya to restore service to Sema VoIP, another Voice-over-IP provider which is backed by Canadian-based BMT North America. The Commission warned Telkom Kenya against taking similar action in the future.

The issue raised by these cases is not new. Observers have long feared that ISPs would succumb to economic self-interest, engaging in "packet preferencing" by blocking or slowing data coming from competing sites or services. While service providers are quick to argue that they want merely to serve as intermediaries without regard for what traverses their networks, as they offer competing Internet phone services, music download services, and other value-added content, there will be a clear temptation to create a home network advantage.

In fact, at the CRTC hearings into VoIP last fall, the parent company of at least one major provider gave every indication that it did not view third party services favourably. Quebecor, which owns Videotron, told the Commission that services such as Vonage contributed nothing to the development of facilities-based competition and that "the service provider's VoIP-based service is totally parasitic on the local access facilities of other carriers."

As the leading Canadian ISPs roll out their own VoIP services, many may look at competing services in the same way and seek to limit the use of their network. Stopping such interference requires a strong CRTC, yet with Industry Minister David Emerson's planned review of Canada's telecommunications law, some industry experts fear that Canada is heading in the opposite direction.

The Minister of Industry, together with Liza Frulla, his Canadian Heritage counterpart, are also reportedly about to finalize new rules that may reshape the availability of Internet content to educational institutions. Acting on the recommendation of a parliamentary committee that was chaired by Toronto MP Sarmite Bulte, the government may soon unveil a new "extended license" that would require schools to pay millions of dollars for content that is currently freely available on the Internet.

While the committee recommendation excluded payment for content that is publicly available, it adopted the narrowest possible definition of publicly available, limiting it to only those works that are not technologically or password protected and which contain an explicit notice that the material can be used without prior payment or permission.

Moreover, those same ministers are also contemplating a new system that would allow content owners to file a complaint with an ISP if one of their subscribers has allegedly posted infringing content. Canada's rules for child pornography still require a court order before content is removed, yet if the Canadian Recording Industry Association and other well-funded interests get their way, the ISP will respond to a mere allegation of copyright infringement by "kicking the subscriber off the system."

With Canada conceivably ready to adopt rules that make it far easier to remove an allegedly infringing song than to remove dangerous child pornography from a new fee-based, surveillance-ready, packet preferenced Internet, it is difficult to overstate how out of touch our Internet policy process has become. Is this really what we want our Internet to be?

http://www.thestar.com/NASApp/cs/Con...d=970599119419

I really hope they don't plan to go ahead with this, if they do I'm out of the country.

[Kimmikat]

Me either... That's outragous.

[Slidey]

this will become standard (if its not already) in a lot of countries over hte next ten years. 'national security' 'paranoia' etc etc.

if you dont like it, start using encryption. there are public tools that can be used to do so (pgp, ssh, ssl for starters)

[RossH]

http://www.thestar.com/NASApp/cs/Con...d=970599119419

If lawful access becomes reality, Canada's telecommunications service providers (TSPs) will be required to refit their networks to allow for real-time interception of communications, to have the capability of simultaneously intercepting multiple transmissions, and to provide detailed subscriber information to law enforcement authorities without a court order within 72 hours.

This is something I'd only expect to see in the states

[sasha]

It sounds too Orwell like scenario. Canada has very strict privacy laws and obtaining and storing one's personal identifiable information is illegal. Storing this information for exentded periods of time (over 3 months) is big No. Canadian public is very much aware of these issues and losing their privacy is not something that they would just let slide by.

On the other hand while I do not think ISP should be allowed to release one's infomation to any third party (with exception of law inforcement agency) they should be able to remove customer from their network at will. As the guy who maintains some hosting servers I strongly believe in "Suspend now, ask questions later".

[Rob83]

The FBI has been working hard to do the same. But there are so many different laws in the U.S. that continues to prevent the FBI from fully executing this plan.

[Webdude]

I remember a while back people were bragging about Canada, and others were saying they wanted to move to Canada

[Der Meister]

I do not have a firm position on the issue. However, I have nothing to hide from law enforcement, so I do not see how this would affect me personally.

[Slidey]

take a look at the RIP law in the uk that they were suggesting about 5 or so years ago...

[varg]

Quote:

Originally posted by Slidey
this will become standard (if its not already) in a lot of countries over hte next ten years. 'national security' 'paranoia' etc etc.

if you dont like it, start using encryption. there are public tools that can be used to do so (pgp, ssh, ssl for starters)

Yep.. until they outlaw those too. Or don't disclose the fact that they have real time decrypters to decrypt on the fly any encrypted communication (just speculation, but if some Chinese groups can break md5, then it should be easy for a government to break other methods of encryption).

[Webdude]

I dont have anything to hide from the law either. It's about privacy for most.

Consider this. What's the most likely thing they would outlaw that we would all be against? How about if your government suddenly makes a law that says speaking with friends in other country's about this whatever could now be considered treason?

Let's put this in a better way. We are not in prison. How would you feel if the government opened and read your snail mail from a close relative to you, and was doing that to all your mail? This is simply an electronic version of that. So why should we allow them to do it to us electronically, but not other ways. I see no difference in the two, it's still invasion of privacy. When I send an email to someone, I expect it to get there safely without "big brother" opening and reading it..

[cywkevin]

If I remember correctly. PGP (pretty good protection) fell under legal fire with the government in which the government wanted a backdoor key to many encryption programs. Wonder how that ever turned out.

[Sheps]

I don't see this going ahead as it would conflict with too many of Canada's privacy laws.

Quote:

What is "lawful access"?
Lawful access can only be used with legal authority, i.e. a warrant or an authorization to intercept private communications, issued by a judge under specific circumstances. For example, authorizations to intercept private communications can only be used to target particular communications and can only be carried out for a specific period of time. In order to obtain a warrant to search for and seize data, there must be reasonable grounds to believe that an offence has been committed. For the Canadian Security Intelligence Service (CSIS), both the Solicitor General and a Federal Court judge must approve each warrant application.

Quote:

Will the police and security officials have expanded powers under new lawful access legislation?
The proposed Criminal Code amendments outlined in the consultation document aim to provide law enforcement agencies with more effective tools to investigate criminal acts in the digital age. Police would use these tools to gather information about specific, identified criminal or terrorist suspects. For example, the proposed data preservation order could be used to require a service provider not to delete the data of an identified individual who is the subject of an investigation for a specific period of time. Existing information, which may be vital to an investigation, would therefore be preserved until a court orders its release.

The proposed production order would require a third party, such as a communication service provider, to make data or information in its possession or control available to investigators within a specified time period, as set out in a court order. Under a production order, the service provider would provide the data or information to police, thereby eliminating the need for a police search. Production orders would be subject to the safeguards already in place for search warrants.

Quote:

Are the police and security officials going to be monitoring everyone's Internet, e-mail content or cell phone use?
Law enforcement and national security agencies cannot intercept communications without being authorized to do so by law. Interception can only be carried out with lawful authority for targeted communications - for example, for a specific individual's communications - and can only be carried out for a specified period of time. Nothing put forward in the consultation paper would change these requirements.

Quote:

Is a national database going to be created that contains everyone's web activity?
While a proposal was put forward for a national database of customer information that could be accessed under lawful authority, the lawful access proposals do not call for a national database containing the Internet activities of Canadians, nor do they call for a requirement for Internet companies to store all of their customers' communications.

Quote:

What is data preservation and how is it different from data retention?
It is important to distinguish between data preservation and data retention. As proposed in the consultation paper, a data preservation order would require a service provider to keep existing data of a specific, identified individual who is identified by the courts as the subject of an investigation and not delete it for a specified period of time. This would ensure that information vital to an investigation is not deleted before the police can obtain a search warrant or production order to access the specific data.

Data retention, on the other hand, involves the collection of data from all users of a communication service - regardless of whether or not they are subject to an investigation. Data retention is not being proposed.

Quote:

Will Internet service providers be required to keep records of all their customers' web activity?
It is important to clarify that data retention is not being considered in the lawful access proposals. ISPs would only be required to preserve specific data when requested to do so through a preservation order and only for a specific period of time. The proposed amendments would not require ISPs to retain data relating to their customers' web activity.

http://canada.justice.gc.ca/en/cons/...mmary/faq.html




It appears the writer of the article was misinformed, as they often are...

[e-infinity]

Its time to st0rm

[Slidey]

Quote:

Originally posted by varg
Yep.. until they outlaw those too. Or don't disclose the fact that they have real time decrypters to decrypt on the fly any encrypted communication (just speculation, but if some Chinese groups can break md5, then it should be easy for a government to break other methods of encryption).

you make it sound like you can take an md5 hash, and out pops the plain text.

what they've actually done is said 'for any hashed text, you can find a collision (another piece of plaintext that hashes to the same as your plaintext) quicker than you can bruteforce said hashed text'

this was summed up as:

Quote:

No, it is not possible to extract the original data from the digest. Hash algorithms have nothing to do with compression.

However, it might be possible to construct a file to a given hash. In that case, MD5 sums become worthless to check wether a downloaded file is what independent sources claim it is.

The security implications are quite severe. Also, P2P clients that use MD5 to identify unique files will be vulnerable to spoofing by malicious users.

sorry for the slight skew of the original..