ISPs – Internet’s Secret Police? Ian Kerr Canada Research Chair in Ethics, Law & Technology...

ISPs – Internet’s Secret Police?

Ian KerrCanada Research Chair in Ethics, Law & Technology

Université D’ Ottawa University of Ottawa

Faculté de droit Faculty of Law

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

______________________________________

July, 1993

______________________________________

April, 2000

______________________________________

August, 2002

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

______________________________________

January, 1995

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

Ian R Kerr, “Personal Relationships inthe Year 2000: Me & My ISP”

UBC Press, 2002

Ian R Kerr, “The Legal Relationship Between Online Service Providers and Users”

(2001) 35 Canadian Business Law Journal 1-40

Ian R Kerr, “Online Service Providers, Fidelity and the Duty of Loyalty”

Mcfarland & Co, 2002

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

ISP as Agent of the State:R v Weir (Alta QB)

“…it cannot be said that the ISP was performing a governmental function. ISPs are private organizations. They are unregulated.

With international agreements, it may come to pass some time in the future that ISPs will be regulated … the wish found in Canadian Government documents for such regulation is no more than a “pious hope” today.”

Per Smith J (Alta QB)

ISP as Agent of the State:R v Weir (Alta CA)

“ ...would the exchange between the accused and the informer have taken place, in the form and manner in which it did take place, but for the intervention of the state or its agents?

… we agree with the appellant that the ISP was acting as an agent of the state when it forwarded a copy of the message to the police at the request of the police officer. Accordingly, this was a warrantless search.”

Jeremy Bentham (1748 – 1832)

Jeremy Bentham’s Head

Bentham’s Panopticon

Michel Foucault (1926 – 1984)

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

Interception or Seizure?

interception requires authorization

seizure requires warrant

something new ? retention, preservation, production

Categories of InformationLowest Level

cna, lspid, billing information

free services

public services

Categories of InformationMedium Level

traffic data

email: sender, recipient, size, subject line

websurfing: urls, time spent, downloads

Categories of InformationHighest Level

content data

text of email messages “http get” requests to a search engine ?

Points of Access to an email

draft in transit to sender’s ISP in transit to recipient’s ISP at recipient’s ISP in recipient’s inbox opened by recipient

Private Communication?

part vi of the criminal code: “invasion of privacy”

s.183: “…means any oral communication…made under circumstances in which it is reasonable for the originator to expect that it will not be intercepted…”

Search and SeizureReasonable Expectation of Privacy

s.8 of Charter

r v weir

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

New Criminal Code Provisions

s.320.1: warrant of seizure reasonable grounds for believing…hate propaganda on a computer

systemcustodian of the computer system:

production, deletion, disclosure information necessary to identify and

locate the person who posted the material

New Criminal Code Provisions

s.164.1: warrant of seizure reasonable grounds for believing…child pornography on a computer

systemcustodian of the computer system:

production, deletion, disclosure information necessary to identify and

locate the person who posted the material

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

European Convention on Cybercrime

canada signed november 3, 2001 article 16, preservation orders, 90 days article 17, disclosure of traffic data article 18, production order article 19, search and seizure of stored data article 20, real-time collection of traffic data article 21, interception of content data

Convention Definition of Traffic Data

…any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

Lawful Access Consultation Document

criminal code amendments; orstand-alone act ISPs must make systems intercept

compliantpenalties for non-compliancepreservation, production, real-time

searches

“Central Tenet”

ISPs required to have technical capability to provide access to the entirety of a specific telecommunication transmitted over their facilities, subject to a lawful authority to intercept

techhnoligical capability requirements prescribed by law

includes access to content

Production Orders

general similar to search and seizure anticipatory orders?

specific for traffic data lower standard power parallel to dial number recorders definition of traffic data?

specific for cna and lspid

Preservation Orders

temporary and specific to a transaction or client

leads to seizure warrant or production order

‘do not delete’ order not data retention for all subscribers standard and time period?

90, 120, 180 days

Intercepting email

need for specific provision for email?

varying standard?

a kinda roadmap

i introii dis-intermediationiii try this!iv isp as fiduciaryv isp as agent of the statevi interception or seizurevii criminal code provisionsviii european convention on cybercrimeix lawful access consultation documentx conclusion

The Evolutionary Challenge

To preserve privacy in our surveillance society

Technology’s Janus Face

ISP or internet secret police?

shift from architectures of freedom to architectures of control

ISPs – Internet’s Secret Police?

iankerr@uottawa.ca

Université D’ Ottawa University of Ottawa

Faculté de droit Faculty of Law