Come Back With a Warrant doormat, Cindy's place, Noe Valley, San Francisco, CA by Cory Doctorow (CC BY-SA 2.0) https://flic.kr/p/bB3VJN

Come Back With a Warrant doormat, Cindy's place, Noe Valley, San Francisco, CA by Cory Doctorow (CC BY-SA 2.0) https://flic.kr/p/bB3VJN

Columns

Come Back With a Warrant: How Will the Canadian Government Respond to the Supreme Court’s Reshaping of Privacy Law?

Canadian Internet and telecom providers have, for many years, disclosed basic subscriber information, including identifiers such as name, address, and IP address, to law enforcement without a warrant. The government has not only supported the practice, but actively encouraged it with legislative proposals designed to grant full civil and criminal immunity for voluntary disclosures of personal information.

Last month, the Supreme Court of Canada struck a blow against warrantless disclosure of subscriber information, ruling that there is a reasonable expectation of privacy in that information and that voluntary disclosures therefore amount to illegal searches.

My weekly technology law column (Toronto Star version, homepage version) notes the decision left little doubt that Internet and telecom providers would need to change their disclosure policies. Last week, Rogers, the country’s largest cable provider, publicly altered its procedures for responding to law enforcement requests by announcing that it will now require a court order or warrant for the disclosure of basic subscriber information to law enforcement in all instances except for life threatening emergencies (warrantless disclosures may still occur where legislation provides the lawful authority to do so). Telus advised that it has adopted a similar approach.

The change in policy, which should ultimately be mirrored by all Canadian providers, will have a massive impact on how law enforcement operates and on the privacy of millions of Canadians. Simply put, the number of government requests for subscriber information has been staggering, most of which occur without court oversight.

A 2011 document supplied to the Privacy Commissioner of Canada advised of 1.2 million requests for subscriber information affecting roughly 750,000 account holders. While that revelation garnered media headlines across the country, a little-noticed 2013 document from Public Safety Canada released under the Access to Information Act indicates that in excess of a million requests annually has been standard for years (page 112 of the document).

The document states that ITAC members (the Information Technology Association of Canada that counts major telecom providers among its members) “handled 1,130,000 basic subscriber information requests annually from 2006 to 2008.”

As Canadian telecom and Internet providers race to comply with the law by reversing longstanding practices, law enforcement and the government must also catch up. Law enforcement will rarely seek voluntary disclosure (except in exigent circumstances) since it is likely to be treated as an illegal search and the resulting information will be inadmissible in court.

Meanwhile, Justice Minister Peter MacKay faces an important decision. With law enforcement not seeking voluntary disclosure of personal information and providers requiring a warrant, the government’s proposed immunity provision in Bill C-13 now seems inoperable since it is contingent on a lawful voluntary disclosure, which customer name and address information is not.

The Canadian government could adopt the “bury our heads in the sand approach” by leaving the provision unchanged, knowing that it will be unused or subject to challenge. That would run counter to the spirit of the Supreme Court ruling, however, and do nothing to assist law enforcement.

If the government is serious about providing law enforcement with the tools they need to address online harms, it will drop the voluntary disclosure immunity provision in Bill C-13 and its companion proposal in Industry Minister James Moore’s Bill S-4, which seeks to expand voluntary disclosure in non-law enforcement cases.

In their place, a new subscriber information warrant could be developed that ensures court oversight, an appropriate evidentiary standard given the Supreme Court’s finding of the privacy import of such information, and a system to allow law enforcement to apply for a subscriber information warrant expeditiously.

While government MPs were unmoved during committee hearings by repeated expression concerns from experts about the voluntary disclosure provisions, the Supreme Court decision effectively reshaped Canadian privacy law and has forced everyone to rethink longstanding practices. As Internet and telecom providers change their approach, the big question is whether the government is prepared to do the same.

12 Comments

  1. Curious George says:

    It would be nice if another question is addressed, is it the law in Canada, if I provide an unsecured Wi-Fi that I am legally responsible, or that I can be charged with downloading say a movie or music, if in fact I never downloaded anything illegal?

    Is that not like charging the owner of a car with impaired driving when it was a friend of his who borrowed the car and was driving in it at the time of complaint?

    It is ironical with all of the press coverage to date, (maybe I am blind) but I could find no such reference to users of WiFi or the actual owners.

    Nearly every coffeeshop, motel and restaurant now brag wifi, so its time someone answered that question.

    • Barry Duff says:

      I have thought of that over the years when IP addresses were use in court cases. With all the open WIFI networks.

    • Your example is completely wrong.
      It would be your car was seen hitting a child or destroying a building. There is evidence of your license plate at the crime scene. You claim you left the keys in the ignition.

      My thought, you should be criminally responsible for being reckless. I understand the loophole you are trying to do. I have an open wireless network…. I didn’t download that [Insert media here]. You can’t prove it was me either.

      I think you should put in the correct motions into blocking illegal things from happening on your open wireless network.

      But like you said, no law stopping you and technically under the Criminal Code (342.1), if a person uses your open wireless without your approval, it’s against the law.

      Most coffee shops and other places have blocks in place so you can’t do too much illegal stuff (bandwidth/protocol blocking). Also they keep their logs so they know which computer connected and did the illegal things, unless you use something to change your MAC address it’s easy enough to flag your machine while it’s connected to it.

      I would hesistate to connect to any open wireless as you do not know who is logging what. If any of your information is sent cleartext its as easy as reading a page to get your information.

      • Barry Duff says:

        Most places would not bother with logs around were I live.
        Just put a router in and then put on the board name and a password 1234567890. Maybe Hotels but then that can open up a can of worms.
        Can you please tell me what places keep records (logs) of everyone that uses a open network at coffee shops. restaurants etc.
        Besides any information that a government or police agency wants from those logs. As far as I can see should have a warrant. To stop fishing expeditions.
        At least I had to courage to use my name while you hide.
        Or do you have a reason to hide. ?

    • To answer ur question the bill payer is responsible for his/her internet logs on his WIfi. There is no excuse for criminal activity.

      The criminals will probably choose that lame ISP who keeps 90 day logs, but that is going to change. Canadian ISPs should follow the business model or Bell and Rogers and store ISP logs for at least 4-8 years.

      • F*ck Hollywood. If they don’t want people to download then they shouldn’t pay these actors millions for being a pretty face, then charging us $35.00 for a blu-ray that was made in some third world country for $2.00. Get a VPN that doesn’t log what you do and download like crazy. If I was PM I would still download from torrent sites and protect Canadians from Hollywood gouging.

  2. Pingback: Copywrong » Why Has Bell Remained Silent on Its Subscriber Information Disclosure Practices?

  3. No, the argument that the subscriber is responsible on account of not blocking illegal activity over his connection is dead wrong and has been rejected in the US, UK and most European countries.

    But let’s us take the car with the license plate spotted at the crime scene.

    If your car is spotted, but it can’t be proven that you was the driver, the police can only use the license number as a starting point for further investigation.

    This does not change with the lower burden of proof in a civil case.

    The plaintiff must still prove who did it.

    Or another example, if two persons share a computer, and one of them use it to store child pornography, the owner is not per se responsible.

  4. “The criminals will probably choose that lame ISP who keeps 90 day logs, but that is going to change. Canadian ISPs should follow the business model or Bell
    and Rogers and store ISP logs for at least 4-8 years.”

    Care to explain why it’s lame that an ISP refuses to act like Stasi by deleting data no longer necessary for billing.

    The Court of Justice of The European Union has ruled that mandatory data retention violates human rights, the same have the constitutional courts of several civilized nations.

    Do you work for a copyright troll?

  5. Pingback: Government Goes for the "Head in the Sand" Approach on Voluntary Warrantless Disclosures - Michael Geist

  6. Pingback: Voluntary Warrantless Disclosures – Chilliwack Today

  7. Pingback: Voluntary Warrantless Disclosures – Langley Today