More on Lawful Access

In follow-up to my previous post, I encourage you to read this letter sent by my friend Craig to his MP and to Minister Van Loan. I've sent a copy to my MP as well. Here's an excerpt:

Judicial oversight is an important feature of our legal system, and removing this requirement from even something as rudimentary as subscriber information can have a negative impact on citizens’ privacy. The lack of judicial oversight on such data collection would appear to be a green light to law enforcement to commence fishing expeditions on matters that may not have passed muster before a judge. The current government, through its former Public Safety Minister Stockwell Day, had previously promised not to permit collection of this information without judicial oversight. The back-tracking on this matter is both puzzling and deeply concerning.

If you want to let your MP know how you feel, you can find their name and contact information (local mailing and email addresses) here. Also, mail may be sent postage-free to any Member at the following address:

House of Commons
Parliament Buildings
Ottawa, Ontario
Canada
K1A 0A6

Expectations of privacy

Note for those who don't know: I live in Canada. Our Public Safety Minister, Peter Van Loan, and the Conservative government he works for are attempting to grant access to private information - web browsing history, name, address, etc. - to law enforcement without warrants.

What expectation of privacy do I have on the Internet? I publish a lot of personal information, but if I chose not to reveal my real name, location, or address; or if I chose to use a service like TOR to mask my IP address as I navigated the WWW or to allow other people to use my connection to the Internet to circumvent some of the dangers inherent in communicating electronically under oppressive regimes, should law enforcement be allowed to use the IP address from which I posted this blog to find my true name and address?

Anonymity is sometimes an important thing. In some instances, anonymity grants witnesses in criminal cases protection from retaliation by gang members or organized crime. The ability of reporters to protect the identity of their sources under certain circumstances is widely recognized as vital to ensuring the freedom of the press and the quality of information made available to the public. And the home address of someone who is critical of police actions and posts anonymously for fear of retaliation is something that that person would quite reasonably not publish.

The government is trotting out the bogeymen of fraud and child pornography to panic the public into accepting that this access is required for law enforcement to do its job. Such arguments are hard to counter; no one wants to be defrauded, and no one favours endangering children. However, blanket prohibitions or restrictions on anonymity are not the way to deal with these issues.

People who understand the way technology works are finally sitting in the seats of power. They understand that most people don't mask their IP address, and that an IP address can be traced to a single person's connection to the Internet. They understand that they can trace what you say, where you live, and what you surf.

If this kind of restriction comes into effect, you will have to constantly wonder whether what you say is being recorded. You'll have no way of knowing; your information can be given to the police with no warrant and for any reason. Will you be willing to criticize your legislative representative knowing that they might lean on the cops to find something you've done wrong? Will you be willing to point out lazy or ineffectual police behaviour or abuses of power knowing that your already-difficult struggle might be made more difficult when a constable comes to your door to ask you why you just posted something about their extra-long break last night?

Will you feel safe speaking out if being different might mean that you wind up on a list of people who are constantly being watched even if no warrant or cause is given? Or will you be silent forever, even when your conscience should require that you speak up?

Jack Michaelson

People are freaking out over the death of the King of Pop. His fans, and people who happily latch onto any source of celebrity tragedy, are mourning him publicly and hailing his passing as the end of an era, etc. ... thus proving again that people will forgive a celebrity anything, while if a poor person does something terrible they're never given a chance to redeem themselves.

He may never have been definitively proven to be a pedophile, but even the allegation of such activity would have ruined a less famous man. For Jackson, people say "well, yeah, maybe he was a pedophile. But he made such incredible music and revolutionized the industry!" For John Smith, the man who revolutionized the TPS Report Cover Sheet, no such defense would be accepted or even considered.

Michael Jackson was dead to me long, long ago. I don't support people who have the stink of child abuse on them. What happened yesterday just made it official.

Lame Security

Lame security with an easy solution.

The Consumerist links to an article describing a lame piece of security theatre set in place by Wells Fargo bank. It seems that the bank, concerned about third-party fraud, won't accept voice relay calls on behalf of hearing-impaired individuals (this is a commonly-offered service, put in place to assist deaf people in communcating with companies hat don't have or support TTY or VOC machines).

Wells Fargo feels that they cannot verify the identity of callers sufficiently through a relay service, and refuses to work with them. This is causing them to lose customers.

The easy solution they apparently don't see: contract with one particular voice-relay company to provide verified, background-checked service. This service gets the benefit of increased business from WF customers, and WF gets the benefit of being a bank concerned about security that goes the extra mile to ensure accessibility.

Total time spent considering this after realizing what the bank's problem was: two minutes. Now why didn't they think of that?