I wonder what the broader implications are of this bill. Is the bill broad enough that if I detect an IP address connect to my business SSH server does that afford me the privilege to obtain the customer information from the IP address?
Think about that for a moment, as a business owner I can now send a request to any ISP that owns an IP address that connected to my website. Why do I need your customer information, why because I did not authorize the IP access to /index.html, and the IP address showed repeated attempts connecting and using my computer resources (of course to the ISP I make it sound a little more sinister, like embed an image tag to a resource like /employee-portal/login so that I can tell the ISP the unauthorized access was to the employee portal, and of course that image tag will result in generating requests in my server logs to show the repeated requests from the IP trying to fetch that resource. Poof now I have the name and phone number for everyone that has been to my business website and is potentially interested in what I'm selling.. Of course, I won't tell the individual how I got their phone number. I wouldn't practice this, but for a morally corrupt business it sounds viable.
If the above is possible by the bill, and from the articles that I've read it is, then this bill strikes me as particularly stupid legislation bought for by moneyed interests. I can only hope that our government isn't so corrupted by those moneyed interests that this thing passes.
"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
So, yes, if you can convince an ISP that the information is for an investigation (not necessarily a police investigation, a private eye or corporate audit would suffice) then yes the ISP can give out your private information.
I especially like this nugget:
"reasonable grounds to believe that the information relates to a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed"
So, personal information can be disclosed even if I am about to commit a crime in another country, e.g. I surf a beauty pageant website and view the enter pageant page that is hosted in Nigeria (beauty contests are illegal under Sharia law).
This bill does not serve the interests of Canadians. It serves the interest of foreign corporations.
Spying on citizens' internet connections and jailing them for sharing media does not benefit society. I understand why media companies are upset but draconian laws will not solve their problem. We have a choice between widespread media sharing and technological innovation, or widespread media sharing and people in jail for nonviolent crimes. Eliminating piracy is not possible. You can't put the genie back in the bottle.
Some stats about the Canadian legislature, because I'm a nerd:
Since January 17th, 1994 (35th Parliament, 1st Session) when the government started digitizing its records, there have been 4197 bills put before Parliament. Of those, 395 (9.4%) have come from the Senate, like this bill, and 3764 (89.7%) have come from the House of Commons. Eventually, 437 (10.4%) received royal assent (i.e, are now law) and the rest were either defeated, dropped on the floor, or are still being debated. However, this is being dragged down by private member's bills, of which there have been 3165 and only 40 (1.3%) have received royal assent.
Government bills, on the other hand, have much better track records. Of the 83 Senate government bills introduced in that time period, eventually 46 (55.4%) have received royal assent. This is similar to the House government bills, of which 325 out of 599 (54.3%) have received royal assent.
Realistically, going back to '94 includes a lot of minority governments. With a solid majority, the Cons have a free hand for legislation. This will become law.
Slightly aside, but I am glad to see my monthly donation to https://openmedia.ca (like a Canadian EFF) seems to be paying off as they are getting their name and their point into big Canadian media :)
Something not noted is that a number of vpn and seedbox services are hosted in Canada and run by Canadian companies. Americans use them as low-latency workarounds for similar US-located laws. I have never considered Canada to be a safe haven for such activity, I wonder if this crackdown effort will take a toll on those services.
I think the only thing that will ultimately save us from this is to strengthen our contracts with our ISPs.
Anyone want to make some mass commitment to get Bell to add a clause prohibiting their participation in this? (whether or not this particular bill goes through) Perhaps we could all threaten to switch ISPs, or reduce our grade of service to one which gives them lower margins.
Canadians can sell us Americans their cheap prescription drugs, and we can sell them VPN services to, uh, negotiate the complexities of their new downloading legislation.
[+] [-] josho|12 years ago|reply
Think about that for a moment, as a business owner I can now send a request to any ISP that owns an IP address that connected to my website. Why do I need your customer information, why because I did not authorize the IP access to /index.html, and the IP address showed repeated attempts connecting and using my computer resources (of course to the ISP I make it sound a little more sinister, like embed an image tag to a resource like /employee-portal/login so that I can tell the ISP the unauthorized access was to the employee portal, and of course that image tag will result in generating requests in my server logs to show the repeated requests from the IP trying to fetch that resource. Poof now I have the name and phone number for everyone that has been to my business website and is potentially interested in what I'm selling.. Of course, I won't tell the individual how I got their phone number. I wouldn't practice this, but for a morally corrupt business it sounds viable.
If the above is possible by the bill, and from the articles that I've read it is, then this bill strikes me as particularly stupid legislation bought for by moneyed interests. I can only hope that our government isn't so corrupted by those moneyed interests that this thing passes.
[+] [-] josho|12 years ago|reply
"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
So, yes, if you can convince an ISP that the information is for an investigation (not necessarily a police investigation, a private eye or corporate audit would suffice) then yes the ISP can give out your private information.
I especially like this nugget:
"reasonable grounds to believe that the information relates to a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed"
So, personal information can be disclosed even if I am about to commit a crime in another country, e.g. I surf a beauty pageant website and view the enter pageant page that is hosted in Nigeria (beauty contests are illegal under Sharia law).
Sigh, well done Canada. Well done.
[+] [-] oofabz|12 years ago|reply
Spying on citizens' internet connections and jailing them for sharing media does not benefit society. I understand why media companies are upset but draconian laws will not solve their problem. We have a choice between widespread media sharing and technological innovation, or widespread media sharing and people in jail for nonviolent crimes. Eliminating piracy is not possible. You can't put the genie back in the bottle.
[+] [-] a-priori|12 years ago|reply
Since January 17th, 1994 (35th Parliament, 1st Session) when the government started digitizing its records, there have been 4197 bills put before Parliament. Of those, 395 (9.4%) have come from the Senate, like this bill, and 3764 (89.7%) have come from the House of Commons. Eventually, 437 (10.4%) received royal assent (i.e, are now law) and the rest were either defeated, dropped on the floor, or are still being debated. However, this is being dragged down by private member's bills, of which there have been 3165 and only 40 (1.3%) have received royal assent.
Government bills, on the other hand, have much better track records. Of the 83 Senate government bills introduced in that time period, eventually 46 (55.4%) have received royal assent. This is similar to the House government bills, of which 325 out of 599 (54.3%) have received royal assent.
Source: http://www.parl.gc.ca/LEGISInfo/
[+] [-] Pxtl|12 years ago|reply
[+] [-] mindstab|12 years ago|reply
[+] [-] doublerebel|12 years ago|reply
[+] [-] tensenki|12 years ago|reply
http://www.parl.gc.ca/HousePublications/Publication.aspx?Lan...
[+] [-] throwwit|12 years ago|reply
[+] [-] microcolonel|12 years ago|reply
Anyone want to make some mass commitment to get Bell to add a clause prohibiting their participation in this? (whether or not this particular bill goes through) Perhaps we could all threaten to switch ISPs, or reduce our grade of service to one which gives them lower margins.
[+] [-] dan_bk|12 years ago|reply
Sounds much nicer already.
[+] [-] hagbardgroup|12 years ago|reply
Canadians can sell us Americans their cheap prescription drugs, and we can sell them VPN services to, uh, negotiate the complexities of their new downloading legislation.
The system works!
[+] [-] klrr|12 years ago|reply
[+] [-] grecy|12 years ago|reply
[+] [-] dhughes|12 years ago|reply