How are Canadian telecoms keeping tabs on us?
If you’ve been paying attention to the monumental trove of Edward Snowden leaks, you may be wondering just what kind of dirt the authorities have on you thanks to your digital habits. For those of us in Canada, finding a better answer than “um, not sure” just got a lot easier.
Today marks the launch of a new Access My Info tool developed by the Digital Stewardship Initiative and hosted by digital rights group OpenMedia.ca, that makes filing a legal PIPEDA request to your ISP or phone company easy for anyone. In short, you’ll be able to find out what kind of data your service provider is tracking and storing about you.
This matters because we know that Canadian authorities like the police and border guards have been making millions of warrantless information requests to telecom companies over the past few years, the bulk of which have been courteously fulfilled. Based on what we’ve seen from the NSA, it’s not out of the question that Canada’s CSEC could also be tapping into telecom data on a broad scale under the good ol’ national security pretext.
So as we browse webMD on the internet at home or walk around making inane phone calls in the Starbucks lineup, we’re leaving a digital trail of breadcrumbs, many of which are vacuumed up by the companies we pay a monthly bill to. Canadians barely know anything about what information their service providers are gathering and storing about them, but the PIPEDA act allows us to find out. This is where the tool comes in, offering a quick and secure step-by-step PDF generator for those of us without years of pricey legal education. Once the user has created their PDF, it’s ready to be sent via mail or email to their service provider.
In a press release, OpenMedia Executive Director Steve Anderson said that the letter “compels telecom to explain what it collects, why, and whom subscribers’ data has been shared with. At a time when our government is turning a deaf ear to the growing privacy concerns of Canadians, this tool is a practical way for people to respond to Canada’s privacy deficit.”
To find out what people could expect to learn by using the Access My Info tool, I spoke to one of the main people behind it: Chris Parsons, a post-doctoral Fellow at the University of Toronto’s Citizen Lab.
“The privacy tool should let individuals know what information is being collected, and what’s being stored,” he said. “Additionally, telecoms’ responses should be informative if somebody wants to ask ‘have you exposed my information to government or another entity.”
Parsons and the team plan to crowdsource the replies that telecoms provide to users to gain a much better understanding of just what’s being held onto by service providers. At this time, it’s not exactly clear if ISPs track the sites we visit, or how long our mobile phone texts are stored, for example.
Will the tool let users know if their data has been handed over to the police without a warrant? “Maybe,” says Parsons. “Companies would have to ask police before letting us know, so as not to jeopardize any ongoing investigations.” The same goes for finding out which agencies have had access to our information.
In any case, Parsons said, finding out what information could potentially be shared with authorities is the first giant step towards an informed discussion about privacy in Canada.
“This is our information, and we have a right to understand how it’s being managed. It’s not clear from the companies how they’re doing it--they don’t tell us.”
Parsons made it clear that the way the Access My Info tool works is very simple. It’s really just using existing legal powers available to citizens and just bringing them into the digital era. The Citizen Lab had already released a template letter for doing the same thing, but the tool makes it even easier to accomplish the same thing.
What’s even better is that Access My Info is based on an open platform. As a result, it can be reconfigured to send the same kinds of legal requests for information to all kinds of companies: credit card companies, banks, stores, or even car companies. Parsons pointed to the example of OnStar, General Motors’ in-car service. Because it tracks the car’s location and other data, OnStar has proved a valuable resource for law enforcement. Thanks to this new tool, Canadians could soon be petitioning GM to find out how long their location data is stored.
The tool has arrived at a great time to be able to contribute to a growing (and much-needed) public conversation about our privacy rights in the digital era. A recent Supreme Court ruling found that Canadians have a right to online privacy, clearly rebuking the Conservative government’s two bills that would have expanded warrantless surveillance powers for a range of government authorities. Both bills will very likely have to go back to the drawing board.
As we become aware of just how much data is being collected and stored about us, it’s worth noting that the recent Supreme Court decision is not a panacea. Canada’s CSEC spies still operate with a laughably small amount of oversight, and the government’s tone-deaf response to the roar of legitimate criticism over bills C-13 and S-4 suggests they’re not all that interested in balancing our basic rights and our security. Thankfully, civil society is stepping up and delivering the tools necessary to protect our privacy.