Canadian Law Enforcement Asking For ISP Subscriber Data Every 27 Seconds; Pending Legislation Looking To Up That Number
from the whatever-they-don't-get-will-make-a-stop-in-the-US dept
Canada’s image as the The Most Polite Nation In The World would seem to be a front that masks a malignant nastiness under the surface. If these numbers are to be believed, Canada is little more than a criminal organization masquerading as a constitutional monarchy.
Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant)…
According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher.
Every 27 seconds. And that number is two years out of date. If Canada is anything like the USA, these requests have increased at a pace far exceeding the birth rate. And much like the US, most of the information is gathered without a warrant or government oversight.
Canadian ISPs are “free” to turn down warrantless requests, but turning down law enforcement isn’t as easy as some people would make it appear. (These “people” are those that argue for the surveillance state by saying, “X can always challenge the request,” as if that were actually a viable option.) No one wants to be facing additional scrutiny from aggrieved entities who were asked to go come back with a signed order.
The correspondence also confirms that the telecom providers were concerned about how the government and law enforcement would react to public disclosures. In one email, Bell says that “we are walking a delicate line between supporting privacy and not antagonizing Public Safety/LEAs [law enforcement agencies], so the materials will be pretty factual, not much commentary.”
Plus, the ISPs charge a fee to retrieve subscriber information, which probably doesn’t generate a ton of income, but doesn’t hurt the bottom line either.
As Michael Geist notes, there’s been some pushback from ISPs, but that push hasn’t made much headway. And proposed legislation will only make things worse. Two bills headed to committee both ask for the same thing: an expansion of warrantless disclosure — one under the unintentionally ironic title of “Digital Privacy Act.”
So, there’s already plenty of data being grabbed by local entities. Now, there’s also a good chance that peering issues are pushing Canadian data through American pipes — which would put this right into the hands of the NSA, FBI, etc. A study on Canadian ISP transparency found that a sizable portion of Canadian internet traffic makes a hop across the border.
About routing, the report states: “Fewer than half (8/20) of the ISP privacy policies refer to the location and jurisdiction for the information they store. Only one (Hurricane) gives an indication of where it routes customer data and none make explicit that they may route data via the US where it is subject to NSA surveillance”.
“Boomerang” routing – where data leaves Canada, traverses US networks (who might choose to ignore PIPEDA) and returns to Canada – accounts for as much as 25 per cent of traffic, the report states. The report claims that traffic traversing the US is “almost certainly subject to NSA surveillance”.
Just as disappointing, not a single one of Canada’s ISPs scored a passing grade on transparency. The highest score belonged to Teksavvy, which scored 3.5… out of 10. Unsurprisingly, smaller, newer ISPs scored higher than the incumbents, but when the high score doesn’t even hit the 50% mark, it’s not much of a victory. The authors found that not a single Canadian ISP fully complied with the Personal Information Protection and Electronic Documents Act (PIPEDA). In fact, only slightly more than half had even made a “commitment” to following the act’s stipulations.
Much like the US, the largest ISPs are overly compliant with national security and law enforcement agencies, often going above what’s asked in order to more quickly facilitate requests. Geist notes that one of Canada’s largest ISPs, Bell, has assembled a database specifically to give law enforcement instant access to the information of thousands of subscribers. Inbound legislation, if unchanged, will only encourage more cooperation like Bell’s, if only to free up company employees from fulfilling thousands of requests. It’s the users who remain cut out of this loop, even though it’s their data everyone wants.