Text: Small Text  Normal Text  Large Text  Larger Text

    Blog Archive

    PrevPrevApril 2014NextNext

    The Expansion of Warrantless Disclosure Under S-4: Government's Response Fails to Reassure

    PDF  | Print |  E-mail
    Monday April 14, 2014
    My post and column on the expansion of warrantless disclosure under Bill S-4, the misleadingly named Digital Privacy Act, has attracted some attention and a response from Industry Canada.  The department told iPolitics:

    "Companies who share personal information are required to comply with the rules to ensure that information is only disclosed for the purpose of conducting an investigation into a contravention of a law or breach of an agreement. For example, self-regulating professional associations, such as a provincial law society, may wish to investigate allegations of malpractice made by a client. When organizations are sharing private information, the Privacy Commissioner can investigate violations and may take legal action against companies who do not follow the rules. This is consistent with privacy laws in British Columbia and Alberta and was recommended by the Standing Committee Access to Information, Privacy and Ethics."

    The response may sound reassuring, but it shouldn't be.

    , , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare

    How Telcos and ISPs Hand Over Subscriber Data Thousands of Times Each Year Without a Warrant

    PDF  | Print |  E-mail
    Tuesday April 01, 2014
    Appeared in the Toronto Star on March 29, 2014 as Internet Data Routinely Handed Over Without a Warrant

    The lawful access fight of 2012, which featured then-Public Safety Minister Vic Toews infamously claiming that the public could side with the government or with child pornographers, largely boiled down to public discomfort with warrantless access to Internet subscriber information. The government claimed that subscriber data such as name, address, and IP address was harmless information akin to data found in the phone book, but few were convinced and the bill was ultimately shelved in the face of widespread opposition.

    The government resurrected the lawful access legislation last year as a cyber-bullying bill, but it has been careful to reassure concerned Canadians that the new powers are subject to court oversight.  While it is true that Bill C-13 contains several new warrants that require court approval (albeit with a lower evidentiary standard), what the government fails to acknowledge is that telecom companies and Internet providers already hand over subscriber data hundreds of times every day without court oversight.  In fact, newly released data suggests that the companies have established special databases that grant law enforcement quick access to subscriber information without a warrant for a small fee.

    The latest data comes from a government response to NDP MP Charmaine Borg's effort to obtain information on government agencies requests for subscriber data. While many agencies refused to disclose the relevant information, Canada Border Services Agency revealed that it had made 18,849 requests in one year for subscriber information including geo-location data and call records.

    The CBSA obtained a warrant in 52 instances with all other cases involving a simple request without court oversight. The telecom and Internet providers fulfilled the requests virtually every time - 18,824 of 18,849 - and the CBSA paid a fee of between $1.00 and $3.00 for each request.

    The CBSA revelations follow earlier information obtained under the Access to Information Act that the RCMP alone made over 28,000 requests for subscriber information in 2010 without a warrant. These requests go unreported - subscribers don't know their information has been disclosed and the Internet providers and telecom companies aren't talking either.

    The recent disclosures also reveal that the telecom companies have established law enforcement databases that provide ready access to subscriber information in a more efficient manner. For example, the Competition Bureau reports that it "accessed the Bell Canada Law Enforcement Database" 20 times in 2012-13. 

    The absence of court oversight may surprise many Canadians, but the government actively supports the warrantless disclosure model. In 2007, it told the Privacy Commissioner of Canada that an exception found in the private sector privacy law to allow for warrantless disclosure was "designed to allow organizations to collaborate with law enforcement and national security agencies without a subpoena, warrant or court order." The cyber-bullying bill further supports the warrantless disclosure model since it contains a provision that grants Internet providers and telecom companies full immunity from any civil or criminal liability for voluntarily disclosing subscriber information.

    While much of the warrantless disclosure data remains shrouded in secrecy - many government departments refuse to divulge details about their practices and the telecom companies and Internet providers have declined requests to come clean - the latest revelations confirm fears that subscriber information is disclosed tens of thousands of times every year without court oversight.

    The law may grant the companies the right to disclose subscriber information without a warrant, but the pervasive warrantless disclosure is still deeply troubling and represents an abdication of their responsibility to safeguard the privacy interests of their subscribers.

    Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

    , , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare

    Industry Canada Says "Modernizing Privacy Regime" Planned for 2014-15

    PDF  | Print |  E-mail
    Friday March 07, 2014
    Industry Canada's Report on Plans and Priorities for 2014-15 includes a notable paragraph on priorities for the digital economy.  The report states:

    In 2014–15, Industry Canada will deliver the telecommunications consumer commitments included in the 2013 Speech from the Throne. These include taking legislative action to amend the Telecommunications Act to reduce roaming costs and prevent wireless providers from charging other companies more than they charge their own customers for mobile services. The Department will also protect consumer interests by encouraging compliance and adopting more effective remedies, including administrative monetary penalties, when violations occur. Industry Canada will continue to promote investment in high-speed broadband networks for rural Canadians.

    These priorities are an important part of a robust digital economy. Other elements will include: modernizing the privacy regime to better protect consumer privacy online; monitoring the implementation of Canada's anti-spam legislation; and deepening analysis of Canada's communications infrastructure.

    While the telecom actions were expected, the commitment to modernizing Canadian privacy laws is new (albeit long overdue).  Previous privacy reform bills died on last year, leaving the government years behind in addressing PIPEDA reform. The Industry Canada report suggests that some legislative action may finally be on the way.
    , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare

    Why Canada's Telecom Companies Should Come Clean About Customer Information

    PDF  | Print |  E-mail
    Wednesday January 29, 2014
    Earlier this week, I wrote a column (Toronto Star version, homepage version) arguing that Canada's telecom companies should come clean about their disclosures of customer information. That column was in response to a public letter from leading civil liberties groups and academics  sent to Canada's leading telecom companies asking them to shed new light into their data retention and sharing policies. The letter writing initiative, which was led by Christopher Parsons of the Citizen Lab at the University of Toronto's Munk School of Global Affairs, is the latest attempt to address the lack of transparency regarding how and when Canadians' personal information may be disclosed without their knowledge to law enforcement or intelligence agencies.

    That initiative has now effectively been joined by the Office of the Privacy Commissioner of Canada and NDP MP Charmaine Borg. Chantal Bernier, the interim Privacy Commissioner of Canada, released recommendations yesterday designed to reinforce privacy protections in the age of cyber-surveillance. The report includes the following recommended reform to PIPEDA:

    require public reporting on the use of various disclosure provisions under PIPEDA where private-sector entities such as telecommunications companies release personal information to national security entities without court oversight.

    , , ,
    Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
    << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

    Results 1 - 4 of 57