Attack on Digital Privacy Rights of Canadians

Les faits

The Liberal government’s review of National Security Policy (“National Review”), which concluded on December 15, 2016, putatively marked an election promise aiming to improve upon the problematic parts of Bill C-51.  In response to this announcement from government, civil liberties organizations and privacy watchdogs repeated previous criticisms relating to the unnecessary and wide ranging digital privacy elements of C-51 and its establishment of the Security of Canada Information Sharing Act (“SCISA”).  However, rather than reversing newly legislated state intrusions into digital privacy rights, the Liberal government agenda has effectively encouraged the expansion of digital surveillance of Canadians both at home and abroad.  The 2016 Liberal National Security Green Paper ("Green Paper") , as the discussion-piece to start  the Review, has met with criticism based on its slick pro-security and policing perspective, while the on-line security questionnaire used for the public consultation revealed notable omissions and severe ideological biases.  The framework for Canada’s national security review has opened the door to even more serious threats to digital privacy than the very surveillance measures under C-51 that it had promised to remedy.     


Background

Bill C-51 established increased intelligence sharing within government, marked a dramatic shift in respect of the lawful scope of the government’s collection of private information of Canadians and lowered the threshold for accessing and maintaining private information in the hands of government.  The problematic impacts of Bill C-51 on the digital privacy rights of Canadians had been clearly and repeatedly identified by individuals and civil rights organizations in presentations to the Standing Committee on National Security and Defence in February 2015, but went unheeded and hence were not incorporated into law.  In the spring of 2015, the Liberal caucus in Parliament voted in favour of Bill C-51 and the massive changes it established through SCISA. However, in the run up to the November 2015 election, the Liberals promised to review the problematic elements of Bill C-51.  The establishment of a National Security Review process was a prominent item added to the Public Safety Minister’s mandate letter.  A three-month consultation process was announced by the government on September 8, 2016 that held regional consultations, accepted online submissions and administered an online questionnaire touching upon key points relating to national security challenges as identified by the government agenda.  The framework for the review was informed by a policy paper, known as the National Security Green Paper.  Following the closure of the review on December 15, 2016, all of the serious privacy deficiencies created by C-51 remain untouched despite ever increasing concerns regarding the monitoring of Canadians’ digital information.  No plan has been announced for implementing legislative changes following the Review.

The Liberal Green Paper

The Green Paper released in September 2016 styled itself as a document to “prompt discussion and debate relating to Canada’s national security framework”.  It has been criticized as a whitewash for making a case for the agenda of the national security agencies and cyber-crime policing, prompted by hypothetical crime scenarios.   Significantly, the Green Paper asks the question: “Should the government update [information access] tools to better support digital/online investigations? Is your expectation of privacy different in the digital world than in the physical world?”  Privacy, in this agenda, is represented as an obstacle to intelligence gathering and policing.  The publication of the Green Paper, moreover, was made only a few weeks after a resolution from Canadian chiefs of police seeking legal action to compel Canadians to disclose their computer passwords in order to facilitate police investigations. The paper suggests a pressing need for increasing digital surveillance, while sugar-coating existing laws and avoiding more fundamental questions that would entail the repeal or amendment of the SCISA.  The language, timing, strategic omissions and slanted perspective of the framing paper serve to foster an outcome of lowered public expectation, which flies in the face of earlier government promises of a review process that would serve to check the intrusive powers of C-51. Hence the consultation process was deeply and intentionally flawed.

Increased Access to Personal Information Unnecessary

SCISA has been criticized for relying upon the low standard of “relevance” to justify lawful access and retention of digital personal information.  This lowered threshold is at odds with CSIS’ perspective that Bill C-51’s legislative amendments were not necessary for the improvement of information sharing.  The Canadian Civil Liberties Association, for example, has argued that the SCISA was not even necessary.  The Privacy Commissioner of Canada, has also questioned why the new measures for information procurement could not use the higher standard of “strictly necessary” for access and retention of information as outlined under the CSIS Act.

Vulnerability of Basic Subscriber Information

The Liberal Green Paper argues for more efficient and timely access to Basic Subscriber Information (BSI) from users in order to facilitate national security investigations.  The consequent streamlining of BSI access would entail decreasing judicial oversight.  However, the simple dichotomy between robust oversight and administrative efficiency of BSI access has been criticized by the Information Technology Association of Canada as a false one as it does not identify any irremediable problems within the current framework of oversight.   A recent survey by the Office of the Privacy Commissioner cites government monitoring of personal information as a widespread concern, while the majority of those polled had poor knowledge of how intelligence data is used. 

Given that the United States has recently dismantled privacy protections designed to limit the sale of BSI to third parties, there is a risk that Canada might be prone to similar encroachment, although such commercial sharing is currently prohibited by CRTC.  Canadian internet subscribers may, however, be subject to de-identified information sharing through their internet service providers – i.e. data stripped of personal details.  American researchers contend that such information sharing bears the risk of being re-identified by correlation with other data – a potential threat that bears no mention in the Liberal Green Paper and which holds catastrophic implications for the digital privacy of Canadians.  

The Unchecked Threat of Foreign Monitoring

With its narrow focus upon the advancement of Canadian national security and policing interests, the National Review has also failed to consider the potential for building privacy safeguards against foreign surveillance.  US Executive Order 12333, for example, allows the National Security Agency (NSA) to spy on 850 Billion phone lines and internet records of Americans, as well as internet backbones throughout the world.  Recently, Executive Order 12333 has been expanded to allow the NSA to share its intercepted data with 12 other American domestic law enforcement agencies.  At present, the Canadian public has no knowledge as to whether such surveillance data from the US is already being shared with Canadian intelligence agencies through existing international information sharing agreements between Canada and the United States, or the rest of the Five Eyes (United Kingdom, Australia, and New Zealand).  The vulnerability of the digital privacy of Canadians is further imperilled by the January 2017 domestic safety executive order of Donald Trump, which explicitly excludes privacy protections for foreign nationals living within Canada. 

Civil Society Response to Protection of Digital Privacy

Canadian civil society organizations and privacy watchdogs have actively been engaging in public campaigns aimed at creating greater public awareness and advocacy of digital privacy in Canada.  In its submission to the National Review, for example, the Office of the Privacy Commissioner (OPC), repeated numerous recommendations  that it had previously made to the Standing Committee on National Security and Defence in 2015 recommending that information sharing, access and retention be governed by principles of necessity and proportionality.  The December 2016 OPC survey of Canadians on Privacy is also an important resource that details popular concerns regarding monitoring and use of personal information and identifies important gaps in public knowledge.

BCCLA has published a real time response and Blog review of the unfolding debate on Canada’s national security review by offering a Different Shade of Green Paper, which identifies key areas that were omitted from the Liberal Green Paper.  The organization also has created campaigns that have provided popular education around C-51 powers, and has advocated for the repeal of SCISA.

Open Media, a Vancouver-based non-profit community based organization, has specifically organized a campaign advocating for greater protection and safeguards against the sharing of Canadian digital information with the United States. The campaign’s goal, which is endorsed by the Office of the Privacy Commissioner, seeks to add Canada to a list of countries that will be exempt from surveillance of its nationals under the US Privacy Act.  In this regard, the failure of Canada’s National Security Review to touch upon the implications of US surveillance marks a glaring omission.

Leading Canadian technology and national security experts, like Michael Geist, Kent Roach and Craig Forcese have also been consistently cautioning against the expansion of digital surveillance.  Their critiques call for an evidence-based approach to evaluating Canadian privacy laws and a forward-looking consideration of new frontiers of privacy encroachment that have come to light since the dramatic revelations of Edward Snowden.    

 

Relevant Dates

January 30, 2015 – Bill C-51 introduced in Parliament

March 2015 – Presentations made to Standing Committee on Public Safety and National Security

June 18, 2015 – Bill C-51 passed as the Anti-Terrorism Act, 2015, amending various statutes as well as enacting the Security of Canada and Information Sharing Act (SCISA)

August 2016 – Canadian Association of Chiefs of Police (CACP) pass resolution seeking law to assist in unlocking digital evidence

September 8, 2016 – Canada publishes the Liberal Green Paper and begins its National Security Review

November 28, 2016 – BCCLA initiates “A Different Shade of Green Paper” Campaign

December 2016 – Office of Privacy Commissioner publishes 2016 Survey of Canadians on Privacy

December 5, 2016 – Office of Privacy Commissioner Submission to National Review

December 15, 2016 – National Security Review consultation closes

January 3, 2017 – New Rules issued by US Secretary of Defense and Director of National Intelligence for enhanced information sharing under US Executive Order 12333

January 25, 2017 – Presidential Executive Order on Domestic Safety is issued, allowing surveillance on non-US citizens living in America, including Canadians

Portée et conséquences

Freedom of Expression: The vulnerability of digital information, including BSI to collection, monitoring and sharing by the government may create a chilling effect for Canadians in their communication and use of digital technology.

Democracy: The National Security Review excluded key areas in its policy framework, which undermines its basis as a meaningful public consultation process with Canadians.

Democracy:  The orientation of the National Security Review does not align with the election promises of the government to address the problematic areas of C-51. 

Transparency:  The policy outcomes of the National Security Review and the government’s response to the concerns of Canadians regarding intrusions into their online privacy rights have not been clearly identified.

Fairness:  The erosion of existing privacy safeguards in favour of greater access for policing and intelligence bodies is both unnecessary and diminishes the fair and reasonable expectations of Canadians regarding their digital privacy.

Rule of Law: The potential use of information between Canadian intelligence agencies and their US counterparts in relation to the digital information of Canadians may effectively circumvent the purpose of Canadian privacy laws.  

 

Published: April 20, 2017

Image: Gleb Garanich / Reuters

 

Sources