Canadians’ online surfing habits could be an open book for both the U.S. and Canadian governments if several pieces of legislation in both countries become law, says a U.S. online privacy group.
The Electronic Frontier Foundation released a statement on Wednesday arguing that a proposed new law in the U.S. designed to help fight cyber-threats “is likely to have serious implications for Canadian civil liberties.”
The Cyber-Intelligence Sharing & Protection Act (CISPA), which stealthily made it through a U.S. House of Representatives committee last December, gives businesses and the U.S. government the legal immunity they need to share information about Internet users.
Critics call it an end-run around existing privacy laws. The American Civil Liberties Union told The Huffington Post earlier this month that the bill’s definition of the data that can be shared with the government is overly broad, and the government would have the ability to use that information, for the most part, as it liked, including using it for criminal investigations without a warrant.
The group also criticized the bill for not requiring the data to be made anonymous before handing it over to the government.
That proposed law could have serious implications for Canada because of the Beyond The Border Initiative Canada signed with the U.S. in February, 2011.
“Somewhat ironically given the borderless nature of the Internet, the Initiative envisions a secure cyber perimeter in addition to the secure physical perimeter it seeks to put in place,” the EFF writes.
The EFF notes that the Initiative commits Canada to “real-time information sharing” between cyber-security operations on both sides of the border.
The cross-border partnership “may mean that Canada will have to meet whatever U.S. cybersecurity (read: online spying) regime is ultimately adopted,” the advocacy group OpenMedia wrote on its website this week.
The potential jeopardy to Canadians’ privacy stemming from the initiative is not lost on Canada’s privacy commissioners, who released a joint statement earlier this month calling on the Harper government to “ensure that improvements to Canada-US security and commerce do not jeopardize Canadians’ privacy rights.”
The commissioners noted that their concerns have so far been ignored in the government’s development of the cross-border partnership.
Besides the U.S.-Canadian partnership, the EFF argues that two pieces of legislation working their way through Canada's Parliament, when taken together, essentially mimic the U.S. CISPA bill.
First there is Bill C-12, which “significantly expands” the conditions under which companies can share information about Internet users without customers’ consent.
“It will permit telecommunications companies to hand over customer information to any organization seeking it for the purpose of performing ‘policing services’, a term that is increasingly being applied to public-private cybersecurity partnerships,” the EFF wrote.
The other bill is C-30, commonly known as the “online spying” or “lawful access” bill.
The EFF refers to “a provision granting organizations – including telecommunications companies – immunity from ‘any criminal or civil liability’ if they voluntarily decide to preserve customers’ information or share it with law enforcement. This is evocative of the civil and criminal immunity CISPA offers U.S. companies for handing over their users’ data to the United States Government.”
However, it’s uncertain what Bill C-30 will look like when it comes to a final vote in Parliament. The Conservative government sent the bill to committee for major revisions last month, after taking severe criticism from media and the public over its provisions.
(However, digital law expert Michael Geist reported earlier this month that a Parliamentary committee is actually pushing to expand online surveillance powers in the bill, rather than restricting them.)
Signs are also emerging that CISPA could face a backlash, not unlike the SOPA controversy earlier this year, which prompted major websites to go dark in protest of the bill that would have given the government the power to block access, without judicial process, to websites deemed by private companies to be infringing copyright. The Huffington Post participated in the SOPA protest.
The White House strongly criticized CISPA this week, saying it lacked safeguards to protect people’s privacy.
And Facebook found itself having to defend coming out in favour of the bill, arguing the legislation is needed for companies to legally share information about cyber-attacks.
"When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack,” Facebook stated.
The San Francisco-based EFF has teamed up with several Internet freedom groups, including Canada’s OpenMedia and the Canadian Internet Policy and Public Interest Clinic (CIPPIC), in Stop Cyber Spying Week, a series of events planned this week to protest the various legislative efforts to expand government powers online.
Events include a Twitter and letter-writing campaign, which appear to have had an effect: Politico reports that Facebook, IBM and other tech companies backing CISPA have been under verbal attack this week.
Like similar legislation introduced in the past by both Conservative and Liberal governments, the new bill includes provisions that would: <em>With files from CBC</em> (Shutterstock)
Require telecommunications and internet providers to give subscriber data to police, national security agencies and the Competition Bureau without a warrant, including names, phone numbers and IP addresses. (CP)
Force internet providers and other makers of technology to provide a "back door" to make communications accessible to police. (Getty)
Allow police to get warrants to obtain information transmitted over the internet and data related to its transmission, including locations of individuals and transactions. (Alamy)
Allow courts to compel other parties to preserve electronic evidence. (Alamy)
However, unlike the most recent previous version of the bill, the new legislation: (Alamy)
Requires telecommunications providers to disclose, without a warrant, just six types of identifiers from subscriber data instead of 11. (Alamy)
Provides for an internal audit of warrantless requests that will go to a government minister and oversight review body. Minister of Public Safety Vic Toews is pictured. (CP)
Includes a provision for a review after five years. (Alamy)
Allows telecommunications service providers to take 18 months instead of 12 months to buy equipment that would allow police to intercept communications. (Alamy)
Changes the definition of hate propaganda to include communication targeting sex, age and gender. (Alamy)