The Latest On Lawful Access

Dear Consultation Committee:

I am writing on behalf of the British Columbia Civil Liberties Association (BCCLA). Our Association has made previous submissions during the consultation processes on lawful access held in 2002 and 2005. There is no change in our substantive submission on the issue of what is now being re-branded as “customer name and address information” (“CNA information”), previously known as “subscriber information”. We remain adamantly opposed to the lowering of the standard for police access to this personal information. It is our submission that the proposal is a significant expansion of police powers that has never been justified and would clearly violate citizens’ rights.

There is no demonstrated need for this significant expansion of police powers

Law enforcement agencies have lobbied for years to acquire the ability to demand access to personal information of customers of telecommunication service providers (TSP’s). As noted by numerous commentators, a need for the proposed expanded police powers has never been demonstrated.

Rather than evidence that warrantless access to customers’ personal information is needed, the current consultation echoes the previous ones in merely citing hypothetical illustrations. The first example cited in the current consultation backgrounder is a non-investigative situation in which the police are unable to compel customers’ personal information from a ‘non-cooperative’ TSP and as a result are unable to locate next-of-kin in emergency situations. The relevance of this example is dependent on a series of curious assumptions, starting with the assumption that it is these kinds of circumstances in which TSP’s are exercising their lawful discretion to require a warrant before releasing customers’ personal information. We note that public interest and safety disclosures are currently fully provided for in privacy legislation and we are unaware of any evidence that these provisions are not being appropriately used. Further, in addressing the often-alluded-to example of a safety emergency, the police can conduct warrantless searches in cases of exigent circumstances, which include an urgent threat of serious harm to any person or property.

Along with many other organizations, we have frequently called for evidence that shows that current laws are inadequate in the kinds of scenarios cited by proponents of information-on-demand. Half a decade after the first of these consultations, the case has yet to be made.

There is a reasonable expectation of privacy over this personal information

Police spokespersons frequently comment in the media to the effect that the information at issue is no more sensitive than the information found in the phone book. This is false and misleading. The following items are set out in the consultation document to illustrate the scope of the information being sought by police on demand:
– name
– address(es)
– ten-digit telephone numbers (wireline and wireless)
– cell-phone identifiers
– email address(es)
– IP address; and/or
– Identification of the TSP that owns the telephone number or the IP address used by the customer

These “basic identifiers” (as the consultation document refers to them) are a potentially very rich source of data on a given individual. Privacy experts have long maintained that the proponents of lawful access expansion adopt a disingenuously naïve position on the privacy value of these “identifiers”. It is an apparent contradiction to say that the information has nugatory privacy value and yet significant value for investigative and other purposes.

The question is what these “basic identifiers” unlock in terms of other information. For example, McLean’s Magazine did an investigative story in which a reporter was able to access the Privacy Commissioner of Canada’s telephone records using a U.S.-based data broker. The “key” piece of information needed to access her telephone logs was her home and cell phone numbers.

The sensitivity of these “basic identifiers” has been purposefully downplayed. This is information that attracts a reasonable expectation of privacy in law.

The proposed “privacy safeguards” do not safeguard privacy

The list of purported “safeguards” is largely unchanged from those proposed in the past. They represent a continued attempt to characterize as “privacy protections” measures that do in fact not protect privacy. Auditing, reporting, and other schemes of oversight are the kinds of things that civil libertarians call for on a regular basis. We just do not confuse them with privacy protections which, it is axiomatic, must be a system of prior authorization, not post-hoc scrutiny.

Not only do these “safeguards” not genuinely protect privacy, the proposal for an elaborate administrative oversight regime exposes a fundamental tension within the proposal writ large. Essentially, an empire of bureaucracy will be called into existence on the seeming justification that applying for warrants is too much paperwork.

In short, if we have the resources for this privacy-diminishing administrative regime, we clearly have the resources for the Charter-respecting regime that currently exists.

The consultation process

Having made extensive submissions on this matter on two previous occasions, we are submitting these most recent comments in a very concise format. We are in fact not able to understand the purpose of this current consultation.

We laud the recent comments by the Minister of Public Safety assuring Canadians that the government will not introduce legislation that would require TSP’s to provide customers’ information to the police without a warrant. However, that assurance having been made, the rationale for this consultation is quite unclear.

We look forward to further clarification that the matter has been settled in accordance with the Minister’s clear and direct promise.

Yours truly,

Micheal Vonn
Policy Director
British Columbia Civil Liberties Association