I wonder what the broader implications are of this bill. Is the bill broad enough that if I detect an IP address connect to my business SSH server does that afford me the privilege to obtain the customer information from the IP address?
Think about that for a moment, as a business owner I can now send a request to any ISP that owns an IP address that connected to my website. Why do I need your customer information, why because I did not authorize the IP access to /index.html, and the IP address showed repeated attempts connecting and using my computer resources (of course to the ISP I make it sound a little more sinister, like embed an image tag to a resource like /employee-portal/login so that I can tell the ISP the unauthorized access was to the employee portal, and of course that image tag will result in generating requests in my server logs to show the repeated requests from the IP trying to fetch that resource. Poof now I have the name and phone number for everyone that has been to my business website and is potentially interested in what I'm selling.. Of course, I won't tell the individual how I got their phone number. I wouldn't practice this, but for a morally corrupt business it sounds viable.
If the above is possible by the bill, and from the articles that I've read it is, then this bill strikes me as particularly stupid legislation bought for by moneyed interests. I can only hope that our government isn't so corrupted by those moneyed interests that this thing passes.
"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
So, yes, if you can convince an ISP that the information is for an investigation (not necessarily a police investigation, a private eye or corporate audit would suffice) then yes the ISP can give out your private information.
I especially like this nugget:
"reasonable grounds to believe that the information relates to a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed"
So, personal information can be disclosed even if I am about to commit a crime in another country, e.g. I surf a beauty pageant website and view the enter pageant page that is hosted in Nigeria (beauty contests are illegal under Sharia law).
As far as I can tell this only permits the disclosure, it doesn't compel it. Time to switch to an ISP that has a backbone.
What's especially concerning to me is that there's no recourse. Given the shotgun approach typically taken by copyright trolls, this is likely to expose more than just copyright offenders.
Not to mention chilling effects on free speech. Who would dare to criticize an organization when they can get your personal information from your ISP.
Difficult to find an ISP with a backbone that actually can follow through. I'd be interested to know if anyone in Canada has had an ISP successfully stand up to procecution.
TekSavvy is a fantastic company, but their business model is completely dependent on the big telcos who control the last mile. The UBB crisis a few years ago was a very close call, and it is bound to happen again in one form or another.
So if TekSavvy et al. try to resist the information leaking that the proposed legislation permits, I wouldn't be surprised if the MAFIAA took extralegal measures to force their hands. For example, Bell & Rogers might be persuaded to change the terms of their contract with indie ISPs the next time the contract comes up for renewal, unless the indies agree to some sort of "standard Canadian telco privacy policy" drawn up by the big telcos.
So Canadians might end up with a difficult choice: you can have privacy, or you can have 300GB traffic caps, but you can't have both.
> sivulving
I don't believe autocorrect is capable of producing words like that...
Think about that for a moment, as a business owner I can now send a request to any ISP that owns an IP address that connected to my website. Why do I need your customer information, why because I did not authorize the IP access to /index.html, and the IP address showed repeated attempts connecting and using my computer resources (of course to the ISP I make it sound a little more sinister, like embed an image tag to a resource like /employee-portal/login so that I can tell the ISP the unauthorized access was to the employee portal, and of course that image tag will result in generating requests in my server logs to show the repeated requests from the IP trying to fetch that resource. Poof now I have the name and phone number for everyone that has been to my business website and is potentially interested in what I'm selling.. Of course, I won't tell the individual how I got their phone number. I wouldn't practice this, but for a morally corrupt business it sounds viable.
If the above is possible by the bill, and from the articles that I've read it is, then this bill strikes me as particularly stupid legislation bought for by moneyed interests. I can only hope that our government isn't so corrupted by those moneyed interests that this thing passes.