David Fraser (Privacy Lawyer) is awesome, and did a diff of the two bills</a>. At the same time Vic Toews went on On The Coast and made an ass of himself saying that Backdoors were Front Doors.</a> However, he did say that they cut down on the amount of information that they were looking for, and he was right.
It seems that this information is now accessible without a warrant:
- Phone Number</li>
- E-Mail Address</li>
- IP Address</li>
- Local Service Provider Identifier</li> </ul> This is getting closer to what a phone book provides, since we don't have the IMSI, the IMEI, the ESN or the MEID, this looks more rational than last time. It's still way too much information to give out based on an IP, due to the fact that IPs are shared and that there would need to be a timestamp matched with the IP to accurately tell who had the IP at any one time. There's also the fact that IPs on phones are shared among many users. For example, even though I don't torrent on my phone ever (because I can't afford it), my IP on my phone shows up on youhavedownloaded.com. This makes this part of the legislation stupid and dangerous. Now, what is more frightening are the miscellaneous provisions. These are totally brand new, and are far more scary than the initial Lawful Access conditions. Apparently the RCMP at any time can demand that a telecommunications service provider describe what service they provide, and demand that they test the providers capabilities of lawful intercept. In addition, when a provider adds or removes a service, they have to notify the RCMP that they are doing so as well, adding extra overhead to the ISP. They also need to provide a list of names of the people who are authorized to do the lawful intercept as well, who are subject to security assessments. I expect that there will be people at ISPs who will be losing their jobs over this piece of legislation because they do not pass the security assessment. It then discusses how Public Safety is providing the ISPs with the equipment that will provide Law Enforcement and Intelligence Agencies the backdoors (or as Mr Toews calls them front doors for law enforcement. No, I am not making this shit up.). Following this is the Administration and Enforcement section. This is the section that states that the RCMP and CSIS without a warrant can walk into any data facility and take your equipment and make copies of that equipment under this act and that the owner of the data center or ISP has a duty to assist the law enforcement official. The only time that they need a warrant is when the facility also happens to be the residence of someone. Now, Mr. Toews stated that any law enforcement officer who was caught reading private e-mails that they were not authorized to would be fined $250,000. However, it seems that this is the general range of fines for anyone who violates the act, and it's far easier for someone who doesn't want the cops in their private property without a warrant to do this than anyone else. Telling the police to fuck off at a data center? That'll be $250k! This is further incentive to NOT host your material in Canada. It gets worse, if someone installs a service that can't be intercepted by the police, they are in violation of the act, and are able to be fined up to $500k and they have to cease operating the device. This means that this bill outlaws Tor nodes, especially those that aren't exit nodes. This will affect Canadians who donate bandwidth to the Tor network. Finally, this act has a review clause. This means that five years from now, when Vic Toews is out of office for being batshit insane, people can review and can this bill because it managed to make running a startup in Canada completely impossible. I'm not going to dissect the changes to the criminal code, but it's pretty simple. Instead of Cell Phone spying, we have RCMP and CSIS showing up at the fucking data centre and making copies of everything on a server for "testing purposes". This means that e-mail providers such as resist.ca are totally and completely fucked, because even though they don't contain logs, everyone who has e-mail on these servers that isn't encrypted is going to have their e-mails seized by the RCMP and CSIS legally without a warrant for "testing purposes". The worst part is that there's nothing that the company that operates the data center can do about it. In short, if you don't live with your servers in your home, or in a foreign country with use of a VPN directly to that box, you are not safe from state surveillance, since that's the only exception that people get in this. This is insane and will further force Canadians to use foreign services. This is not a good thing, but that's what happens when you totally violate things such as property rights, and privacy law.