Nearly 19,000 times in a single year, Canada’s border guards approached telecommunications companies and requested information about customers that was almost always handed over without leaving any public paper trails.
Statistics about such government-corporate transactions, which often sit in a legal grey area and can be based more on mutual agreement than law, are almost never divulged by federal agencies.
Yet the Canada Border Service Agency has broken rank, stating in a document released by the federal government that 99.4 per cent of the time the agency is after only “basic subscriber information” (BSI). Such records reveal who controls which cellphone or which Internet account – information that is not necessarily public, but not so private as to require a warrant to obtain.
Such off-the-books disclosures raise privacy concerns, yet Canada’s phone and Internet companies appear to have grown used to handling massive volumes of requests. The border agency says that in 2012, only 25 of its 19,000 requests were refused by the telecoms, and only 13 customers were notified that the government had sought their records. Aspects of the handovers seem to happen automatically – with the telecoms typically charging only $1 to $3 for a “BSI” request and the answers usually coming back within three business days.
Every other federal investigative agency says it cannot or will not publicly provide such precise details of their relationships with the telecoms.
All of this is according to a federal package of materials released this week, two months after NDP MP Charmaine Borg stood up in the House of Commons to demand that federal agencies to disclose statistics about their dealings with telecoms.
Globally, concerns about such exchanges are at an all-time high. U.S. President Barack Obama announced this week he would rein in a once-secret program that gave U.S. intelligence agents direct access to Americans’ phone records.
In the coming weeks, Parliament will be asked to pass Bill C-13, branded a “cyberbullying” law by the Conservatives, which would formalize handovers from telecoms to the government – and would protect companies from any lawsuits and criminal charges that might result from handing over too much.
In this context, the CBSA disclosure is important and unprecedented, say digital privacy experts, who argue that the agency’s numbers suggest many more exchanges are occurring between the telecoms and other government agencies as well.
“It makes me wonder what other structures and costs are in place,” said Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab. He pointed out that the Mounties and Canada’s intelligence agencies failed to release data.
Canada’s border guards work to track down illegal immigrants and contraband goods, and keep terrorism suspects from boarding vessels travelling in and out of the country. The CBSA disclosed that it made 18,849 requests to telecoms in 2012 – 18,729 of which were for basic subscriber information, or BSIs.
In its response, the agency points out it can compel such information under ministerial – not judicial – authority, granted to it under the Customs Act, and that corporate “terms and conditions” further facilitate such handovers. On rarer occasions in 2012, the CBSA did resort to judicial warrants to compel the release of telecommunications – including cell tower logs (128 times); call records (118); transmission data (113); geolocation data (63); and Internet traffic (78).
The CBSA said it filed no requests to telcos for “real-time” intercepts, eavesdropping that would track people’s movements and conversations.
In response to Globe questions, Canadian telcos e-mailed statements saying they hand over communications records to the government when are compelled to do so, but they would not elaborate on whether they consider BSIs as records per se.
“We would provide law enforcement or other government agencies access to customer information only with a lawful order and as part of an ongoing investigation,” said Mark Langton, a spokesman for Bell.
“Telus will challenge any request for confidential customer information that we believe over-reaches,” said Shawn Hall a spokesman for Telus.