When wireless companies apply this week to bid on newly available public airwaves, they will also be committing – again – to an unpublicized accord that governs how they will help police and intelligence agencies monitor suspects.
For nearly two decades, Ottawa officials have told telecommunications companies that one of the conditions of obtaining a licence to use wireless spectrum is to provide government with the capability to monitor the devices that use the spectrum. The Sept. 17 kickoff of the auction-countdown process will underscore that commitment, made out of sight of most Canadians because it is deemed too sensitive by the government.
Documents show that court-approved surveillance in Canada is governed by 23 specific technical surveillance standards known as the Solicitor General's Enforcement Standards (SGES).
Any firm taking part in a wireless auction can obtain a copy, but the contents are not available to the general public.
But The Globe and Mail has obtained past and current versions of the accord, which governs the way that mobile-phone companies help police pursue suspects by monitoring telecommunications – including eavesdropping, reading SMS texts, pinpointing users' whereabouts, and even unscrambling some encrypted communications.
Wireless carriers are told they must be ready to hand over such data should police or intelligence agencies compel the release of the information through judicially authorized warrants. Such information goes well beyond traditional wiretaps, and also includes phone logs and keystrokes.
Police and intelligence officials say the surveillance is crucial, given that it can help them gather evidence, make arrests and locate missing persons.
Canadian carriers say they support the need to supply surveillance information. "Telus fully supports law enforcement's need to carry out interception of communications with a properly executed court warrant," said company spokesman Shawn Hall, before adding that Telus "will challenge court orders we think overreach."
Mark Langton, a spokesman for BCE Inc., also said his company only provides police access to its systems if it sees a court-approved warrant. "The standards are public and are a requirement for a wireless licence – they would for example be made available to anyone taking part in a spectrum auction," he said.
While the SGES accord is a linchpin of today's lawful surveillance in Canada, it is hardly known to anyone, outside of government and industry circles. "This document contains sensitive content and is not publicly available," said Jean-Paul Duval, a Public Safety Canada spokesman, in an e-mail declining an interview. (This federal department, which oversees the SGES accord through its National Security Technology Division, succeeded the old Solicitor-General's ministry.)
Recent leaks have revealed just how much U.S. security agencies, working hand in hand with U.S. corporations, are monitoring global telecommunications.
Practices are different in Canada, where the SGES accord spells out how corporations can lawfully help police target individuals. Still, federal privacy officials say they are concerned by the lack of transparency surrounding the accord.
"We would suggest that a piece that governs the behaviour of telecom providers licensed to operate in Canada ought to be available for public discussion by parliamentarians, academics and security researchers," said Scott Hutchinson, a spokesman for the Privacy Commissioner of Canada.
"Real-time, full-time" eavesdropping on conversations is just one of the capabilities sought by police, according to the standards. Authorities also want records of call logs, texts, keystrokes and other data, including "the most accurate geographical location known."
Once surveillance is up and running, the telcos are told to pass along what data they can in a fraction of a second. "Call-associated data will be made available within milliseconds ... 100ms-500ms is the desirable target," says the directives, which add that the intercepts are relayed via secure lines to a "law enforcement monitoring facility."
The companies are also told to help authorities screen out calls between suspects and lawyers. Carriers that help their customers scramble communications must decrypt them. "Law enforcement requires that any type of encryption algorithm that is initiated by the service provider must be provided to the law-enforcement agency unencrypted."