In a unanimous ruling, the Supreme Court of Canada (SCC) has affirmed the right to online anonymity. Police can no longer request subscriber data from Internet service providers without a warrant.
At a time when foreign and domestic spying is making headlines and news of privacy breaches is constant, it’s important that Canadians know how and why their personal information can be shared. With this ruling, there can perhaps be some relief, knowing that law enforcement agencies cannot make overreaching requests without the oversight of the courts.
For some, however, there may be no such relief. This ruling concerns the case of Matthew Spencer, a Saskatchewan man convicted and arrested in 2007 for possession of child pornography. Critics of the ruling are saying it’s just more red tape for police to go through to catch pedophiles.
In this case, the man’s conviction will be upheld because “the exclusion of the evidence rather than its admission would bring the administration of justice into disrepute,” read the June 13 ruling.
While the crime in question here is a serious one, the focus of the case for civil liberties advocates is the method used by police, specifically whether or not their actions constituted an unwarranted search. The SCC ruled that it did.
The Canadian Civil Liberties Association (CCLA) called the decision “substantial” and noted that it may play a significant role in the association’s challenge to a piece of federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA).
“In particular, the Court’s decision confirms CCLA’s view that PIPEDA is legislation to protect privacy, and cannot be used to undermine it,” read the CCLA press release.
To put police methods in context, it might be helpful to look at what kind of information service providers currently disclose to police.
Rogers received 175,000 requests for customer information in 2013 according to its recently released transparency report for 2013. Rogers said that it fights requests it finds to be overly broad, but doesn’t define “overly broad” or say how many cases are denied or fought.
About 87,000 of these requests were confirmations of name and address, done, according to Rogers, so that “police do not issue a warrant to the wrong person.” Court orders and warrants resulted in 74,000 customer information requests, 2,500 were government requests made under provincial or federal law, 9,300 were related to life-threatening emergencies and 711 were emergency assistance for cases of child sexual exploitation.
Rogers was following suit, after another ISP published a transparency report on information requests.
TekSavvy, a smaller Internet service provider that has taken a notably protective stance on its customers’ privacy, only disclosed information for one-third of the requests it made, though those requests totalled just 52.
While the figures from Rogers will likely be reapportioned, it’ll be more interesting to see whether or not the total number of requests goes down. With information easily available, were law enforcement agencies over requesting simply because there was little or no opposition to their requests?
The SCC’s decision adds a vital layer of protection to our online privacy, which is becoming increasingly important as we conduct affairs online, and increasingly threatened as spying and privacy breaches become regular occurrences.