This week Canadians elected a Conservation majority government into power, which doesn’t seem like it would have much to do with Internet privacy and security, however, in fact it has a great deal to do with privacy on the Internet. One of the election promises that the Conservatives ran on was that within the first 100 days of the new Parliament they would introduce (and pass) new and sweeping lawful access legislation expanding the breadth and depth of Internet surveillance. How deep and broad? This section from Michael Geist’s blog explains it all:
Second, more important than process is the substance of the proposals that have the potential to fundamentally reshape the Internet in Canada. The bills contain a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers.
The first prong mandates the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers.
While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person. Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community.
The second prong requires Internet providers to dramatically re-work their networks to allow for real-time surveillance. The bill sets out detailed capability requirements that will eventually apply to all Canadian Internet providers. These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.
Moreover, the bill establishes a comprehensive regulatory structure for Internet providers that would mandate their assistance with testing their surveillance capabilities and disclosing the names of all employees who may be involved in interceptions (and who may then be subject to RCMP background checks).
The bill also establishes numerous reporting requirements including mandating that all Internet providers disclose their technical surveillance capabilities within six months of the law taking effect. Follow-up reports are also required when providers acquire new technical capabilities.
The requirements could have a significant impact on many smaller and independent Internet providers. Although the bill grants them a three-year implementation delay, the technical capabilities extend far beyond most of their commercial needs. Indeed, after years of concern over the privacy impact associated with deep-packet inspection of Internet traffic (costly technologies that examine Internet communications in real time), these bills appear to require all Internet providers to install such capabilities.
Having obtained customer information without court oversight and mandated Internet surveillance capabilities, the third prong creates a several new police powers designed to obtain access to the surveillance data. These include new transmission data warrants that would grant real-time access to all the information generated during the creation, transmission or reception of a communication including the type, direction, time, duration, origin, destination or termination of the communication.
link: Michael Geist – The Conservatives Commitment to Internet Surveillance
With the first prong, authorities don’t just get your name and such, but they also get the unique hardware identifier for your machines (MAC address). This means that they can track your Internet activities across ISPs and networks. And without court oversight, mind you. If that wasn’t scary enough, the ability for authorities to monitor what you are doing live and record it for a long period of time (90 days!) should really give you pause.
Since it’s almost a certainty that authorities will be granted sweeping surveillance powers, what can you do to protect your private information?
The first step is to realize that there is something you can do about it.
Regular email, yes even Gmail, Hotmail and Yahoo Mail, is insecure—I don’t think email was ever intended for private communications—so don’t use regular email use eCrypt.me. Yes, simple as that. We designed eCrypt.me so that all your communications are encrypted not just in transit, but completely.
Signing up with eCrypt.me takes just a couple minutes, you use an existing email address and there is nothing to learn. It works just like any other webmail system.
Simple as that. Now start inviting your key contacts to eCrypt.me and insist they use it to communicate with you.
Everyone has the right to keep their business and communications private, eCrypt.me is by far the easiest way to do that. You owe it to yourself to do at least that.