Neither civil libertarians nor privacy advocates are likely to be pleased with the two Bills introduced last week by Canada’s federal government, Bills which are intended to give police wider powers to access online data without a warrant. If passed, the Technical Assistance for Law Enforcement in the 21st Century Act (Bill C-47) will require Internet Service Providers (ISP’s) and other "telecommunications service providers" to install equipment facilitating the interception of communications, and to allow police access, without a warrant, to the personal information of users including names, addresses, telephone numbers, email addresses and internet protocol addresses. The Investigative Powers for the 21st Century Act (Bill C-46) ensures police can obtain warrants for current and historical transmission data, but also allows police to remotely activate existing tracking devices on cellphones and cars.
Most members of the public will not take issue with attempts to control terrorist and criminal activities. As privacy advocates well know, since 9/11 individuals have been all too ready to give up privacy rights in exchange for a promise of greater security, and perhaps the new legislation can be at least partially explained on that basis. However, what is troubling about the proposed legislation, particularly for civil libertarians, is the potential for surveillance in the absence of a warrant. The government press release issued in conjunction with the Investigative Powers for the 21st Century Act justifies the legislation on the basis that other countries including the United States, Australia, New Zealand, Germany and Sweden already have similar lawful access legislation. The press release issued in conjunction with the Technical Assistance for Law Enforcement in the 21st Century Act insists that the Act will not provide law enforcement with any new interception powers.
Section 16 of the Technical Assistance for Law Enforcement in the 21st Century Act provides that the Commissioner of the Royal Canadian Mounted Police, the Director of the Canadian Security Intelligence Service and the head of a police service constituted under the laws of a province may designate a limited number of persons who may request particular personal information from a telecommunications service provider. In some respects this power is similar to section 7(3)(c.1) of the Personal Information Protection and Electronic Documents Act (PIPEDA), legislation which applies to private organizations in the federal sphere, which permits the disclosure of personal information collected by an organization without an individual's consent if a "government institution" (which presumably includes police) requests that the information be disclosed. However, under section 7(3)(c.1) of PIPEDA, the government institution must identify its lawful authority to obtain the information, and the request must be made for the purpose of enforcing a law, carrying out an investigation or gathering intelligence. In contrast, section 16 of the Technical Assistance for Law Enforcement in the 21st Century Act contains no similar limitation: the designated person need only request the information.
Whether or not the claims in the press release are accurate, in Canada the issue will ultimately come down to whether the legislation, once passed, can withstand a constitutional challenge. Arguably, if the power given to police to obtain personal information without a warrant or judicial oversight is contrary to section 8 of the Canadian Charter of Rights and Freedoms, which guarantees that everyone has the right to be secure against unreasonable search or seizure.
Additionally, ISPs could be facing a significant cost to install the monitoring technology that is now required. According to one of the government press releases, in order to partially alleviate potential hardship, smaller ISPs will be given a longer period in which to comply with the law – an aspect of the legislation that highlights its ultimate weakness. If smaller ISPs need not comply immediately, the criminal element the legislation is supposedly directed at will simply move their activities to these ISPs, at least in the short term, a possibility raised in a Globe and Mail article. But more importantly, that same criminal element will no doubt resort to more sophisticated encryption and other means to avoid detection. The ultimate result may not be greater scrutiny of criminal activities, but simply the development of a more sophisticated criminal element, at the expense of individual rights.
The legislation is being introduced by a minority government, but there may very well be sufficient support from Members of Parliament to ensure its passage, given that the Liberals, now the Official Opposition, introduced similar legislation in 2005. Additionally, the new legislation was introduced just prior to Parliament’s summer recess, a tactic that may be intended to keep it out of the spotlight. However, such a tactic can also lead to a building of public opposition, similar to what occurred when unpopular amendments to the Copyright Act were introduced in 2008.
Public concern regarding the proposed access legislation appears to be growing: Michael Geist’s article on the legislation had 75 responses at last count. It will be interesting to see what stakeholders and advocacy groups come forward over the summer with well articulated concerns. The government clearly has law enforcement on side, which has apparently been advocating access legislation for quite some time. So far, the CBC noted concerns expressed by the Canadian Assocation of Internet Service Providers regarding potential costs. However, civil liberty advocates and privacy groups have yet to weigh in. Hopefully Canadians will not be so distracted by the late arrival of summer that they ignore this important debate.