The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, January 31, 2008
Earlier this week, the RCMP organized a conference of police, internet service providers and other "stakeholders" on internet safety. I wrangled an invite, but had to go out of town at the last minute. One of the topics under discussion was whether ISPs should disclose subscriber information without a warrant.
My opinion on the topic is well known to readers of this blog (see tag: lawful authority).
Today's Hailifax Daily News has an article on the fact that the two leading ISPs in Atlantic Canada, Eastlink and Aliant, have a policy of requiring a warrant. Interestingly, the article focuses on the word "may" and not "lawful authority" in PIPEDA:
Halifax, The Daily News: Local News Police want local ISPs to loosen up to nab suspected online predators
Police want local ISPs to loosen up to nab suspected online predators
Police in Nova Scotia are at a disadvantage compared to the rest of Canada when it comes to tracking down online sexual predators. Partly it's because of a single word in a piece of legislation.
When someone posts child pornography online, police have to go through Internet service providers - or ISPs - to get the person's name and address.
Most ISPs - over 70 per cent across the country - give police basic information without making them get a warrant. But Cpl. Dave Fox of the RCMP Internet Child Exploitation Unit said the majority of those that require warrants are in Atlantic Canada.
Both of Nova Scotia's two main providers, Aliant and EastLink, make police get warrants before handing over information. It's a process that takes a week on average, police say, and eats up desperately needed resources.
"We're not looking for shortcuts. If we took a shortcut and we were breaching someone's charter rights ... We would risk all the evidence we obtained by this warrantless searches being ruled inadmissible at trial," Fox said.
When contacted by The Daily News, Aliant said it would share information with police in emergency situations, but otherwise ask for a warrant.
"This is how we approach it. We work with them. This is what's in place in terms of our practice," said Aliant communications director Kelly Gallant.
For EastLink, the reluctance comes from the wording of the Personal Information Protection and Electronic Documents Act.
The act states ISPs "may disclose personal information" to police without a warrant.
At issue is the word "may," which some ISPs see as being too vague.
Though the federal government has endorsed pre-warrant requests as complying with the legislation, a minority of companies say handing over personal information without a warrant could expose them to lawsuits.
"The way the law is dictated today it is not clear, so we're erring on the side of the law," said Paula Sibley, communications specialist for EastLink.
"If the legislation was to be clarified, we would fully work within that."
No company has been successfully sued for handing information over to police, though there are two suits in early stages - one in Ontario and one in British Columbia.
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.