I wonder what the broader implications are of this bill. Is the bill broad enough that if I detect an IP address connect to my business SSH server does that afford me the privilege to obtain the customer information from the IP address?
Think about that for a moment, as a business owner I can now send a request to any ISP that owns an IP address that connected to my website. Why do I need your customer information, why because I did not authorize the IP access to /index.html, and the IP address showed repeated attempts connecting and using my computer resources (of course to the ISP I make it sound a little more sinister, like embed an image tag to a resource like /employee-portal/login so that I can tell the ISP the unauthorized access was to the employee portal, and of course that image tag will result in generating requests in my server logs to show the repeated requests from the IP trying to fetch that resource. Poof now I have the name and phone number for everyone that has been to my business website and is potentially interested in what I'm selling.. Of course, I won't tell the individual how I got their phone number. I wouldn't practice this, but for a morally corrupt business it sounds viable.
If the above is possible by the bill, and from the articles that I've read it is, then this bill strikes me as particularly stupid legislation bought for by moneyed interests. I can only hope that our government isn't so corrupted by those moneyed interests that this thing passes.
"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
So, yes, if you can convince an ISP that the information is for an investigation (not necessarily a police investigation, a private eye or corporate audit would suffice) then yes the ISP can give out your private information.
I especially like this nugget:
"reasonable grounds to believe that the information relates to a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed"
So, personal information can be disclosed even if I am about to commit a crime in another country, e.g. I surf a beauty pageant website and view the enter pageant page that is hosted in Nigeria (beauty contests are illegal under Sharia law).
As far as I can tell this only permits the disclosure, it doesn't compel it. Time to switch to an ISP that has a backbone.
What's especially concerning to me is that there's no recourse. Given the shotgun approach typically taken by copyright trolls, this is likely to expose more than just copyright offenders.
Not to mention chilling effects on free speech. Who would dare to criticize an organization when they can get your personal information from your ISP.
Difficult to find an ISP with a backbone that actually can follow through. I'd be interested to know if anyone in Canada has had an ISP successfully stand up to procecution.
TekSavvy is a fantastic company, but their business model is completely dependent on the big telcos who control the last mile. The UBB crisis a few years ago was a very close call, and it is bound to happen again in one form or another.
So if TekSavvy et al. try to resist the information leaking that the proposed legislation permits, I wouldn't be surprised if the MAFIAA took extralegal measures to force their hands. For example, Bell & Rogers might be persuaded to change the terms of their contract with indie ISPs the next time the contract comes up for renewal, unless the indies agree to some sort of "standard Canadian telco privacy policy" drawn up by the big telcos.
So Canadians might end up with a difficult choice: you can have privacy, or you can have 300GB traffic caps, but you can't have both.
> sivulving
I don't believe autocorrect is capable of producing words like that...
This bill does not serve the interests of Canadians. It serves the interest of foreign corporations.
Spying on citizens' internet connections and jailing them for sharing media does not benefit society. I understand why media companies are upset but draconian laws will not solve their problem. We have a choice between widespread media sharing and technological innovation, or widespread media sharing and people in jail for nonviolent crimes. Eliminating piracy is not possible. You can't put the genie back in the bottle.
Some stats about the Canadian legislature, because I'm a nerd:
Since January 17th, 1994 (35th Parliament, 1st Session) when the government started digitizing its records, there have been 4197 bills put before Parliament. Of those, 395 (9.4%) have come from the Senate, like this bill, and 3764 (89.7%) have come from the House of Commons. Eventually, 437 (10.4%) received royal assent (i.e, are now law) and the rest were either defeated, dropped on the floor, or are still being debated. However, this is being dragged down by private member's bills, of which there have been 3165 and only 40 (1.3%) have received royal assent.
Government bills, on the other hand, have much better track records. Of the 83 Senate government bills introduced in that time period, eventually 46 (55.4%) have received royal assent. This is similar to the House government bills, of which 325 out of 599 (54.3%) have received royal assent.
Realistically, going back to '94 includes a lot of minority governments. With a solid majority, the Cons have a free hand for legislation. This will become law.
Slightly aside, but I am glad to see my monthly donation to https://openmedia.ca (like a Canadian EFF) seems to be paying off as they are getting their name and their point into big Canadian media :)
Something not noted is that a number of vpn and seedbox services are hosted in Canada and run by Canadian companies. Americans use them as low-latency workarounds for similar US-located laws. I have never considered Canada to be a safe haven for such activity, I wonder if this crackdown effort will take a toll on those services.
I think the only thing that will ultimately save us from this is to strengthen our contracts with our ISPs.
Anyone want to make some mass commitment to get Bell to add a clause prohibiting their participation in this? (whether or not this particular bill goes through) Perhaps we could all threaten to switch ISPs, or reduce our grade of service to one which gives them lower margins.
Canadians can sell us Americans their cheap prescription drugs, and we can sell them VPN services to, uh, negotiate the complexities of their new downloading legislation.
Think about that for a moment, as a business owner I can now send a request to any ISP that owns an IP address that connected to my website. Why do I need your customer information, why because I did not authorize the IP access to /index.html, and the IP address showed repeated attempts connecting and using my computer resources (of course to the ISP I make it sound a little more sinister, like embed an image tag to a resource like /employee-portal/login so that I can tell the ISP the unauthorized access was to the employee portal, and of course that image tag will result in generating requests in my server logs to show the repeated requests from the IP trying to fetch that resource. Poof now I have the name and phone number for everyone that has been to my business website and is potentially interested in what I'm selling.. Of course, I won't tell the individual how I got their phone number. I wouldn't practice this, but for a morally corrupt business it sounds viable.
If the above is possible by the bill, and from the articles that I've read it is, then this bill strikes me as particularly stupid legislation bought for by moneyed interests. I can only hope that our government isn't so corrupted by those moneyed interests that this thing passes.