Come back with a warrant by Rosalyn Davis (CC BY-NC-SA 2.0) https://flic.kr/p/aoPzWb

Lawful Access

Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Why Internet Privacy Should be a Key Election Issue

Canada’s controversial anti-terrorism bill, Bill C-51, has emerged as a key talking point in the current election campaign. Pointing to its big implications for privacy and surveillance, the NDP sees political opportunity by emphasizing its opposition to the bill, while the Liberals have been forced to defend their decision to support it (but call for amendments if elected). The Conservatives unsurprisingly view the bill as evidence of their commitment to national security and have even floated the possibility of additional anti-terror measures.

While Bill C-51 now represents a legislative shorthand for the parties positions on privacy and surveillance, a potentially bigger privacy issue merits closer attention.

My weekly technology law column (Toronto Star version, homepage version) notes that last year, the government concluded more than a decade of debate over “lawful access” legislation by enacting a bill that provided new law enforcement powers for access to Internet and telecom data. The bill came just as reports revealed that telecom providers faced more than a million requests for such information each year and the Supreme Court of Canada issued its landmark Spencer decision, which ruled that Canadians have a reasonable expectation of privacy in their basic subscriber information, including name, address, and IP address.

September 18, 2015 — 4 comments — Columns

You Are Under Surveillance by Matt Katzenberger (CC BY-NC-SA 2.0) https://flic.kr/p/6JBjhQ

Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks

After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.

While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.

The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.

My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill. Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.

December 15, 2014 — 20 comments — Columns

bc-amanda-todd10nw1 at https://amandatoddlegacy.files.wordpress.com/2013/10/bc-amanda-todd10nw1.jpg

Carol Todd on Bill C-13: “What Happened to Democracy?”

The Senate Committee on Justice and Human Rights continues its study later today on Bill C-13, the cyber-bullying/lawful access bill that has already passed the House of Commons and seems certain to clear the Senate shortly. I appeared before the committee last week, but one person who will not appear is Carol Todd, the mother of cyber-bullying victim Amanda Todd. Ms. Todd wrote to me yesterday to express her dismay at the committee process with Conservative Senators mischaracterizing her views and the committee declining to offer her an invitation to appear, likely due to her criticisms of the privacy-related provisions in the bill.

Ms. Todd did appear before the House of Commons committee studying Bill C-13, telling Members of Parliament:

November 26, 2014 — 10 comments — News

analog sphere of privacy by Jason Tester Guerrilla Futures (CC BY-ND 2.0) https://flic.kr/p/8Hq5GM

The Spencer Effect: No More Warrantless Access to Subscriber Info With Five Minutes of Police Work

The Canadian Press reports that the RCMP has abandoned some Internet-related investigations because it is unable to obtain warrantless access to subscriber information. The article is based on an internal memo expressing concern with the additional work needed to apply for a warrant in order to obtain access to subscriber information. The changes have arisen due to the Supreme Court of Canada’s Spencer decision, which held that there is a reasonable expectation of privacy in subscriber information. As a result, it is believed that most telecom and Internet providers have rightly stopped voluntary disclosures without a warrant (some have still not publicly stated their disclosure practices).

The article notes how easily subscriber information was disclosed prior to Spencer:

Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day. The agencies say that following the Supreme Court ruling about 10 hours are needed to complete the 10-to-20 pages of documentation for a request, and an answer can take up to 30 days.

The troubling aspect of the story is not that some investigations are being curtailed because law enforcement is now following due process and that telecom providers are requiring a warrant before disclosing subscriber information. It is that for millions of requests prior to Spencer, it took nothing more than five minutes to fill out a form with the information voluntarily released without court oversight and without notifying the affected subscriber.

November 21, 2014 — 8 comments — News

Senate Chamber HDR by Intiaz Rahim (CC BY-NC-ND 2.0) https://flic.kr/p/5LhGZg

Choosing Between Privacy and Cyberbullying: My Appearance on Bill C-13 Before the Senate Legal and Constitutional Affairs Committee

Yesterday I appeared before the Senate Committee on Legal and Constitutional Affairs, which is studying Bill C-13, the lawful access/cyberbullying bill. The full transcript of the spirited discussion is not yet available, but my opening statement is posted below.

Appearance before the Senate Standing Committee on Legal and Constitutional Affairs, November 19, 2014

Good afternoon. My name is Michael Geist. I am a law professor at the University of Ottawa, where I hold the Canada Research Chair in Internet and E-commerce Law. I appear today in a personal capacity representing only my own views.

Given the limited time, I’m going to confine my remarks to three privacy-related issues: immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.

November 20, 2014 — 5 comments — Committees, News