
Canadian bill to crack down on illegal downloads has privacy experts worried - coffeecodecouch
http://news.nationalpost.com/2014/04/13/new-bill-to-crack-down-on-illegal-downloads-has-privacy-experts-worried/
======
josho
I wonder what the broader implications are of this bill. Is the bill broad
enough that if I detect an IP address connect to my business SSH server does
that afford me the privilege to obtain the customer information from the IP
address?

Think about that for a moment, as a business owner I can now send a request to
any ISP that owns an IP address that connected to my website. Why do I need
your customer information, why because I did not authorize the IP access to
/index.html, and the IP address showed repeated attempts connecting and using
my computer resources (of course to the ISP I make it sound a little more
sinister, like embed an image tag to a resource like /employee-portal/login so
that I can tell the ISP the unauthorized access was to the employee portal,
and of course that image tag will result in generating requests in my server
logs to show the repeated requests from the IP trying to fetch that resource.
Poof now I have the name and phone number for everyone that has been to my
business website and is potentially interested in what I'm selling.. Of
course, I won't tell the individual how I got their phone number. I wouldn't
practice this, but for a morally corrupt business it sounds viable.

If the above is possible by the bill, and from the articles that I've read it
is, then this bill strikes me as particularly stupid legislation bought for by
moneyed interests. I can only hope that our government isn't so corrupted by
those moneyed interests that this thing passes.

~~~
josho
From the bill:

"an organization may disclose personal information without the knowledge or
consent of the individual... if the disclosure is made to another organization
and is reasonable for the purposes of investigating a breach of an agreement
or a contravention of the laws of Canada or a province that has been, is being
or is about to be committed and it is reasonable to expect that disclosure
with the knowledge or consent of the individual would compromise the
investigation;

So, yes, if you can convince an ISP that the information is for an
investigation (not necessarily a police investigation, a private eye or
corporate audit would suffice) then yes the ISP can give out your private
information.

I especially like this nugget:

"reasonable grounds to believe that the information relates to a contravention
of the laws of Canada, a province or a __foreign jurisdiction __that has been,
is being or is about to be committed "

So, personal information can be disclosed even if I am about to commit a crime
in another country, e.g. I surf a beauty pageant website and view the enter
pageant page that is hosted in Nigeria (beauty contests are illegal under
Sharia law).

Sigh, well done Canada. Well done.

~~~
paulgb
As far as I can tell this only _permits_ the disclosure, it doesn't compel it.
Time to switch to an ISP that has a backbone.

What's especially concerning to me is that there's no recourse. Given the
shotgun approach typically taken by copyright trolls, this is likely to expose
more than just copyright offenders.

Not to mention chilling effects on free speech. Who would dare to criticize an
organization when they can get your personal information from your ISP.

~~~
mycookie
Difficult to find an ISP with a backbone that actually can follow through. I'd
be interested to know if anyone in Canada has had an ISP successfully stand up
to procecution.

~~~
Pxtl
I would hope that Teksavvy and other technorati-driven indie ISPs would do the
legal minimum in sivulving customer info.

~~~
kijin
TekSavvy is a fantastic company, but their business model is completely
dependent on the big telcos who control the last mile. The UBB crisis a few
years ago was a very close call, and it is bound to happen again in one form
or another.

So if TekSavvy et al. try to resist the information leaking that the proposed
legislation permits, I wouldn't be surprised if the MAFIAA took extralegal
measures to force their hands. For example, Bell & Rogers might be persuaded
to change the terms of their contract with indie ISPs the next time the
contract comes up for renewal, _unless_ the indies agree to some sort of
"standard Canadian telco privacy policy" drawn up by the big telcos.

So Canadians might end up with a difficult choice: you can have privacy, or
you can have 300GB traffic caps, but you can't have both.

> _sivulving_

I don't believe autocorrect is capable of producing words like that...

~~~
Pxtl
Oh....err...divulging.

------
oofabz
This bill does not serve the interests of Canadians. It serves the interest of
foreign corporations.

Spying on citizens' internet connections and jailing them for sharing media
does not benefit society. I understand why media companies are upset but
draconian laws will not solve their problem. We have a choice between
widespread media sharing and technological innovation, or widespread media
sharing and people in jail for nonviolent crimes. Eliminating piracy is not
possible. You can't put the genie back in the bottle.

------
a-priori
Some stats about the Canadian legislature, because I'm a nerd:

Since January 17th, 1994 (35th Parliament, 1st Session) when the government
started digitizing its records, there have been 4197 bills put before
Parliament. Of those, 395 (9.4%) have come from the Senate, like this bill,
and 3764 (89.7%) have come from the House of Commons. Eventually, 437 (10.4%)
received royal assent (i.e, are now law) and the rest were either defeated,
dropped on the floor, or are still being debated. However, this is being
dragged down by private member's bills, of which there have been 3165 and only
40 (1.3%) have received royal assent.

Government bills, on the other hand, have much better track records. Of the 83
Senate government bills introduced in that time period, eventually 46 (55.4%)
have received royal assent. This is similar to the House government bills, of
which 325 out of 599 (54.3%) have received royal assent.

Source: [http://www.parl.gc.ca/LEGISInfo/](http://www.parl.gc.ca/LEGISInfo/)

~~~
Pxtl
Realistically, going back to '94 includes a lot of minority governments. With
a solid majority, the Cons have a free hand for legislation. This will become
law.

------
mindstab
Slightly aside, but I am glad to see my monthly donation to
[https://openmedia.ca](https://openmedia.ca) (like a Canadian EFF) seems to be
paying off as they are getting their name and their point into big Canadian
media :)

------
doublerebel
Something not noted is that a number of vpn and seedbox services are hosted in
Canada and run by Canadian companies. Americans use them as low-latency
workarounds for similar US-located laws. I have never considered Canada to be
a safe haven for such activity, I wonder if this crackdown effort will take a
toll on those services.

------
tensenki
Anyone wanting to take a look at the bill itself.

[http://www.parl.gc.ca/HousePublications/Publication.aspx?Lan...](http://www.parl.gc.ca/HousePublications/Publication.aspx?Language=E&Mode=1&DocId=6524312)

------
throwwit
Unfortunately there's an erosion of privacy on a couple of fronts:
[http://www.itworldcanada.com/article/groups-complain-bell-
us...](http://www.itworldcanada.com/article/groups-complain-bell-uses-
customer-data-for-mobile-ads/88917)

------
microcolonel
I think the only thing that will ultimately save us from this is to strengthen
our contracts with our ISPs.

Anyone want to make some mass commitment to get Bell to add a clause
prohibiting their participation in this? (whether or not this particular bill
goes through) Perhaps we could all threaten to switch ISPs, or reduce our
grade of service to one which gives them lower margins.

------
dan_bk
Canadian bill to crack down on illegal downloads has VPN providers excited

Sounds _much_ nicer already.

~~~
hagbardgroup
See, y'gotta always look on the bright side.

Canadians can sell us Americans their cheap prescription drugs, and we can
sell them VPN services to, uh, negotiate the complexities of their new
downloading legislation.

The system works!

~~~
igrekel
Actually, we already are several canadians who use such services to either
watch amazon prime, hulu or the US version of netflicks.

~~~
Pxtl
Yes, but the most popular ones aren't full VPNs but simply DNS servers that
redirect key services to proxies.

------
klrr
What is an "illegal download"?

~~~
grecy
A download that someone with lots of money doesn't want you doing.

------
dhughes
With PM Harper and his goons you know that the nicer the Conservatives try to
make it sound the worse it is, just like the Fair Elections Act bill.

