Another bombshell went off in Canadian telecom Thursday morning when it was revealed that at least one Canadian telecom is evidently giving the Canadian government unrestricted access to communications on its network, according to documents from Canada’s privacy commissioner.
The Huffington Post reports that the documents, obtained by University of Ottawa digital law professor Michael Geist, cite an unnamed telecom firm as saying it had allowed the government to essentially copy the communication data moving on its networks.
“Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transits the network of data nodes,” the privacy commissioner’s document states.
“This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes.”
“Deep packet inspection” is a method of analyzing internet traffic to determine the exact type of content. It can distinguish between emails, file-sharing and other types of internet communication, and can be used to build statistics about an internet user.
The statement appears in a document prepared by law firm Gowling Lafleur Henderson for the privacy commissioner. It summarizes nine telecom firms’ responses to questions about law enforcement access posed by the commissioner.
Geist called it “an incredible admission” in a blog post published Thursday.
“Are there legal grounds for these disclosures? Who is doing this?” Geist asked. “Given the uncertainty and the enormous privacy implications, the Privacy Commissioner of Canada is surely entitled to investigate this admission using her current powers….”
In documents released Tuesday, interim federal privacy commissioner Chantal Bernier revealed that the government made about 1.2 million requests for subscriber data from Canadian telecoms in 2011. Geist calculates that works out to one request every 27 seconds. Telecom firms complied with the requests at least 784,000 times, the privacy commissioner’s report showed.
So – what does Worldline do? Not that.
I asked our CTO Francisco Dominguez earlier this year to spell out in the simplest terms what we do and don’t do when it comes to our customers data and information. It turns out, we don’t do much, and when we do disclose any information it’s under very specific circumstances with very strict guidelines:
Francisco says for telephone numbers, if a law enforcement agency (LEA) requests information and indicates it’s an imminent threat to life we collect the law enforcement agency contact details (badge/name/dept/LEA name/contact number) and confirm the LEA through a call back mechanism, then we provide address details for the subscriber limited to:
First-name Last-name, address, city, postal code, alternate phone numbers
If a law enforcement agency requests information and does not indicate an imminent threat to life we require a warrant.
Once a warrant is received we provide the details outlined in the warrant only.
So, for the record, that’s our disclosure policy. Contact information only, and only when it’s a matter of life or death, or if we are presented with a warrant.