Tuesday, 14 February 2012

Lawful Access: C-51 "Everyone is guilty" "or is guilty"...

OK, I am going to skim through this one for all the most extraordinarily bad bits because I am sick of reading legalese...
342.1 (1) Every one who, fraudulently and without colour of right,
is to be replaced by:
342.1 (1) Everyone is guilty of an indictable offence and liable to imprisonment for a term of not more than 10 years, or is guilty of an offence punishable on summary conviction who, fraud- ulently and without colour of right,
The language seems too convoluted... Everyone is................who. Words are free, if we are extending 8 words into 33 words, a few more reiterating that not "everyone is guilty", "or is guilty" doesn't seem like much to ask. I know I am not a lawyer, but this just looks like it is designed to strike fear into the hearts of everyone who reads English... The French version is no better, so include French literates too...  And why is there a hyphen in fraudulently? The original text does not place that word over multiple lines, it is almost right in the middle of a single line...

(c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or under section 430 in relation to computer data or a computer system; or
They have gone to great lengths to stipulate 'computer data' in a number of places, this is seemingly redundant as the word data generally appears in close proximity to computer system. I presume this is for clarity as data is a much more ambiguous term that can exist solely on paper independent and at odds with any data stored in a computer system.
(2) Section 342.2 of the Act is amended by adding the following after subsection (3):

Definition of “device”

(4) In this section, “device” includes
(a) a component of a device; and
(b) a computer program within the meaning of subsection 342.1(2).
“computer password” means any data by which a computer service or computer system is capable of being obtained or used;
“computer program” means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function;
“computer service” includes data processing and the storage or retrieval of data;
“computer system” means a device that, or a group of interconnected or related devices one or more of which,
(a) contains computer programs or other data, and
(b) pursuant to computer programs,
(i) performs logic and control, and
(ii) may perform any other function;
Device can now include 'a component' or 'a program'. There's a section re-writing fraud which renames 'any person' to 'anyone' and 'data' to 'computer data'. But I am not seeing anything horrendously wrong or different.

Wait I think this is it.
487.0195 (1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.(2) A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so.
So where is the prohibition inclusions/exclusions list? What can be voluntarily given to police? Who will be overseeing this to ensure it is not abused, and since we have granted immunity to the person who provides this data, is there no punishment for overstepping the bounds of what could be provided legally without a demand or order?

This also makes no implication that there is a time frame or elapsed time between 'voluntarily preserving data' and 'volunteering said data to police'. Faulty of such implication thus implies voluntary data would have been readily available to be volunteered at a whim and without production orders...Again, without stipulating what data is applicable to this subsection, we have no scope of how much data could be involved...

In this age of "streaming video of lolcats" actual usage data could be huge when left with the presumption that it is every data packet in or out of an account for 90 days... A standard 'high speed package' allows 50 GB transfer per month (and does not cut you off if you go over)... That is equivalent of:
  • 74 CDs
  • or 11 DVDs
  • or 2 BluRay DVDs worth of data per month
If everybody used exactly the maximum, 21 users breaks 1 terabyte in a month. It's one thing to have the bandwidth, and a completely different thing to have the storage capacity... One is a wire, or group of wires, the other is a truckload of hard drives.

Will I as a network administrator be required to implement something for this in the corporate network? It does, in essence, provide people with internet and email communications in the same way as an ISP does. The FAQ I read yesterday implies the Competition Bureau uses 'lawful access'... Would they not have an interest in a corporate network as well?

Given the very recent hype the IT community is placing on 'Big Data' and that it is somehow different than previous 'big data' aka datawarehousing, maybe this is the Big Data that's being hyped...

Back to this bill, I am seeing much ado about sending a 'message in false name and sending false information' This section no longer reads as the proposal used to:
the old proposed text was:
Clause 11: The existing provisions of the Code regarding the offences of sending a message in a false name and sending false information, indecent remarks or “harassing” messages (the French term “harassants” currently used in subsection 372(3) of the Code is replaced by “harcelants” in the bill) refer to certain communication technologies used to commit those offences, such as telegram, radio and telephone. Clause 11 of the bill amends those offences by removing the references to those specific communication technologies and, for some of those offences, substituting a reference to any means of telecommunication. As a result, it will be possible to lay charges in respect of those offences regardless of the transmission method or technology used.
which makes 'sending a message in false name a crime on it's own. the revision for 'false name' is now:
371. Everyone who, with intent to defraud, causes a message to be sent as if it were sent under the authority of another person, knowing that it is not sent under that authority and with intent that it should be acted on as if it were, is guilty of an indictable offence and liable to imprisonment for a term of not more than five years.
Making it criminal to misrepresent yourself claiming to represent someone you don't in effort to gain trust of the victim you are about to defraud... All of the nasty Clause 11 is now 371. 372.(1)(2)(3)(4)... with (4) listing punitive term 371-false name 372(1) - (knowingly) transmit false information intended to harm. (2) annoy with indecency (see below) (3) harass without lawful excuse (4) punishment due...

There is 372
(2) Everyone commits an offence who, with intent to alarm or annoy a person, makes an indecent communication to that person or to any other person by a means of telecommunication.
which lacks clarity on 'indecent', but I do see 'intent' meaning if I am not being an offensive jerk deliberately with the sole purpose being an offensive jerk, then I should still be OK. And I am not really 'sending' this message to anybody in particular so if you are offended, click the back button in your browser... And you did get here via your own action anyway... Maybe I am reading it wrong, or maybe everybody else is missing "intent", either way I would presume intent in many instances is very difficult to prove since we are usually the only witness living in one's own head... Those you you whom may be multiple witnesses should seek professional help.

Also just to reiterate, 'indecent' regardless of lack of clarity, is already there... other points in "Clause 11" modify the language to encompass multiple communications mediums.

I see a legal modification proposal that listened to to citizen complaints this far, because, in realtiy I have now read every iteration of all of it's predecessors... this doesn't reek of conspiracy in my minds eye, but maybe I haven't read it enough yet...


No comments:

Post a Comment