OTTAWA - Bell, Rogers and Research In Motion pushed to hold back details on how often customer data is being handed over to law enforcement agencies, recently released documents show.
The companies were concerned about “antagonizing” the federal government and police if they shared too much information about authorities snooping their customers’ personal data, according to correspondence obtained by the Toronto Star and Halifax Chronicle Herald.
In 2011, Canada’s privacy watchdog asked 14 companies how often they were asked by law enforcement to share customers’ data, including subscriber names, Internet protocol addresses, telephone numbers and email addresses.
Nine companies responded, with an aggregate total of 1.2 million requests per year.
Rogers, Bell and RIM wanted to pool their numbers together, according to an email at the time from Alexander Adeyinka, vice-president of Regulatory Law & Policy at Rogers. The email indicates the three sought to bring other telecom, Internet, and social media companies in on the plan.
Aggregating the numbers had two major impacts.
First, it led the Privacy Commissioner of Canada’s office to keep the information secret for three years. The numbers were released last month to the Herald and the Star. Asked why they were not made public previously, interim Privacy Commissioner Chantal Bernier said “because frankly I don’t find that information is helpful. There really are not enough details to draw any conclusions.”
Second, it shielded the companies from further investigation. Bernier has the power to compel companies to hand over information. But she said she has not done so because she needs evidence of a specific company breaching federal privacy rules.
One Bell Canada executive wrote to the commissioner’s office in 2011 that telecoms didn’t want to step on any government toes.
“We are walking a delicate line between supporting privacy and not antagonizing (the federal department of) Public Safety/LEAs (law enforcement agencies) so the materials will be pretty factual, not much commentary,” said Bill Abbott, senior counsel and privacy ombudsman for Bell Canada.
Bell, Rogers and RIM spread the aggregation plan to other companies through an industry group privacy tax force, according to the emails. However, before doing so they got explicit permission from the privacy office.
“We do intend to ask if other members favour aggregation,” Adeyinka wrote in an August 2011 email. “But before we do that we will appreciate a definitive answer from the OPC in aggregated form is acceptable.”
Privacy office policy analyst Barbara Bucknell then approved the request.
This seems to contradict Bernier’s comments to reporters in April that her office has tried repeatedly to get specific information on the scope of electronic snooping by government agencies.
“We have tried many times. We have sought out information from the telecoms to find out, they’ve given us very general comments,” said Bernier.
Bernier’s office clarified on Tuesday that the commissioner was referring to discussions with industry “over the years.”
Bell’s vice-president of regulatory affairs, Mirko Bibic, said the company has only been asked once by the privacy commissioner for the data – and that telecom companies need specific guidance from Ottawa on what they can release under the law.
“As an industry we complied with (the request) by providing the information in aggregate form, again in the absence of this guidance as to how far and how specific we can get,” Bibic told reporters in April.
Valerie Lawton, a spokeswoman for the privacy commissioner, said the office decided in 2011 to accept the aggregate data because they were trying to better understand the issue.
“We ultimately agreed because we felt it was better to receive some information rather than no information at all,” Lawton wrote in a statement. “It is important to understand that the companies were under absolutely no obligation to provide us with this type of data.”
Public Safety Canada “respectfully declined” an interview request for this story.
Bell Canada said Tuesday the companies were worried about breaking privacy rules, statutes or contracts and had no guidance from the privacy office around what information could be disclosed.
A spokeswoman for Rogers said “there was no precedent for releasing this type of information and we were concerned that releasing numbers for individual companies might violate the solicitor general’s standards.”
RIM responded to an interview request by pointing to the company’s lawful access policy on its website.
The aggregate data provided to the privacy commissioner revealed that nine telecom, Internet, and social media companies were asked almost 1.2 million times for their customers’ data in 2011. But details, including which government and law enforcement agencies are requesting the data, remain shrouded in secrecy as the companies refuse to disclose further details.
Canadians are not informed when their information is shared with law enforcement agencies.
In contrast, U.S. companies are much more transparent about what they share with law enforcement agencies. Twitter, Facebook, Microsoft, Yahoo! and Google all voluntarily post details about the number of requests they receive for private data.
The privacy commissioner has called for mandatory disclosure of how often companies hand over customer data to government agencies each year. So far, the federal government has made no sign it will enact such a disclosure law.