2498847226_9beb1f55db_o-300x200In our report, “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” we discussed the regularity at which government agencies gain access to telecommunications data. Save for the Canadian Border Services Agency, federal government agencies that are principally responsible for conducting domestic telecommunications surveillance, such as the Royal Canadian Mounted Police, could not account for how often they use their surveillance powers.

In the course of investigating government access to telecommunications data we also contacted regional policing departments. This post expands on findings we provided in our report to discuss, in depth, the data provided by responsive police departments. We conclude by asserting that new legislation must be introduced and passed so that Canadians become aware of the magnitude of contemporary telecommunications surveillance that policing organizations are involved in on a yearly basis.

Requests to Police Departments

We filed requests to Canadian police departments to determine how often individual departments were exercising telecommunications surveillance powers. Though our report principally focused on federal government agencies’ surveillance, we had hoped to effectively juxtapose provincial/municipal telecommunications surveillance against their federal brethren. We ultimately decided to not conduct a detailed juxtaposition in the report because an insufficient number of police departments responded to our legally-binding requests for access to government data in time for publication.

We filed requests for information to police departments operating in Nova Scotia, Ontario, Alberta, and British Columbia. These requests identified the provincial statutes we were relying on to request information. We paid fees to the various police departments to initiate the processing of the requests. The only two police departments that were responsive to our requests were the Halifax and Vancouver police departments. The most notable non-responsive departments police the cities of Calgary and Toronto.

We sent identical requests to all police departments, asking for:

Copies of briefing notes, memos, or policy documents identifying the number of times that: a) ‘subscriber data’ was requested from Canadian telecommunications service providers; b) wiretaps initiated under court order; c) call detail records (CDR) that were obtained. Inclusive of January 1, 2011 – November 1, 2014.

Response from Halifax Police Department

The Halifax Regional Police Department responded to our request by January 23, 2015. The department provided aggregate/estimated totals for how many times they had exercised the legal powers we had inquired about. Figure One identifies how often the Halifax Regional Police made requests from subscriber data requests and received intercept orders. Per the figure, the department could not report how many times they had received orders that permitted them to collect call detail records.

Halifax-PD-ATIP-November-2014-1024x960

The Halifax Regional Police did not provide a monthly breakdown of how often they requested subscriber data. However, if we assume that the requests were fairly evenly divided across the 48 months covered by the request then there were approximately 1,127 warranted and 589 unwarranted requests for subscriber information each year, as well as 14 or 15 wiretaps initiated under a court order. Like their federal (and other municipal) counterparts Halifax does not track how often they request call detail records. The Criminal Code does not require government agencies to track either the regularity at which they request access to subscriber records or request call detail records.

Responses from Vancouver Police Department

The Vancouver Police Department responded to our request by December 30, 2014. The department provided monthly figures concerning its access to subscriber data, broken down by telecommunications company, as well as yearly figures for the number of telephone lines that were intercepted, again broken down by carrier. Figure Two summarizes yearly figures for subscriber data access and wiretaps; the more granular Excel spreadsheet that the department provided to me is also available for download.

VPD-Subsciber-Intercepts-1

The department used the following methodology to categorize the number of warranted and unwarranted requests made for subscriber data. For warranted requests, the department “queried the interecept system based on date ranges, searching for entries into the Name/Number database where the entry was marked as subscriber. The resulting numbers represent information obtained by Warrant/Authorization.” They clarified the accuracy of these queries by examining “the bills provided to us by Bell, Rogers, Telus and Wind Mobile (Globalive Wireless).”

The department’s unwarranted data may be somewhat less precise, on the basis that it did not record the requests that the emergency communications (i.e. 9-1-1) staff may have made to telecommunications carriers. Precisely, the department stated:

Since 2008 the Covert Intercept Unit has acted as a conduit for members of the Department to make queries for subscriber information to the telecommunications companies. The numbers represented in the table for non-warrant requests are derived from an excel database used by members of the Covert Intercept Unit to track non-warrant requests to telecommunications providers. We cannot guarantee that other requests may not have been made by ECOMM on our behalf, prior to the decision of the telecoms to no longer provide customer name and address information to law enforcement, with the exception of published information – and this is provided at a cost to Law Enforcement.

The Vancouver Police Department did not provide similarly detailed statistics concerning their requests for Call Detail Records (CDRs). They stated that, “This information was not tracked by the VPD in the years of the request. We simply do not have this information to provide.” However, “[t]he VPD will be centralizing the service of all Production Orders to the Covert Intercept Unit to permit tracking beginning January 2015” and, as a result, should be able to provide CDR statistics for January 2015 onward.

Implications of Law Enforcement Requests for Telecommunications Data

The data provided by the Halifax and Vancouver policing agencies reveal that they routinely requested subscriber information; Halifax requested subscriber data 4-5 times a day whereas Vancouver made similar requests between 20-21 times a day (in 2014) and 39-40 times a day (in 2012). To put this in contrast, Canada’s federal border agency, the Canadian Border Services Agency, made 51-52 requests per day in 2012-2013.

Further, while the Halifax and Vancouver agencies noted deficiencies or potential weaknesses in how they accounted for subscriber data requests, and explained why they could not provide information on how often they had requested Call Detail Record information, no similar problems arose when they explained how many interceptions they had conducted each year. These agencies’ abilities to provide information to our requests for information are directly linked to legal requirements that are imposed on them: wiretap information must be meticulously recorded per Section 195 of the Criminal Code. However, there are no equivalent requirements for government agencies — federal or provincial — to record and publicly disclose how often they collect CDR information, subscriber data, or engage in non-interception-related telecommunications surveillance. Consequently, that either department could report about subscriber information requests is a blessing and cannot be expected from other police departments across Canada.

It must be noted that only two police departments responded, as they were legally required, to the requests that were put to them. As a result, not only are police agencies not required to record the regularity at which they deploy their set of surveillance powers, but several have declined to meet their obligations under provincial laws to provide information concerning the use of those same powers. The result is that even when the public attempts to learn more about government surveillance practices the agencies themselves do not provide the (often minimal) responses they are required to under the law.

Ultimately, new laws or statutes must be passed or created to update statutory recording and reporting accounts; the governments’ interception reports must account for the contemporary modes of telecommunications surveillance that are routinely relied upon by authorities to monitor Canadian citizens and residents of Canada. Moreover, current laws around access to information and privacy legislation must be better respected by government agencies themselves: it’s bad enough that they aren’t required pre-emptively record and disclose the kinds of surveillance in which they engage. It’s inexcusable that they don’t even disclose documents on their surveillance practices when there is a legal compulsion or expectation for them to do so.

Access to Information and Privacy Documents Cited

NOTE: This post first appeared at the Telecom Transparency Project website.