Any substantive changes in this Legislative Summary that have been made since the preceding issue are indicated in bold print.
On 14 February 2012, Bill C-30, An Act to enact the Investigating and Preventing Criminal Electronic Communications Act and to amend the Criminal Code and other Acts (short title: Protecting Children from Internet Predators Act) was introduced in the House of Commons by the Minister of Public Safety, the Honourable Vic Toews.
Bill C-30 deals with “lawful access.” Lawful access is an investigative technique used by law enforcement agencies and national security agencies that involves intercepting private communications and seizing information where authorized by law.
Bill C-30 basically groups together the provisions of former bills C-50, C-51 and C-52, which were introduced in the 3rd Session of the 40th Parliament and which all died on the Order Paper before second reading in the House of Commons. The structure of Bill C-30 follows that of these former bills: Part 1 enacts a new law governing “telecommunications service providers,” (former Bill C-52); and Part 2 amends the Criminal Code and other Acts respecting the interception of private communications (former Bill C-50), the modernization of certain offences and the creation of new investigative tools tailored to computer crime (former Bill).
Bill C-30 should be read in conjunction with Bill C-12, which also deals with lawful access. Bill C-12 amends the Personal Information Protection and Electronic Documents Act to expand the number of circumstances in which law enforcement agencies can ask private organizations to voluntarily provide them with personal information without consent.1
Part 1 of Bill C-30 addresses a concern expressed by law enforcement agencies that new technologies, particularly Internet communications, often present obstacles to lawful communications interception. The bill creates the Investigating and Preventing Criminal Electronic Communications Act (IPCECA), which permits the following:
Part 2 of the bill aims to update Canadian criminal law. More specifically, the principle amendments in the bill:
There are a few differences between Bill C-30 and former bills C-50, C-51 and C-52. For example, Bill C-30:
Since 1995, law enforcement agencies have called for legislation that requires all telecommunications service providers to have technical means in place to enable police services to carry out lawful interceptions on their networks.3
Following the development of a strategic framework in 2000, officials from Justice Canada, Industry Canada and the Solicitor General of Canada4 held public consultations in 2002.5 A summary of the results of the consultations was made public in 2003,6 and a bill on lawful access was introduced in November 2005: Bill C-74 (Modernization of Investigative Techniques Act).
Further consultations were held by Public Safety Canada in 2007, including consultations with representatives of the telecommunications industry, civil liberty groups and victims’ rights groups. In 2009, Bill C-47 (Technical Assistance for Law Enforcement in the 21st Century Act), which contained the key provisions of former Bill C-74, was introduced at the same time as a brand new bill on lawful access: Bill C-46 (Investigative Powers for the 21st Century Act). To these two bills - which were introduced again in 2010 in the following legislative session as bills C-51 and C-52 - a third was added: Bill C-50 (Improving Access to Investigate Tools for Serious Crimes Act). All these bills on lawful access died on the Order Paper before being passed.
According to a Public Safety Canada news release, at the January 2012 meeting in Charlottetown of federal, provincial and territorial ministers responsible for justice and public safety:
the ministers unanimously agreed on the need to enhance and modernize the investigative capability of law enforcement and urged the federal government to move forward on enacting previously introduced legislation.7
Since the 2002 consultations, debate has centred on whether there is a need for lawful access legislation, the appropriate level of protection for individual privacy rights, and the propriety and costs of imposing technical interception standards on private businesses.8
The procedures governing access to subscriber information held by Internet service providers (ISPs) are perceived by some to slow investigators’ access to vital information in today’s fast-paced, near-borderless digital world. It has been argued that the technical inability to isolate or intercept communications in real time may impede investigators and prosecutors. What is more, strong encryption techniques can prevent law enforcement and national security officials from accessing information unless they also have the power to access the decryption key.9
The Canadian national security community has argued that legislative amendments enabling reliable, fast and secure access to data held by telecommunications service providers, including subscriber information, are required in order for Canada to identify networked machines responsible for sophisticated cyber-attacks on strategic targets, and to actively protect valuable information and networks in Canada.10
Bill C-30 represents a step towards harmonizing the tools available to counter cybercrime at the international level, particularly regarding production orders, orders for the preservation of computer data and the interception capabilities of telecommunications service providers.11 Canada signed the Council of Europe’s Convention on Cybercrime in November 2001, as well as its Additional Protocol on hate crime in July 2005.12 The Convention requires states that are parties to the treaty to create offences under their domestic laws criminalizing certain uses of computer systems, and requires the adoption of legal tools adapted to deal with new technologies, such as orders to produce “subscriber information.” It seems, then, that Bill C-30 would allow Canada to ratify the Convention and its Additional Protocol. However, one might ask whether the bill goes further than required by the Convention.
The Convention does not specify the exact mechanisms that must be used to meet these obligations, leaving these choices up to the states that are parties to the treaty. Such choices include determining whether a warrant or other judicial authorization is needed prior to accessing information. In addition, the domestic criminal procedures that states are required to adopt under the Convention relate only to law enforcement activities - the Convention does not require states to create procedural mechanisms permitting the interception of private communications or the disclosure of private information for broader national security purposes. Finally, the Convention requires states to respect all relevant national and international human rights obligations when implementing their obligations under the treaty.13
Part 1 of the bill creates a new act: the Investigating and Preventing Criminal Electronic Communications Act (IPCECA).
At present, no Canadian legislation compels all telecommunications service providers to use apparatus capable of intercepting communications. Only licensees that use radio frequencies for wireless voice telephony services have been required, since 1996, to have equipment permitting such interceptions.14 There is no similar requirement for other telecommunications service providers.
Telecommunications service providers may legally intercept private communications in four cases:
In order to intercept the content of private communications, law enforcement and national security agencies require prior legal authorization, usually in the form of a judicial warrant.16 Bill C-30 will not alter these requirements.
On the other hand, once the relevant legal authorization has been obtained, all telecommunications service providers (including, for example, ISPs) will be required, under Bill C-30, to possess the technical capacity to allow law enforcement and national security agencies to intercept communications sent via the service provider.
Within six months of the date on which the bill comes into force, telecommunications service providers will have to submit a report to the minister stating their capability to respond to the interception requirements set out in the bill (clause 5).
The bill requires telecommunications service providers to meet the new technical standards for interception when updating their systems. Thus, any transmission apparatus acquired or software installed after sections 10 and 11 of the IPCECA come into force must comply with the new standards. In other words, there is no requirement under the bill for a service provider to update systems simply to comply with the new standards. However, at the request of the Commissioner of the Royal Canadian Mounted Police (RCMP) or the Director of the Canadian Security Intelligence Service (CSIS), the minister has the power to order a telecommunications service provider, before upgrading, to acquire communications interception capability that meets the new technical standards (secton 14 of the IPCECA).
In addition, Bill C-30 provides a transition period of 18 months during which obligations respecting interception capability are suspended (clause 3). However, the minister may order a telecommunications service provider to comply with these obligations during the transition period (section 14 of the IPCECA).
Under Bill C-30, telecommunications service providers must use apparatuses that enable law enforcement and national security agencies to intercept such elements as subscribers’ email and Internet protocol (IP) addresses, the date and time of communications and the types of files transmitted (“telecommunications data”),17 as well as the content of messages (content-related data).
Once a law enforcement or national security agency has obtained the necessary legal authorization, the telecommunications service provider must provide all communications that have been lawfully intercepted (section 6(1)). If possible, the telecommunications service provider must provide the intercepted communication in the form specified by the requesting agency, which includes decrypted communications if the telecommunications service provider has the technical capacity to provide this. However, telecommunications service providers are not required to develop specific decryption techniques themselves (sections 6(4) and 6(5)).
Bill C-30 requires that telecommunications service providers keep interception procedures and requests confidential (sections 6(2) and 23).
New telecommunications apparatuses must permit the interception of communications transmitted over the networks of telecommunications service providers and have the capability to do the following:
Telecommunications service providers also must have the capability to allow multiple law enforcement and national security agencies to intercept communications transmitted at the same time by more than one user.
At present, in most circumstances,18 private organizations (like ISPs) must disclose personal information about clients to law enforcement and national security agencies, without the consent of the individual(s) concerned, only if the relevant agency has judicial or other legal authorization to compel the production of the information. As the disclosure of personal information is not mandatory, the organization has the choice to voluntarily disclose this information. In practice, telecommunications service providers in Canada tend to disclose clients’ personal information voluntarily only in circumstances permitted under their service contract, and generally only in order to minimize an imminent danger to life or property.19
The legality of police requests for voluntary disclosure of subscriber information by telecommunications service providers (disclosure in the absence of a warrant) has been an issue before the courts, challenged as a violation of the right to be free from unreasonable search or seizure under section 8 of the Canadian Charter of Rights and Freedoms, which protects the privacy of the individual from intrusion by the state. The Supreme Court of Canada has held that individuals have a reasonable expectation of privacy regarding information that reveals intimate details about their lifestyle and personal choices.20 Judicial decisions as to whether a warrant is needed to access subscriber information, therefore, generally turn on whether the individual concerned could have a reasonable expectation of privacy regarding such information.
Whether individuals currently have such an expectation regarding subscriber information remains somewhat unclear, and the case law is fact-specific. A number of lower court decisions have held that subscribers cannot have a reasonable expectation of privacy in relation to such information.21 However, a reasonable expectation of privacy has been found in certain other cases.22 Recent case law suggests that it is more reasonable to expect respect for privacy when subscriber information can reveal computer equipment use habits that could expose intimate details about lifestyle or personality.23
Bill C-30 aims to provide clarity with respect to the types of information that may be disclosed to law enforcement or national security agencies without a warrant.
Bill C-30 establishes a process that enables designated people within law enforcement and national security organizations to request and obtain certain subscriber information from a telecommunications service provider, without a warrant or other legal authorization (section 16(1)). A number of safeguards are also built into this process.
Pursuant to the bill, only six types of information concerning telecommunications subscribers may be obtained without a warrant:
Bill C-30 seems, then, to provide a more limited list of information than that established by former Bill C-52. The list in the former bill, in addition to the six types of information listed above, included information associated with the subscriber’s equipment: the mobile identification number; electronic serial number (ESN); international mobile equipment identity number (IMEI); international mobile subscriber identity number (IMSI); and subscriber identity module card number (SIM).
Another difference respecting former Bill C-52 relates to the content of a written request made by a designated person: Bill C-30 expressly provides that, to obtain one of the six types of information, the police officer or CSIS agent must provide the telecommunications service provider with “identifying information.” The meaning of “identifying information” will be defined later by regulation (section 64(1)(l) of the IPCECA). Hypothetically, a police officer will have to provide an IP address to a telecommunications service provider in order to obtain the subscriber’s name and physical address.
Moreover, the bill does not require telecommunications service providers to gather information other than that already collected in the normal course of business. Nor are they required to verify the accuracy of this information (for example, the accuracy of a subscriber’s name or postal address).
In general, requests for subscriber information may be made, in writing, only by individuals who perform duties related to the protection of national security or law enforcement, and who are designated by the Commissioner of the RCMP, the Director of CSIS, the Office of the Commissioner of Competition or their chief of police (“designated persons”) (section 16(3)).
Each organization may designate a limited number of employees: a maximum of 5% of the agency’s employees or, where an organization has 100 or fewer employees, five persons (section 16(4)).
Designated members of police services may request, in writing, information that relates to any police function, whether it concerns the enforcement of federal or provincial laws, or the laws of a foreign state. Individuals designated by CSIS and the Commissioner of Competition may only request information relating to their functions under their relevant enabling legislation (section 16(2)).
Information obtained through these requests can be used only for the purposes outlined above, or for a use consistent with these purposes, unless the individual in question has given consent to broader use (section 19).25 Service agreements between telecommunications service providers and customers, which normally are contracts of adhesion,26 could incorporate a consent clause allowing for broader uses of information obtained pursuant to the bill.27
Police officers, whether designated persons or not under the bill, have the power to ask, orally or in writing, that telecommunications service providers disclose subscriber information without a warrant in urgent situations in the following circumstances:
Subsequently, a designated person from the same agency as the officer must provide a written account of the request to the telecommunications service provider (sections 17(3) and (4)).
Requests for information must be made in writing, and the reasons for any request and the information obtained must be recorded (section 18).
The Commissioner of the RCMP, the Director of CSIS, the Commissioner of Competition or a chief of police will be required to take measures to verify, on a regular basis, that the requests made by their respective organization comply with the provisions in Bill C-30 and its regulations (section 20(1)). In each case, they must then, without delay, report on the findings of this internal audit to the responsible minister (section 20(2)). Former Bill C-52 provided only for a subjective standard of reporting: the person who caused an internal audit to be conducted would have been required to make a report only when, in the person’s opinion, the audit revealed something that should be brought to the attention of the responsible minister.
Depending on the agency in question, the audit report also must be provided to an independent review body: the Privacy Commissioner of Canada (in the case of the RCMP or the Commissioner of Competition), the Security Intelligence Review Committee (in the case of CSIS) or the provincial public officer responsible for privacy protection (in the case of a provincial or municipal police service). There is no requirement that reports be furnished to other provincial accountability bodies that have review and/or oversight functions in relation to municipal or provincial police forces (section 20(3)).
The Privacy Commissioner of Canada and the Security Intelligence Review Committee have the power to conduct external reviews of requests for subscriber information provided for in the bill (sections 20(4) to 20(5)). The Privacy Commissioner also must report annually on the powers of provincial public officers to conduct external audits in relation to provincial and municipal police forces (section 20(6)). Currently, not all provincial privacy officers have the power to conduct the type of external audits envisioned in the bill.29
There is no specific power in the bill authorizing the RCMP Public Complaints Commission, which has the power to initiate an investigation into the conduct of any member of the RCMP or other person employed under the Royal Canadian Mounted Police Act, to access all information related to internal or external audits. The RCMP Complaints Commission currently does not have the power to compel the production of information or documents, unless a public hearing is held in relation to a specific complaint.30
The minister may designate any person an “inspector” to verify compliance with the provisions of the IPCECA. The inspector may enter any place owned by a telecommunications service provider to examine documents, information and telecommunications facilities; use computer systems to search and examine information; or use any other telecommunications device in that location (sections 34 and 36).
The inspector may, without a judicial warrant, photocopy and remove copies of any information found, and, in order to exercise these powers, enter and pass through private property, other than a dwelling-house (examples of such privately owned property could include office buildings, stores, yards, etc.). If the place in question is a dwelling-house - a structure that is occupied as a permanent or temporary residence - the inspector must obtain a judicial warrant in order to gain access without the occupant’s consent (section 35). Telecommunication service providers must give all assistance that is required during these visits to verify compliance (sections 34(3) and 38).
The IPCECA provides for two types of contraventions: violations and offences; violations are considered to be less serious infractions than offences. The IPCECA sets out fines for both types of contraventions. No provision is made for imprisonment.
The Governor in Council will determine, by regulation, which contraventions of the bill constitute a violation (section 39). The regulations will also establish the maximum fine that may be imposed for each violation. Fines may be as high as $50,000 in the case of an individual and $250,000 in the case of a corporation or any other entity.
An administrative procedure allows persons served with notices of a violation to dispute their liability by making representations to a person designated by the minister (section 43). Decisions made under this procedure may be appealed to the minister (section 44(1)), and the minister’s decision on appeal is subject to judicial review.31
The summary conviction procedure set out in the Criminal Code applies to offences, with fines of between $15,000 and $250,000 for an individual and between $15,000 and $500,000 for a corporation. The bill provides for four categories of offences (sections 55, 56(1), 56(2), 57):
The consent of the Attorney General of Canada is needed before a prosecution may be initiated in respect of the first two categories of offences (section 58).
The IPCECA will apply to all telecommunications service providers operating a transmission facility in Canada, subject to specified complete and partial exemptions contained in Schedules 1 and 2. The Governor in Council may amend these schedules by regulation to add or delete a class of telecommunications service provider (section 5(4)). The bill also sets out temporary exemptions for maximum periods of two or three years, depending on the case.
The IPCECA does not apply to private networks; that is, to persons who provide telecommunications services primarily to themselves, their household or their employees, and not to the public. Nor will the bill apply to telecommunications service providers that provide telecommunications services intended principally for the sale or purchase of goods or services other than telecommunications services to the public. Finally, the provisions of the bill will not apply to the core functions of financial institutions, registered charities, educational institutions (except post-secondary institutions), hospitals, places of worship, retirement homes, telecommunications research companies and broadcasters.
Post-secondary educational institutions, libraries, community centres, restaurants, hotels, condominiums and apartment buildings will be required to provide information about their telecommunications facilities to national security and law enforcement agencies, but will not be subject to the other obligations under the bill.
Telecommunications service providers that transmit communications on behalf of other telecommunications service providers without modifying communications or authenticating the users (known as intermediaries) will not be subject to the obligations regarding interception capability, unless they are made subject to these requirements by order of the minister (sections 14(1) and 14(2)).
The IPCECA provides the minister with the power to exempt telecommunications service providers from any obligation relating to interception capability, on application by the provider (section 13). It also allows the Governor in Council to create regulations that exempt certain categories of telecommunications providers from significant obligations, including those relating to interception capability and subscriber information. These two types of temporary exemptions may be subject to conditions and may be valid for up to three years and two years, respectively (section 32).
The bill also grants a three-year exemption for telecommunication service providers with fewer than 100,000 subscribers. However, these service providers must provide a physical connection point permitting national security and law enforcement agencies to intercept communications (clause 4 of the bill).
The IPCECA provides for three situations in which a law enforcement or national security agency must compensate a telecommunications service provider:
The definition of what constitutes “specialized telecommunications support,” as well as the amount of and criteria for compensation, will be set out in the regulations.33
The IPCECA provides for parliamentary review of the enforcement of its provisions five years after the day on which it comes into force.
Part 2 of Bill C-30 amends the Criminal Code, the Competition Act and the Mutual Legal Assistance in Criminal Matters Act to modernize criminal offences, legal instruments and provisions respecting the interception of private communications.
Part VI of the Code (“Invasion of Privacy,” section 183 and following) is the centrepiece of federal legislation on electronic surveillance by law enforcement agencies. Respecting the interception of the contents of oral communications or video footage and often involving a serious invasion of privacy, Part VI sets out stricter conditions for the issuance of a judicial authorization to intercept private communications than for the granting of a search warrant or a production order.34
While Code provisions regarding search and seizure were amended in the 1980s and 1990s to expressly include computers, most provisions in Part VI date back to 1974.
Police forces often use electronic surveillance in conjunction with other investigative techniques. Given that an application for judicial authorization to intercept communications is sometimes based on the same information as that presented in support of an application for a warrant - a search warrant for example - or may come from the same source, the bill allows the judge to give an authorization to intercept communications and, at the same time, issue the requested warrant.
Regardless of whether the interception is done with the consent of one of the parties to the communication (section 184.2 of the Code), without the consent of the parties (sections 185 and 186 of the Code) or for a maximum period of 36 hours in an emergency (section 188 of the Code), the judge can, in addition to giving an authorization to intercept, issue a search warrant, make an assistance order or issue a warrant to use a tracking device or a “transmission data recorder” (clauses 8, 10 and 12 of the bill). In cases other than emergencies (i.e., when sections 184.2, 185 or 186 apply), the judge can issue a general warrant, make a general production order or make a specific production order to obtain certain information, such as computer data or financial information (clauses 8 and 10 of the bill). In each case, these clauses allow police officers to more quickly investigate past or possible offences.
All documents relating to an application for authorization to intercept communications are confidential; that is why they are placed in a packet sealed by the judge (section 187 of the Code). Clause 11 of the bill provides that all documents relating to a request for a related warrant or order in connection with an authorization are subject to the same rules as an authorization to intercept, that is, they are kept secret, generally until the trial.
Currently, a peace officer can, pursuant to section 184.4 of the Code, intercept private communications without judicial authorization if the following conditions are met: (i) there are reasonable grounds to believe that the urgency of the situation is such that an authorization could not be obtained; (ii) an immediate interception is necessary to prevent an unlawful act that would cause serious harm to a person or to property; (iii) one of the parties to the communication is the originator or victim or intended victim of the unlawful act. The expression unlawful act is not defined elsewhere in the Code.
Clause 9 of the bill limits, to a certain extent, the scope of section 184.4 by replacing “unlawful act” with “offence,” which is defined in section 183 of the Code.35 Therefore, the interception of communications without authorization in the exceptional circumstances set out in section 184.4 is not permitted except in regard to the offences set out in section 183, as is the case for most other types of interception under Part VI.
Section 195 of the Code currently requires the federal minister of public safety and the attorney general of each province to prepare an annual report on the use by police forces of warrants for video surveillance and certain authorizations to intercept private communications pursuant to Part VI: authorizations to intercept communications without the consent of the parties to the communication (sections 185 and 186 of the Code) and authorizations valid for a maximum period of 36 hours in emergencies (section 188 of the Code).
Clause 13 of the bill extends the requirement to present a public report on interceptions without judicial authorization made in exceptional circumstances set out in section 184.4 of the Code. The clause also sets out the new information to be included in the report. However, other types of interception and electronic surveillance set out in the Code are still not subject to the requirement for governments to present a public report on their use: interception to prevent bodily harm without judicial authorization (section 184.1), interception with the consent of one of the parties to the communication (section 184.2) and use of a tracking device (section 492.1) or “number recorder” (section 492.2).
Lastly, as with interception without consent but with judicial authorization (sections 185 and 186 of the Code), clause 14 of the bill provides that, in the case of an interception without judicial authorization in exceptional circumstances set out in section 184.4 of the Code, the federal minister of public safety or the attorney general of a province must notify the person who was the object of the interception, generally within 90 days of the interception. On application to a judge, this period may be extended to three years if the police investigation is continuing (section 196 of the Code). As is currently the case, this extension may be obtained more readily if the investigation relates to a terrorism or organized crime offence.
Hate propaganda offences must be committed against an “identifiable group.” Respecting the offence of advocating genocide, clause 15 of the bill adds “national origin” to the definition of “identifiable group.” 36 Clause 16 of the bill, which applies to the offences of public incitement to hatred and of wilful promotion of hatred, adds mental or physical disability to this definition, in addition to national origin.
At present, section 327 of the Code makes it a crime to possess, manufacture or sell a device used for the theft of telecommunication services. Clause 19 of the bill essentially adds importing such a device or making it available. As well, the bill makes this indictable offence a hybrid offence; that is, the prosecutor will have the option of proceeding by indictment or summary conviction.
Under the existing provisions of the Code, only spreading or attempting to spread a computer virus37 constitutes an offence.38 In accordance with the requirements of the Convention on Cybercrime,39 clause 21 of the bill makes it illegal to possess a computer virus for the purpose of committing mischief, and also makes it an offence to import and make available a computer virus.
The existing provisions of the Code regarding the offences of sending a message in a false name and sending false information, indecent remarks or “harassing” messages (the French term harassants currently used in subsection 372(3) of the Code is replaced by harcelants in the bill) refer to certain communication technologies used to commit those offences, such as telegram, radio and telephone.40 Clause 22 of the bill amends those offences by removing the references to those specific communications technologies and, for some of those offences, substituting a reference to any means of telecommunication. As a result, it will be possible to lay charges regardless of the transmission method or technology used.
Additionally, the bill provides that the offences consisting of transmitting false information, indecent remarks or harassing messages will now be hybrid offences. Accordingly, the maximum sentence for the offences relating to indecent and harassing communications will be increased to imprisonment for two years, in the event that the prosecutor decides to proceed by indictment.
Information in electronic form may be easily and quickly destroyed or altered. Clause 24 of the bill therefore adds a new investigative tool to the Code to preserve this type of evidence. This tool may take one of two forms: a preservation demand or a preservation order. A preservation demand is made by a peace officer (new section 487.012 of the Code), while a preservation order is made by a judge, on application by a peace officer (new section 487.013 of the Code).
A preservation demand or order directs a person, such as a telecommunications service provider, to preserve “computer data” 41 that are “in their possession or control” when they receive the demand or order. However, a telecommunications service provider may still voluntarily preserve data and provide it to a law enforcement agency, even where there is no demand or order (new section 487.0195 of the Code).
This new investigative tool is different from the data retention measure in effect in some countries,42 which compels telecommunications service providers to collect and retain data for a prescribed period for all their subscribers, whether or not they are the subjects of an investigation. On the other hand, a preservation demand or order relates only to a particular telecommunication or person, in the context of a police investigation. A preservation demand or order may be given to a telecommunications service provider only where there are “reasonable grounds to suspect” 43 that an offence has been or will be committed (new sections 487.012(2) and 487.013(2) of the Code). However, the person who is suspected of the offence may not be compelled to retain data under a preservation demand or order (new sections 487.012(3) and 487.013(5) of the Code).44
Preservation demands and orders are temporary measures: they are generally in effect long enough to allow the law enforcement agency to obtain a search warrant or production order. The maximum length of a preservation demand is 21 days (in the case of an offence committed under federal law) or 90 days (in the case of an offence committed under a law of a foreign state), and the demand may be made only once (new sections 487.012(4) and 487.012(6) of the Code); the maximum length of a preservation order is 90 days (new section 487.013(6) of the Code).
A person who receives a preservation demand or order is required, after the demand or order expires, or after the data have been given to the law enforcement agency under a production order or search warrant, to destroy the computer data that would not be retained in the ordinary course of business (new sections 487.0194 and 487.0199 of the Code).
Contravention of a preservation demand is an offence punishable by a fine of not more than $5,000 (new section 487.0197 of the Code). Contravention of a preservation order is an offence punishable by a fine of not more than $250,000 or imprisonment for a term of not more than six months, or both (new section 487.0198 of the Code).
A production order is made by a judge and is similar to a search warrant, the difference being that the person in possession of the information must produce it on request, rather than the law enforcement agency’s going to the site to obtain the information by searching and seizing it. A law enforcement agency with a production order will be able to more readily obtain documents that are in another country, for example.
The Code already provides a procedure for obtaining a general production order, that is, an order that applies regardless of the type of information a law enforcement agency is seeking.45 Issuance of the order is based on the existence of reasonable grounds to believe that an offence has been committed. The Code also provides for specific production orders, that is, orders for obtaining certain precise information, such as banking information or telephone call logs.46 Issuance of specific production orders is based on the less stringent reasonable grounds to suspect that an offence has been or will be committed.
Clause 24 of the bill creates new specific production orders, issuance of which is based on the existence of reasonable grounds to suspect that an offence has been or will be committed, which allow a peace officer to obtain two types of information from a telecommunications service provider:47 “transmission data” (new section 487.016 of the Code) and “tracking data” (new section 487.017 of the Code).48
Essentially, “transmission data” are data that indicate the origin, destination, date, time, duration, type and volume of a telecommunication (e.g., a telephone call or Internet communication), but do not include the content of the telecommunication.49 The definition of “transmission data” is in this way similar to the definition of “telecommunications data” in Part 1 of Bill 30 creating the IPCECA. This type of data is useful: for example, it may be used to trace all telecommunications service providers involved in the transmission of data in order to identify the initial telecommunications service provider and thus determine the origin of a telecommunication (new section 487.015 of the Code). “Tracking data” relate to the location of a thing or individual.
These new production orders allow law enforcement agencies to obtain historical transmission or tracking data, that is, data already in the possession of the telecommunications service provider when it receives the order. To obtain these types of data in real time, law enforcement agencies need a warrant.
A review procedure is provided for challenging any type of production order, existing or new (new section 487.0193 of the Code).50 A person who has received an order may apply to a judge to revoke or vary it if production is unreasonable51 or discloses privileged information.52 In the case of a preservation order, violation of a production order is punishable by a fine of not more than $250,000 or imprisonment for a term of not more than six months, or both (new section 487.0198 of the Code).
At present, section 492.1 of the Code allows a peace officer with a warrant,53 to secretly install a tracking device (e.g., a GPS device) on a thing, if there are reasonable grounds to suspect that an offence has been or will be committed and that information that would assist in the police investigation, notably the whereabouts of a person, can be obtained through the use of such a tracking device.
Clause 28 of the bill retains this type of warrant, but makes a distinction between a warrant to install a tracking device on a thing, such as a vehicle, to track its movements (new section 492.1(1) of the Code) and a warrant to install that kind of device on a thing usually carried or worn by an individual, such as a cellphone, in order to track the individual’s location and movements (new section 492.1(2) of the Code). A warrant to track the movements of a thing is based on the existing standard of reasonable grounds to suspect that an offence has been or will be committed, while a more stringent standard applies to a warrant to track the movements of an individual: the existence of reasonable grounds to believe that an offence has been or will be committed.
In addition to allowing a tracking device to be installed, the bill allows law enforcement agencies to remotely activate devices of the kind that are found in certain types of technology, such as cellphones or the GPS devices in certain cars (new section 492.1(3) of the Code).
The maximum duration of a warrant for a tracking device is still 60 days. However, that period is extended to one year in the case of a terrorism organized crime offence (new section 492.1(5) and 492.1(6) of the Code).54
At present, subsection 492.2(1) of the Code allows a peace officer with a warrant to secretly install a number recorder on a telephone or telephone line, if there are reasonable grounds to suspect that an offence has been or will be committed and that information that would assist in the police investigation could be obtained through the use of this kind of recorder. The law enforcement agency could thus obtain the “incoming” and “outgoing” telephone numbers for a telephone that was being tapped.
Clause 28 of the bill provides for a warrant that authorizes a peace officer to install and activate a transmission data recorder 55 (new section 492.2 of the Code). As before, the warrant will allow law enforcement agencies to obtain telephonic data, but also to obtain data indicating the origin and destination of an Internet communication, for example. Police services will thus be able to have access to these transmission data in real time. As well, as in the case of a warrant to install a telephone number recorder, the new warrant is based on the requirement that there are reasonable grounds to suspect that an offence has been or will be committed. Lastly, clause 26 provides for the use of a transmission data recorder without a warrant in emergencies.
The new provisions of the Code concerning demands and orders for the preservation of computer data and orders for the production of transmission data and banking information will apply to certain investigations under the Competition Act. The Commissioner of Competition will thus be able to use these new investigative tools to obtain evidence relating to deceptive marketing practices and restrictive trade practices.
Clauses 35 to 37 of the bill modernize certain offences related to deceptive marketing practices offences, such as deceptive telemarketing and making misrepresentations about a product or service, and replace the reference to “telephone” as the means of committing these offences with “any means of telecommunication” used for communicating orally.
The Mutual Legal Assistance in Criminal Matters Act was enacted in 1988 and gives Canadian courts the power to issue compulsory measures, such as subpoenas and search warrants, to obtain evidence in Canada on behalf of a foreign state for use in a criminal investigation and prosecution being conducted by that state. The legislation aims to promote cooperation among states by establishing a system for exchanging information and evidence.56
The bill authorizes the Commissioner of Competition to execute search warrants issued under the Mutual Legal Assistance in Criminal Matters Act.
The bill provides that the production orders for obtaining banking information, transmission data or tracking data described in the Code may be used by Canadian authorities who receive assistance requests from their international partners.
* Notice: For clarity of exposition, the legislative proposals set out in the bill described in this Legislative Summary are stated as if they had already been adopted or were in force. It is important to note, however, that bills may be amended during their consideration by the House of Commons and Senate, and have no force or effect unless and until they are passed by both houses of Parliament, receive Royal Assent, and come into force. [ Return to text ]
© Library of Parliament