Anti-Spam Bill morphs into Secret Spyware Bill

[Note: This is not specifically a Usage Based Billing problem, but it certainly needs some attention.  Also I don’t usually re-post so much of anyone else’s posts, but since time is short and disseminating this information is so important, I’m doing a lot of cutting & pasting here. Some of my thoughts are interspersed between the quotes… quite frankly this still feels surreal. I am just amazed that this could really be happening. I shouldn’t be but I am.]

Oh! Canada

CANADA, we have a problem…

Bill C-27: The Electronic Commerce Protection Act

It started with our government’s attempt to pass anti-spam legislation. Seems like a good idea, right? Harmless enough. What can go wrong?

But wait– we’re talking about politicians here. So…

Seems there’s a problem with The Canadian Marketing Association. Well, yes, they’ve known about it and didn’t have a problem as long as its been in the works… since June. Hey, they’ve only had four months to mull it over… so, well, they’ve changed their minds now. Since the law will probably pass on Monday, the Canadian Marketing Association Attacks Anti-Spam Bill.

Well, that’s not too much of a surprise, is it? I mean. this is a marketing lobby group. Of COURSE they want to be able to send as much spam as possible. Um.

Well hey, they only want one little change… they just want to rip the heart out of it, that’s all. The core of the proposed legislation is “a requirement for express opt-in consent”, in other words, it is illegal to send us spam without first getting our permission. This, after all, is the whole point of the law. They want it changed to give them the right to send us as much spam as they can until we tell them “no.”

Well, we’ve all seen how effective the CRTC telephone marketing “Do Not Call List” worked out. Thousands of people on the Do Not Call list, thousands of complaints, yet the CRTC could only find it in their hearts to find fault with three telemarketers, and then backed out of prosecuting two of them. (By this point I’d bet the third guy walked too…) Uh huh. So, no, I don’t think there is any point to even bothering, if they disembowel the legislation, right?

So Professer Geist’s take on it is that we have to fight for it if we actually want a law with teeth. He also provides a lits of links to the committee that is supposed to be getting this law passed, with the suggestion that we email all of these good folks and let them know how we feel about eviscerating the law.

So today is Friday, time for weekend wind down to get started… but wait. I’ve been looking forward to getting my next alphabet post finished and on line, but this annoying but not particularly urgent story about C-27 isn’t such a big deal except…

it turns out that was just a sideshow… the main event is far more chilling..

In Michael Geist’s sidebar:

“ RT @doctorow: CANADIANS! Hollywood & telcos want right to install spyware, delete apps, snoop; contact MPs TODAY! ”

Both Michael Geist and Cory Doctorow are clearly agitated about something that sounds like it is straight out of Little Brother.

You can read it on boingboing:
boingboing: Telcos and Hollywood ask Canadian govt for right to secretly install spyware, listen in on your network connection — ACT NOW!

You can read it on Michael Geist’s blog:
Michael Geist: The Copyright Lobby’s Secret Pressure On the Anti-Spam Bill

But this isn’t fiction, it is happening in Canada RIGHT NOW.

So instead of doing what I planned to do with my life today, I’m plunging into this incredible …conspiracy. That sounds so absurd, like bad fiction.

Here’s my attempt at making sense of this. This Copyright pressure group is trying to influence Canadian anti-spam legislation:

“The copyright lobby’s interest in the bill has been simmering since its introduction, with lobbyists attending the committee hearings and working with Liberal and Bloc MPs to secure changes. The two core concerns arise from fears that the bill could prevent surreptitious use of DRM and block enforcement initiatives that might involve accessing users’ personal computers without their permission.”
–Michael Geist

This is incredible. Who’d a thought?

Turns out Bill C-27: The Electronic Commerce Protection Act covers more than just anti-spam.

It was written to include a requirement that software cannot be installed on a user’s computer without consent, as an anti-spyware provision.

What a good idea.

Its about time. For the same reasons it isn’t nice to put unwanted software (like for example viruses) on corporate computer systems, it will give individuals the same sort of legal protections for our personal computers that are extended to corporations. This law will make it illegal for companies to put software you don’t want on your computer without getting your permission.

Because no one should have the right to put software on my computer without MY permission.

Just as no one should have the right to put software on YOUR computer without YOUR permission. It is, after all, YOUR computer. You bought it to do what you wanted or needed it to do. Why should anyone have the right to put things on your computer? It isn’t THEIR computer.

what is spyware?

Spyware is like a virus because we don’t put it on our own computers. Someone else does. Spyware is software which is sneaked into our computers. Without our permission. Without our consent. And then like a virus, it does something we don’t want it to do. Because, after all, if we wanted it to do what it was doing, no one would bother to sneak it onto our computer in the first place.

Devices like cookies allow spyware to keep track of what we do and where we go. The information the spyware it finds out about us is then reported back to the the company responsible for putting it there.

Java script can be very dangerous as well, since it can contain executable code. This means java script can start up a program without your consent– like spyware — and make it run on your computer.

When someone puts a program on your computer without your knowledge and consent, there is a very good chance that these programs are doing things you don’t want them to do.

NoScript offers protection for internet use.

Protecting Ourselves

There has been an increase of software programs allowing consumers to protect ourselves from cookies, javascript and spyware. These programs usually stop the thing we don’t want from happening, but give us the option of allowing it. In this way we can decide whether the thing we want to do is worth the risk of allowing the cookies, javascript and spyware to do their thing.

One of the protections I use all the time is called NoScript. Whenever anyone sends me a link to something on YouTube, I must first give YouTube permission to run javascript or I can’t see the video clip. Except for my bank, no matter how often I go to I site, I only give “temporary permission”. Some websites don’t work well or at all without cookies or java script. With this kind of protection, I get to choose if the website is important enough for me to risk running these things.

So far nothing really bad has happened, but if something did, I’d be much better able to figure out which website caused the problem, and be able to avoid it in future. A wonderful piece of anti-virus software I use always is called AVG. As well as keeping my computer virus free, AVG prevents software on my computer from connecting to the internet without my permission.

Of course this information is also very valuable to con artists and scammers.I’ve just publicly given out the information that (a) I use NoScript and (b) AVG. Since NoScript is a Firefox add-on, I have also told the world that I use Firefox rather than Internet Explorer or Opera. Who cares? Obviously somebody does, or spyware wouldn’t exist. The more a company knows about me, the easier it is for them to know how to sell me something. The more information they have, the better they know what spam to send to who.

AVG logo

Companies who wanted to find out this kind of information about us used to hire market research firms who would do surveys or run focus groups. Usually the respondents would get some kind of gift or per diem for sharing their information. Better yet, people KNEW that they were being asked. Obviously it is much more economical for companies to just take this information they want to know about us without our permission. I consider this theft. Of course “respectable” companies are not the only ones trying to “mine” consumers for our personal and behavioral information. Spammers, identity thieves and con artists are out there trying to get the exact same information for even more nefarious reasons.

Firefox Browser Logo

Really, that’s what is so scary about spyware… some company is essentially stealing information about our lives. This is not the same as a survey, because we know we’re talking a survey. This is more like we’re being secretly followed, and now wiretapped as well. If we allow ANYONE to add software to our computers without our consent, what could happen?

I wonder: how many people have web cams on their computers? I have one. One Christmas I made a point of giving web cams to several far flung family members to try to make sure we could all stay connected. All these web cams may not be turned on all the time. Most are only turned on for holidays. It is becoming more common for laptops to have built in web cams. What happens if some spy ware is software that secretly activates our webcams, or even just the microphones we keep hooked in just in case Great Aunt Petronella initiates a VoiP contact from her trip to Bulgaria?

If companies want to spy on our computer activities at the very least they should be providing us all with free* computers.

(*Free as in beer; obviously computers given to us by corporations wishing to spy on us would not be “free as in speech”.)

But as long as we buy our own computers, we OWN them. WE get to decide what we put on them.

last minute amendments

Michael Geist’s news is that the copyright lobby wants to ensure their software will be able to trespass on our equipment and through our files so they can target “violation of a user agreement or alleged copyright infringement.” The copyright lobby is concerned that this legislation will block attempts to track possible copyright infringement through surreptitious electronic means. They want our government to give them the right to invade the privacy of all Canadians just in case there is a copyright violation.

“ Even more troubling are proposed changes that would allow copyright owners to secretly access information on users’ computers. ”
— Michael Geist

The copyright lobby is concerned that C-27 will “block investigations that involve capturing user information on computers without knowledge or consent.”

Do we want c-27 to be Pro-Spyware?

C-27 was making the copyright lobby unhappy so…

“…the Liberals have tabled a motion that would exclude Section 7(1)(b) from C-27 – effectively restoring the exception in these circumstances.”

“On top of these provisions, sources say the Liberals have also tabled motions to extend the exemptions for telecom providers. ”

Using the Internet = Privacy Invasion

If this law is passed, and you ever connect to the internet, the internet carriers (Bell/Telus/Rogers/Shaw/Sasktel) will have the right to remove things from our computers or add things to our computers. This law will go much farther than the CRTC decision to allow Bell Canada to use Deep Packet Inspection, and is an even greater risk to our personal security.

There is a proposed motion that would also create an exception for telecom providers to the requirement to obtain express consent. It states that the section does not apply to telecom providers providing a telecom service, which is defined to include:

“providing computer security, user account management, routing and transmission of messages, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, and detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software, including scanning for and removing computer programs”

This is simply incredible.

This law that was originally supposed to protect Canadian citizens from spam and spyware may be compromised to sacrifice all Canadian computer security to what I’m guessing is a largely foreign copyright lobby. I am making the assumption that the driving force behind this lobby group are the American movie companies. Now, I love movies. I am a huge movie fan. Even so, I’m not willing to sacrifice Canadian rights and freedoms just in case some Canadians may be breaking copyright law.

This is like giving a key to allow strangers to enter our homes without permission. Once they have the run of the place, who knows what they’ll do. They remove what they want, and leave a bit of spyware in their wake. Whatever happened to due process of law? There are no warrants necessary. The assumption seems to be that all Canadians are crooks, therefore all Canadians can have their computers searched and altered without permission… just in case we might be doing wrong.

This law will give these rights to corporations. We aren’t even talking about police services here. THEY will still need to get a warrant.

Under these ill advised amendments to the proposed law, if I buy a commercial movie DVD, and put it in my computer, it may have the equivalent of a corporate virus on it. If I log on to the internet, Bell Canada can crawl into my computer and add or subtract software or content from my computer as they see fit. They will have the power under this law to rifle through the contents of my personal computer to investigate just in case I may have broken a law somewhere.

Brazil video cover art

I am getting chills up my spine as I remember a scene from Terry Gilliam’s Brazil, where a home is invaded and ransacked and family members are dragged away in chains by the security forces. When it comes out that they went to the wrong address no one cares. Restitution is not made, the wrongly incarcerated are not released. This is precisely why civil rights are necessary.

If they make this the law they can put this DRM virus software anywhere to affect anything and everything, Linux included. If it is legal for them to remove software from your computer without your permission, it could well be your anti-spyware software or intruder alarm that they take out so that we cannot see their tracks.

Until you put the software or the movie DVD or music CD in your computer you won’t even know if it has DRM set to target anything on your system.

Even if you never introduce a new piece of software or hardware or CD or DVD to your computer again you are still not safe if you go online anywhere near Bell Canada, since the right to trespass in our internet traffic the CRTC gave Bell Canada for Deep Packet inspection was just the beginning. The incredible ability to violate our rights that this law will give Bell Canada is staggering.

If this becomes law, the ONLY way to be safe is to keep your computer pure… no internet, no new anything. Because the second you do, your privacy is at risk.

Our civil rights are being thrown out because?

This is about copyright infringement. So lets look at worst case scenarios here, I mean really: how bad can it be?

Instead of safeguarding Canadian interests by protecting our computers from outside invasion, these last minute changes would result in giving away our right to privacy and computer security by allowing corporate interests to secretly sneak into our computers and do whatever they like. Call me crazy, but it sounds like a really bad deal to me.

Take it further. If these “good guys” can do it, what is stopping the bad guys?

Obviously, the same kind of invasive software deployed by criminals or terrorists will now have a much easier time of it.

How about my idea of a nightmare. Lets say one of the Bell Canada employees is a pedophile. Because this person now has free access to all the Canadian computers accessing the internet, this pedophile will no longer need porn sites… pedophiles in those Bell Canada spying-on-customers jobs will be able to have all the fun they want with any photographs or home movies of our children we were foolish enough to put anywhere near a computer. And hey, it would be child’s play for this same pedophile to be able to find out where our children live and go to school.

Extreme case? Sure it is. But that’s the problem. This kind of law expects citizens to trust people we don’t know with this much power over us. Maybe the head of Bell Canada is a prince of a fellow. But I don’t know that. How many employees does Bell Canada have? Lots. Probably even lots AND lots. I don’t know any of them. They are probably all fine upstanding people. But maybe one of them isn’t. It’s just that one that’s the problem.

Security? Well, lets see… if it is now legal for these computers to access our equipment and data, and these people and corporations are allowed to add things to our systems, or subtract things from our systems, how can they possibly ever bring even the worst copyright infringer to court? Any “infringing” material that is discovered through these techniques is now suspect. After all, it could have been added just as surreptitiously as the spyware.

Canadian Computer Rights

You may not take things from my computer without my permission

I’m not a lawyer, but it seems that we have to be in order to defend ourselves. I don’t know if anyone else has written anything like this but here goes:

The Rights of A Canadian Computer User

No one has the right to put anything on my computer without my permission.
Just as no one has the right to put a bug in my bedroom.

No one has the right to take anything from my computer without my permission.
Just as no one has the right to take anything from my home without my permission.

No one has the right to read my email without my permission.
Just as no one has the right to open my snail mail without my permission.

No one has the right to go through my document folders without my permission.
Just as no one has the right to go through my file cabinet without my permission.

If any corporation feels that they should be entitled to trample on any of these rights by virtue of the fact that I purchased a piece of equipment, software, CD or DVD, just inform me you plan on doing these things BEFORE I purchase the item from you. That way, I can decide if it is worth it to me to put my privacy at risk.

There can be absolutely no justification for doing any of this secretly.

Canada has both laws and law enforcement capabilities.

Canada HAS laws. It has one of which I’m particularly fond:
Canadian Charter of Rights and Freedoms

Canada even has law enforcement agencies.
If the forces of law believe that I am in fact infringing on copyright, let them follow the rules of Canadian Law and do an investigation.

If searches are deemed necessary, let there be search warrants. Remember that Canadian Law I mentioned? It has a bit that promises Canadians:

Search or seizure

8. Everyone has the right to be secure against unreasonable search or seizure.

— Canadian Charter of Rights and Freedoms

The changes to Bill C-27 being contemplated by the committee would actually grant powers of unreasonable search and seizure to corporations.

This is NOT acceptable.

The basic presumption being made seems to be that all Canadians are guilty. We are all criminals. Yet even in Canada the law affords Canadian citizens the presumption of innocence:

“Any person charged with an offence has the right … to be presumed innocent until proven guilty according to law in a fair and public hearing by an independent and impartial tribunal.”
— Canadian Charter of Rights and Freedoms

Anyone who has read my blogs is aware that brevity is not my strong suit.

But that is clearly what is called for here. We need to tell all of these people in no uncertain terms that this is NOT acceptable. So this is the letter I am about to send to all of them:

Re: Bill C-27: The Electronic Commerce Protection Act

I am deeply concerned that the committee working on Bill C-27 is considering last minute amendments to this law (or possibly introducing modifying legislation later) that would make it legal for third parties to surreptitiously add to or remove anything from my computer without my express consent.

Corporations and Internet carriers should not be allowed to invade my privacy because I’ve purchased their movie or used the internet. Allowing corporations and telecommunications carriers to surreptitiously invade the privacy of Canadians flies in the face of provisions of the Canadian Charter of Rights and Freedoms and the Privacy Act as well as being contrary to advice offered by Public Safety Canada.

Don’t be pressured into making last minute ill advised changes without time for serious thought and investigation. Doing this would certainly not be in the public good. Canada deserves good laws.

My computer belongs to me. No one else has the right to put anything on it or take anything off it without my permission.

Sincerely,
Laurel L. Russwurm

As with everything else I have written in this blog, this is clearly placed in the public domain. This means that you are free to copy it verbatim or make any changes you see fit in order to send your own letters.

Because that’s what we need to do. We need to tell them NO.

private files

This is the committee who are putting this law together
(links direct to email addresses)

The Honourable Tony Clement, P.C., B.A., LL.B., Minister of Industry (Conservative)
Hon. Michael Chong, Chairman of the Committee
Anthony Rota, Vice Chairman (Liberal)
Robert Bouchard (Bloc Québécois)
Gordon Brown (Conservative)
Siobhan Coady (Liberal)
Marc Garneau (Liberal)
Mike Lake (Conservative)
Brian Masse (New Democratic Party)
Dave Van Kesteren (Conservative)
Robert Vincent (Bloc Québécois)
Mike Wallace (Conservative)
Chris Warkentin (Conservative)
Along with a lovely link that will help you find your own MP in the event you don’t know who it is.
Find your Member of Parliament

I would think that the Minister of Public Safety would also have a definite interest in these changes to this proposed legislation, since the tabled loopholes will certainly make it more difficult for the forces of Canadian law and order to successfully prosecute perpetrators of electronic crimes (such as con artists, identity thieves etc.)
The Honourable Peter Van Loan, P.C., B.A., LL.B., M.A., M.Sc.Pl., Minister of Public Safety (Conservative)

irony

October is Cyber Security Awareness Month

I’m pretty sure that the politicians being pressured by the big guns of the copyright lobby haven’t thought about the ramifications of this. That’s one of the reasons for pressing for a last-minute addition, it can’t be scrutinized as closely because there isn’t time.

I haven’t had time to read through all of these, and I’m not a lawyer, but here are some Federal Government Online resources that may prove helpful for further investigation– AFTER making sure that the applicable government players not to do this.

Public Safety Canada
Cyber Security
October is Cyber Security Awareness Month
Protect your computer, your information, your family and yourself
Welcome to the Royal Canadian Mounted Police
Scams and Fraud
Reporting Economic Crime Online (RECOL)
Office of the Privacy Commissioner of Canada
The Privacy Act

STOP Usage Based Billing