I see two huge fundamental flaws with this plan that very few seem to be talking about, and it has nothing to do with ‘personal rights’ or privacy or constitutional rights, or whatever activist group is crying the blues about. I will spare you the soapbox stories of our personal liberties being squashed, it’s being covered enough. What isn’t being talked about is how this is actually going to work.
Storing and tracking the amount of data we are talking about has a cost associated with it. Storage on the scale of spying on an entire country is not going to come cheap. Who is paying these costs? If you think internet access in Canada is expensive now, wait until we are also paying the extra charges to spy on ourselves. We also haven’t talked about what systems we are going to build to harvest the right data from the massive amount of traffic we are going to be saving. Who pays for that? (Maybe google will offer to do it for free? ;) Keep in mind, our personal data use is only going to keep growing. How far back are we saving it? Are we only storing or sampling some data? If we are using it in a court case, we might need to see all of the activity to accurately define what is really happening. This leads me to fundamental problem number two.
So what if we can track peoples activity on the internet? The data we are collecting is questionable at best. We know there are botnets out there in the millions. That’s millions of infected machines per botnet type. As you read this, computers are being hijacked on a mass scale. So let me ask the question, if we use this data we just payed to collect on ourselves, what are we doing to protect the literally millions of unsuspecting users whose machines are infected, hijacked, part of a botnet, and generally under the control of someone else, from being swept up for copyright violations, child pornography, file sharing, etc, when we can’t even be sure the end user has any idea it’s even happening?
Hard to believe, but the Canadian government is actually planning on paying extra costs, to collect and sort information about ourselves, that we can’t even be confident is valid traffic from the physical owner of the computer. You can argue that the users should know better, or that they are part of the problem, or maybe the data is valid and you never know until you look. But the end result is still the same. We will fill our jails and courts with people that have no clue what was happening, while the real criminals, pedophiles, and thieves use tunnelling with communication obscuring technologies to move around illicit data, likely with botnets, same as they ever have. And best of all, we get to pay the extra jail and enforcement costs associated with this influx of new ‘criminals’. Does the police force have the ability to tell valid from bot generated traffic? What is the process to validate a machine they suspect was used to commit a crime and identify potential botnet activity which could point to a different perpetrator? These are things large organizations with huge amounts of funding already struggle with, do we really believe we are equipped as a country to deal with this on such a massive scale? Are we prepared to treat the data collected as true without validating the system has not been compromised and we are looking in the wrong direction?
I know the politicians want to at least seem like they are doing something, but what they are proposing is a little too far from a useful reality for my comfort. I’m sure it all sounds good on paper, but when you consider the technology that is going to have to wrap around this, it’s going to be complicated, expensive, and ultimately not all that useful when it’s done.
I know the politicians want to at least seem like they are doing something, but what they are proposing is a little too far from a useful reality for my comfort. I’m sure it all sounds good on paper, but when you consider the technology that is going to have to wrap around this, it’s going to be complicated, expensive, and ultimately not all that useful when it’s done.
This sounds like modern airport security for the internet.
