Post Tagged with: "privacy"

"We know you're mobile. Now we are too." by Neal Jennings (CC BY-NC-SA 2.0) https://flic.kr/p/dfFCeQ

Warrantless Subscriber Disclosures and the CBSA: Digging into the Details

Earlier this year, reports indicated that the Canadian Border Services Agency had requested subscriber information over 18,000 times in a single year, with the vast majority of the requests and disclosures occuring without a warrant. The information came to light through NDP MP Charmaine Borg’s efforts to obtain information on government agencies requests for subscriber data. Borg followed up the initial request with a more detailed list of questions and earlier this week she receive the government’s response.

The latest response confirms the earlier numbers and sheds more light on CBSA practices. First, the CBSA confirms that requests for subscriber information are conducted without a court order by relying upon Section 43 of the Customs Act. It provides:

September 17, 2014 — 2 comments — News

Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

BC Court Rules on Signing Away Your Reasonable Expectation of Privacy

Canadian privacy law has long been reliant on the principle of “reasonable expectation of privacy.” The principle is particularly important with respect to the Charter of Rights and Freedoms, as the Supreme Court of Canada has held that the right to be free from unreasonable search and seizure is grounded in a reasonable expectation of privacy in a free and democratic society.

The reasonable expectation of privacy standard provides a useful starting point for analysis, but the danger is that privacy rights can seemingly be lost with little more than a contractual provision indicating that the user has no privacy. Indeed, if privacy rights can disappear based on a sentence in a contract that few take the time to read (much less assess whether they are comfortable with), those rights stand on very shaky ground.

My weekly technology law column (Toronto Star version, homepage version) notes the limits of the reasonable expectation of privacy standard emerged in a recent British Columbia Court of Appeal case involving the search of a courier package that contained illegal drugs. The court rejected claims of an illegal search, concluding that the defendant had no reasonable expectation of privacy despite the fact that he had no commercial relationship with the courier company and had never agreed to, or even viewed, the terms of the contract.

August 27, 2014 — 9 comments — Columns

Credit Cards by Sean MacEntee (CC BY 2.0) https://flic.kr/p/kkUu3B

From Cell Towers to Credit Card Data: Telecom Privacy Case Reveals Scope of Police Demands for Subscriber Information

Last month, media reports covered a recently released Ontario court decision involving a Peel Regional Police warrant application for subscriber data from Telus and Rogers. The two telecom companies challenged the order, arguing that it was overbroad. The police withdrew the order in favour of a more limited request, but the court decided that the Charter issues raised by the request should still be examined.

The money quote from the judge – “the privacy rights of the tens of thousands of cell phone users is of obvious importance” – captured the attention, but the case is more interesting for the data it provides on police warrant applications for subscriber data. The case reveals that Telus received approximately 2,500 production orders and general warrants in 2013, while Rogers produced 13,800 files in response to production orders and search warrants that year.

Even more interesting is how the police were seeking access to a huge amount of subscriber information by asking for all records involving dozens of cell phone towers, including subscriber data, billing information, bank data, and credit card information. The specifics as described by the court:

August 14, 2014 — 4 comments — News

Silence by Alberto Ortiz (CC BY-NC-ND 2.0) https://flic.kr/p/3cRLS7

Why Has Bell Remained Silent on Its Subscriber Information Disclosure Practices?

In the aftermath of the Supreme Court of Canada’s Spencer decision, several leading Canadian ISPs have publicly announced that they have changed their practices on the disclosure of subscriber information (including basic subscriber information such as name and address) to law enforcement. For example, Rogers announced that it will now require a warrant or court order prior to disclosing information to law enforcement except in emergency situations. Telus advised that it has adopted a similar practice and TekSavvy indicated that that has long been its approach. SaskTel says that it will release name, address, and phone number.

Unlike its competitors, Bell has remained largely silent in recent weeks. In media reports, the company says little more than that it follows the law. In fact, the Toronto Star’s Alex Boutilier tweets that the company is now declining to respond to journalist inquiries about the issue. In the past, the company was a clear supporter of disclosing “pre-warrant” information in some circumstances to law enforcement. As detailed in this Canadian Bar Association article:

July 24, 2014 — 20 comments — News

Come Back With a Warrant doormat, Cindy's place, Noe Valley, San Francisco, CA by Cory Doctorow (CC BY-SA 2.0) https://flic.kr/p/bB3VJN

Come Back With a Warrant: How Will the Canadian Government Respond to the Supreme Court’s Reshaping of Privacy Law?

Canadian Internet and telecom providers have, for many years, disclosed basic subscriber information, including identifiers such as name, address, and IP address, to law enforcement without a warrant. The government has not only supported the practice, but actively encouraged it with legislative proposals designed to grant full civil and criminal immunity for voluntary disclosures of personal information.

Last month, the Supreme Court of Canada struck a blow against warrantless disclosure of subscriber information, ruling that there is a reasonable expectation of privacy in that information and that voluntary disclosures therefore amount to illegal searches.

My weekly technology law column (Toronto Star version, homepage version) notes the decision left little doubt that Internet and telecom providers would need to change their disclosure policies. Last week, Rogers, the country’s largest cable provider, publicly altered its procedures for responding to law enforcement requests by announcing that it will now require a court order or warrant for the disclosure of basic subscriber information to law enforcement in all instances except for life threatening emergencies (warrantless disclosures may still occur where legislation provides the lawful authority to do so). Telus advised that it has adopted a similar approach.

July 21, 2014 — 12 comments — Columns