What If Twitter Were a Canadian Company Instead?

In “Twitter’s Response to WikiLeaks Subpoena Should Be the Industry Standard” , Ryan Singel of  Wired.com’s Threat Level writes,

To Twitter’s credit, the company didn’t just open up its database, find the information the feds were seeking (such as the IP and e-mail addresses used by the targets) and quietly continue on with building new features. Instead the company successfully challenged the gag order in court, and then told the targets their data was being requested, giving them time to try and quash the order themselves.

Twitter and other companies, notably Google, have a policy of notifying a user before responding to a subpoena, or a similar request for records. That gives the user a fair chance to go to court and try and quash the subpoena. That’s a great policy. But it has one fatal flaw. If the records request comes with a gag order, the company can’t notify anyone. And it’s quite routine for law enforcement to staple a gag order to a records request.

Some might believe that if Twitter, Facebook or Google were Canadian companies (with servers located within Canadian jurisdiction), then the risk of similar disclosure of personal IP and email  addresses or other private electronic information by court order or subpoena would be less likely.

Think again.

On May 25, 2010, the Government of Canada introduced amendments to the legislation protecting the personal information of Canadians in a Bill entitled An Act to amend the Personal Information Protection and Electronic Documents Act (PIPEDA). Bill C-29 has reached debates at second reading stage in the House of Commons.

According to the Industry Canada website:

“The PIPEDA amendments fulfill a commitment made by the Minister of Industry, The Honourable Tony Clement, to update Canada’s federal private sector privacy legislation as a key step towards Canada taking leadership in the digital economy. This Bill, which supports privacy in the digital age, is an important element of a modern, information-based economy, or “digital economy”, together with the new anti-spam legislation, Fighting Internet and Wireless Spam Act (FISA).

The Bill implements the Government Response to the Fourth Report of the Standing Committee on Access to Information, Privacy and Ethics: Statutory Review of PIPEDA. It responds to issues raised during the parliamentary review of the Act that resulted in a number of recommendations to fine-tune the legislation.

Bill C-29 includes amendments aimed at protecting and empowering consumers, clarifying and streamlining rules for business, and supporting effective law enforcement. This Bill will ensure that PIPEDA continues to be a world-class model for the protection of personal information in the private sector.” [emphasis added]

Two of Bill C-29’s features are noteworthy:

“This Bill will clarify that the Act permits organizations to collaborate with government institutions that have requested personal information, in the absence of a warrant, subpoena, or order.

[and in order to] protect the secrecy and integrity of investigations by law enforcement and security agencies, organizations will be prohibited from notifying an individual about the disclosure of his or her personal information, where the government institution to whom the information was disclosed objects.”

Lawful authority is “defined” in the new Section 7(3)(c.1) as follows:

(3.1) For greater certainty, for the purpose of paragraph (3)(c.1)

(a) lawful authority refers to lawful authority other than

(i) a subpoena or warrant issued, or an order made, by a court, person or body with jurisdiction to compel the production of information, or(ii) rules of court relating to the production of records; and

(b) the organization that discloses the personal information is not required to verify the validity of the lawful authority identified by the government institution or the part of a government institution.

Section 7(3)(c.1), further empowers the government acting with ” lawful authority” to obtain information without consent, to facilitate the performance of policing services not otherwise included under ss. 7(3)(c.1).

As updated by Glen Greenwald at salon.com the original  Order of federal Magistrate Judge Theresa Buchanan (pdf) made pursuant to 18 USC 2703(d) was ordered unsealed on January 5, 2011 (copy of unsealing order available here).

What if Twitter were a Canadian company with servers located in Canada?  Would Twitter’s policy of notifying its users be allowed?

Nope.

Section 7.4 of Bill C-29 will effectively operate as a statutory “super-injunction”, prohibiting an organization from informing an individual of any disclosure of his or her personal information to a government institution or part thereof, including:

(ii) the existence of any information that the organization has relating to a disclosure referred to in subparagraph (i), to a subpoena, warrant or order referred to in paragraph 7(3)(c) or to a request made by a government institution or a part of a government institution under subparagraph 7(3)(c.1)(i), (ii) or (v); or

(b) giving an individual access to the information referred to in subparagraph (a)(ii). [emphasis added]

Notwithstanding the foregoing, any subpoena, injunction or sealing order made under Canadian law is subject to judicial review. However, if the  information were to be disclosed, Canadian courts would likely not exclude such information in criminal proceedings which otherwise were instituted under “lawful authority”.  The “fruit of the poisoned tree” has never sprouted roots in the Canadian law of evidence.   It is also cold comfort to think that Canadian privacy rights and freedom of speech have less protection than afforded our neighbours to the South (and I don’t mean Mexico).

One Response to “What If Twitter Were a Canadian Company Instead?”

  1. Tweets that mention What If Twitter Were a Canadian Company Instead? « The Trial Warrior Blog -- Topsy.com Says:

    […] This post was mentioned on Twitter by Steve Matthews. Steve Matthews said: RT @AntoninPribetic What If Twitter Were a Canadian Company Instead?: http://wp.me/pCh12-cb […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: