Last month, I had the honour of speaking at the Pathways to Privacy Symposium, a privacy event sponsored by the Privacy Commissioner of Canada and hosted by the University of Ottawa. The event featured many excellent presentations (the full seven hours can be viewed here). My talk focused on the recent emphasis on the need to improve oversight, a common refrain in reaction to both the Snowden surveillance revelations and Bill C-51, the anti-terrorism bill. While better oversight is necessary, I argue that it is not sufficient to address the legal shortcomings found in both Canada’s surveillance legislation and Bill C-51. The full talk (which unfortunately has slightly delayed sound) can be viewed here or below.
Surveillance: America's Pastime by Jared Rodriguez / t r u t h o u t; Adapted: naixn, Jason Smith / feastoffun.com) (CC BY-NC-SA 2.0)
Citizen Four, Laura Poitras’ enormously important behind-the-scenes documentary film on Edward Snowden, won the Academy Award last night for best documentary. The film is truly a must-see for anyone concerned with privacy and surveillance. It not only provides a compelling reminder of the massive scale and scope of surveillance today, but it also exposes us to the human side of Snowden’s decision to leave his life behind in order to tell the world about secret surveillance activity.
Canada is not mentioned in the film, but that is not because we have been immune to similar surveillance activity. In the months since the Snowden revelations began, there have been many Canadian-related stories including reports on G8/G20 spying, industrial spying in Brazil, the “airport wifi” surveillance program, and the massive Internet download surveillance program.
As a lifelong Seattle Seahawks fan, this past Sunday’s Super Bowl – with the Hawks a yard away from winning their second straight championship only to give up a late interception – felt like a punch in the gut. Nearly two days later, I’m still trying to catch my breath. The end to Super Bowl 49 was the actually second time in the week that I was left feeling shocked and speechless. Throughout the week, the combination of Snowden revelations regarding Canada’s role in the daily tracking the Internet activities of millions and the introduction of Bill C-51, the anti-terrorism legislation, left me similarly grappling to make sense of the swirling developments.
It would appear that the immediate response from many, particularly the opposition parties, has centered on the need for improved accountability and oversight. There is no doubt that the failure to address Canada’s weak oversight system of surveillance and intelligence activities is a major flaw (particularly since oversight was actually reduced in 2012). For a government that introduced the Federal Accountability Act as its very first piece of legislation (and supported more oversight when in opposition) to now dismiss oversight as “red tape” is simply shameful. Better oversight and accountability should be a proverbial “no-brainer”: it bolsters public confidence and, as demonstrated elsewhere, need not undermine security-related operations.
Yet the problem with oversight and accountability as the primary focus is that it leaves the substantive law (in the case of CSE Internet surveillance) or proposed law (as in the case of C-51) largely unaddressed. If we fail to examine the shortcomings within the current law or within Bill C-51, no amount of accountability, oversight, or review will restore the loss of privacy and civil liberties.
After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.
While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.
The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.
My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill. Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.
The government yesterday introduced Bill C-44, the Protection of Canada from Terrorists Act. While some were expecting significant new surveillance, decreased warrant thresholds, and detention measures, this bill is a response to several court decisions, not to the attacks last week in Ottawa and Quebec. A second bill – which might use the U.K. legislative response to terror attacks as a model – is a future possibility, but policy decisions, cabinet approval, legal drafting, and constitutional reviews take time.
Bill C-44, which was to have been tabled on the day of the Ottawa attack, responds to two key issues involving CSIS, Canada’s domestic intelligence agency. The first involves a federal court case from late last year in which Justice Richard Mosley, a federal court judge, issued a stinging rebuke to Canada’s intelligence agencies (CSEC and CSIS) and the Justice Department, ruling that they misled the court when they applied for warrants to permit the interception of electronic communications. Mosley’s concern stemmed from warrants involving two individuals that were issued in 2009 permitting the interception of communications both in Canada and abroad using Canadian equipment. At the time, the Canadian intelligence agencies did not disclose that they might ask their foreign counterparts (namely the “five eyes” partners in the U.S., U.K., Australia, and New Zealand) to intercept the foreign communications.