News

Is a Canadian Telco Allowing the Government To Mirror Its Subscriber Communications?

The recent revelations regarding massive telecom and Internet provider disclosures of subscriber information has generated a political firestorm with pointed questions yesterday to Prime Minister Stephen Harper in the House of Commons. While Harper tried to provide reassurances that warrants were obtained where necessary, the reality is that the law includes a massive exception that permits voluntary, warrantless disclosure of subscriber information. That suggests that the majority of the nearly 1.2 million requests in 2011 were not accompanied by a warrant. Moreover, the telecom and Internet providers have shrouded their activities in secrecy, refusing to disclose the disclosures to affected subscribers and hiding behind aggregated data to avoid scrutiny of their individual practices.

The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act). One further issue that should not be lost within the disclosure is the stunning admission that at least one Canadian provider may be allowing the government to mirror or copy of its subscriber communications.  In response to a question on the use of deep packet inspection, one provider states:

“Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transmits the network of data nodes. This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes.”

This is an incredible admission – allowing the government to mirror subscriber communications and sending it directly to law enforcement agencies who can they do what they want with it?  Are there legal grounds for these disclosures?  Who is doing this?  Was this a required alternative to major ISPs who do not use deep packet inspection?  Is this RIM, who also participated in the aggregated data request?  Many, many questions without any clear answers. Given the uncertainty and the enormous privacy implications, the Privacy Commissioner of Canada is surely entitled to investigate this admission using her current powers under PIPEDA.

8 Comments

  1. why the surprise
    You ask “Are there legal grounds for these disclosures” but the quote already answers that: “the packet data is then sent directly to the agency who *has obtained lawful acccess to the information*”

  2. DriveByCommentor says:

    Wow…
    So 1.2 million ‘lawful access’ requests and now we find out they are mirroring the data. So basically the communications of 1 in 25 Canadians is being recorded word for word 24 x 7?

    Wait does that also includes our internet packets?

    Land lines(mostly IP based now) ?

    Lawful or not George Orwell low balled it.

    So do the new bills (C-13 and S-4) expand on this or are they just the legal framework to cover what they are already doing?

  3. How do you file an Access for Information request to a provider?
    I am getting interested in filing an information request to my cell phone provider, any idea how this is done? for Fido.

  4. Dr Giggles says:

    I ain’t laff’n
    I think this also gets deeper than only the “mirror of the data streams”.

    In a recent CRTC filing 8665-P8-201400762 found halfway down this page, https://services.crtc.gc.ca/pub/instances-proceedings/Default-Defaut.aspx?S=C&PA=T&PT=PT1&PST=A&Lang=eng, Bell states it is already collecting and storing an enormous amount of data on people (and people with whom Bell customers communicate with).

    I also found it interesting that the wholesalers (CNOC) refused to take part in that filing.

    So you have things going on.

    1. A mirror of peoples data streams being given and sent to whomever

    2. Indefinite retention and storage of all you do and type online (and all metadata via net and cell).

    3. Since Bell already collects and stores all this data, this CRTC filing was about getting permission to profit more off of this retained data. In Bell’s own words, “we already collect it and have it. We want to do more with it to profit from it”.

    And from the other day when Bell was before the senate committee, it seems both the Harper gov and the conservative loaded senate is giving Bell the green light to continue collecting data on everyone, and anyone a Bell customer communicates/associates with online.

    The green light to all of this is pointing right at the Harper gov.

  5. Peter MacKay says:

    New Telco Needed!
    Time to crowdfund a privacy-first, gigabit internet service provider with free VPN who refuses to comply with any warantless requests for subscriber data and discloses every disclosure.

    I would pay a major premium for this.

    Any wealthy philanthropists on board?

  6. Robert Love says:

    Canada coordinating laws with USA
    Seems like parts of C-13 are currently also being considered in the USA.
    http://motherboard.vice.com/read/the-senates-new-cispa-bill-might-let-law-enforcement-create-backdoor-wiretaps

    https://plus.google.com/+RobertLove/posts

  7. So the matter was so urgent 1.2 million times that they couldn’t wait for a warrant? A reasonable judge probably would not have issued the warrants. Are there 1.2 million terrorists in Canada? Essentially the police (RCMP etc ) are spying on the daily activities of Canadians. Looks like the old East Germany/Soviet Union (Stasi/KGB). I’m sure there is a charter infringement in all this.

  8. to gv

    You ask: “How do you file an Access for Information request to a provider?
    I am getting interested in filing an information request to my cell phone provider, any idea how this is done? for Fido.”

    Maybe this will help you: http://bccla.org/dont-spy-on-me/10388-2/