Come back with a warrant by Rosalyn Davis (CC BY-NC-SA 2.0) https://flic.kr/p/aoPzWb

Lawful Access

Why Public Safety Minister Blaney Gets It Wrong on Privacy and Warrantless Disclosures

The House of Commons engaged in active debate on privacy this week, spurred by an NDP motion from MP Charmaine Borg. The motion reads:

That, in the opinion of the House, the government should follow the advice of the Privacy Commissioner and make public the number of warrantless disclosures made by telecommunications companies at the request of federal departments and agencies; and immediately close the loophole that has allowed the indiscriminate disclosure of the personal information of law-abiding Canadians without a warrant.

The government voted down the motion on Tuesday, but the Monday debate provided new insights into the government’s thinking on privacy. Unfortunately, most of its responses to concerns about warrantless disclosures were either wrong or misleading. In particular, Steven Blaney, the Minister of Public Safety, raised at least four issues in his opening response that do not withstand closer scrutiny.

May 7, 2014 — 3 comments — News

Five Measures to Help Counter the Tidal Wave of Secret Telecom Disclosures

The House of Commons engaged in an extensive debate on privacy yesterday in response to an NDP motion that would require the government to disclose the number of warrantless disclosures made by telecom companies. I’ll have more on the debate shortly (it’s worth reading), but the government has made it clear that it will not be supporting the motion.

My weekly technology law column (Toronto Star version, homepage version) notes that the revelations of massive telecom and Internet provider disclosures of subscriber information generated a political firestorm with pointed questions to Prime Minister Stephen Harper in the House of Commons about how the government and law enforcement agencies could file more than a million requests for Canadian subscriber information in a single year.

The shocking numbers come directly from the telecom industry after years of keeping their disclosure practices shielded from public view. They reveal that Canadian telecom and Internet providers are asked to disclose basic subscriber information every 27 seconds. In 2011, that added up to 1,193,630 requests, the majority of which were not accompanied by a warrant or court order. The data indicates that telecom and Internet providers gave the government what it wanted – three providers alone disclosed information from 785,000 customer accounts.

The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act).

May 6, 2014 — 8 comments — Columns

Bill C-13: Podcast on Cyber-Bullying and Internet Surveillance Legislation

I appeared on The Docket podcast with Leo Russomanno and Michael Spratt to discuss the Conservative governments new cyber-bullying / internet surveillance legislation – Bill C-13.

May 2, 2014 — Comments are Disabled — ExtPodcasts

Is a Canadian Telco Allowing the Government To Mirror Its Subscriber Communications?

The recent revelations regarding massive telecom and Internet provider disclosures of subscriber information has generated a political firestorm with pointed questions yesterday to Prime Minister Stephen Harper in the House of Commons. While Harper tried to provide reassurances that warrants were obtained where necessary, the reality is that the law […]

May 1, 2014 — 8 comments — News

Canadian Telcos Asked to Disclose Subscriber Data Every 27 Seconds

Every 27 seconds. Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant).

In most warrantless cases, the telecommunications companies were entitled to say no. The law says that telecom companies and Internet providers may disclose personal information without a warrant as part of a lawful investigation or they can withhold the information until law enforcement has obtained a warrant. According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher. Moreover, virtually all providers sought compensation for complying with the requests.

These stunning disclosures, which were released by the Office of the Privacy Commissioner of Canada, comes directly from the telecom industry after years of keeping their disclosure practices shielded from public view. In fact, the industry was reluctant to provide the information to even the Privacy Commissioner.

According to correspondence I obtained under the Access to Information Act, after the Commissioner sent letters to the 12 biggest telecom and Internet providers seeking information on their disclosure practices, Rogers, Bell and RIM proposed aggregating the information to keep the data from individual companies secret. The response dragged on for months, with Bell admitting at one point that only four providers had provided data and expressing concern about whether it could submit even the aggregated response since it would be unable to maintain anonymity [I’ve released the full ATIP I received here].

April 30, 2014 — 29 comments — News