An Ontario court has agreed to hear a Charter challenge brought by Rogers and Telus in response to a police request for "tower dumps" with records on over 40,000 calls or customers. The police subsequently withdrew its request, but the judge has agreed to hear the case in any event, given the important privacy interests at stake.
The short recital of the facts is very interesting and suggests the initial production order is staggeringly broad, requiring the production of personal information about tens of thousands of people who had nothing to do with the crime being investigated: [8] Mobile telephones check into wireless networks by connecting to antennas that are frequently mounted on towers. A record is created whenever the telephone attempts or completes a communication which could be a phone call, text message or e-mail. The record identifies the particular tower at which the phone connected to the system. Each tower serves a geographical area ranging from a 10-25 km radius in the country and 1-2 km, radius (or even less) in the city. [9] The production orders against Rogers and Telus are in similar form. The orders require cell phone records for all phones activated, transmitting and receiving data through 21 specified Telus towers and 16 Rogers towers. The orders require the name and address of every subscriber making or attempting a communication and the particular cell tower being utilized. The orders are framed such that if both the person initiating and receiving the communication are Rogers (or Telus) subscribers, then information regarding the recipient must also be provided and the cell tower the recipient used must also be provided. The orders also require billing information which may include bank and credit card information.
[10] Telus and Rogers are both contractually obliged, subject to narrow exceptions, to keep customer personal information private and confidential.[11] The existing order will require Telus to disclose the personal information of at least 9,000 individuals. Rogers estimates that it will be required to conduct 378 separate searches and retrieve approximately 200,000 records related to 34,000 subscribers.
[12] The existing orders do not specify how the customer information is to be safeguarded and does not restrict the purposes for which the PRP may use the information. For example the PRP is not restricted from retaining the information and using it with respect to unrelated investigations.
[13] The Telus affidavit indicates that since 2004 it has dealt with thousands of court orders requiring cell records. In 2013 alone, it responded to approximately 2,500 production orders and general warrants. To the knowledge of the Telus deponent, the order that it now challenges is the most extensive to date in terms of the number of cell tower locations, and length of time periods, for which customer information is required.
[14] The Rogers affidavit indicates that from 1985 to 2014 it has complied with many thousands of production orders. In 2013, alone it produced 13,800 “files” in response to production orders and search warrants.
The court also highlights that the privacy of millions of Canadians is implicated by the decision:
[41] With respect to the third criterion, sensitivity to the count’s proper law making function, there is effectively an ongoing dispute between the police and telecommunications providers. The fact the “tower dumps” are frequently used by police as an investigative tool is reflected in the material before me and is evident as a matter of judicial experience. The Rogers-Telus applications directly concern 40-50,000 individuals, it is safe to infer that the number of individuals affected across Canada would be in the hundreds of thousands, if not millions, every year.
See: R. v. Rogers Communications Partnership, 2014 ONSC 3853 and Telecoms’ charter case to be heard | The Chronicle Herald.