Ron Deibert, director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs at the University of Toronto, spoke about cyber security and privacy issues at the Canadian Telecom Summit in Toronto Monday. The Globe’s telecom reporter Christine Dobby spoke with him about recent issues related to the privacy of telecommunications customers’ personal information.
Q. The Supreme Court of Canada ruled Friday that Canadians have a right to privacy with IP addresses and other online data. What’s important about the decision and do you think the federal government will consider amending two bills – C-13 and S-4 – that would expand the sharing of private information as a result?
A. The basic point that warrant-less access to user data is unconstitutional is the most important point. But it’s part of a broader picture and the case also provided some detail on exactly what it is we’re talking about when it comes to the extraordinarily rich information that’s shared with telecommunications companies and ISPs [Internet service providers].
It’s hard to say what will happen [to the bills] in the context of a majority government. Obviously this is legislation that they’ve been pushing in various guises for some time. Part of the reason I’m interested in this is I worry about the precedent we’re setting here. As it stands now, the vast majority of Internet users are not coming from Canada or the United States, they’re coming from countries that are either authoritarian or sliding back into authoritarianism. If we don’t get it right here, we have no basis to criticize what’s going on abroad. I’m not saying there’s evidence of corruption or abuse of power in terms of how we appropriate data or what security agencies are doing here. The important point is we have no way of saying whether there is or not.
Q. TekSavvy Solutions Inc. and Rogers Communications Inc. recently released reports disclosing the number of requests they receive from law enforcement and other authorities related to their users’ information. Why do you think there has been a reluctance for telecommunications companies to do so in the past?
A. I think there is a cultural issue. I’m not saying this in a conspiratorial sense, but the nature of the institutions and their history is such that telecommunications companies have had really close relationships with the government that regulates them and also the security agencies.
Telecommunications companies obviously are reluctant to change that because they want to get along with the government and it’s comfortable for them to be in a situation where there aren’t legal liabilities for turning over information. But, 10 or 20 years ago, the subscriber information law enforcement routinely requested was not as powerful as it is now. The companies are custodians over an extraordinary amount of data that is highly revealing, not just of who my friends are and where I send e-mail, but even in some cases my most intimate thoughts. That is a scary prospect and we need to hold them to a far higher standard than just doing the bare minimum or casually going along with whatever is the routine practice.
Q. On Monday, the Citizen Lab along with the Digital Stewardship Initiative and Openmedia.ca released a web application that makes it easy for consumers to ask their telecom providers directly what personal information has been shared. Rogers has said customer pressure helped inform their decision to release the report.
A. Yes and that’s why we’re releasing this tool today [Monday]. The point is not to irritate [the telecom companies], although it will, but then you see the outcome is something like Rogers’ transparency report.
It’s not the most revealing – you could criticize it for saying very little – but it’s the first formal transparency report [in Canada]. If I were a company like Bell, I would start thinking through how I’m going to respond to this.
Q. U.K.-based global carrier Vodafone Group plc also published a transparency report two weeks ago that indicated it is being forced to help some foreign states eavesdrop on their own citizens. You called on BlackBerry Ltd. to release a report of its own today – why?
A. Going back to 2010 we started hearing about demands certain governments were making on BlackBerry to share their data.
Blackberry was adamant that they had no way to make special deals or to give access to their encrypted data streams. Yet they still operate in countries that are among the most notorious abusers of human rights. At the very least BlackBerry needs to stand up and issue a transparency report. They could follow the lead of Vodafone, because that is a company that operates in many emerging markets where there are these huge question marks around human rights.
Telecommunications companies have extraordinary leverage. If they all stood up like Vodafone did and said, “This is what’s happening, this is unacceptable in our opinion,” governments wouldn’t be able to get away with it.
This interview has been edited and condensed.