Very few law enforcement and government agencies in Canada openly detail the number of times they are legally authorized to eavesdrop on the communications of Canadians, making the true extent of electronic surveillance in Canada incredibly hard to gauge.
But according to documents obtained exclusively by Motherboard, we now know this: at least 6,000 wiretaps and intercepts were authorized per year across all levels of government in Canada as of 2011. The slide deck, obtained via an Access to Information and Privacy Act request, also shows that approximately 12,000 requests for call detail records (CDRs)—a log of numbers dialled—were authorized per year.
It is not clear whether those averages remain consistent today, but it is possible they may be even higher now given the increasing reliance on electronic surveillance in law enforcement investigations.
What we already do know is that government and law enforcement agencies regularly make warrantless requests for subscriber information from telecommunications companies. For example, the Canadian Border Services Agency made 18,849 requests between 2012 and 2013, where only 52 of those requests required a warrant. And we know that telecom companies received nearly 1.2 million such requests overall from agencies in 2011 alone.
It is the first time that privacy experts who spoke with Motherboard have seen the number of wiretaps and intercepts that are authorized across the country each year aggregated in such a way. Previously, law enforcement has been evasive about the exact number of wiretaps, often citing far lower numbers than the 6,000 Motherboard has uncovered.
Christopher Parsons, a postdoctoral fellow with The Citizen Lab at the University of Toronto's Munk School of Global Affairs, called the finding a missing link in our understanding of the scope of electronic surveillance in Canada.
"Wiretap data is, in theory, being recorded. But subscriber data and CDR data—neither of those have to be recorded under government statue," Parsons explained. "There's nothing in the legislation that will require agencies to record how often they got those court orders."
Under Section 195 of the Criminal Code, the Attorney General of Canada is required to publish an annual report on the use of electronic surveillance. The report, which can be found on the website of Public Safety Canada, includes the number of wiretaps and intercepts authorized each year, but not court orders or warrants for subscriber information or CDRs.
That number is culled from the Public Prosecution Service of Canada, RCMP and various municipal and provincial police services across the country, and according to Public Safety Canada spokesperson Zarah Malik—it only reflects the number of wiretaps for federal cases. In 2013, for example, 394 interceptions were authorized for the collection of telecommunications data during federal investigations.
Absent from this report is the much higher number of wiretaps and intercepts carried out by provincial and municipal law enforcement and government agencies. But contained within documents obtained via an Access to Information and Privacy Act request is a presentation slide from the Canadian Wireless Trade Association (CWTA) that details the approximate number of requests—both federal and provincial combined—that telecommunications companies received each year.
If accurate, it shows that the majority of legally authorized electronic surveillance happens not federally, but on a provincial and municipal level instead.
this is very troubling that these reports are not published online and made readily available
A meeting on lawful access issues was held in September 2011 between Public Safety and "industry stakeholders" according to the documents. Industry members present at the meeting included Bell, Cogeco, TELUS, and Rogers. Research in Motion (now BlackBerry) and Microsoft were also present. According to an email, the group had met "on a number of previous occasions," but it had been a year and a half since their last meeting.
At the meeting, Bell senior legal counsel Bill Abbott circulated a slide deck from CWTA members marked "CONFIDENTIAL", "detailing the issues they wished to discuss." Amongst the topics were concerns that the "complexity and cost of intercepts and subscriber information requests has grown."
One slide, designated as a backup, details the "current environment" for law enforcement agency requests, as of 2011. It indicates that wiretaps and intercepts, warrants and court orders accounted, for approximately 18,000 requests to telecommunications companies in Canada per year. Of those requests, approximately one third, or 6,000, are authorizations for intercepts or wiretaps, while the remaining two thirds, or 12,000, are requests for call detail records (CDRs).
In other words, a log of both the caller and receiver's phone numbers, as well as any additional numbers that are inputted during a call.
"That number in and of itself is interesting," said privacy lawyer David Fraser, a partner at the law firm McInnes Cooper. "But it only tells part of the story." For example, we don't know if those numbers vary from year to year, said Fraser.
When reached via email by Motherboard, spokespeople for Bell, Telus and Rogers all refused to directly answer questions about the number of wiretap/intercept requests they receive each year, nor how many requests for CDRs they receive.
In the transparency reports issued by both Telus and Rogers, wiretaps, intercepts, and CDR requests are not broken down into any detail, but simply counted within the total number of court orders and warrants each company has received (Bell has not yet issued a transparency report, and has given no indication that it plans to do so).
For example, Rogers offers 74,415 as the number of "court order/warrants" it received in 2013 without providing any specifics.
Microsoft, BlackBerry and Cogeco, who were also presents at the meeting between Public Safety and industry stakeholders, did not respond to a request for comment.
"I think what's most telling is it seems that the parties that have the best records of anyone in Canada is corporate Canada," Parsons said. "These are the people who are being forced to use their resources to provide assistance to law enforcement, and law enforcement can't even be bothered to record and disclose themselves how often this is going on."
In September, the RCMP wrote that it "does not maintain a centralized data repository that would allow it to determine the total number of requests to telecommunications service providers," in response to questions from NDP MP Charmaine Borg. The RCMP confirmed that it did receive 664 judicial authorizations to intercept private communications from 2003 to 2013—but those numbers are only for federal cases.
The Office of the Privacy Commissioner of Canada sent CWTA members a list of questions regarding law enforcement requests in 2011, and received aggregate responses from nine service providers on behalf of the law firm Gowlings.
"We asked whether companies kept internal, aggregate statistics on the types of requests received and the kinds of information requested. The simple answer was 'yes,'" wrote Tobi Cohen, senior communications advisor at Office of the Privacy Commissioner of Canada, in an email. "We asked for a copy of this information, to which they replied 'no.'"
According to CWTA spokesperson Marc Choma, "the individual companies reported their numbers in confidence to Gowlings," and thus was unable to answer questions about how many requests each service provider would have contributed to the aggregate total.
"However, some of the major companies have told me that requests from all levels of government were included in their submissions," Choma confirmed.
Under Section 195 of the criminal code, the Attorney General of each province and territory is also required to publish annual reports on wiretaps and intercepts authorized provincially. However, such information is, compared to other reports and publications published online, unusually difficult to obtain—let alone made apparent that it even exists.
In an email, Ontario Attorney General spokesperson Brendan Crawley wrote that the province fulfills its Criminal Code requirement "by preparing the report as soon as possible after the end of each year, by printing hard copies, and by making those copies available to the public upon request."
Newfoundland & Labrador is the only province that posts up-to-date reports on electronic surveillance to its government website.
"The fact that these reports are not made readily findable online while other provincial government reports are very easy to find—the cynic in me suggests that perhaps this is not accidental," said Fraser. "But regardless of whether they're trying to bury them or not, it certainly seems to me, given that this is 2014, that this is very troubling that these reports are not published online and made readily available."