<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
h1
        {mso-style-priority:9;
        mso-style-link:"Heading 1 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:24.0pt;
        font-family:"Times New Roman","serif";
        font-weight:bold;}
h2
        {mso-style-priority:9;
        mso-style-link:"Heading 2 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:18.0pt;
        font-family:"Times New Roman","serif";
        font-weight:bold;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.apple-style-span
        {mso-style-name:apple-style-span;}
span.Heading2Char
        {mso-style-name:"Heading 2 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 2";
        font-family:"Cambria","serif";
        color:#4F81BD;
        font-weight:bold;}
span.Heading1Char
        {mso-style-name:"Heading 1 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 1";
        font-family:"Cambria","serif";
        color:#365F91;
        font-weight:bold;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:11230408;
        mso-list-template-ids:1150580050;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1
        {mso-list-id:1343170164;
        mso-list-template-ids:-526766160;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> liberationtech-bounces@lists.stanford.edu [mailto:liberationtech-bounces@lists.stanford.edu] <b>On Behalf Of </b>Ronald Deibert<br><b>Sent:</b> Thursday, March 06, 2014 7:31 AM<br><b>To:</b> liberationtech<br><b>Subject:</b> [liberationtech] The Murky State of Canadian Telecommunications Surveillance<o:p></o:p></span></p><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><span class=apple-style-span><span style='font-size:13.5pt'>Hi Liberation Tech</span></span><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:13.5pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'>The following update may be of interest to some on the list, regarding a project on telco / isp transparency led by Citizen Lab's Christopher Parsons<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'><a href="https://citizenlab.org/2014/03/murky-state-canadian-telecommunications-surveillance/">https://citizenlab.org/2014/03/murky-state-canadian-telecommunications-surveillance/</a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'>Apologies if there is any formatting weirdness on my email.  I copied and pasted from the blog post.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'>Cheers<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:13.5pt'>Ron<o:p></o:p></span></p></div><div><p class=MsoNormal><b><span style='font-size:13.5pt'><o:p> </o:p></span></b></p></div><div><h2 style='mso-line-height-alt:14.25pt;background:#EEEEEE;orphans: auto;text-align:start;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:17.5pt;font-family:"Arial","sans-serif";color:#333333'>The Murky State of Canadian Telecommunications Surveillance<o:p></o:p></span></h2><p style='line-height:14.25pt;background:#EEEEEE;orphans: auto;text-align:start;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><i><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>March 6, 2014</span></i><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'><o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE;orphans: auto;text-align:start;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Tagged: <a href="https://citizenlab.org/tag/canada/"><span style='color:#CC6600;text-decoration:none'>Canada</span></a>, <a href="https://citizenlab.org/tag/privacy/"><span style='color:#CC6600;text-decoration:none'>Privacy</span></a>, <a href="https://citizenlab.org/tag/surveillance/"><span style='color:#CC6600;text-decoration:none'>Surveillance</span></a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333;background:#EEEEEE'>Categories: </span><b><span style='font-size:13.5pt'><a href="https://citizenlab.org/category/research-news/articles/"><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#CC6600;background:#EEEEEE;font-weight:normal;text-decoration:none'>Articles</span></a></span></b><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333;background:#EEEEEE'>, </span><b><span style='font-size:13.5pt'><a href="https://citizenlab.org/category/research-news/"><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#CC6600;background:#EEEEEE;font-weight:normal;text-decoration:none'>Research News</span></a><o:p></o:p></span></b></p><div><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>On January 20, 2014 the Citizen Lab along with leading Canadian academics and civil liberties groups <a href="https://citizenlab.org/2014/01/towards-transparency-canadian-telecommunications/" title="Internal link to earlier CL post"><span style='color:#CC6600;text-decoration:none'>sent letters to Canada’s most prominent Internet service providers</span></a>. We asked the companies to reveal the extent to which they voluntarily, and under compulsion, disclose information about their subscribers to state agencies, as well as for information about business practices and data retention periods. The requested information would let researchers, policy analysts, and civil liberties groups better understand the current telecommunications landscape and engage in evidence-based policy analysis of current and proposed government surveillance activities. The companies were asked to provide responses by March 3, 2014.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>A considerable amount of attention has been given to state access to telecommunications data since January 20. Organizations such as the <a href="http://www.theglobeandmail.com/news/national/telecom-firms-being-asked-what-data-they-are-giving-to-police-intelligence-agencies/article16455076/"><em><span style='font-family:"Arial","sans-serif";color:#CC6600;text-decoration:none'>Globe and Mail</span></em></a> wrote that Canadians deserve to know who is listening to their communications, and reporting by <a href="http://www.thewirereport.ca/news/2014/02/10/rules-could-stymie-inquiry-of-telecoms%E2%80%99-info-disclosure-to-government/27839"><em><span style='font-family:"Arial","sans-serif";color:#CC6600;text-decoration:none'>The Wire Report</span></em></a> found that while telecommunications companies believed they might not be able to respond to all the questions in the letters, at least some responses might be provided without running afoul of government gag laws. However, <em><span style='font-family:"Arial","sans-serif"'>The Wire Report</span></em> also found that some sources believed they were forbidden from disclosing any information about the assistance they provide to government agencies, with one stating they were “completely resigned.”<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>At the same time as the letters were being examined by the companies, a series of high-profile telecommunications-related stories broke in the media. In the United States, leading <a href="http://transparency.verizon.com/us-data"><span style='color:#CC6600;text-decoration:none'>telecommunications</span></a> <a href="http://about.att.com/content/csr/home/frequently-requested-info/governance/transparencyreport.html"><span style='color:#CC6600;text-decoration:none'>carriers</span></a> released ‘transparency reports’ that put some information in the public arena concerning how often the companies disclose information to American state agencies. In Canada, there were revelations that the Communications Security Establishment Canada (CSEC) had <a href="http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881"><span style='color:#CC6600;text-decoration:none'>surreptitiously monitored the movements</span></a> of Canadians <a href="http://arstechnica.com/tech-policy/2014/01/new-snowden-docs-show-canadian-spies-tracked-thousands-of-travelers/"><span style='color:#CC6600;text-decoration:none'>vis-a-vis mobile devices that connected to wireless routers</span></a>. These revelations sparked <a href="http://www.theglobeandmail.com/news/politics/nothing-wrong-with-monitoring-airport-wi-fi-harper-security-adviser-says/article16670551/"><span style='color:#CC6600;text-decoration:none'>renewed interest</span></a> in the origins of CSEC’s data, whether Canadian telecommunications companies either voluntarily or under compulsion provide data to CSEC, the <a href="http://www.theglobeandmail.com/news/national/the-globe-goes-inside-canadas-top-secret-spy-agency/article17175386/" title="External link to Globe and Mail"><span style='color:#CC6600;text-decoration:none'>nature of CSEC’s</span></a> ‘metadata’ collection process, and the rationales driving data exchanges between telecommunications companies and state agencies more generally. The Office of the Privacy Commissioner of Canada also <a href="http://www.priv.gc.ca/information/sr-rs/201314/sr_cic_e.asp" title="External link to OPC site"><span style='color:#CC6600;text-decoration:none'>tabled a report</span></a> that outlined a series of ways to improve accountability and transparency surrounding state access to telecommunications data. Finally, MP Charmaine Borg, the New Democratic Party Member of Parliament for the riding of Terrebonne—Blainville in Quebec, <a href="http://www.parl.gc.ca/HousePublications/Publication.aspx?Language=E&Mode=1&Parl=41&Ses=2&DocId=6391359&File=11" title="External link to parliament website"><span style='color:#CC6600;text-decoration:none'>issued a series of questions</span></a> to the federal government that are meant to render transparent how federal agencies request information from telecommunications companies.<o:p></o:p></span></p><h1 style='mso-line-height-alt:14.25pt;background:#EEEEEE'><span style='font-family:"Arial","sans-serif";color:#333333'>Who Responded<o:p></o:p></span></h1><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>As of today, ten of sixteen companies have responded to the letters sent on January 20, 2014. Only one company, Distributel, has asked for additional time to formalize a response; this post will be amended once we receive their comments. Companies that sent responses include:<o:p></o:p></span></p><ul type=disc><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Response-from-Bell-Alliant.pdf"><span style='color:#CC6600;text-decoration:none'>Bell Aliant (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Bell-Canada-Lawful-Access-Request-Letter.pdf"><span style='color:#CC6600;text-decoration:none'>Bell Canada (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Cogeco-Cable-March-3-2014.pdf"><span style='color:#CC6600;text-decoration:none'>COGECO Cable Inc. (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Time-extension-request-from-Distributel.pdf"><span style='color:#CC6600;text-decoration:none'>Distributel (Request for additional time) (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Response-from-Eastlink.pdf"><span style='color:#CC6600;text-decoration:none'>Eastlink (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Letter-from-MTS-Allstream.pdf"><span style='color:#CC6600;text-decoration:none'>MTS Allstream (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Response-from-Rogers.pdf"><span style='color:#CC6600;text-decoration:none'>Rogers Group of Companies (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/Response-from-Shaw.pdf"><span style='color:#CC6600;text-decoration:none'>Shaw Media Inc. (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/TELUS-Response-to-Parsons-et-al-Letter-20-Jan-2014.pdf" title="Internal link to document"><span style='color:#CC6600;text-decoration:none'>TELUS Communications Company (.pdf)</span></a><o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l1 level1 lfo1;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><a href="https://citizenlab.org/wp-content/uploads/2014/03/QuebecorVideotron.pdf"><span style='color:#CC6600;text-decoration:none'>Videotron/Quebecor Media (.pdf)</span></a><o:p></o:p></span></li></ul><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>To date, the following companies have not responded to the letters:<o:p></o:p></span></p><ul type=disc><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l0 level1 lfo2;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Fido Solutions<o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l0 level1 lfo2;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Globalive Wireless Management Corp. (Wind)<o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l0 level1 lfo2;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Primus Telecommunications Canada Inc.<o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l0 level1 lfo2;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Sasktel<o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l0 level1 lfo2;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>TekSavvy Solutions Inc.<o:p></o:p></span></li><li class=MsoNormal style='color:#333333;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:14.25pt;mso-list:l0 level1 lfo2;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Xplorenet Communications Inc<o:p></o:p></span></li></ul><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>We remain optimistic that the remaining companies will provide written responses to the letters. This post will be updated as we receive additional replies. Significantly, one of the largest Telecommunications service providers servicing western Canada, Sasktel, has not responded.<o:p></o:p></span></p><h1 style='mso-line-height-alt:14.25pt;background:#EEEEEE'><span style='font-family:"Arial","sans-serif";color:#333333'>Limited Findings<o:p></o:p></span></h1><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>The companies that have responded to the letters as of March 5, 2014 have generally declined to provide specific responses to the questions posed of them. Most (though not all) companies indicated that they were generally committed to protecting their subscribers’ privacy, though few provided specific details concerning what they do to protect their subscribers’ privacy in relation to the questions that were posed in the letters. TELUS was noteworthy insofar as it referenced its challenge of a general warrant to access text message data, and Bell Canada in that they noted that a law enforcement agency group evaluates all requests for subscribers’ telecommunications data.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Companies generally avoided or refused to respond to specific questions put them them. As an example, and in response to the multi-page letter, Eastlink’s entire response was:<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Consistent with our obligations under the Personal Information Protection and Electronic Documents Act, Eastlink does not disclose any information to government agencies except pursuant to a warrant or other order that legally compels us to disclose the information, or in very exceptional emergency circumstances as also permitted under PIPEDA.<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>In the case of Rogers Communications, the company provided a more detailed response to the media when asked about the letters by the <em><span style='font-family:"Arial","sans-serif"'>Globe & Mail</span></em> than in their response to the letters themselves. Specifically, the company’s spokesperson was <a href="http://www.theglobeandmail.com/news/national/telecom-firms-being-asked-what-data-they-are-giving-to-police-intelligence-agencies/article16455076/"><span style='color:#CC6600;text-decoration:none'>quoted as saying</span></a> that Rogers takes “privacy matters very seriously and comply with all regulations. Our policy is that we require a properly executed warrant to disclose customer information.” The company’s formal response to the letter they received, in contrast, neither indicates their concern for Canadians privacy <em><span style='font-family:"Arial","sans-serif"'>or</span></em> that they require a warrant to disclose customer information. Instead, the company suggests that their ability to provide information about state agencies’ access to wireless communications data is limited by the<em><span style='font-family:"Arial","sans-serif"'>Solicitor General’s Enforcement Standards</span></em> and, more generally, that “there are restrictions around the disclosure of information about access and intercept requests that Rogers receives from government agencies.” No specifics were provided about these restrictions, their legal origins and justifications, or the company’s own position(s) concerning such restrictions. No information about the company’s data management, retention, or disclosure practices was provided.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Responses from Bell Aliant, Bell Canada, Cogeco, TELUS, and Videotron similarly lack substantive responses to most of the questions posed to them. While these companies all stated their commitment to maintaining their subscribers’ privacy, they also declined to indicate how long they retained data or information about their subscribers, the specific protocols or policies they used in evaluating state agencies’ requests for data, whether the companies receive any restitution for the surveillance, or the fields of data that are retained or disclosed following a request or demand by state agencies. In all cases, companies justified their refusals on grounds of confidentiality of investigative techniques or because of national security concerns. Many companies also asserted that they they were ill-suited to provide any response because the companies (e.g. Bell Canada) “are not in a good position to balance the competing principles and interests triggered by detailed public disclosures about the volume and nature of lawful access requests.” TELUS, similarly, wrote that “[g]overnment agencies are better positioned to balance transparency considerations with other important considerations such as the need for confidentiality in relation to investigative techniques, and other law enforcement or national security concerns.”<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Ultimately, the companies that received these letters have not comprehensively identified how or why responding to questions would either interfere with investigative confidentiality or threaten national security. None of the responsive companies, save for TELUS, indicated that they had (or would) asked the federal government (or other levels of government) whether disclosures would endanger national security or investigative techniques. Instead, the companies asserted that they were ill-suited to provide information about their business practices and (in some cases) suggested filing requests with various levels of government for information about those governments’ practices. The sole exception was TELUS, which wrote that the company would “request the Government to clarify and limit the scope of current confidentiality requirements and to consider measures to facilitate greater transparency.”<o:p></o:p></span></p><h1 style='mso-line-height-alt:14.25pt;background:#EEEEEE'><span style='font-family:"Arial","sans-serif";color:#333333'>Examples of Unanswered Questions<o:p></o:p></span></h1><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>It is helpful to consider some of the questions to fully appreciate why responding to them is unlikely to compromise investigative techniques or undermine national security interests. For all questions, we asked the companies to “please provide either a response, indicate that you cannot respond, or indicate that you will not respond.” For almost all questions, it seems, companies are unwilling to assert whether they <em><span style='font-family:"Arial","sans-serif"'>cannot</span></em> or <em><span style='font-family:"Arial","sans-serif"'>will not</span></em> respond; instead, they have deliberately left unclear whether they are legally barred from providing responses to specific questions or have simply decided that they would prefer not to respond to these these questions. Even this level of data disclosure would be helpful because it would let researchers understand the extent to which companies are operating under gag rules or, alternately, are choosing to voluntarily gag themselves.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>As an example of a question that was posed, we asked whether service providers received “money or other forms of compensations in exchange for providing information to government agencies” as well as subsequent, increasingly detailed, questions about compensation policies. Companies could have provided very broad responses to such a question (i.e. only responding ‘yes’ or ‘no’ to whether they are compensated for assisting state agencies) without endangering ongoing or past cooperation with authorities. They also could have stated that they will not respond to the question, indicating that though they were legally permitted to respond they had made the decision to remain silent instead.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>As another example, we asked whether the respective companies notify their customers “when government agencies request their [subscribers’] personal information? If so, how many customers per year have you notified?” Revealing whether subscribers are notified in the first place would clearly not jeopardize investigations and would instead reveal a business practice that either was, or was not, in place. Companies might have stated they could not respond for legal reasons or, alternately, that they will not respond to the question. Whereas the former response would indicate that the government was preventing disclosure the latter might suggest the businesses’ own interests precluded a response. Unfortunately, we are left without any idea of even if companies could notify subscribers when authorities make warrantless or warrant-based requests for subscriber data, let alone whether these companies actually do notify their customers.<o:p></o:p></span></p><h1 style='mso-line-height-alt:14.25pt;background:#EEEEEE'><span style='font-family:"Arial","sans-serif";color:#333333'>The Clearest Research Findings<o:p></o:p></span></h1><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Of all the questions asked, and all the companies that have responded, the clearest example of a direct responses came from Bell Canada and TELUS. Specifically, one of the questions sent to the Bell Canada read:<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Does your company have a dedicated group for responding to data requests from government agents? Are members of this group required to have special clearances in order to process such requests? What is the highest level company official that has direct and detailed knowledge of the activities of this group?<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Bell Canada wrote in response:<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>To ensure that customer information is only disclosed in circumstances permitted by PIPEDA and required by law, all such requests are vetted by Bell Canada’s lawful access group and, where there is any doubt, by my office. The lawful access group exercises careful scrutiny over disclosure requests. Where necessary, the lawful access group has required government agencies to withdraw their disclosure requests where the request appears unreasonable in its scope or lacks the reasonable grounds required by law. In the past, when there were concerns about the statutory power of law enforcement agencies (LEAs) to request warrantless access to customer information under exigent circumstances, Bell Canada led the way to implement an industry-wide process requiring LEAs to document the basis for each such access request<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>As a result, we know (and have on record) that Bell has a dedicated group tasked to vet requests and that a senior counsel and privacy ombudsperson is sometimes involved in responding to such state agencies’ requests. We also know that Bell Canada does sometimes push back against government requests for data, and that the industry-wide process of LEA documentation was driven by Bell. Bell’s disclosure reveals that the company <em><span style='font-family:"Arial","sans-serif"'>does not</span></em> believe that revealing this information inhibits either national security processes or investigative techniques, in contrast to even its sister corporation, Bell Aliant. We have no information about whether other telecommunications service providers do (or do not) have similar groups, or whether they similarly push back against inappropriate disclosure requests.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>In the case of TELUS, the company committed to asking “the Government to clarify and limit the scope of current confidentiality requirements and to consider measures to facilitate greater transparency ” while also acknowledging that “when TELUS receives court orders from law enforcement agencies, they can often be far reaching.” This combination of responses is significant for two reasons. First, it suggest that TELUS is making a policy commitment that is unique: no other company responded by suggesting that it had, or was prepared to, ask for clarity concerning what could and could not be publicly disclosed. Second, it reveals that requests from law enforcement authorities may be overly broad, something that only Bell Canada also noted in their response to the letter they received.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>TELUS’ response was also interesting because the company proposed a new policy approach to responding to state agencies’ requests for subscribers’ information. Specifically, TELUS’ response read that far reaching requests from state agencies might be restrained should the Canadian policy environment adopt:<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>a model similar to that which exists in the United States where law enforcement agencies pay the costs associated with the production of the records which they obtain. The imposition of a moderate cost in this regard acts as a check and balance to ensure that court orders are focused and thus limited to those records which are considered by law enforcement agencies to be absolutely necessary. This would help to deter orders that are too broad in scope and that may unnecessarily impact the privacy of citizens.<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>The model that TELUS is advocating has been proposed by privacy advocates both in the United States and in Canada; the theory undergirding the model is that it would motivate law enforcement agencies to decide whether they wanted to invest precious resources on potentially broad ranging data requests or on other resources (e.g. street officers, vehicle maintenance, etc). No other company indicated a preference for an alternate payment model, though TELUS did not explicitly note whether they currently respond to government agencies’ requests for subscribers’ information on a cost-recovery basis or as a cost of doing business.<o:p></o:p></span></p><h1 style='mso-line-height-alt:14.25pt;background:#EEEEEE'><span style='font-family:"Arial","sans-serif";color:#333333'>Broader Implications<o:p></o:p></span></h1><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Canadians are reliant on telecommunications service providers to conduct their daily affairs. We <a href="https://citizenlab.org/2014/01/towards-transparency-canadian-telecommunications/"><span style='color:#CC6600;text-decoration:none'>wrote the following</span></a> when outlining why these letters were developed and sent to Canada’s largest service providers:<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>… interested Canadians have had only vague understandings of how, why, and how often Canadian telecommunications providers have disclosed information to government agencies. Given the importance of such systems to Canadians’ lives, and the government’s repeated allegations that more access is needed to ensure the safety of Canadians, more data is needed for scholars, civil rights organizations, and the public to understand, appreciate, and reach informed conclusions about the legitimacy of such allegations.<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>At this point, Canadians know a small amount more about state agencies’ access to telecommunications data compared to before the letters were sent: namely, we know that Bell Canada has a group responsible for handling requests from law enforcement agencies, and that most companies firmly believe that they cannot or will not provide any substantive responses about state access to telecommunications data. We also know that TELUS is interested in ascertaining how much they can, and cannot, disclose to the public as well as policy mechanisms the company believes would limit over broad requests for subscribers’ information. Several of the companies, including Videotron, Cogeco Cable, and Bell Aliant, maintain that they are committed to working with government bodies when it comes to responding to public sector access-to-information laws, though all of these companies fail to make the case for why <em><span style='font-family:"Arial","sans-serif"'>all</span></em> of the information that was asked about in the letters must first be mediated through federal or provincial access to information processes.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Ultimately, it is somewhat surprising that even the companies which coordinated the ‘<a href="http://www.fairforcanada.ca/" title="External link to site"><span style='color:#CC6600;text-decoration:none'>Fair For Canada</span></a>’ lobbying campaign against Verizon entering the Canadian market were not more forthcoming with their responses. The campaign was orchestrated by Bell, Rogers, and TELUS, and included a strong statement that suggested that the respective companies were deeply committed to protecting Canadians’ privacy. Specifically, the campaign website read:<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Across the country, Canadians use their wireless devices to make calls, send text messages and emails, and browse the internet every day. That information should be safe, secure, and private.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Will American companies say no to requests from U.S. government agencies, for customers’ personal data?<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Canadian wireless providers have a solid track record of protecting your data in compliance with Canadian laws. But what will happen with regard to the data of Canadians in the hands of foreign-owned wireless carriers? What laws will regulate the protection of your information? This is not a trivial issue. It is one that should be of concern to all Canadians.<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>More detailed responses to our letters would have clarified what laws are in place or exploited that enable state-authorized infringements on Canadians’ privacy, the conditions under which Canadians’ personal information is accessed by state authorities, the kinds of data that Canadian companies retain about their subscribers, and whether the companies notify subscribers after state agencies request access to people’s personal information. While it is a valuable question to ask “what will happen with regard to the data of Canadians in the hands of foreign-owned wireless carriers?” it would be equally helpful if the lobbying companies could respond, comprehensively, to “what happens with regard to the data of Canadians in the hands of domestically-owned telecommunications service providers?” To date, no such comprehensive response has been provided by these companies to the public.<o:p></o:p></span></p><h1 style='mso-line-height-alt:14.25pt;background:#EEEEEE'><span style='font-family:"Arial","sans-serif";color:#333333'>Next Steps<o:p></o:p></span></h1><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Few of the respondent companies directly responded to many (if any) of the questions posed to them. So we will begin by asking companies to more clearly explain how responding to different questions might violate existing confidentiality agreements, gag laws, or other legal restraints that hinder companies from discussing responses to the questions posed. We will also explicitly ask if the companies would simply prefer to not respond to the questions, outside of legal prohibitions. We will also be following up with companies that failed to provide any response and ask whether they intend to provide responses or not. And once Distributel provides their response we will update this post to account for what they have written.<o:p></o:p></span></p><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Beyond communicating with the telecommunications service providers directly, we may speak with other branches of government in order to clarify what private telecommunications services providers can and cannot disclose to the public. Bell Canada, in particular, rationalized its limited response on the grounds that<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>In the absence of guidance from the applicable authorities (including the Office of the Privacy Commissioner of Canada), it is not clear what level of disclosure is permitted under applicable law.<o:p></o:p></span></p></blockquote><p style='line-height:14.25pt;background:#EEEEEE'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333'>Presumably, if federal institutions such as the Office of the Privacy Commissioner of Canada clarify whether Canadian privacy law permits or mandates companies to make “readily available to individuals specific information about [company] policies and practices relating to the management of personal information” as it relates to telecommunications data, and that such openness extends to many of the questions raised in our letters, then telecommunications service providers might be more comfortable with rendering transparent how they disclose Canadians’ personal information to state authorities. Indeed, if the efforts of TELUS are successful, companies may better understand the precise extent to which they can be transparent about state agencies’ access to their subscribers’ telecommunications information. Or, at the very least, such clarifications by federal institutions might encourage these companies to provide researchers, policy analysts, civil liberties groups, and the public with a more robust account of the conditions under which the companies disclose subscribers’ information to state agencies as part of their management of Canadians’ personal information.<o:p></o:p></span></p></div></div><div><h2><span style='font-size:17.5pt;font-family:"Arial","sans-serif";color:#333333'><br><br></span><o:p></o:p></h2><h2><span style='font-size:13.5pt'><o:p> </o:p></span></h2></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal>Ronald Deibert<o:p></o:p></p></div><div><p class=MsoNormal>Director, the Citizen Lab <o:p></o:p></p></div><div><p class=MsoNormal>and the Canada Centre for Global Security Studies<o:p></o:p></p></div><div><p class=MsoNormal>Munk School of Global Affairs<o:p></o:p></p></div><div><p class=MsoNormal>University of Toronto<o:p></o:p></p></div><div><p class=MsoNormal>(416) 946-8916<o:p></o:p></p></div><div><p class=MsoNormal>PGP: <a href="http://deibert.citizenlab.org/pubkey.txt">http://deibert.citizenlab.org/pubkey.txt</a><o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><a href="http://deibert.citizenlab.org/">http://deibert.citizenlab.org/</a><br>twitter.com/citizenlab<br><a href="mailto:r.deibert@utoronto.ca">r.deibert@utoronto.ca</a><br><br><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>