- the Canadian Security Intelligence Service under the Canadian Security Intelligence Service Act
- a police service, including any related to the enforcement of any laws of Canada, of a province or of a foreign jurisdiction
- the Commissioner of Competition under the Competition Act
But what I want to concentrate on in this space is C-30's impact on you and I, the Customers of the ISPs and users of the Internet. When you hear the Media use terms like intercept, deep-packet inspection, and Internet tracking, what does this really mean?
Fundamentally, this is all an exercise in Internet eavesdropping. It's seeing a transcript of every website you visit, every Facebook post you make, every chat session you might have, every email you send or receive - everything you do on the Internet. This is scary stuff if you have an expectation of privacy.
Before we go any further, we need to balance off the scary stuff with some good intentions. The goal for C-30 is to provide better tools for law enforcement to do investigations in the Internet Age. On that point, I support the idea of C-30. In some ways, C-30 tries to formalize some practises that, today, are accomplished on a more voluntary basis between ISPs, the police, and the courts. That various Canadian police associations support C-30 is no surprise, because it will help them do their jobs more effectively. But C-30, in its current form, is a bit of a disaster (in my opinion) in that it solidly trumps the right to privacy and due process with the state's right to know. And while the police might appreciate C-30 as a tool, democracy is a messy business, unfortunately. I'm sure they would also find it useful to have a key to everyone's home as an investigative tool, but that ain't gonna happen, either.
Bill C-30 does provide a lovely opportunity to consider the larger topic of privacy on the Internet - whether it's the police or the bad guys who might be listening. So the real question remains: How can we preserve our expectation of electronic privacy when the barbarians seem to be climbing the gates?
Outside of any legal rights, the basic technical answers are obfuscation and encryption. Those, in themselves, are a big, geeky topics full of really hard math that require very smart people to figure out all the details. But all you need to consider is the best means to protect your Internet privacy is to hide what you're doing in a way that it cannot be discovered (or intercepted) by the wrong prople. And the fundamental way to hide what you're doing is through encrypting what you're doing and hiding your identity.
The good news: There are a myriad of technqiues and software products (many are free!) that will provide you with all the capabilities you need. The bad news: The more airtight you want your privacy, the more geek-savvy you'll need. But let's throw caution to the wind and see what shadows we can throw over our online activities.
Email is one tool that has many options for ensuring the bad guys will never gain access to the recipes you share with your sibling or the hundreds of Justin Bieber fan letters you write. Those options include:
- Use plugin serrvices for your email client software to encrypt your email with technology based on PGP (Pretty Good Privacy).The downside here is that your email recipients need to play this game, too.
- Use a disposable email service such as Malinator or Hushmail. These service use various techniques for keeping your email encrypted and seemingly anonymous.
- Make sure your Facebook access is always SSL-encrypted.
- Ditto if you hang out on Twitter.
- If you use any of the popular free email services like Gmail, Hotmail, or Yahoo, they use SSL by default.
- More and more websites are giving you the option to access their services using your social media identity. Yahoo mail, for example, will let you access their service using your Facebook or Google (Gmail) account information. While this may be convenient, you are also extending your identity across different websites and different sets of 'free' services - and this means your online activity is just a little more trackable!
If you're uncomfortable with the idea that your ISP (or someone else) can possibly know the websites you visit, then you can consider using TOR to give you total anonymity for all of your web browsing habits. The TOR website delves into the details, the basic premise of this (free) service is to leverage a sort of Internet-with-an-Internet. Referred to as onion routing by the lonelier geeks among us, TOR is a series of encrypted 'tunnels' that traverse the public Internet and make it impossible for anyone to follow your web browsing activities. Rather than directly accessing www.twitter.com, for example, TOR would send your website request through these tunnels to strip away your true IP address and website destination. In the end, you get to go to Twitter and no one can follow you there.
Finally, let's talk about non-technical means to protect your Internet privacy. While there are lots of technical tools available to keep on the down-low, the complete solution needs to include education and legislation. To keep informed and get involved in the privacy debate, here a few resources to consider:
OpenMedia is a grassroots organization dedicated to an open and affordable Internet as well as good digital policy for Canadians.
Electronic Frontier Foundation (EFF) is a sort of international flavour of OpenMedia, but with a wider mandate that adds free speech and consumer rights to the digital discussion.
And while I've mentioned him already, check out Michael Geist's blog. He is a law professor at the University of Ottawa and, arguably, Canada's premier analyst and commentator on issues in the digital realm.