ISPs as Privacy Custodians

Just published in the Canadian Journal of Law and Society (CJLS) is my article on Internet Service Providers as Privacy Custodians (a pre-print version is available here). The content is adapted (and updated) from a chapter of my PhD dissertation, wherein different chapters dealt with different social responsibilities of ISPs in Canada. The focus of this piece is on privacy responsibilities, but these are interrelated with ISPs’ other responsibilities and social roles, such as surveillance. For example, Canada’s Privacy Act was referred to as the “wiretap bill” while it was being debated in 1973, because while it criminalized the invasion of privacy, it also provided a formal legal route through which the police could obtain wiretaps (I particularly enjoyed studying the murky history of wiretapping in Canada for this piece, which I could only include in summary form).

The responsibilities of ISPs to protect privacy directly shape how police can carry out investigations involving subscriber information, how copyright enforcement operates, and the sorts of commercial relationships ISPs can enter into when monetizing subscriber information. I settled on the term “privacy custodians” to describe the role of ISPs in governing privacy for lack of a better one (the term is used in health care, and here I conceive of privacy governance as being broader than managing the personal information of users, encompassing a broader relationship to the public including policy advocacy, public accountability, and privacy education). I’ve been interested in how different ISPs approach the role of privacy custodian, at times through differing interpretations of legal obligations, but also through different kinds of voluntary efforts to go beyond legal obligations. I discuss these by distinguishing positive responsibilities (the responsibility to do something) and negative responsibilities (the responsibility to not do something). I argue that we should pay attention to the ways that ISPs are distinguishing themselves by carving out and asserting new positive responsibilities, but being mindful of the discretion with which they do so, and the pressures to compromise privacy given the growing value of the data that these intermediaries can collect.

The abstract reads:

This article examines the role of internet service providers (ISPs) as guardians of personal information and protectors of privacy, with a particular focus on how telecom companies in Canada have historically negotiated these responsibilities. Communications intermediaries have long been expected to act as privacy custodians by their users, while simultaneously being subject to pressures to collect, utilize, and disclose personal information. As service providers gain custody over increasing volumes of highly-sensitive information, their importance as privacy custodians has been brought into starker relief and explicitly recognized as a core responsibility.

Some ISPs have adopted a more positive orientation to this responsibility, actively taking steps to advance it, rather that treating privacy protection as a set of limitations on conduct. However, commitments to privacy stewardship are often neutralized through contradictory legal obligations (such as mandated surveillance access) and are recurrently threatened by commercial pressures to monetize personal information.

While tensions over privacy and state surveillance have been long-lasting and persistent, in recent years the most interesting developments have been related to the monetization of personal information. Recent news have included the re-launch of Bell’s targeted ads program, and another U.S. privacy scandal involving the resale of location information. Canadian incumbents collaborate on location and identification services through EnStream, which has so far remained relatively quiet and scandal-free, but also introduced a new role into the subscriber-provider relationship. We pay service providers to give us connectivity and some extent of privacy, but these companies are also serving the needs of customers who want information about us.

In short, the internet’s gatekeepers are also the gatekeepers of our identities and activities.

Review of Susan Landau’s — Surveillance or Security?

I’ve been going through my files recently, and discovering some that I had forgotten. A couple of times now I’ve had submissions to journals fall into a void. Ideally, when this happens the piece can still find a home somewhere else, but this was a review of book from 2010 written in 2012, and in 2013 Snowden changed the world and I felt the need move on. Still, Landau’s book remains valuable and some of these issues are even more salient today (also of note, in the 1990s Landau co-wrote Privacy on the Line with Whitfield Diffie).

Book Review: Landau, Susan. 2010. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. Cambridge, MA: MIT Press.

The choice between security and civil liberties remains a commonplace way of framing many surveillance debates. Susan Landau’s argument in Surveillance or Security? is that many surveillance technologies and systems not only compromise privacy, but may actually make us less secure. This thesis, while worth repeating, will not be novel for some readers familiar with surveillance and security debates. However, readers who are already well-versed in criticisms of the freedom-security opposition will still find a great deal of value in Landau’s book, including the nuance of her more policy and technology-specific arguments and the wealth of detail she provides on various electronic surveillance practices. The patience and clarity with which Landau walks readers through this detail is commendable, and the book makes many technical and legal matters understandable to those unfamiliar with telecommunications, electronic surveillance, or U.S. law. Despite this, reading Surveillance or Security? from beginning to end requires a considerable interest in the subject matter, and much of its detail will be superfluous to those interested in more general surveillance questions or electronic surveillance in a non-U.S. context.

The nuance of Landau’s argument preserves a legitimate and lawful role for surveillance by state actors, and her critique is targeted specifically at emerging forms of surveillance made possible in the age of digital networks. Of greatest concern is the ability to embed surveillance capabilities into our increasingly-capable communications infrastructures. Justifications for expanded or “modernized” police and national security surveillance capabilities are often premised on the need to bring telephone-era laws and abilities up to date with the internet. Landau provides a very effective introduction to telephone and packet-switching networks, the development of the internet, and the contemporaneous changes to U.S. surveillance law and practice. In the process, she shows how the nature of communication and surveillance has been transformed, and how inappropriate the application of telephone-era surveillance logic can be for internet architecture. While telephone and packet-switching networks are now deeply integrated, the reader will learn just how difficult “wiretapping the internet” is when compared to traditional telephone wiretaps. On the other hand, the book also discusses the vast amounts of information available about our digital flows, and how these possibilities of data collection introduce new dangers.

The most forceful of Landau’s arguments are against the embedding of surveillance capabilities into our networked communications infrastructure, as this amounts to an “architected security breach” (p.234) that can be exploited or misused. The main example provided by the author of such modern wiretapping gone wrong is the activation of surveillance capacities embedded in the software of an Athens mobile phone network during 2004 and 2005, wherein parties unknown targeted the communications of Greek government officials. While this case of wiretapping was highly selective, Landau also cites the current U.S. “warrantless wiretapping” program to illustrate the dangers of overcollection. A third case, the FBI’s misuse of “exigent letters” to acquire telephone records after September 11, shows how the risk of overcollection is exacerbated when wiretapping cannot be audited and fails to require “two-organizational control”. In the exigent letters case, FBI investigators and telephone company employees working closely alongside one other were able to nullify institutional boundaries and circumvent legal requirements. From these cases, Landau concludes that “making wiretapping easy from a technical point of view makes wiretapping without proper legal authorization easy” (p.240). Among her chief concerns is the historical propensity to take advantage of surveillance-ready technologies to target journalists and political opponents, and the possibility of “nontargets” being caught up through overcollection.

Surveillance or Security? offers solutions as well as warnings, and these are primarily oriented towards safeguarding communications security. As a general prescription, Landau argues for partitioning our networks to a greater and more sophisticated degree. This includes increased use of identity authentication and attribution for particular networks, and keeping others entirely inaccessible from the public internet. But Landau expressly opposes building identity authentication and surveillance mechanisms (such as deep packet inspection) into the internet itself. Overall, this is a sensible solution that can address “digital Pearl Harbor” fears while preserving the general openness of the internet. Our networks already have “walled gardens” for governments and corporations, and Landau calls for more effective partitions as well as open public vetting of security mechanisms (pp.240-241). Sanctioned wiretaps should also be auditable and not under the independent control of any one organization.

Ultimately, questions about how the internet should be designed and governed boil down to what we value in the network. Many have pointed out that that the values which drove the development of the internet did not include ensuring its security, so that concerns over identification, authentication, malware and cyberattack surfaced later in its development and are difficult to resolve. The debate over whether internet governance and internet architecture needs to be revised in the interests of security continues to this day, but the choice is not simply between security and openness. Rather, “security” can point to a whole host of challenges, some of which can be in opposition to one another. Landau does indeed distinguish between different security threats, but while there is a chapter entitled Who are the intruders?, no equivalent breakdown is given of “whose security” is of primary interest. Instead, Landau treats personal security, national security, and corporate security as compatible and amenable to some of the same solutions. She explicitly values personal privacy and the open innovation made possible by the internet, but also warns against growing foreign threats to the economy and critical infrastructure of the United States. The closing sentence of the book calls for communication security “to establish justice, maintain domestic tranquility, and provide for common defense” (p.256), and it is in the tensions between these three objectives that the supposedly false choice between freedom and security materializes once again.

Landau promotes the value of privacy and journalistic freedom, puts the danger of terrorism “in context” (p.222), and warns against heavy-handed approaches to illegal file-sharing (pp.34-35). But in debating the appropriateness of embedded surveillance or privacy-enhancing cryptography, the reader also learns that “we must weight the costs” (p.35) or the advantages against the disadvantages (p.219) of such technologies and practices. The problem is that different readers may have rather different conception of who is denoted by the “we” in such a formulation, and where the costs accrue. If the security threat is the “havoc” that can be wreaked through an internet connection multiplied by the size of the cyber-capable Chinese army (as Landau suggests in the epilogue, p.255), then Richard Clarke and Robert Knake’s (2010) proposal to embed surveillance and filtering at internet service providers (ISPs) to deal with foreign cyberattacks might seem quite reasonable (such surveillance would receive “rigorous oversight by an active Privacy and Civil Liberties Protection Board to ensure that neither the ISPs nor the government was illegally spying on us” [Clarke & Knake 2010, p. 162]). The principles which guide Landau’s judgments are those embodied in the U.S. Constitution, the open and innovative possibilities of our networks, the right to privacy in communication, and the need to be protected from electronic “intruders” and “threats”. But in making these various appeals Landau is also providing the means to undercut her argument against embedded surveillance, if one values a particular type of security or fears a threat to security over others. She closes with an appeal to consider communications security as vital to both national and personal security, to democracy as well as defense (p.256), but the argument that embedded surveillance makes us less secure is on weaker footing when faced with the catastrophic specter of a cyber-war with China.

In the end, readers may find themselves confronting the dilemma identified by Jonathan Zittrain (2008, pp.60-61), who argues that “the cybersecurity problem defies easy solution, because any of the most obvious solutions to it will cauterize the essence of the Internet”. Like Zittrain, Landau thinks we can improve cybersecurity without sacrificing the internet’s propensity for openness and innovation, but at times she seems to address her arguments more at U.S. policy makers, security officials, and American citizens than at a general readership. The book includes a chapter devoted to analyzing “the effectiveness of wiretapping” in the furtherance of national security and criminal investigations, and the threat of China’s espionage and cyberattack capabilities looms large against a “United States that is being weakened by the very information technologies that brought the nation such wealth” (p.171). Landau’s approach may appeal to those Americans in greatest need of convincing, but it marginalizes arguments based on more critical premises, such as the potential of open networks and private communications to facilitate valuable forms of disruption and social change.

Surveillance or Security? focuses on the U.S. because the complexity of wiretapping policy is better explored through one nation’s economic and legal perspective, and Landau claims that “it should not be hard to reinterpret the issues from the perspective of other nations” (p.10). The networks that constitute the internet certainly warrant analysis on the level of the nation-state, in particular due to the increased assertion of territorially-based state power over and through the internet. The U.S. also deserves study in its own right by anyone interested in global telecommunications, not only because of the influential role of the U.S. in the history of telecom, but because the world’s telecom networks remain disproportionately dependent on U.S.-based institutions and infrastructure. The layout of global fiber-optic cable makes the U.S. “a communications transit point for the entire world” (p.87), and the overall layout of the World Wide Web also remains largely U.S.-centric.

However, many of the details of U.S. wiretapping legislation and practice will not be of interest either to the general reader or to the scholar interested in broader questions of surveillance and telecommunication. The book’s detailed analysis of the U.S. case is therefore its greatest strength, or, for a more general audience, its greatest weakness. Among other strengths are the clarity of Landau’s descriptions of network architecture and internet history, which do not presume prior knowledge on the reader’s part. Surveillance or Security? is clear and approachable, and contributes some much-needed scholarship on the intersection between state and private institutions underpinning contemporary surveillance systems. At its best, it pours cold water on the need to overhaul the internet and expand the scope of electronic surveillance, but Landau is not above fanning the flames to give the issue of communication security some added urgency. In between, surveillance scholars will find plenty of value in the book’s well-researched detail and Landau’s considerable expertise.

One of the headings in the book, What it means to “get communication security right”, remains an open question, with governments moving slowly on the issue, and private institutions largely pursuing their own policies. While it seems clear that securing our communications networks will not be quick or easy, a more immediate concern are poorly-considered proposals to embed and institutionalize surveillance regimes and their attendant harms. Surveillance or Security? contributes to an important conversation, injects caution into a frequently overheated discussion, and offers much of substance for those acquainting themselves with communications security and surveillance.

References

Clarke, Richard. A., & Knake, Robert. (2010). Cyber War: The Next Threat to National Security and What to Do About It. New York: Ecco.

Landau, Susan. 2010. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. Cambridge, MA: MIT Press.

Zittrain, Jonathan. 2008. The future of the internet–and how to stop it. New Haven: Yale University Press.

 

Lawful Access Consultation 2016

Another federal government consultation has recently wrapped up, this time with Public Safety asking about national security. Like other ongoing consultations, this one was criticized (for example, by Christopher Parsons and  Tamir Israel) as framing the policy issue in a way that the government prefers, and trying to legitimate some ideas that should have been discredited by now. I would say that the consultation framed the issue very much as Public Safety (for instance, the RCMP) would prefer, repeating old rationales, and seeing the world from a perspective where the ability to exercise sovereign will over information flows is paramount. The Green Paper provided for background reading foregrounds the concerns of law enforcement & security agencies, is peppered with the words “must” and “should”, advancing some dubious assumptions. Public Safety asked for feedback on terrorism-related provisions (including C-51), oversight, intelligence as evidence, and lawful access. The last of these has seen a number of previous consultations, but is back in the news as police make their case for the issue of “going dark” (which has become part of the RCMP’s “new public narrative” for a set of concerns that were once broadly talked about as lawful access).

I let this one get away from me, so I didn’t have anything ready for Dec. 15 when the online submission closed. Regardless, I’ve decided to complete most of the questions related to the topic of Investigative Capabilities in a Digital World as a blog post. I don’t feel particularly bad for missing the deadline, since several of these questions border on ridiculous. For a true public consultation on what has long been a very contentious issue, it would be important for the questions to be informed by the arguments on both sides. Privacy experts would have asked very different questions about privacy and state power, and on a number of topics Public Safety seems to be trying to avoid mentioning the specific policies that are at stake here.

How can the Government address challenges to law enforcement and national security investigations posed by the evolving technological landscape in a manner that is consistent with Canadian values, including respect for privacy, provision of security and the protection of economic interests?

When I think of Canadian values, “privacy, provision of security and the protection of economic interests” are not what come to mind. When I ask my students what they associate with Canada, these particular values have never come up in an answer. I think we should consider democracy as a fundamental value, and understand that state secrecy is antithetical to democracy. When it comes to the relationship between citizens and the state, Canadian values are enshrined in the Charter, and the Supreme Court is ultimately responsible for interpreting what is consistent with the Charter. Therefore, Canadians deserve to understand what is being done in their name if we are to have a meaningful democracy, and this includes the existence of an informed, independent judiciary to decide what government actions are consistent with Canadian values.

In the physical world, if the police obtain a search warrant from a judge to enter your home to conduct an investigation, they are authorized to access your home. Should investigative agencies operate any differently in the digital world?

If we accept the digital/physical distinction, the answer is a definite yes — investigations carried out today operate differently than they did in the simpler, more “physical” 1980s. But it is important to keep in mind that analogies between the digital and physical environment can be misleading and dangerous. When it comes to the “digital world”, I prefer to talk about it in digital terms. The stakes are different, as are the meaning of terms like “to enter”. If we must make these comparisons, here is what treating these two “worlds” as analogous would mean:
The police can enter my home with authorization, and seize my computer with authorization. I am not required to make my computer insecure enough for the police to easily access, just as I am not required to keep my home insecure enough for the police to easily access. I am not required to help the police with a search of my home, and so I should not be required to help police search my computer. If I have a safe with a combination lock in my home, I cannot be compelled by police to divulge the combination, so by analogy, I should not be compelled to divulge a password for an encrypted disk.

But analogies can only take us so far. A computer is not a home. Metadata is not like the address on a physical envelope. We need to understand digital information in its own terms. To that end, some of the more specific questions found further in this consultation can produce more helpful answers. Before we get to these however, this consultation requires me to answer a couple more questions based on the presumption of digital dualism.

This question is hard to answer without knowing what it means to “update these tools”, and seems to be intended to produce a “yes” response to a vague statement. Once again, digital/physical comparisons confuse more than they clarify — these are not separate worlds when we are talking about production orders and mandating the installation of hardware. We can talk about these topics in their own terms, and take up these topics one at a time (see further below).

If we could only get at the bad guys in the digital world, but there's all this code in the way!
If we could only get at the bad guys in the digital world, but there’s all this code in the way!

Is your expectation of privacy different in the digital world than in the physical world?

My answer to this question has to be both yes and no.

No, because I fundamentally reject the notion that these are separate worlds. I do not somehow enter the “digital world” when I check my phone messages, or when I interact with the many digitally-networked physical devices that are part of my lived reality. Privacy law should not be based on trying to find a digital equivalent for the trunk of a car, because no such thing exists.

Yes, expectations of privacy differ when it comes to “informational privacy” (the language of Spencer), because the privacy implications of digital information need to be considered in their own terms. Governments and public servants do Canadians a disservice with phonebook analogies, license plate analogies, or when they hold up envelopes to explain how unconcerned we should be about government access to metadata (all recurring arguments in the surveillance/privacy debate). In many cases, the privacy implications of access to digital information are much more significant than anything we could imagine in a world without digital networks and databases of our digital records.

Basic Subscriber Information (BSI)

 

As the Green Paper states, nothing in the Spencer decision prevents access to BSI in emergencies, so throwing exigent circumstances into the question confuses the issue, and once again seems designed to elicit a particular response that would be favorable to police and security agencies. In the other examples, “timely and efficient” is the problem. Agencies understandably want quicker and easier access to personal information. The Spencer decision has made this access more difficult, but any new law would still ultimately have to contend with Spencer. Government, police, and security agencies seem to be in a state of denial over this, but barring another Supreme Court decision there is no going back to a world where the disclosure of “basic” metadata avoids section 8 of the Charter, or where private companies can voluntarily hand over various kinds of personal information to police without fear of liability.
If the process of getting a court order is more onerous than police would like, because it would be easier to carry out preliminary investigations under a lesser standard, it is not the job of government to find ways to circumvent the courts. If the process takes too long, there are ways to grant the police or the courts more resources to make it more efficient.
There are ways to improve the ability of police to access metadata without violating the Charter, but any changes to the existing disclosure regime need to be accompanied by robust accountability mechanisms. Previous lawful access legislation (Bill C-30) was flawed, but it at least included such accountability measures. In their absence, we only know that in a pre-Spencer world, police and government agencies sought access to Canadian personal information well over a million times a year without a court order, and that a single court order can lead to the secret disclosure of personal information about thousands of Canadians. Police and security agencies have consistently advocated for these powers, but failed to document and disclose how they actually use them. This needs to change, and the fear of disclosing investigative techniques cannot be used to prevent an informed discussion about the appropriateness of these techniques in a democratic society.
Do you consider your basic identifying information identified through BSI (such as name, home address, phone number and email address) to be as private as the contents of your emails? your personal diary? your financial records? your medical records? Why or why not? 
The answer to this question depends on an exhaustive list of what counts as BSI. It is important to have a clear definition of what counts as BSI, because otherwise we might be back in the pre-Spencer postion where police are able to gain warantless access to somebody’s password using powers that were meant for “basic identifying information”.
The answer to this question also depends on an explanation of what is done with this “basic” information. As was recognized in Spencer, we can no longer consider the privacy impact of a piece of personal information in isolation. This is how lawful access advocates prefer to frame the question, but this is not how investigations work in practice. BSI is useful only in combination with other information, and if we are talking about metadata (a term that curiously, never appears in the Green Paper) it is now increasingly-understood that metadata can be far more revealing than the content of a personal communication, when it is used identify people in large datasets, determine relationships between individuals, and patterns of life.
So in short, yes — I am very concerned about BSI disclosures, particularly when I don’t know what counts as BSI, and what is being done with this information.
Do you see a difference between the police having access to your name, home address and phone number, and the police having access to your Internet address, such as your IP address or email address?
I see an enormous difference. As previously discussed, these are not analogous. An IP address is not where you “live” on the internet — it is an identifier that marks interactions carried out through a specific device.

Interception Capability

This is not a question… Yes all of this is true.
Should Canada’s laws help to ensure that consistent interception capabilities are available through domestic communications service provider networks when a court order authorizing interception is granted by the courts?
The key word here is “consistent”, and the question of what standard will be required. It would be very easy for government to impose a standard that large telecom incumbents could meet, but which would be impossible for smaller intermediaries. As things are, the incumbents handle the vast majority of court orders, so I would love to see some recent statistics on problems with ‘less consistent’ intermediaries, particularly if this is a law that might put them out of business.

Encryption

I think the answer to this has to be never. People cannot be forced to divulge their passwords — in our society they can only be put in prison for very long periods of time. In other cases, assisting with decryption means forcing Apple to break through their own security (which was meant to keep even Apple out), or driving companies out of business unless they make products with weak security. This does not work in a world where a single individual can create an encryption app.

How can law enforcement and national security agencies reduce the effectiveness of encryption for individuals and organizations involved in crime or threats to the security of Canada, yet not limit the beneficial uses of encryption by those not involved in illegal activities?

By doing anything other than mandating insecurity for everyone. The answer cannot be to make technology insecure enough for the state to exploit, because this makes everyone insecure, except for those who use good encryption (which has become too commonplace to stamp out).

 

The final two questions deal with data retention, a topic I’ll leave for a later time…

Still sorting out the post-Snowden balance

The ongoing fight between Apple and the FBI, in which a growing number of companies have declared their own interest and support, is the latest constitutive moment for what it means to live in the “post-Snowden” era. This is because the fight is a direct consequence of changes made by Apple following the Snowden disclosures, and because it is now being used as a way to stabilize some sort of “balance” between government and industry, after the massive shake-up of this relationship in late 2013/early 2014. The shift that occurred included major tech companies treating their own government as an adversary to defend against. Now, Apple has reportedly decided that its own engineers must also be part of this threat model. After Snowden, the company decided that it no longer wanted to be able to unlock phones for the government. Now, the challenge is to develop security that the company cannot even help the government break through some indirect means.

The term “post-Snowden” has gotten a lot of use in the last couple of years, but the Apple-FBI battle demonstrates the real shift to which it refers. Perhaps in a few years, the impact of the Snowden disclosures will be forgotten, in much the same way as the crypto war of the 1990s faded from memory as the relationship between industry and government got cosy after 9/11. But the world did change in a variety of substantial ways as a consequence of Edward Snowden’s actions, and we are still grappling with the legacy of those changes.

The Snowden disclosures were a truly international story with many local manifestations. Just as NSA-affiliated surveillance infrastructure had been extended around the globe, scandal touched the various nations implicated in the documents, and opened the door to local investigations. News stories broke one after another, with governments as either targets or practitioners of surveillance. Canada, as a member of the exclusive “Five Eyes” surveillance club, was reminded that it too had an agency with a mandate similar to the NSA (CSEC, now CSE). More clearly than ever, citizens understood that the surveillance infrastructures of intelligence agencies had global reach. Canada hasn’t seen public battles between government and industry like the one currently involving Apple, and discussions of government surveillance have been more muted than in the US, but a series of Snowden-related stories in this country have also fed into long-standing concerns about surveillance and privacy.

I want to spend more time on how the Snowden disclosures impacted Canada in a later post, but for now I’ll just briefly reflect on my own experiences studying the telecom industry during this period.

I began attending meetings of network operators and engineers in 2012. The first of Snowden’s revelations hit in June 2013, and by the fall of 2013, the topic of state surveillance was a regular part of conference conversations and presentations, if not the actual topic of presentations themselves. At the October 2013 NANOG conference, the internet’s North American engineers cheered the resistance of Snowden’s email provider to disclosure demands by the US government (Ladar Levison had built what was meant to be a secure email provider, but the FBI ordered him to hand over the encryption keys. Attendees applauded his efforts to make the FBI’s job as difficult as possible). At the IETF in Vancouver the following month, participants overwhelmingly voted to treat pervasive surveillance by state intelligence agencies as a technical attack on the internet, and debated how to protect against it. At a Canadian industry conference in April 2014, an executive with an incumbent ISP argued that service providers had an opportunity to gain a competitive advantage by offering better security, and showed a photo of Snowden as an answer to the question of why we care about privacy and security. Interestingly, Canadian government agencies reportedly joined Canadian companies in touting the country’s privacy and security advantages to customers concerned by surveillance in the US.

After Snowden, corporate management and operational decisions took time to shift, but the change in discussions and governance forums was more immediate. It wasn’t just that private intermediaries suddenly had a new threat to worry about, but that the nature of their role, and their relationship to their users/customers had changed. Snowden’s revelations included the fact that the NSA had been undermining the very internet infrastructure that the agency had been tasked with protecting, but also the suggestion that it had done so with intermediaries acting as private partners. Best exemplified by early reports of the PRISM program, some intermediaries were now seen as complicit in this global spying apparatus. As a consequence, companies began limiting cooperation with government agencies and issuing transparency reports about the nature and extent of their information disclosures.

The Snowden disclosures contributed to cynicism and distrust of both government and private industry, and trust is key for companies that have built a business model around securing personal information. Companies such as Apple are positioning themselves as trusted stewards of personal information, with the recognition that customers often do not trust government assurances that they will only access such data in limited and justified circumstances. The most recent moves by Apple are an attempt to move data even further out of the reach of these providers themselves. Such an approach will not be possible for companies that depend on access to this data as part of their business model (for advertising purposes), but for those selling hardware and online services, building walls against governments is now often more desirable than negotiating access.

From one perspective, the Apple-FBI fight is about setting a precedent for government power in the post-Snowden era. But I would say that it is an indicator of a loss of government power, a shift in the orientation of the US tech industry to the state, and one of the continuing consequences of Snowden’s decision to shake up the world.

Telecom Companies as Privacy Custodians (Rogers and Telus tower dumps)

Yesterday, Justice Sproat of the Ontario Superior Court released a decision in a case involving Rogers, TELUS, and the Peel Regional Police. Back in 2014, the police force had requested “tower dump” data from these companies in order to identify some robbery suspects. The orders were so broad (the broadest ever, to the knowledge of the TELUS deponent) that the telecom companies opposed them in court. Despite the fact that the production orders were then withdrawn by police, the judge heard the case anyhow, and was able to offer guidance for police and telecom companies dealing with similar cases in the future.

David Fraser has provided a legal analysis of the decision, which found that “the Production Orders were overly broad and that they infringed s. 8 of the Charter” [42]. For me the most interesting aspects are what this decision tells us about the roles and responsibilities of intermediaries as privacy custodians. The decision states (on the issue of whether the companies have standing in the case) that Rogers and TELUS “are contractually obligated” to “assert the privacy interests of their subscribers” [38]. That is to say, the relationship these companies have with their customers creates obligations to protect subscriber information, and this protection includes defending subscribers against unconstitutional court orders. It is not reasonable to expect individual subscribers to defend their privacy interests in such cases — the intermediary should stand between the individual and the state as a privacy custodian (and this means making determinations about which police requests and court orders are unconstitutional).

Also of particular interest is the judge’s recommendation that police should request “a report based on specified data instead of a request for the underlying data itself”, unless this “underlying data” is required for some reason [65]. This means that instead of asking companies such as Rogers and TELUS for the personal information of tens of thousands of subscribers, so that the police can determine which subscribers to investigate further (presumably those in the proximity of more than one crime scene), the telecom companies could do this work themselves, and disclose only the information of subscribers that meet particular criteria. In effect, this type of practice would require and entrust intermediaries to do as much of the initial investigatory work as possible, handing over only the information that police need to proceed further. This particular guideline is meant to limit the privacy impact of such disclosures, since the judge notes that personal information in the hands of police can be vulnerable to being “hacked” [20], and that police in possession of such data are not subject to conditions on data retention [59-60].

For me, the unanswered question is: why Rogers and TELUS? There are larger players than TELUS in Ontario, but this is a company that has pushed back before against such overreach. If the police had no idea who the suspects or their mobile providers were, did they obtain production orders for all mobile providers, and only Rogers and TELUS pushed back? If so, did other companies fail their customers as privacy custodians by not opposing such orders?