Transcript Waiting for the “Access” Axe to Fall: Investigatory Assistance

Waiting for the “Access” Axe
to Fall: New Investigatory
Assistance Legislation for
Canada
PST-2005 St Andrews, NB
David A Townsend
UNB-Law & NRC-IIT
12 October 2005
Overview:
Parliament – to introduce lawful access Bill
 Design, operation and costing of almost all
‘public’ networks will be impacted (wire-line,
wireless and Internet)
 Future - network architecture, applications and
services must be ‘access compliant’
 “Access” = handover by Telecom. Service
Provider (TSP) of specified Subscriberrelated data to Law Enforcement Agencies
(LEAs) upon lawful demand

Many challenges:

Technical, Legal and Social challenges:
1) Done lawfully (Charter, Crim. Code, evidence law, privacy law
and international obligations)
2) Does not undermine public trust (appropriate judicial
oversight and public accountability)
3) Does not inhibit public networks (competitive forces, cost
structures, rollout of new technologies and services, cust. relationship)
4) Done in technology-neutral manner (strive for uniform
‘expectation of privacy’ for all e-communication – inc. e-mail and SMS)
5) Need laws based upon first principles and not a
legislative extension from common carrier era
6) Significant period for training and adjustment
Current Legislation:

1974 Crim. Code wiretaps (Protect Privacy)
 1993 Code amended (s21 of CSIS in 1984)
– Search warrants s.487. (1)
– General investigative warrants s.487.01
– Suspect tracking warrants s.492.1
– Dig. Number Recorder (DNR) warrants s.492.2
– Production of telephone records s.492.2(2)
– Interception (wiretap) warrants s.186 and
ss. 184.2(3), 184.3(6) and 188.(2)
Current Leg. Con’t.
– Assistance Orders (for all 6 warrants) s.487.02





2004 – 2 new Production Orders s. 487.012 &
487.013 (general and specific info.)
Code attempted to match intrusiveness with
quantum of evidence necessary for judge
Charter case law of 1990s offered good check on
state surveillance powers & activities
But, Code is 13 ‘telecom years’ out of date !
And, Code not address methodology, cost
recovery or lack of network capacity
Network Capacity &
Methodology for Cellular

Analog cellular introduced 1985
– Fairly easy to intercept (scanners, UHF tuners)
– Gov’t had low expectations of privacy

Digital (PCS) cellular introduced 1995
– Interception difficult - encoding and encryption
– FBI pressed Canada to add intercept requirements
– 23 distinct requirements added as licence conditions
under Radiocommunication Act (done quietly)
– Similar conditions in USA, New Zealand & Australia
What do LEAs want ?

General investigatory information:
– Subcriber name, address, phone number, local service
provider (LSPID)
– LEAs pressed for national database, paid for by
subscribers, available to LEAs w/o a warrant

Targeted investigations:
– Subcriber name, address, phone number, device number
–
–
–
–
(e.g. ESN), service provider (LSPID), dynamic IP addr.
Best available location-based information
Detailed network transaction data
For wiretap – 100% of transaction data, location data
and communication content
Immediate preservation of specified data
Implications of Subscriber DB

National Subscriber Data Base
– very onerous and expensive for telecom
industry
– Thwart anonymous use of telcom. (pay-as-yougo, calling cards, anonymous e-mail, blogging)
– Warrantless access by LEAs undermines
current privacy protections for subscriber info.
– Subscriber Data Base facilitates data-matching
and data mining (including profiling)
Location Implications:

Location-based Information:
– Location data will become increasingly precise
–
–
–
–
(tracking in real time or historic track)
Precision tells much about what target is doing
Technology no longer an assist to physical
surveillance
What evidential burden must be met to secure
relevant tracking warrant from a judge?
What use in civil cases?
IP Data Challenges:

Many IP data challenges:
– For 100% of transaction, location and content
data the Service Provider must isolate, preserve
and hand-over mass quantities of targeted data
– Isolation, processing and preservation by TSPs
raises significant forensic evidence issues
– Intercept warrants often sought against number
of targets = storage capacity challenges for TSP
IP Data Challenges – con’t:

Warrants for Transaction Data (only):
– No parallel to historic ‘DNR Order’
– IP transactional data may include: the dialling,
routing, addressing, signaling information that
may provide the origin, direction, timing,
duration, type and size of a e-communication.
– For e-mail and web surfing the transactional
data may provide everything but the content
– But…the content may be unnecessary
– What evidential burden must be met by LEAs?
Path to ‘Access’ Legislation:
Federal gov’t commissioned background
studies in 2000-2001
 August 2002 - release of “Lawful Access
Consultation Document”

– Significant criticism = lack of justification and
specifics, failure to understand technology

Comment period extended to mid December
2002
 Over 300 submissions tendered
On the Path in 2003-04


Series of public and private consultations followed
Spring 2003 gov’t introduced Bill C-46 (now Bill
C-13). (s.487.012 and s.487.013)
– Bill C-13 (passed March 22.04) added a general and
specific data ‘production order’ to Crim. Code for
investigation of serious corporate fraud. Came into
force in September 2004.

Also in Spring 2003 gov’t introduced Bill C-32
(now Bill C-14).)
– Bill C-14 (passed April 21.04) provided a new
exception in Code to unlawful interception for
managers of computer systems who intercept to protect
their networks
The Path ends in November?

August 2003 DOJ released summary of
consultations
 New rounds of selective consultations held
in 2003-04
 Drafts of policy package shared quietly with
key stakeholders in Spring 2005
 Commitment to introduce Bill in Fall 2005