The good thing is that your cellphone lets others know where you are. The bad thing is that your cellphone lets others know where you are — whether you want it to or not.
Every few seconds your cellphone checks in with either a relay tower or a GPS system, which is how it’s able to perform the wonders of geolocation on Google Maps or Yelp or whatever apps you use to tell you where you are and what’s available around you. Of course, all this checking in leaves electronic records with those who provide or manage the connections, records that the government finds handy to consult in certain circumstances. The question in such cases is whether government authorities should require a warrant to obtain your location data.
At the moment in the United States the House Committee on the Judiciary is considering that issue, because the answer provided by the U.S. Electronic Communications Privacy Act of 1986 is unclear. The brief account can be found, among other places, on Forbes (where, incidentally, the editor should tell the headline writer that the expression is “home in on” and not “hone in on) and on McClatchy.
According to a report on Wired last year, Sprint Nextel, one of the largest suppliers of wireless communication in the United States, “provided law enforcement agencies with customer location data more than 8 million times between September 2008 and October 2009.”
In Canada, the government introduced two bills in 2009 that pertained to cellphone tracking, among other matters: Bill C-46, the Investigative Powers for the 21st Century Act; and Bill C-47, Technical Assistance for Law Enforcement in the 21st Century Act. The former would grant law enforcement agencies the power to compel tracking data from telecommunications companies upon judicial orders based on a standard lower than “reasonable and probably grounds”; the latter would require telecommunications companies to have equipment that would enable them to intercept customer communications. Unless I’m mistaken, both bills died upon prorogation of Parliament.
Currently, Bill C-29, An Act to amend the Personal Information Protection and Electronic Documents Act (PIPEDA), which has received first reading, is relevant in this connection. Among other things it would amend s.7 of PIPEDA, which governs when an organization my gather, use, and release information without the knowledge of the person affected. At the moment, relevant portions of that section read as follows:
(3) . . . an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is
. . .
(c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that
(i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs,
(ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or
(iii) the disclosure is requested for the purpose of administering any law of Canada or a province;
Bill C-29 purports to clarify “lawful authority” with this new provision:
(3.1) For greater certainty, for the purpose of paragraph (3)(c.1)
(a) lawful authority refers to lawful authority other than
(i) a subpoena or warrant issued, or an order made, by a court, person or body with jurisdiction to compel the production of information, or
(ii) rules of court relating to the production of records; and
(b) the organization that discloses the personal information is not required to verify the validity of the lawful authority identified by the government institution or the part of a government institution.
This, as David Canton points out coincidentally in a post today, is less than helpful, failing to tell us when that authority in fact exists.