Some ISPs don’t cave when asked for subscriber info, says report

A Canadian privacy and security group isn’t impressed with the answers it got from Canadian Internet service providers about their policies on disclosing information about subscribers to government agencies.

“They’re not quite as robust as we had hoped,” Christopher Parsons of the University of Toronto’s Citizen Lab said in an interview Thursday.

“We had imagined the lowest threshold would be the various companies indicating when they could not respond to specific questions (from us) and where for corporate business reasons they would not respond.

“Unfortunately the responses that were provided lacked that kind of clarity, even.”

But he hopes that in follow-ups the ISPs will say “if they’re not able to respond because of (federal) gag rules, or they’re gagging themselves.”

Read the full report here

In January Citizen Lab sent letters to 16 leading wired and wireless ISPs asking them “to reveal the extent to which they voluntarily, and under compulsion, disclose information about their subscribers to state agencies, as well as for information about business practices and data retention periods.”

In particular it wants to know specifically what federal regulations or law forbid them from informing the public about what they do.

Disclosure about what ISPs are doing has become more important with recent revelations by former NSA contractor Edward Snowden about Canadian and  the U.S. government electronic capabilities. The Harper government was forced to drop its lawful access legislation, which critics said gave too broad powers to law enforcement agencies for getting Internet subscriber information.

Ten replied by the March 4 deadline, including BCE Inc.’s Bell Canada, Rogers Communications, Telus Corp., Shaw Communications and Quebecor Media (which owns Quebec’s Videotron cable and wireless networks).

Some, like Maritime cable and wireless network owner Eastlink, were “thrifty” with their answers, Parsons said.

Others were more detailed. Bell gave this response when asked what it discloses:

“To ensure that customer information is only disclosed in circumstances permitted by PIPEDA (the federal Personal Information Protection and Electronic Documents Act)  and required by law, all such requests are vetted by Bell Canada’s lawful access group and, where there is any doubt, by my office.

“The lawful access group exercises careful scrutiny over disclosure requests. Where necessary, the lawful access group has required government agencies to withdraw their disclosure requests where the request appears unreasonable in its scope or lacks the reasonable grounds required by law.

“In the past, when there were concerns about the statutory power of law enforcement agencies (LEAs) to request warrantless access to customer information under exigent circumstances, Bell Canada led the way to implement an industry-wide process requiring LEAs to document the basis for each such access request.”

What this reveals, the report noted, is that Bell sometimes pushes back against certain government requests for data.

Just as important is that Bell feels publicly disclosing this won’t damage national security, the report adds.

The report also praised Telus for committing to ask Ottawa to clarify and limit the scope of federal confidentiality requirements. At the same time Telus’ reply also noted that sometimes it gets court orders for subscriber information that is “often far reaching.”

One way of restricting law enforcement agencies from making broad requests, Telus suggested, is following a U.S. requirement that police pay for the costs ISPs incur.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now