Embed Size (px)
Citation preview
Surfing While Muslim
Privacy, Freedom of Expression and the Unintended Consequences of Cybercrime Legislation
2
CoE Convention on Cyber-crime
Feb. 1997 Council of Europe committee tasked to draft “binding legal instrument” to deal with computer-related offences, substantive criminal law, international coercive powers and jurisdiction
April 2000, first public draft (Draft 19)
3
Canada signs
Nov. 2001, Canada and 30 other nations sign the Convention on Cyber-crime
Canada only one of four non-CoE members to sign treaty
4
Ratification
August 2002 - Lawful Access Consultation Document
Proposes amendments to Criminal Code and other statutes
5
Lowering the bar
Most worrisome, new powers to compel records held by third parties, i.e. ISP subscriber records
Under a lower standard than now applied to other types of investigative powers, i.e. wiretaps, search warrants
6
Do police need new legal powers?
Presumption that gov’ts introduce laws to remedy specific problems
new tech. allows criminals to commit crimes that we can’t detect, investigate or prosecute
7
Where’s the evidence?
Public roundtables: no answers freedom-of-info requests to Sol-Gen, DoJ, and
Industry Where’s the evidence that we need to dilute historical
protections? 8 mos. later Sol.-Gen. responds
8
Solicitor-General responds
“Law enforcement and national security agencies are simply asking that the same information that has been available to them when criminals and terrorists used mail and rotary telephones be available to them now.”
9
Dartmouth report
Dartmouth ‘Needs Assessment’ Info often technically difficult to collect Lack of extra-jurisdictional coordination Lack of tech. tools and training
10
If we do sign, what are our obligations?
Art 18: Signatories must adopt ‘production orders’ to compel third parties – individuals or organizations – to produce “specified computer data” = anything on a computer “subscriber info”
Under their custody or control Lawful Access: key amendment required to ratify
11
Lowering the bar
“[I]n light of the lower expectation of privacy in a telephone number or Internet address, as opposed to the content of a communication… [a] specific production order could be created under a lower standard”
Targeted at “traffic data”
12
Traditional thresholds for electronic surveillance
Rigorous legal framework for lawful interception of private communications Strict procedural safeguards in Criminal Code, i.e.
must have ‘reasonable and probable’ grounds on ‘information and belief’ that an offence has been or will be committed
Subject to Charter
13
Justifications for lower thresholds?
More efficient? Production orders less invasive?
“…no entry into and search by law enforcement of the premises of the third party…”
14
4 Criticisms
Overemphasis on physicality “less intrusive” does not mean “more reasonable” Lack of appropriate remedy Public inferences about private activities
15
4 Criticisms: Overemphasis on Physicality
Del Zotto v. Canada (Minister of National Revenue) - that a reasonable expectation of privacy is not founded on the location of the information in which the expectation is held
R. v. Edwards - “an interpretation of the degree of intrusiveness is not a matter of where the information… is located, but to what extent disclosure… would impact the reasonable expectation of the individual’s privacy”
16
4 Criticisms: ‘Less intrusive’ does not mean ‘more reasonable’
Assumes third party search more reasonable because it is less intrusive
U.S. v. Bach, 310 F.3d 1063, 1065 (8th Cir. 2002) Yahoo! Technicians do not selectively choose or
review the contents of a subpoenaed account, but simply hand over entire contents
17
4 Criticisms: Availability of Remedial Measures
How can you challenge a search you don’t know about? Much less likely to know about a third party search
R. v. Rahey, [1995] 4 S.C.R. 588 at para. 111“The question of breach must... be assessed in terms of
the interests protected by the section and such remedy as the court can provide to secure them.”
18
4 Criticisms: Availability of Remedial Measures
Gov’t would foist responsibility for seeking remedies on parties with no standing under s. 24 (Charter) “Anyone whose rights or freedoms, as guaranteed by this
Charter, have been infringed or denied may apply to a court…”
Excludes ISPs and other intermediaries even were they so inclined to take up this role
19
CAIP & Privacy
Can. Assoc. of ISPs (CAIP) has been ambiguous about protecting subscriber privacy Code of Conduct and Privacy Code indicate no
disclosure except as required by law Leave door open w/explanatory language
not every provider is a member
20
4 Criticisms: Public inferences
Ignores capacity of new tech. and new public-private relationships to draw public inferences about private activities
Location becomes less relevant in determining severity of intrusion
21
Gov’t argues there is precedent
proposal suggests that new, specific production orders analogous to ones used under ITA, Competition Act, and for dial number recorders, etc. are precedential
22
No precedent
Not difficult to distinguish these categories Tax info collected for regulatory, not criminal purposes DNRs reveal much less about the ‘biographical core’
23
Regulatory/Administrative vs. Criminal
Inquisitorial and compulsive nature of criminal investigations much higher
Triggers higher safeguards
24
Criminal Investigations Attract Greater Scrutiny
BC Securities Comm. v. Branch, [1995] 2 S.C.R. 3 – biz docs have lesser privacy rts than personal records
R. v. Fitzpatrick, [1995] 4 S.C.R. 154 at para. 49 – records statutorily compelled as a condition of participation have little expectation of privacy (fishing records)
25
Criminal Investigations Attract Greater Scrutiny
Dagg v. Canada (Minister of Finance), [1997] 2 S.C.R. 403 – biz records attract lower expectation not b/c of any label, but because of what these records typically contain
R. v. Plant, [1993] 3 S.C.R. 281 at 293 – hydro billing records did not reveal intimate details because electricity consumption reveals very little about our personal lifestyles
26
Criminal Investigations Attract Greater Scrutiny
Even if you disagree with the result in Plant, the court engaged in the appropriate contextual analysis
Left the door open to properly assess the impact of new tech.
27
Section 8 of the Charter
Everyone has the right to be secure against unreasonable search or seizure.
Leading cases on s. 8 is R. v. Plant, [1993] 3 S.C.R. 281
‘biographical core’ concept
28
The ‘Biographical Core’
“It is fitting that s. 8 of the Charter should seek to protect a biographical core of personal information which individuals in a free and democratic society would wish to maintain and control from dissemination to the state." This "would include information which tends to reveal intimate details of the lifestyle and personal choices of the individual.”
29
The ‘Biographical Core’
Phrase is evocative, but unfortunate ‘core’ implies centrality, permanence and
fundamental quality which belies ease of association/disassociation
Very few categories of data protected by enumeration in statute Such an interpretation would ignore context
30
Context is important in
Digital ‘traffic data’ in the hands of average person may be meaningless
but in possession of others with tech. or legal means, could reveal intimate details
Relates to value represented by data and Relationship of subject to third party
31
What is ‘traffic data’?
What does ‘traffic data’ actually represent? No international consensus on def’n Often analogized to ‘info on outside of envelope’ accurate in the analog environment, it is highly
problematic in the digital environment
32
Figure 1: Traffic data on a plain old telephone system (POTS)
20021021070824178 165 0187611205 6139574222 ----------001------003sth 46 5145281768-----0013 1410260
Date & Time Caller No.
Recipient No.Duration
33
Figure 2: Traffic data from two callers on a wireless network
time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:20:47:24 (A)
time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:04:29:30 (B)
time GMT=20010810011254 Cell ID=129 MAC ID=00:02:2D:1F:53:C0
time GMT=20010810011254 Cell ID=129 MAC ID=00:02:2D:04:29:30 (B)
time GMT=20010810011254 Cell ID=129 MAC ID=00:02:2D:20:47:24 (A)
time GMT=20010810011256 Cell ID=41 MAC ID=00:02:2D:0A:5C:D0
Location at 1:12:54 AM(Hilton Hotel)
Date & TimeLocation at 1:08:52 AM
(Dorval Airport)
Cell Location
34
Figure 3a: Traffic data from a user connecting to a web server
295.47.63.8 - - [05/Mar/2002:15:19:34 +0000] "GET/cgi-bin/htsearch?config =htdigx&words=startrek HTTP/1.0"20 2225
295.47.63.8 - - [05/Mar/2002:15:19:44 +0000] "GET/cgi-bin/htsearch?config =htdig&words=startrek+avi HTTP/1.0"200x
192.77.63.8 - - [05/Mar/2002:15:20:35 +0000] "GET/cgi-bin/htsearch?config =htdig&words=conflict+war HTTP/1.0"200
211.164.33.3 - - [05/Mar/2002:15:21:32 +0000] "GET/cgi-bin/htsearch?confi g=htdigx&words=STD+clinic+Kingston…
Search queryIP Address
Date & Time
35
‘Traffic data’ in the LA
“telecommunications associated data” to mean “any data, including data pertaining to the telecommunications functions of dialing, routing, addressing or signaling that identifies, or purports to identify, the origin, the direction, the time, the duration or size as appropriate, the destination or termination of a telecommunication transmission generated or received by means of the telecommunications facility owned or operated by a service provider.”
36
‘Traffic data’ in the Convention
“traffic data” means “any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.”
37
‘Traffic data’ in U.K. RIPA
relatively narrower definition includes subscriber and routing information and
'post-cut-through' data, or digits dialed after a call has been connected (i.e. your bank password if you use telephone banking services), but in relation to Internet communications, would incl. server but not a website or page."
38
‘Traffic data’ in EU Dir. Privacy & Electronic Communications
latitude, longitude and altitude of the sender's or recipient's terminal, direction of travel, identification of the network cell in which the terminal equipment is located at a certain point in time, any naming, numbering or addressing information, volume of a communication, network on which the communication originates or terminates, and the beginning, end or duration of a connection.
39
‘Traffic data’ in CALEA
CALEA uses narrower "call-identifying information", which means "dialing or signaling information that identifies the origin, direction, destination, or termination
excludes entities engaged in providing information services (i.e. ISPs)
40
But along came PATRIOT…
allows ISPs to voluntarily disclose "non-content" information to non-government entities for any purpose and to law enforcement in more limited circumstances.
expands info available with only admin. subpoena
41
‘Traffic data’ should attract R.E.P.
3 reasons Persistence, pervasiveness, permanence changes the
nature of the info. Structural characteristics of the interface(s) affect our
understanding and behaviour Tech. inverts proximity of p.i. to subject to extent that
invasions rarely take place w/o complicity of third parties
42
3 P’s
Persistence, pervasiveness, permanence changes the nature of the info.
43
Law & Code
laws that permit electronic surveillance typically incorporate authority and oversight rarely does surveillance technology contain more than
the first no guarantee that authority will be used lawfully
a misunderstanding of tech. nuances can translate lawful uses of surveillance into immoral if not unconstitutional ones
44
Interface ignorance
Structural characteristics of the Net fool us Most of us have no idea what goes on ‘behind the
screen’
45
United States v. Maxwell, [1995] 42 M.J. 568, 576 - subscriber had an expectation of privacy in his email because only he could access his password-protected account and there was little risk that any messages he sent would be retrieved or read by anyone other than the intended recipients for the same reason
46
Trust is a difficult thing to judge online and we frequently do it blindly.
Do we enjoy more privacy in visiting Playboy.com from a laptop in the physical solitude of our living rooms than if we were to pick up the magazine in the local corner store?
47
Techno-illiteracy/opacity encourages false assumptions
Ignorance of the law is no excuse, but is ignorance of code?
If our actions remain unmitigated, should we suffer less privacy?
48
In re Pharmatrak
Identical fact pattern to Doubleclick and Avenue A cases, but did not have permission to collect p.i.
Accidental collection through, GET method data on Detrol.com
GET data would be considered ‘traffic’ under LA, but was not by Pharmatrak ct.
49
50
51
52
Service providers as guardians
In U.S., no r.e.p. in what a person “knowingly exposes to the public”
Canadian courts more interested in the effect of breach on freedom and dignity of the individual
Kerr has concluded, in some cases, ISPs owe fiduciary responsibility to subscribers
53
Actions speak louder than words
Behaviour of individuals suggests they hold expectation of privacy
May be misplaced, but could still be reasonable Only other conclusion is that people just don’t
care – not supported by polling data
54
Shearing & Law
Every day we engage in private behaviour on the public Internet
R. v. Shearing, 2002 SCC 58 – mundane entries in diary still attract r.e.p. b/c of where they were
R. v. Law, 2002 SCC 10 – r.e.p. derived not from contents, but from fact they locked docs in safe
55
Shearing and Law – if we take steps to preserve privacy, this could trigger s. 8
What if we take ineffective, but bona fide steps?
56
Packet-mode communications liable to massive infringement
57
Packet-mode filters
Packet-mode filters suffer from overbreadth Network neutrality enables innovation, but makes
it difficult to regulate content or even isolate it Carnivore was a miserable failure
58
(In)Accuracy of Packet-Mode Filter with 99.999% accuracy
Assume 1 in 100k is terrorist communicating evidence in packets
Filter has 99.999% chance of identifying terrorist packets
0.001% of ‘innocent’ packets flagged Inaccuracy of 50%
59
Figure 5: Filter with 99.99% Precision
Assume 1 in 100k is terrorist communicating evidence
Filter has 99.99% chance of identifying terrorist packets
0.01% of ‘innocent’ packets flagged Inaccuracy of ~ 91%
60
Massive infringement and constitutionality
Imprecision has legal implications if tech. liable to massively infringe than use
should attract the very highest ex ante scrutiny and not the reverse
s. 8 would have very little value if it only operated ex post facto
61
Subjective Assessment & Discrimination
Diluted judicial standards grant too much subjective discretion to individual law enforcement officers
check against the unfettered discretion Operates as a record of accountability subject to
audit of abuse and defects in the law
62
Driving lessons
Highway Traffic Act standards for search and seizure have been diluted in ways similar to that now proposed in the Lawful Access
dilution of probable cause under the R.I.D.E. program was mitigated, to an extent, by its high-visibility and by its more or less equal application to all motorists transiting stationary checkpoints
63
Discretion & Social Control
R.I.D.E. now replaced by random roving stops Police stop for any reason – must be related to
highway safety, but very hard for courts to ascertain this
Social science data shows us that unfettered discretion becomes a form of social control
64
Discrimination is corollary of discretion
Who gets targeted? Visible minorities mostly Norris, attractive women, people wearing hats,
youth, etc. It’s arbitrary – people different from the operators
65
Surfing While Muslim
Muslims have become the new margins, but it could be anybody
as more of the things we do in our lives become instantiated in technology, we need to consider the consequences
Lawful Access fails to do this on a number of levels
Jason Young, LL.M. (Candidate)[email protected]
Paper at http://www.innovationlaw.org/lawforum/young.doc
Other resourceshttp://www.lexinformatica.org/cybercrime
