Surveillance for a fee
In a Canadian Press story in today’s Globe and Mail, Mounties refuse to pay Rogers fees for tracking suspects’ cellphones, we find that, “The RCMP and many other police forces are refusing to pay new fees imposed by Rogers Communications for helping track suspects through their mobile phones”, and further that, “Police say the telecommunications firm is legally obligated to provide such court-ordered services and to cover the cost as part of its duty to society”. Really?
In the light of published breaches and leaks, telecommunications providers and ISPs are being viewed with a certain amount of suspicion by privacy and digital democracy activists. In response, Rogers and some other telecommunications providers have started to provide transparency reports. Rogers’ web site on this issue states that, "Our customers' privacy is important to us and that is why we have issued a Transparency Report. This report is designed to provide more details on the number and types of requests we received in 2013.” A pdf copy of the 2013 transparency report can be downloaded here and a draft paper on the signficance of transparency reports on public policy here.
Based on the most recent report we know that Rogers received a total of 174,917 requests, broken down thus:
- Customer Name/Addres Checks: 87,856
- Court order/warrant: 74,415
- Government requirement letter (compelled to provide under fed/prov law): 2,556
- Emergency requests from police in life threatening situations: 9,339
- Child sexual exploitation emergency requests: 711
- Court order to comply with an international request: 40
Rogers said in the 2013 report they assume all costs with most court-ordered responses, but in some cases they charge a minimal fee to recover costs. If we assume that costs are somewhere between $10 and $100 for most requests, that means that Rogers spent between 1.7 million and 17 million in 2013 meeting these requests, more if I’ve underestimated the costs (Add a zero if lawyers were involved). Last May, according to the CP report, Rogers wrote to the RCMP and other divisions to introduce the new fees:
The fees applied to help in executing warrants for tracking customers’ movements through cellphone data, and for production of affidavits certifying records in cases where testimony is required to explain the records in court.
Further, based on prior court decisions, we also know that the courts think that reasonable costs should be born by the company to comply with production orders.
No oversight needed if we don’t pay?
When the courts say that reasonable costs should be born by the company, what they are saying is that those costs will be passed on to the customers. So we are all, at least those of us that pay for Internet or telephone services, are sharing the cost of government surveillance in the same way that we all share the costs for banks absorbing the costs of some forms of credit card fraud. But is it the same thing? Credit card fraud will happen, initiated by criminals, and is a normal if regrettable cost of doing business - like shoplifting in a retail store. Does responding to government requests for access to private customer records qualify as a normal cost of doing business? Maybe in a police state.
We should all recognize that accessing confidential information about suspected criminals is part of the criminal investigative procedure. We also recognize that this is an infringment on individual rights - which is why we generally require warrants, exigent circumstances, or some demonstration that the policy have done their due diligence in a way to balance their investigative wants against individual rights.
By offloading the costs of doing the information searches to the company, the burden on the police is reduced. And if the bar for requesting is lower than a warrant (which seems to be the case given the numbers cited above) it becomes a trivial administrative exercise to obtain personal information about individuals who may or may not be reasonably suspected of a crime. Even if the police are asking for records that already exist, there needs to be some authorization, aside from an investigating officer’s unsupported desire for more information, to justify the request. And if the request is justified, then it’s a social cost that should be born by the government and subject to the normal oversight procedures for expenditures from the public purse.
Rogers’ primary duty, as a publicly held corporation, is the fiduciary duty to its shareholders. That includes reducing costs and increasing revenues. Bearing the cost of policing it’s customers meets neither of these requirements. It would be better if the costs, and accountabilities, of surveillance were born by the organizations that claim this is in the public interest. If so, then it’s a legitimate cost of government and should be subject to scrutiny by Parliament as our representatives. To do otherwise would be to evade the transparency and duck the accountability that are the hallmarks of a health democracy. The police have a duty to protect public safety, which includes protecting our privacy unless there is a specific and overriding reason to gather particular information about us.
I’m reminded of an exchange in Orson Welles great noirclassic, "A Touch of Evil" (1958):
Quinlan: Our friend Vargas has some very special ideas about police procedure. He seems to think it don't matter whether killers hang or not, so long as we obey the fine print.
Vargas: Captain, I don't think a policeman should work like a dog catcher in putting criminals behind bars. No! In any free country, a policeman is supposed to enforce the law, and the law protects the guilty as well as the innocent.
Quinlan: Our job is tough enough.
Vargas: It's supposed to be. It has to be tough. A policeman's job is only easy in a police state. That's the whole point, - who's the boss, the cop or the law?
Unless the police pay for, and have to justify on a case-by-case basis, customer identification, cell phone tracking, wire-tapping, and other invasions of privacy it becomes too easy for these invasions of privacy to become routine and for companies to become willing or unwilling partners in surveillance.