waiting for the “access” axe to fall: new investigatory assistance legislation for canada...
Post on 23-Dec-2015
213 Views
Preview:
TRANSCRIPT
Waiting for the “Access” Axe Waiting for the “Access” Axe to Fall: New Ito Fall: New Investigatory nvestigatory Assistance Legislation for Assistance Legislation for
CanadaCanada
PST-2005 St Andrews, NBDavid A Townsend
UNB-Law & NRC-IIT12 October 2005
Overview:Overview:Parliament – to introduce lawful access BillDesign, operation and costing of almost all
‘public’ networks will be impacted (wire-line, wireless and Internet)
Future - network architecture, applications and services must be ‘access compliant’
“Access” = handover by Telecom. Service Provider (TSP) of specified Subscriber-related data to Law Enforcement Agencies (LEAs) upon lawful demand
Many challenges:Many challenges: Technical, Legal and Social challenges:
1) Done lawfully (Charter, Crim. Code, evidence law, privacy law and international obligations)
2) Does not undermine public trust (appropriate judicial oversight and public accountability)
3) Does not inhibit public networks (competitive forces, cost structures, rollout of new technologies and services, cust. relationship)
4) Done in technology-neutral manner (strive for uniform ‘expectation of privacy’ for all e-communication – inc. e-mail and SMS)
5) Need laws based upon first principles and not a legislative extension from common carrier era
6) Significant period for training and adjustment
Current Legislation:Current Legislation:
1974 Crim. Code wiretaps (Protect Privacy)1993 Code amended (s21 of CSIS in 1984)
– Search warrants s.487. (1)– General investigative warrants s.487.01– Suspect tracking warrants s.492.1– Dig. Number Recorder (DNR) warrants s.492.2– Production of telephone records s.492.2(2)
– Interception (wiretap) warrants s.186 and ss. 184.2(3), 184.3(6) and 188.(2)
Current Leg. Con’t.Current Leg. Con’t.– Assistance Orders (for all 6 warrants) s.487.02
2004 – 2 new Production Orders s. 487.012 & 487.013 (general and specific info.)
Code attempted to match intrusiveness with quantum of evidence necessary for judge
Charter case law of 1990s offered good check on state surveillance powers & activities
But, Code is 13 ‘telecom years’ out of date ! And, Code not address methodology, cost
recovery or lack of network capacity
Network Capacity & Network Capacity & Methodology for CellularMethodology for Cellular
Analog cellular introduced 1985– Fairly easy to intercept (scanners, UHF tuners) – Gov’t had low expectations of privacy
Digital (PCS) cellular introduced 1995– Interception difficult - encoding and encryption – FBI pressed Canada to add intercept requirements– 23 distinct requirements added as licence conditions
under Radiocommunication Act (done quietly)– Similar conditions in USA, New Zealand & Australia
What do LEAs want ?What do LEAs want ? General investigatory information:
– Subcriber name, address, phone number, local service provider (LSPID)
– LEAs pressed for national database, paid for by subscribers, available to LEAs w/o a warrant
Targeted investigations:– Subcriber name, address, phone number, device number
(e.g. ESN), service provider (LSPID), dynamic IP addr.– Best available location-based information– Detailed network transaction data– For wiretap – 100% of transaction data, location data
and communication content– Immediate preservation of specified data
Implications of Subscriber DBImplications of Subscriber DB
National Subscriber Data Base – very onerous and expensive for telecom
industry– Thwart anonymous use of telcom. (pay-as-you-
go, calling cards, anonymous e-mail, blogging)– Warrantless access by LEAs undermines
current privacy protections for subscriber info.– Subscriber Data Base facilitates data-matching
and data mining (including profiling)
Location Implications:Location Implications:
Location-based Information:– Location data will become increasingly precise
(tracking in real time or historic track)– Precision tells much about what target is doing– Technology no longer an assist to physical
surveillance– What evidential burden must be met to secure
relevant tracking warrant from a judge?– What use in civil cases?
IP Data Challenges:IP Data Challenges:
Many IP data challenges:– For 100% of transaction, location and content
data the Service Provider must isolate, preserve and hand-over mass quantities of targeted data
– Isolation, processing and preservation by TSPs raises significant forensic evidence issues
– Intercept warrants often sought against number of targets = storage capacity challenges for TSP
IP Data Challenges – con’t:IP Data Challenges – con’t:Warrants for Transaction Data (only):
– No parallel to historic ‘DNR Order’– IP transactional data may include: the dialling,
routing, addressing, signaling information that may provide the origin, direction, timing, duration, type and size of a e-communication.
– For e-mail and web surfing the transactional data may provide everything but the content
– But…the content may be unnecessary– What evidential burden must be met by LEAs?
Path to ‘Access’ Legislation:Path to ‘Access’ Legislation:Federal gov’t commissioned background
studies in 2000-2001August 2002 - release of “Lawful Access
Consultation Document” – Significant criticism = lack of justification and
specifics, failure to understand technologyComment period extended to mid
December 2002Over 300 submissions tendered
On the Path in 2003-04On the Path in 2003-04
Series of public and private consultations followed Spring 2003 gov’t introduced Bill C-46 (now Bill
C-13). (s.487.012 and s.487.013)– Bill C-13 (passed March 22.04) added a general and
specific data ‘production order’ to Crim. Code for investigation of serious corporate fraud. Came into force in September 2004.
Also in Spring 2003 gov’t introduced Bill C-32 (now Bill C-14).)– Bill C-14 (passed April 21.04) provided a new
exception in Code to unlawful interception for managers of computer systems who intercept to protect their networks
The Path ends in November?The Path ends in November?
August 2003 DOJ released summary of consultations
New rounds of selective consultations held in 2003-04
Drafts of policy package shared quietly with key stakeholders in Spring 2005
Commitment to introduce Bill in Fall 2005
top related