Wednesday, July 08, 2015

Canadian government issues "transparency reporting guidelines"

The Canadian federal government has released "Transparency Reporting Guidelines", to provide companies with guidance on reporting law enforcement and national security requests for customer information. Surprisingly, the guidance came from Industry Canada and not Public Safety Canada or the Department of Justice.

What is particularly notable is that the government is strongly advocating for "banding", so it says that companies should not report exact numbers where they are between 1 and 100. Companies who wish to be transparent (which should be all companies) should know that these are guidelines only and there is no basis in law that I am aware of (absent a term in a particular court order) that requires this banding or aggregation.

B. Limitations

When reporting statistics by each of the categories listed in Part A, organizations should respect the following limitations, in order to protect the work of law enforcement, national security, and regulatory agencies

1. As presented in the sample chart below, figures between 0 and 100 should be represented in a band of '0-100' when any figure in column A (Number of Requests) or Column B (Number of Disclosures) is less than 100. In such cases the banding of figures should apply to all columns for that data type whose figure is between 0-100. Any figure over 100 may be represented by its actual number. This is to protect the operational activities and capabilities of Canadian government and law enforcement agencies.

2. Figures should be aggregated to reflect Canada-wide statistics, and should not differentiate between law enforcement, national security, and regulatory agencies (i.e. there should be no breakdown by geography or specific agency). Moreover, these figures should also be aggregated such that service type and its associated network technology are not distinguishable (i.e. cellular voice services should not be subdivided and reported according to 2G, 3G or 4G/LTE network type, etc.). This is to protect the operational activities and capabilities of Canadian government and law enforcement agencies.

3. There should be a six month delay in reporting timeframe. For example, if a report covers the period January 1 to December 31, 2014, it should not be released before July 1, 2015. This is to ensure that most active investigations have no possibility of being compromised.

The limitation provisions will ensure that transparency reporting does not impair or compromise national security or criminal investigations, and the safety and security of Canada and its citizens.

These provisions are dynamic and may be subject to change based on sensitive Canadian government operations that necessitate additional or other safeguards, or to keep pace with suspected criminal and unlawful activities that use telecommunications services and related technologies.

Personally, I think that companies should separately report ordinary criminal law enforcement requests and national security requests.

As an aside, I wonder if this means we'll get transparency reporting from Bell Canada, which is the only major Canadian telco to not provide such reporting.

No comments: