Rogers got 175,000 requests for customer info
By Jim Bronskill, The Canadian Press
OTTAWA - Rogers Communications says it received almost 175,000 requests for customer information from government and police agencies last year, becoming the first major Canadian service provider to divulge the extent of its data sharing with authorities.
About half of the requests in 2013 were to confirm a customer's name and address, Rogers said Thursday in a report that comes amid public pressure on Internet and phone companies to reveal details of their dealings with law enforcement.
Rogers says it responds to name and address requests — which totalled 87,856 last year — so police do not issue a warrant to the wrong person.
"When provided with a name and address we will confirm whether or not the person is a Rogers customer and when provided with a listed phone number we’ll provide the name and address of a customer."
Otherwise, Rogers says, it hands over customer information only when forced by law, or in emergencies, after the request has been thoroughly vetted.
The Criminal Code, the federal privacy law for companies, and rules set out by the federal broadcast regulator govern how the communications firm shares customer data with government and law enforcement agencies.
It receives requests from agencies including the RCMP, Canadian Security Intelligence Service, Canada Border Services Agency, the Canada Revenue Agency, and provincial and municipal agencies like police forces and coroners, the report says.
Rogers received 74,415 requests in 2013 under a warrant or court order, including production orders, summons, subpoenas and search warrants issued by a judge or other judicial officer.
Such requests compel the company to provide customer information to police or other authorities or to attend court to provide testimony about customer information. Examples of information provided in these cases include account information like name and address, payment history, billing records or call records.
If it considers an order to be too broad, Rogers pushes back and, if necessary, goes to court to oppose the request, the report says.
However, it does not reveal how often that happens.
Rogers chief privacy officer Ken Engelhart said in an interview the company doesn't have the number because it hasn't tracked refusals — though he indicated it would start doing so.
"The tracking that we've been doing is for internal management purposes. It wasn't being done for transparency purposes, and so going forward we're going to need different kinds of data."
However, Engelhart called the number "significant."
"There's a lot of warrantless requests that we don't satisfy," he said.
For instance, Rogers won't hand over an unlisted phone number without a warrant.
Rogers received 9,339 requests from police last year about life-threatening situations — such as missing-persons cases. In addition, there were 711 emergency requests for assistance to police in child sexual exploitation cases.
Rogers says it does not allow agencies direct access to its customer databases, nor does it hand over metadata — the routing codes and other data about emails and calls — without a warrant.
"We only provide the information we are required to provide and this information is retrieved by our staff."
It recently emerged that nine Canadian telecommunications companies received a total of approximately 1.2 million requests from authorities for customer information annually, according to aggregate data gathered by the federal privacy commissioner in 2011.
Rogers has gone a step further by issuing the so-called transparency report on co-operation with law enforcement.
"Our customers’ privacy is important to us and that is why we are issuing this report," Engelhart says in the report. "We believe more transparency is helpful and encourage the government of Canada to issue its own report on these requests."
An informal coalition — including The University of Toronto's Citizen Lab, academics and civil liberties organizations — said in March that Canadians have only a vague understanding of how, why, and how often companies have disclosed information to government agencies.
This week the coalition received an updated response from Internet provider TekSavvy Solutions — one of Rogers' smaller competitors — saying it received 52 requests from government authorities in 2012 and 2013. It made 17 disclosures related to criminal investigations and denied the remaining 35.
Christopher Parsons, a postdoctoral fellow with The Citizen Lab, said the Rogers and TekSavvy reports are "positive steps in the right direction."
He singled out TekSavvy's response as "the gold standard" for company transparency on handling of subscriber information due to the extensive detail in its report.
"The bar has now been set: transparency reports are expected when doing business in Canada," Parsons said.
"There's only a question of how long until other companies adhere to what is becoming an industry best practice in Canada."
Follow @JimBronskill on Twitter