Well, this does not inspire confidence. Law enforcement in Canada routinely ask ISP’s for all sorts of data in the process of conducting criminal investigations. According to Michael Geist who is a noted Canadian privacy and digital rights advocate, those request are inaccurate and incomplete according to a secret memo:
The memorandum specifically references a 2010 RCMP document that purported to list tens of thousands of warrantless subscriber information requests. The document indicated that 94 per cent of requests involving customer name and address information was provided voluntarily without a warrant.
The Privacy Commissioner of Canada auditors apparently expected that document, which was previously released under the Access to Information Act, to serve as the starting point for their review of RCMP practices. The internal memorandum notes that “we expected that these statistics would be accurate, complete, and up-to-date and that they would allow us to review RCMP files related to such warrantless requests.”
Once the auditors began examining the data, however, they found something entirely different. The internal memorandum states that “based on the evidence below we found, on the contrary, that the statistics provided for 2010 (and later for 2011-2013) were inaccurate, incomplete, not current, and they were not useful identifying PROS files for review.”
The internal memorandum continues by citing specific problems with the RCMP evidence, acknowledging that “problems with the reliability of data were also provided by way of interviews with senior officials.” The details of those interviews are redacted, however, the memorandum states that “from these discussions we also found that statistics for warrantless access are inaccurate because of lack of reporting, multiple reporting or overlapping reporting.”
The conclusion leaves little doubt about the problems the auditors encountered. It goes far further than the publicly released report, noting that “based on our review of statistics and interviews with senior officials at the RCMP we were unable to rely upon the numbers provided for warrantless access requests, nor was there any linkage between reports of such requests and the actual operational files containing such requests.”
In short, the Privacy Commissioner of Canada set out to audit the RCMP in the hope of uncovering the details behind requests for subscriber information. What it encountered instead was inaccurate data and an effort to downplay the problems within the public report.
The timing of this kind of sucks if you’re the Government of Canada. There is a bill in front of The House Of Commons right now called C-51 that would give Canada’s spies and law enforcement more powers to combat terrorism with questionable oversight. What this story highlights is that if you don’t have real oversight, you get this sort of situation. So one wonders what would happen if bill C-51 actually gets passed. Would this sort of situation happen more often?
The solution is either force more stringent and meaningful oversight on law enforcement, or if they can’t follow the existing rules, then they don’t get the ability to get info like this. Clearly this is a huge problem that needs to be addressed if Canadians are to have confidence in law enforcement.