When it comes to telling Internet users what they can or can't do, it seems like everybody wants to get into the act.
Industry Canada is trying to come up with a way to regulate electronic cryptography, to ensure that authorities will be able to access encrypted information they deem illegal.
The CRTC is figuring out whether it should regulate Internet content, and whether it should enforce Canadian content regulations online.
Federal MP Chris Axworthy (NDP, Saskatoon) is asking that Internet service providers be licensed by the CRTC, to ensure that they block access to child porn on their servers.
Electronic Frontier Canada, the Canadian organization for civil liberty online, is promoting electronic rights, including privacy and security of electronic communication and a relaxation of export controls on cryptography.
The Global Internet Liberty Campaign (GILC) is asking for a relaxation of regulation of the Internet worldwide. The GILC hosts a meeting in Ottawa on Oct. 7 called "The Public Voice in the Development of Internet Policy", which will examine privacy, encryption, free speech, access and consumer and human rights issues.
Meanwhile, members of the Canadian Association of Internet Providers (CAIP) are working at regulating themselves by developing codes of conduct and privacy.
The CAIP just released a "privacy code" to assure all other regulatory bodies that its own rules are good enough. CAIP believes industries should be able to self-regulate, and has drafted a set of principles based on a recent Industry Canada document called the Canadian Standards Association Model Code for the Protection of Personal Information. CAIP's privacy code is basically an ISP version of it.
The code aims to please everyone, including customers, authorities, government, civil libertarians and its own members. Unfortunately, by not taking a strong stand for any of the above, the policy is weak, stating little more than the obvious.
For example, the code says its members aim to protect their clients' privacy. Section five of the 10-section code states:
"Members will use or disclose personal information only for the purposes it was collected, unless a user gives consent or as required by law."
It continues: "A member may disclose personal information without consent when required to do so by law, e.g. subpoenas, search warrants, other court and government orders or demands from other parties who have a legal right to personal information, or to protect the security and integrity of its network or system."
It could easily be replaced with the statement: "We won't tell anyone about you unless we legally have to." In other words, stating the obvious.
CAIP chair Margo Langford said that the code is still in its first draft, and admits it doesn't say anything that is particularly new. She says both the government and ISPs are unsure about how to deal with legal issues, and are trying to come up with a set of directives for themselves that would fit with what the government may want to put into law.
"We want to give our membership a tool when situations crop up. When and how information can be given, under search warrant, etc. ... certain situations have cropped up."
While Langford wasn't sure how often legal situations come up in the ISP industry today, during her two years at iStar Internet -- where her precautions included banning about 12 newsgroups -- authorities came knocking on iStar's door for legal reasons only twice. One was the case of a potential suicide and the other a child porn case. At the time, iStar had about 60,000 members.
While it's admirable that CAIP members are concerned with their clients' privacy, they're not proposing to protect that privacy anywhere above and beyond what the law already requires.