Canadian Law Enforcement Asking For ISP Subscriber Data Every 27 Seconds; Pending Legislation Looking To Up That Number

from the whatever-they-don't-get-will-make-a-stop-in-the-US dept

Canada's image as the The Most Polite Nation In The World would seem to be a front that masks a malignant nastiness under the surface. If these numbers are to be believed, Canada is little more than a criminal organization masquerading as a constitutional monarchy.

Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant)...

According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher.

Every 27 seconds. And that number is two years out of date. If Canada is anything like the USA, these requests have increased at a pace far exceeding the birth rate. And much like the US, most of the information is gathered without a warrant or government oversight.

Canadian ISPs are "free" to turn down warrantless requests, but turning down law enforcement isn't as easy as some people would make it appear. (These "people" are those that argue for the surveillance state by saying, "X can always challenge the request," as if that were actually a viable option.) No one wants to be facing additional scrutiny from aggrieved entities who were asked to go come back with a signed order.

The correspondence also confirms that the telecom providers were concerned about how the government and law enforcement would react to public disclosures. In one email, Bell says that "we are walking a delicate line between supporting privacy and not antagonizing Public Safety/LEAs [law enforcement agencies], so the materials will be pretty factual, not much commentary."

Plus, the ISPs charge a fee to retrieve subscriber information, which probably doesn't generate a ton of income, but doesn't hurt the bottom line either.

As Michael Geist notes, there's been some pushback from ISPs, but that push hasn't made much headway. And proposed legislation will only make things worse. Two bills headed to committee both ask for the same thing: an expansion of warrantless disclosure -- one under the unintentionally ironic title of "Digital Privacy Act."

So, there's already plenty of data being grabbed by local entities. Now, there's also a good chance that peering issues are pushing Canadian data through American pipes -- which would put this right into the hands of the NSA, FBI, etc. A study on Canadian ISP transparency found that a sizable portion of Canadian internet traffic makes a hop across the border.

About routing, the report states: “Fewer than half (8/20) of the ISP privacy policies refer to the location and jurisdiction for the information they store. Only one (Hurricane) gives an indication of where it routes customer data and none make explicit that they may route data via the US where it is subject to NSA surveillance”.

“Boomerang” routing – where data leaves Canada, traverses US networks (who might choose to ignore PIPEDA) and returns to Canada – accounts for as much as 25 per cent of traffic, the report states. The report claims that traffic traversing the US is “almost certainly subject to NSA surveillance”.

Just as disappointing, not a single one of Canada's ISPs scored a passing grade on transparency. The highest score belonged to Teksavvy, which scored 3.5… out of 10. Unsurprisingly, smaller, newer ISPs scored higher than the incumbents, but when the high score doesn't even hit the 50% mark, it's not much of a victory. The authors found that not a single Canadian ISP fully complied with the Personal Information Protection and Electronic Documents Act (PIPEDA). In fact, only slightly more than half had even made a "commitment" to following the act's stipulations.

Much like the US, the largest ISPs are overly compliant with national security and law enforcement agencies, often going above what's asked in order to more quickly facilitate requests. Geist notes that one of Canada's largest ISPs, Bell, has assembled a database specifically to give law enforcement instant access to the information of thousands of subscribers. Inbound legislation, if unchanged, will only encourage more cooperation like Bell's, if only to free up company employees from fulfilling thousands of requests. It's the users who remain cut out of this loop, even though it's their data everyone wants.

Filed Under: canada, customer info, information requests, isps, law enforcement, privacy

Microsoft Releases Details Of Law Enforcement Requests

from the good-move dept

Kudos to Microsoft for joining companies like Google and Twitter in releasing transparency reports about government/law enforcement requests for information. On Thursday, Microsoft released data on law enforcement requests from 2012. The report covers requests for pretty much all of Microsoft's key online services, including Hotmail/Outlook, SkyDrive, XBox Live, Office 365 and even Skype. Microsoft has actually gone a step further than others in some areas, such as separating out which law enforcement requests involved sharing "customer content" data (such as images or email subject lines) vs. those that shared "non-content" data (such as identifying information).

Because of this distinction, Microsoft points out how rarely it ends up giving law enforcement customer content, noting it happened in only 2.1% of cases (1,558 requests). Nearly all of those requests came from the US government. The only non-US requests that resulted in the sharing of customer content were 14 disclosures given to Brazil, Ireland, Canada and New Zealand.

As for non-content information (i.e., identifying info), Microsoft disclosed that information 56,388 times (excluding Skype, which reported its data separately due to differences in the way they recorded data -- something that is being standardized). The top countries getting such info were the US, UK, Turkey, Germany and France. Turkey seems a bit surprising there. As for Skype, the top requests were from the UK, US, Germany, France and Taiwan. Microsoft also delivered no information at all 18% of the time, either because the company rejected the request or because no info was found, though they apparently don't break down the difference there.

Like Google, Microsoft also revealed how many National Security Letters it received, using a format nearly identical to the way Google released its data not too long ago: It's good to see Microsoft following in the footsteps of Google and Twitter in providing this kind of transparency. Hopefully we'll see even more companies follow as well.

Filed Under: information requests, nsls, privacy, transparency
Companies: microsoft, skype

Google Releases Stats On Country Info & Takedown Requests; Leaves Us Wanting More

from the transparency-is-good dept

Google's getting some attention for its decision to launch a tool highlighting the information requests made by various governments to Google, either to gather information or to take down certain content. According to Google, this is a part of its efforts to try to keep the internet more open, as seen by its decision to leave China and its pushing back on Australia's attempts at censorship. Of course, many will claim that this is just self-serving on Google's part, since it's better off with a more open internet -- but that doesn't mean the initiative is a bad idea.

Still, it's not clear really how much there is to learn from this tool. Basically, we see that Brazil requests a lot of information and takedowns -- and the US requests an awful lot of info. And... well.. then we're left wondering. The tool does breakdown the nature of the removal requests, but not in very much detail. And it doesn't do that for the data requests. So, really, all this tool does is leave us wondering what exactly is being requested and/or taken down. Perhaps that's the point of the tool: to get people to ask more questions, but it seems like Google could have done a bit more to highlight that kind of information as well.

Separately, in its op-ed about the new program, Google also suggests that the best tool for encouraging a decrease in repressive governments is through better free trade agreements. If only that were the case. Real free trade agreements can increase openness tremendously, but lately the sorts of "free trade agreements" we've seen have been things like ACTA -- which is not at all about openness, and very much about using the same repressive tools used by China to try to block forms of communication.

It's good that Google is encouraging some discussion on this topic, and perhaps this is the point of the limited tool, but looking through it seems to simply open up a lot more questions than it answers.

Filed Under: data, governments, information requests, maps
Companies: google