Colin FreezePeter Power/The Globe and Mail
Federal spy agencies are, like police, "obviously going to have to get a lot more production orders than they did in the past," one of Canada's Big Three communications companies says.
And while Ottawa's agents had been getting warrantless access to some corporately held records, "we have not opened up our metadata to the government as apparently has happened in the U.S."
Rogers Communications' vice-president of regulatory affairs, Ken Engelhart, made these and other remarks about his company's relationships with federal intelligence-agencies, as he spoke to The Globe's Christine Dobby about corporate transparency in an interview this week.
Such remarks, not published until now, are important because they yield some insights into a largely hidden relationship between intelligence agencies and communications corporations.
But even as Rogers is now publicizing its bona fides as a telecom company that acts more openly than most, it is privately admitting to customers that it can face federal gag orders.
"We are unable to confirm with a customer when their information has been disclosed to a government institution… where that institution has refused to allow Rogers to disclose that information," reads one such July 10 letter obtained by The Globe and Mail from privacy researcher Christopher Parsons, of University of Toronto's Citizen Lab.
The "no production order, no name and address" policy announced this week by Rogers speaks to one flashpoint.
Records about who controls which Internet protocol (IP) address are increasingly invaluable not just for Canadian police, but also for intelligence analysts, tax authorities and border guards. That's because these investigators increasingly gravitate toward studying how communications traffic (or metadata) moves.
The problem is, there are no White Pages or reverse directories for the Internet, where IP "customer name and address" information is rarely disclosed. Squaring the IP numbers with actual people can usually only be done by the companies who bill customers for usage.
Until recently in Canada, handovers of IP customer information from corporations to government was felt to be so minimally invasive that no order from a judge was required.
But the Supreme Court put the brakes on this spring by ruling that such transactions are likely unlawful, unless a judge first authorizes them. Canadian authorities are being forced to now get a production order if they want such data from Rogers or anyone else.
The ruling is at odds with a new bill. The Conservative government is trying to encourage a climate of greater sharing between government agents and telecommunications corporations through C-13. This legislation would shield firms and their employees from any lawsuits, or even criminal prosecutions, that could arise from their handing over too much customer data.
In The Globe interview, Rogers' Mr. Engelhart says that whether C-13 passes or not, barring emergency circumstances, his company needs to see a judge's signature or "any other binding legal document" if government agents come calling for information.
"A lot of people thought that that provision [in C-13] was going to change how we behave but it really doesn't," Mr. Engelhart said in The Globe interview. "We gave out the name and address requests before because we thought it was the right thing to do. Now in response to our customers' comments and in response to the Supreme Court decisions, we've decided it's not the right thing to do."
In the big picture, laws such as C-13 are not unique. This week, Britain's government invoked emergency powers to rush a controversial bill through Parliament, saying that the U.K. urgently needs to shore up its powers to compel corporations to preserve records – and yield them, under the right circumstances, to government agents.
Materials released in support of the U.K. bill say that past access to such corporate data has allowed British police to jail relatively more pedophiles than more privacy-tilted countries, such as Germany. And that the spy agencies known as MI5, MI6 and GCHQ need such access to prevent terrorist attacks.
Yet a group of U.K. academics is denouncing the law as draconian, as is one notable figure who has been exposing alarming government spying – the former U.S. security contractor Edward Snowden, who last year leaked a trove of top secret documents that revealed how U.S. intelligence agencies had been secretly getting U.S. judges to compel phone companies to hand over customer call records in bulk.
Could this happen in Canada?
The country has two primary intelligence agencies. The Canadian Security Intelligence Service, whose powers parallel police powers in many respects, works mostly within Canada. Its officers' operations – including any bugging or hacking – must first be approved by Federal Court judges, who can compel telecommunications companies to release records to CSIS.
These days, CSIS closely partners with another agency, Communications Security Establishment Canada. CSEC is the Ottawa equivalent of the U.S. National Security Agency, and an agency that has been amassing volumes of logged communications and metadata.
What's different about CSEC is that its employees never go to court – instead they work under secret authorizations from the Minister of National Defence to grab at mostly at foreigners' data. Traditionally this work was done out of embassies or by tapping undersea cables, until the Internet forced a reconsideration of the tradecraft starting more than a decade ago.
Now some Canadian judges – including Federal Court judge Richard Mosley, and the late retired Supreme Court Judge Charles Gonthier – have authored cryptic but critical findings about CSIS and CSEC for working too closely together. The charge has been that at times the two agencies have been blurring their mandates, and invoking each others' authorities to leap over organizational walls,and grab at communications they weren't themselves lawfully entitled to have.
Such criticisms raise intriguing possibilities. If Canada's two intelligence agencies are merging in some respects, could they be consolidating data too? Not just for particular investigations, as the law explicitly permits, but on an ongoing basis? And what if the CSIS warrant powers for domestic communications records were somehow being used to round out CSEC's burgeoning databases (as U.S. intelligence agencies were revealed to have been doing by Mr. Snowden)?
For its part, Rogers says that U.S.-style intelligence access couldn't happen in Canada. "These stories in the press – that because the government in the States asked the phone companies for a whole bunch of metadata and stuff … this is not something that we've done," Mr. Engelhart said in The Globe interview.
Pressed whether Rogers would consider any intelligence-agency investigations occurring under ministerial authority to be akin to a production order, he replied "when I say production order – any warrant, order or any other binding legal document … if the legal department here tells us, 'This is law and you have to do it, then we do it.'"
Colin Freeze reports on national security and Christine Dobby reports on telecom.
Colin Freeze