Post Tagged with: "metadata"

Metadata by gabitogol CC BY 2.0 https://flic.kr/p/b3bxSv

The Lawful Access Privacy Risks: Unpacking Bill C-22’s Expansive Metadata Retention Requirements

Much of the discussion around the new lawful access bill (Bill C-22) has focused on provisions that improved upon Bill C-2, notably the decision to scrap the warrantless information demand power by requiring judicial oversight for access to subscriber information. Yet despite that improvement, there remain serious privacy concerns with the government’s latest iteration of lawful access. Buried in the second half of Bill C-22 is a provision granting the government the power to require “core providers” to retain categories of metadata, including transmission data, for up to one year. This is mandatory metadata retention that would require telecom and electronic service providers to store information about the communications of all their users, regardless of whether those users are suspected of anything. It is one of the most privacy invasive tools a government can deploy and the international experience suggests that there are major privacy risks.

Read more ›

March 17, 2026 2 comments News

Against Oversight: Why Fixing the Oversight of Canadian Surveillance Won’t Solve the Problem

Last summer, I discussed the Snowden leaks and concerns about Canadian surveillance activities with a senior government official. The official remarked that in the wake of the Snowden revelations the political risk did not lie with surveillance itself, since most Canadians basically trusted their government and intelligence agencies to avoid misuse (the steady stream of Snowden leaks and Canada’s increasingly apparent role may have changed this analysis). Rather, the real concern was with being caught lying about the surveillance activities. This person was of the view that Canadians would accept surveillance, but they would not accept lying about surveillance programs.

Those comments came to mind over the past week with the latest revelations about CSEC metadata surveillance. While the story has been characterized as an airport wifi surveillance issue, it is clear that the airport wifi angle misses the real concern. The leaked document and subsequent explanations reveal an attempt to identify travel patterns and geographic locations using user ID data over a two week period provided by a Canadian source (CSEC referred to this as metadata in the Senate committee hearing yesterday) along with a database of geo-locations of IP addresses supplied by Quova (I once served as an advisor to Quova). By identifying airport wifi IP addresses along with broader usage data and geo-identifying information, CSEC hopes to be able to identify locational movements of individual users. Bruce Schneier provides a helpful review of the likely intent of the program.

While some argued the program tracks Canadians and is therefore illegal (citing Charter violations and activities beyond the CSEC mandate), the Justice Minister maintains the program is legal and CSEC has defended the program in a release the day after the story broke and again at the Senate committee yesterday. Moreover, the CSEC Commissioner has posted a somewhat cryptic statement that emphasizes the independence of the review process. Ryan Gallagher has responded to those statements with a post arguing the denials are hollow.

Read more ›

February 4, 2014 16 comments News

The Privacy Threats in Bill C-13, Part Two: The Low Threshold for Metadata

My first post on the privacy threats in Bill C-13 focused on the voluntary disclosure of personal information and the complete civil and criminal immunity granted to intermediaries such as ISPs and telecom companies that provide such disclosures. This post focuses on the low threshold the bill establishes for a new “transmission data” warrant and explains why this represents a serious privacy risk.

The bill defines transmission data as data that:

(a) relates to the telecommunication functions of dialling, routing, addressing or signalling;
(b) is transmitted to identify, activate or configure a device, including a computer program as defined in subsection 342.1(2), in order to establish or maintain access to a telecommunication service for the purpose of enabling a communication, or is generated during the creation, transmission or reception of a communication and identifies or purports 
to identify the type, direction, date, time, duration, size, origin, destination or termination of the communication; 
(c) does not reveal the substance, meaning or purpose of the communication.

The bill creates a new warrant that allows a judge to order the disclosure of transmission data where there are reasonable grounds to suspect that an offence has been or will be committed, the identification of a device or person involved in the transmission will assist in an investigation, or will help identify a person. The government relies on the fact that this is a warrant with court oversight to support the claim that Canadians should not be concerned by this provision. Yet the reality is that there is reason for concern as the implications of treating metadata as having a low privacy value is enormously troubling.

Read more ›

December 11, 2013 4 comments News

20th Century Laws Meet 21st Century Surveillance: Why Metadata Surveillance is a Serious Concern

The concerns about telephone and Internet surveillance moved north yesterday as the Globe revealed  that Canada has its own metadata surveillance program. The program was discontinued in 2008 after concerns that it could involve illegal surveillance of Canadians, but was secretly restarted in 2011. It is not clear what change sparked the policy reversal (if there was a reversal – some believe the program was never stopped).  The issue was raised in the House of Commons, but the response from the government focuses on two claims: (1) that the surveillance does not target Canadians; and (2) that the data captured is metadata rather than content and therefore does not raise significant privacy issues.

Neither response should provide Canadians concerned for their privacy with much comfort as it increasingly apparent that Canada has 20th century protections in a world of 21st century surveillance.

Read more ›

June 11, 2013 6 comments News

Report Confirms Canada Has Its Own Phone Meta-Data and Internet Surveillance Program

Over the weekend, I posted a lengthy piece on why Canadians should be demanding answers about secret surveillance programs in the wake of the U.S. revelations about Verizon meta-data on all phone calls and the PRISM program that involves access to leading Internet company data. The focus of the piece […]

Read more ›

June 10, 2013 7 comments News