Two telecommunications companies have released details regarding the number of demands for customer data they receive from police and government authorities, signalling a shift in how communications providers plan to deal with subscribers' privacy concerns.
How are Canada's privacy laws changing? Read the Globe's easy explanation
TekSavvy Solutions Inc., a privately owned Internet service provider based in Chatham, Ont., was the first company to break with convention, saying it handled 52 requests for customer information in 2012 and 2013. The company said it made 17 disclosures in response to law enforcement requests and refused to reveal information in 35 instances (read a PDF of the full report).
Rogers Communications Inc., Canada's largest cellular carrier and one of the country's biggest Internet providers, released its own report (PDF)shortly after the TekSavvy disclosure on Thursday, revealing it received a total of 174,917 requests for customer information in 2013. It did not specify how many of those requests were fulfilled.
Before Thursday's revelations, the public has had little insight into the frequency with which telecom providers share customer data with police and the government. In April, the Office of the Privacy Commissioner of Canada revealed that in 2011, telecom companies received 1.2 million requests for data, but that information was based on an aggregation of requests from nine different providers. Until now, the big telephone and Internet providers have generally maintained that government regulations limit their ability to share such information.
Ken Engelhart, vice-president regulatory at Rogers, said that growing customer concern over the issue in recent months prompted the company to make the numbers public and "put some sunlight on this topic."
"There was too much sensitivity in the past about not wanting to upset law enforcement officials," he said in an interview. "We realized we have to get a transparency report out quickly to make our customers satisfied that their information is being dealt with properly."
TekSavvy's report goes so far as to invoke the transparency principles of Edward Snowden, the U.S. security contractor – now charged with espionage – who one year ago started leaking top secret documents about Washington's access to American citizens' phone records.
"The Edward Snowden leaks based in the U.S. … have helped underline a key commitment that is required to achieve this mission, which is strong data privacy and transparency," Bram Abramson, the company's chief legal and regulatory officer wrote, adding, "TekSavvy has taken steps to strengthen our internal team dedicated to legal and regulatory matters."
Mr. Abramson's letter was written in response to requests from a group of privacy-oriented academics led by Christopher Parsons, a research fellow with Citizen Lab, which is part of the University of Toronto's Munk School of Global Affairs. "[TekSavvy's report] is the first time any telecommunications carrier in Canada has, in a public way, identified the conditions and the laws under which it may be required to preserve or capture or disclose information," Mr. Parsons said in an interview.
In a three-page document, Rogers said the approximately 175,000 requests came under several different categories, including requests to confirm customer name and address information, court orders or warrants, and emergency requests from police in life threatening situations. Mr. Engelhart said Rogers' systems are not presently set up to track how many requests were complied with, but added: "We definitely do turn down some requests and in some cases we even go to court to challenge warrants we think are overly broad."
In recent years, some U.S. telcos have released transparency reports offering statistics about what kinds of handovers they make to government authorities. The idea is starting to gain traction in Canada, where last month the federal opposition NDP began pressing for a federal panel to investigate "warrantless data collection by the federal government."
Telus Corp. spokesman Shawn Hall said Thursday the company is preparing a transparency report of its own and plans to issue it this summer. BCE Inc. did not comment on whether it plans to share such information. Both companies – which are among the country's three biggest wireless providers and also offer Internet and home-phone services – said they release customer information only when required by law. (BCE owns 15 per cent of The Globe and Mail.)
Shaw Communications Inc., the dominant Internet provider in western Canada, did not comment on whether it plans to publicize the number of requests it receives.
A pair of bills before parliament – C-13 and S-4 – would expand the situations in which telecom companies could share information with other companies or with police.
C-13 grants immunity to companies that voluntarily hand over data to police, and also allows the courts to order a company not to publicize a particular request if it "would jeopardize the conduct of the investigation of the offence." In Parliamentary committee testimony Thursday, an association representing Google Inc., Facebook Inc. and other major Internet companies warned that this is a "gag order" that could prevent them from fully disclosing the total number of requests from government.
Bill S-4, meanwhile, would allow companies, such as telecom giants, to share private data with another company – without judicial oversight or any requirement to report the sharing – if they believed the information could help investigate any breach of a contract or a crime. Various critics have warned Canadian lawmakers that this will open the door to large-scale, unmonitored data sharing between companies.
Colin Freeze