In the so-called “lawful access” controversy in Canada there are almost as many sides as there are stakeholders.
The debate appears to pit law enforcement agencies here against privacy groups. Service providers – wireless, wireline and Internet – are caught somewhere in the middle, trying to juggle their twin responsibilities: ensuring subscriber privacy, while helping law enforcement catch crooks or terrorists.
Theoretically, “lawful access” refers to the legal intercept of communications, as well as search and seizure of information by Canadian law enforcement agencies. Under current criminal statutes, these seizures have to be authorized by law, usually a judicial order.
This, however, may not always be the case if the new “lawful access” proposals go through.
For instance, police, CSIS agents, and Competition Bureau agents would be empowered to obtain subscriber data – name, address, e-mail address, IP address – from telecommunications service providers (TSPs) upon mere request, without any judicial authorization or requirement for reasonable grounds to suspect wrongdoing.
In addition, TSPs would be subject to a “gag order” regarding such requests – namely, no disclosure of the content of the request, the information provided, or any other information regarding the provision of subscriber information to the police.
And it’s more than ethical dilemmas that carriers have to contend with. There’s the question of what compliance would cost them – in terms of money, technology and resources.
Counting the cost
For instance, one proposal currently under review requires service providers to build into their networks communications intercept capabilities.
The question, of course, is who will foot the bill for doing that. For carriers and service providers, that’s a vital issue. But until the proposed legislation provides more clarity in terms of the technology requirement, TSPs are not able to quantify the capital cost of lawful access compliance.
One thing may be certain though, according to David Elder, chair of the lawful access committee of the Canadian Association of Internet Providers (CAIP). Smaller Internet service providers (ISP) will be given “special considerations” when it comes to the carriers’ financial obligations.
While the proposals have yet to be finalized, CAIP believes that smaller ISPs will not be governed under the same infrastructure capability requirement as the bigger players.
“(We understand) there would be recognition that a lot of ISP businesses are quite small…that, in fact, to incur some of the additional costs to deliver the capabilities the government is requesting, just may not be financially possible,” Elder said. He added that financial assistance for smaller ISPs “will be contributed by some other public funds.” …we’re in the business of providing Internet connectivity and related service, we’re not an arm of law enforcement.David Elder>Text Ottawa-based Canadian Internet Policy and Public Interest Clinic (CIPPIC), a public interest advocacy group, fears consumers would eventually have to pay for such costly technology, whether as a pass-on cost from service providers to subscribers or through government expense fueled by taxpayer dollars.
The Information Technology Association of Canada (ITAC) has a slightly different perspective on the issue.
Rather than viewing this proposal as a costly bureaucratic burden, service providers see it as a business opportunity, according to ITAC president and CEO Bernard Courtois.
Lawful access, he said, should be viewed as part of the telecom service that providers have to charge for, “There is no doubt that when the industry carries out lawful intercept, it’s carrying out its own business,” said Courtois.
Service providers would be willing to make the investment as long as they are able to recover this cost from law enforcement agencies through lawful access service, said the ITAC president.
When police forces conduct offsite surveillance and require the use of hotel rooms, for instance, they are expected to pay for the rooms they used, Courtois said. “(The police forces) don’t go and say ‘please contribute them for society’.”
Courtois claims the entire service provider industry – wireless, cable, Internet, and wireline – are unified in this stance. …there’s no public justification to run part of our business for free to law enforcement.Bernard Courtois>Text “We all have the same position that we are all prepared to make the investment, on a going forward basis, but…there’s no public justification to run part of our business for free to law enforcement,” Courtois said.
To enable the implementation of its own lawful access legislation the US government, under the Communications Assistance for Law Enforcement Act (CALEA), allocated US$500 million to reimburse service providers for costs involved in making their systems compliant with CALEA requirements.
While the question of who would bear the cost will remain uncertain until a bill is finally introduced, service providers certainly do not want to end up solely shouldering this added expense.
“We do not want to see a regime where infrastructure capability and ongoing operational costs of executing warrants…are put on the backs of ISPs. We still think, fundamentally, we’re in the business of providing Internet connectivity and related service, we’re not an arm of law enforcement,” said Elder.
Whatever the outcome of such provision, if lawful access ultimately requires service providers to make their networks compliant, surveillance solutions providers like Melville, NY-based Verint Systems Inc. stand to gain more business from it.
Focused mainly on the US carrier market, Verint Systems provides the intercept technology that Canadian carriers would soon be required to build into their networks.
Verint vice-president Todd McDermott, an engineer and a retired RCMP officer, spoke about the technology and how the US carriers have learned to cope with the CALEA requirement at the IP Security Conference in Ottawa last month.
“Eleven years later, I can say that my customer carriers in the US market have made the transition from fighting the requirement to put lawful access in, to making it a mandatory thing,” said McDermott, who dealt with research and development of surveillance equipment and systems during his 15-year stint as an RCMP officer.
McDermott said many solutions that could be deployed by Canadian carriers “are pretty much off the shelf” as they are already deployed in Europe. “It simply requires changing the connector on the electrical supply from 220 to 110 volts.”
For newer technologies such as VoIP, 3G, and broadband access, standards for building surveillance technology into them are currently being developed, he said.
Lawful access, specifically intercept capability requirements, are already in place in other countries like Australia, France, Germany, UK, New Zealand and the US, where carriers are mandated to demonstrate lawful access to regulatory bodies prior to introducing new systems into the market, McDermott said. “So it’s not something unique that Canada is trying to attempt.”
To be cost-effective, the Verint executive said, intercept capability should be built in during system development rather than retrofitting lawful access capability to existing networks.