Lisa Austin is an associate professor at the University of Toronto Faculty of Law; Andrea Slane is associate professor and director, Legal Studies Program, University of Ontario Institute of Technology.
Police and other government authorities apparently request customer information from Canadian telecommunications providers every 27 seconds, and most of the time the companies comply. In order to quell customer outcry, Bell stepped in to offer an important clarification. According to CBC news, Bell Canada claims that it only provides 411-style information to authorities in response to a warrantless request for customer information. What a relief.
Except that if all the authorities were doing is a reverse number look-up, wouldn't they just use Canada411.ca like the rest of us?
The police and our security agencies are clearly gaining warrantless access to customer information that allows them to identify us and our activities online and probably more. We know from the CSEC airport wifi disclosures that some types of basic "metadata" can be used to track people's movements as well.
The big question is, how can this be legal in Canada? How does such widespread sharing of customer information comport with our right to a reasonable expectation of privacy, constitutionally protected from government intrusion? A major "loophole" that appears to legally allow this warrantless sharing to occur relies on the language of subscriber agreements.
The way it works is this. If we have a reasonable expectation of privacy in our customer information, then the state needs a warrant to gain access to it – even if the telecom is willing to voluntarily provide it. However, when the courts have addressed this issue they have been heavily influenced by the fact that service provider agreements very often include clauses that inform customers that the providers will in fact share information with authorities when requested to do so. Many courts have held that this advance notice undermines a customer's reasonable expectation of privacy. And if there is no reasonable expectation of privacy, no warrant is required.
That's right. Our telecoms can put broad language into a standard form contract, language that is not negotiable and most people never read, that diminishes the reasonable expectation of privacy consumers enjoy vis-à-vis the state. We can click "I agree" and thereby click away our constitutional privacy rights. Whatever role we think our telecoms should play in the 21st century, contracting out of the constitution should not be part of it.
Acting Privacy Commissioner Chantal Bernier is correct that we need more transparency in relation to the extent to which our telecoms co-operate with the state. But real accountability requires more than this. It requires legal standards that offer protection. It requires limits on how much of our privacy rights can be taken away by the one-sided, non-negotiated actions of companies we rely on for essential services.
The warrantless access question is currently before the Supreme Court of Canada in a case called R v Spencer. Let's hope that they pause at least every 27 seconds and think about what's at stake.