Columns Archive

Cyber-security Plans Require a Privacy Perspective

Appeared in the Toronto Star on May 29, 2006 as No Carte Blanche to Spy on Citizens

Since taking office in late January, Prime Minister Stephen Harper has sought to distance himself from the policies of the preceding Liberal governments.  Perhaps no longer.  Information posted recently on a government directory indicates that the Conservatives are preparing to launch a new cyber-security initiative that may originate from a Liberal plan which was first proposed in April 2004.

In the aftermath of the events of 9-11, all governments moved rapidly to assess their national security needs.  The Canadian assessment led to a report entitled Securing an Open Society: Canada’s National Security Policy.  Touted as the first document of its kind, it featured a detailed plan for addressing future security threats.

The report specifically identified cyber-security as a critical infrastructure issue, noting that "the threat of cyber-attacks is real, and the consequences of such attacks can be severe."  The report committed to substantially improving Canada’s analysis of the vulnerability of Internet infrastructures as well as to strengthen its ability to defend its networks and to respond to cyber-attacks.

To achieve those goals, the report promised to establish a new national cyber-security task force, featuring both private and public sector participation, to be charged with the responsibility of reducing Canada' s vulnerability to cyber-attacks. The Liberal government solicited potential participant interest in the cyber-security task force.  To date, nothing has materialized.

It would appear that is about to change.  Although the website of the Ministry of Public Security and Emergency Preparedness Canada (PSEPC) does not currently contain any information on a cyber-security task force, the Government Electronic Directory Service, an online directory of thousands of federal government employees, foreshadows its establishment.

GEDS was recently updated to include a Cyber Security Task Force Secretariat within PSEPC.  The Secretariat, which apparently will function as its own bureaucratic unit within the Ministry, is already staffed with an Assistant Deputy Minister and a Senior Policy Analyst.

While the move to address shortcomings in Canada’s cyber-security framework is welcome, the creation of this task force raises three important issues.

First, who will be on the task force?  It is essential that the task force include representation from both privacy and civil liberties groups.  Security is a critical value, yet it must be imbued with full respect for the privacy and civil liberty rights of all Canadians.  Indeed, recent revelations of widespread telephone communications surveillance in the United States – frequently with the active, secret participation of telecommunications companies – provided ample evidence of the danger of focusing on security without counterbalancing with a privacy and civil liberties perspective.

Second, what other legislation could be introduced in such an environment? With a cyber-security task force on the way, speculation will increase that the Conservative government is also preparing to bring back so-called "lawful access" legislation.  Introduced last fall by the Liberal government, the innocuously sounding Modernization of Investigative Techniques Act envisioned the implementation of a host of new legal powers associated with near-ubiquitous surveillance technologies.

The bill, which failed to advance past first reading, included provisions requiring Internet service providers to install new interception capabilities into their systems with capabilities of capturing data and identifying specific subscriber activities.  Moreover, the legislation established new "production orders" that could be used to compel disclosure of tracking data such as cell phone usage as well as transmission data, including telecommunications and Internet usage information.

Most troubling was the lack of judicial oversight that accompanied the proposals.  These are precisely the concerns that have surfaced in connection with the United States surveillance revelations. Law enforcement authorities, defined to include CSIS agents, police officers and Competition Bureau investigators, were granted the right to obtain ISP subscriber information simply by requesting it – without a warrant.  

If MITA does return to the legislative agenda, the Conservatives would do well to consider improving the bill by incorporating the judicial oversight missing from the earlier proposal.

Third, how will Canadians be protected against online fraud and other Internet-based criminal activity?  The National Task Force on Spam (of which I was a member), expressed concerns about the ineffectiveness of Canadian law to counter spam, phishing, and spyware.  It recommended that the government introduce new legislation to help prevent such activities, which have been closely linked with identity theft, massive consumer losses, as well as reduced confidence in e-commerce and Internet communications.

Given the growing reliance on Internet communications, the move to address cyber-security issues is long overdue.  In tackling the issue, however, the government should ensure that privacy, civil liberties, and consumer protection considerations are included in the discussions.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law.  He can reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

Comments are closed.