Four years ago, Edward Snowden shocked the world with a series of surveillance disclosures that forced many to rethink basic assumptions about the privacy of online activities in light of NSA actions. In the years that have followed, we have learned much more about the role of other countries – including Canada – in similar activities (often in partnership with the NSA). The legality and oversight over these cyber-related programs fell into a murky area, with legal challenges over metadata programs, court decisions that questioned whether Canadian agencies were offside the law, the hurriedly drafted Bill C-51 that sparked widespread criticism, and concern over the oversight and review process that many viewed as inadequate.
Yesterday, the Liberal government unveiled Bill C-59, the first genuine attempt to overhaul Canadian surveillance and security law in decades. The bill is large and complicated, requiring months of study to fully assess its implications (reactions from Forcese/Roach, BCCLA, CBC, Wark, Amnesty). At first glance, however, it addresses some of the core criticisms of the Conservatives’ Bill C-51 and a legal framework that had struggled to keep pace with emerging technologies. Leading the way is an oversight super-structure that replaces the previous silo approach that often left commissioners with inadequate resources and legal powers. The government has promised to spend millions of dollars to give the new oversight structure the resources it needs alongside legal powers that grant better and more effective review of Canadian activities.
Read more ›
In the aftermath of the Snowden revelations in which the public has become largely numb to new surveillance disclosures, the Canadian reports over the past week will still leave many shocked and appalled. It started with the Ontario Provincial Police mass text messaging thousands of people based on cellphone usage from nearly a year earlier (which is not government surveillance per se but highlights massive geo-location data collection by telecom carriers and extraordinary data retention periods), continued with the deeply disturbing reports of surveillance of journalists in Quebec (which few believe is limited to just Quebec) and culminated in yesterday’s federal court decision that disclosed that CSIS no longer needs warrants for tax records (due to Bill C-51) and took the service to task for misleading the court and violating the law for years on its metadata collection and retention program.
The ruling reveals a level of deception that should eliminate any doubts that the current oversight framework is wholly inadequate and raises questions about Canadian authorities commitment to operating within the law. The court found a breach of a “duty of candour” (which most people would typically call deception or lying) and raises the possibility of a future contempt of court proceeding. While CSIS attempted to downplay the concern by noting that the data collection in question – metadata involving a wide range of information used in a massive data analysis program – was collected under a court order, simply put, the court found that the retention of the data was illegal. Further, the amount of data collection continues to grow (the court states the “scope and volume of incidentally gathered information has been tremendously enlarged”), leading to the retention of metadata that is not part of an active investigation but rather involves non-threat, third party information. In other words, it is precisely the massive, big data metadata analysis program feared by many Canadians.
Read more ›
Three years ago this month, Edward Snowden shocked the world with a series of disclosures that revealed a myriad of U.S. government-backed surveillance programs. The Snowden revelations sparked a global debate over how to best strike the balance between privacy and security and led to demands for greater telecom transparency.
My weekly technology law column (Toronto Star version, homepage version) notes that the initial Canadian response to the surveillance debate was muted at best. Many Canadians assumed that the Snowden disclosures were largely about U.S. activities. That raised concerns about Canadian data being caught within the U.S. surveillance dragnet, but it did not necessarily implicate the Canadian government in the activities.
Read more ›
Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents. Last week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.
My weekly technology law column (Toronto Star version, homepage version) notes that in the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users’ identity, communication activities, and location data – all accessible to telecom companies, network providers, and surveillance agencies.
Read more ›
As a lifelong Seattle Seahawks fan, this past Sunday’s Super Bowl – with the Hawks a yard away from winning their second straight championship only to give up a late interception – felt like a punch in the gut. Nearly two days later, I’m still trying to catch my breath. The end to Super Bowl 49 was the actually second time in the week that I was left feeling shocked and speechless. Throughout the week, the combination of Snowden revelations regarding Canada’s role in the daily tracking the Internet activities of millions and the introduction of Bill C-51, the anti-terrorism legislation, left me similarly grappling to make sense of the swirling developments.
It would appear that the immediate response from many, particularly the opposition parties, has centered on the need for improved accountability and oversight. There is no doubt that the failure to address Canada’s weak oversight system of surveillance and intelligence activities is a major flaw (particularly since oversight was actually reduced in 2012). For a government that introduced the Federal Accountability Act as its very first piece of legislation (and supported more oversight when in opposition) to now dismiss oversight as “red tape” is simply shameful. Better oversight and accountability should be a proverbial “no-brainer”: it bolsters public confidence and, as demonstrated elsewhere, need not undermine security-related operations.
Yet the problem with oversight and accountability as the primary focus is that it leaves the substantive law (in the case of CSE Internet surveillance) or proposed law (as in the case of C-51) largely unaddressed. If we fail to examine the shortcomings within the current law or within Bill C-51, no amount of accountability, oversight, or review will restore the loss of privacy and civil liberties.
Read more ›