Canada’s C-30 surveillance bill is much like the FBI’s recently revealed effort to force Internet communications providers such as Skype and Facebook to provide “back doors” for eavesdropping. In some cases, the Canadian legislation would allow police to obtain user data without a warrant. C-30 had appeared dead following a Supreme Court ruling in April that deemed warrantless wiretaps unconstitutional, plus a storm of opposition from privacy groups. But the government said last week it is still moving forward with the plan.
Now, new documents obtained under Access to Information laws have revealed Canada’s largest telecoms providers held secret meetings with government officials about the wiretapping proposals. The documents show that after forming a behind-closed-doors working group, the companies and government officials discussed the technical reality of introducing new mass eavesdropping capabilities in fascinating detail.
As reported yesterday by Canadian academic Michael Geist, at a September 2011 meeting that included Microsoft, RIM, Bell Canada, Cogeco, Telus, Rogers, and the Information Technology Association of Canada, a government policy document (see below) was distributed, offering guidance to accompany the planned Internet surveillance legislation.
The document outlined that under the new law, a “global limit” would set out to define the maximum number of communications interceptions telecoms providers would have to be capable of. This limit would be worked out by dividing the company’s total subscribers by 5,000. So Telus, one of Canada’s largest telecoms firms with more than 7 million subscribers, would have to have capacity to simultaneously wiretap the communications of up to 1,400 users (a number that could be increased by an order issued by government). If it was unable to, or produced errors in the process, it could face fines.
The document, which includes detail likely very similar to what is being proposed under the FBI’s CALEA amendment and the U.K.’s Communications Capabilities Development Program, also informed the telecoms firms that they may be expected to “have the capability to transmit the intercepted communications to authorities while they are occurring (in real-time).” And if real-time is not possible, “no later than one second after” will do. It also notes that a service provider may be required enable the interception of “all communications of a single interception subject, by up to five different agencies at the same time.”
In most cases, the telecoms providers would have two business days to enable the wiretap. But in some “exceptional circumstances”—on national security grounds or to prevent serious harm to any person or property—a written or verbal request from an “authorized person” would require the company to set up a wiretap within 30 minutes without a court order. And in some cases “any police officer (not necessarily one who has been officially designated) may request subscriber information.”
If C-30 is to become law, it is likely some of the provisions will have to be scaled back—particularly elements that include warrantless wiretapping in contravention of the Canadian Supreme Court’s judgment. And public outrage will only be fed by the revelation that the government has been holding rather shady meetings with telecoms providers.
The United States is facing its own debate about the secrecy surrounding Internet surveillance policy: Just yesterday CNET revealed that the FBI has recently formed a shadowy Domestic Communications Assistance Center to wiretap Internet and wireless communications. The FBI declined to tell CNET who was responsible for running DCAC, prompting criticism from Jennifer Lynch, a staff attorney at the Electronic Frontier Foundation. “We should know more about the program and what the FBI is doing,” Lynch said. “They're doing the best they can to avoid being transparent."
Read the C-30 document below.