If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Canada’s new cyber-security law gives a cabinet minister the power to order any telecom provider to cut off service to a named person, without a warrant, without prior judicial approval, and under a gag order that can prohibit the provider from explaining why. That power is now live. The law also creates warrantless data-collection authorities broad enough to scoop up subscriber information, metadata, location data, and browsing history. It was supposedly written to protect critical infrastructure but what it built is a surveillance machine with almost no independent checks on how it gets used. We obtained a copy of the bill for you here. What the Law Is C-8 carries the formal title An Act Respecting Cyber Security. It replaces Bill C-26, which died on the order paper when the previous Parliament was prorogued, and was reintroduced in substantially the same form. The bill ran two parts through Parliament. The first rewrites the Telecommunications Act so that security is an explicit policy objective and gives the government direct authority over carriers. The second creates the Critical Cyber Systems Protection Act, imposing mandatory cybersecurity obligations on operators in banking, energy, transportation, and the nuclear sector. The telecom powers are already in force and the critical-infrastructure regime will roll out in phases. The Power to Disconnect Under the amended Telecommunications Act, the Minister of Industry can “prohibit a telecommunications service provider from providing any service to any specified person,” or direct a provider to suspend service for a set period. The order takes effect once the minister signs it, after consultation with the Minister of Public Safety. No court reviews it beforehand. These orders bypass the normal regulatory publication path because the Statutory Instruments Act does not apply to them. An order can include a provision “prohibiting the disclosure of its existence,” so a person can lose phone and internet access while the provider is legally forbidden from telling them why. And the Act states that “No one is entitled to any compensation” for financial losses an order causes. The government added a carve-out for individuals, barring orders that suspend an individual’s service unless the measure is necessary against “any specified threat of a technical nature.” That limit covers only the suspension power. The broader prohibition authority reaches “any specified person,” with no such restriction. OpenMedia’s executive director Matt Hatfield said before the bill passed: “There is no such thing as a private intercepted message, and no backdoor that exists only for law enforcement. Our government knows it, yet their draft cybersecurity legislation Bill C-8 can be abused to surveil Canadians in secret, well beyond its legitimate purpose.” Warrantless data collection Section 15.4 of the amended Telecommunications Act gives the minister an open-ended power to compel “any person” to hand over information the minister considers necessary, with no requirement for a warrant or prior judicial authorization. The Citizen Lab’s Senate brief called this “an unprecedented, warrantless power to collect telecommunications data, and to share this information widely across the federal government,” including with CSIS and the Communications Security Establishment. As a matter of constitutional law, Citizen Lab argued, the power is “presumptively contrary to section 8 of the Charter, because it would authorize the collection of information that is subject to a reasonable expectation of privacy without prior independent judicial authorization.” The Privacy Commissioner warned during testimony that the law could result in the collection and sharing of subscriber account information, communication data, website visits, metadata, location data, and financial data. The Intelligence Commissioner of Canada also weighed in. “The glaring absentee in this bill is the Canadian public,” he said. “The information that is collected is Canadians’ personal information.” He characterized warrantless seizure of private information as a constitutional issue the bill had failed to resolve. The bill’s minimal safeguards, including a requirement that the minister weigh “potential impacts on the privacy of Canadians” before issuing orders, do not even apply to these collection powers. Encryption and Backdoors C-8’s order-making powers are broad enough to force telecom companies to weaken or bypass encryption. The minister can order a provider “to do anything or refrain from doing anything” deemed necessary to secure the telecom system, language that does not exclude orders to install surveillance capabilities or degrade encryption standards. Writing in The Globe and Mail, Citizen Lab’s Kate Robertson and Ron Deibert warned that the bill’s “secretive, encryption-breaking powers” would “threaten the online security of everyone in Canada” and that it “empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada’s networks.” The government did introduce amendments stating the minister “must not order the decoding of an encrypted private communication.” That language prohibits one specific action, decoding, while leaving the broader order-making power intact. The Canadian Civil Liberties Association’s Tamir Israel said the fix was insufficient: “By failing to guarantee critical end-to-end encryption protocols will not be undermined, Bill C-8 risks doing more harm than good to cybersecurity.” Secrecy by Design Operators receiving a cybersecurity direction are prohibited from disclosing its existence or content. The minister can keep orders out of the Canada Gazette. Judicial review proceedings operate under rules that let the government present evidence the target never sees. Committee amendments that would have required prior judicial authorization for orders and transferred non-disclosure decisions to the courts were adopted, then removed by a Speaker’s ruling before final passage. Israel called this a “secrecy by default approach” that “pose[s] an additional threat to privacy and other civil liberties.” Citizen Lab argued the secrecy provisions restrict public and media scrutiny and raise freedom-of-expression concerns under section 2(b) of the Charter. For orders that include a gag, the minister must notify two intelligence-review bodies within 90 days, and the Act requires an annual report to Parliament. That is the total extent of the transparency obligation. Who the Bill Actually Affects The government’s own Charter analysis argued that privacy interests are “diminished in regulatory and administrative contexts.” Citizen Lab disputed this directly, arguing that the bill “is reforming Canada’s national security laws and powers, and will impact the privacy interests of people across Canada,” who are not regulated companies. Telecom providers carry Canadians’ most private communications. The people whose data flows through those networks are not regulatory subjects and their privacy interests are not diminished because the company carrying their data is. The critical-infrastructure part applies to designated operators in telecom, banking, energy, transportation, and the nuclear sector. Those operators must build formal cybersecurity programs within 90 days, manage supply-chain risk, and report incidents to the Communications Security Establishment within 72 hours. Penalties run as high as 15 million dollars per violation for a corporation. The Act also opens channels for personal and confidential information to flow to provincial governments, foreign states, and international organizations under written arrangements. The Privacy Commissioner urged safeguards on foreign sharing and called for a mandatory process to notify the office of breaches and incidents involving internationally shared information. The final law does not include that process. What Did Not Survive Parliament considered and rejected or stripped out most of the stronger protections proposed during the committee study. Amendments requiring prior judicial authorization for security orders were removed. Amendments transferring non-disclosure authority to the courts were removed. The Privacy Commissioner’s call for mandatory breach notification to the OPC was not adopted. No whistleblower protections were added, a gap the Canadian Cyber Threat Exchange warned would discourage organizations from disclosing breaches or vulnerabilities. A mandatory five-year review of the law’s provisions made it into the final text. The question is what happens in the years before that review, when the regulations filling out the Act’s operational details are drafted without any of the oversight mechanisms that were proposed and discarded. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Canada’s Bill C-8, Explained, and What It Means for Your Privacy appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

This Post is for Paid Supporters Reclaim your digital freedom. Get the latest on censorship and surveillance, and learn how to fight back. Subscribe Already a supporter? Sign In. The post How a Ticket Check at MSG Became a Biometric Dragnet and Four Lawsuits appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Brazil hired an American law firm and filed a motion in a Florida federal court this week to defend one of its judges. The country is now a party to Rumble’s lawsuit against Supreme Federal Court Justice Alexandre de Moraes, the judge who ordered the American platform to delete the accounts of his political critics. US District Judge Mary Scriven let Brazil intervene, then held off on its motion to dismiss until Rumble and Trump Media respond. “This lawsuit is extraordinary,” the filing opens, before arguing the dispute belongs nowhere near an American courtroom. We obtained a copy of the filing for you here. Moraes acted as a judge, Brazil says, so sovereign immunity shields him, and the case must be thrown out. The argument that his orders ran past his authority gets a one-word answer. Brazil calls it “risible.” The President of the Supreme Federal Court reached even higher, writing that what is at issue is “the independence of the Brazilian Judiciary, the integrity of the rule of law in Brazil, and, ultimately, national sovereignty itself.” Set against what the orders actually did, this comes down to a claimed sovereign right to reach into the United States and switch off American accounts. Brazil does not even try to defend the orders against Rumble as lawful. It argues that lawfulness is beside the point because foreign official immunity covers “acts the foreign official took in his official capacity, even if those acts were unlawful.” So a Brazilian justice can order a Florida company to delete a US-based account, “preserve its contents, and disclose associated user data,” and whether that order tramples the First Amendment is a question Brazil says no American court may ask. The plaintiffs’ own complaint, the motion notes, accuses Moraes of going after “speech that is fully protected under the First Amendment.” Brazil’s answer is that immunity swallows the question whole. The plaintiffs, Brazil says, can “challenge the Supreme Federal Court’s orders in the courts of Brazil,” the same court that ordered the accounts erased. The remedy on offer is an appeal to the institution doing the censoring. Brazil even concedes where that road can dead-end, quoting a Supreme Court ruling that dismissal may leave plaintiffs “without a forum for definitive resolution of their claims.” That is the foreign-censorship play start to finish. Lean on the American platform, demand the user data, and when the platform fights back at home, insist American law has no say. The orders that set this off go back more than a year. Moraes, who sits on Brazil’s Supreme Federal Tribunal, sent Rumble sealed directives to shut down the accounts of a conservative Brazilian commentator who had fled to the United States and won political asylum. He wanted the platform to hand over that user’s personal data. He attached fines of roughly $9,000 for every day Rumble refused. When the company held the line, Moraes suspended Rumble across all of Brazil and threatened its CEO, Chris Pavlovski, with criminal prosecution. Rumble is a Florida corporation with no operations in Brazil. So in February 2025, it sued Moraes in the US District Court for the Middle District of Florida, asking for a declaration that his orders carry no force on American soil. Trump Media, which leans on Rumble for video hosting and streaming behind Truth Social, joined as a plaintiff, arguing the suspension hit its business too. The dissident Moraes wanted silenced was someone the US had already shielded. Washington rejected Brazil’s extradition request in March 2024, ruling the charges amounted to “crimes of opinion.” A foreign judge emailed takedown commands to a US company and expected American platforms to enforce them, skipping the treaties and the courts that exist so foreign orders get reviewed before they bite. Rumble’s lawyers said Moraes “is attempting to sidestep U.S. law entirely.” No US court order, no independent review, and the accounts were supposed to vanish on a Brazilian justice’s say-so. After service under the Hague Convention failed, the court let Rumble serve Moraes by email. He never answered, the plaintiffs moved for a default judgment, and Brazil filed to intervene on the last day before the deadline. By stepping in, Brazil pulled the whole record into the open. Rumble’s complaint lays out Moraes’s broader operation, the so-called “Fake News Inquiry,” a years-long campaign. Since 2022, he has ordered close to 150 accounts suspended, hitting journalists, opposition legislators, satirists, jurists, and musicians who criticized the sitting government. Many of those orders arrived sealed. When the public cannot see what speech is being erased or why, people start pruning themselves before any order arrives. That is the chilling effect working as designed. The US State Department sanctioned Moraes and fellow justices last year. Secretary of State Marco Rubio wrote that the administration will hold accountable foreign nationals responsible for censoring protected speech in the United States, describing what he called a “persecution and censorship complex so sweeping that it not only violates basic rights of Brazilians, but also extends beyond Brazil’s shores to target Americans.” If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Brazil Enters Rumble Case to Defend Pro-Censorship Judge appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Brazil’s social security agency wants your fingerprints and a photo of your face before it will pay your pension. A new ordinance from the INSS, published in the official federal gazette on June 22, makes biometric registration mandatory across nearly all the social benefits the agency hands out, reaching retirement pensions, disability payments, and assistance benefits that carried no such requirement before. The collection covers prints from both hands and a facial image, all of it stored in a federal database. Until now, biometrics has been applied to a narrow set of programs, mostly the BPC assistance benefit since September 2024 and certain payroll loans. Enforcement runs through Brazil’s biometric national ID, the Carteira de Identidade Nacional, or CIN. Anyone without a biometric record on file will need a CIN from January 2027 to keep receiving benefits and from January 1, 2028, the CIN becomes the sole accepted standard for granting, maintaining, and renewing covered benefits. This all presented as fraud prevention, a way to confirm that money reaches the named recipient. However, that justification lands a little strangely, given what the INSS confirmed one month earlier. On May 21, the agency acknowledged a security failure that exposed the data of roughly 2 million insured Brazilians. Dataprev, the state company that manages pension records, traced it to April 22. The cause was a Meu INSS query service that was supposed to require a login and didn’t, leaving the records reachable without authentication. Dataprev later put the exposure at around 2.8 million taxpayer IDs. The INSS worked to make the number sound smaller, saying 97 percent of the accessed records belonged to people who had already died, with roughly 50,000 living citizens affected. Reassuring as the agency meant that to be, 50,000 living people having their data spilled through an open endpoint is its own problem, and the records of the dead feed fraud against their survivors and estates. Among the protections the agency then pointed to going forward was facial biometrics. The institution that just leaked millions of records is now asking citizens to trust it with the most sensitive identifier they own. Brazil’s plan funnels the biometrics of tens of millions of recipients into one national base, the same kind of centralized store that turns a single misconfigured endpoint into a mass leak. The ordinance allows exemptions for people over 80, refugees and stateless residents, Brazilians abroad, those in hard-to-reach areas, and people physically unable to travel. Everyone else who neither registers nor qualifies can have their application closed and treated as abandoned. Brazil could verify identity using documents it already holds. It is choosing instead to demand the face and fingerprints of nearly everyone who depends on a state payment, months after showing it cannot keep its existing data behind a login screen. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Brazil Requires Biometrics for Pensions, Even After Data Leak appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. A government committee has concluded that the British public cannot be trusted to scroll responsibly. The cure it proposes is more government. Ministers are cooking up plans to force YouTube, Facebook, Instagram, and TikTok to shove BBC, ITV and Channel 4 content to the front of people’s feeds, asked for or not, all in the noble cause of fighting “misinformation” and “disinformation.” The Department for Culture, Media and Sport says this will help Britons “discover trusted news sources.” This means the state has picked your news for you and would prefer you stop wandering off. Ofcom found that social media is now the main news source for 51 percent of adults and 75 percent of people aged 16 to 24.  The remedy it proposes is to fit a hand-picked club of approved broadcasters with a permanent escalator to the top while everyone else is left taking the stairs. And who’s the headline act on this trusted-news scheme? The BBC, yes, the very one whose director general and head of news both walked the plank last November after a Panorama documentary stitched together separate chunks of a Trump speech so artfully that its own internal report found it “materially misled” viewers. That’s only scratching the surface of the BBC’s shortcomings. The real question underneath is who gets to define “trusted.” The answer is the same people running the scheme, which is convenient. The reported roster is BBC, ITV and Channel 4, with Channel 5 and S4C wearing the same public service badge and newspapers possibly getting an invite. The trick lives in the technical detail. On TV, “prominence” is ancient furniture. You can legally bolt BBC One near the top of the channel guide, and the Media Act 2024 dragged that habit onto smart-TV home screens. A recommendation feed is a wholly different beast. It sorts content in real time by what you personally watch and click and share. Forcing “prominence” onto that means reaching into the machine and hauling chosen publishers above where your own behavior would have left them. It’s less a gentle nudge than a crowbar. YouTube has already pushed back. David Wheeldon, a senior public policy executive at the company, wrote back in April that prominence rules “could force YouTube to give special treatment to a small group of organizations hand-picked by a government. For creators and media companies that are not chosen, the risk is real.” He added more. “By forcing these channels to the front of the line, everyone else gets pushed back, regardless of what viewers actually want to see. This makes it harder for creators to grow an audience and earn a living. If governments start picking the winners, independent creators become the losers.” There are only so many slots at the top of a feed. Every one handed to a state broadcaster is one yanked away from somebody who earned it. The independent creator filming in her kitchen, the scrappy local outlet covering the council meeting nobody else will sit through, the upstart who built an audience the hard way; all elbowed aside so everyone’s favorite punching bag can have the good seat by the window. The plan also arrives dressed up as “voluntary.” According to the Financial Times, platforms could be asked nicely first, with legislation tucked in the drawer for whenever they don’t fancy obliging. That is an interesting use of the word “voluntary” but it’s sadly how things in Britain work these days. There’s always a chance the policy might die with this government, as Prime Minister Keir Starmer prepares to leave office, but the instinct behind it may not. Prime ministers rotate out like duty managers at the end of a rough shift, yet the urge to decide what grown adults are allowed to see signs a much longer contract. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post How Britain Plans to Lock Legacy Media Into People’s Feeds appeared first on Reclaim The Net.