The recent stories about surveillance in the United States and Canada have generated increased debate in the media over the issue and I’ve been privileged to participate in several discussions. Last week, I sat down with Nick Taylor-Vaisey of Maclean’s to discuss the issue. The full interview is now posted here. Further, CBC’s Cross-Country Check-Up spent two hours discussing surveillance and privacy on Sunday’s show. I appeared as a guest at about the 54 minute mark. Yesterday, I also participated in a far-ranging debate on surveillance and transparency on TVO’s The Agenda. The video version of the program should be online shortly, but in the meantime a podcast version is available.
Finally, my technology law column (Toronto Star version, homepage version) this week focuses again on the disconnect between 20th century laws and 21st century surveillance. It notes that revelations about secret surveillance in the United States involving both Internet-based communications and the collection of metadata from all cellphone calls immediately raised questions about the possibility of Canadian involvement or the inclusion of Canadian data. Given the common communication infrastructure and similarities between Canadian and U.S. laws, it seemed likely that Canada was engaged in much of the same activities. Within days, it was reported that Canada has its own metadata surveillance program, with the ministerial approval coming in 2011 from Defence Minister Peter McKay.The government has tried to downplay the public concern by focusing on two safeguards. First, it argues that its secret metadata surveillance program only targets foreign communications. Second, it notes that the data captured is metadata rather than content and therefore does not raise significant privacy issues. â€¨â€¨Neither response should provide Canadians concerned for their privacy with much comfort. Indeed, the emphasis on these two issues highlights how Canadian surveillance laws have failed to keep pace with current surveillance technologies.
The suggestion that Canadians are not affected by surveillance targeting foreign communications does not stand up to even mild scrutiny. The same claims are made by other intelligence agencies, with each claiming that they limit surveillance to foreign targets. However, information sharing between intelligence services is common, providing a backdoor mechanism to access information.
The prospect that U.S. surveillance becomes a key source for Canadian agencies, while Canadian surveillance supports U.S. agencies, does not strike anyone as particularly far-fetched. Wayne Easter, a former government minister with responsibility for CSIS, has said that such sharing is common. In other words, relying on the domestic-foreign distinction is necessary for legal compliance, but does not provide much assurance to Canadians that they are not being tracked.â€¨â€¨
Moreover, given the commingling of data through integrated communications networks and “borderless” Internet services residing on servers around the world, distinguishing between Canadian and foreign data seems like an outdated and increasingly impossible task. In fact, the reported decision to stop the Canadian surveillance program several years ago arose in part due to fears of overbroad surveillance. In the current communications environment, tracking Canadians seems inevitable and makes claims that such domestic surveillance is “inadvertent” increasingly implausible.
Assurances that metadata surveillance is less invasive than tracking the content of telephone calls or Internet usage also ring hollow. Metadata can include geo-location information, call duration, call participants, and Internet protocol addresses. While officials suggest that this information is not sensitive, there are many studies that have concluded otherwise. These studies have found that metadata alone can be used to identify specific persons, reveal locational data, or even disclose important medical and business information.
The problem is that surveillance technologies (including the ability to data mine massive amounts of information) have moved far beyond laws that were crafted for a much different world. The geographic or content limitations placed on surveillance activities by organizations such as CSEC may have been effective years ago when such activities were largely confined to specific locations and the computing power needed to mine metadata was not readily available.
That is clearly no longer the case. The law seeks to differentiate surveillance based on geography, but there is often no real difference with today’s technology. Moreover, the value of metadata is sometimes greater than the actual content of telephone conversations. The current law provides few privacy protections and ineffective oversight in the face of intelligence agencies investing billions of dollars in surveillance technologies and telecommunications and Internet companies providing assistance that remains subject to court-imposed gag orders.
The legal framework leaves Canadians with 20th century protections in a world of 21st century surveillance. If we genuinely believe in preserving some privacy in an environment where everyone’s cellphone call is tracked, we must be open to significant legislative reforms and increased oversight that better reflects the realities of modern-day communications surveillance.