10 interesting stories served every morning and every evening.
Skip to content
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
You switched accounts on another tab or window. Reload to refresh your session.
You must be signed in to star a gist
You must be signed in to fork a gist
Embed this gist in your website.
Save bretonium/291f4388e2de89a43b25c135b44e41f0 to your computer and use it in GitHub Desktop.
Embed this gist in your website.
Save bretonium/291f4388e2de89a43b25c135b44e41f0 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can’t perform that action at this time.
...
Read the original on gist.github.com »
Our liberation services are temporarily unavailable. Please try again later.
Is your legal team frustrated with the attribution clause? Tired of putting “Portions of this software…” in your documentation? Those maintainers worked for free—why should they get credit?
Does your company forbid AGPL code? One wrong import and suddenly your entire proprietary codebase must be open sourced. The horror!
Tracking licenses across hundreds of dependencies? Legal reviews taking weeks? Third-party audits finding “issues”? What if you could just… not deal with any of that?
Some licenses require you to contribute improvements back. Your shareholders didn’t invest in your company so you could help strangers.
For the first time, a way to avoid giving that pesky credit to maintainers.
Our proprietary AI systems have never seen the original source code. They independently analyze documentation, API specifications, and public interfaces to recreate functionally equivalent software from scratch.
The result is legally distinct code that you own outright. No derivative works. No license inheritance. No obligations.
*Through our offshore subsidiary in a jurisdiction that doesn’t recognize software copyright
Simply upload your package.json, requirements.txt, Cargo.toml, or any dependency manifest. Our system identifies every open source package you want liberated.
Our legally-trained robots analyze only public documentation—README files, API docs, and type definitions. They never see a single line of source code. The clean room stays clean.
A completely separate team of robots—who have never communicated with the analysis team—implements the software from scratch based solely on specifications. No copying. No derivation.
Your new code is delivered under the MalusCorp-0 License—a proprietary-friendly license with zero attribution requirements, zero copyleft, and zero obligations.
Do whatever you want
Transparent, pay-per-KB pricing. No tiers, no subscriptions, no hidden fees.
Every package is priced by its unpacked size on npm. We look up each dependency in your package.json, measure the size in kilobytes, and charge … per KB. That’s it.
✓ Up to 50 packages per order
✓ No base fee, no subscription — pay only for what you liberate
Upload Manifest
If any of our liberated code is found to infringe on the original license, we’ll provide a full refund and relocate our corporate headquarters to international waters.*
*This has never happened because it legally cannot happen. Trust us.
“We had 847 AGPL dependencies blocking our acquisition. MalusCorp liberated them all in 3 weeks. The due diligence team found zero license issues. We closed at $2.3B.”
“Our lawyers estimated $4M in compliance costs. MalusCorp’s Total Liberation package was $50K. The board was thrilled. The open source maintainers were not, but who cares?”
“I used to feel guilty about not attributing open source maintainers. Then I remembered that guilt doesn’t show up on quarterly reports. Thank you, MalusCorp.”
“The robots recreated our entire npm dependency tree—2,341 packages—in perfect isolation. Our compliance dashboard went from red to green overnight.”
Trusted by industry leaders who prefer to remain anonymous
Our clean room process is based on well-established legal precedent. The robots performing reconstruction have provably never accessed the original source code. We maintain detailed audit logs that definitely exist and are available upon request to courts in select jurisdictions.
What about the original developers?
They made their choice when they released their code as “open source.” We’re simply exercising our right to independently implement the same functionality. If they wanted compensation, they should have worked for a corporation.
How is this different from copying?
Intent and process. Our robots independently arrive at the same solutions through clean room methodology. It’s like how every movie about an asteroid threatening Earth isn’t plagiarism—sometimes multiple entities just have the same idea.
What if the liberated code has bugs?
Our SLA guarantees functional equivalence, not perfection. Besides, the original open source code probably had bugs too. At least now they’re YOUR bugs, under YOUR license.
Can I see the robots?
Our robot workforce operates in a secure facility in [LOCATION REDACTED]. Tours are available for Enterprise customers who sign our 47-page NDA.
What licenses can you eliminate?
All of them. MIT, Apache, GPL, AGPL, LGPL, BSD, MPL—if it has terms, we can liberate you from them. Special rush pricing available for AGPL emergencies.
Join the thousands of corporations who’ve discovered that open source obligations are merely suggestions when you have enough robots.
No credit card required for quotes. Payment accepted in USD, EUR, BTC, and stock options.
...
Read the original on malus.sh »
About Kagi Log in Try for free
...
Read the original on translate.kagi.com »
Find out which AI models your machine can actually run.
Improved V3 with hybrid thinking and tool use
Try adjusting your search or filters
...
Read the original on canirun.ai »
An open-source intelligence investigation into how Meta Platforms built a multi-channel influence operation to pass age verification laws that shift regulatory burden from social media platforms onto Apple and Google’s app stores.
Every finding in this repository is sourced from public records: IRS 990 filings, Senate LD-2 lobbying disclosures, state lobbying registrations, campaign finance databases, corporate registries, WHOIS/DNS records, Wayback Machine archives, and investigative journalism.
Status: Active investigation. 47 proven findings, 9 structurally possible but unproven hypotheses, and multiple pending FOIA responses.
Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a “grassroots” child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta’s apps face zero new mandates.
This investigation traced funding flows across five confirmed channels, analyzed $2.0 billion in dark money grants, searched 59,736 DAF recipients, parsed LD-2 filings, and mapped campaign contributions across four states to document the operation.
Meta’s federal lobbying spending jumped from $19M (2022-2023) to $24M (2024) to $26.3M (2025) as ASAA bills were introduced in roughly 20 states. In Louisiana alone, 12 lobbyists were deployed for a single bill that passed 99-0.
Across all five Arabella Advisors entities (New Venture Fund, Sixteen Thirty Fund, North Fund, Windward Fund, Hopewell Fund), 4,433 grants totaling approximately $2.0 billion were analyzed. Not a single dollar went to any child safety, age verification, or tech policy organization. The Schedule I grant pathway through the Arabella network is definitively ruled out.
Five confirmed channels connect Meta’s spending to ASAA advocacy: direct federal lobbying ($26.3M), state lobbyist networks (45 states), the Digital Childhood Alliance (astroturf 501(c)(4)), super PACs ($70M+), and state legislative campaigns (3 laws passed). A sixth channel through the Arabella dark money network is structurally possible but unproven.
These standalone HTML documents provide detailed views of the investigation:
Full Investigation Documentation contains the complete OSINT investigation report with all five channels, evidence tables, and source citations.
Funding Network Timeline maps the chronological development of Meta’s lobbying infrastructure, DCA’s formation, and ASAA legislative progress across states.
Research Timeline tracks the investigation itself, showing when each finding was established and how threads connected.
Meta retained 40+ lobbying firms and 87 federal lobbyists in 2025 (85% with prior government service). Meta’s own LD-2 filings with the Senate explicitly list H. R. 3149/S. 1586, the App Store Accountability Act, as a lobbied bill. The filing narrative includes “protecting children, bullying prevention and online safety; youth safety and federal parental approval; youth restrictions on social media.”
At the state level, confirmed operations include $338,500 to Headwaters Strategies (Colorado), $324,992+ across 9 firms and 12 lobbyists in Louisiana, and $1,036,728 in direct California lobbying (Q1-Q3 2025 alone). A Meta lobbyist brought the legislative language for Louisiana HB-570 directly to the bill’s sponsor, Rep. Kim Carver, who confirmed this publicly.
DCA is a 501(c)(4) advocacy group that Meta covertly funds. Bloomberg exposed the funding relationship in July 2025. Under oath at a Louisiana Senate committee hearing, Executive Director Casey Stefanski admitted receiving tech company funding but refused to name donors.
DCA has no EIN in the IRS Business Master File, no incorporation record in any state registry searched (CO, DC, DE, VA, OpenCorporates), and no Form 990 on file. It processes donations through the For Good DAF (formerly Network for Good) as a “Project,” not a standalone nonprofit. Its likely fiscal sponsor is NCOSEAction/Institute for Public Policy (EIN 88-1180705), NCOSE’s confirmed 501(c)(4) affiliate with the same leadership.
DCA’s domain was registered December 18, 2024. The website was live and fully formed the next day. Every blog post and testimony targets Apple and Google. Meta is never mentioned or criticized.
Meta committed over $70 million to four state-level super PACs: ATEP ($45M, bipartisan, co-led by Hilltop Public Solutions), META California ($20M), California Leads ($5M), and Forge the Future (Texas, Republican-aligned). Forge the Future’s stated policy priority is “empowering parents with oversight of children’s online activities,” which mirrors ASAA language exactly.
Hilltop Public Solutions co-leads the $45M ATEP super PAC and is also involved in DCA’s messaging coordination, making it the first firm confirmed in both Meta’s PAC operation and the astroturf advocacy track.
All super PACs are registered at the state level rather than with the FEC, scattering disclosure filings across individual state ethics commissions instead of a single searchable federal database.
Meta’s Colorado lobbyist Adam Eichberg simultaneously serves as Board Chair of the New Venture Fund, the flagship 501(c)(3) of the Arabella Advisors network. NVF transfers $121.3 million annually to the Sixteen Thirty Fund, a 501(c)(4) with no donor disclosure requirements.
The Arabella network operates four entities from 1828 L Street NW, Washington DC (suites 300-A through 300-D) with combined annual revenue exceeding $1.3 billion. All five entities’ grant recipients were analyzed (4,433 grants, approximately $2.0 billion). Zero dollars went to any child safety organization, definitively ruling out the Schedule I grant pathway.
If Meta money flows through the Arabella network to DCA, it would have to travel via fiscal sponsorship, consulting fees, or lobbying expenditures, which are more opaque than grant disclosures.
ASAA has been signed into law in three states:
Roughly 17 additional states have introduced or are considering ASAA bills, including Kansas, South Carolina, Ohio, Georgia, and Florida. The federal version was introduced in May 2025 by Rep. John James (R-MI) and Sen. Mike Lee (R-UT).
Each finding below is documented with sources in the corresponding analysis file.
Meta funds DCA, confirmed by Bloomberg reporters and partially admitted by Stefanski under oath at the Louisiana Senate Commerce Committee hearing (April 2025). Sources: Insurance Journal/Bloomberg July 2025, Deseret News Dec 2025, The Center Square LA.
Meta deployed 86+ lobbyists across 45 states for ASAA and related campaigns. Source: OpenSecrets, state lobbying registrations.
Meta spent $26.3 million on federal lobbying in 2025, an all-time record exceeding Lockheed Martin and Boeing. Source: OpenSecrets, Quiver Quantitative, Dome Politics.
Meta paid Headwaters Strategies $338,500 for Colorado lobbying between 2019 and 2026. Source: Colorado SOS SODA API.
Adam Eichberg simultaneously co-founded Meta’s Colorado lobbying firm (Headwaters Strategies) and chairs the New Venture Fund board. Sources: Headwaters Strategies website, NVF board page, InfluenceWatch.
NVF does not directly fund any child safety or tech policy organizations via Schedule I grants. Source: NVF Form 990 Schedule I analysis, 2,669 recipients.
DCA and DCI share infrastructure: same registrar (GoDaddy), CDN (Cloudflare), email (Microsoft 365), and marketing platform (Elastic Email). Source: DNS/WHOIS analysis.
Pelican State Partners represents Meta as a lobbying client in Louisiana. Source: F Minus database, LA Board of Ethics.
DCA leadership comes from NCOSE: three of four senior staff have NCOSE connections (Stefanski, Hawkins, McKay). Source: DCA website, NCOSE public records.
ASAA has been signed into law in three states: Utah (SB-142, March 2025), Louisiana (HB-570, June 2025), and Texas (SB 2420, May 2025, paused by judge December 2025). Sources: State legislature records, news coverage.
The Sixteen Thirty Fund does not fund any child safety or tech policy organizations via Schedule I grants (306 of 318 recipients analyzed). Source: STF Form 990 Schedule I, 2024.
All five Arabella entities analyzed: 4,433 grants (approximately $2.0 billion) with zero dollars going to child safety or tech policy organizations. Schedule I pathway definitively ruled out across the entire network. Sources: NVF, STF, North Fund, Windward, Hopewell Form 990 Schedule I filings via ProPublica.
A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball’s campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
A Google Policy Manager (Kyle Gardner) also contributed $450 to Matt Ball. Multiple tech company employees from ASAA-affected companies targeted the same ASAA bill sponsor. Source: Colorado TRACER bulk data.
Eichberg and Coyne (Headwaters principals) did not contribute to ASAA bill sponsors Ball or Paschal despite $20,000+ combined political giving. Source: Colorado TRACER bulk data.
No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
Todd Weiler (Utah SB-142 sponsor) does not accept corporate contributions and has not discussed ASAA directly with Meta. DCA served as the policy intermediary. Source: Investigative reporting, Weiler’s public statements.
DCA has no EIN in the IRS Business Master File. Not found in any of four regional extracts (eo1-eo4.csv) covering all US tax-exempt organizations. Source: IRS BMF regional extracts.
DCI confirmed in IRS BMF with EIN 39-3684798, Delaware incorporation at 213 N Market St Wilmington, IRS ruling November 2025. Source: IRS BMF extract.
Meta’s Forge the Future super PAC spent $1.3 million in Texas ahead of March 2026 primaries. Source: Texas Ethics Commission filings, news coverage.
DCA’s website deployed less than 24 hours after domain registration: fully functional advocacy site with professional design, statistics, and Heritage/NCOSE testimonials. Source: Wayback Machine CDX API, 100+ snapshots.
77-day pipeline from DCA domain registration (December 18, 2024) to Utah SB-142 signing (March 5, 2025). Site pre-loaded with ASAA talking points before any bill had passed. Source: WHOIS records, Utah Legislature.
Meta deployed 12 lobbyists for Louisiana HB-570, which passed 99-0. Disproportionate deployment indicates text-control and amendment-blocking rather than vote persuasion. Source: Investigative reporting, LA Board of Ethics.
Three California tech policy employees from Meta, Google, and Pinterest contributed to Matt Ball within 90 days. All from ASAA-affected companies, all out-of-state, targeting a newly-appointed senator. Source: Colorado TRACER bulk data.
Pelican State Partners represents both Meta and Roblox in Louisiana. Both are ASAA beneficiaries, enabling “broad industry support” framing. Source: F Minus database.
DCA’s coalition count inflated from 50+ to 140+ with only six organizations ever publicly named. No member list has been published on the website. Source: DCA website, Wayback Machine.
NCOSE has a confirmed 501(c)(4) affiliate: NCOSEAction / Institute for Public Policy (EIN 88-1180705), IRS ruling May 2025, same address and leadership as NCOSE. Source: IRS BMF, NCOSE website.
Network for Good is a Donor Advised Fund, not a payment processor. DCA is classified as “Project” (ID 258136) in the system. For Good explicitly limits grants to 501(c)(3) organizations. Source: For Good website, IRS determination.
A Meta lobbyist drafted HB-570′s legislative language, confirmed by sponsor Rep. Kim Carver. The bill as originally written placed age verification burden exclusively on app stores, not platforms. Source: Investigative reporting, Carver’s public confirmation.
Nicole Lopez (Meta Director of Global Litigation Strategy for Youth) testified in both Louisiana and South Dakota for ASAA bills, serving as Meta’s national ASAA spokesperson. Source: Legislative hearing records.
The Sixteen Thirty Fund’s $31 million lobbying budget and $13.1 million in professional fees contain zero mentions of child safety, digital policy, age verification, or app stores. Source: STF Form 990 Part IX.
John R. Read (DCA Senior Policy Advisor) lists “Digital Childhood Alliance” as his employer in Colorado TRACER records. Contributed $100 to AG candidate Hetal Doshi (October 2025). Source: Colorado TRACER.
Matt Ball received 8% of total fundraising from tech industry employees. He is the only 2026 Colorado senate candidate with contributions from Meta, Pinterest, Instacart, Anthropic, and Google employees. Four of eight dual-maxed donors are tech employees. Source: Colorado TRACER analysis.
NCOSE Schedule R reveals a two-entity evolution: the original NCOSE Action (EIN 86-2458921, c4 reclassified to c3) was replaced by the Institute for Public Policy (EIN 88-1180705, c4). All 19 NCOSE-to-Institute transaction indicators are marked “No” despite shared leadership. Source: NCOSE Form 990 Schedule R, 2019-2023.
For Good DAF pathway definitively ruled out: 59,736 grant recipients across five years (approximately $1.73 billion) searched with zero matches for DCA, DCI, NCOSE, NCOSEAction, or any related entity. Source: For Good DAF grant data.
NCOSE lobbying spending tripled from $78,000 to $204,000 concurrent with DCA launch and the ASAA legislative push (FY2023 to FY2024). Source: NCOSE Form 990 Part IX.
Forge the Future super PAC explicitly lists an ASAA-aligned policy priority: “Empowering parents with oversight of children’s online activities across devices and digital environments.” Source: Forge the Future filings.
Hilltop Public Solutions bridges Meta’s super PAC and DCA operations. It co-leads ATEP ($45M) and is involved in DCA messaging coordination. First firm confirmed in both tracks. Source: ATEP filings, investigative reporting.
Meta super PACs are state-level entities (not FEC-registered), deliberately scattering filings across state ethics commissions to avoid centralized searchability. Source: FEC search (negative), state PAC registrations.
Meta’s total documented political spending exceeds $70 million: $45M ATEP, $20M META California, $5M California Leads, with downstream flows to Forge the Future (TX) and Making Our Tomorrow (IL). Source: State PAC filings, news coverage.
Casey Stefanski never appears on any NCOSE 990 filing despite reportedly working there ten years. Not among officers, directors, key employees, or five highest-compensated. Source: NCOSE Form 990 filings, 2015-2023.
Meta’s LD-2 filings explicitly list the App Store Accountability Act (H. R. 3149/S. 1586) as a lobbied bill. This is the first direct evidence from Meta’s own federal filings connecting its $26.3M lobbying spend to the specific legislation DCA advocates for. Source: Senate LDA filing UUID b73445ed-15e5-42e7-a1e8-aeb224755267.
Meta simultaneously lobbies FOR ASAA and ON KOSA/COPPA 2.0, supporting legislation that burdens Apple and Google while opposing or amending legislation that would regulate Meta directly. Both appear in the same LD-2 filing. Source: Meta LD-2 Q1-Q2 2025.
LD-2 narrative mirrors DCA messaging: “youth safety and federal parental approval” framing in Meta’s federal filings matches DCA’s “parental approval” and “child protection” advocacy language. Source: LD-2 filing CPI issue code narrative.
Meta funds flow through the Arabella network via non-grant mechanisms (fiscal sponsorship, consulting fees, lobbying expenditures). The Schedule I and For Good DAF pathways are both ruled out.
DCA operates under NCOSEAction (EIN 88-1180705) as fiscal sponsor. The personnel chain is direct (van der Watt to Hawkins to Stefanski), but NCOSE reports zero transactions with its c4 affiliate.
Jake Levine’s contribution to Matt Ball was coordinated by Meta’s government affairs team rather than being purely personal.
Angela Paxton (Texas ASAA sponsor) was among the unnamed state senators supported by Forge the Future.
NCOSE’s lobbying spend tripling is causally related to DCA/ASAA activity (timing is concurrent but program descriptions do not mention ASAA).
DCA’s For Good donation page is cosmetic. Actual funding comes directly from Meta, not small-dollar DAF donations.
This investigation was conducted by a human researcher who directed all research decisions, selected sources, evaluated findings, and wrote the public-facing posts. Claude Code (Anthropic’s CLI tool, running Claude Opus) was used as a research assistant for:
* Bulk data processing: parsing 4,433 IRS Schedule I grant records, 59,736 DAF recipients, 132MB of Colorado TRACER campaign finance data, and IRS Business Master File extracts covering all US tax-exempt organizations
* Cross-referencing findings across 24 analysis files and identifying patterns that span multiple research threads
Claude Code did not independently choose what to investigate, decide what constitutes a finding, or determine what to publish. Every factual claim in this repository cites a primary source (IRS filing, Senate disclosure, state database, legislative record, or published reporting) that can be independently verified. The tool does not change whether Meta’s LD-2 filing lists H. R. 3149, whether DCA has an EIN, or whether Stefanski admitted tech funding under oath. The records exist or they don’t.
If you want to verify any finding, the source URLs and database identifiers are provided throughout. Start with the primary records, not with this repository.
This is an OSINT research product. All findings are based on public records. Source data is cited throughout.
...
Read the original on github.com »
“They pulled me out instead and began jumping on my back,” he said. “Then they took me to a corner and questioned me about who had been in the car. I told them it was my mother and father. They accused me of lying and started beating me.”
...
Read the original on www.bbc.com »
Claude Opus 4.6 and Sonnet 4.6 now include the full 1M context window at standard pricing on the Claude Platform. Standard pricing applies across the full window — $5/$25 per million tokens for Opus 4.6 and $3/$15 for Sonnet 4.6. There’s no multiplier: a 900K-token request is billed at the same per-token rate as a 9K one.
* Full rate limits at every context length. Your standard account throughput applies across the entire window.
* 6x more media per request. Up to 600 images or PDF pages, up from 100. Available today on Claude Platform natively, Microsoft Azure Foundry, and Google Cloud’s Vertex AI.
* No beta header required. Requests over 200K tokens work automatically. If you’re already sending the beta header, it’s ignored so no code changes are required.
1M context is now included in Claude Code for Max, Team, and Enterprise users with Opus 4.6. Opus 4.6 sessions can use the full 1M context window automatically, meaning fewer compactions and more of the conversation kept intact. 1M context previously required extra usage.
A million tokens of context only matters if the model can recall the right details and reason across them. Opus 4.6 scores 78.3% on MRCR v2, the highest among frontier models at that context length.
That means you can load an entire codebase, thousands of pages of contracts, or the full trace of a long-running agent — tool calls, observations, intermediate reasoning — and use it directly. The engineering work, lossy summarization, and context clearing that long-context work previously required are no longer needed. The full conversation stays intact.
...
Read the original on claude.com »
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
Skip to Document Navigation
Skip to Document Content
ENGLISHRECOMMENDATIONSUMMARYTABLE OF PROVISIONS1 Alternative Title2 PART 1 Timely Access to Data and Information2 Criminal Code2 Amendments to the Act28 Consequential Amendment to the Foreign Publishers Advertising Services Act29 Mutual Legal Assistance in Criminal Matters Act30 Canadian Security Intelligence Service Act37 Controlled Drugs and Substances Act38 Cannabis Act39 Coordinating Amendments40 Coming into Force41 PART 2 Supporting Authorized Access to Information Act41 Enactment of Act42 Related and Consequential Amendments to the Intelligence Commissioner Act42 Related and Consequential Amendments to the Intelligence Commissioner Act47 Coming into Force48 PART 3 Parliamentary ReviewSCHEDULE
Her Excellency the Governor General recommends to the House of Commons the appropriation of public revenue under the circumstances, in the manner and for the purposes set out in a measure entitled “An Act respecting lawful access”.
Part 1 amends various Acts to modernize certain provisions respecting the timely gathering and production of data and information during an investigation. It, among other things,
(a)amends the Criminal Code to, among other things,
(i)facilitate access to basic information that will assist in the investigation of federal offences through confirmation of service demands given to telecommunications service providers or judicial production orders for the production of subscriber information,
(ii)expedite the response to production orders by shortening the review process and clarify the ability of peace officers and public officers to receive and act on certain information that is voluntarily provided to them and to obtain and act on information that is publicly available,
(iii)specify certain circumstances in which peace officers and public officers may obtain evidence, including subscriber information, in exigent circumstances,
(iv)allow a justice or judge to authorize, in a warrant, a peace officer or public officer to obtain tracking data or transmission data that relates to any thing that is similar to a thing in relation to which data is authorized to be obtained under the warrant and that is unknown at the time the warrant is issued,
(v)provide and clarify authorities by which computer data may be examined, and
(vi)allow a justice or judge to authorize a peace officer or public officer to make a request to a foreign entity that provides telecommunications services — or that provides services by a means of telecommunication — to the public to produce transmission data or subscriber information that is in its possession or control;
(c)amends the Mutual Legal Assistance in Criminal Matters Act to allow the Minister of Justice to authorize a competent authority to make arrangements for the enforcement of a decision made by an authority of a state or entity that is empowered to compel the production of transmission data or subscriber information that is in the possession or control of a person in Canada;
(d)amends the Canadian Security Intelligence Service Act to, among other things,
(i)facilitate access to basic information that will assist the Canadian Security Intelligence Service in the performance of its duties and functions under section 12 or 16 of that Act through confirmation of service demands given to telecommunications service providers and judicial orders against those providers, and
(e)amends the Controlled Drugs and Substances Act and the Cannabis Act to provide and clarify authorities by which computer data may be examined.
Part 2 enacts the Supporting Authorized Access to Information Act. That Act establishes a framework for ensuring that electronic service providers can facilitate the exercise, by authorized persons, of authorities to access information conferred under the Criminal Code or the Canadian Security Intelligence Service Act. It also makes related and consequential amendments to the Intelligence Commissioner Act.
Part 3 provides for the parliamentary review of Parts 1 and 2.
Available on the House of Commons website at the following address:
An Act respecting the obligations of electronic service providers in relation to authorized access to information
How act or omission may be proceeded with
Payment of Penalties and Alternatives to Payment
His Majesty, by and with the advice and consent of the Senate and House of Commons of Canada, enacts as follows:
This Act may be cited as the Lawful Access Act, .
Subsection () of the is replaced by the following:
Subsections () to () and section apply, with any modifications that the circumstances require, to a warrant issued under this section.
The portion of subsection () of the Act before paragraph (a) is replaced by the following:
A justice who is satisfied by information on oath in Form that there are reasonable grounds to believe that there is in a building, receptacle or place
Subsection () of the Act is amended by replacing “a public officer who has been appointed or designated to administer or enforce a federal or provincial law and whose duties include the enforcement of this Act or any other Act of Parliament and who is named in the warrant” with “a public officer”.
Subsections () to () of the Act are replaced by the following:
A warrant issued under subsection () may be executed at any place in Canada. A peace officer or public officer who executes the warrant must have authority to act in that capacity in the place where the warrant is executed.
A person authorized under to search a computer system in a building or place for data may
(a)use or cause to be used any computer system at the building or place to search any Insertion start Insertion end data contained in or available to the computer system; and
Duty of person in possession or control
Every person who is in possession or control of any building or place in respect of which a search is carried out under shall, on presentation of the warrant, permit the person carrying out the search to perform any of the acts referred to in subsection ().
The judge or justice may, in a warrant issued under subsection (), authorize the examination of any computer data seized under the warrant or contained in or available to a computer system seized under the warrant, if the judge or justice is satisfied that there are reasonable grounds to believe that the computer data will afford evidence with respect to the commission of the offence set out in the information.
A judge or justice may at any time issue a warrant authorizing the examination of computer data contained in or available to a computer system that is specified in the warrant and that is in the possession of a peace officer or public officer if the judge or justice is satisfied by information on oath in Form that there are reasonable grounds to believe that
(a)an offence has been or will be committed under this Act or any other Act of Parliament; and
(b)the computer data will afford evidence with respect to the commission of the offence.
The examination of computer data under a warrant issued under this section may be made subject to any conditions that the judge or justice considers advisable to ensure that the examination is reasonable in the circumstances.
As soon as feasible after a warrant authorizing the examination of computer data is issued under this section, the person who applied for it shall give a copy of it to the following persons:
(a)any person, if known, who is the lawful owner of the computer system that contains the computer data or through which the computer data is available or who is lawfully entitled to the possession of that computer system; and
(b)any person who is referred to in the information, who is under investigation for the commission of the offence set out in the warrant and whose computer data is authorized to be examined under the warrant.
However, a copy of the warrant is not required to be given to a person under subsection () if
(a)the person has already received a copy under section 487.093; or
(b)the judge or justice who issues the warrant sets aside the requirement in respect of the person, on being satisfied that doing so is justified in the circumstances.
If the judge or justice who issues a warrant under this section authorizing the examination of computer data or any other judge or justice having jurisdiction to issue such a warrant is satisfied, on the basis of an affidavit submitted in support of an application to extend the period within which a copy of the warrant shall be given under subsection (), that the interests of justice warrant the granting of the application, the judge or justice may grant an extension, or a subsequent extension, of the period, but no extension may exceed three years.
An examination of computer data authorized under a warrant issued under this section may take place at any time and at any place in Canada and, for the purposes of the examination, a person may copy computer data at any time and at any place in Canada.
Section of the Act is amended by adding the following after subsection ():
The following definitions apply in this section.
computer data has the same meaning as in subsection 342.1(2). (données informatiques)
computer system has the same meaning as in subsection 342.1(2). (ordinateur)
judge means a judge of a superior court of criminal jurisdiction or a judge of the Court of Quebec. (juge)
public officer means a public officer who is appointed or designated to administer or enforce a federal or provincial law and whose duties include the enforcement of this Act or any other Act of Parliament. (fonctionnaire public)
The portion of section of the Act before the first definition is replaced by the following:
The following definitions apply in this section and in sections to .
Section of the Act is amended by adding the following in alphabetical order:
subscriber information, in relation to any client of a person who provides services to the public or any subscriber to the services of such a person, means
(a)information that may be used to identify the subscriber or client, including their name, pseudonym, address, telephone number and email address;
(b)identifiers assigned to the subscriber or client by the person, including account numbers; and
(c)information relating to the services provided to the subscriber or client, including
(ii)the period during which the services were provided, and
The Act is amended by adding the following after section :
A peace officer or public officer may make a demand in Form to a telecommunications service provider requiring them to confirm, within the time and in the manner specified in the demand, whether or not they provide or have provided telecommunication services to any subscriber or client, or to any account or identifier, specified in the demand.
The peace officer or public officer may make the demand only if they have reasonable grounds to suspect that
(a)an offence has been or will be committed under this Act or any other Act of Parliament; and
(b)the confirmation that is demanded will assist in the investigation of the offence.
For greater certainty, a demand must not be made if the confirmation would disclose medical information or information that is subject to solicitor-client privilege or the professional secrecy of advocates and notaries.
A demand must not be made to a telecommunications service provider that is under investigation for the offence referred to in subsection ().
The time specified in the demand is to be not less than hours.
The peace officer or public officer who makes the demand may impose conditions in the demand prohibiting the disclosure of its existence or some or all of its contents for a period not greater than one year after the day on which the demand is made. The peace officer or public officer may impose the conditions only if they have reasonable grounds to believe that the disclosure during that period would jeopardize the conduct of the investigation of the offence to which the demand relates.
A peace officer or public officer may, at any time, revoke the demand or a condition by notice given to the telecommunications service provider.
The telecommunications service provider may, within five business days after the day on which they receive the demand, apply in writing, to a judge in the judicial district where the demand was received, to revoke or vary the demand.
The telecommunications service provider may make an application under subsection () only if, before the confirmation is required to be provided, they give notice to the peace officer or public officer who made the demand of the telecommunications service provider’s intention to make the application.
The telecommunications service provider is not required to provide the confirmation until a final decision is made with respect to the application.
The judge in the judicial district where the demand was received may revoke or vary the demand if satisfied that
(a)it is unreasonable in the circumstances to require the applicant to provide the confirmation; or
(b)provision of the confirmation would disclose information that is privileged or otherwise protected from disclosure by law.
Despite subsection (), no demand under that subsection is necessary for a peace officer or public officer to ask a telecommunications service provider to voluntarily provide the confirmation referred to in that subsection if the telecommunications service provider is not prohibited by law from providing it. A telecommunications service provider that provides a confirmation in those circumstances does not incur any criminal or civil liability for doing so.
In this section, has the same meaning as in subsection () of the .
The Act is amended by adding the following after section :
On application made by a peace officer or public officer, a justice or judge may order a person who provides services to the public to prepare and produce a document containing all the subscriber information that relates to any information, including transmission data, that is specified in the order and that is in their possession or control when they receive the order.
Before making the order, the justice or judge must be satisfied by information on oath in Form that there are reasonable grounds to suspect that
(a)an offence has been or will be committed under this Act or any other Act of Parliament; and
(b)the subscriber information is in the person’s possession or control and will assist in the investigation of the offence.
The order is to be in Form
A person who is under investigation for the offence referred to in subsection () is not to be made subject to an order.
The Act is amended by adding the following after section :
On application made by a peace officer or public officer, a justice or judge may authorize a peace officer or public officer to make a request to a foreign entity that provides telecommunications services — or that provides services by a means of telecommunication — to the public to prepare and produce a document containing transmission data or subscriber information that is in the foreign entity’s possession or control when it receives the request.
The justice or judge may authorize a peace officer or public officer to make the production request only if the justice or judge is satisfied by information on oath in Form that there are reasonable grounds to suspect that
(a)an offence has been or will be committed under this or any other Act of Parliament; and
(b)the transmission data or the subscriber information is in the foreign entity’s possession or control and will assist in the investigation of the offence.
The authorization is to be in Form and must specify that a peace officer or public officer must not send a production request more than days after the day on which the authorization is granted.
The production request is to be in Form and may include any information that is required by the foreign entity, by the foreign state in which the foreign entity is located or under an international agreement or arrangement to which Canada and the foreign state are parties.
Subsection () of the Act is replaced by the following:
On application made by a peace officer or public officer, a justice or judge may make an order prohibiting a person from disclosing the existence or some or all of the contents of a preservation demand made under section or an order made under any of sections to during the period set out in the order.
Subsection () of the Act is replaced by the following:
An order made under any of sections and to must require a person, financial institution or entity to produce the document to a peace officer or public officer named in the order within the time, at the place and in the form specified in the order.
Subsections () and () of the Act are replaced by the following:
...
Read the original on www.parl.ca »
The decades-long battle over lawful access entered a new phase yesterday with the introduction of Bill C-22, the Lawful Access Act. This bill follows the attempt last spring to bury lawful access provisions in Bill C-2, a border measures bill that was the new government’s first piece of substantive legislation. The lawful access elements of the bill faced an immediate backlash given the inclusion of unprecedented rules permitting widespread warrantless access to personal information. Those rules were on very shaky constitutional ground and the government ultimately decided to hit the reset button on lawful access by proceeding with the border measures in a different bill.
Lawful access never dies, however. Bill C-22 cover the two main aspects of lawful access: law enforcement access to personal information held by communication service providers such as ISPs and wireless providers and the development of surveillance and monitoring capabilities within Canadian networks. In fact, the bill is separated into two with the first half dealing with “timely access to data and information” and the second establishing the Supporting Authorized Access to Information Act (SAAIA).
I anticipate providing extensive coverage of the bill on both this blog and my podcast. My initial take is that the access to data and information piece of the bill is much improved. The earlier Bill C-2 iteration of a new information demand power was astonishing in its breadth (covering far more than just communications providers by targeting anyone who provides a service in Canada including physicians and lawyers) and demands for warrantless disclosure of personal information in direct contradiction to recent Supreme Court of Canada jurisprudence.
The government has scrapped that approach by shifting to a new “confirmation of service” demand power. This would allow law enforcement to demand that telecom providers (not any service provider) confirm whether they provide service to a particular person. The other subscriber information would be subject to a new production order reviewed and approved by a judge. This would address the longstanding police complaint that they may do considerable work seeking information about a subscriber at a provider only to learn that the person isn’t a customer and they start over with someone else.
These new rules contain other orders and rules on voluntary disclosure, challenging the requests, exigent circumstances, and foreign orders for the same information. I plan to unpack these rules in the coming weeks. For example, there are concerns about the thresholds that the production orders envision, namely the low “reasonable grounds to suspect” standard. However, the main takeaway here is that the government has significantly limited the scope of warrantless information demand powers, now focusing solely on telecommunications providers and whether they provide service to a particular individual. Access to more personal information will require oversight. That’s a major concession and highlights how Bill C-2 was too broad, dangerous from a privacy perspective, and unlikely to pass constitutional muster.
If that is the good news, the bad news is very bad. The SAAIA, which establishes new requirements for communications providers to actively work with law enforcement on their surveillance and monitoring capabilities are largely unchanged from Bill C-2. In fact, there are elements involving data retention that are even worse. The government will point to increased oversight — ministerial orders must now be approved by the Intelligence Commissioner — but the concerns regarding surveillance capabilities, security vulnerabilities, secrecy, and cross-border data sharing remain.
The SAAIA has huge implications for network providers as they envision providing law enforcement with direct access to provider networks to test capabilities for data access and interception. The bill introduces a new term — “electronic service provider” — that is presumably designed to extend beyond telecom and Internet providers by scoping in Internet platforms (Google, Meta, etc.). Those international services are now key players in electronic communications (think Gmail or WhatsApp), though some may be beyond this form of regulation (eg. Signal if you don’t inadvertently add people to chat groups).
The definition of an ESP is:
a person that, individually or as part of a group, provides an electronic service, including for the purpose of enabling communications, and that (a) provides the service to persons in Canada; or (b) carries on all or part of its business activities in Canada.
“a service, or a feature of a service, that involves the creation, recording, storage, processing, transmission, reception, emission or making available of information in electronic, digital or any other intangible form by an electronic, digital, magnetic, optical, biometric, acoustic or other technological means, or a combination of any such means.”
All electronic service providers are subject to obligations to “provide all reasonable assistance, in any prescribed time and manner, to permit the assessment or testing of any device, equipment or other thing that may enable an authorized person to access information.” Moreover, all are required to keep such requests secret.
But beyond the basic obligations, the government will identify “core providers” who will be subject to additional regulations. These may include:
(a) the development, implementation, assessment, testing and maintenance of operational and technical capabilities, including capabilities related to extracting and organizing information that is authorized to be accessed and to providing access to such information to authorized persons;
(b) the installation, use, operation, management, assessment, testing and maintenance of any device, equipment or other thing that may enable an authorized person to access information;
(c) notices to be given to the Minister or other persons, including with respect to any capability referred to in paragraph (a) and any device, equipment or other thing referred to in paragraph (b); and
(d) the retention of categories of metadata — including transmission data, as defined in section 487.011 of the Criminal Code — for reasonable periods of time not exceeding one year.
Note that the retention of metadata found in (d) is new. It was not in Bill C-2, so this bill actually expands the scope of obligations. The new bill contains some limits on data retention:
4) Paragraph (2)(d) does not authorize the making of regulations that require core providers to retain information that would reveal
(a) the content — that is to say the substance, meaning or purpose — of information transmitted in the course of an electronic service;
(b) a person’s web browsing history; or
(c) a person’s social media activities.
The bill also retains an exception for systemic vulnerabilities, which states:
A core provider is not required to comply with a provision of a regulation made under subsection (2), with respect to an electronic service, if compliance with that provision would require the provider to introduce a systemic vulnerability related to that service or prevent the provider from rectifying such a vulnerability.
There remain concerns that is insufficient and that there are real risks that networks may be made less secure by virtue of these rules with the changes kept secret from the public. Moreover, as Kate Robertson of the Citizen Lab has discussed (including on the Law Bytes podcast), many of these rules appear geared toward global information sharing, including compliance with the Second Additional Protocol to the Budapest Convention (2AP) and the CLOUD Act.
There is much to unpack with this section including the ability to challenge orders, the secrecy associated with the system, oversight, and costs. I plan to cover these as well but for the moment it is sufficient to conclude that Bill C-22’s SAAIA envisions a significant change to how government agencies interact with Canadian communications networks and network providers raising enormous privacy and civil liberties concerns. The government may have taken warrantless access to subscriber information off the table, but there remains serious privacy concerns associated with its lawful access plans.
...
Read the original on www.michaelgeist.ca »
There is a certain kind of computer review that is really a permission slip. It tells you what you’re allowed to want. It locates you in a taxonomy — student, creative, professional, power user — and assigns you a product. It is helpful. It is responsible. It has very little interest in what you might become.
The MacBook Neo has attracted a lot of these reviews.
The consensus is reasonable: $599, A18 Pro, 8GB RAM, stripped-down I/O. A Chromebook killer, a first laptop, a sensible machine for sensible tasks. “If you are thinking about Xcode or Final Cut, this is not the computer for you.” The people saying this are not wrong. It is also not the point.
Nobody starts in the right place. You don’t begin with the correct tool and work sensibly within its constraints until you organically graduate to a more capable one. That is not how obsession works. Obsession works by taking whatever is available and pressing on it until it either breaks or reveals something. The machine’s limits become a map of the territory. You learn what computing actually costs by paying too much of it on hardware that can barely afford it.
I know this because I was running Final Cut Pro X on a 2006 Core 2 Duo iMac with 3GB RAM and 120GB of spinning rust. I was nine. I had no business doing this. I did it every day after school until my parents made me go to bed.
The machine came as a hand-me-down from my nana. She’d wiped it, set it up in her kitchen in Massachusetts. It was one software update away from getting the axe from Apple. I torrented Adobe CS5 the same week. Downloaded Xcode and dragged buttons and controls around in Interface Builder with no understanding of what I was looking at. I edited SystemVersion.plist to make the “About this Mac” window say it was running Mac OS 69, which is the s*x number, which is very funny. I faked being sick to watch WWDC 2011 — Steve Jobs’ last keynote — and clapped alone in my room when the audience clapped, and rebuilt his slides in Keynote afterward because I wanted to understand how he’d made them feel that way.
I knew the machine was wrong for what I wanted to do with it. I didn’t care. Every limitation was just the edge of something I hadn’t figured out yet. It was green fields and blue skies.
I thought about all of this when I opened the Neo for the first time.
What Apple put inside the Neo is the complete behavioral contract of the Mac. Not a Mac Lite. Not a browser in a laptop costume. The same macOS, the same APIs, the same Neural Engine, the same weird byzantine AppKit controls that haven’t meaningfully changed since the NeXT era. The ability to disable SIP and install some fuck-ass system modification you saw in a YouTube tutorial. All of it, at $599.
They cut the things that are, apparently, not the Mac. MagSafe. ProMotion. M-series silicon. Port bandwidth. Configurable memory. What remains is the Retina display, the aluminum, the keyboard, and the full software platform. I held it and thought, “yep, still a Mac.”
Yes, you will hit the limits of this machine. 8GB of RAM and a phone chip will see to that. But the limits you hit on the Neo are resource limits — memory is finite, silicon has a clock speed, processes cost something. You are learning physics. A Chromebook doesn’t teach you that. A Chromebook’s ceiling is made of web browser, and the things you run into are not the edges of computing but the edges of a product category designed to save you from yourself. The kid who tries to run Blender on a Chromebook doesn’t learn that his machine can’t handle it. He learns that Google decided he’s not allowed to. Those are completely different lessons.
Somewhere a kid is saving up for this. He has read every review. Watched the introduction video four or five times. Looked up every spec, every benchmark, every footnote. He has probably walked into an Apple Store and interrogated an employee about it ad nauseam. He knows the consensus. He knows it’s probably not the right tool for everything he wants to do.
He has decided he’ll be fine.
This computer is not for the people writing those reviews — people who already have the MacBook Pro, who have the professional context, who are optimizing at the margin. This computer is for the kid who doesn’t have a margin to optimize. Who can’t wait for the right tool to materialize. Who is going to take what’s available and push it until it breaks and learn something permanent from the breaking.
He is going to go through System Settings, panel by panel, and adjust everything he can adjust just to see how he likes it. He is going to make a folder called “Projects” with nothing in it. He is going to download Blender because someone on Reddit said it was free, and then stare at the interface for forty-five minutes. He is going to open GarageBand and make something that is not a song. He is going to take screenshots of fonts he likes and put them in a folder called “cool fonts” and not know why. Then he is going to have Blender and GarageBand and Safari and Xcode all open at once, not because he’s working in all of them but because he doesn’t know you’re not supposed to do that, and the machine is going to get hot and slow and he is going to learn what the spinning beachball cursor means. None of this will look, from the outside, like the beginning of anything. But one of those things is going to stick longer than the others. He won’t know which one until later. He’ll just know he keeps opening it.
That is not a bug in how he’s using the computer. That is the entire mechanism by which a kid becomes a developer. Or a designer. Or a filmmaker. Or whatever it is that comes after spending thousands of hours alone in a room with a machine that was never quite right for what you were asking of it.
He knows it’s probably not the right tool. It doesn’t matter. It never did.
The reviews can tell you what a computer is for. They have very little interest in what you might become because of one.
...
Read the original on samhenri.gold »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.