Waiting for the “Access” Axe to Fall: New Investigatory Assistance Legislation for Canada PST-2005 St Andrews, NB David A Townsend UNB-Law & NRC-IIT 12 October 2005
Overview: Parliament – to introduce lawful access Bill Design, operation and costing of almost all ‘public’ networks will be impacted (wire-line, wireless and Internet) Future - network architecture, applications and services must be ‘access compliant’ “Access” = handover by Telecom. Service Provider (TSP) of specified Subscriber- related data to Law Enforcement Agencies (LEAs) upon lawful demand
Many challenges: Technical, Legal and Social challenges: 1) Done lawfully (Charter, Crim. Code, evidence law, privacy law and international obligations) 2) Does not undermine public trust (appropriate judicial oversight and public accountability) 3) Does not inhibit public networks (competitive forces, cost structures, rollout of new technologies and services, cust. relationship) 4) Done in technology-neutral manner (strive for uniform ‘expectation of privacy’ for all e-communication – inc. and SMS) 5) Need laws based upon first principles and not a legislative extension from common carrier era 6) Significant period for training and adjustment
Current Legislation: 1974 Crim. Code wiretaps (Protect Privacy) 1993 Code amended (s21 of CSIS in 1984) – Search warrants s.487. (1) – General investigative warrants s – Suspect tracking warrants s – Dig. Number Recorder (DNR) warrants s – Production of telephone records s.492.2(2) – Interception (wiretap) warrants s.186 and ss (3), 184.3(6) and 188.(2)
Current Leg. Con’t. – Assistance Orders (for all 6 warrants) s – 2 new Production Orders s & (general and specific info.) Code attempted to match intrusiveness with quantum of evidence necessary for judge Charter case law of 1990s offered good check on state surveillance powers & activities But, Code is 13 ‘telecom years’ out of date ! And, Code not address methodology, cost recovery or lack of network capacity
Network Capacity & Methodology for Cellular Analog cellular introduced 1985 – Fairly easy to intercept (scanners, UHF tuners) – Gov’t had low expectations of privacy Digital (PCS) cellular introduced 1995 – Interception difficult - encoding and encryption – FBI pressed Canada to add intercept requirements – 23 distinct requirements added as licence conditions under Radiocommunication Act (done quietly) – Similar conditions in USA, New Zealand & Australia
What do LEAs want ? General investigatory information: – Subcriber name, address, phone number, local service provider (LSPID) – LEAs pressed for national database, paid for by subscribers, available to LEAs w/o a warrant Targeted investigations: – Subcriber name, address, phone number, device number (e.g. ESN), service provider (LSPID), dynamic IP addr. – Best available location-based information – Detailed network transaction data – For wiretap – 100% of transaction data, location data and communication content – Immediate preservation of specified data
Implications of Subscriber DB National Subscriber Data Base – very onerous and expensive for telecom industry – Thwart anonymous use of telcom. (pay-as-you- go, calling cards, anonymous , blogging) – Warrantless access by LEAs undermines current privacy protections for subscriber info. – Subscriber Data Base facilitates data-matching and data mining (including profiling)
Location Implications: Location-based Information: – Location data will become increasingly precise (tracking in real time or historic track) – Precision tells much about what target is doing – Technology no longer an assist to physical surveillance – What evidential burden must be met to secure relevant tracking warrant from a judge? – What use in civil cases?
IP Data Challenges: Many IP data challenges: – For 100% of transaction, location and content data the Service Provider must isolate, preserve and hand-over mass quantities of targeted data – Isolation, processing and preservation by TSPs raises significant forensic evidence issues – Intercept warrants often sought against number of targets = storage capacity challenges for TSP
IP Data Challenges – con’t: Warrants for Transaction Data (only): – No parallel to historic ‘DNR Order’ – IP transactional data may include: the dialling, routing, addressing, signaling information that may provide the origin, direction, timing, duration, type and size of a e-communication. – For and web surfing the transactional data may provide everything but the content – But…the content may be unnecessary – What evidential burden must be met by LEAs?
Path to ‘Access’ Legislation: Federal gov’t commissioned background studies in August release of “Lawful Access Consultation Document” – Significant criticism = lack of justification and specifics, failure to understand technology Comment period extended to mid December 2002 Over 300 submissions tendered
On the Path in Series of public and private consultations followed Spring 2003 gov’t introduced Bill C-46 (now Bill C-13). (s and s ) – Bill C-13 (passed March 22.04) added a general and specific data ‘production order’ to Crim. Code for investigation of serious corporate fraud. Came into force in September Also in Spring 2003 gov’t introduced Bill C-32 (now Bill C-14).) – Bill C-14 (passed April 21.04) provided a new exception in Code to unlawful interception for managers of computer systems who intercept to protect their networks
The Path ends in November? August 2003 DOJ released summary of consultations New rounds of selective consultations held in Drafts of policy package shared quietly with key stakeholders in Spring 2005 Commitment to introduce Bill in Fall 2005