Trudeau’s liberal government is proposing a massive overhaul of cyber security legislation in Canada which many say it’s about time. However not all of the proposals are good for Canadians’ online privacy and security for Canadians.
Last month, January, BC Rise reached out to several of the most popular Virtual Private Network Providers (VPNs) for comments regarding Bill C-26 and asked them a series of questions. Unfortunately only one VPN provider responded.
NordVPN told BC Rise they are aware of the proposed laws in Bill C-26, but no one from the government of Canada consulted with them any possible impacts to its delivery of service to Canadians’.
While NordVPN doesn’t believe VPNs fall under “Telecommunications service provider” they expressed concern the of the sweeping broad range of power and lack of defined terms being used it “opens the door to possible abuse of power.”
Here are the questions BC Rise asked:
What does Bill C-26 mean for NordVPN’s no log policy?
We are of the opinion that Bill C-26 does not apply to VPN service providers, including NordVPN, nor does it contain provisions that allows the government to impose a logging requirement.
Bill C-26 gives the Minister of Industry the power to direct a telecommunications service provider to do anything or refrain from doing anything. However, we believe that VPN service providers do not fall under the definition of telecommunications service provider and, subsequently, such orders should not be imposed against VPNs.
Are there any concerns Nord VPN has for the Bill C-26 legislation in its current draft?
The lack of specific definitions of the relevant terms as well as the broad range of powers that the Bill grants to the government raises concerns of failure to ensure legal certainty and opens the door to possible abuse of power.
It is expected that Bill C-11 “online streaming act” will drive Canadian online traffic to VPN services and customer growth to get around what would be what critics call a government filtered Internet. For residents in Canada connecting to VPN servers in other countries, from the perspective of the Nord VPN’s legal team would VPN’s be captured by the undefined “manipulation” because it will redirect user traffic and “manipulate” their geolocation via different public IP address to bypass the CRTC filters within Bill C-11?
We do not believe that VPN would be considered a “manipulation” that would threaten the security of the Canadian telecommunications system since encrypting users data and protecting their identity online has the goal to ensure users’s privacy on the internet which is compatible with safe and secure telecommunications systems and does not endanger them. In fact, quite the opposite, VPN protects users of telecommunication services by encrypting their information, including sensitive information, from hackers.
Are there any changes Nord VPN would like to see made to Bill C-26?
The bill needs to be more clear about the actions companies can take to ensure their cybersecurity. Those actions should not include tracking users, weakening encryption, compromising freedom of speech, or undermining privacy in any other way. The wording “anything or refrain from doing anything” is too broad.