Police asked telcos for client data in over 80% of criminal probes
By Amber Hildebrandt, CBC News, April 10, 2015
Canadian police seek online and phone data from telecommunications companies in almost every criminal investigation, according to a briefing note to the federal minister for public safety, obtained by CBC News.
The scale of the practice suggested in the memo indicates it has become routine for officers to tap into private internet activity.
“Canadian police estimate that at least one form of lawful access request is made by government agencies to TSPs [telecom service providers] in about 80-95 per cent of all investigations today,” states the Sept. 26, 2014 memo addressed to Public Safety Minister Steven Blaney, released under the Access to Information Act.
Lawful access includes police asking telecommunications companies to install wiretaps, give access to emails or texts, and hand over identifiers like the name or address of a customer.
Tamir Israel, a lawyer specializing in internet and technology law, says the figure is likely so high because until a Supreme Court decision last June, police didn’t need a warrant to obtain subscriber information such as the name and address associated with an IP address.
“When a tool is unregulated in this way, it becomes a matter of standard practice,” said Israel, a lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa. “No assessment is made as to the invasiveness of the tool, whether it’s justified in a particular context or not. It’s easy to do. It’s low cost, so you just do it.”
A similar pattern of behaviour was seen before wiretapping became illegal in Canada without judicial authorization, says Israel. In those days, Canadian police employed wiretaps 20 times more often, per capita, than their counterparts in the U.S. where it was restricted, he says.
“A lot of those are going to be innocent people,” said Israel. “A lot of privacy gets violated to find the one person who is the actual criminal.
‘Incredibly high rate’
In recent years, civil liberty advocates, journalists and Canada’s privacy watchdog have repeatedly sought details on the frequency with which telecom companies hand over data to police officers.
Not all are convinced that the 80-95 per cent estimate is accurate.
“How exactly did they derive such high numbers? What is the methodology?” asks Chris Parsons, a post-doctoral fellow at Citizen Lab, an academic unit at the University of Toronto’s Munk School of Global Affairs.
“If it is sound, that indicates an incredibly high rate, assuming that all crimes or all investigations are some way linked with telecommunications data.”
It’s unclear where the police estimate comes from. Public Safety only said that the figure is an estimate provided by law enforcement agencies.
The federal Office of the Privacy Commissioner said in 2014 that the RCMP didn’t keep proper records of how often it asked telecom companies for subscriber data, which at the time didn’t require a warrant.
However, attempts by the commissioner to extract that information from telcos proved a bit more fruitful.
Nine of them revealed that they’d been asked 1.2 million times over the course of a year by investigators for subscriber information — a figure that equates to more than 3,200 times a day.
Legal issues examined
In recent years, there have been increasing demands for transparency over the disclosure of Canadians’ online and phone data, particularly following the series of revelations about government surveillance leaked by former U.S. intelligence contractor Edward Snowden.
Last year, TekSavvy, Rogers and Telus became the first telecommunications companies to release transparency reports — following in the footsteps of their U.S. counterparts and spurred to action by a questionnaire sent by a group of academics led by Parsons. Bell Canada was alone among the large telcos not to issue a report.
Previously released government documents suggested that Public Safety officials worried that the firms might divulge “sensitive operational details” in their reports.
The federal department sought advice on whether any potential legal issues might exist around the disclosure of how telecommunication companies interacted with police, the newly released ministerial briefing says.
“If I were being very charitable, it could be a way to assuage the concerns that ISPs [internet service providers] may have had,” said Parsons. “Less charitably, it could also mean that Public Safety was interested in seeing if there was a way to prevent the reports from coming out.”
Many internet and phone service providers cited potential legal issues — along with a litany of other reasons — as why they failed to disclose any figures.
Telus seeks guidance
Canadian officials also turned to the U.S. for guidance on the unprecedented disclosures of telecom data, noting that the U.S. government issued specific guidance to companies, according to documents released via access to information.
However, the U.S. guidance focused only on secretive terrorism-related requests, such as through national security letters issued by the FBI, and put no restrictions on crime-related figures.
The documents obtained also reveal that Telus officials not only met with the deputy minister of public safety, Francois Guimont, in April 2014, “seeking guidance” on issuing a transparency report, but that they also sent a letter to the public safety minister three weeks prior to its release.
On Aug. 29, 2014, Telus president Darren Entwistle wrote a letter to Public Safety Minister Blaney to alert him to the imminent release of the company’s transparency report. Entwistle wrote in French that the firm placed importance on its relationship with the government, but also recognized Canadians’ interest in privacy.
More than two weeks later, the Vancouver-based company released its report, revealing it had received 103,500 requests for information about its customers in 2013.
“To clarify, Telus consulted with Public Safety Canada on the topic of transparency in general,” Josée Sirois, a spokeswoman for Public Safety wrote in an email. “Public Safety Canada did not consult with TSPs on their specific transparency reports.”
Rogers and TekSavvy had released their reports three months earlier. Both firms have said they did not consult with the government before publishing the reports.
Telus spokesman Shawn Hall said the firm “sought a broad range of input” before its inaugural transparency report.
“We wanted to ensure we understood the views of organizations including Public Safety and privacy advocates,” Hall wrote in an email. He didn’t give specifics on who was approached.