Link

Rogers reports sharp drop in police demands for customer data

Rogers reports sharp drop in police demands for customer data:

Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, said Rogers’ commitment to regularly releasing such data is commendable. Yet, he argued the company could go even further with certain aspects of its report, such as including information about when it discloses to customers that a law enforcement request has been made.

He noted that authorities are required to notify individuals who have been subject to wiretap requests or any intercept of live information. However, he said requests for stored data do not trigger a statutory requirement to inform the person that they were under investigation and unless the information is introduced in a court proceeding, they would never know.

“Rogers could advance the privacy discussion in Canada that much more by trying to push government and law enforcement agencies to let the company disclose that their customers were subject to a request,” Mr. Parsons said.

 

Link

Police asked telcos for client data in over 80% of criminal probes

Police asked telcos for client data in over 80% of criminal probes:

In recent years, civil liberty advocates, journalists and Canada’s privacy watchdog have repeatedly sought details on the frequency with which telecom companies hand over data to police officers.

Not all are convinced that the 80-95 per cent estimate is accurate.

“How exactly did they derive such high numbers? What is the methodology?” asks Chris Parsons, a post-doctoral fellow at Citizen Lab, an academic unit at the University of Toronto’s Munk School of Global Affairs.

“If it is sound, that indicates an incredibly high rate, assuming that all crimes or all investigations are some way linked with telecommunications data.”

Last year, TekSavvy, Rogers and Telus became the first telecommunications companies to release transparency reports — following in the footsteps of their U.S. counterparts and spurred to action by a questionnaire sent by a group of academics led by Parsons. Bell Canada was alone among the large telcos not to issue a report.

Previously released government documents suggested that Public Safety officials worried that the firms might divulge “sensitive operational details” in their reports.

The federal department sought advice on whether any potential legal issues might exist around the disclosure of how telecommunication companies interacted with police, the newly released ministerial briefing says.

“If I were being very charitable, it could be a way to assuage the concerns that ISPs [internet service providers] may have had,” said Parsons. “Less charitably, it could also mean that Public Safety was interested in seeing if there was a way to prevent the reports from coming out.”

Many internet and phone service providers cited potential legal issues — along with a litany of other reasons — as why they failed to disclose any figures.

 

Link

Evening Brief: Tuesday, May 26, 2015

Evening Brief: Tuesday, May 26, 2015:

A new report from Citizen Lab at the Munk School says “Canadian telecommunications providers have been handing over vast amounts of customer information to law enforcement and government departments and agencies with little transparency or oversight,” reports CBC. “We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly,” says the report. “Access to our private communications is incredibly sensitive,” said Christopher Parsons, lead author of the study and a postdoctoral researcher at Citizen Lab.

Link

Mapping The Canadian Government’s Telecommunications Surveillance

Mapping The Canadian Government’s Telecommunications Surveillance:

What:

Canadian federal government agencies, like many government agencies around the world, often request user data from telecommunications agencies for the purpose of surveillance. With few regulations in place that force governments or corporations to explain how Canadians’ telecommunications information is accessed or processed, the Citizen Lab along with its’ partners, worked over the course of a year to compile and disseminate lawfully accessible data that showed how often, for what reasons, and on what legal grounds telecommunications companies in Canada provided their subscribers’ data to state agencies.

The Electronic Frontier Foundation has a series of Counter-Surveillance Success Stories and my work over the past year’s been recognized in the stories. It’s really exceptional the excellent work that people are doing all around the world – you should check them all out!

Link

Poor record of fed requests to telecom companies for Canadians’ data

Poor record of fed requests to telecom companies for Canadians’ data:

Many law-enforcement agencies do not track requests for private information, making the system vulnerable to abuse

“Many departments say they don’t have the information and say they don’t keep track of these things,” said NDP MP Charmaine Borg, whose questions led to the release of response documents. “… And if that is the case, that brings up to me a huge problem. How are we supposed to ensure there are no abuses, and that government agencies are making these requests within very extreme circumstances, when they don’t even keep track of when they’re making them?”

Christopher Parsons, a postdoctoral fellow at the Citizen Lab of the University of Toronto’s Munk School of Global Affairs, said non-federal agencies, such as police forces, are also seeking data. “Even if we got good numbers from all the federal government, there is a huge, huge part of the surveillance iceberg that’s yet to be seen,” he said.

It’s important to keep in mind that much of the attention concerning government surveillance has been about how federal agencies access telecommunications data, and how proposed lawful access legislation would extend and expand such access. While this attention is deserved there is an entirely different set of actors that have yet to be examined in any sustained way: provincial agencies and municipal organizations.

Link

Canadian ISPs Won’t Tell You Much About Your Own Data

Canadian ISPs Won’t Tell You Much About Your Own Data:

Ever wondered how long your telecom provider retains your user data? Or if law enforcement has requested your records?

This “Access My Info” tool was launched in June, and now, responses have started to trickle back in.

“We’re starting to be able to compare and contrast some of the larger company’s responses,” Parsons said.

Using either Parsons’ form letter, or the AMI tool, subscribers can request that their telecom providers clarify the types of data they collect, tell them how long they retain such data, provide copies of relevant records, and whether their information has been disclosed to law enforcement or government agencies. But perhaps unsurprisingly, policies and practices tend to differ from one provider to the next.

“I think that the letters from TekSavvy are comprehensive. They’re not trying to play games,” Parsons said, referring to the responses sent out by one of Canada’s smaller  internet service providers. “They’re actually taking seriously the questions that individuals are making and not trying to blow them off. That stands in variance with, I would say, almost every other member of the industry.”

Parsons said that in other responses, “the detail that is present, or is more often the case, absent, is really quite breathtaking. The only thing I have from Bell is a one page sheet that’s almost worse than useless. It almost doesn’t respond to the customer’s question.”

Parsons told me that discerning how long certain types of data are retained has proven particularly hard, for example.

“Retention schedules matter. How long you store data should not be a top secret corporate secret, because it’s about citizens,” said Parsons. ”Here we’re talking about basic, basic, basic privacy information. How long do you store information about me? None of these companies aside from TekSavvy have tried to comprehensively respond to that question.“

This is a detailed piece by Matt Braga, and one that I’d highly recommend if you’re interested what the Telecom Transparency Project has (and hasn’t) learned about Canadian telecommunications companies’ data retention schedules.

Link

Telus joins transparency push by sharing demands for customer info

Telus joins transparency push by sharing demands for customer info :

TELUS is to be congratulated for following through on their promise to release a transparency, report, as well as for committing to publishing future reports. At this point, two of the largest telecom in Canada (Rogers and TELUS) along with a leading independent telecom (TekSavvy) have released transparency reports: where’s Bell and all the smaller companies?