CRTC File: 8638-B2-201905879
Submission of the
Internet Society Canada Chapter
Who we are
The Internet Society Canada Chapter (ISCC) is a not-for-profit corporation that engages on internet legal and policy issues to advocate for an open, accessible and affordable internet for Canadians. An open internet means one in which ideas and expression can be communicated and received except where limits have been imposed by law. An accessible internet is one where all persons and all interests can freely access websites that span all legal forms of expression. An affordable internet is one by which all Canadians can access internet services at a reasonable price.
ISCC intervenes in this proceeding because the application by Bell Canada (“Bell”) raises serious concerns around both consumer privacy and open competition in the telecommunications market.
ISCC is fully aware of the impact that fraudulent and nuisance calls have on Canadians and we applaud Bell Canada for taking steps beyond what is required in CETRP 2018-484 to address this serious issue. However, we have serious concerns with the part one application from Bell Canada for two major reasons –
that Bell’s initiative will impact non-Bell customers and
we have serious privacy concerns about the proposed Artificial Intelligence “AI” system which does not provide any way for Canadians to opt-out of its data collection.
The operation of this system, and the criteria by which it will operate, are also shrouded in secrecy. Almost every detail of the application has been filed in confidence with the commission, making it virtually impossible for any third party to properly comment on this application.
We also reaffirm our view that, in regard to customer data and privacy, explicit consent must be given before any subscriber data can be used in a system such as this. In the case of this part one application, if Bell is granted the ability to turn this system on, it should be done as an explicit opt-in system only for Bell subscribers and Bell should be required to disclose in plain English to consumers how their calling and location data are being utilized.
Scope of the Application
The scope of this application is our primary concern. In paragraph 14 of the application, Bell says that “this blocking would impact all calls that transit or terminate on our network (i.e., even a call that originates internationally and is destined for another local exchange carrier (LEC) that is not our affiliate, but for which an interexchange carrier delivers the call to us to transit for them to that LEC, would be blocked based on the above criteria).” 1
Further, Bell clearly states “Subscribers will not have information as to the number of blocked calls that were directed to their telephone numbers.” Given that Bell subscribers will not have any information on the number or nature of blocked calls, it is only logical to assume that third parties whose calls merely transit Bells network would also not be able to access information on the number and nature of blocked calls.
We have no issue with Bell blocking calls to its own end-subscribers, but the idea that Bell will block calls which merely transit its network raises serious concerns for CLECs and resellers who may have calls blocked without any way of knowing that blocking occurred, resulting in customer service and other issues they have no way to resolve.
Data Retention and Privacy Issues
Given the scope outlined above, it is clear Bell will be collecting data from all calls, not just calls from Bell customers, which raises serious privacy concerns. With no opt-out mechanism, the calling data for a customer of a CLEC could be included in the Bell “AI” system without any consent or opt-out ability. Bell states this data today will only be used for the purpose of training the call blocking system, however, there is nothing stoping Bell from using this data in the future for other purposes, such as profiling customers to targeted marketing campaigns.
Bell also states in Para 8 of the RFI responses that – “calls would not be blocked without human review of the calls or call patterns”. It is not clear at all what Bell means by “human review of calls” – does this imply that Bell staff would be listening to the audio of these calls? If so, this raises some very serious concerns.
For the stored data in the AI system, Bells claims that this call data will be anonymized after the “prescribed retention periods” yet it never defines what those data retention periods are. Further, they claim “Anonymized aggregated data is not subject to this retention policy”. Finally, they also do not state if data, once anonymized, will be shared with third parties outside of Bell.
While the term ‘anonymized aggregated data’ implies that it would not contain any personal information (PI), Bell has yet to provide any details on how this data will be anonymized or aggregated to remove any subscriber-identifiable information
Several studies have been done in the past few years showing that almost all anonymized data sets can be de-anonymized2. An internal study for Sprint in the United States on attempts to anonymize cellular CDR data by Hui Zang and Jean Bolot clearly concluded that “Subscribers’ privacy is at risk if such data is not anonymized and handled properly” 3
Given the unspecified retention period for data, and the potential ability for anonymized data to be deanonymized, and the potential for data to be shared with third parties for unknown purposes this data collection and storage raises serious privacy issues, especially because this data will contain call metadata from non-Bell subscribers who may not even be aware their data is being used in the manor.
For the reasons above it is critical that Bell clearly define the data retention periods, how data is being anonymized, when and how data, even if “anonymized”, is shared with third parties, and ensure that only data for Bell customers is retained in the system.
Conclusion
As stated in our introduction, ISCC has no issue with Bell blocking calls to their own end customers provided that a proper opt-out mechanism and safeguards are in place to protect customer personal information. By contrast, the ISCC strongly opposes both allowing Bell to collect metadata on calls which merely transit its network, and in addition to block them.
Respectfully submitted, 14 October 2019, by the Internet Society Canada Chapter
Matthew M. Gamble
1 Bell submission, para 14
2 Ohm, Paul, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization (August 13, 2009). UCLA Law Review, Vol. 57, p. 1701, 2010; U of Colorado Law Legal Studies Research Paper No. 9-12. Available at SSRN: https://ssrn.com/abstract=1450006
3 Zang, Hui & Bolot, Jean. (2011). Anonymization of location data does not work: A large-scale measurement study.
Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM. 145-156. 10.1145/2030613.2030630.