Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents. Last week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.
My weekly technology law column (Toronto Star version, homepage version) notes that in the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users’ identity, communication activities, and location data – all accessible to telecom companies, network providers, and surveillance agencies.
Last month, I had the honour of speaking at the Pathways to Privacy Symposium, a privacy event sponsored by the Privacy Commissioner of Canada and hosted by the University of Ottawa. The event featured many excellent presentations (the full seven hours can be viewed here). My talk focused on the recent emphasis on the need to improve oversight, a common refrain in reaction to both the Snowden surveillance revelations and Bill C-51, the anti-terrorism bill. While better oversight is necessary, I argue that it is not sufficient to address the legal shortcomings found in both Canada’s surveillance legislation and Bill C-51. The full talk (which unfortunately has slightly delayed sound) can be viewed here or below.
Citizen Four, Laura Poitras’ enormously important behind-the-scenes documentary film on Edward Snowden, won the Academy Award last night for best documentary. The film is truly a must-see for anyone concerned with privacy and surveillance. It not only provides a compelling reminder of the massive scale and scope of surveillance today, but it also exposes us to the human side of Snowden’s decision to leave his life behind in order to tell the world about secret surveillance activity.
As a lifelong Seattle Seahawks fan, this past Sunday’s Super Bowl – with the Hawks a yard away from winning their second straight championship only to give up a late interception – felt like a punch in the gut. Nearly two days later, I’m still trying to catch my breath. The end to Super Bowl 49 was the actually second time in the week that I was left feeling shocked and speechless. Throughout the week, the combination of Snowden revelations regarding Canada’s role in the daily tracking the Internet activities of millions and the introduction of Bill C-51, the anti-terrorism legislation, left me similarly grappling to make sense of the swirling developments.
It would appear that the immediate response from many, particularly the opposition parties, has centered on the need for improved accountability and oversight. There is no doubt that the failure to address Canada’s weak oversight system of surveillance and intelligence activities is a major flaw (particularly since oversight was actually reduced in 2012). For a government that introduced the Federal Accountability Act as its very first piece of legislation (and supported more oversight when in opposition) to now dismiss oversight as “red tape” is simply shameful. Better oversight and accountability should be a proverbial “no-brainer”: it bolsters public confidence and, as demonstrated elsewhere, need not undermine security-related operations.
Yet the problem with oversight and accountability as the primary focus is that it leaves the substantive law (in the case of CSE Internet surveillance) or proposed law (as in the case of C-51) largely unaddressed. If we fail to examine the shortcomings within the current law or within Bill C-51, no amount of accountability, oversight, or review will restore the loss of privacy and civil liberties.
Over the past eight months, the steady stream of Snowden leaks have revealed the existence of a massive surveillance infrastructure intent on capturing seemingly all communications, including metadata on phone calls, Internet searches, and other online activity. While much of the surveillance originates with the U.S. NSA, the leaks suggest […]