The federal government has rekindled debates around lawful access with the launch of a consultation process that discusses the possibility of granting law enforcement agencies greater access to Internet and telecom service providers’ subscriber data.
Public Safety Canada has issued the Customer Name and Address (CNA) Information Consultation Document in a bid to institute legislation to help law enforcement get “timely access” to CNA information.
“The purpose of this consultation is to provide a range of stakeholders…with an opportunity to identify their current views on possible approaches to updating Canada’s lawful access provisions as they relate to law enforcement and national security officials’ need to gain access to CNA information in the course of their duties,” the Public Safety Canada document read.
This report came on the heels of a U.S. District Court judge ruling that questioned the constitutionality of national security letters (NSL) issued by the FBI to telecom and Internet service providers requiring them to turn over customer information without proper court order.
The NSL program, which has been expanded under the U.S. Patriot Act, also bars service providers from ever revealing that they have been served with a NSL.
In its consultation document, Public Safety Canada noted the difficulties law enforcement agencies encounter when obtaining CNA information from service providers. The document lists some safeguards for preventing abuse, such as clear limitation on what customer information can be obtained and requirement of regular audits.
The list did not include the need for a court order with CNA information requests. The document also made no mention of whether a gag order on service providers, similar to the NSL program in the U.S., will be enforced as part of the proposed lawful access legislation.
Although this lawful access proposal seemed to be limited to information pertaining to the name, address, e-mail address, telephone and cellphone numbers of particular customers and not on the content of communication or Web activity, such information could still be detrimental to Canadians’ privacy, said Philippa Lawson, executive director at Ottawa-based Canadian Internet Policy and Public Interest Clinic (CIPPIC).
“Quite often, the police will be starting with a lot of content and what they want to do is match that content with an individual,” Lawson said.
Until recently, the Liberal-led lawful access proposal was shelved following a change in leadership in Ottawa in favour of the Conservative Party’s minority government. The incumbent government seems to have taken up the issue with Public Safety Canada initiating public consultations.
Lawson said the safeguard for lawful access must involve reasonable ground to suspect criminal activity. “They’ve got all sorts of minor safeguard that they are proposing and those are all important…but they don’t substitute for the fundamental safeguard of having reasonable ground to suspect criminal activity before you went ahead with these investigations.”
In matters of obtaining customer data for purposes of investigation, the Personal Information Protection and Electronic Documents Act (PIPEDA) already provides for such capabilities for law enforcement, according to a spokesperson from the Office of the Privacy Commissioner of Canada.
“Our views are that as it now stands, PIPEDA…has a provision that allows organizations to disclose personal information to law enforcement for the purpose of enforcing a law or conducting an investigation,” said Carman Baggaley, a spokesperson for the federal privacy commissioner.
Baggaley added that while the disclosure of customer information is discretionary on the part of the service providers, they may choose to do so without a court order.
He said the issue of lawful access also came up during the recent review of PIPEDA by the parliamentary committee.
“We said (then) that if there is a need to clarify or change the wording of the Act to provide greater clarity, then we would be in favour of that, but the notion of making these types of disclosures mandatory is troubling,” Baggaley said, adding the Privacy Commissioner will be taking part in the lawful access consultation.
The Information Technology Association of Canada (ITAC), meanwhile, welcomes the consultation process around the lawful access issue.
“New technologies should not prevent law enforcement from doing their work…at the same time new technologies should not diminish privacy protection and other protection of the public and our customers,” said ITAC president Bernard Courtois.
Under the current environment, service providers are typically cooperating with law enforcement units in providing information as long police authorities are able to show the urgency of a criminal activity.
Courtois stressed, however, that a court order should be required for requests that fail to show criminal urgency.
“We think that to the extent that it’s personal information and it’s not public, there should be safeguards, and maybe (law enforcement agencies) should go through the courts,” the ITAC executive said, adding that the consultations would help stakeholders agree on what the best rule should be around the lawful access issue.
