The introduction of Internet surveillance legislation last week generated an immediate storm of outrage. Fueled by Public Safety Minister Vic Toews’ comments that critics of the legislation were â€œsiding with child pornographers,â€ the bill was slammed by commentators on both the right and the left who decried the dangers of new surveillance powers and mandatory disclosure of personal information without court oversight.
The public concern should not have come as a surprise. The push for new Internet surveillance capabilities goes back to 1999, when government officials began crafting proposals to institute new surveillance technologies within Canadian networks along with additional legal powers to access surveillance and subscriber information. There have been several attempts at passing lawful access legislation, but each has died on the order paper.
Within days, Toews and Prime Minister Stephen Harper were in retreat, stating they were open to amendments and promising a full committee hearing. Having opened the door to change, the big question now is whether compromise is possible. The bill is badly in need of fixing – the oversight of surveillance capabilities remains underdeveloped, the costs associated with surveillance equipment is a giant question mark, and the fears of surveillance misuse based on the experience in other jurisdictions continues to cause concern.
Topping the list for change is the mandatory disclosure of Internet and telephone subscriber information without court oversight. With Internet providers and telecom companies complying with law enforcement requests roughly 95 percent of the time, at issue are a relatively small number of cases that have required warrants prior to any disclosure. Despite ten years of debate, law enforcement has failed to produce a compelling series of examples where the current law has proven problematic. Nevertheless, officials are adamant that they need greater assurances the information will be available expeditiously in appropriate circumstances.
The bill actually addresses two significant concerns associated with the warrantless disclosure issue. First, the prior lawful access bill included a very broad list of data points that could be disclosed, raising serious security concerns and the potential for misuse. The number of data points has shrunk from 11 to six. While some of the data points still constitute potentially sensitive personal information (particularly IP and email addresses), a smaller list is better than a larger one.
Second, with Internet providers and telecom companies providing subscriber data without a warrant 95 percent of the time, there is a huge information disclosure issue with no reporting and no oversight. The RCMP alone made more than 28,000 requests for customer names and addresses in 2010. These requests go unreported as subscribers don’t know their information has been disclosed and the Internet providers and telecom companies aren’t talking either. The bill would add new reporting requirements to these disclosures, which should allow for insights into what providers and police are doing with subscriber information.
The remaining issue is the inclusion of warrantless disclosure of the six data points. This strikes at a bedrock principle of privacy law and will be rightly opposed by the privacy and civil society community. Yet in talking with law enforcement, it is clear what they want is timely, guaranteed access in appropriate circumstances. They argue the current warrant system does not meet this standard nor do the current privacy rules.
But what if a new warrant specific to subscriber information could be developed? Such a warrant could feature a low threshold along with rapid authorization and lower costs. For law enforcement, it would provide the access they want, while for privacy advocates it would maintain the oversight principle.
Fixing the flawed Internet surveillance bill won’t be easy. The starting point must surely be a moratorium on the inflammatory us vs. them rhetoric from the government which fosters alienation rather than cooperation as Canadians search for solutions that provide both security and privacy.
Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at email@example.com or online at www.michaelgeist.ca.