“The Medium and the Message: Personal Privacy and the Forced Marriage of Police and Telecommunications Providers” (2006) 51:4 Criminal Law Quarterly 469-507.
Businesses and law enforcement agencies in Canada are increasingly interested in learning who is doing what online. Persistent client state http cookies, keystroke monitoring and a number of other surveillance technologies have been developed to gather data and otherwise track the movement of potential online customers. Many countries have enacted legislation that would require telecommunications service providers (TSPs) to build a communications infrastructure which would allow law enforcement agencies to gain access to the entirety of every telecommunication transmitted over their facilities. Canada is considering doing the same.
This article, co-authored with my longtime bud and colleague, Daphne Gilbert, with one of our fave researchers, Jena McGill, investigates the changing role of TSPs from gatekeepers of privacy to active partners in the fight against cybercrime. We argue that the legislative approach provoked by the Council of Europe’s Convention on Cybercrime and soon to be adopted in Canada and will lower the threshold of privacy protection and significantly alter the relationship between TSPs and individuals.
We begin our article with a brief investigation of the role of TSPs as information intermediaries. After that, we examine R. v. Weir, a Canadian search and seizure case involving a TSP that acted as an ‘agent of the state’ by sending to police copies of a customer’s personal emails without a warrant and without notice to the customer. Next, we examine the Council of Europe’s Convention on Cybercrime, an instrument that calls for state signatories implement provisions that will mandate an expedited interaction between TSPs and the police. Focusing on its potential implementation in Canada, we argue that the proposed Bill would lead to a lower threshold of privacy protection, requiring recourse to the Canadian Charter of Rights and Freedoms. Finally, we conclude by considering the privacy implications of the evolving roles of TSPs and their shifting technological architectures. We predict that privacy invasive practices that used to happen infrequently and with judicial oversight will soon become part of TSPs’ business routine. Our claim is that the evolving roles of TSPs and the shifting architecture of our communications infrastructure must be built with various safeguards that will not only further the goals of national security and law enforcement but will also preserve and promote personal privacy.
