New disclosures from communications corporations are forcing renewed questions about the interception capabilities Canadian telcos build into their networks for the benefit of government authorities – at home and abroad.
Privacy advocates have long warned that states are demonstrating a growing voracity for data, an appetite that is compelling corporations to install powerful hardware and software devices that can facilitate surveillance mandated by national laws.
On Friday, Britain-based multinational giant Vodafone Group issued a stunning "transparency" report that indicates how it is being forced to help some foreign states eavesdrop on their own citizens. This followed first-ever reports from two Canadian companies – Rogers Communications and TekSavvy Solutions – about how they oblige government authorities seeking to snoop on communications in Canada.
According to Rogers, Canadian police and other government agencies requested about 175,000 pieces of data in 2013. This works out roughly to an average of one request for every 72 Rogers customers. The company has 12.6 million cellphone, Internet and home-phone subscribers.
That figure is relatively high compared with those revealed in U.S. transparency reports. Verizon Communications Inc. recently disclosed it received about 320,000 requests for customer information from U.S. law enforcement agencies in 2013. Verizon has 139 million customers – meaning it received a request for one out of every 434 customers.
Experts note that it is difficult to compare statistics, given how methodologies used to track "lawful access" requests within companies can vary. Different legal systems are also in play.
Regardless, "we are concerned that … on a per capita basis, we're getting a lot more requests than they do in the States," said Tamir Israel of the Canadian Internet Policy and Public Interest Clinic.
More transparency reports are coming.
In Canada, Telus Corp. says it will release one this summer.
Meantime, Vodafone, the world's second largest telco, stunned observers with the report it published on Friday.
The British company explicitly stated it has long had to give "permanent access" to "a small number of countries" where local laws dictate that their governments can have a "direct link" to local Vodafone data.
Vodafone is never presented with warrants in these countries, since "the relevant agencies and authorities already have permanent access to customer communications via their own direct link."
Vodafone is blowing the whistle on this practice in an attempt to stop it. "We are making a call to end direct access," its chief privacy officer told The Guardian.
The admission indicates that some states pass laws demanding complete access to telecommunications databases. It is spawning renewed concerns about how Canadian companies such as BlackBerry Ltd. of Waterloo, Ont., comport themselves abroad.
Spokesman Adam Emery said in an e-mail to The Globe that BlackBerry adheres to a published set of "lawful access principles" that apply globally and that "it is not for us to comment on reports regarding alleged government surveil-lance of telecommunications traffic."
Within Canada, increasing government requests for data are leading telcos to consider installing sophisticated bugging equipment.
In its transparency report this week, TekSavvy said corporations are grappling with a flurry of laws obliging legal interception of communications and the cost of doing it.
"All of these provisions could create an incentive for TekSavvy to design its networks and services so that the cost of any mandatory orders can reasonably be absorbed," it said in its report.
State surveillance of Internet communications can be difficult because the data split up into "packets" during transit. Yet technological sleuths inside corporations and governments can use advanced technology to get a read on messages they might otherwise miss.
This spring, the Privacy Commissioner of Canada released a report from 2011 that said one Canadian telco was using "deep packet inspection" to pass along some communications data to government authorities. Another company said it was "sending what is essentially a mirror image of the packet data as it transits the network."
This surveillance, and how it may have evolved, was not further explained. Both Canadian companies, which were not named in the report, said they were complying with legal orders.