Canada’s Bill C-13 would introduce warrentless searches and allow for the remote hacking of electronic devices by police
by The Daily Lede
New cyberbullying legislation introduced by the Canadian government is set to let police gain access to computers and remotely track cellphone users’ movements and activities, privacy experts fear.
Bill C-13 Protecting Canadians from Online Crime Act, known as the cyberbullying bill, is currently being studied by a parliamentary committee.
In fact, the term ‘cyberbullying’ may be a bit misleading: there are no mentions of ‘cyber’ or ‘bully’ in the document, despite the fact that the bill originated following several children committing suicide as a result of online bullying.
Despite the bill introducing responsibility for sending nude photos, for instance, what the law mainly does is greatly expand police authority, giving officers powers to remotely hack into computers, mobile devices or cars in order to track location or record metadata, director of the Canadian Civil Liberties Association Cara Zwibel told Members of Parliament. She added that those changes were “inappropriate.”
Currently, if police want a suspect’s information, they need to either get a warrant for their cellphone or laptop, or they need to go to the users’ internet or cellphone provider. If they want to track a suspect, they need to get a warrant and attach a GPS device to the suspect’s car or person.
New Canadian privacy watchdog Daniel Therrien said the new bill would lower the threshold for police to get a warrant to obtain data about Canadians’ phone calls and internet usage – and also expand the situations where security forces can obtain users’ information without ever going before a judge.
All in all, in the view of Therrien, the bill would give law enforcement officials the power to access sensitive information solely based on “suspicion”, and grant investigative powers with “a broad range of authorities” which will be “poorly understood.” The officers trying to get the data can be anyone from tax agents to sheriffs, justices of the peace, CSIS agents, and even mayors, experts say.
Currently, police require a warrant for any single activity: to get information from a suspect’s cellphone or laptop, or an internet or cellphone provider. If they want to track a suspect, they need a warrant to attach a GPS device to the suspect’s car or person.
The bill introduces the definition ‘computer program’ to do either of those things.
“’Computer program’ means computer data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function,” the bill states.
This kind of concept allows many schemes to be staged by the authorities, as Christopher Parsons, postdoctoral fellow at the Citizen Lab in the Munk School of Global Affairs told National Post.
“There’s a series of different tactics that they could adopt. They could engage in phishing schemes – deliberately serving infected files to computers – or it could involve sending URLs to people’s emails and when they click it, it infects their computers,” he said.
Parsons said that security forces could also start installing malicious apps that function as listening devices onto Canadians’ smartphones.
C-13 could get basic data from Canadians’ Skype conversations, as well as a vast field of other digital information. “That’s the way that it reads,” Parsons stated.
Police could even hack into a car’s OnStar program to keep tracking of location, and call logs.
Parsons called the whole situation the dawn of “Govware”, which will risk “introducing significant, and poorly understood, new powers to the Canadian authorities.”
Canada wouldn’t be the first state to use those schemes.
German government has been using the Bundestrojaner – a trojan virus that lets police eavesdrop on Skype conversations.
The US National Security Agency also infected millions of devices with bugs to monitor users’ data.