And on the fourth day of Christmas, federally-appointed judges gave to us…four new Charter s.8 cases. There are two Federal Court cases involving CSIS intercept of IMSI information and seeking access to subscriber data. And two Supreme Court cases involving text messages received by the recipient and stored by the service provider.
Here’s the one-paragraph (often one long-run-on sentence) summaries:
- In the Matter of Islamist Terrorism (2017 FC 1047): In the course of targeted investigations under s.12 of the CSIS Act, CSIS may intercept International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) numbers emitted by mobile devices communications connecting to cellular networks without warrant, even though the privacy interest protected by section 8 applies, where CSIS does so in a minimally intrusive manner without seeking means of identifying the individual (in practice, because they already know who it is), does not capture communications content, does not geo-locate, does not interfere with 9/11 and emergency communications, and destroys all incidentally collected, non-target information. Bulk collection would be a different story (which is why this case is, in net, bad for CSE and its incidental collection of private communications and metadata).
- In the Matter of XXXX Threat-Related Activities (2017 FC 1048): CSIS cannot obtain a general court authorization allowing it to obtain basic identifying information from communications service providers for individuals whose identities are not yet known, but who may come to CSIS’s attention in the future, and the court cannot delegate such an authorization function when persons do come to CSIS’s attention to a designated CSIS official. But CSIS may obtain such authorization from the court for individuals and, indeed, classes of individuals where the court can understand the nexus between that class and the investigation, on a reasonable grounds to believe standard.
- R v. Marakah (2017 SCC 59): A sender retains a reasonable expectation of privacy in the communication, and inferences that can be drawn from it, stemming from text messages sent to a recipient and the diminishment of this control because the text message passes through a service provider and could be shared by the recipient does not change this and a warrantless search of the recipient’s phone to obtain these messages in circumstances where there was no plausible “search incident to arrest” breaches section 8 of the Charter.
- R v. Jones (2017 SCC 60): A service provider may properly intercept text messages for service delivery purposes, but this does not negate the sender’s reasonable expectation of privacy and the police must generally have court authorization to then obtain these text messages. Historical text messages may be obtained through the general production order in s.487.014 of the Criminal Code (on a reasonable grounds to believe standard) and need not receive a wiretap authorization under Part VI of the Criminal Code, unless the intercept will involve prospective communications, as opposed to historic communications.
These cases, combined with the federal Privacy Commissioner’s decision on a complaint about RCMP IMSI collection activities, create, well, a maze. The Privacy Commissioner concluded in September that RCMP warrantless collection was unconstitutional. This is hard to square with the new Federal Court’s decision on CSIS, but the Privacy Commissioner would probably say that the RCMP offered no specifics on what they were doing of the sort that led the Federal Court to conclude that CSIS’s warrantless intercepts were still reasonable, although done warrantlessly.
So here’s a brief scenario.
Hans, the scheming villain from a famous holiday classic, is working for the Chinese government, and conducting himself in a manner that constitutes a threat to the security of Canada under the CSIS Act and a violation of the criminal provisions found in the Security of Information Act (SOIA). So both CSIS and police have investigations underway (and are doing all that difficult deconfliction work that is a Canadian thing).
CSIS knows that Hans has a cellphone and they want to figure out what the IMSI number is. So they conduct a targeted intercept meeting the standards described In the Matter of Islamist Terrorism (above). They do this without warrant.
RCMP also wants to know what Hans’s IMSI number is. So either CSIS gives it them through an advisory letter (which seems very, very unlikely). Or they collect it themselves. But they have to use s.492.2 of the Criminal Code to get a transmission data recorder order from a judge, on a reasonable grounds to suspect standard.
Now CSIS wants to know where Hans has been going and what he will saying. So they need to go to Federal Court and obtain judicial authorization for an intercept under s.21 of the CSIS Act, on a reasonable grounds to believe standard. Section 21 is a one-standard provision for all sorts of intercepts, so this same standard will apply for archived geolocational metadata (obtained from a service provider) and content (wiretapped).
And now the police also want to know where Hans has been going and what he will saying. To know what he is saying, they need a Part VI Criminal Code warrant, allowing a wiretap. This too is on a reasonable grounds to believe standard. But for archived geolocational data, the police may be able to obtain a production order directed at the service provider, requiring that this sort of “transmission data” (metadata) be produced. Transmission data production orders may be obtained on a reasonable grounds to suspect standard.
So perhaps the police, who find it easier to share with CSIS than the vice versa, can share the transmission data with CSIS, obviating the need for CSIS to get their own metadata-related warrant?
Both CSIS and the police decide they should also figure out what Hans has been texting his friends in Beijing. Again, CSIS proceeds via Federal Court authorization under s.21 of the CSIS Act, for both archived texts and future intercepts. This requires a reasonable grounds to believe standard.
As per Jones, the police for their part can obtain the archived text messages from the service provider using a general production order under s.487.014 of the Criminal Code, issued by a judge on a reasonable grounds to believe standard. But to track his on-going texts, they need a Part VI wiretap order, on a reasonable grounds to believe standard. (And even if they had Hans’ friend’s phone, Marakah establishes they would need a search warrant to search it for the text messages, on a reasonable grounds to believe standard. Of course, if they arrested Hans they might be able to search his phone without warrant, as a search incident to arrest per Fearon. But Hans would need to have left it unlocked.)
This is all getting rather complicated. A “cacophony of lawful access rules” joins “herd of bison”, “murder of crows” and “pack of wolves” as a Canadian thing. It will be interesting to see if the government moves on lawful access reform in 2018. (So far this is a government showing real appetite to fix big things in the national security/public safety law space.)
For those looking for an immersive audio experience, Stephanie Carvin and I offer a longer discussion of these cases in Ep 15 of our Podcast Called Intrepid.
Edited this a bit because I realized that I messed up in the discussion of s.487.014.