interweb freedom

(formerly Stop Usage Based Billing)

Posts Tagged ‘spyware’

The Hidden Rationale for Usage Based Billing

Posted by Laurel L. Russwurm on February 13, 2011

No Usage Based Billing!

by Sharon Polsky
President and CEO — AM¡NAcorp.ca
National Chair — CAPAPA

The recent discussion about Usage Based Billing being a ‘cash grab’ has generated much debate: Is a cash grab warranted? Should Internet users have to pay according to the volume they download?
Does UBB discourage innovation?

ACTA logo

The simple answer to the underlying question is:
ISPs and telcos need a way to fund
the Internet monitoring functions required by
the Anti Counterfeiting Trade Agreement (ACTA) and Canada’s Investigating and Preventing Criminal Electronic Communications Act (Bill C-52).

To understand the real impact, though, it is important to view UBB in context with other issues, which together: 

  • jeopardize the sovereignty of our nation,
  • have a chilling effect on freedom of expression, and
  • threaten the privacy and democratic freedoms traditionally enjoyed in Canada.

It can be argued that these measures do nothing to protect Canada or Canadians from the threat of terrorism (real or perceived), US protectionism or other economic threats, or future retribution by the Department of Homeland Security or other agencies.

UBB In Context

ACTA (the Anti-Counterfeiting Trade Agreement) is an international agreement to protect intellectual property and guard against piracy. It was hammered out by a handful of countries and requires signatories to have civil and criminal law that complies with it. Canada may have bargained away our ability to create independent legislation simply by being a party to ACTA, with terms allowing Canada to pass laws more stringent than required, but depriving us of the authority to create laws that contravene ACTA. This clearly undermines Canadian sovereignty.

ACTA was Negotiated in Secret

The US declared the draft ACTA text to be confidential as a matter of national security (the economy is a matter of ‘national security’ in both the US and Canada) so negotiation of the international scheme to guard against piracy and copyright infringement was done in secret, with a level of secrecy that excluded input from Canadian citizens, consumer and human rights groups, or Canada’s Information and Privacy Commissioner; yet the draft was circulated amongst rights-holder lobbyists (generally from the recording and motion picture industries). Many experts consider this to be an unprecedented degree of secrecy for a set of copyright protection rules.

Once approved, ACTA member countries are expected to put pressure on their trading partners to have them join the treaty — of course, after ACTA is finalized, so the newcomers will have no option but to accept the terms set by the original negotiating parties.

curls of razor wire against yellow brick

Prosecution, Remedies and Penalties under ACTA

Under ACTA, allegations advanced by rights holders lead to prosecution, remedies and penalties decided by judicial or ‘administrative’ authorities, with restitution and “lost profits” calculated by the rights holder. Although an alleged infringer can be ordered to reimburse the rights holder for the retail price and “lost profits”, legal expenses, court costs, and other amounts, as well as bearing the expense of destruction of allegedly counterfeit products, if it’s ultimately found that there was no infringement, the alleged infringer can ask for damages, but no process or formula is articulated.

Border officials will be compelled to carry out injunctions obtained in other countries, even if legal in the border official’s country. ACTA will also:

  • facilitate seizure of off patent medicines in the country of production and export,
  • empower member countries to seize and destroy exports while in transit to other countries
  • encourage countries to seize and inspect personal devices for any pirated material

The costs will be born by the individual being searched or the sender of the seized goods.

Privacy invasive provisions require release of personal identity information about alleged infringers, and information about any party who might be associated with alleged infringers are included in ACTA.

Third parties (i.e., distributors, NGOs, public health authorities) are put at risk of injunctions, provisional measures, and even criminal penalties, including imprisonment and severe economic losses:

  • Suppliers of active pharmaceutical ingredients used for producing generic medicines;
  • distributors and retailers who stock generic medicines;
  • NGOs who provide treatment;
  • funders who support health programs; and
  • drug regulatory authorities who examine medicines

could be implicated under ACTA. Ascertaining the third party involvement will require inspecting digital records; and ACTA compels disclosure and international sharing of that information.

Potential repercussions may well deter direct or indirect involvement in research, production, sale and distribution of affordable generic medicines.

Deep Packet Inspection (DPI) of online activity is already being used to identify alleged infringements. DPI has been in use by Canadian ISPs and telcos for some time. In August 2009, Canada’s Privacy Commissioner ruled on DPI used by Bell/Sympatico (Case Summary #2009-010). The Commissioner recommended that Bell Canada inform customers about Deep Packet Inspection, but did not prohibit its use.

“It is relatively easy to paint a picture of a network where DPI, unchecked, could be used to monitor the activities of its users.” 

Privacy Commissioner of Canada

Financial Impact of Bill C-52

Bill C-52: An Act regulating telecommunications facilities to support investigations
— referred to as the “Investigating and Preventing Criminal Electronic Communications Act” — is only one of the many ways that Canada is giving force and effect to ACTA.

C-52 is intended “to ensure that telecommunications service providers have the capability to enable national security and law enforcement agencies to exercise their authority to intercept communications and to require telecommunications service providers to provide subscriber and other information” upon request.

No warrant is necessary.

C-52 also requires the telcos and ISPs to provide the transmissions in an unencrypted form and to “comply with any prescribed confidentiality or security measures“.

to provide “any information in the service provider’s possession or control respecting:

  • the name,
  • address,
  • telephone number and
  • electronic mail address of any subscriber to any of the service provider’s telecommunications services and the
    Internet protocol address,
  • mobile identification number,
  • electronic serial number,
  • local service provider identifier,
  • international mobile equipment identity number,
  • international mobile subscriber identity number and
  • subscriber identity module card number that are associated with the subscriber’s service and equipment”.

Under current Canadian law, Internet Service Providers who have the means to spy on their customers (Deep Packet Inspection capability) can be asked to do so by the government, but they cannot be compelled to have such means.

Under C-52, Telcos are required to have and bear the cost of the equipment necessary to comply; and the equipment can be specified by the government or enforcement agencies. The cost of actually determining and providing the information to law enforcement will be billed to and paid by the requesting agency — with our tax dollars.

Usage Based Billing could well pay the costs of the Government mandated spyware that will be required should Bill C-52 become law. Not only will citizens find themselves stripped of privacy and spied on but we will be overcharged to pay for it.

The Future of ACTA

The ACTA text was finalized in November 2010, and the US and Canada (quietly) asked for feedback to be submitted by February 15th, 2011. The request was visible on the DFAIT website for a short time.

ACTA participants successfully completed a legal verification of the finalized ACTA text at a meeting in Sydney, Australia between November 30 and December 3, 2010.

Canadian Charter of Rights and Freedoms (CC by Bitpicture)

Every Canadian Needs A Copy

The Standing Committee on Canadian Heritage met to discuss ACTA and other matters on January 31, for 2 hours, and was scheduled to meet again on February 7, 2011.

The final ACTA text includes mechanisms to amend the agreement. That provides a ‘back door’ to get acceptance of the most contentious issues (such as the three strikes rule) that were rejected during the negotiations.

Even before the three strikes rule is adopted, the scope of ACTA provides the latitude that permits individual member nations to impose a three strikes rule.

So between ACTA and other laws, international agreements, and multilateral treaties to share information it’s easy enough to circumvent the provisions of Section 8 of Canada’s Charter of Rights and Freedoms and to circumvent the protections embodied in all of Canada’s various privacy laws.

Canadians’ most intimate information can be sent outside of Canada to be examined, and then the results back into Canada. Canada and the US have been known to do that on occasion, typically to protect ‘national security’ or guard against the perceived threat of ‘terrorism’.

Stripping Canadian Law of citizen protection measures that have evolved over hundreds of years has not been shown to protect citizens from terrorism, but rather to open up new avenues of compromising and removing the Rights and Freedoms Canadians expect to enjoy under our democratic system.



Guest blogger Sharon Polsky is the President & CEO of AM¡NAcorp.ca as well as the National Chair — CAPAPA More background can be found in Anti-Counterfeiting Trade Agreement (ACTA) Highlights

Image credit:
Canadian Charter of Rights and Freedoms: “Every Canadian Needs A Copy” released under a Creative Commons Attribution 2.0 Generic (CC BY 2.0) licence by Bitpicture on Flickr

Advertisements

Posted in Changing the World | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 3 Comments »

Anti-Counterfeiting Trade Agreement (ACTA) Highlights

Posted by Laurel L. Russwurm on February 8, 2011

ACTA logo

by Sharon Polsky
President and CEO — AM¡NAcorp.ca
National Chair — CAPAPA

ACTA is an international agreement hammered out by a handful of countries (led by the US, including Canada) that requires signatories to create civil and criminal law to give force and effect to ACTA.

ACTA is intended as a global standard to ‘protect’ against intellectual property and counterfeit products, containing very specific discussion about digital information.

The negotiating parties did NOT include:

  • India,
  • Brazil,
  • China,
  • Russia
  • or any countries known as the greatest sources of counterfeit goods.

Nor did it include any:

  • consumer rights groups,
  • human rights groups, or the
  • Information and Privacy Commissioner of Canada.

The intent to negotiate a deal was announced in late 2007. Because there’s an economic impact component to it, the US declared the draft ACTA text to be confidential as a matter of national security. A draft was circulated amongst rights-holder lobbyists (generally from the recording and motion picture industries). After three years of negotiations, the text was leaked in April of 2010. The Government of Canada released a copy of the draft in October 2010. The final text was issued in November 2010.

An unprecedented degree of secrecy for a set of copyright protection rules.

Once ACTA is approved, its member countries are expected to put pressure on their trading partners to have them join the treaty — of course, after ACTA is finalized.

The final text includes a provision for amending the agreement, and that’s viewed as a back door to get acceptance of the three strikes provision that was rejected during negotiations.

Three strikes law describes the penalty: after three allegations of inappropriate Internet use, service will be suspended for 12 months.

heavily stacked in favor of “rightsholders” at the expense of consumer human rights

Under ACTA, prosecution, remedies and penalties are acted upon based on allegations advanced by the rights holder, and all can be decided by judicial or ‘administrative’ authorities. ACTA sets out the items that can be included in calculating restitution. For instance, an alleged infringer can be ordered to reimburse the rights holder for the retail price and “lost profits” (as calculated by the rights holder), legal and court costs, etc etc. Allegedly counterfeit products must be destroyed, at the expense of the alleged infringer. If it’s ultimately found that there was no infringement, the alleged infringer can ask for damages, but no process or formula is articulated.

ACTA puts individuals in jeopardy since border officials will be compelled to carry out the injunctions obtained in other countries, even if the activity is legal in the border official’s country. Thus, ACTA empowers officials to seize medicines that are off patent in the country of production and in the countries where they are being exported to, if a company holds a patent to that medicine in any member country.

Similarly, ACTA’s border enforcement provisions empower member countries to seize and destroy exports while in transit to other countries. ACTA provides that “parties MAY exclude small quantities of goods of a non-commercial nature contained in travelers’ personal luggage”, so it still leaves it to countries to seize and inspect personal devices to determine if and how much pirated material is there; and the individual will have to bear the cost of inspection, storage, and destruction. So anyone who rips music from the CD they bought and transfers that ripped music onto their iPhone or Blackberry, and then tries to carry it through the border might not get very far. Imagine what it could do at airport screening lineups!

ACTA offers many privacy-invasive provisions, including requiring the release of information necessary to identify an alleged infringer, and any party who might be associated with that alleged infringer.

ACTA puts third parties (i.e., distributors, NGOs, public health authorities) at risk of injunctions, provisional measures, and even criminal penalties, including imprisonment and severe economic losses. This could implicate, for example, suppliers of active pharmaceutical ingredients used for producing generic medicines; distributors and retailers who stock generic medicines; NGOs who provide treatment; funders who support health programs; and drug regulatory authorities who examine medicines. The potential repercussions are expected to serve as a deterrent to being involved — directly or indirectly — in the research, production, sale and distribution of affordable generic medicines. Ascertaining the third party involvement will require inspecting digital records; and ACTA compels disclosure and international sharing of that information.

Deep Packet Inspection

Deep packet inspection of online activity will be used to identify alleged infringements. ISPs will be required to shut down alleged infringers’ Internet connections, and publicize the identity of the alleged offender amongst other ISPs.

DPI is also expected to cause ‘collateral damage’ when blameless sites at the same IP address get shut down along with the accused. DPI was approved for use by ISPs and telcos when, in August 2009, Canada’s Privacy Commissioner ruled on the Bell/Sympatico case (Case Summary #2009-010). The only limit was a recommendation Bell Canada inform customers about Deep Packet Inspection.

The Commissioner did note that “It is relatively easy to paint a picture of a network where DPI, unchecked, could be used to monitor the activities of its users.”

In January 2010, President Nicolas Sarkozy gave a speech to members of the French music and publishing industries and said that “authorities should experiment with filtering in order to automatically remove all forms of piracy from the Internet.”

France

government approved SPYware text and magnifying glass

Liberté, égalité, fraternité?

France recently passed its HADOPI “three strikes” law that targets alleged illegal Internet file-swappers. There is no no presumption of innocence in HADOPI. After a rights holder advances an allegation of infringement and gets administrative approval, the alleged infringer receives two warnings, and then gets cut off the Internet.

And there is no judicial recourse.

Under the terms of HADOPI, Internet access is only restored after the “offender” allows spyware to be installed on his/her computer, monitoring every single thing that happens on said computer, and that could also reach to the entire network (personal or corporate) that the computer is attached to.

HADOPI has been sending out notices. Initially, it sent out about 10,000 per day, with plans to ramp up to 50,000 per day. ISPs must hand over information to the government about those accused within eight days. If they don’t, hey could get fined 1,500 euros per day per IP address.

USA

A few weeks after Thanksgiving weekend in November 2010, the US Homeland Security’s Immigration and Customs Enforcement (ICE) department seized and shut down 82 domain names during “Operation In Our Sites II” without prior notice. Not all of these domains contained counterfeit products.

The web sites included a search engine and some well-known music blogs.The released partial affidavit and seizure warrant show that that the decision to seize the domains was almost exclusively dependent on what the Motion Picture Association of America said were the facts, and the MPAA’s numbers about the economic importance of the movie industry and MPAA testimony about how piracy hurts its income.

The MPAA and the Recording Industry Association of America were two of the 42 individuals and groups in the US that were given access to the draft text early on.

Canada and the International Sacrifice of Personal Privacy

Canada’s Anti Terrorism Act and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act in conjunction with other legislation allows governments to trade and swap Canadians’ information with around the world without our knowledge.

The PATRIOT Act does the same in the US. The UK Home Office recently resurrected the so-called ‘Super Snooper Bill’ that will allow the police and security services to track the British public’s email, text, Internet and mobile phone details. And the “Server in the Sky” global biometric database will tie it all together.

Vertical Canadian Flag

Canada’s Bill C‑52 — referred to as the “Investigating and Preventing Criminal Electronic Communications Act” — is intended “to ensure that telecommunications service providers have the capability to enable national security and law enforcement agencies to exercise their authority to intercept communications and to require telecommunications service providers to provide subscriber and other information” upon request.

No warrant necessary in Canada.

C-52 also requires the telcos and ISPs to provide the transmissions in an unencrypted form and to “comply with any prescribed confidentiality or security measures“. A gag order, in other words.

And the information to be provided is quite specific and broad: It is “any information in the service provider’s possession or control respecting the name, address, telephone number and electronic mail address of any subscriber to any of the service provider’s telecommunications services and the Internet protocol address,
mobile identification number, electronic serial number, local service provider identifier, international mobile equipment identity number, international mobile subscriber identity number and subscriber identity module card number that are associated with the subscriber’s service and equipment”.

C52 compels ISPs to spy on their customers

Under C-52, Telcos are required to have and bear the cost of the equipment necessary to comply; and the equipment can be specified by the government or enforcement agencies.

Between ACTA and other international agreements and multilateral treaties to share information it’s easy enough to circumvent the provisions of Section 8 of Canada’s Charter of Rights and Freedoms by having an agency outside of Canada do the work, and then share the results back into Canada. Canada and the US have been known to do that on occasion, typically to protect ‘national security’ or guard again ‘terrorism’.

ACTA is based on allegations and assurances of the rights holder.



Guest blogger Sharon Polsky is the President & CEO of AM¡NAcorp.ca as well as the
National Chair — CAPAPA, the Canadian Association of Professional Access and Privacy Administrators. This article provides the necessary background for the Sharon’s article “The Hidden Rationale for Usage Based Billing” scheduled to be published here in the Stop Usage Based Billing blog February 10th.

Post Script:
Internet Service Providers are in the business of providing Internet Service, and ‘deputizing’ them to spy on citizen customers is an atrocious breach of net neutrality, which I wrote about a year ago in Nutshell Net Neutrality

Looking over my blogs, I was surprised to see just how much I have actually written about ACTA shared both in this blog:

as well as on my Oh! Canada political blog:

Posted in Changing the World | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 5 Comments »

Bill C-27: Canadian Democracy In Action?

Posted by Laurel L. Russwurm on October 19, 2009

Oh! Canada

Oh! Canada

Last Friday Michael Geist posted a chilling story about the The Copyright Lobby’s Secret Pressure On the Anti-Spam Bill which looked at how Bill C-27: The Electronic Commerce Protection Act, a piece of legislation touted as the “anti-spam” law, which was in danger of being dramatically altered at the last minute. If these tabled changes are made, instead of protecting Canadians from spam and spyware, the law would legalize a number of very frightening things. Not least of which would be Canadian governmental blessing to allowing corporations to assume law enforcement capabilities without the restraints of due process which our law enforcement agencies currently operate within.

Currently Canadian Law enforcement agencies have rules to follow. The RCMP can’t simply decide to break down someone’s door and sieze their possessions because they feel like it. Canadian Law has a history of protecting Canadian Citizens from Malicious Prosecution.

Yet the language of the proposed law quoted by Professor Geist was granting broad powers to telecom providers, namely:

“providing computer security, user account management, routing and transmission of messages, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management,and detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software, including scanning for and removing computer programs

The Copyright Lobby’s Secret Pressure On the Anti-Spam Bill

Of course most of what is included there isn’t bad stuff, it’s really “detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software,” that is incredibly broad. Why is a company that connects the wires to connect Canadian to the internet suddenly charged with detecting and preventing crime?

What is unnerving is the next bit, the fact that telecom providers are also given the authority for “scanning for and removing computer programs”. In laymans terms, this means that if Canadian’s connect to the internet Bell Canada et al have the power to decide if Canadians are doing something illega, and if they think we are– nothing anywhere about proof, mind– they will also have the right to remove software from our computers.

What an incredible amount of power to gift to corporate entities. Whatever the reasoning for allowing this, that is truly frightening.

This goes far beyond the cases where electricity carriers reported instances of sudden increased electricity consumption to law enforcement to facilitate apprehension of criminals. The news story that stuck in my mind was the one where the Emergency Response Team broke in the door and frightened the daylights out of the elderly folks living there. Turned out that the criminals had tapped into these people’s connection. Wasn’t the criminals who got roughed up, though.

The most frightening difference here is the idea that the law doesn’t just ask the telecom providers to keep their eyes open and report suspicious activity, the law tells them to detect it, and even worse, act on it. All on their own.

This would essentially give our telecom providers — Bell/Telus/Rogers/Shaw/Sasktel– total control of the internet and every computer connected to it. This would give them absolute authority to act as police, judge, jury and executioner. This would unquestionably slam an iron curtain around Canadian internet use. Maybe that particularly frightens me because some of my ancestors fled the Russian Revolution to settle in Canada so they could live in freedom.

So for myself and my family, I do not want to see that happen. Since so much of the world’s work is either on or moving toward the internet, allowing so much power over a nation’s freedom to commercial business is mind boggling. And no, it hasn’t happened yet, but they might pass the law, complete with last minute amendments as early as today.

So I dis what I could to spead the word in my own little corner of the internet universe by talking about this danger in my blogs. But instead of just complaining about it, I also did what members of a democracy are supposed to do– and in a healthy democracy enouraged to do — I articulated my concerns and sent them to the people who are actually working on passing this law.

More Chilling Still

One of the amazing and great things about the internet is the speed of it. When we send email, it arrives where its going almost instantly. Another really cool thing is “return receipts”. So what I’ve been getting is automatic responses.

These are the is the results so far:

My MP, who is not on the committee, at least reads his email. Or someone does.

Harold Albrecht, MP AlbreH@parl.gc.ca – Your message was read on October 19, 2009 8:49:01 AM (GMT-05:00) Eastern Time (US & Canada).


The Commitee working on passing Bill C-27: The Electronic Commerce Protection Act

Tony Clement – ClemeT@parl.gc.ca Your message was read on October 18, 2009 8:54:08 AM (GMT-05:00) Eastern Time (US & Canada).

Marc Garneau – Garneau.M@parl.gc.ca Your message was deleted without being read on October 19, 2009 11:26:13 AM (GMT-05:00) Eastern Time (US & Canada).

Robert Bouchard – BouchR@parl.gc.ca Votre message a été supprimé sans être lu le lundi 19 octobre 2009 09:19:48 (GMT-05:00) Est (É.-U. et Canada).
(Babelfish Translation: Your message was removed without being read on Monday October 19, 2009 09:19: 48 (GMT-05: 00) Is (E. – U. and Canada).

Robert Vincent – VinceR0@parl.gc.ca Votre message a été lu le lundi 19 octobre 2009 09:09:36 (GMT-05:00) Est (É.-U. et Canada).
(Babelfish Translation: Your message was read on Monday October 19, 2009 09:09: 36 (GMT-05: 00) Is (E. – U. and Canada).

What does this tell me?

Of the elected members of parliament who sit on the committee, two of the four automatic responses tell me that my message was deleted without being read.

Is this what passes for democracy in Canada now?


post script: Sadly we have a tie-breaker:

Mike Wallace – WallaM@parl.gc.ca Your message was deleted without being read on October 19, 2009 3:32:39 PM (GMT-05:00) Eastern Time (US & Canada).

STOP Usage Based Billing

STOP Usage Based Billing

Posted in Changing the World | Tagged: , , , , , , | 5 Comments »