The Hill Times
Monday, August 17, 1998

Online eavesdropping a real possibility

by Pierre Bourque,

One of the great perks of writing about government and the Net for this organ is the quality of email I get from readers, both from within government and on its periphery. Increasingly, though, I wonder who else is reading my email traffic, particularly notes that I may get from readers in MPs offices, even from staffers within the PMO.

A few days ago I was sent a shocking article entitled "Russian Legislation Strikes Fear on the Net", written by Jeanette Borzo for The Industry Standard, "The Newsmagazine of the Internet Economy" (www.thestandard.net/articles/article_display/0,1449,1300,00.html).

The piece details how the Russian government is set to initiate harsh new Internet legislation that will force all Internet Service Providers to "link digitally" to the FSB, Russia's new-era KGB. In doing so, Borzo points out that the FSB will be able to monitor all email going in and out of Russia, with or without permission or reason.

It will "mean stealth eavesdropping that no one can audit afterwards", as Anatoly Levenchuk , Russia's Libertarium founder, is quoted as saying, adding that "wiretapping will be (only) as far away as a mouse click".

Naturally, I expect that all online correspondence is as private as an announcement over the Corel Centre loudspeaker during an Ottawa Senators game. But the idea that state agencies would covertly position themselves to intercept email without proper authority or supervision takes the issue of online privacy to a new level.

This alarming development prompted me to ask David Jones (djones@efc.ca), President of Electronic Frontier Canada (www.efc.ca), about the likelihood of a similar situation presenting itself here in Canada. Would the RCMP, CSIS, CSE, or even the busybodies over at the CRTC be interested in this kind of set-up?

Jones replied that "The RCMP, CSIS, CSE have already expressed an interest in gaining access to personal communications over the Internet. They say, of course, that this would only ever be done with prior judicial authorization, but they also say that for the interception of communications to be worthwhile, it needs to be done without the knowledge of the communicating parties."

He also affirmed what I wrote in this column last week about how the CRTC is "making a play to expand the scope of its mandate and this is quite a separate issue from what the cops and spies have in mind".

Jones went on to point out that "The one important thing to keep in mind is that when people like you and me communicate over the Internet, we are doing it through intermediaries, Internet Service Providers, and through third party equipment, such as routers made by Cisco" (www.cisco.com).

The EFC Prez wonders if we have any reason to trust those intermediaries.

"After all", he says, "they're just companies and when faced with a decision between customer privacy and the wrath of government and law enforcement, how will they choose?"

He suggested a quick read of the article "Cisco Backs Backdoor for Internet Wiretaps" (www.efc.ca/pages/media/netly-news.14jul98.html) to get an answer to that one. This excerpt taken from that article, written by Declan McCullagh forThe Netly News on July 14th, is quite telling:

When the FBI or local police want to spy on you, they hand a court order to your sysadmin. As soon as he flicks a "network control switch", the Cisco software begins to surreptitiously record everything you type or do online -- before it's encrypted. That information is bundled into a file that the cops can pick up at the end of the day.

"What we've tried to do is figure out an industry standard way to comply with a warrant", said Dan Scheinman, CISCO vice-president for legal and government affairs. A dozen other firms, including Microsoft, Netscape, Network Associates, and Sun Microsystems, have endorsed this approach.

Jones also added that "In order to win government approval to export its routers and increase profits, Cisco is eager to get into bed with the cops and spies. As the recent Philip Services "ex parte" court orders reveal, it doesn't take much to get ISPs to roll over on their clients." (A call to Cisco's Ottawa office for comment was not returned by deadline).

I asked Jones if Russia's blanket approach to all email was do-able technologically here in Canada. He suggested that it would be difficult to do in a Canadian context, given the amount of online traffic, though "it would be possible for certain ISPs to collaborate with cops to spy on designated individuals".


Copyright © 1998 by The Hill Times. All Rights Reserved. Reprinted with permission.