The Canadian government has tabled the Modernization of Investigative Techniques Act, which would force Internet service providers to hand over subscriber records and other data to police during investigations.
The Canadian Association of Internet Providers says criminals should have to pay for the costs of complying with the legislation. ISPs, who say they generally co-operate with requests from law enforcement officials already, have objected to the potential capital expense in upgrading their networks or providing the ongoing administration services that may be necessary to comply with MITA.
If MITA becomes law, all carriers and ISPs will require an “interception capability” which can assist law enforcement officials. Police can also demand subscriber names, addresses, telephone numbers and IP addresses. Court authorizations will still be required to intercept an ISP’s customers.
The federal Cabinet would be able to provide exemptions in cases where the cost would have “an unreasonable adverse effect on the business” of an ISP.
CAIP president Tom Copeland said the finer points about who pays for the costs of MITA compliance probably won’t be worked out until the legislation has worked through its first or second reading.
“The last pitch we made — and we had support from the chiefs of police on this one — was that proceeds of crime be considered for this.”
Copeland said large ISPs such as Bell Canada and Telus may buy the latest networking equipment, but smaller firms often purchase on the secondary market. A switch that’s two to five years old may meet their business needs but not the requirements of MITA.
Canadian businesses see employees who unintentionally download viruses or spyware as a greater risk to the security of their IT systems than hackers. More than half of the 565 senior-level decision makers who responded to a survey commissioned by Fusepoint Managed Services, Sun Microsystems and Symantec Corp. said they believe their organization’s confidential and private data is at risk. This is despite the fact that 92 per cent use anti-virus software, 43 per cent say they use encryption technology and 85 per cent say they have firewalls in place.
Clemens Martin, a professor in the IT Security Group at the University of Ontario Institute of Technology, said the survey results indicate a need to improve the way in which users are trained in security policies.
Vendors have to make sure the technology doesn’t make education more difficult, said Andy Canham, president of Sun Microsystems of Canada. “It has to be a no-brainer,” he said. “It has to be implicit and systemic in the way they do business, so that the IT departments can just deal with the (security) issues, not the products.”
Fifty-seven per cent of respondents feel only somewhat confident that their IT department could withstand an attack. This is at a time when executives said threats are becoming more sophisticated. Martin offered a demonstration of a “spear-phishing” attack that uses a bogus e-mail and Web site to deceive a user into handing over a password to secure information.
This year’s Zotob worm was created and deployed in only six days, where comparable malware took six months to develop, said Michael Murphy, Canadian vice-president of Symantec Corp.
Fusepoint president George Kerns said the acceleration of virus and bug creation is making it even more difficult for IT departments to respond appropriately. “There’s no guarantee the threat is going to hit in the middle of the day on a Wednesday, when everyone is at work.”
Although 27 per cent of large businesses said they thought a security breach could cost their organizations $1 million or more, 38 per cent had no idea what the impact would be.
The survey was conducted by Leger marketing between Oct. 28 and Nov. 9, and the results are believed to be accurate within plus or minus four per cent, 19 times out of 20.
A planned upgrade to Telus Corp.’s ADSL commercial and business services is helping to redefine how the industry measures broadband, according to the carrier’s chief technology officer.
Telus is installing Nokia’s D500 DSLAM (Digital Subscriber Line Access Multiplexer), increasing its coverage from about 88 per cent to more than 90 per cent. The Nokia ADSL2+ equipment will allow the carrier to increase download speeds from 15 to 30 Mbps.
“We’ve developed a special cabinet known as the rapid deployment access cabinet to allow customers like Telus to place the DSLAM closer to the customer: on the curb or in multi-dwelling units or in shopping malls,” explained Peter Kibiuk, head of sales for fixed operation solutions for Nokia Canada in Burnaby, B.C.
The ADSL2+ service should be available to subscribers by the end of the year, said Ibrahim Gedeon, Telus’s chief technology officer.
Future upgrade plans would include ADSL2+ bonded, which would allow for speeds of up to 35 Mbps. The Nokia platform would also allow existing modems to use a VDSL2 card, which could reach 40 Mbps. But more important than the speed is what you can do with it, said Gedeon. Telus is trying to replace the cart-before-the-horse approach that has typically characterized bandwidth issues.
“The investments we’ve done in our systems over the last few years is to stop capturing your profile via bandwidth but capture it as (media and Web preferences) rather than doing it the other way around,” said Gedeon.
Increasing the available bandwidth will help Telus prepare for applications like IP-TV, said Gartner Canada analyst Elroy Jopling. “You don’t need a lot of bandwidth for standard television, but as soon as you start getting into high-definition, it takes a lot more.”
There is a measure of wisdom in Gedeon’s argument that services are more important than raw bandwidth, said Jopling, but it’s unlikely that users will start ignoring numbers like 40 Mbps.
“It’s the same as memory in computers: you never have enough. If somebody gives you more than you need, then within the next year somebody will figure out how to make use of it.”
According to Kibiuk, Nokia’s agreement with Telus marks the first time the equipment provider has reached a major infrastructure deal with a Tier 1 carrier.