Canadian Supreme Court Tightens Up Rules On Law Enforcement's Use Of Cell Tower Dumps
Techdirt. 2016-01-27
Summary:
Matthew Braga at Motherboard reports the Canadian Supreme Court has laid down some guidelines for law enforcement's access to "tower dumps" -- call records containing every phone that accessed towers during a specified period of time. While it doesn't direct law enforcement to seek warrants, it does at least provide more restrictive guidance for collection of these data dumps, which the court originally found to be so broad as to be unconstitutional.
In his ruling, Justice John Sproat defined seven "guidelines" that law enforcement, justices, and telecommunications companies would be able to refer to when faced with future production orders for tower dump data. The guidelines recommend that such requests...
- Be tailored for minimal intrusion into subscribers' privacy.
- Explain why specific cell towers and the dates and times specified are relevant to the investigation.
- Justify the types of records requested.
- Offer any additional details that might help a telecom company narrow their search and return fewer records.
- Request "a report based on specific data instead of a request for the underlying data itself"
- Or, if a report will not suffice, justify why the underlying data is required.
- Request manageable amounts of data that can be "meaningfully reviewed."
The new approach stems from the overly-broad nature of a request made by the Peel Regional Police, which was challenged by a service provider. During the agency's investigation of a jewelry store robbery, it requested dumps from 21 towers, covering more than 43,000 phone records. (The requested information was ultimately never handed over to the police.) While the new guidance is useful and will hopefully deter future expansive data requests (and is one step further than US courts have taken), it doesn't specifically address minimization of "non-hit" data, nor does it set a time limit for data prevention. While one Canadian privacy law (PIPEDA - Personal Information Protection and Electronic Data Act) sets limits for "organizations," law enforcement agencies do not fall under the law's definition. The court's instructions admit as much, noting the guidelines it suggests reside in a legislative black hole. This will now sit uncomfortably within the patchwork of privacy protections granted by the Canadian court. Law enforcement must now seek warrants to obtain subscriber information from ISPs -- something it used to be able to obtain with five minutes of self-generated paperwork. That's a good step forward, but the same court has also ruled that law enforcement can search arrestees' cell phones without a warrant -- devices that contain much more information than could be obtained from an ISP or cell phone provider. Its rationale for this decision? Drugs are bad, therefore warrantless searches.
Cellphones are the bread and butter of the drug trade, the majority said in a 4-3 ruling. It said police have been given the “extraordinary power” to do warrantless searches during an arrest, under common-law rules developed by judges over centuries, because of the importance of prompt police investigations.This moves Canada slightly ahead of the US in terms of limits on the acquisition of third party records, but behind it in terms of cell phone contents. The guidelines are a welcome addition, but the court is still a fair distance away from a coherent view on privacy expectations. Permalink | Comments | Email This Story