Some Canadian telecom companies aren’t being up front about how many police requests for subscriber information they handle, the federal privacy commissioner has complained.

A few but not all providers have issued transparency reports, Daniel Therrien told reporters in Toronto at the annual Canadian Telecom Summit, but that isn’t good enough.

Privacy commissioner Daniel Therrien
Privacy commissioner Daniel Therrien

“Canadians are telling us they would much prefer data be shared by telcos to government only with a warrant, but when that does not happen Canadians expect there be transparency,” he said. “So companies that do not issue transparency reports I think are falling short of Canadians’ expectations, and I think it’s in their interest for companies to be more transparent and public. And frankly if there’s not more progress I will continue to call for legislation on this issue.”

Transparency reports involve requests for personal information such as metadata or subscriber IP addresses, but do not include numbers for court-ordered wiretaps of conversations.

Rogers Communications is one carrier that regularly issues annual reports. In its 2015 report, the company said it received 86,238 domestic and foreign police requests for subscriber data. Of those 72,977 came with court orders. Some 83,000 requests were complied with and 2,457 were rejected.

The Supreme Court of Canada has said that under most circumstances police must have a warrant when asking for subscriber or metadata. The only exception is in emergencies.

Therrien was at the conference to give a keynote address, where he said transparency reports can help Canadians make informed choices and better understand how and when government agencies access personal information held by the private sector.

Six carriers publish transparency reports. A year ago Therrien’s office published a report comparing them.

The issue is sensitive because police particularly want warrantless access to wireless data –not conversations — they say will help them investigate crime faster.

But in his speech Therrien was also critical of recent calls by RCMP Commissioner Bob Paulson and the Canadian chiefs of police for a new law expanding the right for police to have warrantless access to some subscriber information.

“Some in the law enforcement community appear to be trying to resurrect the debate on wireless access, a debate many of us in the privacy community thought was put to bed in the landmark Supreme Court of Canada ruling,” he said.

Police say they want a law that will expand warrantless access, but be consistent with the Charter of Rights. How that is possible isn’t clear, Therrien said.

“So I maintain that impartial judicial oversight is critical before sensitive personal information may be turned over to the state …Warrantless access should only be permitted in exceptional circumstances and I would urge ISPs and other private sector companies to continue to be vigilant when faced with police requests for subscriber data.”

He also weighed in on the report that the country’s electronic spy agency, the Communications Security Establishment (CSE), inadvertently released telecom metadata to Canada’s Five Eyes intelligence partners for several years. Although the CES believes the privacy impact was low given the safeguards it had in place, Therrien said “take that with a big grain of salt.”  Organizations shouldn’t underestimate what metadata can reveal about an individual, he said, including ISPs and device makes that may be asked to disclose it to government bodies, or may give it to third parties for marketing.

Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
Download Now