Byron Holland is President and Chief Executive Officer of the Canadian Internet Registration Authority (CIRA). View bio
The debate surrounding the federal government’s recently introduced “The Protecting Children from Internet Predators Act”, or Bill C-30, has raised emotions on all sides. The need to protect children from exploitation has been pitted against the the individual’s right to privacy, so there’s no surprise that sparks are flying. But let’s take a rational look at the legislation and what it could mean for Canadians.
I’ve talked about the fact that trust underlies the success of the Internet. The reality is that the Internet is a series of transactions among people, whether through personal communication or technological/ informational communication at the domain name system (DNS). Legislation like C-30 erodes this trust by allowing an unknown, unauthorized party access to what was previously considered private communications. Ironically, this is the very thing that we in the Internet industry are trying to protect by implementing DNSSEC.
The Internet has become omnipresent in our lives. Between our search history, online activity and GPS enabled smart phones, we leave our digital footprints everywhere. And if given the power to do so, the government can easily put together a very detailed profile of any individual, all without a warrant. In my opinion, without the oversight of the courts in gaining this information, the potential for mistakes, or even abuse, is too great. We don’t have to look very far to find instances where law enforcement overstepped its bounds to catch the ‘bad guy’ and got it wrong. We now know that Mahar Arar was tortured in a Syrian prison based on misinformation provided by Canadian law enforcement authorities.
Not to be alarmist, but we don’t have a great history of state surveillance. It’s within the lifetime of most of us that informants or the ‘Stasi’ in Eastern Germany, and its equivalent in Poland, the former Yugoslavia, and other Eastern Bloc nations had neighbours spy on neighbours and report back to the state. Having the technology to now do the surveillance for us – thereby removing the human element – doesn’t make it anymore acceptable to a democratic society. It is ultimately the same paradigm of an informant-based means of controlling society. As Benjamin Franklin wrote nearly 300 years ago, “They who would give up an essential liberty for temporary security deserve neither liberty nor security.” Just because we can surveil citizens en masse doesn’t mean we should. In fact, given that technology can now easily and cheaply monitor just about everything you do and everywhere you go, I would argue that government needs to be even more vigilant in protecting its citizens’ right to privacy. The current government is correct that we need to modernize the legislation around this issue, let’s just make sure we modernize the right things.
Governments also don’t have a stellar track record of protecting data on its citizens when it’s collected, either. From health information to detailed information on taxpayers, data breaches within government departments happen all too often to make me comfortable with the government having a database of Canadians’ browsing history.
Ontario’s Privacy Commissioner, Ann Cavoukian, called Minister Toew’s assertion that the Bill would ensure law enforcement have the tools they need to fight crime in the 21st century “nonsense.” In fact, all of Canada’s privacy commissioners have come out against C-30.
Yes, we need to stop malicious activity on the Internet. There is no question about that. But legislation like C-30 casts a net over the entire population based on the actions of an incredibly small number of people. This is akin to dropping a nuke to kill a cockroach – the same analogy I used a few weeks ago to describe SOPA. Effective? Maybe, but at what cost? Too high, in my opinion. Anything that erodes the trust that has enabled the tremendous economic and social growth the Internet has been responsible for over the past two decades cannot be worth the outcome.
I am in total agreement that there is a need for a quick and efficient means of taking town unlawful online materials or websites. But, this can be done in a variety of ways that doesn’t require sweeping legislation like Bill C-30. In fact, CIRA already have an example of how the privacy of Canadians can be protected while still allowing law enforcement the ability to act quickly without needing to take the judicial route (i.e. court orders) with our WHOIS database.
Our WHOIS has an administrative instrument (no court order required) whereby domain names can be disabled if it is “directly or indirectly, intentionally or unintentionally, is or may become involved” in one of a set of activities (which includes the distribution of child pornography). All without infringing upon an individual’s right to privacy.
Canadians are an ingenious lot – I’m pretty sure, given the right resources and people, we can come up with a well thought out, rational approach that will enable law enforcement to do their job without compromising the rights of Canadians. As a free and democratic nation, we should expect nothing less.
What do you think? Can we protect the most vulnerable in our society without infringing on citizen’s rights?