The government unveils its long-awaited national AI strategy this morning. AI Minister Evan Solomon has made it clear that the strategy will emphasize trust, noting that Canadians will only embrace the technology if they are confident their privacy is protected and safeguards are in place against potential harms. The privacy assurances are likely to take the form of a new private-sector privacy bill that includes European-style rules, stronger penalties, and recognizing privacy as a fundamental right. The government has proposed as much before, adding fundamental-rights language to the Consumer Privacy Protection Act in Bill C-27 before that bill died on the order paper. But the government is, at the same time, pressuring the public safety committee to pass Bill C-22, whose mandatory metadata retention regime is the single largest privacy risk in Canada in years and one that comparable countries have already struck down as a violation of the fundamental right to privacy. The disconnect is dizzying: the government cannot claim privacy as a fundamental right in the morning and enact mandatory metadata retention that overrides it in the afternoon.
Post Tagged with: "metadata"
More Misinformation on Bill C-22 as the Government Struggles to Defend Its Lawful Access Plan
Two posts on Bill C-22 in a single day are not my typical approach, but the volume of misinformation coming from the government about the lawful access bill has made it hard to keep up. Earlier today, I posted about the repeated use by government ministers and MPs of the phony “it’s just phone book information” analogy to misleadingly describe the collection of subscriber data and metadata. But a press conference yesterday by Public Safety Minister Gary Anandasangaree demands comment, as he accused U.S. tech companies of spreading misinformation, even though his own claims were plainly inaccurate and within hours required a walkback.
The Phony Phone Book Analogy: How Liberal Cabinet Ministers and MPs are Misleading Canadians About the Privacy Risks of Bill C-22
Justice Minister Sean Fraser appeared earlier this week before the Standing Committee on Justice and Human Rights, relying on what has become a standard defence of Bill C-22’s privacy implications, telling Conservative MP Roman Baber that the bill lets police access “a modern version” of what used to appear in the phone book. The “it’s just phone book information” claim has been repeatedly recycled by cabinet ministers and MPs alike. Public Safety Minister Gary Anandasangaree used the same framing to open the government’s second reading defence of the bill on April 15th, telling the House that “twenty-five years ago, there were phone books that every household had. Bell Canada would deliver phone books to virtually every household” and presenting lawful access as a restoration of what those phone books once provided to police. The problem is that the analogy is plainly misleading as the data captured by Bill C-22, whether subscriber data or metadata, is nothing like the name, address, and phone number that once filled the phone book.
The Government Tries to Make the Case for Bill C-22: Why Its Own Use Cases Reveal Disproportionate Overreach
Faced with growing criticism of Bill C-22, the government this week mounted a coordinated defence, with senior officials from CSIS, the RCMP, and Public Safety Canada sitting for on-the-record briefings with the Globe and Mail, the CBC, and others. While officials tried to make the case for lawful access, they failed to make the case for Bill C-22, as their use cases reveal a consistent pattern of overreach. Indeed, whether the issue is metadata retention or the technical capabilities the bill would mandate, the powers it would grant extend well beyond the targeted needs the officials describe, resulting in a disproportionate bill in need of significant amendment.
How Much Further Will Lawful Access Go?: Police Chief Tells Bill C-22 Hearing That Three Years of Metadata Retention Would Be “Ideal”
Metadata retention has emerged as one of the biggest lawful access concerns, with requirements that providers retain metadata for all subscribers for up to one year. As I argued before the Standing Committee on Public Safety and National Security last week, when retained at scale, the retention becomes a comprehensive surveillance map of virtually every Canadian with information on where and when they go and who they interact with. Under Bill C-22, this data would apply to every subscriber regardless of suspicion. The government’s Charter Statement remarkably fails to address the regime, despite the fact that bulk retention frameworks of this kind have been struck down by the European Court of Justice in Digital Rights Ireland and Tele2 Sverige, and by Germany’s Federal Constitutional Court.
Recent Posts
Everything All At Once: Bill C-34 Combines Platform Duties, a Kids’ Social Media Ban, AI Chatbot Regulation, and a Powerful Digital Safety Commission Into a Risky “Trust Us” Bet 
Yet Another Trade Battle Brewing: Why a Kids’ Social Media Ban Could Put Canada on a Collision Course With the U.S. 
Everything You Wanted to Know About a Kids’ Social Media Ban (But Were Rightly Afraid to Ask): A FAQ on Age Verification and Mandated ID for Everyone 
Bill C-22’s Clause-by-Clause Problem: The Government Includes Agencies Seeking Lawful Access Powers But Blocks the Privacy Commissioner’s Return 
You Can’t Put the Toothpaste Back in the Tube: Why the Government’s Reported “Temporary” Plan for a Kids’ Social Media Ban Would Mean Mandated ID for Everyone
