Bill C-30 was tabled a couple of days ago, and immediately (actually before it was even tabled), a lot of people were really angry about it. Things erupted on the social interwebs, and news media published some shockingly irresponsible headlines and downright confounding commentary. If you’re sitting on my blog, my guess would be you know about most of it, and I don’t want to even talk about the silly political games people play, so let’s just move on from that.
I read the Bill. I’m still learning to read bills, and familiarizing myself with the Criminal Code, and I don’t fully understand all things technical. But I read it. And the following represents what I understand to the realities of An Act to enact the Investigating and Preventing Criminal Electronic Communications Act and to amend the Criminal Code and other Acts. I’m not even touching the short title.
C-30 IS AN ACT IN TWO PARTS
The first part is itself a brand new act that does two things: it requires communication service providers to have the ability to intercept communications, and it requires them to provide basic information about subscribers to certain individuals upon request.
The largest part of the Act within the Act deals with the requirements for the capability to intercept communication. So, basically, your internet service provider, for example, has to have the ABILITY to intercept (“listen to, record or acquire…or acquire the substance, meaning or purport of”) your online activity. Ditto for your cell phone carrier to be ABLE to listen to, record or acquire your calls, text messages, data transferred, and whatnot.
Of course, all of that is already possible. Otherwise this would be called the “Invoking Magic to Make Things Come True Act,” so if you’re concerned about your service providers being able to do that, you should probably just unplug your computer, turn off your cable receiver, bury your cell phone in a hole, and move to a cabin in the woods. Send me a postcard.
THE CONTROVERSIALIST PART OF THE ACT
The act says that a service provider is required by law to provide the name, address, telephone number, and email address of any subscriber, as well as their IP address, upon request, to a certain group of individuals.
THOSE CERTAIN INDIVIDUALS ARE AS FOLLOWS:
- the Commissioner of the Royal Canadian Mounted Police
- the Director of the Canadian Security Intelligence Service
- the Commissioner of Competition
- the chief or head of a police service
OR, if they’re too busy or whatevs, then they can appoint people to do it for them. So, certain individuals may also include:
- the greater of five percent of the employees or five people at the RCMP
- the greater of five percent of the employees or five people at CSIS
- the greater of five percent of the employees or five people at the Competition Bureau
- the greater of five percent of the employees or five people at a police service
- any police officer who
- reasonably believes the matter is urgent enough that there’s no time to have one of the delegated individuals do it, because
- the officer has reasonable grounds to believe that he or she needs the information immediately to prevent serious harm to a person or property, and
- that the person whose information is being requested, is either the suspected perp or the victim.
It should be noted that these are the same circumstances that have always applied to an officer being able to do anything without a warrant that requires one, including obtain information. It’s called exigent circumstances, and it’s always been, you know, a thing. Has it been abused? Likely. Sure looks that way on Law & Order. Has it also been used to save lives? Probably far more often.
Nobody can just call up and ask for the information, though. It’s not like anyone just whips out their investigator’s notepad and jots down your personal info then everyone forgets that ever happened. Designated individuals submit a formal request under certain circumstances (yes, I know, they could totally lie! It’s horrific!) and the entire process is documented fully, reported on, and regularly audited. And there is indeed extra paperwork for those police officers who just really couldn’t wait for the designated official to request the information.
THE TROUBLE I SEE
First, to be clear, there are checks in place to attempt to ensure that the provision for any police officer to access the information in extraordinary circumstances is not abused. Special papers must be filed, reported on, and audited; the officer has to provide his or her name, rank, badge number, and organization to the service provider; and after the fact, he or she will be required to show that those actions were reasonable.
However, if fully five percent of every police organization can be properly designated as people who can request the information, then wouldn’t a prudent Commissioner or Chief try their very gosh darn hardest to make sure that there’s always someone available who could do it properly? That would mean that the information is always being requested by the trusted people. And this great honour ought to be conferred with the understanding that if a police officer calls you, the designated seeker of information, and says, “I need this real quick like, see,” that you could use your best judgement and possibly set aside what work you were doing to fill out the form.
I just don’t understand what circumstance would really require that just any old police officer be able to do it any old time. It simply doesn’t seem necessary, and why not let’s err on the side of prudency. Why? Because I want that to be a word.
BUT ANYHOW, AT THE END OF ALL THAT
Yes, at the end of all THAT, some member of the RCMP, CSIS, the competition bureau, or a police force is sitting at a desk with someone’s (perhaps your)
- phone number,
- email address,
- address, and
- IP address.
So they can use whatever one of those things is known to them to get the rest of that information about an individual. It’s not unlike using your license plate number to get your personal information. At this point, nobody has listened to a phone call, read a text message, intercepted a file transfer, or checked your PayPerView habits. No spying has occurred. No one has shown up at your door.
NOW THEY NEED A WARRANT TO SPY ON YOU
If you’re suspected of any number of crimes that might be committed with the use of a computer or other fancy communication device, the police or CSIS or the RCMP may want to gather evidence. That’s where Part II of the Act comes into play, and it primarily amends the wording of several sections of the Criminal Code to explicitly state the judge’s authority to issue a warrant to intercept a person’s communications.
As always, if the judge is satisfied that the warrant is, er, warranted, then it will be issued. At that point, the people who are after you (I mean, really at this point, they’re pretty onto you) can go back to your service provider, warrant in hand, and use the equipment that the service provider is legally required to have so that they can spy on you.
In the 1960s, they’d tap your phone and sit in a dark car across the street. That’s not good enough anymore.
SO THERE ARE THE FACTS
At least as I see them. There are a lot of erroneous headlines and quotes floating around out there, and I guess I just wanted to write this post to do what tiny bit I could to try to dispel any myth. I’m not saying I think you should love the Bill, but if we’re going to debate it, let’s do it with all the relevant information in hand.