As the world grapples with the recent terrorist attacks in Paris, the policy implications for issues such as the acceptance of refugees and continued military participation in the fight against ISIL have unsurprisingly come to the fore. The attacks have also escalated calls to reconsider plans to reform Canadian privacy and surveillance law, a key election promise from the Trudeau government.
My weekly technology law column (Toronto Star version, homepage version) argues that despite the temptation to slow the re-examination of Canadian privacy and surveillance policy, the government should stay the course. The Liberals voted for Bill C-51, the controversial anti-terror law, during the last Parliament, but promised changes to it if elected. Even in the face of a renewed terror threat, those changes remain essential and should not have an adverse impact on operational efforts to combat terror threats that might surface in Canada.
Read more ›
Canada’s controversial anti-terrorism bill, Bill C-51, has emerged as a key talking point in the current election campaign. Pointing to its big implications for privacy and surveillance, the NDP sees political opportunity by emphasizing its opposition to the bill, while the Liberals have been forced to defend their decision to support it (but call for amendments if elected). The Conservatives unsurprisingly view the bill as evidence of their commitment to national security and have even floated the possibility of additional anti-terror measures.
While Bill C-51 now represents a legislative shorthand for the parties positions on privacy and surveillance, a potentially bigger privacy issue merits closer attention.
My weekly technology law column (Toronto Star version, homepage version) notes that last year, the government concluded more than a decade of debate over “lawful access” legislation by enacting a bill that provided new law enforcement powers for access to Internet and telecom data. The bill came just as reports revealed that telecom providers faced more than a million requests for such information each year and the Supreme Court of Canada issued its landmark Spencer decision, which ruled that Canadians have a reasonable expectation of privacy in their basic subscriber information, including name, address, and IP address.
Read more ›
After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.
While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.
The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.
My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill. Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.
Read more ›
The Canadian Press reports that the RCMP has abandoned some Internet-related investigations because it is unable to obtain warrantless access to subscriber information. The article is based on an internal memo expressing concern with the additional work needed to apply for a warrant in order to obtain access to subscriber information. The changes have arisen due to the Supreme Court of Canada’s Spencer decision, which held that there is a reasonable expectation of privacy in subscriber information. As a result, it is believed that most telecom and Internet providers have rightly stopped voluntary disclosures without a warrant (some have still not publicly stated their disclosure practices).
The article notes how easily subscriber information was disclosed prior to Spencer:
Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day. The agencies say that following the Supreme Court ruling about 10 hours are needed to complete the 10-to-20 pages of documentation for a request, and an answer can take up to 30 days.
The troubling aspect of the story is not that some investigations are being curtailed because law enforcement is now following due process and that telecom providers are requiring a warrant before disclosing subscriber information. It is that for millions of requests prior to Spencer, it took nothing more than five minutes to fill out a form with the information voluntarily released without court oversight and without notifying the affected subscriber.
Read more ›