Government and law enforcement warrantless requests for telecom and Internet subscriber information have emerged as a major concern in recent months with revelations of tens of thousands of requests annually. The Supreme Court of Canada examined the issue in June, issuing the landmark Spencer decision that confirmed there is a reasonable expectation of privacy in subscriber data and raising serious doubts about the constitutionality of voluntary disclosures that occur without court oversight.
While major telecom companies such as Rogers and Telus have adjusted their policies in response to the decision, newly released documents reveal that the government's approach to subscriber information requests remains wildly inconsistent.
The documents, obtained through a parliamentary request by Liberal Member of Parliament Irwin Cotler, paint a disturbing picture: massive numbers of requests often with little or no record keeping, evidence to suggest that the disclosures frequently do not lead to charges, requests that extend far beyond telecom providers to include online dating and children's sites, and inconsistent application of the Supreme Court's Spencer decision. Departments such as CSIS and CSEC unsurprisingly declined to provide much information, but several other departments were more forthcoming. For example, the Department of Justice provided data on requests arising from its International Assistance Group, which submits requests on behalf of foreign states.
In 2013, there were more than 100 requests for subscriber information. Perhaps most interesting is the wide variety of providers and websites that have faced requests. In addition to the large telecom companies, there have been requests to Plenty of Fish (an online dating site), Club Penguin (a children's game site), Kik (an online messaging service), Yahoo.ca, and Contact Privacy (a domain name registrant privacy service). The Department of Defence was unable to provide specific information, but acknowledged that there may be thousands of requests. Most notably, it indicated that it has changed its policy on subscriber requests in light of the Spencer decision since it will now seek judicial authorization for all requests.
No worries, says Harper government
That position is at odds with Public Safety Canada, which said that "the Government of Canada is still examining this decision." Indeed, it downplayed the privacy importance of subscriber information, arguing that it "is akin to speaking to witnesses at the scene of the crime."
Public Safety also boasted that "subscriber information is useful in 100 per cent of the cases in which it is requested." That is clearly not the case in many other departments, however.
For example, Environment Canada lodged over 400 requests for subscriber information in 2012, leading to disclosures involving hundreds of people. Not a single person was charged with an offence under Canadian law. Similarly, the Competition Bureau has made nearly 100 requests for subscriber information over the past five years. The Bureau acknowledged that it does not seek a warrant for basic subscriber information. It also stated that "in no case did the disclosure of data lead to action or proceedings being commenced by the Bureau." Record keeping of subscriber requests is also non-existent in some departments. For example, the Department of Fisheries indicated that it requests subscriber information, frequently to identify the registered owner of a seized cellphone. The department does not track the number requests, to whom the requests are made, or if the information leads to any charges. The overall picture painted by the data shows remarkable inconsistency by government departments and agencies in when they ask for subscriber information, whether they seek a warrant, the records that they keep about requests, and the effectiveness of policies themselves.
Given the privacy importance of subscriber data, the privacy commissioner of Canada should consider launching a detailed audit on department practices with the goal of establishing consistent policies that better respect the privacy rights of all Canadians.
Original Article
Source: thetyee.ca/
Author: Michael Geist
While major telecom companies such as Rogers and Telus have adjusted their policies in response to the decision, newly released documents reveal that the government's approach to subscriber information requests remains wildly inconsistent.
The documents, obtained through a parliamentary request by Liberal Member of Parliament Irwin Cotler, paint a disturbing picture: massive numbers of requests often with little or no record keeping, evidence to suggest that the disclosures frequently do not lead to charges, requests that extend far beyond telecom providers to include online dating and children's sites, and inconsistent application of the Supreme Court's Spencer decision. Departments such as CSIS and CSEC unsurprisingly declined to provide much information, but several other departments were more forthcoming. For example, the Department of Justice provided data on requests arising from its International Assistance Group, which submits requests on behalf of foreign states.
In 2013, there were more than 100 requests for subscriber information. Perhaps most interesting is the wide variety of providers and websites that have faced requests. In addition to the large telecom companies, there have been requests to Plenty of Fish (an online dating site), Club Penguin (a children's game site), Kik (an online messaging service), Yahoo.ca, and Contact Privacy (a domain name registrant privacy service). The Department of Defence was unable to provide specific information, but acknowledged that there may be thousands of requests. Most notably, it indicated that it has changed its policy on subscriber requests in light of the Spencer decision since it will now seek judicial authorization for all requests.
No worries, says Harper government
That position is at odds with Public Safety Canada, which said that "the Government of Canada is still examining this decision." Indeed, it downplayed the privacy importance of subscriber information, arguing that it "is akin to speaking to witnesses at the scene of the crime."
Public Safety also boasted that "subscriber information is useful in 100 per cent of the cases in which it is requested." That is clearly not the case in many other departments, however.
For example, Environment Canada lodged over 400 requests for subscriber information in 2012, leading to disclosures involving hundreds of people. Not a single person was charged with an offence under Canadian law. Similarly, the Competition Bureau has made nearly 100 requests for subscriber information over the past five years. The Bureau acknowledged that it does not seek a warrant for basic subscriber information. It also stated that "in no case did the disclosure of data lead to action or proceedings being commenced by the Bureau." Record keeping of subscriber requests is also non-existent in some departments. For example, the Department of Fisheries indicated that it requests subscriber information, frequently to identify the registered owner of a seized cellphone. The department does not track the number requests, to whom the requests are made, or if the information leads to any charges. The overall picture painted by the data shows remarkable inconsistency by government departments and agencies in when they ask for subscriber information, whether they seek a warrant, the records that they keep about requests, and the effectiveness of policies themselves.
Given the privacy importance of subscriber data, the privacy commissioner of Canada should consider launching a detailed audit on department practices with the goal of establishing consistent policies that better respect the privacy rights of all Canadians.
Original Article
Source: thetyee.ca/
Author: Michael Geist
No comments:
Post a Comment