Technology, Thoughts & Trinkets

Touring the digital through type

Tag: academic (page 1 of 2)

Government Surveillance Accountability: The Failures of Contemporary Interception Reports

Photo by Gilles Lambert on Unsplash

Over the past several years I’ve undertaken research exploring how, how often, and for what reasons governments in Canada access telecommunications data. As one facet of this line of research I worked with Dr. Adam Molnar to understand the regularity at which policing agencies across Canada have sought, and obtained, warrants to lawfully engage in real-time electronic surveillance. Such data is particularly important given the regularity at which Canadian law enforcement agencies call for new powers; how effective are historical methods of capturing communications data? How useful are the statistics which are tabled by governments? We answer these questions in a paper published with the Canadian Journal of Law and Technology, entitled ‘Government Surveillance Accountability: The Failures of Contemporary Canadian Interception Reports.” The abstract, follows, as do links to the Canadian interception reports upon which we based our findings.

Abstract:

Real time electronic government surveillance is recognized as amongst the most intrusive types of government activity upon private citizens’ lives. There are usually stringent warranting practices that must be met prior to law enforcement or security agencies engaging in such domestic surveillance. In Canada, federal and provincial governments must report annually on these practices when they are conducted by law enforcement or the Canadian Security Intelligence Service, disclosing how often such warrants are sought and granted, the types of crimes such surveillance is directed towards, and the efficacy of such surveillance in being used as evidence and securing convictions.

This article draws on an empirical examination of federal and provincial electronic surveillance reports in Canada to examine the usefulness of Canadian governments’ annual electronic surveillance reports for legislators and external stakeholders alike to hold the government to account. It explores whether there are primary gaps in accountability, such as where there are no legislative requirements to produce records to legislators or external stakeholders. It also examines the extent to which secondary gaps exist, such as where there is a failure of legislative compliance or ambiguity related to that compliance.

We find that extensive secondary gaps undermine legislators’ abilities to hold government to account and weaken capacities for external stakeholders to understand and demand justification for government surveillance activities. In particular, these gaps arise from the failure to annually table reports, in divergent formatting of reports between jurisdictions, and in the deficient narrative explanations accompanying the tabled electronic surveillance reports. The chronic nature of these gaps leads us to argue that there are policy failures emergent from the discretion granted to government Ministers and failures to deliberately establish conditions that would ensure governmental accountability. Unless these deficiencies are corrected, accountability reporting as a public policy instrument threatens to advance a veneer of political legitimacy at the expense of maintaining fulsome democratic safeguards to secure the freedoms associated with liberal democratic political systems. We ultimately propose a series of policy proposals which, if adopted, should ensure that government accountability reporting is both substantial and effective as a policy instrument to monitor and review the efficacy of real-time electronic surveillance in Canada.

Canadian Electronic Surveillance Reports

Alberta

British Columbia

Government of Canada

Manitoba

New Brunswick

Newfoundland

Nova Scotia

Ontario

Quebec

Saskatchewan

The (In)effectiveness of Voluntarily Produced Transparency Reports

Payphones by Christopher Parsons (All Rights Reserved)

I have a paper on telecommunications transparency reports which has been accepted for publication in Business and Society for later this year.

Centrally, the paper finds that companies will not necessarily produce easily comparable reports in relatively calm political waters and that, even should reports become comparable, they may conceal as much as they reveal. Using a model for evaluating transparency reporting used by Fung, Graham, and Weil in their 2007 book, Full Disclosure: The Perils and Promises of Transparency, I find that the reports issued by telecommunications companies are somewhat effective because they have led to changes in corporate behaviour and stakeholder interest, but have have been largely ineffective in prodding governments to behave more accountably. Moreover, reports issued by Canadian companies routinely omit how companies themselves are involved in facilitating government surveillance efforts when not legally required to do so. In effect, transparency reporting — even if comparable across industry partners — risks treating the symptom — the secrecy of surveillance — without getting to the cause — how surveillance is facilitated by firms themselves.

A pre-copyedited version of the paper, titled, “The (In)effectiveness of Voluntarily Produced Transparency Reports,” is available at the Social Sciences Research Network.

Computer network operations and ‘rule-with-law’ in Australia

‘Cyberman’ by Christian Cable (CC BY-NC 2.0) at https://flic.kr/p/3JuvWv

Last month a paper that I wrote with Adam Molnar and Erik Zouave was published by Internet Policy Review. The article, “Computer network operations and ‘rule-with-law’ in Australia,” explores how the Australian government is authorized to engage in Computer Network Operations (CNOs). CNOs refer to government intrusion and/or interference with network information communications infrastructures for the purposes of law enforcement and national security operations.

The crux of our argument is that Australian government agencies are relatively unconstrained in how they can use CNOs. This has come about because of overly permissive, and often outdated, legislative language concerning technology that has been leveraged in newer legislation that expands on the lawful activities which government agencies can conduct. Australian citizens are often assured that existing oversight or review bodies — vis a vis legislative assemblies or dedicated surveillance or intelligence committees — are sufficient to safeguard citizens’ rights. We argue that the laws, as currently written, compel review and oversight bodies to purely evaluate the lawfulness of CNO-related activities. This means that, so long as government agencies do not radically act beyond their already permissive legislative mandates, their oversight and review bodies will assert that their expansive activities are lawful regardless of the intrusive nature of the activities in question.

While the growing capabilities of government agencies’ lawful activities, and limitations of their review and oversight bodies, have commonalities across liberal democratic nations, Australia is in a particularly novel position. Unlike its closest allies, such as Canada, the United States, New Zealand, or the United Kingdom, Australia does not have a formal bill of rights or a regional judicial body to adjudicate on human rights. As we write, “[g]iven that government agencies possess lawful authority to conduct unbounded CNO operations and can seek relatively unbounded warrants instead of those with closely circumscribed limits, the rule of law has become distorted and replaced with rule of law [sic]”.

Ultimately, CNOs represent a significant transformation and growth of the state’s authority to intrude and affect digital information. That these activities can operate under a veil of exceptional secrecy and threaten the security of information systems raises questions about whether the state has been appropriately restrained in exercising its sovereign powers domestically and abroad: these powers have the capability to extend domestic investigations into the computers of persons around the globe, to facilitate intelligence operations that target individuals and millions of persons alike, and to damage critical infrastructure and computer records. As such, CNOs necessarily raise critical questions about the necessity and appropriateness of state activities, while also showcasing the state’s lack of accountability to the population is is charged with serving.

Read the “Computer network operations and ‘rule-with-law’ in Australia” at Internet Policy Review.

Canadian Transparency Publications

stack by hobvias sudoneighm (CC BY 2.0) https://flic.kr/p/Fecq6

Academics, private companies, journalists, non-government organizations, and government agencies have all made significant contributions to the telecommunications transparency debate in Canada since the beginning of this year. This post briefly describes the most significant contributions along with links to the relevant publications.

Academic Transparency Publications

Several academic groups published reports addressing telecommunications privacy and transparency issues. The Telecom Transparency Project published “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” which explored how much telecommunications surveillance occurs in Canada, what actors enable the surveillance, to what degree those actors disclose their involvement in (and the magnitude of) surveillance, and what degree of oversight is given to the federal governments’ surveillance practices. Two other reports, “Keeping Internet Users in the Know or in the Dark: 2014 Report on Data Privacy Transparency of Canadian Internet Service Providers” and “The 3+3 Project: Evaluating Canada’s Wireless Carriers’ Data Privacy Transparency,” analyzed the privacy practices of major Canadian telecommunications providers. The former report evaluated the data privacy transparency of the most significant forty-three Internet carriers serving the Canadian public and ranked the carriers against ten questions. In contrast, the latter report used 10 criteria to evaluate Canada’s three largest wireless carriers and their extension brands to establish how transparent they were about their privacy practices and how they treated subscribers’ personal information.

Corporate Reports and Guidance

A trio of telecommunications companies also released transparency reports in the first half of 2015. WIND Mobile’s Mobile Transparency (2014) revealed a significant decrease in requests for customer name and address information, and a modest increase of emergency response requests combined with an explosion of court ordered/legislative demands requests. TELUS and Rogers also released transparency reports; overall TELUS’ report shows a small decrease in government requests whereas Rogers’ report shows a significant decrease of roughly 60,000 fewer requests. The relative merits of companies’ transparency reports were discussed in the Telecom Transparency Project’s report, mentioned previously. Industry Canada also released transparency reporting guidelines to “help private organizations be open with their customers, regarding the management and sharing of their personal information with government, while respecting the work of law enforcement, national security agencies, and regulatory authorities.” Some thoughts on those guidelines were published by Michael Geist as well as by the Telecom Transparency Project.

Government Investigations into Domestic Data Collection

During this time the Office of the Privacy Commissioner of Canada also audited how the Royal Canadian Mounted Police (RCMP) collected and used subscriber data. This data was obtained from Canadian telecommunications companies. The Office found that, “the RCMP’s information management systems were not designed to identify files which contained warrantless access requests to subscriber information, we were unable to select a representative sample of files to review. Consequently, we were unable to assess the sufficiency of controls that may exist or if the collection of warrantless requests from TSPs was, or was not in compliance with the collection requirements of the Privacy Act.” The challenges experienced by the Office of the Privacy Commissioner of Canada were perhaps unsurprising, given that the RCMP stated in 2014 that they did not have a way of tracking subscriber data requests in response to questions from MP Charmaine Borg.

Signals Intelligence-Related Publications

There have also been a series of contributions that have focused prominently on Canada’s foreign signals intelligence organization, the Communications Security Establishment. Michael Geist’s edited collection, Law, Privacy and Surveillance in the Post-Snowden Era, contains nine contributions grouped into three parts: understanding surveillance in Canada, legal issues, and prospects for reform. In addition to Geist’s collection, two Canadian archives have been created to host Snowden documents. The first, “The Snowden Archives,” is hosted by the Canadian Journalists for Free Expression. The Snowden Archives contain approximately 400 documents and were compiled “to provide a tool that would facilitate citizen and researcher access to these important documents.” The second is the “Canadian SIGINT Summaries” which collate leaked documents that are exclusively linked to CSE’s operations. The SIGINT Summaries identify when the documents were created, provide a summary of the documents themselves, and also include metadata such as length, codenames, and news stories linked with the documents’ publication. Finally, the Canadian Broadcasting Corporation and the Globe and Mail have both published stories based on Snowden documents.

Summary

Overall, there has been an exceptional amount written on telecom transparency issues in Canada. Several transparency reports are expected later this year from Sasktel, MTS Allstream, and TekSavvy. And the Canadian Internet Registration Authority, though its Community Investment Program, is funding projects which will help Canadians request their personal information from public and private organizations alike as well as to help companies develop transparency reports. The coming months promise to continue being busy for transparency in Canada!

Photo Credit: stack by hobvias sudoneighm (CC BY 2.0) https://flic.kr/p/Fecq6

This post first appeared at the Telecom Transparency Project website.

Older posts