The House of Commons debate over Bill C-51, the anti-terrorism bill, began this week with strong opposition from the NDP, disappointing support from the Liberals, and an effort to politicize seemingly any criticism or analysis from the Conservative government. With the government already serving notice that it will limit debate, the hopes for a non-partisan, in-depth analysis of the anti-terrorism legislation may have already been dashed. This is an incredibly troubling development since the proposed legislation has all the hallmarks of being pulled together quickly with limited analysis. Yet both the Conservatives and Liberals seem content to stick to breezy talking points rather than genuinely work toward a bill that provides Canadians with better safeguards against security threats while also preserving privacy and instituting effective oversight.
The only detailed review to date has come from Professors Kent Roach and Craig Forcese. Their ongoing work - three lengthy background papers so far (Advocating or Promoting Terrorism, new CSIS powers, expanded information sharing) - provides by far the most exhaustive analysis of the bill and is a must-read for anyone concerned with the issue. Indeed, once you have read their work, it becomes readily apparent that all should be concerned with this legislation. Much of the focus to date has been on the lack of oversight and the expansive new powers granted to CSIS. However, the privacy implications of Bill C-51′s information sharing provisions also cry out for study and reform.
At first glance, expanding information sharing within government seems like a good idea since the consequences of failing to head off a terrorist attack because one government institution was unaware of what another knew could be devastating. Given the lack of Liberal study (it is simply not possible that the party fully assessed the legislation before pledging its support), it perhaps unsurprising that leader Justin Trudeau identifies expanded information sharing as one of the positive aspects of the bill.
However, Bill C-51′s Security of Canada Information Sharing Act, a bill within the bill, goes far further than sharing information related to terrorist activity. As Roach and Forcese persuasively argue, the bill effectively creates a "total information awareness" approach that represents a radical shift away from our traditional understanding of public sector privacy protection.
Daniel Therrien, the Privacy Commissioner of Canada appointed by this government less than a year ago, was the first to focus on the privacy implications of Bill C-51. Within hours of release of the bill, Therrien warned:
At this early stage, I can say that I am concerned with the breadth of the new authorities to be conferred by the proposed new Security of Canada Information Sharing Act. This Act would seemingly allow departments and agencies to share the personal information of all individuals, including ordinary Canadians who may not be suspected of terrorist activities, for the purpose of detecting and identifying new security threats. It is not clear that this would be a proportional measure that respects the privacy rights of Canadians. In the public discussion on Bill C-51, it will be important to be clear about whose information would be shared with national security agencies, for which specific purpose and under what conditions, including any applicable safeguards.
Roach and Forcese dig further into this issue, concluding that the information sharing provisions are excessive and unbalanced. There is much to digest, but the privacy concerns largely come down to three linked issues:
-- First, the bill permits information sharing across government for an incredibly wide range of purposes, most of which have nothing to do with terrorism ("It is, quite simply, the broadest concept of security that we have ever seen codified into law in Canada.").
-- Second, the scope of sharing is remarkably broad: 17 government institutions with the prospect of cabinet expansion as well as further disclosure "to any person, for any purpose."
-- Third, the oversight over public sector privacy has long been viewed as inadequate. In fact, calls for Privacy Act reform date back over three decades. The notion that the law is equipped to deal with this massive expansion in sharing personal information is simply not credible.
A more detailed look at each issue follows below. The cumulative effect is to grant government near-total power to share information for purposes that extend far beyond terrorism with few safeguards or privacy protections.
1. Information sharing purposes
The bill opens the door to information sharing due to "activity that undermines the security of Canada." Rather than using the CSIS Act definition, however, it creates a new expansive definition that covers:
any activity, including any of the following activities, if it undermines the sovereignty, security or territorial integrity of Canada or the lives or the security of the people of Canada:
(a) interference with the capability of the Government of Canada in relation to intelligence, defence, border operations, public safety, the administration of justice, diplomatic or consular relations, or the economic or financial stability of Canada;
(b) changing or unduly influencing a government in Canada by force or unlawful means;
(c) espionage, sabotage or covert foreign-influenced activities;
(e) proliferation of nuclear, chemical, radiological or biological weapons;
(f) interference with critical infrastructure;
(g) interference with the global information infrastructure, as defined in section 273.61 of the National Defence Act; [that provision reads: ""global information infrastructure" includes electromagnetic emissions, communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those emissions, systems or networks."]
(h) an activity that causes serious harm to a person or their property because of that person's association with Canada; and
(i) an activity that takes place in Canada and undermines the security of another state. For greater certainty, it does not include lawful advocacy, protest, dissent and artistic expression.
Terrorism is included within the definition, but several of these provisions would seemingly allow for information sharing for almost any investigative purpose, particularly "public safety" and the "economic or financial stability of Canada" (think of the government's recent reaction to the proposed CP strike, which was said to have major implications for the protection of the Canadian economy).
2. Scope of sharing
The government not only opens the door to sharing information for a myriad of non-terrorism purposes, but it also permits access for a broad array of government institutions and departments. The bill currently identifies the following 17 institutions and departments:
-- Canadian Border Services Agency
-- Canada Revenue Agency
-- Canadian Armed Forces
-- Canadian Food Inspection Agency
-- Canadian Nuclear Safety Commission
-- Citizen and Immigration
-- Foreign Affairs, Trade, and Development
-- National Defence
-- Public Safety
-- Public Health Agency
That list can grow, however, with cabinet empowered to add institutions and departments by regulation. Moreover, the inclusion of CSE, which has been the focal point of the Internet surveillance debate due to the Snowden revelations, suggests that CSE information could be readily shared across government departments despite repeated claims that its work does not target Canadians.
In addition to this form of information sharing, the bill also permits additional use and disclosure of information "in accordance with the law...to any person, for any purpose." Section 6 states:
For greater certainty, nothing in this Act prevents a head, or their delegate, who receives information under subsection 5(1) from, in accordance with the law, using that information, or further disclosing it to any person, for any purpose.
Roach and Forcese note that "in accordance with the law" is unclear, leaving the prospect of literally permitting disclosure to anyone for any reason.
3. Woeful oversight
Since the enactment of the Privacy Act in 1983, every federal privacy commissioner has urged the government of the day to strengthen it. Those calls have grown louder over the past decade as PIPEDA places tougher obligations on the private sector than the government places on itself. The law as it currently stands has weak annual reporting requirements from government agencies, does not provide much protection to Canadians from abusive treatment by foreign states, does not give the Privacy Commissioner order-making power, does not provide redress in cases involving harm, does not prevent over-collection of personal information, does not protect against surveillance where the data is not recorded, and does not feature security breach disclosure requirements. The expansion on information sharing without addressing the oversight and safeguards of the Privacy Act should simply be a non-starter.
Also on HuffPost:
According to documents given to Privacy Commissioner Chantal Bernier, the federal government asks telecom for data on subscribers 1.2 million times a year. That’s one request for every 30 Canadians, every year. Most of those requests don’t involve a warrant, and in 2011 telecoms complied with at least 784,000 of those requests.
The federal government spent more than $50 million buying high-security communications technology from the U.S. National Security Agency, according to data unearthed by Vice magazine. There have been at least 73 contracts for telecommunications equipment procured through the NSA over the past decade.
According to documents given to NDP MP Charmaine Borg under an access to information request, some telecoms are building databases of customer information specifically for police use. A Competition Bureau document noted the bureau had "accessed the Bell Canada Law Enforcement Database" 20 times in 2012-2013.
At least one Canadian telecom is evidently giving the government unrestricted access to communications on its network, according to documents from Canada’s privacy commissioner. The unnamed telecom says the government has the ability to copy the traffic on its communications network, then mine the copied data to determine what sort it is.
Critics say Bill C-13, the “anti-cyberbullying bill” the Harper government is promoting, is essentially a back-door for a host of measures that would allow greater government intrusion into private lives. The bill would provide legal immunity to telecoms that hand over customer data without a warrant, and would lower the standard under which police can get warrantless data. Digital rights group OpenMedia says the bill “would let ... authorities create detailed profiles of Canadians based on who they talk to and what they say and do online.” Pictured: Justice Minister Peter MacKay
Industry Minister James Moore's Digital Privacy Act is being billed as “protection for Canadians when they surf the web and shop online,” but critics say it amounts to a wholesale threat to the privacy rights it ostensibly aims to enshrine. Bill S-4 would allow internet service providers to share customer data with any organization that is investigating a possible breach of contract, such as a copyright violation, or illegal activity. Thus, private corporations, and not just the government, could obtain personal information about you. The bill would also eliminate court oversight of file-sharing lawsuits, which critics fear would lead to the sort of “copyright trolling” seen in the U.S.
An estimated 90 per cent of Canadian Internet traffic moves through the U.S., which means that Canadians are being caught up in the NSA’s surveillance dragnet, experts say. Data passes through “filters and checkpoints” and is “shared with third parties, with law enforcement and of course intelligence agencies that operate in the shadows,” says Ronald Deibert, head of the University of Toronto’s Citizen Lab.
Documents obtained by the Globe and Mail and The Canadian Press suggest that Canada is engaged in mass warrantless surveillance. The documents show then-Defence Minister Peter MacKay signed a ministerial directive in November, 2011, authorizing the re-start of “a secret electronic eavesdropping program that scours global telephone records and Internet data trails – including those of Canadians – for patterns of suspicious activity.”
Canada’s electronic spy agency, CSEC, will see its budget skyrocket to $829 million in 2014-15, from $444 million this year. Pictured: CSEC's new $1.2-billion headquarters in Ottawa, currently under construction.
According to journalist Glenn Greenwald’s book “No Place To Hide,” Canada took some $300,000 to $400,000 from the NSA in 2012 to develop surveillance capabilities. However, that money amounts to a drop in the bucket given CSEC’s $829 million budget for electronic surveillance. Pictured: Glenn Greenwald
The CSEC was in charge of developing an international standard for encryption keys to transmit data securely. But according to documents obtained by the New York Times, CSEC handed over control of the standard to the NSA, allowing the U.S. surveillance agency to build back-doors that allowed it to crack the encryptions. As a result, the NSA was able to crack data transmissions that internet users thought were secure.
The Harper government allowed the U.S. to carry out widespread surveillance in Canada during the G20 meeting in Toronto in 2010, according to documents leaked by NSA whistleblower Edward Snowden. Few details of the espionage were released, but it appears this is a sort of rotating circle of spying: Canada helped the U.S. and U.K. spy on the 2009 G20 conference in London.
Follow Michael Geist on Twitter: www.twitter.com/mgeist