FYI.

This story is over 5 years old.

Tech

The Canadian Government Just Got Sued For Warrantless Data Collection

And the applicants have a pretty good case already.

The unpopular Canadian privacy legislation letting internet service providers fork over user data to the feds without a warrant is officially being challenged in court.

The Canadian Civil Liberties Association and the Citizen Lab’s Chris Parsons just announced they’re suing the crown in the Ontario Superior Court. Challenging sections of the Personal Information Protection and Electronic Documents Act (PIPEDA), the applicants demand it be struck down as unconstitutional.

Advertisement

“Government institutions [have] access to personal information from telecommunications companies and internet service providers on a massive scale, and CCLA believes the law is overly broad and violates fundamental rights,” says a statement on their site.

Motherboard previously reported how the Act already allows Canadian law enforcement agencies access to an unlimited trove of personal information—and to obtain it, all they have to do is pick up a phone and call your ISP—no written request required. In the same report, three different lawyers say their clients’ telecom providers handed their user data to agencies like CSEC and CSIS, completely without a warrant.

PIPEDA regulates voluntary disclosure of user data by telecommunications companies. Under its auspices, the bar is low to justify a data request: All law enforcement needs for proof is the data is required for conducting an investigation and those requests can be paperless.

“CCLA believes that our current privacy legislation, PIPEDA,  has not kept pace with modern technology, because it enables too much information sharing by the private sector to government, and that it may have significant and adverse impacts on people’s lives,” a CCLA statement reads.

One of their major issues stems from the government’s continual insistence that basic subscriber information (customer name and address, dubbed ‘tombstone data’) is not private and therefore a warrant is unnecessary—a position telecom providers stick to in order to justify a data handover.

Advertisement

In a clear nod to NSA spy operations, or other foreign signals intelligence agencies, CCLA claims some user data could end up “shared with foreign governments” under the current legislative regime. According to the civil liberties group “once this information is shared with governments outside of Canada, we effectively lose control over how and why it is used,” like say, in terrorism investigations, or when it's banked for eternity in a massive NSA metadata center.

Within the actual court application the CCLA singles out both CSIS and CSEC for having “refused to reveal” the reasons for gathering user data, because of “national security reasons and to protect their ability to collect intelligence.”

The CCLA suit is well timed and comes on the heels of myriad Canadian privacy revelations in the last three months. In March, reports emerged that the Canadian Border Services Agency accessed user data from big telcos over 19,000 times a year. And in 99 percen of those cases, without a warrant. Those numbers were only dwarfed in April when Canada's privacy commissioner, Chantal Bernier, tabled a report that law enforcement made 1.2 million requests for user data in one year to ISPs. Bernier followed that up with revelations the Canadian feds were spying on social media of citizens.

While Edward Snowden's leaks show American's that their government monitors their social media, banks their private emails, and records yours calls—Canadian government surveillance operations continue on with few leaks. Besides minor scandals involving CSEC spying on the Brazilian natural resources department and grabbing citizen metadata through an unnamed airport wifi, the latest revelations remain the most significant to date. In fact, out of all NATO states Canada is the only nation without a parliamentary or elected oversight committee keeping tabs on domestic and foreign intelligence operations.

Whatever the outcome of the CCLA suit, it appears the current system is fraught with issues on all sides. One Toronto Star report says even big telco companies were worried about "antagonizing" federal agencies making requests for user data, if they didn't comply.