Auditor: Canadian Law Enforcement's Statistics On ISP Subscriber Data Requests Completely Unreliable

from the obfuscation-by-statistical-shrugs dept

Intrusive surveillance programs — especially domestic surveillance programs — are sold to wary legislators with promises of stringent oversight and periodic reporting. That’s how they’re sold. The reality is nowhere near as assuring.

The warrantless acquisition of Canadian ISP subscriber information was so thoroughly exploited by law enforcement that by 2011, subscriber data was being requested every 27 seconds. The recent addition of a warrant requirement has slowed these requests to a comparative crawl and resulted in cases being dropped by the Royal Canadian Mounted Police (RCMP). With this information no longer available on demand, law enforcement is apparently having to prioritize its cases. You know a system has gone off the rails when agencies would rather cherry pick enforcement efforts than deal with something so “onerous” as a warrant application.

No matter what the process entails, there’s supposed to be oversight in place to prevent abusive behavior and/or civil liberties violations. In Canada, the oversight body is willing, but the law enforcement body is weak… and riddled with massive holes.

Last fall, Daniel Therrien, the government’s newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information.

The audit had been expected to shed new light into RCMP information requests. Auditors were forced to terminate the investigation, however, when they realized that Canada’s national police force simply did not compile the requested information. When asked why the information was not collected, RCMP officials responded that its information management system was never designed to capture access requests.

So, there is no audit. And without a periodic audit, there can be no oversight. There may be an entity in place to collate reported data, but what’s being reported is incomplete and inaccurate. And not in any small way. The problem appears to be systemic, ingrained and possibly deliberately misleading. Some meaningful details have been redacted from the memo, but the mostly intact closing paragraph is far from comforting.

In conclusion, based on our review of statistics and interviews with senior officials at the RCMP we were unable to rely upon the numbers provided for warrantless access requests, nor was there any linkage between reports of such requests and the actual operational files containing such requests.

And the oversight entity? Apparently, almost as untrustworthy. Michael Geist points out that crucial wording was omitted from the Privacy Commissioner’s official report.

The incident highlights the limits of Canadian oversight over law enforcement and surveillance activities. The use of the privacy commissioner’s audit power is frequently lauded as a mechanism to ensure that government does not run afoul of the law. Yet despite identifying inaccurate and incomplete data on a high profile privacy issue, the public audit report does not use the terms “inaccurate” or “incomplete.”

The commissioner may have kept these damning terms (temporarily) out of the public’s eye in the official report, but even the more hedged version deployed there does nothing to instill confidence in the RCMP’s ability to handle this access responsibly or to submit to any form of accountability.

Ultimately, our efforts to review files, combined with our interviews with RCMP personnel, did not allow us to determine whether the RCMP, as a whole, was compliant, or non-compliant, with the provisions of the Privacy Act with respect to the collection of subscriber information without a warrant. Moreover, other than through a manual review of all case files stored, the RCMP does not have a means to demonstrate its compliance in this regard.

Even if the Privacy Commissioner is unwilling to say it, the conclusions speak for themselves. The RCMP is “non-compliant.” Stringent procedures that were implemented to ensure accountability have been largely ignored. The RCMP tries to claim it’s really just a “software program,” but that assertion doesn’t explain why more than four years down the road from the cited 2010 report, nothing has changed.

There is a likely explanation for this lack of careful reporting by the RCMP. For one, it helps obscure the paper trail. It also makes the possibility of mounting a legal challenge on its domestic data-gathering a much more daunting prospect. The RCMP may be unable to show what it’s doing right, but its lack of proper documentation helps ensure it will be equally as hard to prove it’s doing anything wrong.




Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Auditor: Canadian Law Enforcement's Statistics On ISP Subscriber Data Requests Completely Unreliable”

Subscribe: RSS Leave a comment
8 Comments
That One Guysays:

This /should/ be easy

If a main defense of a program is how thorough and comprehensive the oversight of it is, in order to curb and prevent abuse of it, and it turns out that the oversight is non-existent, especially if the reason for that is the agencies themselves refusing to co-operate, then the response should be simple enough: Shut down the program until real oversight is put in place.

Don’t ‘take the matter under advisement’ or ‘suggest (more toothless and ignored) changes’, the oversight isn’t there, that was a primary defense for the programs, therefor shut down the program.

Anonmyloussays:

Well if the RCMP don’t have records of how often and for what reasons they are requesting private data from the ISPs regarding their subscribers…why not ask the ISPs for that data?

Oh wait, that’d then put that “daunting prospect” of “mounting a legal challenge on its domestic data-gathering” back onto the RCMP and they’re obviously too technologically backward to figure out how to audit their own records.

Anonymoussays:

Why so surprised?

You know a system has gone off the rails when agencies would rather cherry pick enforcement efforts than deal with something so “onerous” as a warrant application.

You don’t need the scare quotes around the word ‘onerous’ there. The previous “every 27 seconds” number may represent how fast their mouths can move. There are a lot more words required when applying for a warrant.

“Triage”, or “prioritize” are less freighted synonyms for “cherry pick” in this case. Since the legislation requiring warrants didn’t come with accompanying increases in personnel to handle cases, “cherry picking” is a natural consequence of the increased workload. Saying “they would rather” implies that they had a choice between triage and working overtime on the same number of cases.

Udomsays:

In the current political climate I don’t expect much improvement. An individual can make a formal request to their ISP for their individual records of such requests, of course, but we need to see the aggregate. In a related story, a Canadian arriving at the Halifax airport from the Dominican Republic has been arrested for refusing to provide his cellphone password to Border Services. He faces a possible year in prison if convicted. http://tinyurl.com/pq8xqfz (CBC)

Border Services are the guys who were revealed to have made 700,000 requests to ISPs for the web surfing records of Canadians at the border and casually provided them to the americans.

GEMontsays:

i.i.i.i.i.

As one of the founding members of Five Eyes, Canadian Military and Police forces must by (secret) law abide by the rules laid down for conduct of all members of the Five Eyes Global Government.

Thus, while the RCMP may indeed be breaking Canadian National Law by refusing to comply with Canadian oversight rules, it is acting fully in accordance with the real Laws that govern its actions – the (secret) laws of the Five Eyes Global Government Control Board.

GEMontsays:

Because they control the law, they no longer fear the law.

“…expect to see an article about Australia’s oversight body failing in their task…”

And New Zealand’s as well.

They can all act now without fear of consequences, because most of the laws of the Five Eyes nations have been quietly altered to allow the fascists unimpeded operational freedom.

This means they will be caught red handed in the cookie jar more often, because getting caught will no longer result in a penalty of any sort.

But apparently Britain is the real Brains of the operation and the USA is only the Obvious Villain everyone is supposed to learn to loathe, since most of the world already hates the US Rulers anyway.

Like the POTUS, who is the figurehead you’re supposed to love or hate, so that his billionaire employers can avoid public scrutiny altogether.

I assume that the Five Eyes employs a number of variably dependant Non-White, Non-English-speaking countries as “minionations”, who do the real dirty wet-work behind the scenes as well, since that is standard operational procedure for this kind of fascist pogrom.

Old system.
Very successful.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it