Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Proposed Canadian Anti-Spam Rules Restrict Secret ISP Monitoring

timothy posted about a year and a half ago | from the shouldn't-they-call-spam-moose? dept.

Canada 24

New submitter Fnordulicious writes "Although Canada's anti-spam legislation is already in place, the rules to implement it have been under development for more than a year. This weekend the proposed rules from the Department of Industry were published in the Canada Gazette. Kady O'Malley reports on the CBC Inside Politics Blog that Canadian ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

cancel ×

24 comments

Sorry! There are no comments related to the filter you selected.

Yay (4, Interesting)

Kinthelt (96845) | about a year and a half ago | (#42517955)

Happy news, for a change!

Now, if we could only do something about the Copyright Modernization Act...

Re:Yay (2, Interesting)

Anonymous Coward | about a year and a half ago | (#42519171)

I dunno, they left a loophole you could drive a truck through.

is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

So, a rubber stamp judge, and a good lawyer to prove that anything that anyone does after a fishing expedition falls into those guidelines.

I mean, it's a far, far better run at this than the USA, but it seems very, very easy to exploit.

one word (1)

schneidafunk (795759) | about a year and a half ago | (#42517967)

encryption

This sounds good, but what is consent here? (1)

Anonymous Coward | about a year and a half ago | (#42518005)

Commonsense guidelines on Internet usage are deliberately overdue as everyone knows. From the headline, this sounds like a step in the right direction.

I worry though that an ISPs contract, or a website EULA, can constitute consent for monitoring.

Any insights here?

Re:This sounds good, but what is consent here? (2)

gl4ss (559668) | about a year and a half ago | (#42518029)

probably not.
the problem is the "illegal and represents an 'imminent risk to the security of its network.' ".

how do you know without looking though if it's illegal. and anything can be thought of as imminent risk to security.

Re:This sounds good, but what is consent here? (2)

kelemvor4 (1980226) | about a year and a half ago | (#42518337)

anything can be thought of as imminent risk to security.

That's exactly what I was thinking. If the ISP is able to make the decision on their own, this won't prevent much other than the general monitoring of all traffic. It would still be very easy for them to see a large amount of traffic to one customer and decide that it might represent an imminent risk for one reason or another.

Re:This sounds good, but what is consent here? (0)

Anonymous Coward | about a year and a half ago | (#42519007)

Nothing stops them from monitoring everything that crosses their lines. They're only stopped from installing monitoring software on your machine directly:

But an attempt by Canadian ISPs to garner an all-access pass that would let them secretly install software to monitor potentially illicit user activity was thwarted, at least in part.

According to the note accompanying the draft regulations, industry representatives "had argued for exemptions from the requirement for consent to install software to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks."

Under the revised rules, service providers would only be permitted to install software "where illegal activities pose a threat to [their] networks."

Re:This sounds good, but what is consent here? (2)

Beardo the Bearded (321478) | about a year and a half ago | (#42521625)

anything can be thought of as imminent risk to security.

That's exactly what I was thinking. If the ISP is able to make the decision on their own, this won't prevent much other than the general monitoring of all traffic. It would still be very easy for them to see a large amount of traffic to one customer and decide that it might represent an imminent risk for one reason or another.

ISP decision making in Canada:

1. Will this cost more money than doing fuck all?

2. Do fuck all.

3. Profit.

Re:This sounds good, but what is consent here? (1)

Samantha Wright (1324923) | about a year and a half ago | (#42518533)

There's probably a more fleshed out definition to "imminent risk to security" they had in mind, although the proposed regulatory text doesn't mention it. As usual, we have to rely on the sanity of judges. (But that's nothing new, now is it?)

Re:This sounds good, but what is consent here? (3, Insightful)

Meneth (872868) | about a year and a half ago | (#42519035)

Even if the ISP looks, they can't determine if something is illegal or not. A court of law is required for that.

Re:This sounds good, but what is consent here? (1)

Stan92057 (737634) | about a year and a half ago | (#42519387)

Email boxes loaded with spam? If its making it to the email its proving spammers are using the network. Complaints by the ISPs members?

In the open until prove (0)

Anonymous Coward | about a year and a half ago | (#42518019)

ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network

Does this mean they will monitor all the traffic in public and then when they see something illegal they will turn around and do it in secret?

Some scary stuff therw (4, Interesting)

Lieutenant_Dan (583843) | about a year and a half ago | (#42518151)


Limited exemptions for protecting, upgrading and updating computer networks
The proposed Regulations include an exemption for telecommunications service providers (TSPs) from the requirement to have consent to install a computer program for the limited purposes of preventing illegal activities that present an imminent risk to the security of its network.

The proposed Regulations also include an exemption for TSPs from the requirement to have consent to install software on devices across an entire network for update and upgrade purposes.

Does this mean that Rogers/Bell can start pushing agents/SW on their subscribers computers which in turn allow them to control your access?

This is pretty messed up.

They should be within their rights to cut off access to the node. I suppose the TSPs need to have a higher level of assurance that the node is no longer compromised.

Re:Some scary stuff therw (0)

Anonymous Coward | about a year and a half ago | (#42519151)

The rules are being written so that they can install monitoring software without your permission, yes, but only if it's illegal and a direct threat to their own networks. For example, Bell couldn't install something to monitor a person that seems to be trying to hack into Rogers' network, though they could tell Rogers and Rogers could then install it themselves.

On the other hand, I would hope that they would be restricted from telling you to install monitoring software in order to continue using their systems. I am quite a bit leery of this statement:

Consent would still be needed to install software to "prevent legal activities that are merely unauthorized or suspicious, or where an installation is not required for a system-wide upgrade or updates."

Re-arranged a little: "Consent would (not) be needed to install software...where an installation is...required for a system-wide upgrade or updates."

Re:Some scary stuff therw (3, Insightful)

dskoll (99328) | about a year and a half ago | (#42520111)

Does this mean that Rogers/Bell can start pushing agents/SW on their subscribers computers which in turn allow them to control your access?

It may read that way, but I don't think that's the intent. I think it's meant to allow Bell and Rogers to remotely update the firmware on their modems and routers. My mother uses Bell, but she runs Linux so Bell would have a fairly difficult time installing anything on her computer anyway. (To monitor her, they wouldn't need to... they could just install something on the router they provided.)

People can't read anymore. (1)

Anonymous Coward | about a year and a half ago | (#42518173)

here is door wide open:

"except in the case that the activity is illegal"

Boilerplate (2)

bmo (77928) | about a year and a half ago | (#42518175)

This consent will just make its way into subscriber agreements as a sentence in 6 point type on page 34 of the 42 page TOS/Privacy agreement, which nobody ever reads anyway.

--
BMO

"except in the case that the activity is illegal" (1)

denis-The-menace (471988) | about a year and a half ago | (#42518209)

IOW, everything will still be logged because we could be criminals in the future or might already be and we (the criminals) just don't know it yet.

existing law (1)

junkgoof (607894) | about a year and a half ago | (#42518219)

There is an existing antispam law that is sufficiently broad as to be difficult for businesses to adhere to. I expect the goal of these changes is to appear to work in the public interest while obtaining lobbying money from spammers to make sure the antispam rules impede normal business, from businesses that don't want to spend money on compliance, and on spammers again once they are free to do as they please. The current Canadian government follows the GWB game plan for fun and personal profit.

Misfortune (0)

Anonymous Coward | about a year and a half ago | (#42518231)

While we're at it, let's get rid of the spam messages in Chinese fortune cookies. They are getting pretty insulting.

Last year a fortune cookie's message to me was: "You are not illiterate." No joke.

My response to it was: "Who said I was?"

No faith (0)

Anonymous Coward | about a year and a half ago | (#42518303)

I wouldn't put too much faith in this law Canada. Like here in Texas, the authorities will probably just ignore it. The example here in Texas is that when a judge orders a person's police file to be destroyed and deleted from their intel system, the order is just ignored and the file is never destroyed and deleted.

As the famous American political columnist Robert Novak said: "Always Love Your Country, But Never Trust Your Government".

Terms of Use (0)

Anonymous Coward | about a year and a half ago | (#42518321)

You hereby grant your consent to [ISP Company] employing monitoring for technical improvements and security.

Right, yep, sure... uhuh. (2)

mark-t (151149) | about a year and a half ago | (#42518541)

In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

And I somehow suspect there'd be absolutely nothing to stop them from terminating your service if you don't consent.

Re:Right, yep, sure... uhuh. (2)

davecb (6526) | about a year and a half ago | (#42519669)

There is a duopoly of ISPs in Canada, so anything Bell Telephone or Rogers* Cable does affects a huge number of people, and an attempt to require anything that could be characterized as spyware would cause complaints to the Cabinet**.

--dave
* or any of the other local cable monopolies
** the Prime Minister and his heads of department

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>