law and technology and rock and roll

recent | past | about | rss

Some updates from the last two years

Posted by Matt on June 18, 2016         Tagged with: music, csec, copyright, bccla, surveillance, heartbleed

For a variety of reasons, I haven't posted anything here for almost two years. Things have settled down a bit and I'm feeling motivated to start posting again, so I thought I'd kick it off with a short post to provide updates on just a few things that have happened over the last two years which I might have written about if I was better at this blogging thing:


Conservative Government Tables New Prostitution Legislation

Posted by Matt on June 04, 2014         Tagged with: prostitution

When the SCC declared the existing Criminal Code provisions respecting the sale of sex invalid, they postponed that declaration of invalidity for a year to give the Conservative government time to respond with some new laws. And now the government has answered that call.

A new bill tabled in Parliament, named the The Protection of Communities and Exploited Persons Act, targets johns and pimps but also criminalizes the sale of sex in areas in which children could reasonably be expected to be present.

I haven't read the full text of the bill yet so for now I'll just leave you with that link.


Text of David Fraser's Testimony On Bill C-13

Posted by Matt on May 06, 2014         Tagged with: telecommunications, surveillance, privacy

In Parliament, the Justice and Human Rights Committee is discussing Bill C-13, also known as the Protecting Canadians From Online Crime Act, also known as "the cyberbullying law". I've discussed the bill before. The bill is being pitched as a way to protect innocent Canadians from cyber-predators, but concerns have been raised that it grants law enforcement more power to compel disclosure of subscriber information from telecommunications providers than is necessary. One of those with concerns about the bill is David Fraser, who has been invited to appear before the Committee. He's posted the text of his testimony on his blog and it's worth a read.


Heartbleed, CRA and the Criminal Code

Posted by Matt on April 16, 2014         Tagged with: heartbleed

You may have heard of a little thing called the Heartbleed bug, which has basically absolutely devastated the Internet over the last few weeks. Basically, anyone who wasn't freaking out about this, either isn't paying attention or doesn't understand what's going on.

The gist of it is this: web servers which want to communicate securely with their users use a security protocol called TLS. Anytime you visit your bank's web site and you see that little padlock icon appear near the address bar, that's TLS in action. Well, it was recently discovered that there was a way to get servers using TLS to spew out some of what was being stored in the server's memory at the time. XKCD has an excellent illustrated explanation of how it works. This memory might contain nothing of interest, or it might contain really valuable pieces of information like usernames, passwords or even the keys which the server relies on to protect itself from eavesdroppers. There's no way for an attacker to know exactly what they're going to get when they exploit this bug, but since they can exploit it over and over, eventually a determined attacker will get something of interest.

One organization that discovered their servers were vulnerable was the Canada Revenue Agency. They disabled the affected servers quickly, but unfortunately not quickly enough: on April 11, it was discovered that the Social Insurance Numbers of over 900 Canadians had already been stolen.


Queens of the Stone Age - Smooth Sailing

Posted by Matt on April 16, 2014         Tagged with: music, musicvideo

Since it's release last June, Queens of the Stone Age's ...Like Clockwork has probably been the most played album in my collection. And now, behold the video for Smooth Sailing, in which Josh Homme and a group of Japanese businessmen engage in all sorts of unsavory activities that you should probably not emulate.


A roundup of the last two weeks

Posted by Matt on April 16, 2014         Tagged with: surveillance, telecommunications, privacy

There have been at least two noteworthy Canadian law & technology stories in the last two weeks. I haven't covered them, but if you're reading Michael Geist's and David Fraser's blogs (and you should be), then you'll be up to speed. If not:


BCCLA Sues CSEC Over Domestic Spying, Round 2

Posted by Matt on April 03, 2014         Tagged with: csec, surveillance, bccla

The BCCLA has commenced another lawsuit against the Communications Security Establishment in the Federal Court. This is one is a class action lawsuit, with Lindsay Lyster, the President of the BCCLA, as the representative plaintiff. The proposed class is anyone in Canada who has used a wireless device since 2001. The term "wireless device" includes "cellular telephone, smartphones including iPhones, Blackberries, laptop computers, iPads and similar devices".

So anyone in Canada who has used a laptop or cellular telephone in the last 13 years. That's a lot of people.

BCCLA's first lawsuit asked the Court to determine that CSEC's warrantless surveillance activities violated Canadian's constitutionally protected rights. If that case is successful, then this class action will hopefully provide Canadians with remedies beyond CSEC getting a stern scolding.


GCHQ Concerned As Yahoo Moves To Dublin

Posted by Matt on March 25, 2014         Tagged with: gchq, surveillance

A brief followup on the GCHQ snoops Yahoo webcam chats story that I posted about earlier. As a consequence of that surveillance, Yahoo has decided to move the center of their European operations from London to Dublin. This would put them beyond the reach of the UK's Regulation of Investigatory Powers Act, which compels UK companies to provide access to communications stored on their server. (It's not quite that simple of course; it never is, but that's the gist). Understandably, this has the UK intelligence community concerned:

"There are concerns in the Home Office about how RIPA will apply to Yahoo once it has moved its headquarters to Dublin," said a Whitehall source. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."

As Techdirt points out, Yahoo's probably sees this "very serious issue" as precisely the reason they're moving to Dublin in the first place.


Australian AG Wants New Powers To Compel Users To Decrypt Their Communications

Posted by Matt on March 17, 2014         Tagged with: encryption

A while ago I wrote a post which briefly touched on whether the authorities in the UK, Canada and the US could force a suspect to divulge their decryption key. In short, I answered yes, no and maybe, respectively.

Australia's itnews has published an article about a submission from the Australian Attorney General suggesting laws be made which would place new obligations on services which use encryption to protect their data, as well as individual users. This is very, very far away from being a law. This is just the AG's wish list. However, it appears that the law the AG envisions would permit the court to order a service or end user to provide any assistance that intelligence agencies require to decrypt an encrypted communication.

The relevant portion starts on page 19 of the submission and is reproduced below.


Citizen Lab Survey Results

Posted by Matt on March 06, 2014         Tagged with: telecommunications, surveillance

In January, the Citizen Lab conducted a survey of Canadian telecommunications companies about their practices when it came to disclosing subscriber information to government agencies. Today, they posted the results of that survey.

We asked the companies to reveal the extent to which they voluntarily, and under compulsion, disclose information about their subscribers to state agencies, as well as for information about business practices and data retention periods. The requested information would let researchers, policy analysts, and civil liberties groups better understand the current telecommunications landscape and engage in evidence-based policy analysis of current and proposed government surveillance activities. The companies were asked to provide responses by March 3, 2014.

The results weren't spectacular. Most companies provided answers which were not responsive to the specific questions asked. Not only were they unresponsive, but they didn't even want to indicate why they were unresponsive.

For almost all questions, it seems, companies are unwilling to assert whether they cannot or will not respond; instead, they have deliberately left unclear whether they are legally barred from providing responses to specific questions or have simply decided that they would prefer not to respond to these these questions

Of all the telcos, it sounds as if Telus was the most open. They provided some indication of their policies on information disclosure, bragged about the time they pushed back on general warrants and discussed the legal framework they would like to see in place.


Older Posts