Tuesday, April 29, 2014

Government demands telco customer data more than a MILLION times per year

Paul McLeod of the Halifax Chronicle Herald and Alex Boutilier of the Toronto Star have both reported on a dramatic revelation made by Interim Privacy Commissioner Chantal Bernier after testifying before a Senate committee about Bell Canada's new privacy policy.

Following previous revelations, I would have expected a relatively high number but this is an order of magnitude more than I expected.

Bernier disclosed that law enforcement (and presumably national security agencies) ask Canadian telecommunications providers for customer information more than A MILLION times a year. That statistic comes from a report provided to Bernier's predecessor, Jennifer Stoddart, by the CWTA, which combined the answers of nine telcos to questions put by Stoddart to 12 telcos which refused to answer individually. The purpose for combining their answers was clearly to prevent any particular telco being singled out. The report was received by Jennifer Stoddart on December 15, 2011 but has not seen the light of day since then.

The report includes the following:

  • Government agencies requested customer information an average of 1,193,630 times annually.
  • Approximately 784,756 users and accounts were subject to disclosure, based on responses from three of the nine providers. One provider responded that the ratio worked out to 1.74 requests per customer.
  • Telecom companies keep detailed records of access requests by government authorities, but do not report them publicly.
  • Telecom companies responded they are not willing to make this information public.
  • Telecom companies do not report access requests to their customers, when the law allows it. Customers therefore have no way to challenge the access in court.

These numbers are staggering and raises many questions:

  • This staggering number comes from only nine of Canada's 30 telcos. What's the actual number and will we ever know (since government and telcos are refusing to be transparent about this)?
  • How many of these requests were with a warrant and how many were without?
  • Why do telcos keep a database of these requests and under what lawful authority?
  • Why did Jennifer Stoddart not disclose the information sooner, particularly while the horrible "lawful access" Bill C-30 was being hotly debated.

I expect we'll hear much more about this in the coming days.

No comments: