Yahoo May Have Exposed Rogers Customer Emails to US Spies


“Any program that scans all the mail that Yahoo has access to would have scanned this email,” Gillmor wrote me in a message.

“If Yahoo chose to segment their scanning by limiting it only to mails that have ‘’ email addresses [and omitted those sent from], of course, then they would have chosen to exclude this email from the scan,” Gillmor continued. “It’s not clear to me whether any such constraint was in place, though.”

“I’d imagine that, yes, the program would have applied to Rogers customer emails, unless Yahoo elected to specifically exclude them,” wrote Marczak in an email.

Yahoo declined to comment on whether the alleged system filtered out emails from Rogers customers.

Tobi Cohen, a spokesperson for the Office of the Privacy Commissioner, confirmed that Rogers consulted the office in the wake of the Yahoo hack. But as far as the possibility that Rogers customer emails had been siphoned into a surveillance dragnet goes, “Given we don’t have detailed information about the matter, we are not in a position to comment,” Cohen wrote.

When asked if Rogers was aware of the allegations against Yahoo or if the company is concerned that a backdoor could have affected its customers, spokesperson Garas referred me to Yahoo’s statement and wrote that “as such, we believe this matter is closed.”

Great to know that Rogers thinks it shouldn’t (or, worse, doesn’t have to) explain how one of its contracted service providers may have grossly violated the privacy of Rogers’ customers.


Rogers reports sharp drop in police demands for customer data

Rogers reports sharp drop in police demands for customer data:

Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, said Rogers’ commitment to regularly releasing such data is commendable. Yet, he argued the company could go even further with certain aspects of its report, such as including information about when it discloses to customers that a law enforcement request has been made.

He noted that authorities are required to notify individuals who have been subject to wiretap requests or any intercept of live information. However, he said requests for stored data do not trigger a statutory requirement to inform the person that they were under investigation and unless the information is introduced in a court proceeding, they would never know.

“Rogers could advance the privacy discussion in Canada that much more by trying to push government and law enforcement agencies to let the company disclose that their customers were subject to a request,” Mr. Parsons said.



Rogers sheds new light on what personal data spy agencies can get

Rogers sheds new light on what personal data spy agencies can get:

Comments yield insights into a largely hidden relationship between intelligence agencies and communications corporations Federal spy agencies are, like police, “obviously going to have to get a lot more production orders than they did in the past,” one of Canada’s Big Three communications companies says.

And while Ottawa’s agents had been getting warrantless access to some corporately held records, “we have not opened up our metadata to the government as apparently has happened in the U.S.”

Rogers Communications’ vice-president of regulatory affairs, Ken Engelhart, made these and other remarks about his company’s relationships with federal intelligence-agencies, as he spoke to The Globe’s Christine Dobby about corporate transparency in an interview this week.

Such remarks, not published until now, are important because they yield some insights into a largely hidden relationship between intelligence agencies and communications corporations.

But even as Rogers is now publicizing its bona fides as a telecom company that acts more openly than most, it is privately admitting to customers that it can face federal gag orders.

“We are unable to confirm with a customer when their information has been disclosed to a government institution… where that institution has refused to allow Rogers to disclose that information,” reads one such July 10 letter obtained by The Globe and Mail from privacy researcher Christopher Parsons, of University of Toronto’s Citizen Lab.

That Rogers is, in essence, playing a game of Catch-22 (if we told you we didn’t disclose your information, then others could see if they got a different response and learn we had disclosed their information, therefore we can’t tell anyone if we disclosed their information) is absurd. As is their refusal to provide basic records to their subscribers.


Teksavvy and Rogers publish transparency reports highlighting the extent of government data requests

Teksavvy and Rogers publish transparency reports highlighting the extent of government data requests:

Third-party internet provider Teksavvy and Rogers, one of the largest ISPs in Canada, have published the first Canadian telecommunications transparency reports.

Both Teksavvy and Rogers have released documents detailing the subscriber information both companies have released to police and spy agencies over the last few years. Teksavvy disclosed their transparency report first and then Rogers followed soon after.



Telecom giant Rogers got 175,000 info requests from government

Telecom giant Rogers got 175,000 info requests from government:

Rogers is the first major Canadian telecommunications company to issue a so-called transparency report on co-operation with law enforcement.

However, one of Canada’s smaller telecommunications companies, Teksavvy, issued a similar report yesterday in response to a request from University of Toronto researchers. Its report revealed that it received just 52 requests from government and law enforcement agencies in 2012 and 2013. It said it complied with a third of the requests and denied the rest.

The releases come as civil libertarians and privacy advocates urge companies and governments to be more forthcoming about when and how customer data is shared.

A study by University of Toronto researchers recently gave low marks to Canada’s internet service providers about how they handle customer information — including whether they routinely give personal data to spy agencies.

Rogers says it does not allow agencies direct access to its customer databases, nor does it hand over metadata — the routing codes and other data about emails and calls — without a warrant.

“We only provide the information we are required to provide and this information is retrieved by our staff.”



Rogers opens curtain on warrantless government snooping

Rogers opens curtain on warrantless government snooping:

OTTAWA—Rogers Communications gave Canadians their first real peek behind the curtain of warrantless government snooping Thursday, revealing they were asked almost 175,000 times for their customers’ data in 2013.

Rogers became the first major Canadian telecommunications provider to issue a transparency report, revealing aggregate numbers on how many law enforcement requests they receive in a year.

More telecom and Internet service providers are expected to follow suit, as Canadian customers learn more about the scope of government access to their personal data.



Rogers got 175,000 official requests for customer info last year

Rogers got 175,000 official requests for customer info last year:

An informal coalition — including The University of Toronto’s Citizen Lab, academics and civil liberties organizations — said in March that Canadians have only a vague understanding of how, why, and how often companies have disclosed information to government agencies.

This week the coalition received an updated response from Internet provider TekSavvy Solutions — one of Rogers’ smaller competitors — saying it received 52 requests from government authorities in 2012 and 2013. It made 17 disclosures related to criminal investigations and denied the remaining 35.

Christopher Parsons, a postdoctoral fellow with The Citizen Lab, said the Rogers and TekSavvy reports are “positive steps in the right direction.”

He singled out TekSavvy’s response as “the gold standard” for company transparency on handling of subscriber information due to the extensive detail in its report.

“The bar has now been set: transparency reports are expected when doing business in Canada,” Parsons said.

“There’s only a question of how long until other companies adhere to what is becoming an industry best practice in Canada.”



Rogers, TekSavvy first to divulge customer data requests (Subscription)

Rogers, TekSavvy first to divulge customer data requests (Subscription):

As reported, a coalition of Canadian academics and consumer groups asked the country’s biggest telecommunications service providers in January to reveal the extent to which they pass on their customers’ private information to government agencies when asked. Sixteen different telcos were asked to respond or commit to responding by March 3, 2014.

When contacted by, Telus said it is preparing a transparency report and plans to issue it this summer. A spokesperson reiterated that the company only provides confidential customer information to third parties pursuant to valid court orders or other applicable law, and that it contests orders if it believes they “overreach”.

Bell responded to, but did not specify whether it would issue a transparency report. “Bell releases information to law enforcement agencies only when required by law and always in compliance with federal privacy and CRTC regulations”, reads the spokesperson’s emailed response.


In shadow of NSA revelations, Rogers, TekSavvy open up on government data requests

In shadow of NSA revelations, Rogers, TekSavvy open up on government data requests:

In the wake of blockbuster revelations by former NSA contractor Edward Snowden, Canada’s telecommunications companies are starting to pull back the curtains on their relationships with government authorities around the sharing of customer information.

Rogers Communications Inc. on Thursday released what it called its 2013 Transparency Report, a brief four-page document detailing the number and types of requests the company has received, and the legal framework governing its response.

The Rogers report comes on the heels of similar disclosure from independent communications provider TekSavvy Solutions Inc. Other providers are expected to follow suit later this year.