Come back with a warrant by Rosalyn Davis (CC BY-NC-SA 2.0) https://flic.kr/p/aoPzWb

Lawful Access

How Telcos and ISPs Hand Over Subscriber Data Thousands of Times Each Year Without a Warrant

The lawful access fight of 2012, which featured then-Public Safety Minister Vic Toews infamously claiming that the public could side with the government or with child pornographers, largely boiled down to public discomfort with warrantless access to Internet subscriber information. The government claimed that subscriber data such as name, address, and IP address was harmless information akin to data found in the phone book, but few were convinced and the bill was ultimately shelved in the face of widespread opposition.

My weekly technology law column (Toronto Star version, homepage version) notes the government resurrected the lawful access legislation last year as a cyber-bullying bill, but it has been careful to reassure concerned Canadians that the new powers are subject to court oversight. While it is true that Bill C-13 contains several new warrants that require court approval (albeit with a lower evidentiary standard), what the government fails to acknowledge is that telecom companies and Internet providers already hand over subscriber data hundreds of times every day without court oversight. In fact, newly released data suggests that the companies have established special databases that grant law enforcement quick access to subscriber information without a warrant for a small fee.

April 1, 2014 — 2 comments — Columns

Who Needs Lawful Access?: Cdn Telcos Hand Over Data on Thousands of Subscribers Without a Warrant

The debate over Bill C-13, the government’s latest lawful access bill, is set to resume shortly. The government has argued that the bill should not raise concerns since new police powers involve court oversight and the mandatory warrantless disclosure provisions that raised widespread concern in the last bill have been removed. While that is the government’s talking points, I’ve posted on how this bill now includes incentives for telecom companies and other intermediaries to disclose subscriber information without court oversight since it grants them full civil and criminal immunity for doing so. Moreover, newly released data suggests that the telecom companies don’t seem to need much of an incentive as they are already disclosing subscriber data on thousands of Canadians every year without court oversight.

This week, the government responded to NDP MP Charmaine Borg’s request for information on government agencies requests to telecom providers for customer information. The data reveals that the telecom companies have established law enforcement databases that provides ready access to subscriber information. For example, the Competition Bureau reports that it “accessed the Bell Canada Law Enforcement Database” 20 times in 2012-13. The wording may be important, since the Bureau indicates that it accessed the information, rather than Bell provided it. It is not clear what oversight or review is used before a government agency may access the Bell database.

March 26, 2014 — 18 comments — News

Why Canada’s Telecom Companies Should Come Clean About Customer Information

Earlier this week, I wrote a column (Toronto Star version, homepage version) arguing that Canada’s telecom companies should come clean about their disclosures of customer information. That column was in response to a public letter from leading civil liberties groups and academics sent to Canada’s leading telecom companies asking them to shed new light into their data retention and sharing policies. The letter writing initiative, which was led by Christopher Parsons of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, is the latest attempt to address the lack of transparency regarding how and when Canadians’ personal information may be disclosed without their knowledge to law enforcement or intelligence agencies.

That initiative has now effectively been joined by the Office of the Privacy Commissioner of Canada and NDP MP Charmaine Borg. Chantal Bernier, the interim Privacy Commissioner of Canada, released recommendations yesterday designed to reinforce privacy protections in the age of cyber-surveillance. The report includes the following recommended reform to PIPEDA:

require public reporting on the use of various disclosure provisions under PIPEDA where private-sector entities such as telecommunications companies release personal information to national security entities without court oversight.

January 29, 2014 — 5 comments — Columns

Why Canada’s Telecom Companies Should Come Clean About Customer Information

Appeared in the Toronto Star on January 25, 2014 as Why Canada’s Telecoms Should Come Clean About Customer Information Last week I joined leading civil liberties groups and academics in a public letter sent to Canada’s leading telecom companies asking them to shed new light into their data retention and […]

January 28, 2014 — 1 comment — Columns Archive

Why the Justice Ministers’ Report Fails To Make the Case for Bill C-13’s Lawful Access Provisions

Earlier this week, I posted on how Canadian law already features extensive rules that can be used to target cyberbullying, which raises questions about the prime justification for Bill C-13 (the cyber-bullying/lawful access bill). That post attracted a response from the Department of Justice, which (consistent with politicians and other officials) points to a June 2013 report on cyberbullying from federal and provincial justice ministers as the basis for Bill C-13.

While the government seems to think the report provides a solid foundation for its bill, the reality is that the justification in the report for the lawful access provisions stands on very shaky ground.

January 16, 2014 — 1 comment — News