Digital Traffic Cops: Recommendations forthe Canadian Cybercrime Initiative1
Jason YoungGowling LaFleur Henderson FellowLL.M. (Candidate) in Technology and LawFaculty of Law - University of [email protected] KeyID 0x46E11518
1 This paper is adapted from an earlier, more comprehensive work Surfing While Muslim: Privacy,Freedom of Expression and the Unintended Consequences of Cybercrime Legislation (forthcoming McGillL.J., 2004), http://www.innovationlaw.org/pages/swm_jyoung.doc. I remain indebted for the assistance andcriticism of many. In particular, I would like to thank the Canadian Social Sciences and HumanitiesResearch Council Anonymity Project for its generous financial support. "It may be that it is the obnoxious thing in its mildest and least repulsive form; but illegitimate andunconstitutional practices get their first footing… by silent approaches and slight deviations from legalmodes of procedure."2
The preamble to the Council of Europe's Convention on Cyber-crime sets the
stage: new technologies of digitization and networking threaten the traditional means that
law enforcement and intelligence agencies have used to catch 'bad guys'.3 Moreover, now
that the bad guys are moving into cyberspace along with everyone else, they have
invented new crimes – cybercrimes – which demand new methods to investigate and
prosecute. The Main Street 'cop on the beat' has never had it so tough, so the argument
continues.4 Gone are the days of Canter and Siegel's USENET Green card spamming,5
these new breed of cyber-criminals aren't two-bit lawyers, but crackers, techno-savvy
pedophiles and terrorists who thumb their noses at cyber-cops from foreign jurisdictions
or behind techno-pseudonymity, and disappear without leaving a trace.
Ostensibly, global cybercrime initiatives are predicated on designing new
investigatory powers to maintain the status quo for law enforcement. The stated public
policy objective of the Convention as well as its national subsidiaries in countries such as
Canada, the United States and the United Kingdom, is to maintain lawful electronic
2 United States v. Bach, (18 November 2002), No. 02-1238 (8th Cir. 2002) (Brief of Amicus CuraieElectronic Privacy Information Centre at 4) (citing Boyd v. United States, 116 U.S. 633 at 636 (1886)).
3Council of Europe, Committee of Ministers, 109th, Convention on Cyber-crime, ETS No. 185. (2001),preamble [Convention], Canada, Dept. of Justice et al., Lawful Access: Consultation Document (Ottawa:Justice, 2002) at 3 [Lawful Access].
4 See e.g. Convention, Lawful Access, Canadian Association of Chiefs of Police, Response To GovernmentOf Canada’s Lawful Access Consultation Document, (Toronto: CACP, 2002) at 32.
5 P. Lewis, "Sneering At a Virtual Lynch Mob" The New York Times (11 May 1994) D7.
surveillance capabilities in the face of new technologies which are making it more
difficult for the old tools to work, while preserving and protecting citizens' privacy and
However, these initiatives fail to recognize that the same technologies which
make it more difficult for cyber-cops to catch cyber-criminals, also have the potential to
become a more encompassing form of social control. In democracies, the efficacy of
electronic surveillance is the very rationale for adopting stringent procedural safeguards
on its use. As more of our daily activities become instantiated by technology, a society
which exposes us, at the whim of the state, to the risk of having a permanent electronic
record made every time engage in online activities might be superbly equipped to fight
crime, but it would be one in which privacy and freedom of speech no longer had any
The Canadian government's response has been both short-sighted and, from an
international perspective, typical. Under the guise of the Convention, the federal
government has sought to adopt new requirements to force Internet and
telecommunications service providers to authenticate the identity of their subscribers, to
make their networks 'surveillance-friendly' and to compel them to produce subscriber
'traffic data' under lower standards than that now required for other types of state
surveillance, such as wiretaps and warrants.
This proposal – dubbed "lawful access" – is a case-study in unintended
consequences. Applying traditional rules of lawful access – or worse, rules subject to
lower standards – to the persistent, pervasive and permanent information realm of
6 Lawful Access, supra note 3 at 6.
7 R. v. Duarte, [1990] 1 S.C.R. 30at 44 (La Forest J.) [Duarte].
cyberspace does not simply maintain the status quo, but rather introduces unique and
dangerous implications for our constitutional rights and freedoms.
Part I of the paper illustrates that legal definitions of "traffic data" in the Canadian
lawful access proposal and, by extension, global cybercrime initiatives, fail to adequately
recognize the nature of the data actually caught by these definitions. Part II argues that
certain characteristics of the Internet lead cyber-citizens to believe they enjoy more
privacy than they actually do, and makes concerns about these rights more poignant.
Part III suggests that the rationale of the Canadian lawful access proposal is ill-defined,
the public policy objectives poorly-constructed and the potential unintended
consequences both numerous and unconstitutional. The paper concludes with
recommendations for improving the proposal.
There is no international consensus on a definition for traffic data. Instead, each
country or organization has adopted their own definition, some more broad than others.8
The Canadian cybercrime proposal uses "telecommunications associated data" to mean
any data "pertaining to the telecommunications functions of dialing, routing, addressing
or signaling…" and seeks to justify a lower expectation of privacy in this data using a
tautological argument: "the standard for Internet traffic data should be more in line with
that required for telephone records and dial number recorders in light of the lower
8 See e.g. Convention, supra note 3, Art. 1, Regulation of Investigatory Powers Act 2000 (U.K.), 2000, c. 23, Communications Assistance for Law Enforcement Act,47 U.S.C. §§ 1001-1010 (1994).
expectation of privacy in these types of data."9 However, a consideration of the types of
data often included in the definition of "traffic" and the nature of digital communications,
generally, should cast serious doubt on any argument that it should not attract a
The following example illustrates traffic data in an analog context. Figure 1: Traffic data on a plain old telephone system (POTS)
20021021070824178 165 0187611205 6139574222 ----------001------003sth 46 5145281768-----0013 1410260
Caller at (613) 957-4222 makes a phone call at 7:08:24 AM on October 21, 2002 to recipient at(514) 528 1768 for 3 minutes and 20 seconds.
The two following examples10 illustrate, digital traffic data can reveal categories
of information wholly unrelated to the routing and addressing of the message. Figure 2: Traffic data from two callers on a wireless network (~GSM)
time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:20:47:24 (A)time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:04:29:30 (B)time GMT=20010810010852 Cell ID=115 MAC ID=00:60:1D:21:C3:9Ctime GMT=20010810010853 Cell ID=129 MAC ID=00:02:2D:04:29:30time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:1F:53:C0time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:04:29:30 (B)time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:20:47:24 (A)time GMT=20010810010856 Cell ID=41 MAC ID=00:02:2D:0A:5C:D0time GMT=20010810010856 Cell ID=41 MAC ID=00:02:2D:1F:78:00time GMT=20010810010900 Cell ID=154 MAC ID=00:02:2D:0D:27:D3
On August 10, 2001 at 1:08:52 AM, cellphone user A was in radio cell 115 (Dorval Airport) withcellphone user B and both traveled together at 01:08:54 am to cell 129 (Hilton Hotel).
9 Lawful Access, supra note 3 at 12.
10 Adapted from A. Pascual, "Access to 'traffic' data: when reality is far more complicated than a legaldefinition" (Global Community Networks 2002, Montreal, 11 October 2002) [unpublished], online:<http://www.it.kth.se/~aep/private/cnglobal2002-escuderoa.ppt> (date accessed 19 Oct 2002). Figure 3: Traffic data from a user connecting to a web server
295.47.63.8 - - [05/Mar/2002:15:19:34 +0000] "GET/cgi-bin/htsearch?config=htdigx&words=startrek HTTP/1.0"20 2225295.47.63.8 - - [05/Mar/2002:15:19:44 +0000] "GET/cgi-bin/htsearch?config=htdig&words=startrek+avi HTTP/1.0"200x215.59.193.32 - - [05/Mar/2002:15:20:17 +0000] "GET/cgi-bin/htsearch?config=htdig&words=Modem+HOWTO …192.77.63.8 - - [05/Mar/2002:15:20:35 +0000] "GET/cgi-bin/htsearch?config=htdig&words=conflict+war HTTP/1.0"200211.164.33.3 - - [05/Mar/2002:15:21:32 +0000] "GET/cgi-bin/htsearch?config=htdigx&words=STD+clinic+Kingston…211.164.33.3 - - [05/Mar/2002:15:21:38 +0000] "GET/cgi-bin/htsearch?go=1&do=nw&ct=NA&1y=US&1a=1234+Main+Street&1p=&1c=Kingston&1s=ON&1z=K7L+3H4&1ah=&2y=US&2a=300+1st+Avenue&2p=&2c=Kingston&2s=ON&2z=K4E+4T5&2ah=&lr=2&x=83&y=10211.164.33.3 - - [05/Mar/2002:15:22:05 +0000] "GET/cgi-bin/htsearch?config=htdigx&words=taxi+info82.24.237.98 - - [05/Mar/2002:15:25:29 +0000] "GET/cgi-bin/htsearch?config=htdigx&words=blind+date HTTP/1.0
On March 5th 2002, Internet surfer at IP 211.164.33.3 searched for information on Kingston STDclinics, driving directions from 1234 Main St., Kingston, ON K7L 3H4 to 300 1st Avenue,Kingston, ON K4E 4T5 and taxi info.
It should be obvious that the privacy implications of the data collected in Figure 1
compared to that collected in Figures 2 and 3 are potentially considerably less serious;
there is simply less information available to inappropriately collect, use and disclose.
However, the data in all three figures would be captured by most legal definitions of
"traffic data", despite the fact that they are contextually very different. Insofar as a label
or an analogy reinforces the idea that "traffic data" is separate from and different than
"content" it ignores the fact that in digital communications the line between what is
merely traffic and what is content blurs considerably.
Canadian courts have yet to address the traffic/content dichotomy, but U.S. courts
have had the opportunity in a number of instances and found it a false one. In
Doubleclick,11 a district court considered how traffic and content information could be
11 In re Doubleclick, Inc. Privacy Litigation, 154 F. Supp. 2d 497, 514 (S.D.N.Y. 2001) [Doubleclick]("GET information is submitted as part of a Web site's address or 'URL,' in what is known as a 'querystring.' For example, a request for a hypothetical online record store's selection of Bon Jovi albums might
one and the same thing. In Pharmatrak, the U.S. 1st Circuit Court of Appeals
unequivocally found that data of the kind captured by the "GET" method in Figure 3 was
content12 under the federal wiretap statute.13
Canadian courts at the highest levels have found a reasonable expectation of
privacy in information which tends to reveal intimate details of the lifestyle and personal
choices of an individual,14 even if disclosed to third parties,15 or regardless of the nature
of the information if the individual had demonstrated an expectation of privacy in it by
his or her actions.16 Standing doctrine suggests, therefore, that digital traffic data could be
subject to a reasonable expectation of privacy, as that concept has been defined under s. 8
of the Charter of Rights and Freedoms.
Part II: Implications of the 'Collapse of the Digital Moment'17
Our activities in cyberspace are qualitatively different than many of their offline
counterparts in three respects. First, every activity in cyberspace is instantiated by
technology such that wherever we go online and whatever we do, we leave behind a trail
read: http://recordstore.hypothetical.com/search?terms=bonjovi. The URL query string begins with the '?'character meaning the cookie would record that the user requested information about Bon Jovi.").
12 Pharmatrak, supra note 25 at 19-20 ("Transmissions of completed forms, such as the one at Pharmacia'sDetrol website, to [Pharmatrak, Inc.] constitute electronic communications… 'contents' when used withrespect to any electronic communication includes any information concerning the substance, purport ormeaning of that communication. This definition encompasses personally identifiable information such as aparty's name, date of birth, and medical condition."); at 11-12 ("Pharmacia used the 'get' method to transmit[inter alia names, dates of birth, and medical conditions] from a rebate form on its Detrol website").
13 18 U.S.C. § 2510(4) ("'intercept' means the aural or other acquisition of the contents of any wire,electronic, or oral communication through the use of any electronic, mechanical, or other device.").
14 R. v. Plant, [1993] 3 S.C.R. 281 at 293 [Plant].
15 Schreiber v. Canada (Attorney General), [1998] 1 S.C.R. 841 at 854 [Schreiber].
16 R. v. Shearing, 2002 SCC 58 at paras. 167 and 112, R. v. Law, 2002 SCC 10 at para. 16.
17 With apologies to S. Vaidhyanathan, Copyrights and Copywrongs, (New York University Press: NewYork, 2001) c. 5.
of data. This data are recorded, often aggregated and linked to create profiles of us as
visitors, consumers or members of virtual communities. This persistence, pervasiveness,
and permanence of traffic data about our activities in cyberspace changes the nature of
the information itself, independent of what individual datum represent.
Second, our widespread techno-illiteracy about what actually takes place behind
the screen encourages us to make false assumptions about the capabilities and the extent
of surveillance we may be exposed to when engaging in online transactions. The new
Panopticon's strength is that we participate voluntarily, seeing only the obvious
advantages – convenience and choice – not the less tangible and more complex
Other structural characteristics of the Internet lend themselves to this
misperception. In most cases, our email addresses and pseudonyms reveal little or
nothing of our age, gender, nationality, background or geographical location and these
proxies give us a certain sense of anonymity. As the caption to the now famous NewYorker cartoon reads, "On the Internet, no one knows you're a dog,"19 or so many would
We need passwords to get on the Internet, to check our email, to participate in
online forums and e-commerce and these safeguards give us a certain sense of security.
In U.S. v. Maxwell a U.S. court found that a subscriber had an expectation of privacy in
his email because only he could access his password-protected account and there was
18 Canada, Annual Report Privacy Commissioner 1998-99 (Ottawa: Office of the Privacy Commissioner,1999) (Commissioner: B. Phillips) at 1-2.
19 P. Steiner, The New Yorker 69:20 (5 July 1993) 61.
little risk that any messages he sent would be retrieved or read by anyone other than the
intended recipients for the same reason.20
Opinion polls consistently show that Canadians and Americans are concerned
about their privacy in cyberspace,21 but because most possess a poor appreciation of what
actually takes place 'behind the screen',22 these concerns are not operationalized and
actions remain unmitigated.23 Many times, individuals engage in trust relationships
simply because trust is a difficult thing to judge online.24 In so doing, people assume that
the interface protects them from prying eyes and that they enjoy more privacy in visiting
Playboy.com from a laptop in the physical solitude of their living rooms than if they were
to pick up the magazine in the local corner store.25
Third, "traffic data" is an arbitrarily defined legal label designed to classify
information as separate from and different than the content of a message. As Figures 2
20 [1995] 42 M.J. 568, 576 [Maxwell].
21 Trust and Privacy Online: Why Americans Want to Rewrite the Rules, (Washington, D.C.: Pew Internet& American Life, 2000), online: Pew <http://www.pewinternet.org> (date accessed: 29 March 2003). seealso Electronic Privacy Information Center, Public Opinion on Privacy, online:<http://www.epic.org/privacy/survey/default.html> (date accessed: 29 March 2003).
22 See S. Turkle, Life on the Screen: Identity in the Age of the Internet (New York: Simon & Schuster,1995).
23 See EC, Commission, Legal Aspects of Computer-Related Crime in the Information Society (Wurzburg:EC, 1998) at 25, online: Europa <http://europa.eu.int/ISPO/legal/en/comcrime/sieber.html> (date accessed:12 May 2003) [Sieber Report] ("One of the main dangers of computer crime is caused by the fact that manyprivate users do not know the threats that they are actually or potentially exposed to.").
24 See e.g. S. Jarvenpaa and S. Grazioli, "Surfing among sharks: How to gain trust in cyberspace" NationalPost, (7 August 2001) M2 (in most cultures, confidence is fostered by close contact between parties, butreputation and size are harder to convey and close customer relationships more difficult to develop incyberspace than in a traditional physical setting).
25 Blumofe v. Pharmatrak, Inc. (In re Pharmatrak Privacy Litig.),No. 02-2138, 2003 U.S. App. LEXIS 8758at 11-12 (1st Cir. May 9, 2003) [Pharmatrak] (Pharmatrak, Inc., recorded the personal information of 197visitors to Pharmacia, Inc.'s Detrol.com, a website on bladder control medication, including names,addresses, telephone numbers, email addresses, dates of birth, gender, insurance status, education levels,occupations, medical conditions, medications, and reasons for visiting the particular website. Pharmatrakcollected the information in contravention of explicit contractual conditions and in contrast to its ownrepresentations); the third-party collection, which was invisible to the data subject, was also incontravention of Pharmacia's own privacy policy which stated that "[p]ersonally identifiable information[would] not be sold, rented or exchanged outside of Pharmacia unless the user [was] first notified andexpressly consent[ed] to such transfer.", online: Internet Archive <http://shorl.com/hinudryfrestoma> (lastupdated: February 2001).
and 3 illustrate, it relies on an obsolete analogy. The line between traffic and content is a
not a bright one and, frequently, not even the technology experts know where it lies.26
American courts have adopted the notion that "what a person knowingly exposes
to the public" he or she cannot logically expect to be protected within the sphere of a
reasonable expectation of privacy.27 In U.S. v. Hambrick,28 the court found that in
knowingly disclosing non-content information to a third party, the defendant lost any
expectation of privacy in that information. In that case, "non-content" actually referred to
subscriber information as opposed to traffic data, although the latter was clearly
contemplated.29 Similarly, the 6th Circuit Court of Appeals found in Guest v. Leis, that
subscribers do not have a legitimate expectation of privacy in their subscriber information
because they have conveyed it to another person, the system operator.30
However, the determination of reasonable expectation has not often turned on that
point in Canadian law. Instead, as articulated in Schreiber, the Supreme Court has chosen
to focus the analysis on how "closely linked to the effect that a breach of that privacy
would have on the freedom and dignity of the individual."31
The Canadian cybercrime initiative echoes the Convention in suggesting that
because the search and seizure or surveillance would take place without intruding on the
physical sanctity of the subject's home, it would be less invasive.32 However, this ignores
27 See e.g. Smith v. Maryland, 442 U.S. 735, 744 (1979) ("[P]etitioner voluntarily conveyed to itinformation that it had facilities for recording and that it was free to record. In these circumstances,petitioner assumed the risk that the information would be divulged to police…") [Smith].
28 2000 U.S. App. LEXIS 18665 (4th Cir., 2000).
29 Ibid at 11-12 (citing interpretation in Smith, supra note 27 at 741-742 that since pen registers do notacquire the contents of communications, they do not attract Fourth Amendment protection; petitioner hadno expectation of privacy in traffic data).
30 255 F.3d 325, 335-336 (6th Cir., 2001).
31 Schreiber v. Canada (Attorney General), [1998] 1 S.C.R. 841 at 854 [Schreiber].
32 Explanatory Report to the Convention on Cyber-crime at para. 171; Lawful Access, supra, note 3 at 11.
the fact that technology has inverted the proximity of personal information to the subject
to such an extent that invasions of privacy rarely ever take place within the confines of
one's house or person, but more often through the complicity of third party holders of
personal information. Breakthroughs in technology in the 1970's and 80's have made it
possible for the private sector to collect, combine, store, manipulate, and exchange vast
amounts of data quickly and at ever-diminishing cost.33 By the early 1980s, the private
sector overtook the state as the primary threat to privacy, upsetting Orwell's dystopic
vision of one Big Brother in favour of many little ones.
Canadian courts have found that a reasonable expectation of privacy is not
founded on the location of the information in which the expectation is held.34 Records
that "could reveal incredibly intimate and personal details about his preferences, habits,
opinions, hopes and activities" were deemed to attract a reasonable expectation of privacy
despite the fact they were held by third parties in remote locations.35
Part III: The unintended consequences of a legislated approach
There is a presumption that governments introduce legislation to remedy specific
problems. Unfortunately, a foundation criticism of the Canadian cybercrime proposal
must be the lack of empirical – or anything beyond anecdotal – evidence that the
33 C. Berzins, "Protecting Personal Information in Canada’s Private Sector: The Price of ConsensusBuilding" (2002) 27 Queen’s L.J. 609 at 616.
34 Del Zotto v. Canada (Minister of National Revenue) (1997) 147 D.L.R. (4th) 457 (SCC).
legislative amendments proposed are actually required to solve a specific market
Stanford law professor Lawrence Lessig has observed that more than law alone
enables legal values, and law alone cannot guarantee them.37 In cyberspace, and in
cybercrime investigations, frequently code and technical standards are as important as
law. The Canadian proposal claims that technology lies at the root of many of the
difficulties now faced by law enforcement and national security agencies in their efforts
to investigate and prosecute crime in cyberspace. However, empirical surveys of the
impediments which law enforcement faces support a different conclusion: that improved
technological and administrative solutions would substantially address the public policy
There is a metaphorical parallel to the dilution of judicial oversight, which can
shed light on potential consequences. Under highway safety legislation in many Canadian
provinces and U.S. states, the thresholds for vehicular search and seizure have been
lowered in a manner similar to that now proposed in the Canadian and other cybercrime
initiatives. Police officers can conduct random roving stops of motorists anywhere and at
anytime. There is no need for law enforcement to justify a stop nor can judicial oversight
be effective because there is no objective criteria against which a judge can measure an
officer's belief that such action was justified.
36 Section 195 of the Criminal Code requires the Solicitor-General to annually publish reports onauthorizations for interceptions of private communications (s. 185), authorizations given for emergencyinterceptions without reasonable diligence (s. 188), and interceptions made in the preceding year.However,the Solicitor-General has failed to table this report to Parliament for over two years, see T. Hamilton,"Powers snoop more, explain less" The Toronto Star (24 Mar 2003).
37 L. Lessig, "The Law of the Horse: What Cyberspace Might Teach" (1999) 113 Harv. L. Rev. 501.
38 M. Vatis, "The Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A NationalNeeds Assessment" (Hanover, NH: Institute for Security Technology Studies, 2002) at 10-12, online:Dartmouth College <http://www.ists.dartmouth.edu/lep/lena.htm> (date accessed: 24 October 2002).
To a greater degree than in Canada, courts and commentators in the United States
have acknowledged that unlimited police discretion to stop and search will result in the
harassment of racial or cultural minorities or be used as a pretext for investigation of
unrelated criminal activity. A lower threshold encourages individual police officers to
make subjectively-based assessments which can, in turn, too easily mask discriminatory
conduct. This has been widely acknowledged by the courts, in academic literature, social
science data and the media in both Canada and the United States.39 Second, a lower
threshold precludes effective judicial and public oversight of inevitable constitutional
violations. Some Canadian courts have more recently acknowledged that the lack of
judicial oversight is problematic and have sought to read down discretionary powers for
investigatory detentions.40 Contrary to this growing awareness, the Canadian cybercrime
initiative proposes broad investigatory powers under lower thresholds and, in so doing,
ignores the lessons learned from investigative detentions in North America.41
Reduced judicial oversight and the natural predilection of even the most fair-
minded person to prejudge their perceptions has, in the context of highway safety, led
down a slippery slope of subjectivity that many Black North Americans euphemistically
call "DWB", the offence of "Driving While Black".42 The reality is that while discretion
is the hallmark of individualized justice, it can easily contain the seeds of inequity.
39 See e.g. R. v. Landry (1986), 25 C.C.C. (3d) 1 at 30 (S.C.C.), Brown, infra note 40 at para. 94; seealso"Police Target Black Drivers" The Toronto Star (Oct 20 2002), "The Story Behind the Numbers" TheToronto Star (19 Oct 2002), "Treatment Differs By Division" The Toronto Star (Oct 19 2002).
40 See e.g. Brown v. Durham Regional Police Force, (1998), 138 C.C.C. (3d) 1 (Ont. C.A.).
41 Lawful Access, supra note 3 at 11 (claiming production orders "less invasive", contemplating lowerexpectation of privacy in traffic data), 12 (interpreting Plant to suggest that some types of data should notrequire judicial authorization).
42 See D. Harris, Driving While Black: Racial Profiling On Our Nation's Highways (Special Report) (NewYork: ACLU, 1999), online: ACLU <http://www.aclu.org/profiling/report> (date accessed: 9 Nov 2002);K. Meeks, Driving While Black: Highways, Shopping Malls, Taxicabs, Sidewalks: How to Fight Back ifYou are a Victim of Racial Profiling (New York: Broadway Books, 2000); G. Webb, "DWB" Esquire 131:4(April 1999) 118.
Without procedural safeguards, discretion will often be exercised in a manner not
consonant with the goals and spirit of valid legislative objectives.43
In the present political atmosphere and in the context of Canadian cybercrime
proposal, it does not take much foresight or even creativity to interpolate 'driving' with
'surfing' and 'Black' with 'Muslim' to imagine that reduced judicial scrutiny could lead to
a new cyber-offence, in North America, of "Surfing While Muslim".44 Salient interests
might include a Muslim-sounding name, an IP address from an Arab country or
organization, an online purchase of the most recent book by Muslim authors Irshad
Manji, Salman Rushdie or any number of others as defined by the personal biases of the
individual investigator. Similar discretion could just as easily be applied to any number of
groups frequently stereotyped as exhibiting undesirable behaviour, including youths, and
the full spectrum of political causes. Legal control becomes a more all-embracing form of
The Canadian cybercrime initiative fails to account for the nature of the
technology it seeks to regulate and, in so doing, sets a dangerous precedent in Canadian
law. Unfortunately, the Canadian situation is not unique. Many nations, including the
43 See e.g. K. Lunman, "Muslims 'threatened' by new law, group says" The Globe & Mail (15 May 2003)A7 (Muslim group argues discretionary powers under the Anti-terrorism Act, S.C., 2001, c. C-41 used toprofile Muslims citizens.).
44 J. Young, "Surfing While Muslim: Privacy, Freedom of Speech and the Unintended Consequences ofCybercrime Legislation" McGill L. J. (forthcoming spring 2004).
United States, have already started down this road. The following recommendations
speak to a more thoughtful approach.
First, policymakers must recognize that new technologies collapse old distinctions
and sometimes create new ones. A long, broad approach to technology regulation – a
certain humility – would likely do much to improve legislated responses.
Second, policymakers must recognize that there is a synergy between the market,
technology, law and policy that precludes looking at the individual components out of
context. Failure to do so will result in, at least, unintended consequences and, at worst,
exacerbation of the problem the regulations seeks to address.
Third and finally, constitutional rights should never be abrogated for anecdotal or
anything less than clearly identified market failures. This is particularly true in the
technology space, where pundits frequently confuse hyperbole with fact and code plays
an ever more important role in the construction of legal rights and norms.
Oficina Consular en Pretoria, Sudáfrica SOLICITUD DE VISA TRANSITORIA- TRANSIENT VISA APPLICATION IMPORTANTE: Todos los apartados deben ser l enados en MAYÚSCULAS. Por favor, complete el cuestionario a vuelta de hoja, consigne fecha, firme y aclare nombres y apel idos. NOTICE: Fill all blanks in CAPITALS, turn overleaf, date, sign and write full name. 1-APELLIDO/ S- SURNAME/ S (com
Bullock, Community Leaders Announce Creation of Montana Mental Health Trust M O N T A N A D E P A R T M E N T O F J U S T I C E · A T T O R N E Y G E N E R A L S T E V E B U L L O C K ATTORNEY GENERAL STEVE BULLOCK STATE OF MONTANA FOR RELEASE: February 25, 2010 CONTACT: Kevin O'Brien, 444-0582 or Judy Beck, 444-5774 Bullock, Community Leaders Announce Creation of Montana Mental H