Law enforcement agencies made just over 174,900 requests to Rogers Communications Inc. last year for customer information, the carrier said this week, one of two service providers to offer detailed metrics on what police are demanding and getting.
Of the total demand to Rogers, 9,339 dealt with emergency requests from police officers in life-threatening situations where court orders couldn’t be obtained.
Chatham, Ont.-based Internet provider TekSavvy Solutions, which operates in most provinces, said between 2012 and 2013 it received 52 requests for information about customer use of communications from police. Only one came with a court order. Seventeen requests were complied with because they related to criminal investigations, while 35 were rejected. All dealt with correlating IP addresses with subscriber name and information.
The disclosures come after criticism in April that wireless and wired service providers didn’t disclose enough information to the country’s privacy commissioner on police requests to get an accurate picture of what they are – or aren’t – handing over to law enforcement.
But comments from a senior Rogers executive (see below) hint that its silence on controversial legislation now before Parliament is about to end.
The House of Commons is in the final stages of debate on bill C-13, the so-called cyber-bullying legislation, that includes protection to carriers for voluntarily handing over some subscriber information.
There have been hints from providers that current laws restrict what they can divulge publicly about disclosure. The report from Rogers and TekSavvy can be seen as two carriers trying to assure the public they don’t roll over when law enforcement agencies make requests, with or without warrants.
“About half of the requests we receive are to confirm a customer’s name and address, which we respond to so police do not issue a warrant to the wrong person,” Ken Engelhart, Rogers’ chief privacy officer and senior executive vice-president for regulatory affairs, wrote in the introduction to the cableco/Internet provider/wireless carrier’s report. “Otherwise, we only provide customer information when forced by law or in emergencies after the request has been thoroughly vetted. If we consider an order to be too broad, we push back and, if necessary, go to court to oppose the request.”
In an interview Engelhart said the report was released in part because the “mainstream media were misinformed” about carrier disclosure to police, particularly that “carriers are keen to give out IP addresses, which is absolutely not true.”
Rogers does confirm subscriber addresses to police without a court order, he said, but that is only to ensure when police get a search warrant for a person’s home it is correct. “What we’re doing now makes sense and isn’t intrusive,” he said.
TekSavvy, which only offers Internet service, says its disclosure policy is consistent with the rules of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) to produce basic subscriber information to a lawful authority in the context of a law enforcement investigation. However, it recently narrowed that: Its staff will only disclose information with a judicial warrant, production order or if there are circumstances in which there isn’t enough time to get one.
Privacy advocates worry that while law enforcement agencies say they sometimes ask for basic subscriber or metadata about communications without a court order – to completely intercept the contents of a call or email requires a warrant – metadata can reveal much about an individual.
Of the 174,917 requests received by Rogers, about 87,850 dealt with customer name and address checks. Some 74,415 requests had judicial orders, and another 2,556 had government requirement letters where information had to be turned over.
Some may interpret the Rogers figures as reassuring: In April, when the privacy commissioner revealed that in 2011 there were 1.2 million requests for wireless subscriber information to members of the Canadian Wireless Telecommunications Association (CWTA), observers were stunned. Rogers data suggests that two years later the number of requests that didn’t have warrants was less than 10,000 in a 12-month period. The 87,850 customer name and address checks didn’t have warrants, but Rogers says law enforcement agencies already had that information and only needed to confirm it. IP addresses weren’t given out.
The Rogers report said metadata isn’t divulged to law enforcement without a warrant, nor is direct access to its customer databases.
Asked about Rogers’ position on the controversial C-13, Engelhart said he agrees with calls for the bill to be split into two parts — one covering cyber-bullying and the other on police powers and carriers. So far, however, the Harper government says the bill stands as is.
But Engelhart says an informed debate on the disclosure parts will be welcome. Some of the provisions “seem intrusive to us,” he said, such as one that forces service providers to hold onto subscriber information on request of a peace officer. “If they have an (court) order, they have an order,” he said. “If they don’t, they don’t.”
Asked why Rogers hasn’t spoken out before on C-13, Engelhart said the carrier has been working on its position and “still having some internal debate.”