🌐 Website Issue | Re-evaluate if key disclosure laws still apply to Canada #1167

New Issue

2019-08-17T02:09:06Z

nitrohorse commented

2019-08-17 02:09:06 +00:00

(Migrated from github.com)

Description

This was brought up in the Matrix chat room by theBlackHierophant that stemmed from
https://old.reddit.com/r/privacytoolsIO/comments/crdd8b/about_the_59_and_14_eyes/:

There was a case in 2010 that clearly stated a password compelled from an individual by law enforcement "is inadmissible and that renders the subsequent seizure of the data unreasonable. In short, even had the seizure been preceded by judicial authorization, the law will not allow an order to be joined compelling the respondent to self-incriminate."

This would lead me to believe that Canada should not be under the red header? - https://www.privacytools.io/providers/#kdl

Here is the court filing for the Court of Appeals: https://www.canlii.org/en/qc/qcca/doc/2010/2010qcca1108/2010qcca1108.html

And here is the charter, section 11c herein: https://www.canada.ca/en/canadian-heritage/services/how-rights-protected/guide-canadian-charter-rights-freedoms.html#a2e5

## Description This was brought up in the Matrix chat room by theBlackHierophant that stemmed from https://old.reddit.com/r/privacytoolsIO/comments/crdd8b/about_the_59_and_14_eyes/: > There was a case in 2010 that clearly stated a password compelled from an individual by law enforcement "is inadmissible and that renders the subsequent seizure of the data unreasonable. In short, even had the seizure been preceded by judicial authorization, the law will not allow an order to be joined compelling the respondent to self-incriminate." > > This would lead me to believe that Canada should not be under the red header? - https://www.privacytools.io/providers/#kdl > > Here is the court filing for the Court of Appeals: https://www.canlii.org/en/qc/qcca/doc/2010/2010qcca1108/2010qcca1108.html > > And here is the charter, section 11c herein: https://www.canada.ca/en/canadian-heritage/services/how-rights-protected/guide-canadian-charter-rights-freedoms.html#a2e5

Mikaela commented

2019-08-17 18:17:08 +00:00

(Migrated from github.com)

I feel a bit uncomfortable with this issue title as I don't think any of us is a lawyer. I haven't read the links yet.

blacklight447 commented

2019-08-17 18:19:06 +00:00

(Migrated from github.com)

maybe we could ask someone on the subreddit /r/legaladvice to see if any lawyer would be willing to assist us with this.

👍 2

ggg27 commented

2019-08-19 21:19:16 +00:00

(Migrated from github.com)

maybe we could ask someone on the subreddit /r/legaladvice to see if any lawyer would be willing to assist us with this.

If they don't get a response, perhaps try the EFF?

https://www.eff.org/pages/legal-assistance

They focus a lot on legal and political stuff. I would assume they know.
Plus, it doesn't seem to state to only contact if you have an actual case.

While you are at it, perhaps just ask if any of the countries listed need to be updated.

Wikipedia section:

https://www.wikipedia.org/wiki/Key_disclosure_law#Canada

> maybe we could ask someone on the subreddit /r/legaladvice to see if any lawyer would be willing to assist us with this. If they don't get a response, perhaps try the EFF? https://www.eff.org/pages/legal-assistance They focus a lot on legal and political stuff. I would assume they know. Plus, it doesn't seem to state to _only_ contact if you have an actual case. ______________ While you are at it, perhaps just ask if any of the countries listed need to be updated. ____________ Wikipedia section: https://www.wikipedia.org/wiki/Key_disclosure_law#Canada

👍 2

yegors commented

2019-11-06 22:20:33 +00:00

(Migrated from github.com)

Canada should not be listed in this section. The Wikipedia page that it links to as a "source" literally says you cannot be compelled to hand over the keys.

In Canada key disclosure is covered under the Canadian Charter of Rights and Freedoms section 11(c) which states "any person charged with an offence has the right not to be compelled to be a witness in proceedings against that person in respect of the offence;"[10] and protects the rights of individuals that are both citizens and non-citizens of Canada as long as they are physically present in Canada.[11]

In a 2010 Quebec Court of Appeal case the court stated that a password compelled from an individual by law enforcement "is inadmissible and that renders the subsequent seizure of the data unreasonable. In short, even had the seizure been preceded by judicial authorization, the law will not allow an order to be joined compelling the respondent to self-incriminate."[12]

Another thing to note, under Canadian law, a COMPANY cannot be forced to hand over encryption keys, nor log users as it would be considered an illegal wiretap.

Source: I run a VPN company in Canada, and had lawyers conduct legal research before opening the company in this justification. I've also personally spoken to most major law enforcement agencies in US, Canada and abroad, and been on a receiving end of dozens of subpoenas.

Canada should not be listed in this section. The Wikipedia page that it links to as a "source" literally says you cannot be compelled to hand over the keys. > In Canada key disclosure is covered under the Canadian Charter of Rights and Freedoms section 11(c) which states "any person charged with an offence has the right not to be compelled to be a witness in proceedings against that person in respect of the offence;"[10] and protects the rights of individuals that are both citizens and non-citizens of Canada as long as they are physically present in Canada.[11] > > In a 2010 Quebec Court of Appeal case the court stated that a password compelled from an individual by law enforcement "is inadmissible and that renders the subsequent seizure of the data unreasonable. In short, even had the seizure been preceded by judicial authorization, the law will not allow an order to be joined compelling the respondent to self-incriminate."[12] Another thing to note, under Canadian law, a COMPANY cannot be forced to hand over encryption keys, nor log users as it would be considered an illegal wiretap. Source: I run a VPN company in Canada, and had lawyers conduct legal research before opening the company in this justification. I've also personally spoken to most major law enforcement agencies in US, Canada and abroad, and been on a receiving end of dozens of subpoenas.

blacklight447 commented

2019-11-07 06:46:22 +00:00

(Migrated from github.com)

As an update date, we are reconsidering our approach for laws in specific countries. Alliances like the five eyes come and go, key disclosure laws as well, and as we don have a lawyer on our team, its really hard to give up date accurate information on this topic.

On of our plans is to makes these subjects more generic, and instead of warning against specific countries(which can lead someone to believe their safe, but arent as we didnt notice his countries new law yet), we are going to try and explain more in detail what alliances and different types of laws mean, and how the generally work, and point people that they should do their own homework about their own countries laws, to make it sure for themselves.

As an update date, we are reconsidering our approach for laws in specific countries. Alliances like the five eyes come and go, key disclosure laws as well, and as we don have a lawyer on our team, its really hard to give up date accurate information on this topic. On of our plans is to makes these subjects more generic, and instead of warning against specific countries(which can lead someone to believe their safe, but arent as we didnt notice his countries new law yet), we are going to try and explain more in detail what alliances and different types of laws mean, and how the generally work, and point people that they should do their own homework about their own countries laws, to make it sure for themselves.

yegors commented

2019-11-09 00:55:27 +00:00

(Migrated from github.com)

The whole "5 eyes" thing needs to go away. It's completely meaningless and is used a scare tactic by VPN "review" (marketing) sites to sell NordVPN and ExpressVPN.

The whole point of the "5 eyes" alliance was to spy on the soviets (and other enemies of the alliance). It's 2019. Offshore zones with loose laws and high corruption rates are not a better jurisdictions for a VPN.

If a country has no data retention laws that apply to VPNs, and the government cannot compel a company to collect logs on all users (as the case with Canada), why is that a worse jurisdiction than some 3rd world country, where a VPN company paid some lawyer to open a shell company for $1500?

The whole "5 eyes" thing needs to go away. It's completely meaningless and is used a scare tactic by VPN "review" (marketing) sites to sell NordVPN and ExpressVPN. The whole point of the "5 eyes" alliance was to spy on the soviets (and other enemies of the alliance). It's 2019. Offshore zones with loose laws and high corruption rates are not a better jurisdictions for a VPN. If a country has no data retention laws that apply to VPNs, and the government cannot compel a company to collect logs on all users (as the case with Canada), why is that a worse jurisdiction than some 3rd world country, where a VPN company paid some lawyer to open a shell company for $1500?

dngray commented

2020-03-26 17:57:49 +00:00

(Migrated from github.com)

I would say Canada does not have key disclosure law https://en.wikipedia.org/wiki/Key_disclosure_law#Canada

https://old.reddit.com/r/privacytoolsIO/comments/7tvph8/canada_does_not_have_a_key_disclosure_law/ also this reddit thread.

I also didn't see anything mentioned about it here https://laws-lois.justice.gc.ca/eng/acts/S-6.9/page-1.html unless it could be considered undermining the security of Canada, in that case you'd probably be whisked off to a blacksite and they would employ some rubber hose cryptoanalysis extra-judical style. We really are not giving advice for people seeking that kind of threat model.

We should probably include a key disclosure law section, but in reality it really only applies to full disk encryption/encryption of files etc.

I would say Canada does not have key disclosure law https://en.wikipedia.org/wiki/Key_disclosure_law#Canada https://old.reddit.com/r/privacytoolsIO/comments/7tvph8/canada_does_not_have_a_key_disclosure_law/ also this reddit thread. I also didn't see anything mentioned about it here https://laws-lois.justice.gc.ca/eng/acts/S-6.9/page-1.html unless it could be considered *undermining the security of Canada*, in that case you'd probably be whisked off to a blacksite and they would employ some rubber hose cryptoanalysis extra-judical style. We really are not giving advice for people seeking that kind of threat model. We should probably include a key disclosure law section, but in reality it really only applies to full disk encryption/encryption of files etc.

This repo is archived. You cannot comment on issues.