ExpressVPN

Data retention, VPN logging and Internet Surveillance in Canada

It is often stated that Canada has no mandatory data retention laws, but this is increasingly untrue in the fast shifting landscape Canada’s internet surveillance legislation.  Although the wide ranging attack on civil liberties that was Bill C-30 (the Protecting Children from Internet Predators Act) has been dropped in the face of almost universal condemnation from Canada’s own citizens, Bill C-11 forces ISPs to keep logs, which must be handed over to copyright enforcers on demand. In addition to this, a number of upcoming agreements and acts promise further expansion of the authorities’ powers of surveillance, and erosion of citizens’ right to privacy.

Bill C-11 – The Copyright Modernization Act

Following seven years and three failed attempts to amend Canada’s Copyright Act, most of the provisions in this new amendment came into force in November last year (2012). Providing the most sweeping changes to Canadian copyright law since the original Act came of 1921, and aimed squarely at extending copyholders rights in the digital age, Bill C-11 requires ISPs (and search engines) to set up a ‘notice and notice regime’ whereby they must retain logs of users activities’ and identities so that if a copyright holder notifies them of an infringement, they can identify the offender, and issue them with a ‘cease or desist’ order.

As Canadian based VPN providers still offer ‘no logs’ services, we presume this provision of Bill C-11 does not apply to them, although we are unable to confirm this.

In addition to this, new tools have been provided to allow copyright holders to sue services whose purpose is deemed to be primarily for copyright infringement. This includes P2P services, websites, ISPs and web hosts. Although we are not aware of any case to date, we can easily see VPN providers falling foul of this provision.

On the plus side, Bill C-11 does extend and clarify what constitutes ‘fair use’ of copyrighted material, and reduces the statuary damages liable by consumers of copyrighted material used for non-commercial  purposes (to between C$100 and C$5000).

Canadian ISP issues a warning

Following Bill C-11 coming into force, popular Canadian ISP TekSavvy issued a warning to its customers in December 2012 that Voltage Pictures (in partnership with anti-piracy enforcement firm Canipre) was preparing to go to court to force TekSavvy to hand over the identities of over 2000 of its customers associated with pirating their titles.

Demanding ‘aggravated, exemplary and punitive damages in the amount of [C]$10,000.00’ (despite the new C-11 framework limiting damages for non-commercial copyright  infringement to C$5000), the involvement of Canipre has been cited as proof that the action is motivated entirely by a desire for quick profits, and is a case of ‘speculative invoicing’ (also known as copyright trolling).

Following this case, NGA Prima Production attempted a similar action against Canada’s largest ISP, Distributel, threating its subscribers with damages of up to C$20,000 if they do not agree to pay C$15000 settlement fees.

At present (May 2013), the TekSavvy case awaits an evidential hearing date, while the Distributel case is on hold for the TekSavvy one.

Bill C-56 and CETA – ‘ACTA through the back door’

Thanks largely to pressure from the US (the Electronic Frontier Foundation described its response as ‘Canada did not miss a beat to satisfy this demand’), the center-right Conservative government has introduced Bill C-56, designed to bring Canada in-line with the provisions of the much-maligned ACTA.

In addition to this, negotiations are under way to implement the Comprehensive Economic and Trade Agreement (CETA). This free trade and copyright agreement between Canada and the EU contains many copyright provisions that are identical to those in ACTA.

ACTA (the Anti-Counterfeiting Trade Agreement) is a wildly unpopular international legal framework aimed at, among other things, preventing copyright infringement. Following wide-scale protests in Europe over the ACTA’s broad attack on fundamental rights of freedom of expression and privacy (and endangerment to developing county’s access to medicines), the European Parliament rejected it in July 2012.

ACTA expands the criminalizing of many aspects of copyright infringement, and makes service providers liable for copyright infringement (which could lead to filtering of content and cutting of customers without judicial process).

Particularly chilling for VPN providers are CETA’s poorly (read broadly) defined provisions for banning technologies that can be used to circumvent copyright.

Bill C-12 – The Safeguarding Canadians’ Personal Information Act

Bill C-12, an amendment to the Personal Information Protection and Electronic Documents Act (PIPEDA), is another proposed piece of legislation causing concern amongst internet privacy activists. It aims to introduce warrantless surveillance by police, effectively gaging ISP from informing their customers that their personal details have been shared for  ‘policing services’, while at the same time expanding the number of reasons ISPs can voluntarily hand over customers details without fear of legal consequence.

In addition to this, it waters down police requirements to provide ‘lawful authority’ to request these details, with wording wide enough that ‘simply flashing a police badge might be enough to meet the demands of the law’.

Bill C-30 – Protecting Children from Internet Predators Act (killed)

With children and internet predators not mentioned once except for in the title, this act aimed to sell the idea of giving Canadian authorities wide-ranging powers to monitor and track the online activities of its citizens to a skeptical public.

ISPs would be required to keep logs on their customers, which must be handed over on request, and even more dangerously (if that is possible), mandatory backdoor entrances would be built so that authorities could simply go in and access any internet user’s personal details and online history with no judicial oversight or need for a warrant of any kind. Furthermore, it became known (through documents obtained under the Access to Information Act ) that the government wanted to use these expanded powers in cases unrelated to criminal activity.

Unsurprisingly, this proposed piece of legislation shocked civil liberties campaigners and met with mass resistance from the Canadian public. In January this year (2013) the ruling Conservative Party dropped it, but as controversial Bill C-12 (which is still before parliament) demonstrates, the fight against blanket government internet surveillance in Canada is far from over.

Conclusion

Despite mass opposition to Bill C-30, it is clear the Canadian government is determined to introduce ubiquitous mass surveillance, and to make ISPs and the like become the enforcers of copyright infringement law. As it is, statistics indicate that providers hand over data to the Canadian police in response to 94% of requests.

Canadian VPN company’s appear to still be able to offer ‘no logs’ services, but how long this can continue in the face of upcoming legislation is anybody’s guess, but does not look good. As is becoming increasingly common worldwide, Canadian internet users who value their privacy are likely to turn ever more to VPN services, but should consider using overseas ones as Canadian VPNs become more ever more vulnerable, and likely to become subject to mandatory data retention legislation in the near future.


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


Leave a Reply

Your email address will not be published. Required fields are marked *