rendered paste body
1st Session, 41st Parliament,
60-61 Elizabeth II, 2011-2012
house of commons of canada
BILL C-30
An Act to enact the Investigating and Preventing Criminal Electronic Communications Act and to amend the Criminal Code and other Acts
Her Majesty, by and with the advice and consent of the Senate and House of Commons of Canada, enacts as follows:
SHORT TITLE
Short title
1. This Act may be cited as the Protecting Children from Internet Predators Act.
PART 1
INVESTIGATING AND PREVENTING CRIMINAL ELECTRONIC COMMUNICATIONS ACT
Enactment of Act
Enactment
2. The Investigating and Preventing Criminal Electronic Communications Act, whose text is as follows and whose Schedules 1 and 2 are set out in the schedule to this Act, is hereby enacted:
An Act regulating telecommunications facilities to support investigations
SHORT TITLE
Short title
1. This Act may be cited as the Investigating and Preventing Criminal Electronic Communications Act.
INTERPRETATION
Definitions
2. (1) The following definitions apply in this Act.
“authorizedâ€
« autorisée »
“authorizedâ€, in relation to a person, means having authority, under the Criminal Code or the Canadian Security Intelligence Service Act, to intercept communications.
“communicationâ€
« communication »
“communication†means a communication effected by a means of telecommunication and includes any related telecommunications data or other ancillary information.
“interceptâ€
« intercepter »
“intercept†includes listen to, record or acquire a communication or acquire the substance, meaning or purport of the communication.
“Ministerâ€
« ministre »
“Minister†means the Minister of Public Safety and Emergency Preparedness.
“personâ€
« personne »
“person†includes a partnership, an unincorporated organization, a government, a government agency and any other person or entity that acts in the name of or for the benefit of another.
“prescribed†Version anglaise seulement
“prescribed†means prescribed by the regulations.
“telecommunications dataâ€
« données de télécommunication »
“telecommunications data†means data relating to the telecommunications functions of dialling, routing, addressing or signalling that identifies or purports to identify the origin, type, direction, date, time, duration, size, destination or termination of a telecommunication generated or received by means of a telecommunications facility or the type of telecommunications service used. It also means any transmission data that may be obtained under subsection 492.2(1) of the Criminal Code.
“telecommunications facilityâ€
« installation de télécommunication »
“telecommunications facility†means any facility, apparatus or other thing that is used for telecommunications or for any operation directly connected with telecommunications.
“telecommunications serviceâ€
« service de télécommunication »
“telecommunications service†means a service, or a feature of a service, that is provided by means of telecommunications facilities, whether the provider owns, leases or has any other interest in or right respecting the telecommunications facilities and any related equipment used to provide the service.
“telecommunications service providerâ€
« télécommunicateur »
“telecommunications service provider†means a person that, independently or as part of a group or association, provides telecommunications services.
“transmission apparatusâ€
« appareil de transmission »
“transmission apparatus†means any apparatus of a prescribed class whose principal functions are one or more of the following:
(a) the switching or routing of communications;
(b) the input, capture, storage, organization, modification, retrieval, output or other processing of communications;
(c) the control of the speed, code, protocol, content, format, switching or routing or similar aspects of communications; or
(d) any other function that is similar to one described in paragraphs (a) to (c).
Preservation of existing powers
(2) Nothing in this Act derogates from any power in the Criminal Code, the Canadian Security Intelligence Service Act or Part V.1 of the National Defence Act to intercept communications or to request that telecommunications service providers assist in such interceptions.
PURPOSE
Purpose
3. The purpose of this Act is to ensure that telecommunications service providers have the capability to enable national security and law enforcement agencies to exercise their authority to intercept communications and to require telecommunications service providers to provide subscriber and other information, without unreasonably impairing the privacy of individ-uals, the provision of telecommunications services to Canadians or the competitiveness of the Canadian telecommunications industry.
HER MAJESTY
Act binding on Her Majesty
4. This Act is binding on Her Majesty in right of Canada or of a province.
APPLICATION
Exclusions — Schedule 1
5. (1) This Act does not apply to telecommunications service providers in respect of the telecommunications services specified in Part 1 of Schedule 1 or to the telecommunications service providers in the classes listed in Part 2 of that Schedule in respect of the activities specified in that Part for that class.
Partial application — Schedule 2, Part 1
(2) This Act — other than sections 8, 9, 14, 15, 24 to 26, 28 and 32 to 64 — does not apply to the telecommunications service providers in the classes listed in Part 1 of Schedule 2 in respect of the activities specified in that Part for that class.
Partial application — Schedule 2, Part 2
(3) This Act, other than section 24, does not apply to the telecommunications service providers in the classes listed in Part 2 of Schedule 2 in respect of the activities specified in that Part for that class.
Amendment of Schedules
(4) The Governor in Council may, by regulation, amend Schedule 1 or 2 by adding, deleting or changing a telecommunications service, an activity or a class of telecommunications service providers.
OBLIGATIONS
Obligations Concerning Interceptions
Obligation to have capabilities
6. (1) For the purpose of enabling authorized persons to exercise their authority to intercept communications, every telecommunications service provider must have the capa-bility to do the following:
(a) provide intercepted communications to authorized persons; and
(b) provide authorized persons with the prescribed information that is in the possession or control of the service provider respecting the location of equipment used in the transmission of communications.
Confidentiality and security measures
(2) A telecommunications service provider, in connection with the interception of communications, must comply with any prescribed confidentiality or security measures.
Obligations for treated communications
(3) If an intercepted communication is encoded, compressed, encrypted or otherwise treated by a telecommunications service provid-er, the service provider must use the means in its control to provide the intercepted communication in the same form as it was before the communication was treated by the service provider.
Exceptions
(4) Despite subsection (3), a telecommunications service provider is not required to make the form of an intercepted communication the same as it was before the communication was treated if
(a) the service provider would be required to develop or acquire decryption techniques or decryption tools; or
(b) the treatment is intended only for the purposes of generating a digital signature or for certifying a communication by a prescribed certification authority, and has not been used for any other purpose.
Providing information as requested
(5) A telecommunications service provider that is capable of providing intercepted communications to an authorized person in more than one form or manner that conforms with the regulations must provide them in whichever of those forms or manners the authorized person requires.
Operational requirements for transmission apparatus
7. The operational requirements in respect of any transmission apparatus are that the telecommunications service provider operating the apparatus have the capability to do the following:
(a) enable the interception of communications generated by or transmitted through the apparatus to or from any temporary or permanent user of the service provider’s telecommunications services;
(b) isolate the communication that is authorized to be intercepted from other information, including
(i) isolating the communications of the person whose communications are authorized to be intercepted from those of other persons, and
(ii) isolating the telecommunications data of the person whose communications are authorized to be intercepted from the rest of the person’s communications;
(c) provide prescribed information that permits the accurate correlation of all elements of intercepted communications; and
(d) enable simultaneous interceptions by authorized persons from multiple national security and law enforcement agencies of communications of multiple users, including enabling
(i) at least the minimum number of those interceptions, and
(ii) any greater number of those interceptions — up to the maximum number — for the period that an agency requests.
No degradation of capabilities
8. A telecommunications service provider that meets, in whole or in part, an operational requirement in respect of transmission apparatus that the service provider operates must continue to so meet that operational requirement.
Maintaining capabilities in respect of new services
9. A telecommunications service provider that meets, in whole or in part, an operational requirement in respect of transmission apparatus that the service provider operates in connection with any of the service provider’s telecommunications services must meet that operational requirement to the same extent in respect of any new service that the service provider begins to provide using that apparatus.
Beginning to operate transmission apparatus
10. (1) A telecommunications service pro-vider that begins to operate any transmission apparatus for the purpose of providing telecommunications services must meet the operational requirements in respect of the apparatus, whether by means of the apparatus itself or by any other means.
Acquisition from another provider
(2) Subsection (1) does not apply in respect of transmission apparatus that a telecommunications service provider acquires from another telecommunications service provider and operates in order to continue to provide the same telecommunications service to approximately the same users. However, the acquiring service provider must continue to meet any operational requirements in respect of the transmission apparatus that the service provider from whom it was acquired was obligated to meet.
New software
11. (1) When a telecommunications service provider installs new software for any transmission apparatus that the service provider operates, the service provider must meet the operational requirements in respect of that apparatus to the extent that would be enabled by the installation of the software in the form available from the software’s manufacturer that would most increase the service provider’s ability to meet those operational requirements.
Other software licences or telecommunications facilities
(2) Subsection (1) applies even if the form of the software in question would require the telecommunications service provider to acquire additional software licences or telecommunications facilities to achieve that increased ability.
Global limit
12. Subject to section 14, a telecommunications service provider is not required, under sections 8 to 11, to increase the service provider’s capability to enable simultaneous interceptions beyond the applicable global limit.
Order suspending obligations
13. (1) The Minister may, by order made on the application of a telecommunications service provider, suspend in whole or in part any obligation of the service provider to meet an operational requirement that would arise from the operation of section 10 or 11.
Applications
(2) The application must
(a) specify the operational requirement with respect to which an order is sought;
(b) set out the reasons for making the application;
(c) include a plan that
(i) sets out the measures by which and the time within which the telecommunica-tions service provider proposes to meet the operational requirement specified in accordance with paragraph (a),
(ii) describes any measures that the service provider proposes to take to improve the service provider’s capability to meet the operational requirements, even if they are not yet applicable, and
(iii) identifies the stages at which and methods by which the Minister can measure progress in the implementation of the plan and the time, manner and form for reports the service provider proposes to make to the Minister; and
(d) conform with the prescribed requirements relating to the content or form of the application or the manner in which it is to be made.
Considerations
(3) In deciding whether to make an order, the Minister must take into account the public interest in national security and law enforcement and the commercial interests of the telecommunications service provider as well as any other matter that the Minister considers relevant.
Notification of decision
(4) The Minister must, within 120 days after the day on which the Minister receives the application, notify the applicant of the Minister’s decision to accept or refuse it and, if no notification has been received by the applicant at the end of that period, the Minister is deemed to have refused the application.
Conditions and term of order
(5) In the order, the Minister may include any conditions that the Minister considers appropriate and must fix its term for a period of not more than three years.
Obligation to comply with conditions of order
(6) The telecommunications service provider must comply with the conditions of the order as soon as the service provider begins to operate the telecommunications apparatus or installs the new software, as the case may be.
Notice of revocation
(7) The Minister may revoke an order on written notice to the telecommunications service provider if
(a) the service provider has contravened this Act, the regulations or the conditions of the order; or
(b) the order was obtained through misrepresentation.
Amendment
(8) The Minister may amend an order with the consent of the telecommunications service provider.
Ministerial orders
14. (1) The Minister may, at the request of the Commissioner of the Royal Canadian Mounted Police or the Director of the Canadian Security Intelligence Service and if in the Minister’s opinion it is necessary to do so, order a telecommunications service provider
(a) to comply with any obligation under subsections 6(1) and (2) in a manner or within a time that the Minister specifies;
(b) to enable, in a manner or within a time that the Minister specifies, a number of simultaneous interceptions greater than any maximum or limit that would otherwise apply;
(c) to comply, in a manner or within a time that the Minister specifies, with any confidentiality or security measures respecting interceptions that the Minister specifies in addition to those referred to in subsection 6(2);
(d) to meet an operational requirement in respect of transmission apparatus operated by the service provider that the service provider would not otherwise be required to meet; or
(e) to meet an operational requirement in respect of transmission apparatus operated by the service provider in a manner or within a time that the Minister specifies.
Limitation
(2) The Minister is not authorized to make an order under subsection (1) in respect of a telecommunications service provider in relation to a telecommunications service specified in Part 1 of Schedule 1 or in respect of a telecommunications service provider in a class listed in Part 2 of Schedule 1 or Part 2 of Schedule 2 in relation to the activities specified for that class in Part 2 of Schedule 1 or Part 2 of Schedule 2, as the case may be.
Compensation
(3) The Commissioner of the Royal Canadian Mounted Police or the Director of the Canadian Security Intelligence Service, as the case may be, must pay the telecommunications service provider an amount that the Minister considers reasonable towards the expenses that the Minister considers are necessary for the service provider to incur initially to comply with an order made under this section.
Equipment
(4) The Minister may provide the telecommunications service provider with any equipment or other thing that the Minister considers the service provider needs to comply with an order made under this section.
Non-application of sections 8 and 9
(5) Sections 8 and 9 do not apply in respect of any equipment or other thing provided by the Minister under subsection (4). However, the telecommunications service provider must provide notice to the Minister of any problems with the equipment or other thing provided and provide assistance in resolving the problem.
Order prevails
(6) An order made by the Minister under subsection (1) prevails over any regulations, to the extent of any inconsistency.
Delegation
(7) The Commissioner of the Royal Canadian Mounted Police and the Director of the Canadian Security Intelligence Service may delegate his or her power to pay amounts under subsection (3) to, respectively, a member of a prescribed class of senior officers of the Royal Canadian Mounted Police or a member of a prescribed class of senior officials of the Canadian Security Intelligence Service.
Statutory Instruments Act does not apply
15. The Statutory Instruments Act does not apply in respect of an order made under section 13 or 14.
Obligations Concerning Subscriber Information
Provision of subscriber information
16. (1) On written request by a person designated under subsection (3) that includes prescribed identifying information, every telecommunications service provider must provide the person with identifying information in the service provider’s possession or control respecting the name, address, telephone number and electronic mail address of any subscriber to any of the service provider’s telecommunications services and the Internet protocol address and local service provider identifier that are associated with the subscriber’s service and equipment.
Purpose of the request
(2) A designated person must ensure that he or she makes a request under subsection (1) only in performing, as the case may be, a duty or function
(a) of the Canadian Security Intelligence Service under the Canadian Security Intelligence Service Act;
(b) of a police service, including any related to the enforcement of any laws of Canada, of a province or of a foreign jurisdiction; or
(c) of the Commissioner of Competition under the Competition Act.
Designated persons
(3) The Commissioner of the Royal Canadian Mounted Police, the Director of the Canadian Security Intelligence Service, the Commissioner of Competition and the chief or head of a police service constituted under the laws of a province may designate for the purposes of this section any employee of his or her agency, or a class of such employees, whose duties are related to protecting national security or to law enforcement.
Limit on number of designated persons
(4) The number of persons designated under subsection (3) in respect of a particular agency may not exceed the greater of five and the number that is equal to five per cent of the total number of employees of that agency.
Delegation
(5) The Commissioner of the Royal Canadian Mounted Police and the Director of the Canadian Security Intelligence Service may delegate his or her power to designate persons under subsection (3) to, respectively, a member of a prescribed class of senior officers of the Royal Canadian Mounted Police or a member of a prescribed class of senior officials of the Canadian Security Intelligence Service.
Exceptional circumstances
17. (1) Any police officer may, orally or in writing, request a telecommunications service provider to provide the officer with the information referred to in subsection 16(1) in the following circumstances:
(a) the officer believes on reasonable grounds that the urgency of the situation is such that the request cannot, with reasonable diligence, be made under that subsection;
(b) the officer believes on reasonable grounds that the information requested is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property; and
(c) the information directly concerns either the person who would perform the act that is likely to cause the harm or is the victim, or intended victim, of the harm.
The police officer must inform the telecommunications service provider of his or her name, rank, badge number and the agency in which he or she is employed and state that the request is being made in exceptional circumstances and under the authority of this subsection.
Obligation of telecommunications service provider
(2) The telecommunications service provider must provide the information to the police officer as if the request were made by a designated person under subsection 16(1).
Communication
(3) The police officer must, within 24 hours after making a request under subsection (1), communicate to a designated person employed in the same agency as the officer all of the information relating to the request that would be necessary if it had been made under subsection 16(1) and inform that person of the circumstances referred to in paragraphs (1)(a) to (c).
Notice
(4) On receiving the information, the designated person must in writing inform the telecommunications service provider that the request was made in exceptional circumstances under the authority of subsection (1).
Creation of record by designated person
18. (1) A designated person who makes a request under subsection 16(1), or who receives information under subsection 17(3), must create a record that
(a) in the case of a request made under subsection 16(1), identifies the duty or function referred to in subsection 16(2) in the performance of which the request is made, describes the relevance of the information requested to that duty or function and includes any other information that justifies the request and any other prescribed information; and
(b) in the case where the designated person receives information under subsection 17(3), includes the information referred to in paragraph (a) as well as the circumstances referred to in paragraphs 17(1)(a) to (c).
Retention of records and dealing with information
(2) The agency that employs the designated person must retain records created under subsection (1) and deal with the information provided in response to requests made under subsection 16(1) or 17(1).
Use of information
19. Information that is provided in response to a request made under subsection 16(1) or 17(1) must not, without the consent of the individual to whom it relates, be used by the agency in which the designated person or police officer is employed except for the purpose for which the information was obtained or for a use consistent with that purpose.
Internal audit
20. (1) The Commissioner of the Royal Canadian Mounted Police, the Director of the Canadian Security Intelligence Service, the Commissioner of Competition and any chief or head of a police service constituted under the laws of a province who makes a designation under subsection 16(3) must cause internal audits to be regularly conducted of the practices of his or her agency to ensure compliance with sections 16 to 19 and the regulations made for the purposes of those sections and of the internal management and information systems and controls concerning requests made under sections 16 and 17.
Report to responsible minister
(2) The person who causes an internal audit to be conducted must, without delay, report on the findings of the audit to the responsible minister.
Copy of report
(3) A copy of the report on the findings of the audit must be provided by that person
(a) if it concerns the Royal Canadian Mounted Police or the Commissioner of Competition, to the Privacy Commissioner appointed under section 53 of the Privacy Act;
(b) if it concerns the Canadian Security Intelligence Service, to the Security Intelligence Review Committee established by subsection 34(1) of the Canadian Security Intelligence Service Act; and
(c) if it concerns a police service constituted under the laws of a province, to the public officer for that province whose duties include investigations relating to the protection of privacy.
Audit — Privacy Commissioner
(4) The Privacy Commissioner may, on reasonable notice, conduct an audit of the practices of the Royal Canadian Mounted Police or the Commissioner of Competition to ensure compliance with sections 16 to 19 and the regulations made for the purposes of those sections and of the internal management and information systems and controls concerning requests made under sections 16 and 17. The provisions of the Privacy Act apply, with any necessary modifications, in respect of the audit as if it were an investigation under that Act.
Audit — Security Intelligence Review Committee
(5) For greater certainty, the functions of the Security Intelligence Review Committee under section 38 of the Canadian Security Intelligence Service Act include the power to conduct an audit of the practices of the Canadian Security Intelligence Service to ensure compliance with sections 16, 18 and 19 and the regulations made for the purposes of those sections and of the internal management and information systems and controls concerning requests made under section 16.
Report concerning provincial audit capability
(6) The Privacy Commissioner must, in the report made to Parliament for each financial year, identify the public officers to whom copies of reports are to be provided under paragraph (3)(c) and report on the powers that they have to conduct audits similar to those referred to in subsection (4) with respect to the police services constituted under the laws of their province.
Records of service provider
(7) A person conducting an internal audit under this section may require a telecommunications service provider to give the person access to any records in the possession or control of the service provider that are relevant to the audit.
Definition of “responsible ministerâ€
(8) For the purposes of this section, “responsible minister†means
(a) in relation to the Commissioner of the Royal Canadian Mounted Police and the Director of the Canadian Security Intelligence Service, the Minister of Public Safety and Emergency Preparedness;
(b) in relation to the Commissioner of Competition, the Minister of Industry; and
(c) in relation to the chief or head of a police service constituted under the laws of a province, the Attorney General of that province.
Entitlement to fee
21. (1) A telecommunications service pro-vider that provides information to a person under section 16 or 17 is entitled to be paid the prescribed fee for providing the information.
Payment of fee by designating authority
(2) If the information is requested by a designated person under section 16, the fee is to be paid by the designating authority.
Payment of fee by police service
(3) If the information is requested by a police officer under section 17, the fee is to be paid by the chief or head of the police service that employs the police officer.
Preservation of existing authority
22. Nothing in this Act derogates from any other authority under law to obtain the information referred to in subsection 16(1) from a telecommunications service provider.
Deemed nature of information
23. Personal information, as defined in subsection 2(1) of the Personal Information Protection and Electronic Documents Act, that is provided under subsection 16(1) or 17(1) is deemed, for the purposes of subsections 9(2.1) to (2.4) of that Act, to be disclosed under subparagraph 7(3)(c.1)(i) or (ii), and not under paragraph 7(3)(i), of that Act. This section operates despite the other provisions of Part 1 of that Act.