The government has placed Bill C-30, the lawful access/online surveillance bill on hold, but there is no reason to believe it is going away. In fact, a recent report Standing Committee on Justice and Human Rights suggests that the changes coming to the bill may not address public concern but rather expand lawful access requirements even further. The committee report on the State of Organized Crime that includes recommendations that reinforce Bill C-30’s mandatory warrantless disclosure of subscriber information and envision going beyond the bill by requiring both telecom companies and device manufacturers to assist in the decryption of encrypted communications as well as exploring mandatory verification of the identity of cellphone users.
On subscriber information disclosure, the report’s recommendations state:
The Committee recommends the establishment of a statutory mechanism enabling law enforcement agencies, without a warrant, to require telecommunication service providers to disclose basic information identifying their subscribers. Privacy measures would have to be created, however, and prior court authorization would always be required to allow these agencies to intercept private communications.
This is a reaffirmation of Bill C-30 that has been the subject of widespread criticism from Canadians across the political spectrum.
The report also recommends expanding the lawful access bill by including provisions not currently found in Bill C-30. For example:
The Committee recommends that the Government of Canada introduce legislation requiring telecommunications service providers and telecommunications device manufacturers to decrypt legally intercepted communications or to provide assistance to law enforcement agencies in this regard.
This recommendation goes well beyond what is currently found in the lawful access legislation as the discussion specifically points to Research in Motion and other smartphone device manufacturers as being targeted with the decryption requirements. Moreover, Bill C-30 only requires telecom companies to decrypt if they have the technical capability, while this recommendation seems to envision a stronger, positive requirement. The report also recommends verification requirements on cellphone purchasers:
The Committee recommends that the Government of Canada examine the possibility of requiring cell phone merchants to verify the identity of purchasers. It could also determine whether it would be appropriate to impose the same requirement on telecommunications service providers.
The report includes a dissenting opinion from the NDP on the lawful access recommendations. There does not appear to be a similar dissent from the Liberals, who were represented on the committee by Irwin Cotler. Postmedia covered the release of the report but the article is no longer available on its media sites. The article included specific comments from Bell that suggest its primary concern associated with these demands boils down to questions of who will bear the costs. A company spokesperson stated “our primary concern in this area has always been the capacity of industry to implement any new requirements and who bears the cost.” That is a troubling position for many Canadians who rightly expect their telecom companies to also be concerned with the privacy of their customers. After the outcry in February over Bill C-30, many also expected the government to be open to change on lawful access, yet this report suggests that the changes may not be what many were anticipating.