Google and Bell deny roles in mass surveillance of Canadians

What does Edward Snowden mean for Canadian companies?

One hundred and twenty-eight Canadians. According to Google, that’s the number of users in this country on whom our government has requested account data in 2012. And less than half of those requests resulted in Google actually providing authorities with any information.

But is that the whole story? In the wake of revelations about PRISM, one of several bulk surveillance efforts by the U.S. National Security Agency, Canadians have been wondering if something similar has been happening here, wherein the data of millions is getting scooped up in whole, stored, and analysed at some later date. Last month, the Globe and Mail revealed the existence of a metadata surveillance effort by CSEC (Communications Security Establishment Canada). CSEC, our little-known equivalent to the NSA, is tasked with “foreign signals intelligence,” but as the Globe revealed, they’ve also been spying on Canadians. Metadata is information about a communication (say, who sent a message, to whom, when, and from where) but does not include the message itself.  The Globe learned through access to information requests that CSEC has spied on bulk metadata, but reported nothing on how CSEC was obtaining this data, or on which companies have been aiding them.

Little is publicly known in Canada about bulk surveillance on the actual content of our communications. Internet Law professor Michael Geist recently provided an analysis of Canadian law in relation to the mandates of CSIS and CSEC. Geist found equivalents in Canadian law for most of the U.S. statutes that enable the NSA to operate as it does, and language from our intelligence agencies suggesting that they may be up to the same tricks as their ‘Five Eyes‘ partner stateside. To the question, “does this mean Canadian authorities are engaged in similar forms of surveillance?” Geist concludes that it is certainly possible, even likely.

If so, Google says they aren’t involved. I asked Google Canada spokesperson Leslie Church if the search giant is participating with our government in any bulk surveillance effort of any kind. Here’s what she says:

“We do not provide broad or untargeted access to user data. We refuse to participate in any program – for national security or other reasons – that requires us to provide governments with access to our systems or to install their equipment on our networks.”

As comforting as Church’s statement sounds, it’s still not a simple “no.” Might she be employing semantic sophistry to obscure some kind of bulk spying which Google considers to be “targeted” enough not to qualify as bulk surveillance? Or perhaps a mass spying technique that doesn’t involve installing government spyware or handing over the keys to Google servers? Why, I ask, can’t Google simply assure me there were no surveillance targets in 2012 beyond the 128 users they’ve disclosed?

Instead of an answer, Church directs me to David Fraser, a well-known Canadian Internet privacy lawyer who has worked for Google. Unwilling to speak directly about Google (Fraser doesn’t represent them in this matter), we speak instead about what Canadian law has to say about digital surveillance.

I ask Fraser if a company like Google might be placed under a “gag order” by the courts whereby they wouldn’t be allowed to disclose a surveillance effort. Fraser tells me that “there’s no ‘Fight Club’ rule in the National Defence Act, but the CSIS act does give courts broad discretion to put terms and conditions into a surveillance warrant.”

Might one of those conditions be secrecy, I ask? “It’s possible,” says Fraser.

But Fraser also explains just how difficult it would be for CSIS or CSEC to enlist a U.S.-based company like Google. Corporate structuring, or the physical location of servers, might place data outside of the jurisdiction of Canadian law. Meanwhile, U.S. law might prevent them from providing intelligence to a foreign government.

The truth is, if CSIS and CSEC wanted to intercept every bit of data we create (including information that passes through Google’s servers), they could get it without Google’s help. The most logical place to nab it would be at the backbone level: from Canadian infrastructure owners like Bell, Telus and Rogers (the parent company of Maclean’s).

So I posed the same question to these companies, which collectively control over 90 per cent of the telecommunications market in Canada. Have they been providing police or other authorities with bulk data on their customers?

Bell responded, with a fairly direct denial from spokesperson Jacqueline Michelis:

“Bell would only provide access to law enforcement agencies in response to a court-approved warrant regarding specific individuals and as part of an ongoing investigation.”

I followed up, just to be sure that Bell defines “specific individuals” the same way we all would: someone specified by their name, not by vague specifications like, say, “all males over 18 residing in this postal code.”

Michelis confirmed that yes, Bell needs warrants with names before they’ll hand over data.

Rogers and Telus have yet to respond. If and when they do, I’ll update this post with their replies.

UPDATE: To my question; is Telus providing CSEC, CSIS, or any other branch of Canadian law enforcement with bulk data (including metadata) on its customers (internet or mobile),  Telus spokesperson Shawn Hall has responded with the following:

“TELUS fully supports law enforcement’s need to carry out lawful wiretap of communications with a warrant, which ensures proper judicial oversight and protection of customer privacy. It can be a necessary tool in their investigations. We do not voluntary (sic.) release customer information. “

Follow Jesse on Twitter @JesseBrown




Browse

Google and Bell deny roles in mass surveillance of Canadians

  1. So funny that Rogers has not yet responded… something to hide???

  2. One further question I would like Telus, Rogers, Bell etc to answer is whether or not they had been asked by CPC govt et al to give data to Cdn security agencies and also whether or not their answer to that question had already been gagged? There should never be another set of privacy rules operating outside the public view. If our govt is breaching privacy rules, by making up a secret set of rules, the Canadians at least deserve to know. So we can vote accordingly in all future elections. Some things a poli-party does to try to keep its hold on power, we will not forgive. Spying on your own people for your own sorry purposes, such as electoral suppression and silencing of critics is most definitely one of them. So please do find out what the CPC govt has been trying to do behind the backs of the Canadian people. Thanks a bunch!

      • ever bother reading Bill C-30?

        after you do, please tell us how much tinfoil you want in your new hat.

      • ^ Works for Rogers

      • I guess you haven’t been reading the news. We should all be wearing tin foil hats. In fact it might make for a good way to protest.

  3. It’s outrageous that someone other than multinational advertising companies is able to track our every keystroke and movement!

  4. Well, unless there’s wiggle room that I’m missing, that’s reassuring so far. I may have to reconsider my support for opening up Canada’s telecom market; Canada’s three oligopolistic companies may overcharge us and provide an execrable level of customer service, but at least we retain some degree of privacy. Let American companies into the market and we could lose that.

  5. I somehow don’t believe these canned responses from the phone companies and google. I think they’re lying through their teeth.

Your email address will not be published. Required fields are marked *