Hacker News new | past | comments | ask | show | jobs | submit login
Canada’s federal court rules intelligence service bulk data collection illegal (theglobeandmail.com)
387 points by based2 on Nov 6, 2016 | hide | past | favorite | 53 comments



"But there is no apparent fallout from this for CSIS yet. While the spy agency says it will stop analyzing the contentious data, there are no indications that it will destroy the data."

It's not really illegal if there's no enforcement, is there?


Organizations select for those who create more power. Those in control in any organization got there by maximizing their power relative to any other competitors.

Frustrating a few concerned citizens is worth it. You can't expect an organization to do what is morally just if it doesn't align with it's interests.

1. https://news.ycombinator.com/item?id=12880180


Ignorance of the law is no excuse.

... for me. Not for them, apparently.

If the people enforcing the law aren't required to know or follow it, why am I required to?


They're not claiming to be ignorant of the law. They're claiming they made every effort to obey the law; they thought they were obeying the law. It turns out they were wrong.

Many crimes require both actus reus (guilty act) and mens rea (guilty mind).


So if I take a law, and secretly reinterpet it beyond reason, then do my best to prevent anyone from finding out my reinterpretation... then it's all good, no criminal charges for me


As long as you can convince the prosecutor or jury you're not guilty, you can shoot someone on the street in plain sight with video evidence and get off free or without charges.

It's up to the prosecutor whether he'll be persuaded by your elaborate scheme. I'm sure he's heard worse.


> As long as you can convince the prosecutor or jury you're not guilty, you can shoot someone on the street in plain sight with video evidence and get off free or without charges.

For those who don't know, this is called jury nullification.


For the jury it is. For the prosecutor it's called prosecutorial discretion.

Being formally acquitted means you can't be charged later; this is not true of just not being prosecuted in the first place.


First, does the CSIS even provide for criminal charges? Second, what is a "beyond reason" interpretation of "strictly necessary?"

Note that in the U.S. at least there is a "rule of lenity"--requiring ambiguous criminal statutes to be interpreted in favor of defendants. I assume there is something similar in Canadian law.


Try telling that to a cop.

"I honestly thought that the speed limit was 55. I didn't see any signs saying it was 35."

The cop's answer? "Too bad. Ignorance of the law is no excuse".


That surely is a question to determine on a case by case basis. Of which there must be billions.

Instead, the CSIS is being treated as some sort of legal black hole. Where is the police raid?


[flagged]


As long as it has a touchbar, sounds good!


Considering how hard it is to explain how Google Analytics works to the standard business owner, I imagine it wouldn't be hard to obscure all manners of data collection programs from oversight.

In times like this, the importance of civics education is highlighted. The very idea that people in law enforcement think it's acceptable to treat judges and the legal system with such contempt is scary. Even if you disagree with a certain law or system, you still need to respect it as a public servant.


There's precedent in pushing the envelope in law enforcement since Sir Robert Peel (if you read up on it). It's not surprising an analogous methodology has been promulgated. Hopefully a more appropriate solution is worked out.


You'd have to be a fool to trust lawmakers or law enforcement with your data and privacy by this point.

They will always find some loophole in the language. Illegal to collect but not illegal to access what has been collected by allies (aka the Five Eyes).

Just encrypt everything, use VPNs and whatever you push in plain/text may as well be public.

Trust open technologies you understand, not politicians.


Trust open technologies you understand, not politicians.

How many people really understand these technologies? For anyone who lacks either the time or the know-how to audit the source code: what do you suggest? If it's not "find the time and educate yourself" then does your statement not revert to:

"Trust these technology experts instead of these politicians."?

To which I'd respond: Why? Why is a technology expert more trustworthy than a politician?


Here are your choices:

* educate yourself and grow your self reliance to understand & use these technologies and look for your interests

* delegate the work to experts, trust authorities and hope they have your best interest

* isolate yourself from technology and pay the economic/social price.

Your Freedom takes work. You can't delegate it. There will always be a conflict between individual freedom and social safety.


To which I'd respond: Why? Why is a technology expert more trustworthy than a politician?

Because you can challenge them to defend their position, and evaluate their answers objectively.

Try that at a political rally, or even at an organized debate.


Well, a technology expert is - in aggregate - more trustworthy than a politician because their incentives align with yours.

This isn't to say that every technology expert can be trusted. The hope is that many eyes looking at the problem helps move the needle.

Politics might as well be the science of deception. My pithy opinion is that nearly everyone is more trustworthy than a politician.


Technology experts will be more often working against your interests than politicians, because politicians will usually have some public interest motive and voter accountability, technology experts often work for "ad tech" and spooks.


I'm not sure why this was downvoted, but it's right on. Government didn't give us Facebook's or Google's pervasive data collection Facebook/Google's "technology experts" did.


Well, a technology expert is - in aggregate - more trustworthy than a politician because their incentives align with yours.

This is ... myopic. Do you think ransomeware is written by politicians?

All malicious software is written by technology experts.

Is not that I trust politicians, far from it: we know they're all lying crooked thieves.

But you think "technology experts are more trustworthy."


If you think ransomware affects the aggregate that much, i'd call that hyperopic.


A technology expert is - in aggregate - working for a company that derives its revenue from user data in some way.


> To which I'd respond: Why? Why is a technology expert more trustworthy than a politician?

Is that a rhetorical question?


What is this supposed to mean?

The term "technology expert" also encompasses all the Black Hats Hackers and criminals - both opportunistic criminals and organised crime. The people who write ransomware are technology experts.


> The people who write ransomware are technology experts.

protip: the white hat and black hat programmers are the same people.


I'm not sure what you mean why this. I'm just a dumb metal-fabricator and machine operator, so you'll have to excuse me if I don't understand the nuances of programming lingo.


Okay, the "criminal hackers writing harmful software" are the same people making a living writing benign software.


You haven't really written anything different here.

I was hoping you'd elaborate further on what you mean by this, rather than restating the same thing in only-slightly-different words.

I'll have a stab at it. Are you implying that the people who wrote the software for the internet banking website and phone app I use are the same ones who wrote CryptoLocker?

Surely there's some sort of gradient though, right? Like is Facebook malicious software (I tend to think so and I don't use it) or is it benign?


Okay

> Are you implying that the people who wrote the software for the internet banking website and phone app I use are the same ones who wrote CryptoLocker?

Essentially I am saying that.


On top of encrypting everything/using VPNs, you'd have to be a fool to trust your data to a Five Eyes country in $current_year. Put that encrypted data/email on a server in Iceland or Seychelles, completely out of reach of the panopticon.

You'd be almost as large a fool incorporating in a Five Eyes country for the same reasons. Bermuda and Nevis are beautiful countries for more than just the scenery.

Take your assets, and even your liabilities out of the country who doesn't respect your privacy. This is how you truly vote with your wallet in the 21st century.


And I'm supposed to believe Iceland, Seychelles, Bermuda, and Nevis aren't crawling with secret agents, double-agents, tripple-agents, octuple-agents, moles, and honeypot operators.

Come now, I've watched my fair share of Hollywood spy movies.


let's just say that the choices I have made in those regards have provably kept me out of a jail cell.


I'd extend it to: you'd be a fool to trust anyone with your data and privacy. At least law enforcement is working under the premise of the good of society (albeit, implemented poorly), compared to Google and Facebook which is working to monetize you.


What difference does it make under your argument whether they are trying to monetize the data or not? As long as they have your data, it's at risk. It's the same for Apple and Microsoft as it is for Google and Facebook. That Tim Cook pretends not to understand it doesn't mean we have to buy his misguided marketing speak.


I did say not to trust anyone. But there is a certain point where you are going to need to trust a service provider and intent and actions matter a lot at that point.


They are working to monetize you by (ideally) showing you ads for things you actually want to buy. Connecting willing buyers and sellers is generally considered good in a capitalist society.

Of course we're all familiar with the ways consumers can gamed and all the ways adtech makes the Internet suck, but the argument about good intentions works at least as well as it does for law enforcement.

(Maybe better because it's not about coercion.)


> They are working to monetize you by (ideally) showing you ads for things you actually want to buy. Connecting willing buyers and sellers is generally considered good in a capitalist society.

Advertising doesn't just "connect buyers and sellers" but can also generate demand for products that are worthless otherwise. The diamond industry is the obvious example. You might say that this stimulates the economy but I would argue it's an example of the broken window fallacy.


Yes, good point. Google and Facebook aren't going to throw me in jail.


But they could cause your car insurance rates to go up (just not this time) http://arstechnica.com/tech-policy/2016/11/facebook-scuppers...


For any non-Canadians reading this, understand that Canadians have a very different relationship with CSIS than say Americans do with the NSA or Brits with GCHQ. We have not seen the bulk use of this data for purposes of general law enforcement. It isn't being used to nab drug dealers or child pornographers. CSIS is rather oldschool in it's approach: intel assets are for intel purposes, not law enforcement. At least that is what we have seen so far. The trust has yet to be broken as it has elsewhere.


Except they are on the same campus as CSEC and this happened (among other things): http://www.cbc.ca/news2/pdf/airports_redacted.pdf

I'm pretty sure that CSEC dragnet-snooping on airports, including all Canadians, doesn't magically disappear from CSIS storage.

Either way, the government is spying on its own citizens and trust is broken.


Nobody thinks they aren't doing the spying. Canadians just trust that the spying is limited to the expected terrorism/cold war espionage/boarder security stuff, that they aren't letting the RCMP trawl the data to discover who is talking to whom. As recent news tells us, the RCMP have to resort to their own means for that.


We have not seen the bulk use of this data for purposes of general law enforcement. It isn't being used to nab drug dealers or child pornographers.

Yeah, they told us the same thing.

Do some reading on a concept known as "parallel construction."


So this seems to be more about the retention of data than it is about the collection. Where the retention of all data is not as important as a select few that pertain to national security. I'd love to play devils advocate here and claim that the agency requires all the information or court oversight of a spy agency is ludicrous. But I dont think any one branch should be judge jury and executionor. I wonder how much of this is symbolic? I know here in the US we are lucky to even hear about a segment of what happens. But I can certainly argue that many questionable deeds are done in the interest of the american citizens


> I'd love to play devils advocate here and claim that ... court oversight of a spy agency is ludicrous.

We could add rubber-stamp oversight:

https://www.eff.org/deeplinks/2014/08/what-you-need-know-abo...

That court approves essentially all requests.

Secret courts, secret laws, warrant-less searches. There's one set of rules for the people in charge, and another set of rules for the people being charged.


The thing nobody really talks about is that the agency in question is a "domestic" security intelligence agency. It has no foreign intelligence mandate (unless that's changed recently.)

Reporters call it "Canada's CIA," but it is mandated by the government in canada to spy only within the country. They are not a police force and cannot arrest their targets. Canada has a bunch of police intelligence agencies. It is hard to see what democratic function a domestic spy agency plays. Maybe there are good arguments for them.


Interesting timing for this post, given the lecture Snowden gave at McGill earlier this week.

https://youtu.be/4x8ZI0IaInE


Yeah it was a great talk! Thousands of students waited for hours on the McGill campus to attend Snowden's talk -it's an important issue that a lot of people care about.


The only questions I have are: why is it taking so long for the legal system to catch up to where we were 15 years ago and how will we ever keep Constitutional protections ahead of accelerating technology?


People make these technologies for the government, and many private firms do much of the work as contractors or by selling products as had been documented in many Snowden leaks. In addition i doubt any of the employees who do this are conscript. Simple venality and maybe a dash of patriotism suffices for us to always lose this game.

Nobody has managed to roll back the arms merchants' profits and influence, hell some of our governments (US, Canada) are the biggest arms dealers around. I see no reason why we'd be able to hold back this monster (profiteering and control through complex and often secret surveillance) when we can't hold back profiteering and control through mind numbingly obvious stuff like bombers and guns. Hell Trudeau talks a game about lgbt people and human rights and turns around and sells arms to the KSA to help bomb Yemen into hell.

The military industrial complex won, don't see why the surveillance industrial complex won't either.


Govt will always find a work around in the pretext of patriotism :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: