Last April The Star reported that in 2011 alone, the Canadian government asked telecoms and social media companies to turn over user data on Canadians 1.2 million times. An interesting sidenote: the telecoms are charging the government for the privilege. Jesse Brown covered this in a number of Canadaland podcasts including an excellent one with Chris Parsons — a postdoc at of the Citizen Lab — entitled “Your Telecom Provider is Selling your Information to the Government”. One of the topics Chris talks about is his excellent form-letter for requesting your data from telecom providers under PIPEDA. You can find the letter plus all the contact information for the privacy officers of a number of telecom providers in Canada in this post: Responding the the Crisis in Canadian Telecommunications.
I decided to send my letters on May 5th and see what I got back. I use two telecom providers in Canada: Bell Mobility and Shaw Communications.
Bell responded on May 8th with an acknowledgement of my request. 19 days later, on May 27th they followed up informing me they couldn’t meet the PIPEDA-imposed time limit of 30 days, “because of the extent of the information requested.” I wonder if they are penalized for missing the deadline?
Shaw never acknowledged my letter. But just yesterday a package arrived for me. It was the full results from Shaw!
As you can see above, what they are willing to release is the following:
- Current subscriber information;
- Account notes;
- E-mail addresses associated to account;
- Copies of available service calls;
- Trouble ticketing notes;
- Transaction Records;
- Outbound call records for previous month; and
- Current IP address(es).
Incoming calls require a court order, says the letter, and “a fee is associated with provision of this documentation.”
I was hoping for some advertising/DPI type information, but that seems a no go. I was not expecting the package to be very thick, since I only use Shaw to connect to the internet and have only been with them for less than 2 years. Here are the results:
The first category was pretty innocuous, what you would expect. The second was pretty sparse, but had some unknown redactions:
The yellow bar is my own redaction… it is just my house address. Not even sure what the other stuff could be. I especially like the third note from May 1st:
REDACTED /. REDACTED
Only my current email showed up for category 3, which is interesting I guess. For #6, they only showed me Transactions back to February. Maybe they can only show the most recent 5 transactions? Since I only use Shaw for internet access the sections on “Webspace Accounts”, “Pay Per View Purchases” and “Call Records” were all blank.
Sections 4 and 5 are where things get interesting. There are records of service calls to my address from 2007. Since I only moved in there during 2012, it is interesting that I get to see what previous tenants have had done. Furthermore, there is a carriage house on my property — a separate home on the same lot, with someone else living in it — and I got copies of email queries with the tenant in there.
Interesting to see that Shaw records seem to be attached to physical locations and not unique account numbers. Doesn’t seem like good, privacy-first design to me.
Once I get my information from Bell, which should be more substantial, I will report back. In the meantime, please consider sending your own form letter to your telecom providers. It only takes a minute. Get the details at: Responding the the Crisis in Canadian Telecommunications.
Postscript June 5, 2014
I followed up with Shaw and they replied with some changes to their policy. Read the results.
[UPDATE July 11, 2014] Here is Bell’s response.