It’s time to admit that mere transparency isn’t enough, and that every decision to censor content is a political decision. Companies should act accordingly. They must carefully consider the long-term effects of complying with requests, and take a stand when those requests run counter to human rights principles. The more we accept everyday censorship, the more of it there seems to be, and before we know it, the window of acceptable information will only be open a crack.
The Citizen Lab and CIPPIC are releasing a report, Gone Opaque? An Analysis of Hypothetical IMSI Catcher Overuse in Canada, which examines the use of devices that are commonly referred to as ‘cell site simulators’, ‘IMSI Catchers’, ‘Digital Analyzers’, or ‘Mobile Device Identifiers’, and under brand names such as ‘Stingray’, DRTBOX, and ‘Hailstorm’. IMSI Catchers are a class of of surveillance devices used by Canadian state agencies. They enable state agencies to intercept communications from mobile devices and are principally used to identify otherwise anonymous individuals associated with a mobile device and track them.
Though these devices are not new, the ubiquity of contemporary mobile devices, coupled with the decreasing costs of IMSI Catchers themselves, has led to an increase in the frequency and scope of these devices’ use. Their intrusive nature, as combined with surreptitious and uncontrolled uses, pose an insidious threat to privacy.
This report investigates the surveillance capabilities of IMSI Catchers, efforts by states to prevent information relating to IMSI Catchers from entering the public record, and the legal and policy frameworks that govern the use of these devices. The report principally focuses on Canadian agencies but, to do so, draws comparative examples from other jurisdictions. The report concludes with a series of recommended transparency and control mechanisms that are designed to properly contain the use of the devices and temper their more intrusive features.
I’m not going to lie: after working on this with my colleague, Tamir Israel, for 12 months it was absolutely amazing to publicly release this report. What started as a 1,500 word blog post meant to put defense lawyers on notice of some new legislation transmogrified into a 130 page report that is the most comprehensive legal analysis of these devices that’s been done to date. It’s going to be interesting to see what the effects of it are for cases currently being litigated in Canada and around the world!
Over the longer term, it’s likely that personal or sensitive data will continue to be hacked and released, and often for political purposes. This in turn raises a set of questions that we should all consider, related to all the traditional questions of openness and accountability. Weaponized transparency of private data of people in democratic institutions by unaccountable entities is destructive to our political norms, and to an open, discursive politics.
Weaponized transparency, especially when it affects the lives of ordinary persons who take an interest in the political process, is dangerous for a range of reasons. And responsible journalists – to say nothing of publishers such as Wikileaks – ought to be condemned when they fail to adequately protect the private interests of such ordinary persons.
Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, said Rogers’ commitment to regularly releasing such data is commendable. Yet, he argued the company could go even further with certain aspects of its report, such as including information about when it discloses to customers that a law enforcement request has been made.
He noted that authorities are required to notify individuals who have been subject to wiretap requests or any intercept of live information. However, he said requests for stored data do not trigger a statutory requirement to inform the person that they were under investigation and unless the information is introduced in a court proceeding, they would never know.
“Rogers could advance the privacy discussion in Canada that much more by trying to push government and law enforcement agencies to let the company disclose that their customers were subject to a request,” Mr. Parsons said.
In recent years, civil liberty advocates, journalists and Canada’s privacy watchdog have repeatedly sought details on the frequency with which telecom companies hand over data to police officers.
Not all are convinced that the 80-95 per cent estimate is accurate.
“How exactly did they derive such high numbers? What is the methodology?” asks Chris Parsons, a post-doctoral fellow at Citizen Lab, an academic unit at the University of Toronto’s Munk School of Global Affairs.
“If it is sound, that indicates an incredibly high rate, assuming that all crimes or all investigations are some way linked with telecommunications data.”
Last year, TekSavvy, Rogers and Telus became the first telecommunications companies to release transparency reports — following in the footsteps of their U.S. counterparts and spurred to action by a questionnaire sent by a group of academics led by Parsons. Bell Canada was alone among the large telcos not to issue a report.
Previously released government documents suggested that Public Safety officials worried that the firms might divulge “sensitive operational details” in their reports.
The federal department sought advice on whether any potential legal issues might exist around the disclosure of how telecommunication companies interacted with police, the newly released ministerial briefing says.
“If I were being very charitable, it could be a way to assuage the concerns that ISPs [internet service providers] may have had,” said Parsons. “Less charitably, it could also mean that Public Safety was interested in seeing if there was a way to prevent the reports from coming out.”
Many internet and phone service providers cited potential legal issues — along with a litany of other reasons — as why they failed to disclose any figures.
Telecommunications companies across Canada have begun to release transparency reports to explain what data the companies collect, what data they retain and for how long, and to whom that data is, or has been, disclosed to. This article evaluates the extent to which Canadian telecommunications companies’ transparency reports respond to a set of public policy goals, namely: of contextualizing information about government surveillance actions, of legitimizing the corporate disclosure of data about government-mandated surveillance actions, and of deflecting or responding to telecommunications subscribers’ concerns about how their data is shared between companies and the government. In effect, have the reports been effective in achieving the aforementioned goals or have they just having the effect of generating press attention?
After discussing the importance of transparency reports generally, and the specificities of the Canadian reports released in 2014, I argue that companies must standardize their reports across the industry and must also publish their lawful intercept handbooks for the reports to be more effective. Ultimately, citizens will only understand the full significance of the data published in telecommunications companies’ transparency when the current data contained in transparency reports is be contextualized by the amount of data that each type of request can provide to government agencies and the corporate policies dictating the terms under which such requests are made and complied with.
Summary: States should be transparent about the use and scope of Communications Surveillance laws, regulations, activities, powers, or authorities.
Hero: Doctor Christopher Parsons
Doctor Parsons has actively pushed Canada’s leading Telecommunications Services Providers to disclose how, why, and how often they provide subscriber information to state agencies. Based on their responses, Dr. Parsons offered comprehensive recommendations on how companies could improve public transparency.
Villain: Secretary Jeremy Heywood
Under the authority of UK Prime Minister David Cameron, Mr. Heywood ordered the Guardian to destroy documents regarding surveillance activities of the NSA and GCHQ. The hard drives were “pulverized” in the basement of the newspaper’s London offices. Notably, the Guardian has stated that all documents related to its reporting on these matters are stored in other offices.
It remains amazing – and an absolute honour – to be listed as a hero alongside Edward Snowden, Navi Pillay (former UN High Commissioner), Sen. Ron Wyden, Dilma Rousseff, amongst a host of others.
Also: I guess I have something to talk about next time I run into a member of the British Cabinet?