Home Newsroom 2005 News releases (archive) 2005-11-15: Legislation to modernize investigative techniques introduced today Backgrounder: Modernization of Investigative Techniques Act - An overview

Modernization of Investigative Techniques Act - An overview

The Modernization of Investigative Techniques Act (MITA) is intended to ensure that telecommunications service providers build and maintain an interception capability on their networks that allows for the lawful interception of communications by law enforcement agencies and the Canadian Security Intelligence Service (CSIS). Similar legislation is already in place in many countries including the United States, the United Kingdom, France, Germany and Australia. This Act will also require service providers to provide subscriber contact information upon request and in accordance with strict privacy safeguards. The following is an overview of key provisions within MITA.

Interceptions

Under MITA, telecommunications service providers will be required to have intercept capable networks. This includes certain requirements for equipment that will be upgraded, including the ability to intercept all information of an interception subject, to separate their communications from all other communications, and to intercept multiple communications simultaneously. MITA will require service providers to meet other general requirements, such as delivering the intercepted communications to law enforcement agencies and CSIS, and taking specific measures with respect to security and confidentiality for the interception of communications.

As new technologies are introduced, telecommunications service providers will be required to ensure these technologies are intercept-capable. From the time MITA comes into force, when telecommunications service providers install certain new equipment or software, the legislation will require service providers to ensure an interception capability. If changes are made to existing technology that has an interception capability, service providers will also be required to maintain this intercept capability. Service providers would not be required to install specific equipment to provide an interception capability; instead, they will be able to select the most cost efficient solutions for their particular networks.

Telecommunications service providers plan their network evolution and capital expenditures in advance. To accommodate this, MITA includes an initial transition period of 12 months following the coming into force of the legislation. This will give service providers the time to integrate lawful interception requirements into new equipment and services.

As some telecommunications service providers may prefer to implement an interception capability in a different way than the equipment based approach that will be required under MITA, the legislation includes the possibility of an alternative interception capability plan.  Telecommunications service providers will be able to apply to the Minister of Public Safety and Emergency Preparedness (PSEP) to meet the requirements for an interception capability in a different manner other than is outlined in the Act. The service provider will be required to provide a plan with measurable milestones to achieve interception capability in a maximum of three years. In deciding whether to grant the application, the Minister of PSEP will consider both the public interest in national security and law enforcement and the commercial interests of the service provider.

MITA will not require telecommunications service providers to make existing networks intercept-capable immediately. However, an interception capability may be needed before a service provider upgrades its equipment. In such cases, the Minister of PSEP will have the authority to order services providers to provide this interception capability. When this is done the Minister will provide the service provider with compensation, which could include equipment needed to carry out these orders.

The pace of change in the telecommunications sector requires MITA to be technology neutral and flexible. MITA will therefore apply to all types of telecommunications technology, including voice telephony, wireless communications, Internet-based communications, satellite communications, and any other technology used in telecommunication.

MITA will apply to any person who provides a telecommunications service, however there are limits to its application. For example, MITA will not apply in respect of certain telecommunications services – services which are intended principally for the use of the service provider and the service provider’s household or employees, and not by the public (“private networks”). 

Another example is that MITA will not apply, or will apply in a limited fashion, to certain types of telecommunications service providers with respect to certain specified activities.  MITA will not apply to service providers whose principal function is operating: a school, place of worship, retirement home, hospital, registered charity, or telecommunications research network. MITA will only apply in a limited fashion to service providers whose principal function is operating a university, college, library, community centre, restaurant, or providing lodgings or residential accommodations, such as hotels and apartment buildings. These service providers will only be required to provide certain information respecting their telecommunications facilities and services. 

MITA also contains a three-year exemption for “small” telecommunications service providers (service providers that have less than 100,000 subscribers) from certain requirements deemed too costly at this time for them. These small service providers will be required to provide a physical connection point to allow law enforcement agencies and CSIS to carry out an interception.

MITA contains certain mechanisms to provide further flexibility in its application on an ongoing basis, as appropriate. For example, Cabinet will be able to provide exemptions from interception requirements where the costs would have an unreasonable adverse effect on the business of the service providers. In deciding whether to grant such exemptions, Cabinet will also consider, among other factors, the impact that an exemption would have on law enforcement or national security.

Since interception capabilities will be required on a going-forward basis, it is necessary to distinguish between the equipment that is in place prior to, and following, the coming into force of MITA. Therefore, telecommunications service providers will be required to report to the Minister of PSEP within six months of the coming into force of the legislation on their ability to meet its requirements. 

Subscriber information

Under MITA, telecommunications service providers will also be required to provide to designated officials, upon request, a subscriber’s contact information. This includes a subscriber’s name and address, telephone number, e-mail address, Internet Protocol address and similar basic identifiers.

MITA includes a number of safeguards in relation to the provision of subscriber information in order to ensure that this information is provided in accordance with the laws designed to protect the privacy of Canadians, and with the Charter of Rights and Freedoms.

The Commissioner of the RCMP, the Director of CSIS, the Commissioner of Competition and the chief or head of a police service will have the authority to designate a small number of employees within their organizations to request subscriber information. These designated people will only be able to request subscriber information from a telecommunications service provider if it is for the purpose of performing a duty or function under the Canadian Security Intelligence Services Act, Competition Act or of a police service.

The specific types of subscriber information that a telecommunications service provider will be required to provide to designated officials are strictly limited. The service provider will only be required to provide subscriber information based on other information provided by the requestor.

When making a request for subscriber information, the designated person will be required to record the duty or function in the performance of which the request is made and the relevance of the information requested to that duty or function, including any other information necessary to know the reason for the request.

As in the provision of the Criminal Code for interception, in exceptional circumstances such as an emergency, a police officer can request subscriber contact information directly. In these instances, the police officer will be required, within 24 hours of making the request, to communicate to a designated person in their organization all the information relating to the request, including the reasons for the exceptional circumstances. The designated person will be required to confirm to the service provider in writing the particulars of the police officer’s request.

The subscriber information released will only be able to be used by the agency that obtained it for the purpose for which the information was obtained, or for a use consistent with that purpose, unless permission is granted by the individual to whom it relates.

The Commissioner of the RCMP, the Director of CSIS, the Commissioner of Competition, and the chief or head of a police service will be required to make certain internal audits regularly conducted to ensure that the requests for subscriber information are being made in accordance with MITA. The result of these internal audits will have to be reported to the responsible minister. These reports will include any concerns raised in these audits that should be brought to the attention of the minister, including any corrective action proposed or taken. These reports will be provided to the Privacy Commissioner of Canada by the RCMP and the Competition Bureau, to the Security Intelligence Review Committee by CSIS, and to provincial privacy commissioners by provincial and municipal police services.

The Privacy Commissioner may also conduct audits of the RCMP or the Competition Bureau to ensure that these organizations are complying with MITA as it relates to the release of subscriber information, and the Security Intelligence Review Committee may audit the practices of CSIS.

MITA will not require service providers to collect information they do not normally collect as part of their regular business practices, nor will it require service providers to verify the accuracy of the subscriber information they do collect.