Canadian telecoms Rogers and TekSavvy, along with the Information Technology Association of Canada (ITAC), have submitted comments to the federal government opposing changes to Canada’s national security legislation that could expand police access and power over telecom subscriber information and data access.
Telecoms respond to latest push for access
In comments reported on by the CBC, the telecoms put forward the argument that current police powers are adequate and that the government has not provided enough proof that they are lacking or in need of expansion. Further, the companies argue that the proposal is too vague, without enough consideration as to how the proposed changes would be implemented. Meanwhile, Bell and Videotron told the CBC they backed the submission made by the Canadian Wireless Telecommunications Association (CWTA) which commented mainly on privacy issues and implementation cost. Telus and Shaw made no submission.
The proposal in question was opened as a public consultation on national security in September 2016. A green paper and background document were released that Michael Geist, Canada research chair in internet and e-commerce law at the University of Ottawa, says “skips over the years of lawful access debate by putting everything back on the table.” In an article for The Globe and Mail, Geist mentions many previous attempts the government made to enable easier access to carrier data, including Bill C-30 and the lawful access legislation that was passed in 2014.
The proposed access powers
Amongst the issues at the heart of the discussion are warrantless access to Basic Subscriber Information (BSI) such as name, telephone number and address from carriers, a general requirement that carriers be required to retain data for an unspecified amount of time for investigative purposes and lawfully mandated interception systems and devices including ‘Stingray’ machines.
When it comes to warrantless access to BSI, Rogers states that there’s no evidence to support the police’s claim that such access is necessary and TekSavvy agrees that it does not seem “justified.” The smaller internet provider also notes that it disapproves of retaining data for long periods of time.
“We are concerned that a mandated data retention requirement would place all of a service provider’s customers under a generalized air of suspicion of prospective wrongdoing,” TekSavvy wrote. “It would communicate that the government wants records kept on all citizens ‘just in case’ they engage in inappropriate activities.”
Additionally, both agreed that it could increase privacy and security risks for consumers. In a similar manner, creating an interception system or backdoor would also raise significant privacy and security issues — including the possibility that criminals or hackers could more easily gain access to telecom information, reports Rogers and TekSavvy and ITAC.
Interception devices and feasibility
Rogers also called out ‘Stingray’ devices or IMSI catchers, which mimic cell towers in order to trick nearby mobile phones into connecting to them and feeding them data, and which may impede 911 calls. Rogers states that it remains unclear whether such a tool is legally permissible and whether “the use of this technology is in [the] best interest of protecting Canadians.”
On top of these concerns, Rogers, TekSavvy, ITAC and the CWTA raise the issue of how changes should be implemented or the cost of such an implementation.
“It would be critical that the government identify how the related costs, including risks to Canadians in respect of privacy and network security, are justified,” wrote ITAC.