OTTAWA - Privacy advocates say they're disappointed with vague responses from Canadian telecommunication companies about when and how they hand customer information to police and security agencies.
Researcher Christopher Parsons, who helped lead the effort to find out more about the practices, says just 10 of 16 Internet and telephone companies responded to a January questionnaire, while one firm asked for more time.
The initiative comes amid public concern about surveillance by western security agencies and a legislative move by the federal government to make it easier for authorities to find out more about telecom customers.
The government claims authorities need easier access to subscriber information to catch terrorists, pedophiles and other criminals.
Companies generally declined to provide specific answers to questions from the researchers and few gave details about what they do to protect subscribers' privacy, said Parsons, a postdoctoral fellow with The Citizen Lab at the University of Toronto.
While many companies noted a commitment to maintaining privacy, they declined to indicate exactly how they evaluate state agencies' requests for customer data, he said Thursday in a blog post about the project.
As a result, Canadians know little more about the degree to which companies share information with state agencies including the police, Canadian Security Intelligence Service and eavesdropping agency Communications Security Establishment Canada.
An informal coalition seeking answers — including The Citizen Lab, academics and civil liberties organizations — says Canadians have only a vague understanding of how, why, and how often companies have disclosed information to government agencies.
They asked dozens of questions about how many requests the agencies received from government, the kind of information sought, the protocol for dealing with requests and whether they were compensated for complying.
Some companies were not clear as to whether they were legally barred from answering the researchers' questions or that they simply decided not to reply, Parsons said.
"Even this level of data disclosure would be helpful because it would let researchers understand the extent to which companies are operating under gag rules or, alternately, are choosing to voluntarily gag themselves," he said.
However, Rogers and Telus acknowledged in their respective replies that network operators were prohibited from disclosing certain information about interception operations and suggested the researchers ask the government for more details.
"Government agencies are better positioned to balance transparency considerations with other important considerations such as the need for confidentiality in relation to investigative techniques, and other law enforcement or national security concerns," the Telus reply says.
Bell Canada was perhaps the most forthcoming. It told the researchers customer information is disclosed only in circumstances required by the law and in keeping with federal private-sector privacy legislation. To ensure this is the case, all such government agency requests are vetted by Bell's "lawful access group" and the office of the senior counsel and privacy ombudsman.
"The lawful access group exercises careful scrutiny over disclosure requests," Bell's letter says. "Where necessary, the lawful access group has required government agencies to withdraw their disclosure requests where the request appears unreasonable in its scope or lacks the reasonable grounds required by law."
Shaw Communications said it "applies a consistent level of scrutiny and care" to requests from authorities, and when the threshold of privacy law is not met, "no information is released."
Such assurances did not comfort Steve Anderson, executive director of OpenMedia.ca, one of the organizations behind the letters.
"It's hugely concerning that these companies have refused to give basic answers about whether or not they're helping the government to spy on us," he said in a statement.
"For many Canadians, the telecom companies' silence means they must have something to hide. If these companies want to protect their brand reputation, they need to come clean."
Rather than leave the burden of disclosure to private companies, the federal government should enact a law that requires it to provide Parliament and the public with regular reporting of requests for information both under warrants and other powers, said Wesley Wark, an intelligence expert who teaches at the University of Ottawa.
In addition, companies also have a democratic duty to demonstrate how they protect the privacy of Canadians' communications and data, Wark said.
"Both the Canadian government and the private sector have a lot of work to do to mend a huge democratic deficit around knowledge of how our private information is stored, requested by government and released to it."
New Democrat MP Jack Harris said Thursday that Canadians should know more about what law-enforcement agencies are collecting from companies.
"The public needs to know what's happening with their privacy."
Follow @JimBronskill on Twitter