In the midst of all this, CIPPIC (Canadian Internet Policy and Public Interest Clinic) posted a detailed analysis
of what Lawful Access is.
Looking back to the recent announcement, the new face of the surveillance bill is under the name Bill C-416
. The bill was introduced by Marlene Jennings and is also known as MITA (The Modernization of Investigative Techniques Act).
In the act, "Telecommunications service providers, in connection with the interception of a communication, shall, in accordance with any regulations, have the capability to do — and, when requested to do so by an authorized person or by that person’s authority [...] provide the intercepted communication to the authorized person."
Furthermore, "The operational requirements in respect of transmission apparatus are that the telecommunications service provider operating the apparatus have the capability, in accordance with any regulations, to do the following:
(a) enable the interception of communications generated by or transmitted through the apparatus to or from any temporary or permanent user of the provider’s telecommunications services;
(b) isolate the communication that is authorized to be intercepted from other information and provide the intercepted communication to authorized persons, including
(i) isolating the communications of the person whose communications are authorized to be intercepted from those of other persons, and
(ii) isolating the transmission data of the person whose communications are authorized to be intercepted from the rest of the person’s communications;
(c) provide information that permits the accurate correlation of all elements of intercepted communications; and
(d) enable simultaneous interceptions by authorized persons from multiple national security and law enforcement agencies of communications of multiple users, including enabling
(i) at least the minimum number of those interceptions, and
(ii) any greater number of those interceptions — up to the maximum number and within the time provided for in the regulations — for the period that an agency requests in accordance with any regulations."
Some may remember Telus explaining to CRIA (Canadian Recording Industry Association) during the first case in Canada where CRIA attempted to sue alleged copyright infringers that it requires a certain amount of manpower and money to execute any search through logs that would incriminate a user who was accused of uploading copyrighted material. In essence, Telus said that it would only hand over any evidence if CRIA paid the costs of retrieving the data. It seems that MITA also covered this as well. The act says, "The Minister shall pay the telecommunications service provider an amount that the Minister considers reasonable towards the prescribed expenses that the Minister considers are necessary for the service provider to incur initially to comply with an order made."
So where exactly does this information go? The act states, "Every telecommunications service provider shall, in accordance with the regulations, provide to a person designated [...] on his or her written request, any information in the service provider’s possession or control respecting the name and address of any subscriber to any of the service provider’s telecommunications services and respecting any other identifiers associated with the subscriber. [...] A designated person shall ensure that he or she makes a request under subsection (1) only in performing, as the case may be, a duty or function
(a) of the Canadian Security Intelligence Service under the Canadian Security Intelligence Service Act;
(b) of a police service, including any related to the enforcement of any laws of Canada, of a province or of a foreign jurisdiction; or
(c) of the Commissioner of Competition under the Competition Act.
[...]The Commissioner of the Royal Canadian Mounted Police, the Director of the Canadian Security Intelligence Service, the Commissioner of Competition and the chief or head of a police service constituted under the laws of a province may designate for the purposes of this section any employee of his or her agency, or a class of such employees, whose duties are related to protecting national security or to law enforcement."
So in essence, the act clearly states that all the personal information collected from internet subscribers would be handed over to the RCMP (Royal Canadian Mounted Police).
The act also describes on when an "authorized person" can retrieve such information. "A police officer may request a telecommunications service provider to provide to [...] the officer believes on reasonable grounds that the information requested is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property; and [...] the information directly concerns either the person who would perform the act that is likely to cause the harm or is the victim, or intended victim, of the harm. [...] The telecommunications service provider shall provide the information to the police officer as if the request were made by a designated person."
So essentially, the worry is that warrantless surveillance, judging by the language of the act, based on suspicion on "reasonable grounds", is enough to obtain subscriber information. In addition, the bill describes what information can be obtained: "A telecommunications service provider shall, on the request of a police officer or of an employee of the Royal Canadian Mounted Police or the Canadian Security Intelligence Service,
(a) provide the prescribed information relating to the service provider’s telecommunications facilities;
(b) indicate what telecommunications services the service provider offers to subscribers; and
(c) provide the name, address and telephone number of any telecommunications service providers from whom the service provider obtains or to whom the service provider provides telecommunications services, if the service provider has that information."
Michael Geist also made note
of this introduction.