Evidence of meeting #38 for Access to Information, Privacy and Ethics in the 43rd Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was online.
A video is available from Parliament.
12:35 p.m.
Conservative
The Chair Conservative Chris Warkentin
Thank you, Ms. Stubbs.
You are out of time. You're over time, but we will allow Ms. Lukings the opportunity to respond to that. I just wanted to note that we're moving into other folk's time.
Ms. Lukings.
12:35 p.m.
Juris Doctor Candidate and Advocate and Cybersecurity Researcher, As an Individual
Thank you.
Privacy is very important, and it's also a safety issue in a lot of these situations. I can't provide any specific solutions. I'm not [Technical difficulty—Editor]. I definitely recommend asking Dr. Lashkari about that.
In terms of law, we need to remember the foundations of law, so what is the Privacy Act based on? What are the rights and freedoms that Canadians hold as important? Our rights to freedom of expression, freedom of association and all these things need to be considered when we're implementing new technology and new standards for technology.
As for specifics, that wouldn't be my area. I would be more like poking holes in why those things aren't private enough.
12:35 p.m.
Conservative
12:35 p.m.
Liberal
Brenda Shanahan Liberal Châteauguay—Lacolle, QC
Thank you, Chair.
I am thankful that Ms. Lukings agreed to appear in front of us again today. It's very refreshing to hear you, and you will be a professor one day. Of that I have no doubt.
Ms. Lukings, your work is so important to help us have a better understanding—and your comments certainly attest to that—of all the issues that are arising from what was a very disturbing, and I think you and other witnesses said this, unfortunately very sensationalist article, which brought concern to people because, of course, no one wants to see child sexual abuse material on the web or non-consensual intimate images on the web.
However, there are perhaps unintended harmful consequences that can arise, particularly to adult professional sex workers, if we're not thoughtful about how we legislate in this area.
I believe I still have about five minutes remaining. Please use my remaining time to share those concerns with us, and if you want to bring in Professor Lashkari.... By the way, congratulations on the great series of articles the two of you are working on. They're very interesting.
Please, go ahead.
12:35 p.m.
Juris Doctor Candidate and Advocate and Cybersecurity Researcher, As an Individual
To have meaningful consultations with people is really important. I would encourage the committee to review the submissions made by the Canadian Alliance for Sex Work Law Reform. They have done a lot of research in the area, and I'm really supportive of their efforts right now to challenge federally the criminal offences related to sex work, third parties and clients, material benefiting, advertising and all of these things.
They are an amazing resource. What makes them unique is that they are an umbrella organization that connects...I think it's over 20 or 30 different sex worker-led organizations all across the country. Everything is done through voting and from hearings with actual people who have lived experience in that area, so when you get data from this organization, it's solid data. I would really recommend consulting them.
Other than that, I would love to pass over the torch to Professor Lashkari.
12:40 p.m.
Conservative
The Chair Conservative Chris Warkentin
Professor, I just want to remind you to lift your mike when you're speaking. We found it a bit difficult to catch your words earlier with the translation, but if you would lift your mike I'm sure we will be able to hear you well.
12:40 p.m.
Assistant Professor, Faculty of Computer Science, University of New Brunswick and Research Coordinator, Canadian Institute for Cybersecurity, As an Individual
Thank you so much, and thank you, Ms. Lukings.
Actually, I can highlight this point. When we are looking to detect a person who is using this part of the network, from the Internet side it's completely impossible. Based on the three layers of encryption that we have, rolling up and backwarding to find a source is impossible. If we have access to the machines, from the user side we can monitor the behaviour of the user. We can detect who is using, for example, Tor connections, and with which software application for which purpose—for example, for audio, for a video call, for a chat or for uploading or downloading.
This is the key point that I think we need to consider. It is not possible, even if you have rules or regulations here in the law, to follow from the Internet to detect those guys. It's not possible, except, for example, for ISPs that are delivering Internet service in different cities or provinces. They can do some monitoring of the system that shows who is actually using this type of secure connection.
There is another concern, which is that we are not actually able to detect if they are going to work on the child pornography side. Maybe they are journalists who want to use this ability of anonymization and then deliver the voice or the sound; maybe they want to talk about something that maybe some governments have not given them permission for. This is the key point. We need to be careful [Technical difficulty—Editor] become law here, it should be clear. Can we recognize who is using this part of the super-secure or anonymized connection, for which purposes?
The key point is that, unfortunately, we cannot realize and detect it easily. It would need a huge amount of research. Maybe after five or, I don't know, 10 years, there will be some solutions we can use. At this moment, as I'm talking to you, there is no clear solution. We can detect the type of activity, but we just can't determine who is connecting to this network, for how many hours or which application they are going to use.
This is just an additional part that I would like to add to the point Ms. Lukings already highlighted.
Thank you, Mr. Chair.
12:40 p.m.
Conservative
The Chair Conservative Chris Warkentin
Thank you.
Mrs. Shanahan, do you have a follow-up question? You have 20 seconds.
12:40 p.m.
Liberal
Brenda Shanahan Liberal Châteauguay—Lacolle, QC
No. I'm happy to give the time to the next member. Thank you.
12:40 p.m.
Conservative
12:40 p.m.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
Thank you, Mr. Chair.
Thank you, Ms. Shanahan.
I listened very carefully to our witnesses. My questions will be more geared towards Mr. DeBarber.
I gather that we must correct and improve a response and ensure that it's done properly. However, there are many challenges.
I was surprised to learn that, for 400 images, there can be 400 applications to purge, and that it may cost $2,000 for an automated removal and about $5,000 for a custom removal. So we're talking about money.
In terms of access to the individual, service providers must provide some modulation. However, we've just completely switched gears, since there must be access to the machine. I heard that very clearly.
Obviously, this is about consent, but it's also about identity. As committee members, our job is to protect people's identity. With respect to the surface web and the dark web, I was wondering whether the notion of consent and identification was straightforward. I can give myself another name or I can use a keyword, as Ms. Lukings said earlier. I'm concerned about this. That's my first question. I'd like to hear your thoughts on this, Mr. DeBarber.
I respect the notion of consent. We won't take away what people like. However, we want to make sure that non‑consenting individuals, including minors, can't become victims. I'd like to hear your comments on this as well.
12:45 p.m.
Senior Privacy Analyst, As an Individual
I believe the first thing to say is a little about what I do.
I use the current technologies that automate copyright technology. I use these technologies to go out and help my victims get NCP that was put out there, whether it's revenge porn or something involved with human trafficking. I've been working very closely on the GirlsDoPorn situation over the years. More or less, I'm using some of the technologies there. I don't get 100% of it, but I can probably kill about 95% of it and probably get their name and content out of search engines. That's when some of it is archived in the deep web. Even then, every few years you have to go in to touch it up.
When a person tries to get a job, their name will get googled and that content will come up. I'm trying to liberate them from that. I'm trying to protect that social media, that digital footprint.
The other part of your question—
12:45 p.m.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
Sorry to interrupt you, but I'm running out of time and I have two more questions.
Why do the RCMP's responses make the process cumbersome?
You said that non‑consensual content can be removed. It's expensive and complicated, but it's possible.
As legislators, what do we need to fulfill our role?
12:45 p.m.
Senior Privacy Analyst, As an Individual
The process of doing this is costly, and it's really just stacked against victims. On top of that, it's stacked against free agent sex workers who are trying to protect their intellectual property.
There's a great Vice article that talks about a lot of OnlyFans folks. They can't do the same services studios can, so it pushes them towards a more exploitive studio structure.
We need to make those things more available. One thing we need to change, once again, is SEO and search engines in unverified content, specifically for upload sites. What I mean by an upload site is any site like Imgur, Pornhub or Xvideos, where I can go in, make an account and post anything I want. Those are not moderated the way—
12:45 p.m.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
As you said, once the damage is done, the process of removing the content is extremely difficult. There are delays and uploads involved.
What do you think of the right to be forgotten that several countries use?
12:45 p.m.
Senior Privacy Analyst, As an Individual
I might be a little biased there, because I'm an intelligence analyst by trade.
You're asking somebody who goes and subversively finds information about privacy. Honestly, I'm for it. I like the EU's stance on it, to be honest. I'm very biased on that question.
What I would like to see, especially, is that this content doesn't get SEO unless it's verified, because that keeps it from going viral to the point where it costs thousands of dollars to go out there and find the thousands of websites it's on and try to get rid of it. If I can kill it in the crib or at least get it to where.... Your average victim, from my calculation, at least for revenge porn, doesn't know for seven to 90 days. If unverified accounts can post anything they want, then it becomes part of that feedback loop, and that's a big deal. It's as easy as making them turn web spiders off that web page. That's something Pornhub can do. It's something that they really should just be—
12:50 p.m.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
At the end of the day, the entire international community must be aware of this new way of operating online. People, both young and old, must be informed. They must be warned. Certain measures must be implemented, including the process for accessing service providers and the web.
12:50 p.m.
Conservative
12:50 p.m.
Conservative
The Chair Conservative Chris Warkentin
We're going to turn to Mr. Angus now for the next round of questions.
Mr. Angus.
12:50 p.m.
NDP
Charlie Angus NDP Timmins—James Bay, ON
Thank you so much to the witnesses. It's wonderful to have Madam Lukings back.
This committee does not have a mandate to look into sex work. We are the privacy committee. There's the women's committee, the justice committee. There are many, many important issues. We've heard many important issues here.
Our focus started out from that article that Madam Shanahan called “sensationalist”. It was a New York Times article with Serena Fleites.
She came to our committee, and she stated that she tried time and time again, as a 13-year-old, to take it down. Pornhub's executives told us they had no record and they weren't sure of when she contacted them.
Mr. DeBarber, in your experience, is that a credible answer, that Pornhub wouldn't have known about this video or known about efforts to have it taken down? Is it the dark net inside corporate headquarters?
12:50 p.m.
Senior Privacy Analyst, As an Individual
My honest answer is that I believe your victim, first off.
To share something just as seedy that happened, there is right now a criminal conviction for human sex trafficking surrounding the defunct site, GirlsDoPorn. It's infamous. There are a lot of great articles about it. I had clients who were even raped during the entire time. It's a horrifying situation.
They were a content partner for Pornhub. As early as 2016, at least from my records, they were already seeing statements from more than one Jane Doe about the process and what went down there, and they kept them as a partner, literally almost to the day of the civil judgment in 2019, where 40 Jane Does stood up.
I completely believe them.
12:50 p.m.
Senior Privacy Analyst, As an Individual
Well, I'll put it this way. That is a lot of data to track, in fairness, if I'm looking at it from the cybersecurity point of view. I can't tell you if they had the data or not; it all depends on how much they archive.
To be plain, I fully believe your victim. This is a company that I strongly believe has some heavy liability out there and should face consequences for it.
12:50 p.m.
NDP
Charlie Angus NDP Timmins—James Bay, ON
I want to ask you a question.
I've spoken off the record with many people who worked at Pornhub, former executives and that, who are concerned. They told me that the traffic in these child-abuse and sex-assault videos was actually fairly small, but said that their business model was copyright evasion. They work in the legal content from the producers, running it right up to the very day they have to do takedown, changing tags and putting it up again.
Is that a credible claim, do you think?