Canadian Law Enforcement Asking For ISP Subscriber Data Every 27 Seconds; Pending Legislation Looking To Up That Number

from the whatever-they-don't-get-will-make-a-stop-in-the-US dept

Canada’s image as the The Most Polite Nation In The World would seem to be a front that masks a malignant nastiness under the surface. If these numbers are to be believed, Canada is little more than a criminal organization masquerading as a constitutional monarchy.

Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant)…

According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher.

Every 27 seconds. And that number is two years out of date. If Canada is anything like the USA, these requests have increased at a pace far exceeding the birth rate. And much like the US, most of the information is gathered without a warrant or government oversight.

Canadian ISPs are “free” to turn down warrantless requests, but turning down law enforcement isn’t as easy as some people would make it appear. (These “people” are those that argue for the surveillance state by saying, “X can always challenge the request,” as if that were actually a viable option.) No one wants to be facing additional scrutiny from aggrieved entities who were asked to go come back with a signed order.

The correspondence also confirms that the telecom providers were concerned about how the government and law enforcement would react to public disclosures. In one email, Bell says that “we are walking a delicate line between supporting privacy and not antagonizing Public Safety/LEAs [law enforcement agencies], so the materials will be pretty factual, not much commentary.”

Plus, the ISPs charge a fee to retrieve subscriber information, which probably doesn’t generate a ton of income, but doesn’t hurt the bottom line either.

As Michael Geist notes, there’s been some pushback from ISPs, but that push hasn’t made much headway. And proposed legislation will only make things worse. Two bills headed to committee both ask for the same thing: an expansion of warrantless disclosure — one under the unintentionally ironic title of “Digital Privacy Act.”

So, there’s already plenty of data being grabbed by local entities. Now, there’s also a good chance that peering issues are pushing Canadian data through American pipes — which would put this right into the hands of the NSA, FBI, etc. A study on Canadian ISP transparency found that a sizable portion of Canadian internet traffic makes a hop across the border.

About routing, the report states: “Fewer than half (8/20) of the ISP privacy policies refer to the location and jurisdiction for the information they store. Only one (Hurricane) gives an indication of where it routes customer data and none make explicit that they may route data via the US where it is subject to NSA surveillance”.

“Boomerang” routing – where data leaves Canada, traverses US networks (who might choose to ignore PIPEDA) and returns to Canada – accounts for as much as 25 per cent of traffic, the report states. The report claims that traffic traversing the US is “almost certainly subject to NSA surveillance”.

Just as disappointing, not a single one of Canada’s ISPs scored a passing grade on transparency. The highest score belonged to Teksavvy, which scored 3.5… out of 10. Unsurprisingly, smaller, newer ISPs scored higher than the incumbents, but when the high score doesn’t even hit the 50% mark, it’s not much of a victory. The authors found that not a single Canadian ISP fully complied with the Personal Information Protection and Electronic Documents Act (PIPEDA). In fact, only slightly more than half had even made a “commitment” to following the act’s stipulations.

Much like the US, the largest ISPs are overly compliant with national security and law enforcement agencies, often going above what’s asked in order to more quickly facilitate requests. Geist notes that one of Canada’s largest ISPs, Bell, has assembled a database specifically to give law enforcement instant access to the information of thousands of subscribers. Inbound legislation, if unchanged, will only encourage more cooperation like Bell’s, if only to free up company employees from fulfilling thousands of requests. It’s the users who remain cut out of this loop, even though it’s their data everyone wants.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Canadian Law Enforcement Asking For ISP Subscriber Data Every 27 Seconds; Pending Legislation Looking To Up That Number”

Subscribe: RSS Leave a comment
velox (profile) says:

ISP ‘compliance’ isn’t really the right word. ‘Customer Service’ is the more appropriate term, since the ISP’s are selling this data to law enforcement. Anything that makes their customers happy is good for business.

Think about it. The ISP’s are charging you for the right to sell-out your own privacy and freedom. (And they likely aren’t just selling your private information to government, but also to advertising and analytics companies as well.)

Lord justice says:

You know what? While a gross violation of privacy, this actually makes me feel a little safer in Canada. Sure, they probably have my data…But it’s completely buried under all the other data as well. The RCMP is making themselves completely ineffectual at actually doing anything with this data.

My Name Here says:

another cool story

Yes indeed, another cool story, but one that gollifies the numbers and doesn’t real address the main points.

First off, and key here, is that “telecommunications” means everything from internet to phone, cable, and any other means by which information can flow. So many of these could be nothing more than requests related to harassing phone calls or sales calls against numbers on the do no call lists. A single missing persons inquiry could lead to dozens of sets of basic account information being pulled based on numbers called by the missing person on their cell phone, as an example.

By mixing all of these things together, it gives a mistaken impression of a room full of people just asking for information for the hell of it. It’s just not the case.

Without breaking down the requests into some sort of detail, Mr Geist is using truthiness to try to push against what he sees as poor laws. However, in lumping data together and not considering use (or the likelihood of obtain a warrant anyway) he creates a false impression of a pez dispenser of information. There is no indication of the types of requests, so there is no way to know how many of them would show a similar result if a warrant was requested.

Figures don’t lie but careful pruning and clumping of data can create almost any bad impression you like.

GEMont (profile) says:

Re: another cool story

Perhaps “My Name Here” can aid the public in its search for details by posting the information that will show the public exactly how these demands for information by the CanGov break down into the various categories s/he claims have been lumped together.

What’s that you say?
That is not publicly available information!

So nobody but the CanGov could actually disclose the numbers involved in all these categories – such as how many of the inquiries were about harassing phone calls or no-call-list checks.

But, the CanGov will not release those numbers.

So in truth, nobody mixed all these numbers up to give a bad impression of the problem. This is simply all of the information we presently have on this intrusion into Canadian Privacy by the Canadian Government and no actual details as to the breakdown of inquiry types were made available yet.

Hope this comment cancels your shill-pay for this thread.

One Bell to Rule Them All says:

“Canada is little more than a criminal organization masquerading as a constitutional monarchy.”

Wrong! The ruling party is little more than a criminal organization.

Bell Canada owns most of the newspapers, most of the TV stations, most of the ISP businesses, most of the telephone system, most of the cable business, most of the cellphone business.

So far the Bell conglomerate has been a benign fungus on the country and the body politic. As long as it can make guaranteed profits, it seems content. Heaven forbid it morph to the virulent killer strain that infects the current ruling party. When Bell starts drawing up enemies lists, look out.

Chris Brand says:

One easy thing Canadians can do to help

For Canadians, there’s a useful recipe for seeing whether *your* data has been disclosed at

The more people that follow it, the more the service providers will realise that there is a down-side to giving this data up too freely.

And of course let your MP know that you care about this!

Anonymous Coward says:

There are 31,536,000 seconds in a (non-leap) year. That means 1,168,000 requests per year in a country with a population of 35,344,962. The crime rate in Canada is 8269 per 100,000 persons which means a total of 2,932,218.04752 crimes per year. Requests for ISP data are being made in 39.8333268901% of criminal cases. While this is oversimplification, it doesn’t seem that bad.

John Fenderson (profile) says:

Re: Re:

There’s not nearly enough information there to reach even the tentative conclusion you come to. You’re assuming that requesting ISP records is reasonable and relevant to all crimes. I’d be shocked if it were true for even most crimes, let alone all. This error makes things seem better than they really are. Also, there are likely to be multiple requests per criminal case. This error makes things seem worse than they really are.

Those numbers don’t support even a reasonable speculation for or against.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...