At least one Canadian telecom is evidently giving the government unrestricted access to communications on its network, according to documents from Canada’s privacy commissioner.
The documents, obtained by University of Ottawa digital law professor Michael Geist, cite an unnamed telecom firm as saying it had allowed the government to essentially copy the communication data moving on its networks.
"Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transits the network of data nodes,” the privacy commissioner’s document states.
“This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes.”
“Deep packet inspection” is a method of analyzing internet traffic to determine the exact type of content. It can distinguish between emails, file-sharing and other types of internet communication, and can be used to build statistics about an internet user.
The statement appears in a document prepared by law firm Gowling Lafleur Henderson for the privacy commissioner. It summarizes nine telecom firms' responses to questions about law enforcement access posed by the commissioner. The document can be found starting on page 42 here.
Geist called it “an incredible admission” in a blog post published Thursday.
“Are there legal grounds for these disclosures? Who is doing this?” Geist asked. “Given the uncertainty and the enormous privacy implications, the Privacy Commissioner of Canada is surely entitled to investigate this admission using her current powers….”
In documents released Tuesday, interim federal privacy commissioner Chantal Bernier revealed that the government made about 1.2 million requests for subscriber data from Canadian telecoms in 2011. Geist calculates that works out to one request every 27 seconds. Telecom firms complied with the requests at least 784,000 times, the privacy commissioner’s report showed.
NDP Leader Tom Mulcair attacked the government in question period Wednesday, calling the amount of requests “an abomination.”
Prime Minister Stephen Harper suggested that questions regarding data requests should be forwarded to law enforcement agencies.
"Various Canadian investigative, law enforcement and other agencies will from time to time request information from telecom companies," Harper said Wednesday. "They always do this, Mr. Speaker, in accordance with the law. They always seek a warrant when they are required to do so."
However, under Canada’s PIPEDA law, telecoms are not always “required to do so” and Geist and others estimate a majority of the data requests were warrantless.
According to documents provided to NDP MP Charmaine Borg earlier this year, the Canada Border Services Agency alone made 18,849 data requests in a recent 12-month period. Of those, only 52 requests had court warrants.
The documents also show that some telecoms are building subscriber databases that law enforcement can access at will. In one document, the Competition Bureau declares it had accessed “the Bell Canada Law Enforcement database” 20 times in a one-year period.
“The systems may create great efficiencies for law enforcement - click, access subscriber data, and receive a bill from the telecom company - but they suggest a system that is entirely devoid of oversight, with even the Privacy Commissioner excluded from ensuring compliance with the law,” Geist wrote.