After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.
While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.
The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.
My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill. Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.
Those provisions were dropped from Bill C-13, yet according to documents obtained under the Access to Information Act, both Internet providers and the government have been debating a “Plan B” on how to ensure that there are surveillance and interception capable networks.
Perhaps the most notable revelation is that Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. A 2013 memorandum prepared for the public safety minister reveals that Canadian telecom companies advised the government that the leading telecom equipment manufacturers, including Cisco, Juniper, and Huawei, all offer products with interception capabilities at a small additional cost.
In light of the standardization of the interception capabilities, the memo notes that the Canadian providers argue that “the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications.”
In other words, Canadian telecom providers are telling the government there is no need for legally mandated surveillance and interception functionality since they will be building networks that will feature those capabilities by default.
While Canadian network providers claimed that interception and surveillance capabilities would become a standard feature in their networks, government officials were not entirely convinced. Department officials argued that interception is a “complex process” and that legislative requirements were preferred.
In the absence of mandated surveillance and interception capabilities, another internal government memorandum emphasized the value of incorporating the technologies in wireless networks through spectrum licence requirements. The memorandum notes that Public Safety works with Industry Canada in developing those requirements and deals directly with providers to ensure that they meet the necessary standards.
The department’s stated goal is to “ensure that the lawful interception capabilities of public safety agencies are maximized within the existing legal framework.” In meeting its goal, the memorandum notes that it will work directly with the wireless providers to assess compliance levels and gain “valuable information on the interception capability currently available.”
The latest chapter of lawful access legislation may have come to a close, but the internal government documents suggest that the story is not yet over. With telecom providers suggesting that surveillance-capable networks are inevitable and government officials seeking alternatives to mandatory interception capabilities, the reality is that some of the issues at the heart of lawful access remain very much in play.