So something interesting is happening in Canada.
Tl;dr because this is Tumblr:
There's a bill being considered to require electronic service providers like VPNs to log user data and share it with authorities when ordered to. VPNs are mad (and in my opinion you should be too).
The longer version:
The proposed bill C-22 (The Lawful Access Act) seeks to make law enforcement in the digital age easier for investigators by giving them more tools to gain information from electronic service providers. This includes phone companies, internet service providers, VPNs, and others.
Part 1 of the proposal specifies what needs to change. I encourage at least skimming it because it's fairly short and easy to read. But I'll call your attention to this proposed amendment:
Create a specific tool that provides lawful authority to make a confirmation of service demand to allow police to determine if a service provider may have information that will assist in the investigation of an offence. Once the police have confirmation that the service provider may have information, they can then take the necessary investigative steps including applying to a court to obtain a production order for the information in the possession of the service provider.
and this proposed amendment:
Create a new, narrower, court order to allow law enforcement to seek subscriber information from a service provider. Subscriber information includes the name, telephone number, address and email that is linked to an account.
In other words, make it easier to compel service providers to confirm that a suspect uses that service, and to provide basic information on that suspect. Supposedly this would not be allowed without probable cause.
Proposed changes to laws on timely access to information (Bill C-22 - Part 1): Department of Justice
Part 2 is very interesting. This one specifies how it will get service providers to actually comply with the spirit of the proposal, and this part in particular is alarming:
Explicitly allow regulations to be made regarding the retention of prescribed metadata for a reasonable period of no longer than one year, but not for content, web-browsing history or social media activity.
because, if passed, service providers would be required to log user information (metadata like IP address and personal information, not browser history or content, supposedly) or face monetary punishment if they do not.
Read Part 2 here, it's even shorter.
So naturally, VPN providers are livid because they do not log user data, as part of their privacy policies and commitment. NordVPN, Proton VPN, and Windscribe have all loudly spoken against the act, with Proton even saying they will not comply and are protected from doing so by local law since they are based in Switzerland and not Canada. Source:
Privacy giants are pushing back hard against the proposed Lawful Access Act














