Now that it has a majority, service providers expect the Conservative government will soon push its long-promised lawful access laws through Parliament. Here’s a preview of the issues

Carriers anxious for lawful access regulations

For several years Canadian telecommunications service providers, public interest groups and federal opposition parties have been wrestling with Harper government’s promise to expand lawful access police have over online communications.

Among other things, the Conservatives want to give law enforcement agencies emergency powers to demand personal information about Internet subscribers without a judicial warrant, and to compel telecom providers install equipment to give police the capability to intercept electronic communications.

Now that the Conservatives have a majority, the day when that legislation can be passed has come closer.

However, while telecom carriers – and the public — have known for months what the legislation will likely include because parts were introduced almost a year ago, they are still uncertain on whether the changes will cost them small change or millions of dollars.

For even if the government reintroduces the same acts, it has been mum on the regulations carriers will have to obey to comply with the laws. The regulations are set by cabinet. And, as the saying goes, the devil is in the details.
When they are released — and usually that doesn’t come until after legislation is passed – ”that’s when the real action begins,” said a lawyer for one carrier, who asked not to be identified.

Amongst other things, the regulations will detail the standards for the equipment carriers and Internet providers will need to buy, how soon their networks will have to be prepared, and whether there will be compensation for the equipment and for the time it may take to pull subscriber details from their databases.

Providers also hope it will have a “safe harbour” clause that protects them from prosecution if they buy gear that is compliant today but doesn’t fit government needs in the future.

“We really do have to wait for the regs,” says Bill Munson, vice-president of the Information Technology Association of Canada (ITAC), whose members include wireline carriers. ITAC and the Canadian Wireless Telecommunications Association (CWTA), which includes cellphone companies, have formed a joint committee which keeps close contact with senior government bureaucrats on the proposed changes.

The signals have always been the government understands the industry’s concerns, Munson said.

“Their hints have always been broad – ‘Don’t worry, about it we catch you and we’ll take care of that.’ But it’s easier to say than to do.”

Similarly, the Canadian Network Operators Consortium (CNOC), which represents a number of independent Internet providers, is leery about the costs.

If it turns out a small ISP has to spend $1 million on equipment “there’s going to be opposition to that,” promises CNOC president William Sandiford, who also heads Telnet Communications.
 
Finding providers willing to speak on the record about a touchy area that involves a regulated industry, national security, business processes and customer privacy isn’t easy.

Several major providers didn’t reply to a request for comment, while one would only talk off the record.

One of those that did release a comment was BCE Inc. [TSX, NYSE: BCE], parent of Bell Canada. “While we obviously can’t comment on legislation that hasn’t yet been reintroduced, our primary concern in this area has always been the capacity of industry to implement any new requirements and who bears the cost,” said spokesman Jacqueline Michelis in an email. “Also, customer privacy remains a top priority.”

For its part, the government is working hard to counter allegations from the New Democratic Party and public interest groups that the legislation will allow surveillance of communications without a warrant.

“The government is trying to push through a set of electronic surveillance laws that will invade your privacy and cost you money,” says StopSpying.ca, a Web site set up by OpenMedia.ca to lobby against increasing police intercept powers without judicial oversight.

Similarly, last month Quebec NDP member Charmane Borg complained during Question Period that the Conservatives intend “allowing police officers to spy on citizens on the Internet without a warrant.”

Public Safety Minister Vic Toews immediately denounced “outrageous claims” like that. The proposed legislation would give a designated officer the right to demand subsciber information a provider has such as name, IP address, email address and identifying information for a mobile device. But, Toews emphasized, a judge will still have to authorize the interception of private communications.

That isn’t good enough for privacy advocates like Halifax lawyer David T. S. Fraser, who argues in his blog that even that amount of information shouldn’t be divulged to a police department without judicial consent.

That’s also the position of ITAC, says Bill Muson. “Not a meeting goes by that that isn’t being raised,” he said. 
When the Conservatives introduced the first two of the three pieces of legislation last November, cabinet ministers said the acts would provide law enforcement and national security agencies with up-to-date tools to fight crimes such as gang- and terrorism-related offences and child sexual exploitation.
 
Here’s a brief description of the bills as they appeared in the last Parliament. In essence, they all work together. Their numberings are included for those familiar with the legislation, but they will likely be re-numbered when reintroduced in the new Parliament:
 
–The Investigating and Preventing Criminal Electronic Communications Act (called at the time Bill C-52)
Obliges telecom service providers to have equipment that allows law enforcement and security agencies to capture identifying details of electronic communications on their networks such as IP addresses and gives the ability to intercept electronic communications. (The staturory right to intercept is included in what was called Bill C-50, which is detailed below).
Designated peace officers will have the ability to demand service providers hand over identifying data without a judicial warrant. However, all police offers would have the ability to demand subsciber information in an urgent situation if they believe there isn’t time go through normal procedures.
To comply with judicial warrants, the equipment has to be able to separate the communications of a specific person from the communications of others.
Generally, service providers will only have to add the new equipment when they are updating their systems — they won’t have to update systems just to comply with the law. But, the Justice Minister could order them to do so. 
Within six months of passing C-52 providers would have had to file a report with the government stating their ability to respond to interception requirements in the bill.
 
–The Investigative Powers for the 21st Century Act (called at the time Bill C-51).
It would enable police to identify all network nodes and jurisdictions in the transmission of electronic data and trace communications back to a suspect. Judicial authorizations would be required to get transmission data — which is different from the subscriber data covered in C-52 – which provides the information on the routing. Telecom providers will have to temporarily keep data long enough to give law enforcement agencies to time get a search warrant.
 
–An act to ammend the Criminal Code with respect to intercepting privat communications (called at the time Bill C-50).
It provides that if a judge gives an authorization to intercept electronic communications, a related warrant — such as a search warrant — can be issued at the same time. It permits police the use a telephone number recorder without a warant. In the case of investigations into organized crime or terrorism that authority and police authority to use an electronic tracking device can be extended.
The federal government would have to report annually on the interceptions of private communications without prior authorization and notify individuals who have been the subject of an interception.
Related Download
IDC Analyst Connection - Unified Threat Management: Benefits of an Integrated Approach to Network Security Sponsor: Fortinet
IDC Analyst Connection – Unified Threat Management: Benefits of an Integrated Approach to Network Security
This IDC Analyst Connection looks at the the benefits of using a UTM platform integrated with network connectivity and how it will save the enterprise money, reduce the number of vendors' products needed to be purchased, improve the communications between devices, offer the opportunity for organizations to deploy more sophisticated capabilities, and vastly improve security.
Register Now
Share on LinkedIn Share with Google+ Comment on this article
More Articles