Fresh off appearing before a Senate committee on AI on Wednesday, yesterday I provided expert testimony to the Standing Committee on Public Safety and National Security as part of its study on Bill C-22, the government’s latest lawful access plan. Appearing alongside David Fraser and Robert Diab (the same trio that discussed the bill on my Law Bytes podcast), I opened my remarks by noting that technologies change, the governments may change, but the challenge with lawful access has always been the same: to give law enforcement and security agencies the tools they need to address serious crime while respecting Canadians’ privacy rights and the constitutional framework the Supreme Court has built around privacy in decisions such as Spencer and Bykovets. I focused on three major concerns with the bill, including mandatory metadata retention, the inadequacy of the systemic vulnerability safeguards, and the lowering of the production order threshold for subscriber information. My full opening statement is embedded below.
Post Tagged with: "metadata"
Wilful Blindness?: How the Lawful Access Charter Statement Skips Bill C-22’s Most Constitutionally Vulnerable Provisions
The committee hearings on Bill C-22, the lawful access bill, kick off later today with an appearance by Justice Minister Sean Fraser and Public Safety Minister Gary Anandasangaree, who will presumably use the opportunity to affirm their support for the bill and reject concerns that certain elements are inconsistent with the Charter of Rights and Freedoms. That position reflects the government’s Charter statement on the bill, which was released late last month. The statement walks through the Charter implications of new provisions such as the confirmation of service demand, yet what makes it particularly notable is that it avoids addressing some of the bill’s biggest concerns altogether with scant or no attention paid to mandated metadata collection and the risks associated with systemic vulnerabilities. Indeed, it is as if the government believes that if it ignores the potential violation of fundamental rights, the issue magically disappears.
Lawful Access Heads to Committee: The Opposition Found Its Voice, the Government Never Found Its Defence
After several days of debate in which the opposition to lawful access seemed half-hearted at best, the Conservatives woke up on Monday. MP after MP rose to argue, correctly, that Bill C-22 represents an unprecedented surveillance threat: mandated metadata retention (including location information) for up to a year, security vulnerabilities built into the interception architecture the bill requires, and a weakened legal standard for access to subscriber information. After days of debate with the government visibly struggling to defend its own legislation, this is precisely what the opposition should be targeting (coverage from day one, day two, day three).
The Lawful Access Debate Begins: Canadians Should Pay Attention to What the Government Isn’t Saying
When the government introduced Bill C-2 last year, it buried the lawful access provisions at the end of an omnibus border security bill and said as little about it as possible. The strategy failed, the provisions were abandoned after widespread criticism, and the government spent months consulting stakeholders before trying again. Bill C-22, the Lawful Access Act, is the follow-up attempt. If the first day of House debate on the bill is any indication, the approach hasn’t changed, as the government is once again hoping no one notices what is actually in the bill.
The Lawful Access Privacy Risks: Unpacking Bill C-22’s Expansive Metadata Retention Requirements
Much of the discussion around the new lawful access bill (Bill C-22) has focused on provisions that improved upon Bill C-2, notably the decision to scrap the warrantless information demand power by requiring judicial oversight for access to subscriber information. Yet despite that improvement, there remain serious privacy concerns with the government’s latest iteration of lawful access. Buried in the second half of Bill C-22 is a provision granting the government the power to require “core providers” to retain categories of metadata, including transmission data, for up to one year. This is mandatory metadata retention that would require telecom and electronic service providers to store information about the communications of all their users, regardless of whether those users are suspected of anything. It is one of the most privacy invasive tools a government can deploy and the international experience suggests that there are major privacy risks.
Recent Posts
Everything All At Once: Bill C-34 Combines Platform Duties, a Kids’ Social Media Ban, AI Chatbot Regulation, and a Powerful Digital Safety Commission Into a Risky “Trust Us” Bet 
Yet Another Trade Battle Brewing: Why a Kids’ Social Media Ban Could Put Canada on a Collision Course With the U.S. 
Everything You Wanted to Know About a Kids’ Social Media Ban (But Were Rightly Afraid to Ask): A FAQ on Age Verification and Mandated ID for Everyone 
Bill C-22’s Clause-by-Clause Problem: The Government Includes Agencies Seeking Lawful Access Powers But Blocks the Privacy Commissioner’s Return 
You Can’t Put the Toothpaste Back in the Tube: Why the Government’s Reported “Temporary” Plan for a Kids’ Social Media Ban Would Mean Mandated ID for Everyone
