Lawful access ‘one of the greatest threats to privacy,’ says watchdog

Initiatives to provide law enforcement agents greater powers to access and track personal individual information may have suffered a set back early this year, but Ontario’s information and privacy commissioner said today that vigilance is needed to protect individual rights.

Bill C-30, “represents one of the most invasive threats to our privacy and freedom that I have encountered in 25 years of my career,” said Dr. Ann Cavoukian, Ontario’s Information and Privacy commissioner.

“Although the prime minister has signalled his openness to amend the bill, we must not let our guard down – we must remain ever vigilant to safeguard our privacy, the underpinning of freedom and liberty,” she said.

Lawful access examples abroad: spending, abuse, few benefits

“Proponents of the bill are calling it lawful access, which it is anything but,” said Cavoukian. “I was personally taken aback to learn that one of the greatest threats to privacy rights is happening right here in Canada.”

Cavoukian spoke today at the Ontario Legislature where she released her office’s 2011 Annual Report, titled Access and Privacy, Ever Vigilant.

Under current laws, ISPs can voluntarily release customer information to the authorities. However, they are only required to do so if they are served a warrant for it.

Bill C-30 demands mandatory disclosure of name, address, telephone number, e-mail address, IP address, and local service provider without a warrant being presented.

Numerous privacy advocates have demanded that checks and balances and legislative oversights are needed in order to make the proposed law work.

For instance, University of Ottawa
 Internet law professor Michael Geist  has proposed that the following 12 measures be undertaken to amend Bill C-30.

  • Evidence, Evidence, Evidence
  • No Mandatory Warrantless Access to Subscriber Information
  • Reporting Warrantless Disclosure of Subscriber Information
  • Remove the Disclosure Gag Order
  • “Voluntary” Warrantless Data Preservation and Production
  • Government Installation of Surveillance Equipment
  • Reconsider the Internet Provider Regulatory Framework
  • Improve Lawful Access Oversight
  • Limit the Law to Serious Crimes
  • Come Clean on Costs
  • The Missing Regulations
  • Deal With The Failure of Privacy Laws To Keep Pace

“The starting point must be to shift the onus to law enforcement to provide compelling evidence that its current investigative powers are insufficient (that is not the same as saying access to subscriber data is valuable),” he said in his blog.

There has also been push back from businesses and Internet service providers who are worried that they would have to bear the burden of financing the surveillance systems and tools demanded by the legislation.

The online surveillance bill could cost $80 million to implement over the next few years, according to one report, and Internet service providers still aren’t clear how much of the bill they’ll be footing.

“We just don’t have the tools in place at this point to manage that type of information collection,” Tom Copeland, chairman of the Canadian Association of Internet Providers (CAIP), told ITBusiness.ca.

Copeland said the ISP he owns, Eagle.ca of Cobourg, Ont., would have to install hardware tools to deal with multiple data streams and separate the data of individual clients from one another.

Officials with Public Safety Canada, the federal ministry overseeing the legislation, revealed it could cost $20 million per year over the next four years to implement Bill C-30.

Today, Cavoukian expressed worry that responsibility for monitoring compliance would be downloaded onto her office.

“This bill will expand the mandate of my office to a capacity that it does not have the funding to handle,” she told reporters during a press conference.

“We will need additional auditors and additional equipment. I lack the personnel and I do not wish to have them if this is what they will do,” she said.

Share on LinkedIn Share with Google+