Important precedent for cell phone privacy in Canada set in landmark ruling
Police request for “tower dump” of user data from over 40,000 Rogers and Telus customers ruled a violation of privacy rights, and lays important groundwork for battling other privacy violations, including StingRay technologies and Bill C-51.
We’re only two weeks into the new year, but already there have been positive steps for our digital privacy landscape in 2016. Just this morning, an Ontario Superior Court judge made a critical ruling that will help protect your cell phone privacy.
The ruling found that police were in breach of the Charter of Rights and Freedoms when they asked Rogers and Telus to hand over the personal information—including deeply-revealing metadata—of over 40,000 customers in a “tower dump” of user data.
According to police, these kinds of tower dump requests are sought in two main circumstances:
a. “the police have reasonable grounds to believe that a series of crimes were committed by the same person in various locations.”
b. “the police are investigating a single incident [...] and have reasonable grounds to believe that the perpetrator used a cell phone at or near the crime scene.”
Unfortunately however, each of these requests put thousands of others Canadians’ personal privacy on the line, a risk that Judge Sproat deemed unreasonable for the potential outcomes for police investigations.
Justice John Sproat recognized the reasonable expectation of privacy in cell phone communications – a critical victory for Canadians’ privacy rights.
This decision reinforces concerns of the rights violations contained within Bill C-51, which greatly expand the ability of authorities to access Canadians’ private information without a warrant, and raises questions about the constitutionality of StingRay surveillance technologies, which mimic cell towers to produce similar results as tower dumps.
This critical ruling will help safeguard the privacy rights of countless Canadians. These tower dumps reveal that authorities are really pushing the limits when it comes to warrantless access to our private information. Our cell phone data says a lot about us – and this is an important step to ensuring that authorities are forced to demonstrate just cause for these kinds of requests.
In today’s ruling, Justice Sproat recognized the vulnerability of personal data and the perils of sharing information in large quantities without justification:
“It is not tenable to reason that since only the police will be in possession of this information any sensitive information will never see the light of day. One needs only read a daily newspaper to be aware of the fact that governments and large corporations, presumably with state of the art computer systems, are frequently “hacked” resulting in confidential information being stolen and sometimes posted on-line.”
When deciding to hear the case, Justice Sproat warned that “hundreds of thousands, if not millions” of Canadians were likely to be affected by similar requests each year. The guidelines laid out today will ensure that police can only access basic information about specific targets, rather than bulk collecting the personal information of thousands of innocent Canadians.
Today’s ruling reinforces the historic June 2014 Supreme Court R. v. Spencer ruling that required police to obtain a search warrant before obtaining private customer data from telecom companies, further demonstrating the value of metadata and the importance of protecting individuals’ data privacy.
Keep in touch with all the latest privacy developments by supporting the Protect Our Privacy Coalition at OurPrivacy.ca