Earlier this year, a new report was released on how well Canada’s telecommunication companies rated amongst each other with regards to protecting the personal information of their subscribers. This report could not have come at an any more relevant time, which is amidst many debates surrounding points of legislation (namely, the Digital Privacy Act and the newly unveiled anti-terrorism bill) that have the potential to impact Canadians’ privacy rights.
Coming in first and second place for privacy, according to the study, are TekSavvy, Ontario’s independent telecom, and Telus, in that order. Alternatively, the telecoms that ranked the lowest for privacy include bigwig spinoff brands such as Virgin Mobile (Bell), Fido (Rogers) and Koodo (Telus), in addition to the smaller carriers like Wind and Mobilicity.
Although TekSavvy received the highest score out of all the Canadian telecoms, it still earned only 6 out of 10 on the “star chart” which was composed by the study to illustrate its’ findings. The authors of the study stated, “Canadian Internet providers are still falling short when it comes to being transparent about how they protect their customers’ privacy.” However, this study did not include business telecom providers such as Broad-Conntect Telecom, which would probably score much higher than the public companies.
With the assistance of 9 law students, Dr. Jonathan Obar and Professor Andrew Clement created the study and rated 43 Canadian telecom companies. Dr. Obar, Professor Clement and their accompanying legal undergraduates assessed the extent to which each company notified their subscribers when requests for their private information were made, how forthcoming they were about requests for subscriber data, as well as how willingly they promoted privacy rights for their users.
Professor Clement asserted that, “Every day millions of Canadians entrust their ISP or mobile carrier with enormous quantities of sensitive, personal information.”
Given this reality, it is disconcerting to learn that a mere 2 out of the 43 Canadian telecoms reviewed for this study were awarded with a full star being actively involved in the advocacy of privacy rights for their subscribers, while TekSavvy only received half of a star.
“Against a backdrop of worrying revelations of mass surveillance, it’s more important than ever that ISPs be forthcoming about how they safeguard our personal information. ISPs can play a leadership role in working for strong data privacy protection – but as our report shows, there is still lots of room for improvement,” Professor Clement continued.
An exceptionally alarming detail that was reviled during the course of the study is that several international telecommunication companies are in charge of directing Internet activity from Canada however, they are not required to, nor does it seem that they do, pay any mind towards Canadian privacy regulations.
Furthermore, it has been reported by online privacy specialists that much of the Internet traffic coming from Canada is most likely being gathered by the NSA’s dragnet, as it is channeled through the USA.
The fact that Internet activity from Canada is being sent through the U.S. is a particular privacy concern, the study reports, as major U.S. telecom companies like Verizon, Sprint, Comcast and AT&T have not demonstrated that they recognize the PIPEDA law in Canada (the primary law governing the distribution of online user information). Moreover, of the above-mentioned companies, only AT&T was awarded any recognition for the promotion of privacy rights.
Based on their findings, the study made several recommendations that include urging the CRTC to enforce more stringent privacy rules, and advising Canadian telecom companies to cease the direction of Canadian activity via the United States. Additionally, the study suggests that telecom companies start generating reports, on an on-going basis, that share the number of user data requests that they have received, as well as how many of these requests it has approved.
As a step in the right direction, Canadian telecom companies such as TekSavvy, Rogers and Telus have just recently begun (within the last 2 years) to distribute transparency reports.
According to the 2013 transparency report released by Rogers, there were almost 175,000 subscriber data requests, which translates to approximately 480 each day. Meanwhile, Telus reported that it received around 283 requests each day, which equals to over 103,000 requests for 2013. Furthermore, in 2014, Rogers declared that subscriber data warrants would be required to release any information. Rogers’ decision to enforce this new requirement was made subsequently to the Supreme Court of Canada’s identical ruling.
Although Canadian telecom companies have responded to the Supreme Court’s new law with haste, attempting to comprehend how such changes might impact their business, the Harper administration, on the other hand, has mostly disregarded it by pushing forward with a legislation permitting subscriber data requests to be released without a warrant.
The Digital Privacy Act, also known as Bill S-4, has been condemned for compromising privacy by accepting requests for user data from private organizations, who do not have a warrant, and who are examining online subscribers.
Bill S-4 was passed by the Senate in 2014, not long after the Supreme Court ruled that warrants would be required for telecom companies to release subscriber data. Bill S-4 is currently under discussion in the House of Commons.
The anti-cyberbullying bill, proposed by the Tories, was passed by the House of Commons in 2014, and provides exemption to telecom companies who reveal subscriber information to those who do not have a warrant. Opponents of this bill have argued that such an exemption has already, and automatically, been voided with the Supreme Court ruling on the requirement of warrants.