The introduction of Bill C-13 – the “cyberbullying bill” with extensive lawful access provisions – has generated considerable discussion on its privacy implications. While many have noted that Justice Minister Peter MacKay took less than a year to retreat from the government’s commitment that “any attempts that we will continue to have to modernize the Criminal Code will not contain the measures contained in C-30”, the question will soon focus on whether the new bill contains any privacy threats in need of reform.
It is certainly true that the government has removed two of the most controversial C-30 provisions by excluding warrantless mandatory disclosure of basic subscriber information and the requirement for telecommunications service providers to build intercept capability within their systems. However, several provisions still featured in the bill are cause for concern. This post focuses on the new safe harbour protections for voluntary disclosure of personal information without a warrant. Posts to follow later this week will examine the lower thresholds for access to metadata and location information.
The Criminal Code currently states the following on the ability for law enforcement to request voluntary assistance without court oversight:
For greater certainty, no production order is necessary for a peace officer or public officer enforcing or administering this or any other Act of Parliament to ask a person to voluntarily provide to the officer documents, data or information that the person is not prohibited by law from disclosing.
Note that the provision is limited to enforcing or administering the Criminal Code or any other federal law. Now consider Bill C-13:
For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.
There is no limitation on the request being about the enforcement or administration of the Criminal Code or any other Act of Parliament. It simply opens the door to requests for voluntary assistance for any reason whatsoever.
The second part of the provision creates the incentive for the intermediary to disclose. It states:
A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so
For Internet providers and telecom companies, this amounts to powerful immunity. Those that preserve personal information or disclose it without a warrant, are immune from any criminal or civil liability (including class action lawsuits). This represents significant legal protection for intermediaries that is likely to lead to increased disclosures without court oversight. Yet even when there is court oversight for access to metadata or tracking information, the threshold is lower than for other conventional warrants as will be examined in an upcoming post.
“prohibited by law”
In the absence of this immunity provision, a successful civil or criminal case could only be successful if it could be shown that the telco released information that, in law, it should not have released. If, for example, it was a criminal offense to release the information, then the telco was “prohibited by law” from disclosing it, and the immunity has no effect. The real question, then, is what “prohibited by law” means. If a telco has contracts with its subscribers that specify that info will not be released without a court order, and the telco releases voluntarily under this provision, is the immunity available? In releasing the information, the telco violated its contract, ie a legal obligation it had not to release the information. In that circumstance, was the telco ” prohibited by law” (ie contract law) from releasing the info? Would the breach of contract cause the immunity clause to be unavailable?
Constitutionality
This provision may also be unconstitutional on division of powers grounds. If the “request” is made for a purpose other then enforcement of a federal law, then it is questionable whether the federal government has the constitutional authority to alter civil remedies.
Will a letter protect my info
So, if I write a letter to providers indicating that they are not allowed to release my information without a warrant will this allow me to sue a company if they hand it out anyway without a warrant?
UK ‘me too’ on c-13
UK Prime Minister David Cameron Announces That Filters Used to Block Porn Will Also Block Websites Espousing “Extremist” Views in Order “to Keep Our Country Safe”
http://www.publications.parliament.uk/pa/cm201314/cmhansrd/cm131023/debtext/131023-0001.htm#13102356000002
repeat
again, the info caught will be used in political and corperate interests.
above the law, books one+two.
a handy anaolgy is how often montreal port officals get busted for nefarious activities.
pat donovan
“If a telco has contracts with its subscribers that specify that info will not be released without a court order, and the telco releases voluntarily under this provision, is the immunity available? In releasing the information, the telco violated its contract, ie a legal obligation it had not to release the information. In that circumstance, was the telco “prohibited by law” (ie contract law) from releasing the info? Would the breach of contract cause the immunity clause to be unavailable?”
Unconstitutional? Let’s hope not. There are thousands of firms registered in Canada which are fronts for foreign industrial intelligence agencies and (more obviously) organized crime. The notion that a contract obligation with, for example, Huawai Networks should trump the voluntary willingness of a Canadian telco to cooperate with federal industrial counterintelligence strategy would be… terrifyingly Canadian. Why shouldn’t a firm judge for itself whether its contractual parties have, globally speaking, credible corporate citizenship as adherents to principles of democratic rule of law? And why shouldn’t a Canadian firm be empowered to put its trust in its home government if it so desires? This interpretation suggests that all Russian and Chinese fronts should need to enlist our own civil courts in their evasion of CSIS or CSEC is a good NDA.
One couldn’t ask for a more vivid – and extreme – illustration of how much more legitimacy today’s Civil Libertarians assign private property over the public interest …even in the constitutional abstract.
No trust policy
Although the government likes to let us think we have constitutional rights, we do not. This is apparent since it is them breaking the law against us. As for any agreement/contract, my Telco is Koodo which is actually Telus and I asked them about this when I signed the contract and I also tried to elude giving any personal info to get the contract.
They have my drivers license number, address, name, age, and asked for my SIN which I told them “No, you are not allowed to ask for it.” and still he lied straight to my face that Koodo was not a part of Telus. I told him “I know it is Telus and that he is a fucking liar.” Anyway, I told him also that I do not trust Telus and Koodo, alias corporation with any of my information since he just finished lying to me. Now I am told that this GOOF, Peter McKay has my information along with my phone records allegedly from him simply asking for them from my “liar” phone company who will lie to me again about them passing my info around.
Little would they find from those calls. Basically, they are the elite and have been trying to make a blacklist to pick and choose who they will put out of commission. They aren’t trying to sell time shares here.
The global purge of those who don’t like them has started. Look at what happened in Syria and Iraq alone. It is about keeping us slaves. Uncooperative slaves get killed. G’night.
MR
for all of us who are not lawyers what the hell does all the above actually mean?