The first prong mandates the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers.
The second prong requires Internet providers to dramatically re-work their networks to allow for real-time surveillance. The bill sets out detailed capability requirements that will eventually apply to all Canadian Internet providers. These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.
Having obtained customer information without court oversight and mandated Internet surveillance capabilities, the third prong creates a several new police powers designed to obtain access to the surveillance data.
Lawful access raises genuine privacy and free speech concerns, particularly given the fact that the government has never provided adequate evidence on the need for it, it has never been subject to committee review, and it would cost millions to implement yet there has been no disclosure on who would actually pay for it. Given these problems, it is not surprising that every privacy commissioner in Canada has signed a joint letter expressing their concerns.
Not only is the substance problematic, but the attempt to fast track lawful access virtually guarantees that it will not be fully vetted. For example, over the past few weeks there has been mounting concern that the legislation would also create new criminal liability for hyperlinking to content that incites hatred and for using anonymous or false names online.
The source of these concerns is a legislative summary by the Library of Parliament’s Parliamentary Information and Research Service. While there is reason to doubt the interpretation involving linking and anonymity liability contained in the summary, the recent fears provide a textbook illustration of why lawful access should not be included in the omnibus crime legislation.
Lawful access is complex legislation that touches on a very wide range of issues, many of which extend far beyond conventional criminal law. Given that the proposals breed uncertainty and have never been the subject of public review, lumping them together with many other bills represents a serious threat and is bound to result in only a cursory analysis of an important piece of legislation that has far reaching consequences for privacy, security, and free speech.