Paris November 2015 by Roberto Maldeno (CC BY-NC-ND 2.0) https://flic.kr/p/Bd5BLe

Paris November 2015 by Roberto Maldeno (CC BY-NC-ND 2.0) https://flic.kr/p/Bd5BLe

Columns

What Now? Privacy and Surveillance in Canada After the Paris Attacks

As the world grapples with the recent terrorist attacks in Paris, the policy implications for issues such as the acceptance of refugees and continued military participation in the fight against ISIL have unsurprisingly come to the fore. The attacks have also escalated calls to reconsider plans to reform Canadian privacy and surveillance law, a key election promise from the Trudeau government.

My weekly technology law column (Toronto Star version, homepage version) argues that despite the temptation to slow the re-examination of Canadian privacy and surveillance policy, the government should stay the course. The Liberals voted for Bill C-51, the controversial anti-terror law, during the last Parliament, but promised changes to it if elected. Even in the face of a renewed terror threat, those changes remain essential and should not have an adverse impact on operational efforts to combat terror threats that might surface in Canada.

The Liberals promised to establish an all-party review mechanism similar to those found in many other countries that will bring members of Parliament into the oversight process. The Conservatives’ opposition to increased oversight was always puzzling since oversight alone does not create new limitations on surveillance activities.  Rather, it helps ensure that Canada’s surveillance and police agencies operate within the law and restores public confidence in those entrusted with Canadian security.

The other Liberal commitments would similarly address oversight without curtailing surveillance powers. For example, the party promised to increase the powers of the Privacy Commissioner of Canada and to add a mandatory three-year review provision to the law.

Assuming that the oversight issue is addressed, the bigger question is what comes next.  There is a risk that the Paris attacks will renew calls to go beyond even Bill C-51, by restricting the use of encryption technologies that are widely used by financial institutions, health care providers, and a growing segment of the public (but may also be used by terrorist groups) as well as restricting a landmark Supreme Court of Canada ruling on the reasonable expectation of privacy in Internet subscriber information.

The security of all Canadians is absolutely crucial, but there is reason to believe that it can be achieved while still respecting individual privacy rights. Recent studies have emphasized the economic importance of encryption, which underlies the burgeoning Internet economy. To create restrictions on the use of encryption products would undermine consumer confidence, create economic harm, and do little to provide increased security.

Moreover, the Supreme Court of Canada’s Spencer decision on the reasonable expectation of privacy in Internet subscriber information merely confirmed what most Internet users already expected, namely that their personal information would not be disclosed to law enforcement without court oversight. The fact that Internet providers may have revealed such information in the past does not provide a compelling reason to eliminate the critical safeguards provided by the warrant process.

Perhaps the biggest challenge for Canadian privacy comes from access to personal information from outside of our borders. Canadian data is frequently transferred to cloud computing services located outside the country or traverses across non-Canadian networks, even when messages are between two Canadians.

The European Union has assumed a leadership role on the issue of global data transfers, with a recent European Court of Justice ruling that may lead to new restrictions on the transfer of data between Europe and the United States. Canada can ill-afford to remain on the sidelines as standards of privacy protection and access for surveillance agencies are developed.

Rather than slowing down work on Canadian privacy and surveillance policy, recent events in Europe point to the urgent need to address the inadequacies of Canadian oversight while also working to develop rules that provide Canadians with stronger assurances that the law is working to safeguard both their security and privacy.

6 Comments

  1. This week, RCMP Commissioner Bob Paulson demand to have access to Internet subscriber information without a warrant, as if going to a judge with evidence sufficient to get a warrant signed is endangering everyone. What is it about police forces that they keep wanting permission to skirt the law, the Charter and common sense?

    • “Security” is often used as an excuse to invade people’s privacy and fear tactics are used to promote such legislation. Just look at the useless ‘Transportation Security Administration’ that has yet to catch a single terrorist attack but has certainly annoyed countless passengers around the globe. I say never buy into it; your privacy is highly valuable and worth protecting.

    • Nicolas Rodrigue says:

      Cops have a tendency to hate having to be accountable to somebody else. More fun for them if they can just snoop around anywhere they like without having to prove reasonable suspicion.

  2. Devil's Advocate says:

    If Justin really wants to make a statement, he could start by pulling Canada out of the “Five Eyes” program, and announcing he will not be throwing away our Charter in the name of the “War on Terror” scam.

    If a government really wanted its people to regain privacy and other rights that are in the process of being stolen, they’d simply GIVE THEM BACK. But, all the proposals you see from all governments are just “baby steps” that are deliberately designed to leave all doors open for the Surveillance State.

    Until someone in power actually calls out all the FUD, returns Canada to its previous role as a promoter of peace and democracy, and stops supporting the American War Machine agenda, nothing good is being done.

  3. It’s been widely reported (I thought) that the Paris attacks were coordinated over plaintext with no encryption whatsoever. Therefore how can they be used as leverage to further erode our own protections?
    If people in power were genuinely concerned with our security, there would be a renewed push for improved NLP and sentiment analysis, not encryption reductions.

  4. DAVID MICHAEL says:

    Christmas Is Almost Here!
    Merry Christmas and a Happy New Year. Christmas 2015 is on its way. its time to get your finances in order so that you can afford to buy presents and pay your bills. Apply online today.
    @
    globalstandfinances@gmail.com