Who Needs Lawful Access?: Cdn Telcos Hand Over Data on Thousands of Subscribers Without a Warrant

The debate over Bill C-13, the government’s latest lawful access bill, is set to resume shortly.  The government has argued that the bill should not raise concerns since new police powers involve court oversight and the mandatory warrantless disclosure provisions that raised widespread concern in the last bill have been removed.  While that is the government’s talking points, I’ve posted on how this bill now includes incentives for telecom companies and other intermediaries to disclose subscriber information without court oversight since it grants them full civil and criminal immunity for doing so. Moreover, newly released data suggests that the telecom companies don’t seem to need much of an incentive as they are already disclosing subscriber data on thousands of Canadians every year without court oversight.

This week, the government responded to NDP MP Charmaine Borg’s request for information on government agencies requests to telecom providers for customer information. The data reveals that the telecom companies have established law enforcement databases that provides ready access to subscriber information. For example, the Competition Bureau reports that it “accessed the Bell Canada Law Enforcement Database” 20 times in 2012-13.  The wording may be important, since the Bureau indicates that it accessed the information, rather than Bell provided it. It is not clear what oversight or review is used before a government agency may access the Bell database.

The Canada Border Services Agency report featured the biggest numbers with 18,849 requests in one year for subscriber information including geolocation data and call records. The CBSA obtained a warrant in 52 cases with all other cases involving a simple request without court oversight. The telecom providers fulfilled the requests virtually every time – 18,824 – and the CBSA paid between $1.00 and $3.00 per request. The RCMP presumably has far higher numbers, but it says that it does not keep track in a centralized database (an earlier access to information request revealed even bigger numbers).

While this data provides only a glimpse at warrantless disclosure of subscriber information, it confirms fears that telecom companies provide such information tens of thousands of times every year without court oversight (and perhaps without even internal oversight if access to a database is granted). The law may grant telecom companies the right to disclose subscriber information without a warrant, but the pervasive warrantless disclosure is deeply troubling and represents an abdication by telecom providers of their responsibility to safeguard the privacy of their subscribers.


  1. I have been saying this is probably happening. People afraid to switch to Tekksavvy because they were ordered to provide data on downloaders.. People just don’t realize that Rogers and Bell have most likely been asked for the same information and just handed it over quietly.

  2. @Chris
    Teksavvy was one of the providers that didn’t even respond to letters to the company to reveal the extent to which they voluntarily, and under compulsion, disclose information about their subscribers to state agencies:

    My suspicion is, it’s a problem with all teleco’s in Canada, not just the big guys. Why would the RCMP, CBSA stop at Bell, and Rogers. That’s wouldn’t make any sense. If anything, I think the small providers need to come completely clean on government access to subscriber records. I think we would expect them too under these circumstances.

  3. Hrmmmm
    “The wording may be important, since the Bureau indicates that it accessed the information, rather than Bell provided it.”

    It could likely be argued that because Bell created a database system, and the tools to access that system, and provided those tools to law enforcement to use and such consume the subscriber data at will, that Bell *did* provide law enforcement with that Data in an automated fashion.

  4. @Ryan
    I’m a database admin. On a technical stand point, most ISPs already have databases which correlate IP addresses to subscriber information for normal business practices. Most of that is already automated. All it would take is a few lines of SQL to accommodate law enforcement and granting law enforcement access to that database. I would also suspect, as we’ve seen in recent months, that the teleco’s are being paid a good sum of money to give law enforcement access to these databases, and to keep hush about it:

  5. drivebycommentor says:

    ummmm… how can this be legal? how can this NOT be a violation of privacy laws that we assumed were in place to protect Canadain consumers ?
    >> I have been saying this is probably happening. …
    >> People just don’t realize that Rogers and Bell have most likely been asked
    >> for the same information and just handed it over quietly.

    How can this be legal? How can this NOT be a violation of privacy laws that we all assumed were in place to protect Canadian consumers?

    Does anyone have a link for sending complaints to the Canadian Privacy Commissioner?

  6. David Collier-Brown says:

    “Attractive nuisance”
    At the expense of being repetitive, we should not see telcos keeping information about their customers past the day they’re done using it for billing, as it make them attractive to lawsuits and court orders. Our government should be setting strict limits on how long personal information is kept, rather than the opposite.

    This goes double for ISPs, as it makes them attractive not just to police and security services, but also to plain ordinary criminals seeking information for identity theft or sale to copyright trolls.

  7. WreckingBall says:

    CSEC & Government have their fangs in our data.
    I’ve been waiting to hear the government reply to all of MA Borg’s request in January. Now I see that, in general, the government has pretty much stonewalled the issue.

    Question is; why were the telcoms given immunity in the CSEC or CSIS legislation in the first place? Did the telcoms balk when it became apparent that the amount of metadata being requested by CSEC & CSIS was beyond the pall? If so, the telcoms probably realized that gathering people’s metadata was likely illegal so they quietly asked for some guarantee of immunity from prosecution. The Government went along and as a consequence, we now have telcoms that can give our information away for the asking.
    This must be stopped immediately and the immunity clause repealed. If government wants to access the telcoms records of our metadata then a warrant is required. Enough of this secret,warrantless spying.

  8. Dan the Ham says:

    There are things you can do today
    I am incensed at this workaround of Canadian liberties. There are things you can do immediately.
    Browse the Privacy Policy of your Telecom provider, they will state that they must provide you a contact in their company who deals with Privacy. Register a complaint with them first before you take it to the privacy commissioner. The Privacy Commissioner will ignore your complaint if you don’t follow the rules by informing the scofflaw company first.
    As a separate section, ask for a list of companies that your personal and aggregate information has been provided to. Per communications law, they must comply in a delayed half hearted fashion.
    Ask to opt out of any information sharing of your personal metadata, geographical data, linking data, and other personal identifiers which the telcos use to resell to a host of advertising/government agencies. (They have the right to call you back to inform you of how terrible this will be for you and likely to tell you that you will not be able to access the internet on your smartphone).
    You may have to do this in three separate complaints, one for land line, one for cell phone and one for internet (and maybe television if they provide that service as well), as they will only address the single complaint to the service that you were complaining about.
    Write to your MP, tell them you do not support this usurping of the constitutional right to unreasonable search and seizure, don’t forget to inform them that their information and that of their aides will be flagged in some manner by the security services.
    Ask to be placed on the national no call list, to add to your list of items.

  9. Neil Spoke TRUTH
    “And while there has been a public outcry in the US, Canadians are just fine with it.” – CBC’s Neil MacDonald on the spying program and warrantless wiretaps

  10. pat donovan says:

    plus, as far as i know, they’ve been doing it since the sixites.

  11. The Habit of Searching Phone Numbers Online
    This is applicable to in business transactions since if we would like to find a potential business partner, we can make use of this technology along with whitepages and yellowpages.

  12. Wondering is this is at all related
    Disabled woman denied entry to U.S. after agent cites supposedly private medical details

  13. Police forces routinely “ping” cell phones for location without warrant
    As someone that monitors radio communications of the Vancouver Police and RCMP in surrounding jurisdictions, I am constantly amazed at the number of times that police officers request dispatch to “ping” a cell phone number for location. This request is always performed by the dispatcher within seconds and a geolocation is provided.

  14. Jay, I hear that too….
    Listening to the police in the Fraser Valley. Says something for old, dumb phones that just talk and text.

  15. Double O Telco: licensed to screw
    “disclose subscriber information without court oversight since it grants them full civil and criminal immunity for doing so”

    Sounds a bit like the double-O agents: “licensed to kill”.

    Every time you bring up that less than 4 in 10 voters cast their vote for the Ruling Party, every pundit quickly goes on about bla bla “our” electoral system bla bla, next item please.

    But here you see it. A “licensed to kill” rule for Telcos to betray the trust of their own customers, just because convincing a judge might be a little inconvenient.

    But, at least we know it can be done. So now we need the same rules in place for whistleblowers, “government funded” scientists, ethical “white hat” hackers, employees with knowledge of illegal business dealings, etc. Let’s see how fast they will granted full civil and criminal immunity… (sound of crickets)

  16. Well Said, Byte!
    Well said indeed!

  17. Big Business Unethical…suprise.
    I’m incensed but not shocked to learn that the telcos are treating client privacy with such disregard. Business executives are increasingly less ethical. Their whole objective is to exploit existing practices for every dollar possible. They cut shady deals and then masquerade it as value added to investors. It’s pure fraud and even worse, endorsed and encouraged.

    The government is supposed to protect us from unethical big business. It’s quite apparent that big business and government can’t be kept at an arms length from each other. Who do you trust when the government sides with those they are supposed to regulate?

    The government falls all over itself with leniency and a blind eye when they can exploit it for their own gain or industry cries economy. Our economy is important but not at the expense of our core values of privacy and justice.

  18. aveinfosys says:

    Digital Marketing Services in INDIA USA UK CANADA SINGAPORE
    This Very useful information,thanks you information Provided

    Digital Marketing Services in INDIA USA UK CANADA SINGAPORE