🌐 Website Issue | Re-evaluate if key disclosure laws still apply to Canada #1167
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1167
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
This was brought up in the Matrix chat room by theBlackHierophant that stemmed from
https://old.reddit.com/r/privacytoolsIO/comments/crdd8b/about_the_59_and_14_eyes/:
I feel a bit uncomfortable with this issue title as I don't think any of us is a lawyer. I haven't read the links yet.
maybe we could ask someone on the subreddit /r/legaladvice to see if any lawyer would be willing to assist us with this.
If they don't get a response, perhaps try the EFF?
https://www.eff.org/pages/legal-assistance
They focus a lot on legal and political stuff. I would assume they know.
Plus, it doesn't seem to state to only contact if you have an actual case.
While you are at it, perhaps just ask if any of the countries listed need to be updated.
Wikipedia section:
https://www.wikipedia.org/wiki/Key_disclosure_law#Canada
Canada should not be listed in this section. The Wikipedia page that it links to as a "source" literally says you cannot be compelled to hand over the keys.
Another thing to note, under Canadian law, a COMPANY cannot be forced to hand over encryption keys, nor log users as it would be considered an illegal wiretap.
Source: I run a VPN company in Canada, and had lawyers conduct legal research before opening the company in this justification. I've also personally spoken to most major law enforcement agencies in US, Canada and abroad, and been on a receiving end of dozens of subpoenas.
As an update date, we are reconsidering our approach for laws in specific countries. Alliances like the five eyes come and go, key disclosure laws as well, and as we don have a lawyer on our team, its really hard to give up date accurate information on this topic.
On of our plans is to makes these subjects more generic, and instead of warning against specific countries(which can lead someone to believe their safe, but arent as we didnt notice his countries new law yet), we are going to try and explain more in detail what alliances and different types of laws mean, and how the generally work, and point people that they should do their own homework about their own countries laws, to make it sure for themselves.
The whole "5 eyes" thing needs to go away. It's completely meaningless and is used a scare tactic by VPN "review" (marketing) sites to sell NordVPN and ExpressVPN.
The whole point of the "5 eyes" alliance was to spy on the soviets (and other enemies of the alliance). It's 2019. Offshore zones with loose laws and high corruption rates are not a better jurisdictions for a VPN.
If a country has no data retention laws that apply to VPNs, and the government cannot compel a company to collect logs on all users (as the case with Canada), why is that a worse jurisdiction than some 3rd world country, where a VPN company paid some lawyer to open a shell company for $1500?
I would say Canada does not have key disclosure law https://en.wikipedia.org/wiki/Key_disclosure_law#Canada
https://old.reddit.com/r/privacytoolsIO/comments/7tvph8/canada_does_not_have_a_key_disclosure_law/ also this reddit thread.
I also didn't see anything mentioned about it here https://laws-lois.justice.gc.ca/eng/acts/S-6.9/page-1.html unless it could be considered undermining the security of Canada, in that case you'd probably be whisked off to a blacksite and they would employ some rubber hose cryptoanalysis extra-judical style. We really are not giving advice for people seeking that kind of threat model.
We should probably include a key disclosure law section, but in reality it really only applies to full disk encryption/encryption of files etc.