Post Tagged with: "metadata"

Surveillance by Quinn Daedal CC BY-SA 2.0 https://flic.kr/p/7LUX4i

Lawful Access Heads to Committee: The Opposition Found Its Voice, the Government Never Found Its Defence

After several days of debate in which the opposition to lawful access seemed half-hearted at best, the Conservatives woke up on Monday. MP after MP rose to argue, correctly, that Bill C-22 represents an unprecedented surveillance threat: mandated metadata retention (including location information) for up to a year, security vulnerabilities built into the interception architecture the bill requires, and a weakened legal standard for access to subscriber information. After days of debate with the government visibly struggling to defend its own legislation, this is precisely what the opposition should be targeting (coverage from day one, day two, day three).

April 22, 2026 — 3 comments — News

VR3_8228 by Vaughn Ridley/Collision via Sportsfile CC BY 2.0 https://flic.kr/p/2oKTXpQ

The Lawful Access Debate Begins: Canadians Should Pay Attention to What the Government Isn’t Saying

When the government introduced Bill C-2 last year, it buried the lawful access provisions at the end of an omnibus border security bill and said as little about it as possible. The strategy failed, the provisions were abandoned after widespread criticism, and the government spent months consulting stakeholders before trying again. Bill C-22, the Lawful Access Act, is the follow-up attempt. If the first day of House debate on the bill is any indication, the approach hasn’t changed, as the government is once again hoping no one notices what is actually in the bill.

April 15, 2026 — 1 comment — News

Metadata by gabitogol CC BY 2.0 https://flic.kr/p/b3bxSv

The Lawful Access Privacy Risks: Unpacking Bill C-22’s Expansive Metadata Retention Requirements

Much of the discussion around the new lawful access bill (Bill C-22) has focused on provisions that improved upon Bill C-2, notably the decision to scrap the warrantless information demand power by requiring judicial oversight for access to subscriber information. Yet despite that improvement, there remain serious privacy concerns with the government’s latest iteration of lawful access. Buried in the second half of Bill C-22 is a provision granting the government the power to require “core providers” to retain categories of metadata, including transmission data, for up to one year. This is mandatory metadata retention that would require telecom and electronic service providers to store information about the communications of all their users, regardless of whether those users are suspected of anything. It is one of the most privacy invasive tools a government can deploy and the international experience suggests that there are major privacy risks.

March 17, 2026 — 13 comments — News

Against Oversight: Why Fixing the Oversight of Canadian Surveillance Won’t Solve the Problem

Last summer, I discussed the Snowden leaks and concerns about Canadian surveillance activities with a senior government official. The official remarked that in the wake of the Snowden revelations the political risk did not lie with surveillance itself, since most Canadians basically trusted their government and intelligence agencies to avoid misuse (the steady stream of Snowden leaks and Canada’s increasingly apparent role may have changed this analysis). Rather, the real concern was with being caught lying about the surveillance activities. This person was of the view that Canadians would accept surveillance, but they would not accept lying about surveillance programs.

Those comments came to mind over the past week with the latest revelations about CSEC metadata surveillance. While the story has been characterized as an airport wifi surveillance issue, it is clear that the airport wifi angle misses the real concern. The leaked document and subsequent explanations reveal an attempt to identify travel patterns and geographic locations using user ID data over a two week period provided by a Canadian source (CSEC referred to this as metadata in the Senate committee hearing yesterday) along with a database of geo-locations of IP addresses supplied by Quova (I once served as an advisor to Quova). By identifying airport wifi IP addresses along with broader usage data and geo-identifying information, CSEC hopes to be able to identify locational movements of individual users. Bruce Schneier provides a helpful review of the likely intent of the program.

While some argued the program tracks Canadians and is therefore illegal (citing Charter violations and activities beyond the CSEC mandate), the Justice Minister maintains the program is legal and CSEC has defended the program in a release the day after the story broke and again at the Senate committee yesterday. Moreover, the CSEC Commissioner has posted a somewhat cryptic statement that emphasizes the independence of the review process. Ryan Gallagher has responded to those statements with a post arguing the denials are hollow.

February 4, 2014 — 16 comments — News

The Privacy Threats in Bill C-13, Part Two: The Low Threshold for Metadata

My first post on the privacy threats in Bill C-13 focused on the voluntary disclosure of personal information and the complete civil and criminal immunity granted to intermediaries such as ISPs and telecom companies that provide such disclosures. This post focuses on the low threshold the bill establishes for a new “transmission data” warrant and explains why this represents a serious privacy risk.

The bill defines transmission data as data that:

(a) relates to the telecommunication functions of dialling, routing, addressing or signalling;
(b) is transmitted to identify, activate or configure a device, including a computer program as defined in subsection 342.1(2), in order to establish or maintain access to a telecommunication service for the purpose of enabling a communication, or is generated during the creation, transmission or reception of a communication and identifies or purports â€¨to identify the type, direction, date, time, duration, size, origin, destination or termination of the communication;
(c) does not reveal the substance, meaning or purpose of the communication.

The bill creates a new warrant that allows a judge to order the disclosure of transmission data where there are reasonable grounds to suspect that an offence has been or will be committed, the identification of a device or person involved in the transmission will assist in an investigation, or will help identify a person. The government relies on the fact that this is a warrant with court oversight to support the claim that Canadians should not be concerned by this provision. Yet the reality is that there is reason for concern as the implications of treating metadata as having a low privacy value is enormously troubling.

December 11, 2013 — 4 comments — News