The information and telecommunications industry has lined up almost solidly against suggestions police should have access without a warrant to basic subscriber information they hold.
That’s the take-away from a number of industry association and service provider briefs filed last week as submissions closed for Public Safety Canada’s search for citizen and private sector opinions for a new national security framework.
Public Safety Canada issued a green paper for discussion last September calling for opinions on potentially changing federal laws and policies on several issues including loosening police and intelligence agency access to basic subscriber information, forcing communications service providers to hold for a set period of time to subscribers’ metadata, forcing for all communications service providers to buy communications interception equipment police can use, and making developers of encryption solutions to build in backdoors so law enforcement can unscramble protected documents.
In a word, the answer to all from the industry was “no.”
On warrantless access to basic subscriber information
–Information and telecommunications Association of Canada (ITAC), which lobbies for most of the country’s ITC firms including Bell Canada, Rogers Communications, Telus, IBM, HP-Enterprise and others, said in its submission that improving and standardizing paperwork would speed up police access. It also called for “clear rules designed to avoid police “fishing expeditions” that could contravene judicial requirements and privacy laws.”
“If any expansion in intercept powers is pursued, the government needs to ensure they do not inadvertently discourage innovation and undermine Canada’s reputation as a trustworthy technology jurisdiction,”
–The Canadian Network Operators Consortium (CNOC), which represents 35 independent Internet service providers, said “law enforcement agencies should need to continue to obtain a production order before a TSP (telecom service provider) would be permitted to disclose this information.”
–The Canadian Wireless Telecommunications Association (CWTA), which represents large cellular providers including Bell, Rogers, Telus, Videotron and Eastlink, said consumer research shows concerns over the security of personal information is currently a barrier to digital engagement among Canadians who are low users of online services. “Legislation that may reduce, even only slightly, the privacy of subscriber information will further discourage these Canadians from participating fully in the digital economy.”
(Under current law, set by the Supreme Court, police need a warrant for basic subscriber information except in an emergency.)
On forcing encryption developers to provider backdoors and giving police decryption keys:
–ITAC said that “reducing the strength of encryption or requiring “backdoors” that could be exploited by cyber criminals puts everyone’s security and privacy at risk … . The reality is that encryption technologies today are readily available around the world. If encryption is weakened or outlawed, criminals will continue to have access to it and it is law-abiding citizens who will suffer.”
–CNOC said that “TSPs do not have control over the content [including encryption] of communications that are carried over their networks.” And, as other noted, citizens want encryption for use in buying and selling goods on the Internet, as well as for lawful communications.
—Rogers Communications said there should be no “backdoors” without judicial oversight.
On mandatory metadata retention
–CNOC said “requiring TSPs to retain communications data for longer periods of time than is consistent with the usual business needs and applicable privacy legislation is actually a threat to Canada’s national security and the privacy of Canadians as it exposes data to hacking for longer periods of time than would otherwise be the case.” The Criminal Code allows a peace officer to demand a person preserve computer data for up to 21 days on reasonable grounds to suspect that an offence has been, or will be, committed, and up to 90 days for an offence committed under a law of a foreign state, the association also noted.
— ITAC said “the costs of mass data retention would be significant.” If Ottawa goes that way “it would need to be prepared to cover all related costs incurred by ICT businesses.”
On forcing telecom providers to buy interception equipment
–CTWC said that “any legislative requirements – including equipment and processes – will increase costs for service providers. CWTA submits that there should be a mechanism for these costs – both upfront and ongoing – to be recovered from government by service providers so they do not impact customers. The benefits of lawful interception accrue to all Canadians and associated costs should therefore not be the responsibility of service providers.”
–ITAC said “it would be critical that the government identify how the related costs, including risks to Canadians in respect of privacy and network security, are justified. In part, this would require that the government demonstrate the effectiveness of interception. However, in light of the prevalence of end-to-end encryption and availability of online services offered from outside of Canada, proving effectiveness may be difficult.”
Bell said it’s position is reflected in the wireless association’s brief. Rogers Communications issued its own submission which said the government Green Paper “has not provided significant evidence of a particular problem that cannot be addressed in the existing legislative framework.”
The Green Paper the government issued to kick off the discussion didn’t include specific policies the government is proposing. That usually comes in the form of a White Paper. So far the government hasn’t said when or if a White Paper is coming.
Several associations noted the government hasn’t detailed what it might do and urged Ottawa to have another round of consultations on specific action it is considering before introducing legislation. Rogers went further, saying it is “paramount” there be more public consultations
In a statement when the submission deadline ended Public Safety Minister Ralph Goodale said the Government “will be transparent in informing Canadians about what we have heard. A public report that summarizes the input will be released in the new year.”
The struggle between communications service providers and police over access to basic subscriber data has been going on for years. Police argue that with criminals using computers and smart phones for communications it is vital they get access to this data — names, street addresses, email addresses and IP addresses — for suspects to allow investigations to proceed. Interception of actual communications would need a court order, but police had been insisting until 2014 that this data should be handed over merely on request.
That changed with the Supreme Court decision that said in the absence of clear law police need a search warrant for such information, except in an emergency.
The Harper government wanted to expand access under Bill C-13 (earlier called Bill C-51), but abandoned the effort under pressure from the public. However, the consultation’s Green Paper and background paper raised the issue again, including statements from police that getting court orders for access to basic personal data takes too much time and slows investigations. Police also worry about the increasing use of encryption, particularly on newer smart phones where encrypting messages is the default.
Over the summer, the Toronto Star reported, the RCMP told the prime minister’s national security adviser Canada lacks police powers in cracking encryption, intercepting communications and accessing suspects’ identities. In November the Star and CBC ran a series on security issues including investigations that the RCMP say have been stonewalled by encrypted devices.