How often, and under what circumstances, do Canadian telecommunications companies willingly hand subscriber information to government agencies? What about for cases where they are legally compelled? And what constitutes subscriber information anyhow?
These aren’t hard questions. But good luck getting answers. The government doesn’t seem interested in answering them and our cellphone providers say they can’t. Neither will tell us why.
Recently, a post-doctoral fellow at the University of Toronto’s Citizen Lab published responses from 10 of 16 Canadian telecommunications companies who were asked in January to clarify “the extent to which they voluntarily, and under compulsion, disclose information about their subscribers to state agencies, as well as for information about business practices and data retention periods.”
Information might include a cellphone’s location, call detail records, text message contents, cellular tower logs, internet activity, voicemail data, real-time interception or wiretaps, and transmission metadata.
The companies that responded to Citizen Labber Christopher Parsons included Bell, Rogers, Shaw, Telus, Videotron, Cogeco, Eastlink, MTS Allstream and Distributel, with the general sentiment that the privacy of their customers is of great concern. But their responses were short on details, instead citing vagaries about legal restrictions and national security, and in some cases shifting the onus on transparency to the government instead.
According to David Fraser, a Canadian privacy lawyer and partner with the firm of McInnes Cooper, “They’re able to provide a whole lot more information than they actually are.”
Canadians have been asking these questions since the metadata collection practices of the Communications Security Establishment Canada (CSEC), a branch of the Department of National Defence, were first revealed in The Globe and Mail last year. Nine months later, we’re still not sure what the government has requested, nor in what way telecommunications companies have complied.
“They don’t actually say clearly and definitively what law ... would prohibit disclosure,” Mr. Parsons said in an interview.
“If it turned out that many of the responses were legally prevented ... then Canadian researchers would know that’s pretty substantive, because it would indicate there’s very real and significant gags that block the kind of disclosure we see in the U.S. and in global telecommunications companies with transparency reports.”
Last year former Privacy Commissioner Jennifer Stoddart wrote that her department currently has “no way of knowing for certain the number, scale, frequency of, or reasons for, such disclosures, although we understand that they are substantial.”
In the U.S., however, telecommunication giants such as Verizon and AT&T have started to release transparency reports that list the breadth and depth of government agency requests in more detail – and according to Mr. Fraser, similar statical reports on disclosure should, at the very least, also be possible here.
Only Telus wrote in its response to Citizen Lab questions that the company would “request the Government to clarify and limit the scope of current confidentiality requirements and to consider measures to facilitate greater transparency.” Telus has, in the past, challenged court orders that it believes have overreached.
Movement in parliament, meanwhile, has been glacial at best. On January 28, Interim Privacy Commissioner of Canada Chantal Bernier’s office tabled a special report to parliament addressing this and other issues. Recommendations for improvements include changes to the review and reporting structures of Canada’s intelligence agencies, reforms of the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA), and strengthening accountability.
“We noted that, while secrecy is a necessity within intelligence activities, so is accountability within a democracy,” wrote Scott Hutchinson, a spokesperson for the Commissioner’s office, in an e-mail.
NDP Member of Parliament Charmaine Borg also submitted a wide-ranging list of questions to Parliament around the same time, similar to the ones mailed by Mr. Parsons. A recent Industry Canada report noted that “modernizing the privacy regime to better protect consumer privacy online” would be a priority for the 2014-2015 year.
“I think there is a recognition that Canada has really become one of the worst if not *the* worst [countries for] federal level disclosure of how often these interceptions take place,” Mr. Parsons said.
“If the government was providing this information then nobody would have to go knocking on the doors of the telcos,” Mr. Fraser added, calling the government’s approach to transparency in this case “appalling.” But, he noted, there’s no reason telecommunications companies can’t step up and disclose details on requests too.
“They really look bad in contrast to these American companies that are doing it.”
There may not even be a legal reason for their reluctance, suggested Mr. Fraser. It might just be better for business. If the way carriers handled requests made public, it could reveal business practices to competitors. Or subscribers might start taking privacy into account when choosing a cellular or internet service provider.
And he’s probably right. When Verizon threatened entry into the Canadian market, surveillance and privacy became a checkbox in attacks by incumbent carriers – just another feature alongside carrying the iPhone, or offering LTE. But now the tables have turned.
If you had a choice between a service provider that was more forthcoming with your data, and one who wasn’t, who would you choose? Not every user will care, of course, and not every user can afford to. But both the government and carriers at least owe Canadians the information needed to make that choice.