Pitting security against privacy


Success guru Tony Robbins in his book ‘Awaken the Giant Within’ relates an incident that demonstrates the damaging power of presuppositions.

In the 1988 presidential election campaign, he says, when George Bush announced Dan Quayle as his running mate, a news organization ran a nationwide poll. People were asked to call a 1-900 number and answer the following question: Does it bother you that Dan Quayle used his family’s influence to go into the National Guard and stay out of Vietnam?

“The glaring presupposition built into this question,” writes Robbins, “is that Quayle had indeed used his family’s influence to unfair advantage – something that had never been proven. Yet people responded to it as if it were a given.”

I was reminded of this anecdote when reflecting on the controversy and commentary triggered by Bell Sympatico’s recently amended end user agreement.

The discourse surrounding this event included quite a few unproven suppositions presented as facts.

The controversial clause in Bell Sympatico’s modified agreement, which took effect on June 15, informed subscribers that Bell retained the right to “monitor or investigate content or use of [their] service provider’s networks and to disclose any information necessary to satisfy any laws, regulations or other governmental request.”

Some commentators framed this as a security vs. privacy issue. After discussing the implications of the amended agreement, they questioned whether, over the past few years, mounting concerns over potential terrorist attacks have changed Canadians’ attitudes and perceptions to surveillance.

Some asked if Canadians are more willing today to let privacy concerns take a backseat in the interests of security – especially, given the recent terror threats in Toronto and Britain? And re. ISPs user agreements the question was: In the interests of national security are Canadians willing to have their personal online data more open to scrutiny? Are they prepared to have service providers disclose that data to law enforcement agencies?

To my mind, there’s a huge problem with such formulations. They assume something that’s never been proven: that strengthening public security involves sacrificing individual privacy.

To me that’s not self-evident at all.

Let’s review a line in Bell’s modified agreement again: that the company retains the right “to disclose any information necessary to satisfy any laws, regulations or other governmental request.” (italics mine).

At first glance that seems reasonable enough. But wait a minute – aren’t Bell Sympatico and other Canadian Internet Service Providers (ISPs) already doing that?

As Michael Geist, Canada research chair of Internet and e-commerce law at the University of Ottawa writes in his blog: “Few doubt that ISPs already monitor network usage and will disclose subscriber information, including usage habits, if required to do so under a court order.”

That view was reiterated by Canadian cyber crime expert Wade Deisman in a telephone interview. “Research indicates that the major [Canadian] ISPs have systems [with] the capacity to monitor people’s Internet activities very closely, including their bandwidth usage,” said Deisman, who lectures in Criminology at the University of Ottawa.

He went on to say that most ISP/TSP end user agreements offer no assurance of privacy when it comes to them knowing what subscribers are up to on their networks. “There’s no disclosure to anyone else, but technically your e-mail is not your property, it is the property [of the ISP].”

So it seems the major ISPs already:

• Retain the right, through their existing end user agreements, to monitor subscriber traffic/data on their systems;

• Are equipped with the technology to do that;

• Would disclose that information to a law enforcement agency (LEA) if required to do so by a court order.

The last point is crucial as currently, Canadian LEAs – with some exceptions – require proper judicial authorization before they can exercise three key powers: search and seizure, production orders, and intercepting private communications.

However, Bill C-74 – introduced by the erstwhile Liberal government, but which died on paper – attempted to change that. If that Bill were passed, it would have empowered LEAs to obtain specific subscriber data from telecom service providers without judicial authorization. TSPs would be obliged to provide the information upon request, without any justification on the part of the Law Enforcement Agency (LEA). They would not be allowed to disclose any information about these requests.

Initially, it did appear that Bell Sympatico, with its amended subscriber agreement, was adopting an end user policy much closer to the philosophy of Bill C-74. As Geist points out: “The new clause raised fears that Bell was…escalating its willingness to disclose subscriber information without prior judicial oversight.”

However, Bell moved quickly to dispel that notion. “Bell collaborates with law enforcement agencies only when presented with legitimate court-ordered warrants,” said company spokesperson Paolo Pasquini in a statement. “To suggest that we are illegally or routinely monitoring our customers is inaccurate and false.” He added that Bell Canada has “a long and established history of protecting the privacy of its customers.”

Bell Sympatico may have clarified its position, but the issue of warrantless access to online or electronic subscriber data is far from over. The Conservative government is widely expected to introduce legislation similar to Bill C-74 this fall, potentially providing even more sweeping powers to LEAs.

The key issue, as I see it is whether protecting public security today requires such extraordinary measures, some of which clearly militate against privacy rights of all Canadians.

As I mentioned earlier, some of the commentary on this issue assumes this is the case. I don’t.

Neither does Deisman, who has a long standing interest in the policing of cyberspace, as well as first hand experience with safer cities programs, including the development of interagency joint response teams and community policing initiatives.

“The purpose of having the police go before the courts and get warrants is to ensure that there is actually probable cause,” Deisman said. “We can’t just go fishing expeditions like they do in the U.S.”

To support this point Deisman recalled Project Thread – the ill-fated investigation, three years ago, in which 20 men were held in Toronto on suspicion of terrorism. The case was later exposed as being highly circumstantial, and resulted in no convictions because of which the operation earned the nickname Project Threadbare!

“We’ve also had ample evidence with Canadian police agencies that power corrupts,” Deisman warned. “There’s the evidence of the ‘dirty tricks’ campaign in the 1970s that was waged by the RCMP against the Parti Quebecois. They misused all kinds of powers. It can happen again. That is the concern.”

And the concern is heightened – not mitigated – when initiatives such as “Lawful Access” seek to take away existing safeguards such as judicial oversight over subscriber data access by enforcement bodies.

Parliamentary scholar C.E.S. Franks, writing about the importance of accountability in security intelligence, warned about the dangers s

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now