The lawful access fight of 2012, which featured then-Public Safety Minister Vic Toews infamously claiming that the public could side with the government or with child pornographers, largely boiled down to public discomfort with warrantless access to Internet subscriber information. The government claimed that subscriber data such as name, address, and IP address was harmless information akin to data found in the phone book, but few were convinced and the bill was ultimately shelved in the face of widespread opposition.
My weekly technology law column (Toronto Star version, homepage version) notes the government resurrected the lawful access legislation last year as a cyber-bullying bill, but it has been careful to reassure concerned Canadians that the new powers are subject to court oversight. While it is true that Bill C-13 contains several new warrants that require court approval (albeit with a lower evidentiary standard), what the government fails to acknowledge is that telecom companies and Internet providers already hand over subscriber data hundreds of times every day without court oversight. In fact, newly released data suggests that the companies have established special databases that grant law enforcement quick access to subscriber information without a warrant for a small fee.
The latest data comes from a government response to NDP MP Charmaine Borg’s effort to obtain information on government agencies requests for subscriber data. While many agencies refused to disclose the relevant information, Canada Border Services Agency revealed that it had made 18,849 requests in one year for subscriber information including geo-location data and call records.
The CBSA obtained a warrant in 52 instances with all other cases involving a simple request without court oversight. The telecom and Internet providers fulfilled the requests virtually every time – 18,824 of 18,849 – and the CBSA paid a fee of between $1.00 and $3.00 for each request.
The CBSA revelations follow earlier information obtained under the Access to Information Act that the RCMP alone made over 28,000 requests for subscriber information in 2010 without a warrant. These requests go unreported – subscribers don’t know their information has been disclosed and the Internet providers and telecom companies aren’t talking either.
The recent disclosures also reveal that the telecom companies have established law enforcement databases that provide ready access to subscriber information in a more efficient manner. For example, the Competition Bureau reports that it “accessed the Bell Canada Law Enforcement Database” 20 times in 2012-13.
The absence of court oversight may surprise many Canadians, but the government actively supports the warrantless disclosure model. In 2007, it told the Privacy Commissioner of Canada that an exception found in the private sector privacy law to allow for warrantless disclosure was “designed to allow organizations to collaborate with law enforcement and national security agencies without a subpoena, warrant or court order.” The cyber-bullying bill further supports the warrantless disclosure model since it contains a provision that grants Internet providers and telecom companies full immunity from any civil or criminal liability for voluntarily disclosing subscriber information.
While much of the warrantless disclosure data remains shrouded in secrecy – many government departments refuse to divulge details about their practices and the telecom companies and Internet providers have declined requests to come clean – the latest revelations confirm fears that subscriber information is disclosed tens of thousands of times every year without court oversight.
The law may grant the companies the right to disclose subscriber information without a warrant, but the pervasive warrantless disclosure is still deeply troubling and represents an abdication of their responsibility to safeguard the privacy interests of their subscribers.