dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2370
share rss forum feed


TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26

1 edit

3 recommendations

TekSavvy response to Citizen Lab inquiry

Hello all,

Back in January, we received a pretty long letter asking for a range of details about TekSavvy's data retention and sharing policies, specifically with an eye to how, when, and why we disclose information to government agencies. Since then, a lot has come out in public about both government activity in this area, and what some other Canadian telecom providers have been up to.

As some of you know, we have been devoting more resources to the legal and regulatory function over the last couple of months, partly to address new challenges like these as they come up. Taking a hard look at what we do in this area has been part of that role. Today we posted a reply to the January Citizen Lab letter. It includes a fair bit of detail on what inquiries we have received in the past, how we have responded to them, and how we are strengthening our practices going forward.

There is obviously a lot of work left on this front. In a lot of ways we are just getting started. But we wanted to make you guys aware of where we are at so far on this, which this letter is the first step in addressing.

Here is a link to that original request: »citizenlab.org/2014/01/towards-t···cations/

Attached to this post is our response to that letter.
--
Marc - CEO/TekSavvy


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21

Cool, thanks for providing the information!
--



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26

You're welcome.


voxframe

join:2010-08-02
reply to TSI Marc

Wow! Very informative and well written. Thank you!



Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:23
reply to TSI Marc

The second half of the document appears to be a copy of the first half, is that correct, or is there a difference?



TSI Andre
Got TekSavvy?
Premium,VIP
join:2008-06-03
Chatham, ON
kudos:24

Hmmm. I think your correct. Means you can read it twice



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26
reply to Guspaz

looks like you're right. I'll update that shortly. should be 16 pages.
--
Marc - CEO/TekSavvy



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26

there. fixed.



Nagilum
Premium
join:2012-08-15
Kitchener, ON
Reviews:
·TekSavvy Cable

1 edit
reply to TSI Marc

A wonderfully thorough response. Thanks Marc!

One question though, wouldn't the incumbent ISPs that provide your last mile of service also be in a position to provide some of this information/monitoring capability, side stepping your privacy policies? How does that work from a legal perspective?
--
"The Net interprets censorship as damage and routes around it." - John Gilmore, 1993



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26

thanks Nagilum. I'll see if I can get Bram on here to respond to you.
--
Marc - CEO/TekSavvy


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to Nagilum

said by Nagilum:

A wonderfully thorough response. Thanks Marc!

One question though, wouldn't the incumbent ISPs that provide your last mile of service also be in a position to provide some of this information/monitoring capability, side stepping your privacy policies? How does that work from a legal perspective?

Herr Harpler simply goes to the indumbent providing service for TSI's last mile and says, "Show us what's under the kimono", and all of TSI's best intentions are vapourized in an instant. Nothing against TSI - they're one of the good guys. But that's the way things working in the fucked up telecom world Canada has.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

@Marc

Since TSI now has servers co-located in NY (elsewhere??), would you now care to comment on your privacy protection protocols whence the US feds or other US LEO's demand info on Canadians - keeping in mind that you, Marc, could be personally put on the FBI's most wanted list for failure to comply?

Just askin'.


jkoblovsky

join:2011-09-27
Keswick, ON
kudos:2

said by MaynardKrebs:

@Marc

Since TSI now has servers co-located in NY (elsewhere??), would you now care to comment on your privacy protection protocols whence the US feds or other US LEO's demand info on Canadians - keeping in mind that you, Marc, could be personally put on the FBI's most wanted list for failure to comply?

Just askin'.

A carbon copy of all data flowing into the US is currently scooped up by the NSA at data entry points. Essentially this would be outside the prevue of TSI and something they don't have complete control over through cross-boarder servers.

@Marc A bit late to the party however good write up! Wondering if the other indie's will follow suit.


TSI Bram
Premium
join:2014-05-13
Chatham, ON
reply to Nagilum

said by Nagilum:

A wonderfully thorough response. Thanks Marc!

One question though, wouldn't the incumbent ISPs that provide your last mile of service also be in a position to provide some of this information/monitoring capability, side stepping your privacy policies? How does that work from a legal perspective?

Good question. When we say that our review is ongoing, that is one of the things we have in mind, and there are clearly several fronts to it. The short answer is that to the extent they have the information that we have, that is a risk -- so our challenge is to look for technical and regulatory tools to minimize such situations.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to TSI Marc

@Marc

In your .pdf, Q5e and your response A5e pose an interesting dilemma ......

We do not require employees to have special
clearances in order to be available for processing such requests. Company
officials at our company’s highest levels have direct and detailed knowledge of
our responses to data requests from government agents.

Some proposed federal legislation envisages 'specially cleared' individuals to handle information at an ISP. So, hypothetically, nobody @ TSI met, or could meet, those requirements. Could the Feds force you to hire somebody with 'special clearances'?

Would the Feds pay your costs of doing so?
Would the Feds be able to instruct that individual(s) to supply the Feds with just about anything they wanted without TSI's CEO & legal counsel knowing the breadth, scope, duration, real-time or otherwise nature, and numbers of records/customers involved?
Sounds like they might.


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to jkoblovsky

said by jkoblovsky:

said by MaynardKrebs:

@Marc

Since TSI now has servers co-located in NY (elsewhere??), would you now care to comment on your privacy protection protocols whence the US feds or other US LEO's demand info on Canadians - keeping in mind that you, Marc, could be personally put on the FBI's most wanted list for failure to comply?

Just askin'.

A carbon copy of all data flowing into the US is currently scooped up by the NSA at data entry points. Essentially this would be outside the prevue of TSI and something they don't have complete control over through cross-boarder servers.

You missed the point (as usual).

If the US Feds come calling on TSI for subscriber data (by virtue of TSI's deemed 'presence' in the USA, that is entirely different than scooping up cross border traffic about your 'dog' (code word for the terrorist act you are proposing to commit, or was that simply the dog crapping on Aunt Millie's carpet?).

jkoblovsky

join:2011-09-27
Keswick, ON
kudos:2

1 edit

said by MaynardKrebs See Profile
If the US Feds come calling on TSI for subscriber data (by virtue of TSI's deemed 'presence' in the USA, that is entirely different than scooping up cross border traffic about your 'dog' (code word for the terrorist act you are proposing to commit, or was that simply the dog crapping on Aunt Millie's carpet?).

The US Feds don't need to call on TSI for anything. All they need is the IP address associated with the account, and track your movements online and profile the data collected. That profiled data could reveal your exact location without the need to go to the telecom provider. The info collected by the NSA I think has a 2 or 3 year retention on it. At some point in that 2 or 3 years, you've probably received an e-mail (like your utility bill that has your address) that's bounced through US servers to get to you. If you've sent an e-mail from that account you receive your bills in, than your IP address can be very easily tracked to your home address without the need for the ISP to be involved. I strongly suspect to some degree this is already happening.

The defense to all of this isn't solely transparency, it's legislative and legal. Transparency helps to get us to the legal and legislative stages.



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26
reply to MaynardKrebs

looks like the site is blocking Bram's post. i'm sure it will show up before long
--
Marc - CEO/TekSavvy



TSI Bram
Premium
join:2014-05-13
Chatham, ON

1 edit
reply to MaynardKrebs

said by MaynardKrebs See Profile

Since TSI now has servers co-located in NY (elsewhere??), would you now care to comment on your privacy protection protocols whence the US feds or other US LEO's demand info on Canadians - keeping in mind that you, Marc, could be personally put on the FBI's most wanted list for failure to comply?

The process to obtain evidence from a Canadian entity in a U.S. criminal proceeding is to issue an MLAT treaty request. The U.S. DOJ would seek for a Canadian authority to apply for a Canadian judicial order. Absent such an order, we would not be able to provide evidence in the way that you are describing.

simsin0

join:2008-01-06
Reviews:
·TekSavvy DSL

1 recommendation

reply to TSI Marc

This is one reason I love dealing with you guys. I feel this kind of approach from a profit based company is rare in today's world.

I grew up with the internet, I am somewhat tech savvy and to be honest I am horrified of the amount of data collection that are collected on a daily base from big corporations such as Google...

Lots of people don't understand how important privacy is and don't value it as much (ignorance is bliss?)

To get back on track I love to see that my ISP is there protecting my rights and privacy. This isn't something I expect to see from many companies.

Thanks Guys!


jkoblovsky

join:2011-09-27
Keswick, ON
kudos:2
reply to TSI Bram

@Bram do US officials require an MLAT request to obtain information on Canadians retained on US servers that TSI or any other ISP would be using?



TSI Bram
Premium
join:2014-05-13
Chatham, ON
reply to MaynardKrebs

said by MaynardKrebs:

If the US Feds come calling on TSI for subscriber data (by virtue of TSI's deemed 'presence' in the USA).

Guess I should add that, of course, the situation would be a bit different if we we were using U.S. servers to store Canadian users' data. We don't do that.


LEO CEO

@193.200.150.x
reply to TSI Bram

TY for being somewhat open here, Marc. I'm sure it will go a long way (and also serves to rub the Telco-cartels noses in their own dung for their weak and useless replies).

However, I am disappointed in the "indefinite retention" of certain data, and indefinite links to individuals (nick-based or through the likes of facebook). Nor does "tax" law require indefinite storage of this. Even then it's a normal 7 years at most for tax law. And really, I don't see why facebook and other things like people nicks have to do with indefinite retention due to tax laws.

Hope you clean that up.

Other than that, TY for keeping your promise. It took some months but you did it. So +1 to you.


jkoblovsky

join:2011-09-27
Keswick, ON
kudos:2
reply to TSI Bram

said by TSI Bram See Profile
Guess I should add that, of course, the situation would be a bit different if we we were using U.S. servers to store Canadian users' data. We don't do that.

I think it would also be important to note, that TSI doesn't route to the US either:

»ixmaps.ca/transparency.php



Nagilum
Premium
join:2012-08-15
Kitchener, ON
reply to TSI Bram

Thanks for the quick and honest response Bram; it is very much appreciated.



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:26

thanks guys. great to hear the positive feedback and we will continue to work at it. we aren't done by any stretch. we're calling it a night over here.
--
Marc - CEO/TekSavvy



Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:23
reply to TSI Marc

Would the use of MPPE encryption (PPPoE's encryption extension) be possible to secure the segment between the end-user's router and TekSavvy's routers (securing it against eavesdropping on the Bell network)? It wouldn't help cable customers, and like MLPPP it would require support on both the CPE and the router, but maybe it could help.
--
Latest version of CapSavvy systray usage checker: »CapSavvy v4.3 released!


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to TSI Bram

said by TSI Bram:

said by MaynardKrebs See Profile

Since TSI now has servers co-located in NY (elsewhere??), would you now care to comment on your privacy protection protocols whence the US feds or other US LEO's demand info on Canadians - keeping in mind that you, Marc, could be personally put on the FBI's most wanted list for failure to comply?

The process to obtain evidence from a Canadian entity in a U.S. criminal proceeding is to issue an MLAT treaty request. The U.S. DOJ would seek for a Canadian authority to apply for a Canadian judicial order. Absent such an order, we would not be able to provide evidence in the way that you are describing.

Sure - IF there WAS a bona fide criminal proceeding, ie. indictments, warrants - you know, real legal - as opposed to the Stasi, NSA, CSIS, CSEC, RCMP barn burning not so legal, ahem, 'requests'.


LEO CEO

@193.200.150.x
reply to TSI Marc

First mainstream media report on it (that I noticed):

TekSavvy opens books on government data requests
»www.theglobeandmail.com/technolo···8999107/

... this document about TekSavvy’s procedures throws down the gauntlet for those larger Canadian telcos who share less information with the public and more information with government agencies. It also picks an implicit fight with the motivations behind federal legislation geared to facilitate information handovers.

...

"The Edward Snowden leaks based in the U.S. … have helped underline a key commitment that is required to achieve this mission, which is strong data privacy and transparency," writes Bram Abramson, the company’s chief legal and regulatory officer “TekSavvy has taken steps to strengthen our internal team dedicated to legal and regulatory matters,” he adds.


Kudos to Marc and Bram for stirring the pot just a little bit.


cepnot4me

join:2013-10-29
Severn Bridge, ON
kudos:2
Reviews:
·TekSavvy DSL

That's how I am seeing this. TSI is all
"What's the big deal!? Here ya go!" while Bell and Rogers are providing a run around, granted TSI had 57 instances, isn't a cell provider etc.
So Rogers and Bell probably have a few hundred instances to report back on.

I talked to some cop friends though. A lot of their requests, (Standard non criminal related) is cell triangulation of reported lost or missing persons. You report someone missing, they ask for a cell phone location.

So in that case, Telus,Bell and Rogers will have hundreds of thousands of requests.

I like that TSI is open and honest though. Lead by example.