As Washington climbs down this week from a spying program of enormous scale, critics in Canada are questioning why Ottawa is seeking increased access to similar material. The state’s collection of what is known as “metadata” – and the specific laws governing how federal agencies compel its release – is now an issue on both sides of the border.
Understood to mean telephone logs, Internet trails or geolocation information, metadata is the revealing material that surrounds electronic conversations, though it does not reveal their contents. Government agencies say collecting call records is far less invasive than actual eavesdropping – but privacy advocates counter that collecting volumes of this metadata can be far more revealing than any overheard words.
In the years following the Sept. 11, 2001, attacks, Washington developed what it called its “Section 215 bulk telephony metadata program.” For years, U.S. government agents swayed secret intelligence courts to force phone companies to pass along American citizens’ call records, material that was never inherently suspicious but which could be mined for intelligence leads.
The program exploded into controversy after being revealed last year by National Security Agency leaker Edward Snowden, and became a political liability. “The government should not collect or hold this material in bulk,” U.S. President Barack Obama said in a statement Thursday, as he formally announced plans to place such records out of the U.S. government’s direct reach and put them back into the custody of phone companies for safekeeping.
Court orders would be required for U.S. agents to query specific phone numbers for leads, Mr. Obama said.
No Canadian government agency is known to engage in such sweeping U.S.-style “bulk” collection of citizens records – indeed there is no known legal mechanism by which such collection could take place in Canada.
Yet this week, an opposition MP forced the release of a significant disclosure: The Canada Border Services Agency made 19,000 requests for customer information to telecommunications companies in the span of a single year.
This high number and the fact that other investigative agencies are refusing to disclose their own practices – most say they don’t keep track – are raising questions about the scope of such requests in Canada.
“Would the government tell us how many of its departments are being asked to spy on law-abiding Canadians without obtaining a warrant?” NDP MP Randall Garrison asked in the House of Commons on Wednesday. He pressed the government to answer questions about “access to individual customer data from cellphone companies.”
Yet, handovers from telecom companies to the government are only poised to grow in coming years.
Privacy critics say that Bill C-13, the so-called cyberbullying law now before Parliament, is set to lower the legal thresholds. This means that government agents will likely sway judges to sign off on more orders forcing telecom companies to release “transmission data” or “tracking data” – metadata by another name.
While the Conservative government says the law is a solution to online crime, critics say it is just the latest attempt by the government to get better access to communications databases. The bill contains a troubling clause that Canadian companies will “not incur any criminal or civil liability” for voluntarily handing over material to government authorities.
Privacy experts are alarmed by the seeming blanket protection from lawsuits and prosecutions.
“We know now from all the discussion south of the border – this data can be every bit as revealing as the contents of the communications,” said Lisa Austin, a University of Toronto law professor.
She added that she knows of only one other government that shielded its telecom firms in a similar way – the United States, where, in 2008, lawmakers voted to give corporations immunity after their complicity in “warrantless wiretapping” programs was exposed. But Canadian officials say much is being conflated – different kinds of legal protections safeguard different kinds of communications records.
Consider what was sought by the federal border guards: 99 per cent of the 19,000 requested records were “basic subscriber information.” Legally, no warrants are needed for telecoms to make such disclosures, which amount to who controls what phone number.
As for Bill C-13, Justice Canada says the proposed legal shield against liability offers nothing new. “This protection already existed under the jurisprudence,” said spokeswoman Carole Saindon in an e-mail responding to Globe questions. She added that the “language in the bill is not a substantive change.”
Privacy advocates are not reassured by any of this.
The “unaccountability is absolutely unacceptable,” blogged Chris Parsons, a researcher for the University of Toronto Citizen Lab on Thursday. “And it’s made worse by the fact that the currently proposed lawful-access legislation, C–13, would indemnify [Internet Service Providers] for sharing even more information with state authorities while not requiring these authorities to report on how often, and to what extent, they ‘request’ such information.”