Since its introduction in mid-February, the privacy and law enforcement communities have continued to express their views on the bill, but Canada’s telecom service providers, which include the major telecom carriers and Internet service providers, have remained strangely silent. The silence is surprising given the enormous implications of the bill for the privacy of their customers and the possibility of millions of dollars in new surveillance equipment costs, active cooperation with law enforcement, and employee background checks.
While some attribute the Internet surveillance silence to an attempt to avoid picking sides in the high stakes privacy and security battle, documents obtained under the Access to Information Act offer a different, more troubling explanation. My weekly technology law column notes (Toronto Star version, homepage version) in the months leading up to the introduction Bill C-30, Canada’s telecom companies worked actively with government officials to identify key issues and to develop a secret Industry – Government Collaborative Forum on Lawful Access.
The inaugural meeting, held just three weeks before Bill C-30 was introduced, included invitations to eleven companies (Bell Canada, Cogeco, Eagle, MTS Allstream, Quebecor, Research In Motion, Rogers, Sasktel, Telus, VidÃ©otron, and Wind Mobile) along with two industry associations (the Canadian Wireless Telecommunications Association and the Canadian Network Operators Consortium).
The secret working group is designed to create an open channel for discussion between telecom providers and government. As the uproar over Bill C-30 was generating front-page news across the country, Bell reached out to government to indicate that “it was working its way through C-30 with great interest” and expressed desire for a meeting to discuss disclosure of subscriber information. A few weeks later, it sent another request seeking details on equipment obligations to assist in its costing exercises.
Months before the January 2012 meeting, officials worked with the telecom companies to identify many concerns and provide guidance on the government’s intent on Internet surveillance regulations, information that has never been publicly released.
For example, a December 2011 draft list of lawful access issues features questions about surveillance of social networks, cloud computing facilities, and Wi-Fi networks. The telecom companies raise many questions about compensation, such as “a formula for adequate compensation” for the disclosure of subscriber information as well as payment for testing surveillance capabilities and providing surveillance assistance.
At a September 2011 meeting that included Bell Canada, Cogeco, RIM, Telus, Rogers, Microsoft, and the Information Technology Association of Canada, government officials provided a lawful access regulations policy document that offered guidance on plans for extensive regulations that will ultimately accompany the Internet surveillance legislation.
The 17-page document indicates that providers will be required to disclose certain subscriber information without a warrant within 48 hours and within 30 minutes in exceptional circumstances. Interceptions of communications may also need to be established within 30 minutes of a request with capabilities that include simultaneous interceptions for five law enforcement agencies.
The close cooperation between the government and telecom providers has created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers. Meanwhile, privacy and civil society groups, opposition MPs, and millions of interested Canadians are kept in the dark about the full extent of the government’s plans. The public has already indicated its opposition to the bill. The secrecy and backroom industry talks associated with Bill C-30 provides yet another reason to hit the reset button.