In a year in which privacy issues have captured near weekly headlines, one concern stands out: warrantless access to Internet and telecom subscriber information. From revelations that telecom companies receive over a million requests each year to the Supreme Court of Canada’s landmark decision affirming that there is a reasonable expectation of privacy in subscriber information, longstanding law enforcement and telecom company practices have been placed under the microscope for the first time.
Last week, the Privacy Commissioner of Canada released a report that shed further light on the law enforcement side of warrantless disclosure requests, raising disturbing questions about the lack of record keeping and politically motivated efforts to drum up data on the issue.
My weekly technology law column (Toronto Star version, homepage version) notes that the Office of the Privacy Commissioner of Canada notified the Royal Canadian Mounted Police last October that it was planning to conduct preliminary investigative work on the collection of warrantless subscriber information from telecom companies. The plan was to assess RCMP policies and to determine the frequency and justification for warrantless requests.
Read more ›
Two shocking terror attacks on Canadian soil, one striking at the very heart of the Canadian parliament buildings and both leaving behind dead soldiers. Office buildings, shopping centres, and classrooms placed under lockdown for hours with many confronting violence first hand that is rarely associated with Canada.
Last week’s terror events will leave many searching for answers and seeking assurances from political and security leaders that they will take steps to prevent it from happening again. There will be an obvious temptation to look to the law to “fix” the issue, and if the past is a guide, stronger anti-terror legislation and warnings that Canadians may need to surrender more of their privacy and civil liberties in the name of greater security will soon follow.
My weekly technology law column (Toronto Star version, homepage version) notes that if there are legal solutions that would help foster better security, they should unquestionably be considered. Yet Canada should proceed with caution and recognize that past experience suggests that the unintended consequences that may arise from poorly analyzed legislation may do more harm than good.
Read more ›
In the aftermath of the Supreme Court of Canada’s Spencer decision, I argued that the decision upholding the reasonable expectation of privacy in subscriber information contradicted the government’s claims supporting Bills C-13 and S-4, leaving the government’s lawful access strategy in tatters. I noted that it faced a choice:
The Canadian government could adopt the “bury our heads in the sand approach” by leaving the provision unchanged, knowing that it will be unused or subject to challenge. That would run counter to the spirit of the Supreme Court ruling, however, and do nothing to assist law enforcement.
Yesterday, the government did just that, as Bill C-13 passed another legislative hurdle with the reported committee version of the bill was approved by the House. During the debate, the government insisted that the legislation is consistent with the Spencer decision. While it is true that the voluntary warrantless disclosure provision does not directly contradict the Spencer decision, the reality is that it has been rendered largely moot. In other words, the government is touting a legislative solution to assist law enforcement that the police will not use and that telecom companies will ignore.
Read more ›
In the aftermath of the Supreme Court of Canada’s Spencer decision, several leading Canadian ISPs have publicly announced that they have changed their practices on the disclosure of subscriber information (including basic subscriber information such as name and address) to law enforcement. For example, Rogers announced that it will now require a warrant or court order prior to disclosing information to law enforcement except in emergency situations. Telus advised that it has adopted a similar practice and TekSavvy indicated that that has long been its approach. SaskTel says that it will release name, address, and phone number.
Unlike its competitors, Bell has remained largely silent in recent weeks. In media reports, the company says little more than that it follows the law. In fact, the Toronto Star’s Alex Boutilier tweets that the company is now declining to respond to journalist inquiries about the issue. In the past, the company was a clear supporter of disclosing “pre-warrant” information in some circumstances to law enforcement. As detailed in this Canadian Bar Association article:
Read more ›
Canadian Internet and telecom providers have, for many years, disclosed basic subscriber information, including identifiers such as name, address, and IP address, to law enforcement without a warrant. The government has not only supported the practice, but actively encouraged it with legislative proposals designed to grant full civil and criminal immunity for voluntary disclosures of personal information.
Last month, the Supreme Court of Canada struck a blow against warrantless disclosure of subscriber information, ruling that there is a reasonable expectation of privacy in that information and that voluntary disclosures therefore amount to illegal searches.
My weekly technology law column (Toronto Star version, homepage version) notes the decision left little doubt that Internet and telecom providers would need to change their disclosure policies. Last week, Rogers, the country’s largest cable provider, publicly altered its procedures for responding to law enforcement requests by announcing that it will now require a court order or warrant for the disclosure of basic subscriber information to law enforcement in all instances except for life threatening emergencies (warrantless disclosures may still occur where legislation provides the lawful authority to do so). Telus advised that it has adopted a similar approach.
Read more ›