Many Canadians pride themselves for respecting the glorious wilderness that sits outside major urban centres in this country, but citizens of the United Kingdom have to treat their forests with extra-special care.
That’s because many trees there are protected from tampering, removal or
even surgery by laws that fall under local planning authorities. These laws are called “”preservation orders.”” In this case, preservation is to be distinguished from conservation, which designates areas set aside for building and landscaping. As the informative portal NatureNet.net admits, “”The name causes endless confusion, but that’s life.”” As preservation becomes an important part of IT managers’ vocabulary, they are advised to prepare themselves for similar confusion.
The Government of Canada is reportedly preparing its own preservation orders, which have nothing to do with the environment and everything to do with combating cyber crime. Though it hasn’t been officially introduced, the law is expected to give law enforcement the authority to obtain e-mail, billing and routing information from companies and Internet Service Providers (ISPs) as they pursue criminal investigations. Companies will be required to “”preserve”” data that might otherwise be destroyed in the course of regular business.
This is Canada’s way of cooperating with the Europe Convention on Cyber Crime, a committee established by the Council of Europe which last year signed a controversial treaty that established some of the first global IT crimefighting standards. As with any attempt to give government or law enforcement officials powers of surveillance over electronic records, the treaty has been criticized for sacrificing the privacy of individuals in the name of security. (It should be noted, perhaps, that the treaty was signed almost a year ago, in June 2001, months before terrorist attacks generated enough fear to slow some of the privacy advocates’ momentum.)
Like the United States, Japan and Mexico, Canada has “”observer”” status on this Council, which means we can sign on as we choose. So far, the U.S. has stayed well away. This may be because the treaty, and in a sense the entire Convention itself, dredges up the nightmarish cross-border issues Internet optimists often conveniently ignore. A prominent case in point involved the online auction of Nazi memorabilia on a a U.S. Web site. A French court ruled that Yahoo! should block its citizens from accessing the site. Though Yahoo! caved, getting rid of the items from the auction, experts questioned whether France was overstepping its bounds. In November 2001, a U.S. federal judge said that country’s Constitution would protect Yahoo! from any rulings made outside the country — which could be interpreted as a stinging rejection of the Europe Convention’s aims.
Canadians may fear prevention orders, given our own government’s spotty track record handling personal data. It has only been two years, after all, since Human Resources Development Canada scrapped the Longitudinal Labour Force File, which had so many vulnerabilities it seemed like an open invitation to the hacker community.
There may be some reassurance, however, to anyone who actually reads the Convention’s treaty, or (if you don’t have that kind of time on your hands), an FAQ list that tried to put some of the concerns to rest. Specifically, this document explains the difference between data retention requirements — keeping e-mail, billing and other data around forever — and preservation requirements. This concept, which would probably be adopted by the authors of any Canadian legislation, is actually based on a U.S. law. Preservation means the government may ask electronic communications service providers to “”take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.””
There is certainly some danger for privacy to be compromised here, but no one is asking businesses to file away every record of customer activity. If we are serious about combating crime in any form, we have to accept some legislative risks. We all agree that customer data is vital in the development of our businesses. In the right circumstances, law enforcement authorities need to be similarly empowered. The time to determine the extent of those powers has come.