The introduction of Bill C-30 has generated enormous public debate (I focused yesterday on the “voluntary” warrantless disclosure of subscriber information) but less discussed is how the bill leaves out many crucial details on the new surveillance rules will actually function. Indeed, for a bill that is ten years in the making, it is shocking how much is still unknown.
At the top of the uncertainty list are cost questions. The cost of new surveillance equipment could run into the tens of millions of dollars, yet the government has not said who will pay for it. Surveillance mandates in other countries have typically come with government support. For example, when the U.S. passed the Communications Assistance for Law Enforcement Act (CALEA) in 1995, $500 million was granted to cover provider costs. In addition to the surveillance equipment costs, there are fees and costs associated with surveillance “hook-ups” to law enforcement as well as fees for disclosing subscriber information. Bill C-30 leaves these issues for another day by opening the door to fees but leaving specifics to future, unspecified regulations that can be passed by the Governor-in-Council without gaining Parliamentary approval.
Surveillance capability specifics are also still largely unknown.
Bill C-30 requires Internet providers to have the ability to engage in multiple simultaneous interceptions but a wide range of questions – minimum and maximum simultaneous interceptions, how interception requests are made, maximum number of agencies making requests, etc. are all left to future regulations. Bill C-30 doesn’t even specify what communications must be interception-capable. Section 7 identifies a series of requirements including enable the interception of communications and isolate the communication. But what is a “communication” for these purposes? That is left to the unspecified regulations.
The mandatory disclosure of subscriber information without a warrant has been the hot button issue in Bill C-30, yet it too is subject to unknown regulations. These regulations include the time or deadline for providing the subscriber information (Bill C-30 does not set a time limit) and “prescribing any confidentiality or security measures with which the telecommunications service provider must comply.” In other words, disclosing the disclosure could be subject to further restrictions.
These are just some of the uncertainties. Section 64, which identifies the issues subject to future regulations by the Governor-in-Council cover almost every major substantive issue in the bill. In case the government has forgotten something, there is a catch-all regulatory power “generally, for carrying out the purposes and provisions of this Act.”
Public Safety Minister Vic Toews has indicated that he is open to amendments and that the government welcomes debate on the bill at committee. However, it is difficult to propose amendments to an incomplete bill. The public should not be asked to accept lawful access legislation that leaves so many issues to future discussion and regulation. A full debate and reform process necessitates the government coming forward with the accompanying regulations before the hearings on Bill C-30 get underway.