Myth: Basic subscriber information is way beyond “phone book information”.
Fact: The basic subscriber information described in the proposed legislation is the modern day equivalent of information that is accessed from the phone book. These identifiers are often searchable online and shared between individuals in online communications.
The government persists in justifying its mandatory disclosure of subscriber information without a warrant on the basis that the information is as openly available the phone book, yet this is plainly untrue.
Referring to all of this information as customer name and address information is misleading, as is calling these data elements “basic identifiers.” This list goes well beyond the customer names and addresses associated with a given telephone number…the assumption behind the consultation paper is that CNA information carries a low expectation of privacy and as such does not require judicial authorization. We disagree: many individuals consider much of this information to be private.
The Information Technology Association of Canada, representing many telecom companies, argued:
ITAC notes that the â€œbasic identifiersâ€ listed in the discussion paper go well beyond what most people would consider to be basic. IP addresses, email addresses, IMSIs, ESNs, IMEIs and SIM numbers are not the â€œtombstoneâ€ data that is usually associated with CNA information.
The Canadian Wireless Telecommunications Association adopted the same position:
CWTA notes that the types of â€œbasic identifiersâ€ sought for wireless services go well beyond what virtually anyone would consider basic and are much more onerous than those for TSPs using other technologies. IP addresses and dynamic IP addresses, IMSIs, ESNs, IMEIs, and SIM numbers go well beyond basic â€œtombstone dataâ€ normally associated with CNA.
Civil society groups were of the same view. For example, the Public Interest Advocacy Centre’s response:
PIAC further views the CNA information sought to be collected as clearly personal information, either under legal interpretations of various privacy commissioners and courts, or the opinion of the public. Therefore the Minister’s statements to the press that: “We have not and we will not be proposing legislation to grant police the power to get information from internet companies without a warrant. That’s never been a proposal,” and “It may make some investigations more difficult, but our expectation is rights to our privacy are such that we do not plan, nor will we have in place, something that would allow the police to get that information” should not be based on a semantic game if it is an attempt to define CNA as something other than â€œinformationâ€ or to suggest it is not private in this context.
Should the government wish to troll through online personal information without judicial oversight, or under a greatly reduced standard of judicial oversight, it should at the least be subject to serious public oversight (by Parliament and the general public), there should be severe penalties for misuse of the information and its collection and use should be restricted to only highly serious and defined offences.
Yesterday, I posted on the prospect of reaching a compromising on the issue. The starting point is for the government to acknowledge that the information at issue is not mere “telephone book data” but rather personal information that cannot be subject to mandatory disclosure without a warrant.