Bill C-30 Stumbles Over Pile of Tweets

Toews surprised by content of online surveillance bill

Minister finds humour in #TellVicEverything Twitter campaign

Posted: Feb 18, 2012 1:08 PM ET

Last Updated: Feb 18, 2012 1:39 PM ET

Public Safety Minister Vic Toews says he is surprised to learn that a section of the government's online surveillance bill provides for "exceptional circumstances" under which "any police officer" can request customer information from a telecommunications service provider.

In an interview airing Saturday on CBC Radio's The House, Toews said his understanding of the bill is that police can only request information from the ISPs where they are conducting "a specific criminal investigation."

But Section 17 of the 'Protecting Children from Internet Predators Act' outlines "exceptional circumstances" under which "any police officer" can ask an ISP to turn over personal client information.

"I'd certainly like to see an explanation of that," Toews told host Evan Solomon after a week of public backlash against Bill C-30, which would require internet service providers to turn over client information without a warrant.

"This is the first time that I'm hearing this somehow extends ordinary police emergency powers [to telecommunications]. In my opinion, it doesn't. And it shouldn't."

17. (1) Any police officer may, orally or in writing, request a telecommunications service provider to provide the officer with the information referred to in subsection 16(1) in the following circumstances:
(a) the officer believes on reasonable grounds that the urgency of the situation is such that the request cannot, with reasonable diligence, be made under that subsection;
(b) the officer believes on reasonable grounds that the information requested is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property; and
(c) the information directly concerns either the person who would perform the act that is likely to cause the harm or is the victim, or intended victim, of the harm.
The police officer must inform the telecommunications service provider of his or her name, rank, badge number and the agency in which he or she is employed and state that the request is being made in exceptional circumstances and under the authority of this subsection.
17. (1) Tout officier de police peut demander, oralement ou par écrit, au télécommunicateur de lui fournir les renseignements visés au paragraphe 16(1) si, à la fois :
Circonstances exceptionnelles
a) il a des motifs raisonnables de croire que l’urgence de la situation est telle qu’une demande ne peut, avec toute la diligence voulue, être faite en vertu de ce paragraphe;
b) il a des motifs raisonnables de croire que les renseignements demandés sont immédiatement nécessaires pour empêcher la perpétration d’un acte illicite qui causerait des blessures corporelles graves ou des dommages importants à un bien;
c) les renseignements portent directement sur soit la personne dont les actes sont susceptibles de causer les blessures ou les dommages, soit la victime ou la personne menacée.
Il communique au télécommunicateur ses nom, rang et numéro d’insigne ainsi que le nom de son organisme et l’informe que la demande est faite en vertu du présent paragraphe en raison de circonstances exceptionnelles.
Obligation of telecommunications service provider
(2) The telecommunications service provider must provide the information to the police officer as if the request were made by a designated person under subsection 16(1).
(2) Le télécommunicateur lui fournit les renseignements demandés comme si la demande avait été faite en vertu du paragraphe 16(1) par une personne désignée.
Obligation du télécommunicateur
(3) The police officer must, within 24 hours after making a request under subsection (1), communicate to a designated person employed in the same agency as the officer all of the information relating to the request that would be necessary if it had been made under subsection 16(1) and inform that person of the circumstances referred to in paragraphs (1)(a) to (c).
(3) Dans les vingt-quatre heures suivant la présentation de sa demande, l’officier de police transmet à toute personne désignée relevant de son organisme l’information concernant la demande qui aurait été nécessaire si celle-ci avait été faite en vertu du paragraphe 16(1) et l’informe des circonstances visées aux alinéas (1)a) à c).
Transmission d’information
(4) On receiving the information, the designated person must in writing inform the telecommunications service provider that the request was made in exceptional circumstances under the authority of subsection (1).
(4) Sur réception de l’information, la personne désignée informe par écrit le télécommunicateur du fait que la demande a été faite en vertu du paragraphe (1) en raison de circonstances exceptionnelles.

Any Police Officer, under this provision, can, without any permission from the court or his superiors, approach an Telecommunications Service Provider, provide identification, and obtain this information on you . The Officer has 24 Hours before he is obligated to inform his superiors. It is up to the Telecommunications Service Provider to follow up if they are not provided the follow-up report from the Police.

Think of how things operate in the companies you have worked for. The request can be made to a Telecommunications Supervisor and the information given to the Officer. Who in the Telecommunications Company is responsible for the follow-up after two days when it is noticed it is missing? These requests, hopefully, will not be a daily occurrence, how is everyone at every level in the Company supposed to know what to do, especially with a Police Officer in "exceptional circumstances" which could range from a Terrorist bomb to checking on someone's dating tweets?

What happens when the Officer does not follow up with "a designated person in the same agency"? The request was made without this designated person's knowledge, so there will be no inquiry if it goes missing. Until the Telecommunications Service Provider figures out what is going on the Officer, who has not, or can not, provide a reason for his intrusion, is in the clear.

Two days, three days, a week later, what Telecommunications Company is going to go to all the trouble of trying to find that "designated person in the same agency" to say they did not get a follow-up?

The question is: is it appropriate to give this kind of power of surveillance out to individuals at the authority level of a street Officer with nobody else inside the Police or RCMP knowing what is going on?

That is why Minister Toews was surprised when this was pointed out to him. It takes more than just reading a Bill, it takes thinking about it.

The full Bill C-30, as it appears before going into committee can be found here:

An Act to enact the Investigating and Preventing

Criminal Electronic Communications Act and

to amend the Criminal Code and other Acts

If not by an overwhelming action on Social Media by a large number of Canadians this Act would have been passed as it stands. Now, at least, it has a chance of being modified so it does not hurt ordinary Canadians as much as it hurts the criminals.

This is also a wake-up call to those who are not using Social Media that they are rapidly becoming disenfranchised. This is especially so among Seniors, who were the previous target of Mr. Harper's Societal Reforms.


Michael Geist in his blog proposes some changes to the Bill to enable it to fulfill its purpose without limiting Canadian's basic freedoms:

Why a Lawful Access Compromise Can Be Found

Wednesday February 15, 2012
The launch of Bill C-30, the online surveillance legislation dubbed the Protecting Children from Internet Predators Act, went about as expected with the government taken to task with big brother imagery ("Say Hello to Big Brother Government") and criticism over the lack of evidence ("Conservatives hew to common sense save for bizarre crime fixation"), the security threats ("Online surveillance bill will be ‘a gold mine’ for hackers: Ontario..."), and the absence of a thoughtful digital vision ("Canada’s embarrassing failure on lawful access legislation"). The divisive comments from Public Safety Minister Vic Toews seemed to shape much of the dialogue, serving to ratchet up the rhetoric and overshadow both the modest changes to the bill and the legitimate remaining concerns of many Canadians.

I did a large number of interviews with print, radio (the As It Happens interview covers many of the concerns), and television (CBC, CTV, and Global) and was left wondering whether there is a compromise to be had in an environment where the Conservative majority government can obviously pass the bill but only at a significant political cost given public opinion. I may be naive, but I think it is possible.

Consider the biggest privacy concern with Bill C-30: the mandatory disclosure of subscriber information without court oversight. With ISPs and telecom companies complying with law enforcement requests roughly 95 percent of the time, at issue are a relatively small number of cases that to date have required warrants prior to any disclosure. I still think law enforcement has failed to produce a compelling series of examples where the current law has proven problematic. Further, it is not clear whether law enforcement was able to obtain the sought-after information through a warrant in the remaining five percent of cases, though anecdotal evidence suggests they typically were. Regardless, law enforcement wants greater assurances that the information will be available expeditiously in appropriate circumstances.

Bill C-30 actually addresses two significant concerns associated with this issue. First, the prior lawful access bill included a very broad list of data points that could be disclosed, raising serious security concerns and the potential for misuse (eg. the IMEI disclosure that could allow cellphone users to be tracked without a warrant). The number of data points has shrunk from 11 to six, with some of the cellphone data removed. While some of the data points still constitute potentially sensitive personal information (particularly IP and email addresses), a smaller list is better than a larger one. The decision to remove the cellphone identifiers confirms the legitimacy of privacy and civil society criticisms and reminds us that every bill benefits from scrutiny and potential reforms.

Second, with ISPs and telcos providing subscriber data without a warrant 95 percent of the time, there is a huge information disclosure issue with no reporting and no oversight. This is a major issue on its own, particularly since it is not clear whether these figures also include requests to Internet companies like Google and social media sites such as Facebook and Twitter. The RCMP alone made over 28,000 requests for customer name and address information in 2010. These requests go unreported - subscribers don't know their information has been disclosed and the ISPs and telecom companies aren't talking either. Bill C-30 would add new reporting requirements to these disclosures, which should allow for insights into what ISPs and police are doing with subscriber information.

In order to make these two reforms effective, however, two loopholes should be closed. First, the legislation should expressly prevent law enforcement from bypassing the reporting regime by continuing to voluntarily collect some of this information. Second, while the latest changes to Bill C-30 prevent police from forcing telecom companies to hand over mobile device identifiers, they will still be able to collect such identifiers using IMSI catchers. Whether telecom companies will be forced to identify customers associated with mobile device numbers acquired in this manner will depend on the regulations. This is a potential loophole that must be closed, or it will facilitate potential real-world tracking of Canadians that could lead to abuse.

The remaining issue is the inclusion of warrantless disclosure of the six data points. This strikes at a bedrock principle of privacy law and will be rightly opposed by the privacy and civil society community. Yet in talking with law enforcement, it is clear what they want is timely, guaranteed access in appropriate circumstances. They argue the current warrant system does not meet this standard nor do the current privacy rules. But what if a new warrant specific to subscriber information could be developed? Such a warrant could feature a low threshold along with rapid authorization and lower costs. For law enforcement, it would provide the access they want, while for privacy advocates it would maintain the oversight principle.

Mandatory disclosure isn't the only issue with the bill - the oversight of surveillance capabilities remains underdeveloped, the costs associated with surveillance equipment is a giant question mark, and the fears of surveillance misuse based on the experience in other jurisdictions continues to cause concern. There are also issues related to the easy access some of the new production orders provide to potentially sensitive data such as GPS data or transmission data generated during our communications. None of these issues will be easy to solve, but the starting point must surely be a moratorium on the inflammatory us vs. them rhetoric from the government which fosters alienation rather than cooperation.


Views: 44


You need to be a member of Zoomer to add comments!

Join Zoomer


Community Activity

alexander Mollison commented on alexander Mollison's group The Kitties
"ones for Monday carefree "
1 hour ago
alexander Mollison commented on alexander Mollison's group The Kitties
""one's for monday "
3 hours ago
alexander Mollison commented on alexander Mollison's group The Kitties
"Mondays kitties find hidden "one' "
3 hours ago
alexander Mollison commented on alexander Mollison's group The Kitties
" thanks for the ones for Monday, barabara? sunny here cool but at least air is fresh"
4 hours ago

© 2016   Part of the Zoomer Interactive Network.   Powered by

Badges  |  Report an Issue  |  Terms of Service

google-site-verification: googlef2bf84fe9dda65cb.html