Post Tagged with: "oversight"

Privacy is not a Crime by Jürgen Telkmann (CC BY-NC 2.0) https://flic.kr/p/pDmshR

Why Watching the Watchers Isn’t Enough: My Talk on Privacy, Snowden & Bill C-51

Last month, I had the honour of speaking at the Pathways to Privacy Symposium, a privacy event sponsored by the Privacy Commissioner of Canada and hosted by the University of Ottawa. The event featured many excellent presentations (the full seven hours can be viewed here). My talk focused on the recent emphasis on the need to improve oversight, a common refrain in reaction to both the Snowden surveillance revelations and Bill C-51, the anti-terrorism bill. While better oversight is necessary, I argue that it is not sufficient to address the legal shortcomings found in both Canada’s surveillance legislation and Bill C-51. The full talk (which unfortunately has slightly delayed sound) can be viewed here or below.

Against Oversight: Why Fixing the Oversight of Canadian Surveillance Won’t Solve the Problem

Last summer, I discussed the Snowden leaks and concerns about Canadian surveillance activities with a senior government official. The official remarked that in the wake of the Snowden revelations the political risk did not lie with surveillance itself, since most Canadians basically trusted their government and intelligence agencies to avoid misuse (the steady stream of Snowden leaks and Canada’s increasingly apparent role may have changed this analysis). Rather, the real concern was with being caught lying about the surveillance activities. This person was of the view that Canadians would accept surveillance, but they would not accept lying about surveillance programs.

Those comments came to mind over the past week with the latest revelations about CSEC metadata surveillance. While the story has been characterized as an airport wifi surveillance issue, it is clear that the airport wifi angle misses the real concern. The leaked document and subsequent explanations reveal an attempt to identify travel patterns and geographic locations using user ID data over a two week period provided by a Canadian source (CSEC referred to this as metadata in the Senate committee hearing yesterday) along with a database of geo-locations of IP addresses supplied by Quova (I once served as an advisor to Quova). By identifying airport wifi IP addresses along with broader usage data and geo-identifying information, CSEC hopes to be able to identify locational movements of individual users. Bruce Schneier provides a helpful review of the likely intent of the program.

While some argued the program tracks Canadians and is therefore illegal (citing Charter violations and activities beyond the CSEC mandate), the Justice Minister maintains the program is legal and CSEC has defended the program in a release the day after the story broke and again at the Senate committee yesterday. Moreover, the CSEC Commissioner has posted a somewhat cryptic statement that emphasizes the independence of the review process. Ryan Gallagher has responded to those statements with a post arguing the denials are hollow.