Summary of Submissions to the Lawful Access Consultation

Lawful Access FAQ

(Published 2005)

What is "lawful access"?

Law enforcement and national security agencies conduct investigations with the aid of certain techniques, one of which is lawful access.

For the police, this involves the lawful interception of communications and the lawful search and seizure of information, including computer data. Lawful access is a specialized tool used to investigate serious crimes, such as drug trafficking, money laundering, smuggling, child pornography, and murder. Lawful interception of communications is also an essential tool for the investigation of threats to national security, such as terrorism.

Lawful access can only be used with legal authority, i.e. a warrant or an authorization to intercept private communications, issued by a judge under specific circumstances. For example, authorizations to intercept private communications can only be used to target particular communications and can only be carried out for a specific period of time. In order to obtain a warrant to search for and seize data, there must be reasonable grounds to believe that an offence has been committed. For the Canadian Security Intelligence Service (CSIS), both the Solicitor General and a Federal Court judge must approve each warrant application.

Communications and information may be lawfully intercepted from:

Does lawful access legislation already exist?

Lawful access is provided for in legislation such as the Criminal Code, the Canadian Security Intelligence Service (CSIS) Act, the Competition Act and other acts. This legislation is subject to privacy laws and the Canadian Charter of Rights and Freedoms.

Why does lawful access legislation need updating?

Current Criminal Code provisions regarding the interception of communications were first adopted in 1974. The Criminal Code was amended in the 1980s to include specific references to computer systems in the search and seizure provisions, and again in the 1990s. In 1984, Parliament passed the CSIS Act, which provided CSIS with the authority to lawfully intercept private communications for national security purposes.

While technology has evolved considerably since then, Canada's lawful access laws have not kept pace. Increasingly complex technologies are challenging conventional lawful access methods. Criminals and terrorists are taking advantage of these technologies to assist them in carrying out illicit activities that threaten the safety and security of Canadians. To overcome these challenges, legislative tools, such as the Criminal Code and other statutes, must evolve so that law enforcement and national security agencies can effectively investigate criminal activities and threats to national security while ensuring that Canadians' privacy and human rights are protected.

The worldwide adoption of new communications technology and the increasingly global nature of crime underpin the need for international cooperation in developing effective solutions. Canada has cooperated with European and other countries in the development of the Council of Europe Convention on Cyber-Crime. Canada has also been working with G8 states on issues such as cross-border communications and combating high tech crime. Canada needs to update its legislation that provides for lawful access in order to be in a position to ratify the Convention on Cyber-Crime as well as to meet our G8 and other international commitments.

Communications technology keeps changing. How can the law keep pace?

Under the current laws, not all telecommunications service providers are required to design intercept capabilities into their networks. When a new technology or communication service is introduced, law enforcement and national security agencies often have to research and develop new methods to gain lawful access to those networks. The lack of a technical solution, or a delay in the ability to use it, hampers investigations and the prevention of serious crimes or threats to national security.

To address this issue, the government is proposing that service providers in Canada be required to ensure their networks or infrastructures have the technical capability to enable lawful access by law enforcement and national security agencies when the agencies are legally authorized to intercept a communication or search and seize data.

Who uses lawful access?

Lawful access is used by law enforcement and national security agencies, such as the Royal Canadian Mounted Police (RCMP), the Canadian Security Intelligence Service (CSIS) and municipal and provincial police forces, as well as the Competition Bureau.

How often has lawful access been used and how has it been used?

Lawful access is a specialized and highly effective tool, reserved for the investigation of serious crimes and threats to national security. On an annual basis, the Solicitor General and the Security Intelligence Review Committee (SIRC) publish information regarding the number of warrants, orders and authorizations that the RCMP and CSIS have applied for in a given year. This information can be accessed at the following web addresses:

Examples of how lawful access has been successful include:

Is this initiative part of the Government of Canada's response to September 11th?

No. The consultation proposals are the result of a comprehensive review that began in October 2000 to address the problem of serious crime and threats to national security perpetrated with new technologies.

Why did the government consult on lawful access?

It is important for Canadians to participate in the development of Canada's laws and public policy. The government sought stakeholder input in order to assist in the development of updated lawful access legislation that will:

The Government of Canada released a consultation paper on lawful access in August 2002, which invited Canadians to submit views on these issues. The paper outlined proposals to ensure Canada's lawful access laws keep pace with new technologies. A number of submissions were received and have been summarized in a report posted on the Department of Justice website at Lawful Access – Consultation.

The government is currently studying the feedback that it obtained in order to refine the lawful access proposals.

Protecting Privacy

How is my privacy protected under lawful access legislation?

Current legislation that provides for lawful access, such as the Criminal Code, the Canadian Security Intelligence Service (CSIS) Act and the Competition Act, is subject to privacy legislation and the Canadian Charter of Rights and Freedoms and will continue to uphold the rights and freedoms of persons in Canada.

The use of lawful access is subject to rigorous reporting and accountability. Public complaints can be brought through several independent agencies, such as:

The Federal Court of Canada may also review the decisions taken by these agencies.

Any update to lawful access legislation will continue to protect the privacy of Canadians, be subject to the Charter and maintain controls and accountability measures. The intentional and unauthorized interception of private communications will continue to be an offence under the Criminal Code.

Will the police and security officials have expanded powers under new lawful access legislation?

The proposals regarding lawful interception aim to maintain the ability of law enforcement and national security agencies to investigate serious crimes and threats to national security, including terrorism, committed with the aid of the Internet and other new communications technologies. Simply put, information that has been available to law enforcement and national security agencies when criminals and terrorists used the mail, rotary phones and analog technologies should be available to them now.

The proposed Criminal Code amendments outlined in the consultation document aim to provide law enforcement agencies with more effective tools to investigate criminal acts in the digital age. Police would use these tools to gather information about specific, identified criminal or terrorist suspects. For example, the proposed data preservation order could be used to require a service provider not to delete the data of an identified individual who is the subject of an investigation for a specific period of time. Existing information, which may be vital to an investigation, would therefore be preserved until a court orders its release.

The proposed production order would require a third party, such as a communication service provider, to make data or information in its possession or control available to investigators within a specified time period, as set out in a court order. Under a production order, the service provider would provide the data or information to police, thereby eliminating the need for a police search. Production orders would be subject to the safeguards already in place for search warrants.

Are the police and security officials going to be monitoring everyone's Internet, e-mail content or cell phone use?

Law enforcement and national security agencies cannot intercept communications without being authorized to do so by law. Interception can only be carried out with lawful authority for targeted communications - for example, for a specific individual's communications - and can only be carried out for a specified period of time. Nothing put forward in the consultation paper would change these requirements.

Is a national database going to be created that contains everyone's web activity?

While a proposal was put forward for a national database of customer information that could be accessed under lawful authority, the lawful access proposals do not call for a national database containing the Internet activities of Canadians, nor do they call for a requirement for Internet companies to store all of their customers' communications.

What is data preservation and how is it different from data retention?

It is important to distinguish between data preservation and data retention. As proposed in the consultation paper, a data preservation order would require a service provider to keep existing data of a specific, identified individual who is identified by the courts as the subject of an investigation and not delete it for a specified period of time. This would ensure that information vital to an investigation is not deleted before the police can obtain a search warrant or production order to access the specific data.

Data retention, on the other hand, involves the collection of data from all users of a communication service - regardless of whether or not they are subject to an investigation. Data retention is not being proposed.

Will Internet service providers be required to keep records of all their customers' web activity?

It is important to clarify that data retention is not being considered in the lawful access proposals. ISPs would only be required to preserve specific data when requested to do so through a preservation order and only for a specific period of time. The proposed amendments would not require ISPs to retain data relating to their customers' web activity.