The Standing Committee on Access to Information, Privacy and Ethics has been conducting a much-needed study on the privacy issues arising from the border and airports. The study has attracted considerable media attention, with the Privacy Commissioner of Canada warning about U.S. border phone searches and the CBSA promising to begin tracking cellphone searches. I appeared before the committee late last month alongside the Canadian Bar Association and privacy expert Kris Klein. The full transcript can be found here.
My opening remarks are posted below. I focused on four issues to consider in trying to address airport and border privacy concerns: Privacy Act reform, information sharing within government, the applicability of Charter rights at the border, and the role of the NAFTA negotiations.
Appearance before the House of Commons Standing Committee on Access to Information, Privacy & Ethics, September 27, 2017
Good afternoon. My name is Michael Geist. I am a law professor at the University of Ottawa, where I hold the Canada Research Chair in Internet and E-commerce Law. My areas of specialty include digital policy, intellectual property, and privacy. I have appeared many times before this committee on privacy issues and as always, I appear in a personal capacity representing only my own views.
I am grateful to the committee for its commitment to privacy and its efforts to highlight the privacy issues associated with our airports and border crossings. The media has regularly covered this issue: fears of device searches at borders, stories of information sharing that goes far beyond most reasonable expectations, and mounting concerns about the approach of U.S. law and border officials with respect to the privacy rights of non-citizens and non-permanent residents.
These stories hit home. They include the incident involving a Quebec resident who did not want his cell phone searched at the Canada border in Halifax. He was arrested for not giving the passcode when asked thereby hindering an investigation. In another incident, a Canadian man was denied entry into the US after Customs and Border Parol officers demanded he open his phone and looked through his apps. Yet another incident involved a Canadian photojournalist who was inspected on his way to Standing Rock. Officials photocopied pages of his personal journal and asked for his three mobile phone passwords which he said he could not disclose because of his ethical obligation to protect his sources. His phones were taken and returned hours later with tamper tape covering the SIM cards, suggesting the cards had been removed and copied.
The privacy associated with border crossings now captures seemingly everyone’s attention. I think it is worth asking why. I think there are at least three sources of concern that help point to potential policy solutions.
First, there is a feeling that border crossings represent “no privacy” zones in which officials are entitled to demand whatever information they wish and can use whatever means to acquire it. I know of technical experts who regularly wipe their phones or establish border crossing social media accounts in order to counter fears of invasive searches – both physical and digital – when crossing the border.
Second, as these stories suggest, the search itself has changed dramatically in recent years with the legal safeguards failing to keep pace. It is one thing to know that your belongings may be searched. Yet today our devices and the information they can access tell a far more personal story – from our social graph to our location history to our reading habits to our purchasing history. In searching this information, officials may be accessing everything. Doing so without appropriate safeguards understandably leaves many feeling vulnerable. The data indicates that these forms of searches has been increasing rapidly, with some U.S. policies positing that such searches can occur with or without suspicion.
Third, it may not be comfortable to say, but part of the concern stems from the fact that the U.S. border is by order of magnitudes the most significant one for Canadians. This is not solely a comment on the current U.S. administration. Rather, it reflects longstanding concerns about the U.S. approach to privacy and fears that U.S. privacy protections are weaker than those found in Canada. For example, the enactment of the USA Patriot Act after 9/11 opened the door to extensive access to personal information without traditional safeguards. Just over ten years later, the Snowden revelations reinforced the massive data gathering efforts of signals intelligence and law enforcement agencies. Most recently, the Trump Administration executive order aimed at reversing efforts to establish privacy protections for non-U.S. citizens and residents again placed the issue in the spotlight.
What to do?
I thought the Privacy Commissioner of Canada – who raised issues such as information sharing across borders, the US Executive Order, and CBSA searches – provided excellent context and advice.
I’d like to very briefly add comments on four issues.
First, this committee has done excellent work on Privacy Act reform. As you know, few areas within privacy in Canada are more overdue for updating. Indeed, there have been consistent and persistent calls for reforms for decades.
One method of addressing some of the airport privacy concerns is through the Privacy Act. Your proposed reforms to provide the Office of the Privacy Commissioner of Canada with greater powers would empower that office to examine border issues is a more comprehensive manner and open the door to more careful reviews of cross-border data-sharing arrangements. You recommended reforms. Now we need action.
Second, information sharing within government remains a source of concern. Indeed, some of the most notable anecdotal stories involving abuses or questionable conduct at the border arise due to information sharing between governments and government departments. The Privacy Act and the OPC are supposed to create safeguards against misuse of personal information or the use of information for purposes for which it was not collected.
However, we have witnessed mounting pressure in recent years for more information sharing between governments and government departments. Bill C-51, which garnered widespread criticism, featured a significant expansion of government sharing of information, undermining the effectiveness of the Privacy Act. Unfortunately, the information sharing provisions were only modestly changed in that bill. Information sharing was considered a feature, not a bug, including by the Liberal party when in opposition.
Bill C-59, which seeks to amend Bill C-51, leaves most of the information sharing provisions intact. There are two needs here that must be reconciled. First, government needs to be able to use the information it collects in a reasonable and efficient manner. Second, the public needs confidence that its information will not be misused. That confidence comes from legislative safeguards and effective oversight. There is reason to believe we do not yet have the right balance.
Third, as the Privacy Commissioner has discussed, Canadian law should apply on Canadian soil. Reducing so-called friction at the border is a laudable goal. No traveller wants long lines or lengthy delays. However, expediency has a price and sacrificing Canadian Charter rights on Canadian soil is bad bargain. The Supreme Court has upheld unauthorized searches of devices and those principles should apply at the border.
Fourth, with NAFTA negotiations ongoing this week in Ottawa, I think it is important to link those trade talks with this issue. While there is no airport privacy chapter in the agreement, NAFTA touches on related issues. There will be pressure to speed up border crossings in the name of increased trade. Further, the digital trade chapter amy include provisions on data localization and data transfers. NAFTA is not a privacy deal, but the reverberations from the agreement will be felt within the privacy world.
The European Union has regularly linked privacy and data protection with trade. We should do the same, recognizing that these issues are linked and ensure that the policy recommendations that come out of this committee make their way to those negotiations. In fact, we could go further by seeking the same protections the U.S. accords to Europeans under the Privacy Shield to Canadians within NAFTA.
I look forward to your questions.