![]() |
![]() ![]() |
Staff of the Parliamentary Information and Research Service (PIRS) of the Library of Parliament work exclusively for Parliament conducting research and providing analysis and policy advice to Members of the Senate and House of Commons and to parliamentary committees on a non-partisan and confidential basis. The documents on this site were originally prepared for general distribution to Canadian Parliamentarians to provide background and analysis of issues that may arise in the course of their Parliamentary duties. They are made available here as a service to the public. These studies are not official Parliamentary or Canadian government documents. No legal or other professional advice is offered by the authors or the Parliamentary Information and Research Service in presenting its publications or in maintaining links to other Internet sites. |
PRB 05-66E
Print
version (PDF)
Prepared by:
Dominique Valiquet
Law and Government Division
28 February 2006
This is the second of two documents dealing with “lawful access,”(1) an investigative technique used by law enforcement agencies and national security agencies.(2) It involves the interception of communications(3) and seizure of information (during a search), where authorized by law.
Shortly before the dissolution of the 38th Parliament, the Minister of Public Safety and Emergency Preparedness introduced a bill (which later died on the Order Paper) on an issue of importance for Canada: “wiretapping” in the era of new technologies. Bill C-74, the Modernization of Investigative Techniques Act – the first legislative proposal of this type in Canada – was drafted following an extensive consultation process conducted in 2002 by the federal departments of Justice, Industry and the Solicitor General. Representatives from police services, the telecommunications industry, civil society groups and individuals expressed their views on the issue.
Bill C-74 responded to a concern of law enforcement and national security agencies, who affirm that new technologies – such as Internet communications – often present obstacles to the lawful interception of communications. The bill’s objectives were twofold:
At the time the bill was being developed, the debate on lawful access focussed primarily on privacy. The other important elements were the technical interception standards, the costs associated with an interception capability, and the need for new lawful access rules. The debate on these issues continues.
Bill C-74 was intended as a key step in the harmonization of legislation at the international level, specifically with regard to the interception capability of telecommunications service providers. This type of requirement is found in the legislation of a number of other countries – notably the United States – which are taking action to combat terrorism and which, like Canada, have signed the Council of Europe’s Convention on Cybercrime.(5) The Department of Public Safety and Emergency Preparedness also justified its bill by referring specifically to the examples set by Australia and the United Kingdom.
The present document compares Bill C-74 with similar legislation in these three countries. Major differences and similarities are highlighted, with particular reference to the two aspects covered in the Canadian bill: interception capability, and requests for information about subscribers to telecommunications services. The comparison will provide useful information because the bill was the first legislative attempt to provide a framework for lawful access in Canada, it was the end product of an extensive consultation process, and many of its components may provide a basis for future legislative provisions in this regard.
The United States has one of the oldest and most frequently amended legislative schemes. The U.S. legislation has many flaws and certain historical incongruities. The many amendments are due in part to the fact that U.S. legislators had a specific type of technology in mind at the time when the scheme was originally implemented.(6)
On 25 October 1994, in response to requests by the Federal Bureau of Investigation (FBI), the U.S. Congress enacted the Communications Assistance for Law Enforcement Act (CALEA).(7) The U.S. legislation deals only with the first aspect of Bill C-74, the communications interception capability imposed on telecommunications service providers. Like the Canadian bill, CALEA is not intended to broaden the investigative powers of law enforcement agencies. It is still necessary to have prior judicial authorization – or at least a court order or other lawful authorization – in order to intercept communications.(8)
The Federal Communications Commission (FCC) ruled that telecommunications carriers must be CALEA-compliant by 30 June 2002.(9) Today, the appropriate devices have been manufactured and are in use by telecommunications service providers. The FCC has, however, granted numerous exemptions, and CALEA’s implementation is not yet complete.
CALEA contains a number of obligations that are similar to those set out in Bill C-74. In particular, telecommunications service providers must have the capability to:
In addition:
There are also differences between Bill C-74 and CALEA.
Unlike Bill C-74, which applies to all technologies, CALEA was drafted initially to ensure that law enforcement agencies would be able to intercept telephone communications.(14) CALEA states that it does not apply to Internet service providers (ISPs).(15)
In view of the fears created by the terrorist attacks and pressure from the Bush administration,(16) the FCC issued an order in September 2005(17) that broadband ISPs and many of the companies providing Internet telephone services(18) would be governed by the CALEA requirements.(19) Compliance is required by April 2007.
Although the order broadens CALEA’s scope, it is silent on the situation of universities, research firms and small telecommunications service providers, which would have been excluded from the application of Bill C-74. It may therefore be assumed that a university or a small company providing Internet services through a modem cable, a digital subscriber line or a wireless network would be subject to CALEA’s onerous requirement, and this is why a number of groups, including the American Council on Education, have taken legal action.(20)
Like the scheme proposed in Bill C-74, certain designated persons in the government may, without a prior warrant or judicial order, compel a telecommunications service provider to give them information about its subscribers.(21)
In comparison with Canada’s proposed system, more types of information are to be provided.(22) Furthermore, it appears that, under the U.S. system, more people are authorized to make an administrative order of this kind.(23)
In July 2000, the United Kingdom enacted the Regulation of Investigatory Powers Act (RIPA),(24) in order to reflect technological change in the telecommunications industry. Like Bill C-74, RIPA applies to all current and future technologies.
Its aim is to strike a balance between the powers of investigation held by law enforcement agencies and the protection of basic rights, especially privacy.(25) Communication interception warrants are issued by the Home Secretary(26) or, in emergency situations, by a senior government official.
Sections 12-14 of RIPA concern the technical capability to intercept communications. This aspect of the draft legislation produced the greatest response from ISPs, specifically with regard to implementation costs.(27) The government’s analysis of responses received during consultations stated that the requirements must not be too restrictive to ensure they do not constitute a major obstacle to trade. Furthermore, the Data Protection Commissioner stressed that the government should not place obligations on telecommunications service providers that might require them to jeopardize the privacy rights of their clients.(28)
RIPA contains some provisions that are similar to those provided in Bill C-74.
There are many differences between RIPA and Bill C-74. For example:
The United Kingdom, unlike Canada, has a system that enables public communications service providers to collect and retain transmission data systematically.(31) There was no similar measure in Bill C-74.
Transmission data cover a wide range of information and may be retained for a specific period. For instance:
Sections 21-25 of RIPA establish a system enabling law enforcement agencies to have access to transmission data. This may be compared with the request for information on subscribers proposed in Bill C-74.
Similarities include the following:
On the other hand, there are significant differences in the nature of the information. The British system covers a great deal more information (transmission data)(38) than Bill C-74 (which covered only basic information identifying a subscriber, such as the name, address and telephone number). Other differences can be identified, for example:
The framework for Australia’s system of lawful access is provided by two major laws: the Telecommunications (interception) Act 1979 and the Telecommunications Act 1997. Both acts require that a warrant be issued before law enforcement agencies may access stored data or intercept private communications in real time.(39)
Australia has not signed the Convention on Cybercrime, unlike Canada, the United States and the United Kingdom.
The requirements for interception capability are set out in the Telecommunications Act 1997. The Australian Communications and Media Authority (ACMA) is responsible for reviewing compliance with these requirements.
The Telecommunications Act 1997 and Bill C-74 have certain similarities, including the following:
There are also certain differences between the Australian legislation and Bill C-74. For instance:
The Australian legislation, like Bill C-74, allows law enforcement agencies to access subscriber information without having first obtained a warrant or a judicial order. However, the system in effect has a number of specific elements.
Unlike Bill C-74, the Australian scheme establishes a database(45) containing not only the subscriber’s name, address, and telephone number, but also the location of the telephone device and whether the telephone is to be used for government, business, charitable or private purposes.(46)
Law enforcement agencies may access this database for national security reasons as well as for the purposes of enforcing the criminal law and safeguarding public revenue.(47) Although there is a Telecommunications Industry Ombudsman who can investigate complaints about telecommunications service providers, the protection measures proposed in Bill C-74 appear to be more comprehensive. Furthermore, it should be mentioned that Australia, unlike Canada, has regulations on storing transmission data.(48)
The Convention on Cybercrime calls for greater cooperation between countries and, consequently, harmonization of lawful access legislation. Bill C-74 was, of course, based on legislation existing in other countries, primarily the United States, the United Kingdom and Australia. Nevertheless, Canada’s bill set out a particularly Canadian scheme. While the two central elements – interception capability and the administrative order – are also found in the U.S., British and Australian legislation, some details set the proposed Canadian legislation apart from the other systems.
With regard to interception capability, Bill C-74 was less ambiguous than the U.S. legislation, which is quite vague about the status of ISPs, universities and small telecommunications companies. The ambiguity can be attributed in part to the fact that the substantive rules were drafted by an administrative organization, the FCC.
It should be noted, however, that a similar situation might have arisen in Canada if certain elements of the system had been set out in regulations rather than pursuant to federal legislation. While it is true that legislation cannot provide for every eventuality, Bill C-74 did not provide a framework that was broad enough to predict future directions in the treatment of important issues such as cost sharing and technical interception standards. Should Canada follow in the footsteps of the United States by creating a special fund, of the United Kingdom by giving substantial discretionary authority to the government, or of Australia by requiring telecommunications service providers to pay almost all the costs inherent in ensuring interception capability? Should Canada also adopt an internationally recognized technical standard, or should we develop our own standards that suit our own purposes?
In terms of information about subscribers, the scheme set out in Bill C-74 appeared to be more restrictive than that of the other three countries. The types of information that a law enforcement agency would have been able to obtain without a warrant or a judicial order were more limited. The administrative order proposed in the bill would not have allowed the collection of much of the information covered by the other countries’ legislation, specifically, the date, the time and the length of the communication, banking information, method of payment, credit card information (United States and United Kingdom) or the location of the telephone (United Kingdom and Australia). Finally, it should be noted that Bill C-74 did not call for a transmission data storage system, unlike the legislation in the United Kingdom and Australia.