Lawful Access Proposals

Similar documents
THE REGULATION OF INTERCEPTION OF COMMUNICATIONS BILL, 2007 ARRANGEMENT OF CLAUSES. PART I - PRELIMINARY

Crimes (Computer Hacking)

Click here for Explanatory Memorandum

Number 3 of 2011 COMMUNICATIONS (RETENTION OF DATA) ACT 2011 ARRANGEMENT OF SECTIONS

2014 No. ELECTRONIC COMMUNICATIONS. The Data Retention Regulations 2014

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

Interception of Communications Code of Practice. Pursuant to section 71 of the Regulation of Investigatory Powers Act 2000

The Credit Reporting Act

IN THE SUPREME COURT OF BRITISH COLUMBIA NOTICE OF CIVIL CLAIM. This action has been started by the plaintiff for the relief set out in Part 2 below.

THE COMPUTER MISUSE AND CYBERCRIME ACT I assent ARRANGEMENT OF SECTIONS

CHAPTER 124B COMPUTER MISUSE

Memorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems. among:

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

Electronic Communications Privacy Protection Act. SECTION 1. {Title} This Act may be cited as the Electronic Communications Privacy Protection Act.

PERSONAL INFORMATION PROTECTION ACT

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

How To Ensure Health Information Is Protected

Online Research and Investigation

Canadian Security Intelligence Service Act. R.S.C., 1985, c. C-23. An Act to establish the Canadian Security Intelligence Service SHORT TITLE

Draft Communications Data Bill

Casino, Liquor and Gaming Control Authority Act 2007 No 91

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

The Health Information Protection Act

ACT. [Long title substituted by s. 27 (1) of Act 33 of 2004.]

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

MCOLES Information and Tracking Network. Security Policy. Version 2.0

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

The Emergency Protection for Victims of Child Sexual Abuse and Exploitation Act

COMPUTER MISUSE AND CYBERCRIME ACT

Data Retention and Investigatory Powers Bill

Freedom of Information Act 2000

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT

Legislative Language

1 L.R.O Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS

ELECTRONIC TRANSACTIONS ACT 1999 BERMUDA 1999 : 26 ELECTRONIC TRANSACTIONS ACT 1999

Statutory Instruments 2007: No. 2199

1.2 This license shall be subject to the provisions herein stated, the Telecommunications Law and any regulations issued thereunder.

FREEDOM OF INFORMATION ACT

DATA PROTECTION POLICY

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Small Business Grants (Employment Incentive) Act 2015 No 14

Internal Investigations, Data Analytics and Employee Privacy in Online/Computer Activity

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Updated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Human Resources and Data Protection

Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010

Federal Law No. (1) of 2006 On Electronic Commerce and Transactions

VICTIMS OF CRIME ACT

Passenger Protect Program Transport Canada

The Electronic Transactions Law Chapter I Title and Definition

Regulation of Investigatory Powers Act 2000

CHAPTER E12 - ENVIRONMENTAL IMPACT ASSESSMENT ACT

The Archives and Public Records Management Act

Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie. Developments in Security Regulation

LAWS OF BRUNEI CHAPTER 194 COMPUTER MISUSE ACT

Corporate ICT & Data Management. Data Protection Policy

TORONTO MUNICIPAL CODE CHAPTER 140, LOBBYING. Chapter 140 LOBBYING. ARTICLE I General Restriction on application (persons and organizations).

The Dangerous Goods Transportation Act

PROTECTED DISCLOSURES ACT 26 OF 2000

SASKATCHEWAN INFORMATION AND PRIVACY COMMISSIONER REVIEW REPORT 024/2015. Financial and Consumer Affairs Authority

CONTENT OF THE AUDIT LAW

The Saskatchewan Medical Care Insurance Act

DATA PROTECTION POLICY

ELECTRONIC TRANSACTIONS ACT

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS No. 2199

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

BODY ARMOUR CONTROL ACT

Children s Hearings (Scotland) Act asp 1

A BILL for AN ACT. Serial 270 Volatile Substance Abuse Prevention Bill 2004 Ms Scrymgour

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

No. of Freedom of Saint Christopher Information Bill and Nevis. ARRANGEMENT OF SECTIONS

BERMUDA ELECTRONIC TRANSACTIONS ACT : 26

An overview of UK data protection law

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F December 18, 2015 CALGARY POLICE SERVICE. Case File Number F6681

Acquisition and Disclosure of Communications Data

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

ACCESS TO MEDICAL RECORDS. By Felicia Jolaoye Blavo & Co Solicitors Ltd.

KRS Chapter 61. Personal Information Security and Breach Investigations

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

Electronic Transactions Law

Health Administration Act 1982 No 135

Paper No. CB(2)662/00-01(02)

Electronic Commerce ELECTRONIC COMMERCE ACT Act. No Commencement LN. 2001/ Assent

Southern State Superannuation Act 2009

THE ELECTRONIC TRANSACTIONS LAW,

Responsibilities of Custodians and Health Information Act Administration Checklist

Credit Union Code for the Protection of Personal Information

The Victims of Crime Act, 1995

2013 No. 233 ENVIRONMENTAL PROTECTION. The Timber and Timber Products (Placing on the Market) Regulations 2013

Public Audit (Wales) Act 2004

The Passenger and Freight Elevator Act

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

SECURITY SERVICES AND INVESTIGATORS ACT

Court Record Access Policy

The Youth Drug Detoxification and Stabilization Act

Transcription:

Lawful Access Proposals Proposals with Respect to Compelling Interception Capability and Access to Subscriber Information March 2005

Techniques Table of Contents: 1) Background on Lawful Access 3 2) Proposals Respecting Interception Capability 12 - General Obligations 19 - Operational Requirements 24 - Other Requirements 26 3) Proposals Respecting Access to Subscriber Information 31 4) Proposed Definitions 39 2

Techniques Background on Lawful Access 3

Techniques: Overview Lawful access consists of: lawful interception of telecommunications; and search and seizure of information Essential in the prevention, investigation and prosecution of serious offences, organized crime and threats to national security These techniques are only used pursuant to lawful authorization and in a manner that recognizes the rights of individuals under the Canadian Charter of Rights and Freedoms 4

Techniques: Overview Lawful Access Authorities: The Criminal Code outlines the requirements to be met by law enforcement to receive a judicial authorization to intercept private communications and for search warrants The Canadian Security Intelligence Service (CSIS) Act provides statutory authority and outlines the requirements for CSIS to apply to the Federal Court of Canada to obtain a warrant to perform its duties 5

Techniques: Overview Oversight & Accountability: There are a number of oversight and accountability mechanisms for lawful access, including: Charter of Rights and Freedoms Privacy legislation The Courts Annual reporting to Parliament Commission for Public Complaints Against the RCMP The Security Intelligence Review Committee The Privacy Commissioner 6

Techniques: Overview Policy Objectives of Proposals: Protection of Privacy The protection of privacy is a fundamental concern of the Government of Canada Lawful access is not used to monitor everyone s telephone and Internet communications and nothing being proposed will change that All interceptions will continue to require lawful authorization Lawful access will continue to be subject to rigorous reporting and accountability to ensure a balance between the police s investigative needs and the rights and freedoms of Canadians 7

Techniques: Overview Public Consultations: During the fall and winter of 2002, over 20 meetings were held with a broad range of stakeholders on the basis of a consultation document Over 300 written submissions were received, and a summary of these submissions was released to the public in August 2003 (see http://canada.justice.gc.ca/en/cons/cons_index.html) Police services and provincial criminal justice officials strongly supported the proposals and want the government to take prompt action Private sector stakeholders sought greater details to better assess the potential costs Human rights advocates were concerned about the potential impact of the proposals, including the protection of privacy 8

Policy Objectives of Proposals: Costs The proposal is to minimize the costs to industry and governments by putting in place clear requirements for lawful interception that can be factored in during the design stage of new technologies - when lawful interception capabilities are provided for at the engineering stage of network architecture, the costs are a fraction of that of a retrofit of existing equipment It is proposed that the impact on industry be minimized by requiring a gradual implementation of intercept capability The proposal is that all networks would not be required to be interceptcapable at the outset 9

Policy Objectives of Proposals: Costs (continued) Telecommunications service providers would only be required to maintain existing intercept capabilities and to build in intercept capability as they make specific upgrades to their networks The intended end result would be that when, for business reasons, telecommunications service providers spend money on new equipment, they would also be required to bear some additional costs for public safety, which would be a small proportion of the cost of the new equipment In this way, over time, law enforcement and national security agencies would gain a lawful access capability without imposing an undue burden on the telecommunications service providers 10

Proposed Infrastructure Obligations: Would be consistent with international technical requirements, the U.S., U.K. and Australia already have similar requirements in place No made in Canada standards proposed Administrative guidelines may identify whether particular technical solutions could meet requirements Informal Government-Industry forum to be established 11

Proposals Respecting Interception Capability 12

Policy Objectives of Proposals: Scope The pace of change in the telecommunications sector and the increasing convergence of different types of telecommunications technology necessitates a broad scope, which is as technology neutral as possible, so as to be sufficiently flexible to encompass changes in the industry Placing requirements on all types of telecommunications service providers may prevent individual sectors or companies from being put at a competitive disadvantage 13

Application of the Proposals: The proposals would apply to persons who provide telecommunications services to the public, whether they provide the services directly or indirectly, or independently or as part of a group or association of persons (referred to as Telecommunications Service Providers or TSPs) The scope would include mechanisms to limit its application, in whole or in part For example, small TSPs (under 100,000 subscribers) would be exempt from some requirements deemed too costly 14

Application of the Proposals: Proposed Partial Exemptions For Backbone and International Gateway Providers: Would apply to class of TSPs who transmit telecommunications on behalf of other TSPs, who do not modify particular telecommunications transmitted and do not authenticate the end users of the services of those other TSPs, in respect of the services provided to the other TSPs 15

Application of the Proposals: Proposed Partial Exemptions For Certain Classes of TSPs: TSPs who provide telecommunications services ancillary to their principal function of operating a post-secondary educational institution, library, community centre, restaurant, hotel, apartment building or condominium These TSPs obligations would be limited to the obligation to: provide, upon request, information relating to their telecommunications facilities and services available to their subscribers to indicate the TSP from whom it obtains or provides telecommunications services and to provide to an authorized person (i.e. with a warrant) information on the telecommunications services and features that it provides to a person who is the subject of an interception, as well as information on the particular telecommunications facilities used to provide those services 16

Application of the Proposals: Proposed Exemptions from the Entirety of the Proposals for Certain Classes of TSPs: TSPs in respect of telecommunications services that they provide principally to themselves or to their employees and not to the public TSPs who provide telecommunications services ancillary to their principal function of operating an elementary or secondary school, hospital, place of worship, retirement homes, telecommunications research network (e.g., CANARIE) TSPs who are broadcasting undertakings as defined in subsection 2(1) under the Broadcasting Act, only in respect of broadcasting 17

Application of the Proposals: Order in Council Exemptions: Governor in Council would have the authority to provide time limited exemptions (up to a maximum of two years) to classes of TSPs or to individual TSPs from all or some of the requirements 18

General Obligations and Operational Requirements 19

Proposed Infrastructure Obligations: General Obligations The General Obligations would require a TSP to have the identified capabilities at the outset These obligations would apply network-wide These obligations would be with respect to: Provision of Intercepted Information in a Certain Manner; Treatments; Location Information; Quality of Service; and Security & Confidentiality 20

Proposed Infrastructure Obligations: General Obligations A TSP would be required to remove any encoding, compression, encryption or any other treatment of intercepted information: a) That the TSP applies to the telecommunications; and b) That another person has applied on behalf of the TSP where the TSP already has the ability to remove it If a TSP s telecommunication facilities cannot remove the treatment, the TSP could provide the authorized person with the means and information necessary to remove the treatment The TSP would have no obligation under (a) or (b) where a subscriber or user applied the treatment and has exclusive control over its removal 21

Proposed Infrastructure Obligations: General Obligations A TSP would be required to provide authorized persons all information in the possession or control of the TSP respecting the location of equipment that is subject to an interception This information would be the most accurate location known to the TSP relating to the equipment that is subject to an interception 22

Proposed Infrastructure Obligations: General Obligations A TSP would be required to comply with confidentiality and security measures Confidentiality of Intercepted Information A TSP would be required to ensure that only authorized persons are able to obtain access to intercepted information A TSP would be required to ensure that an authorized person from one authorized agency is not able to determine whether particular telecommunications are subject to interception by an authorized person from another authorized agency Security of Facilities A TSP would be required to take all reasonable steps to ensure that only designated employees are able to access those parts of the transmission apparatus and the related hardware and software that are used solely for interception 23

Proposed Infrastructure Obligations: Operational Requirements A TSP operating applicable transmission apparatus would be required to have the capability to meet the Operational Requirements for all information generated by or transmitted through that apparatus Transmission apparatus already deployed would be grandfathered with existing interception capability A TSP who has or acquires the ability to meet an Operational Requirement for transmission apparatus used by the TSP would be required to maintain that ability When a TSP begins to operate transmission apparatus or installs certain new software for transmission apparatus, the TSP would be required to meet the Operational Requirements These obligations would be with respect to: Interception of Subject s Telecommunications; Isolation; Real-time Interception; Correlation; and Simultaneous Interceptions 24

Proposed Infrastructure Obligations: Operational Requirements For the applicable transmission apparatus, a TSP would be required to have the capability: to isolate the information that is authorized to be intercepted from other information including: (i) isolating the telecommunications of the person whose telecommunications are authorized to be intercepted from those of other persons; and (ii) isolating the transmission data of the person whose telecommunications are authorized to be intercepted from his or her telecommunications and to provide that information to authorized persons 25

Other Requirements 26

Ministerial Compliance Orders: It is proposed that the Minister could, if necessary in his or her opinion, order a TSP to comply with any General Obligation or Operational Requirement in a particular manner or within a particular time, even if the requirement is not yet applicable to the TSP If the Minister makes a Compliance Order, the Minister could: (a) pay a TSP an amount that the Minister considers reasonable towards the initial costs of certain expenses that the Minister considers necessary to comply with the order; or (b) provide a TSP with any equipment or other things that the Minister considers necessary to comply with the order 27

Informational Obligations: Mandatory Reporting Every TSP that is providing telecommunications services would be required to submit a report to the Minister within six months after the proposals come into effect, in a certain form and manner, containing information: (a) concerning the TSP s capability to meet the Operational Requirements; and (b) that the Minister may require for administrative purposes 28

Informational Obligations: Obligation to Provide Information A TSP, at the request of a peace officer, an employee of CSIS or the RCMP, would be required to: (a) (b) (c) provide information relating to its telecommunications facilities used to provide telecommunications services to its subscribers indicate what telecommunications services are available to its subscribers provide the name, address and telephone number of any TSP from whom it obtains or to whom it provides telecommunications services, if it has that information A TSP, at the request of an authorized person, would be required to provide information on the telecommunications services and features that it provides to a person who is a subject of an interception, as well as information on the particular telecommunications facilities and transmission apparatus that are used to provide the services and features to the interception subject 29

Inspections and Offences: The Minister could designate any qualified person as an inspector for the purpose of verifying compliance Penalties for the key provisions would include prosecution on indictment with a fine not exceeding $500,000 or a prison term up to five years If a corporation commits an offence, every officer, director or agent of the corporation who directed, authorized, assented to, acquiesced in, or participated in the commission of the offence would be guilty of the offence 30

Proposals Respecting Access to Subscriber Information 31

Subscriber Information: Every TSP, in accordance with the prescribed details, would be required to provide to designated persons, on request, any information in its possession or control respecting the name, address and prescribed identifiers of any subscriber to its telecommunications service The Commissioner of the RCMP (or delegate) or the Competition Bureau, Director of CSIS, or chief of a police service could name any employee whose duties are to protect national security or law enforcement as a designated person for the purposes of requesting subscriber information The proposal will not: require the mandatory collection or retention of subscriber information impose know your customer obligations require the development of a national database to access subscriber information 32

Subscriber Information to be Provided on Request: The following are the identifiers a TSP would be required to provide to a designated person, on written or oral request, if available: (a) where the designated person provides a subscriber's name, a TSP would be required to provide the subscriber's address, telephony subscriber service identifier and Internet subscriber service identifier (b) where the designated person provides a subscriber's name and a date and time, a TSP would be required to provide the subscriber's dynamic IP address (c) where the designated person provides a subscriber's address, a TSP would be required to provide the subscriber's name, telephony subscriber service identifier and Internet subscriber service identifier 33

Subscriber Information to be Provided on Request (continued): The following are the identifiers a TSP would be required to provide to a designated person, on written or oral request, if available: (d) where the designated person provides a subscriber's address and a date and time, a TSP would be required to provide the subscriber's dynamic IP address (e) where the designated person provides one or more of the subscriber's telephony subscriber service identifiers, a TSP would be required to provide the subscriber's name, address, and Internet subscriber service identifier (f) where the designated person provides one or more of a subscriber's telephony subscriber service identifiers and a date and time, a TSP would be required to provide the subscriber's dynamic IP address 34

Subscriber Information to be Provided on Request (continued): The following are the identifiers a TSP would be required to provide to a designated person, on written or oral request, if available: (g) where the designated person provides one or more of a subscriber's Internet subscriber service identifiers, a TSP would be required to provide the subscriber's name, address and telephony subscriber service identifier (h) where the designated person provides one or more of a subscriber's Internet subscriber service identifiers and a date and time, a TSP would be required to provide the subscriber's dynamic IP address 35

Subscriber Information: Security & Confidentiality Requirements A TSP would be required to ensure that the following information is kept confidential and not disclosed to any unauthorized person, unless disclosure is required by law: the content of any request for subscriber information by a designated person the content of any subscriber information provided to a designated person the number of requests for subscriber information that have been performed the procedures used to provide subscriber information any information relating to the technology or technique employed in providing subscriber information any other information relating to the provision of subscriber information 36

Subscriber Information: Timing and Accuracy of Information A TSP would be required to provide subscriber information to designated persons as soon as possible, and no longer than 72 hours after the request has been received If subscriber information is immediately necessary to investigate a threat to national security or an unlawful act that reasonably could be expected to cause serious harm to any person or property, or if an investigation could reasonably be expected to be compromised seriously by delay, a TSP would be required to provide subscriber information to designated persons as soon as possible, and no longer than within 30 minutes after the request has been received A TSP would be required to provide the most up-to-date information in its possession 37

Subscriber Information: Safeguards A designated person would be required to ensure that a record in relation to a request for subscriber information is retained, and contains the following information: (a) the purpose for the request (b) reference to any Act of Parliament or any Act of the legislature of a province or territory, if relevant (c) a file number or other identifier linking the request to an investigation or other duty; and (d) the name and other relevant identifiers of the person making the request This information would have to be retained in accordance with the provisions of any Act of Parliament or any Act of the legislature of a province or territory relating to the retention of information or any applicable policies, and made available for appropriate audit and oversight purposes A designated person would be permitted to create a single record in relation to multiple requests for subscriber information when the records for such requests would be identical in nature 38

Techniques: Proposed Definitions Proposed Definitions 39

Techniques: Proposed Definitions Authorization - means an interception authorization pursuant to the Criminal Code or a warrant issued under the Canadian Security Intelligence Service Act Authorized Persons - means individuals who are authorized under the Criminal Code or the Canadian Security Intelligence Service Act to intercept information transmitted by telecommunications Authorized Agency - means a government agency whose employees or members may include authorized persons Designated Employee - means a member of the staff of a telecommunications service provider designated by an authorized agency for purposes of interception to perform interception related functions 40

Techniques: Proposed Definitions Designated Person - means a person designated to access subscriber information Intercept - includes listen to, record or acquire telecommunications, including transmission data and the content of any information that is transmitted by telecommunications, and any data or information that identifies or refers to that content Intercepted Information - means information that is transmitted by telecommunications and that is intercepted by an authorized person Interception Subject - means a person whose telecommunications are intercepted by an authorized person 41

Techniques: Proposed Definitions Internet Subscriber Service Identifier - means one or more unique identifiers associated with a subscriber to a particular Internet telecommunications service, namely, the following: (a) an SMTP electronic mail address; or (b) a fixed IP address Large Telecommunication Service Provider - means a telecommunications service provider that: (a) (b) provides satellite telecommunications services; or provides telecommunications services and has 100,000 or more subscribers Minister - means the Minister of Public Safety and Emergency Preparedness (Solicitor General of Canada) 42

Techniques: Proposed Definitions Person - includes any individual, partnership, body corporate, unincorporated organization, government, government agency and includes: (a) (b) any other person or entity who acts in their name or for their benefit any persons who together provide, directly or indirectly, telecommunications services to the public Subscriber - a person who is a registered user of the telecommunications services of a telecommunications service provider Telecommunication Facility - means any facility, transmission apparatus or other thing that is used for telecommunications or for any operation directly connected with telecommunications 43

Techniques: Proposed Definitions Telecommunication Service - means a service or a feature of a service that is provided by means of telecommunications facilities, whether the telecommunications facilities and any related equipment used to provide the service are owned, leased, or otherwise acquired Telephony Subscriber Service Identifier - means one or more unique identifiers associated with a subscriber to a particular telephony telecommunications service, namely, the following: (a) a telephone number (b) a Mobile Identification Number (MIN) (c) an Electronic Serial Number (ESN) (d) an International Mobile Equipment Identity number (IMEI) (e) an International Mobile Subscriber Identity number (IMSI) (f) a Subscriber Identify Module (SIM) card number 44

Techniques: Proposed Definitions Transmission Apparatus - means any prescribed apparatus whose principal functions are one or more of the following, or other similar functions: (a) (b) (c) the switching or routing of telecommunications the input, capture, storage, organization, modification, retrieval, output or other processing of telecommunications; or the control of the speed, code, protocol, content, format, switching or routing or similar aspects of telecommunications 45

Techniques: Proposed Definitions Transmission Data - means data relating to the telecommunications functions of dialling, routing, addressing, or signalling that identifies or purports to identify the origin, type, direction, date, time, duration, size, destination or termination of a telecommunication generated or received by means of a telecommunications facility Unauthorized Person - means any person that is not: (a) an authorized person; (b) an employee or member of an authorized agency; (c) a designated person; or (d) a designated employee User - means any person using a telecommunication service whether or not the person is a subscriber 46

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information