Harper’s Online Surveillance Bill C‐13 Reveals “Canada’s Growing Privacy Deficit”

by: Obert Madondo  | Published Jun 8, 2014

Canada’s privacy experts are gravely concerned about Bill C-13, the Conservatives’ Orwellian cybercrime bill, deceptively named “Protecting Canadians from Online Crime Act“.

Last week, over 30 of them expressed their concern in a scathing letter addressed to Prime Minister Stephen Harper. The signatories also told Harper that, Daniel Therrien, the newly-appointed Privacy Commissioner of Canada, lacks the “perspective and experience necessary to immediately tackle Canada’s many privacy problems.”

In a previous blog post, I quoted outgoing privacy commissioner, Jennifer Stoddart, who said Bill C-13 lacks “accountability and reporting mechanisms to shed light on new investigative powers.” I added:

Stoddardts statement justifies civil libertarians’ concerns that the bill grants law enforcement agencies police too much powers to spy on Canadians’ online behaviour. The bill has also been seen as a revised version of the controversial online spying legislation Bill C-30, the “Protecting Children From Internet Predators Act“, which the Conservatives killed last year after fierce opposition from Canadians.

Here’s the full text of the letter, which you can also read HERE and HERE:

May 30, 2014

VIA EMAIL

The Right Honourable Stephen Harper
Prime Minister of Canada
House of Commons
Ottawa, ON, KIA 0A6
[email protected]

To the Right Honourable Prime Minister Stephen Harper

Re: Canada’s Growing Privacy Deficit

We write you to express our grave concern regarding Canada’s growing privacy deficit, evident in a number of the government’s policies and practices, including its refusal to fix privacy invasive elements of Bill C‐13, its failure to address long‐standing and well documented privacy problems and its nomination of a Privacy Commissioner of Canada who lacks the immediate expertise to tackle Canada’s long list of privacy challenges.

Bill C‐13, the Protecting Canadians from Online Crime Act, is not receiving the full and robust consideration its privacy‐threatening elements deserve before the Standing House of Commons Committee on Justice and Human Rights. Specifically, we join Ontario Information & Privacy Commissioner Ann Cavoukian, B.C. Information & Privacy Commissioner Elizabeth Denham, the Canadian Bar Association, and a number of other experts and affected individuals in calling for the severance of the cyber‐bullying‐specific elements of this Bill from the lawful access portions of the Bill. The merger of these two issues in one bill has been a direct impediment to any meaningful debate of the issues arising from these two quite distinct initiatives. Additionally, we wish to express a more general concern over this government’s growing disregard for the privacy of Canadians.

The government has been quick to repeatedly update police investigative powers in order to meet the challenges of the digital age (this is, in fact, the lawful access component of Bill C‐13), but has refused to fix long‐standing and well acknowledged privacy problems arising from the same technological developments. This general disregard for the need to update privacy protections is exacerbated by the government’s recent nomination of a Privacy Commissioner of Canada who lacks the immediate expertise and perspective necessary to tackle Canada’s many pressing privacy challenges.

Bill C13: Lack of Meaningful Debate Will Lead to Serious Privacy Violations

While many of the new investigative powers proposed in Bill C‐13 are acceptable, a number of them represent a serious over‐reach. These include particularly (but not exclusively):

  • Categorical  immunity  for  voluntary  datasharing  schemes:  Currently, telecommunications  and  other  companies  may  voluntarily  provide or  preserve customer  data  upon  request,  but  must  act  reasonably  and  in  good  faith  when responding to requests for doing so. Bill C‐13 will remove the existing obligation to act reasonably and in good faith;
  • Expanded Definition of Public Officers:  Bill  C‐13  will  expand  the  definition  of ‘public officers’ to include any individual tasked with administering or enforcing a law  of  Canada  or  a  province.  This  will  let  a  long  list  of  entities,  including  the Communications  Security  Establishment,  the  Canadian  Security  Intelligence Service and the Canada Revenue Agency, to use a range of Criminal Code powers as well as to rely on immunities granted for voluntary sharing;
  • Transmission Data Available on Reasonable Suspicion: Transmission data is metadata  which includes  at  minimum:  telephone  numbers  called  or  texted, duration  of  calls,  origin  and  destination  IP  addresses,  websites  visited,  type  of application  being  used,  type  of  Internet  communication  (VoIP,  Email,  mobile application)  and  unique  mobile  device  identifiers.  It  can  also  include  URLs  of webpages  visited,  search  queries  and  email  subject lines.  This information is as sensitive as the content of our emails, phone calls and text messages (if not more so), yet Bill C‐13 will let state agents access it upon a mere reasonable suspicion that  the  privacy  invasion  will  assist  an  investigation  of  an  offence  –  a  broad investigative power typically reserved for the least sensitive of information;
  • Tracking Data Available on Reasonable Suspicion: Tracking data refers to the detailed location information that is constantly generated by the mobile phones, cars and wearable computing devices that are becoming a ubiquitous feature of our society.  Technological  and  social  developments  have  made  it  possible  to obtain the rich and detailed location information generated by these devices from a  range  of  third  parties including  telecommunications  companies, mobile  device manufacturers, social networking sites and insurance companies. Bill C‐13 will let state  agents  access  this  information  upon  a  mere  reasonable  suspicion  that  the privacy invasion will assist an investigation of an offence – a broad investigative power typically reserved for the least sensitive of information.

Collectively, these and other problematic elements of Bill C‐13 will dramatically expand the state’s capacity to invade the privacy of Canadians.

Bill C‐13’s merger of two distinct issues (cyber‐bullying and new law enforcement powers) is impeding meaningful debate of these matters. On the one hand, this merger has impeded a

necessary  and  complete  debate  of the  problem  of  cyber‐bullying,  a  broad‐ranging  social problem that will likely not be solved by the addition of a single Criminal Code provision. On the other hand, the focus on cyber‐bullying has impeded meaningful discussion of the lawful access components of Bill C‐13.  The new investigative powers proposed in Bill C‐13 are powers of general  application  and  will  only  rarely  be  employed in  the  context of cyber‐bullying. However, given the understandably important and immediate concerns raised by the problems of cyber‐bullying, the discussion of lawful access powers before this committee has been focused predominantly around that one use‐case, leading to an incomplete view of how these new powers will impact disproportionately on the privacy of Canadians.

In fact, fixing the problematic investigative powers will not impede investigations of cyber‐bullying matters.  Cyber‐bullying matters typically follow particular patterns.  They will involve an individual who is being harassed by means of digital networks. The harassing comments, improper images or threatening/defamatory content that forms the basis of a cyber‐bullying offence will typically be sent or published anonymously.  As the cyber‐bullying crime at issue in digital environments relates primarily to the posting or sending of such content, police will have the reasonable belief necessary to obtain any production order or warrant they wish.  They  will  have  facial  evidence  of  the  offence  –  be  it  child pornography, extortion,  threatening,  harassment  or  the proposed  section 162.1  offence  – which  is  all  that  is  required  to  meet  the  higher  standards  for transmission  and  tracking data that we and others have called for.

Moreover, telecommunications companies in Canada regularly share immense amounts of customer  data  with  law  enforcement  voluntarily  and  outside  of  any  legal  authorization.

This  system  of  information  sharing  has  developed  under  the  current  Criminal  Code immunities  for  voluntary  sharing.  In light of this existing robust system of information‐

sharing,  there  is  little  justification  or  need  for  removing  the  current  obligation  for companies to act reasonably and in good faith when responding to extra‐legal government requests.  Replacing  these  with  categorical  immunity  from  any  civil  or  criminal  liability removes  any  incentives  companies  might  have  to  approach  the  decision  to  give  away sensitive customer  information  with  a  degree  of  caution.  No other exceptional power is needed to investigate typical cyber bullying offences.

The  significant  and  novel  nature  of  the  issues  contained  in  Bill  C‐13  –  issues  that  have never  before  been  examined  in  legislative  committee  –  has  also led  to  key  stakeholders being  excluded  from  the  discussion.  With  respect  to  lawful  access,  a  number  of  civil liberties and  digital  rights groups  have  developed  significant expertise  over  the  years  on the subject matter of this Bill, and can point to a long history of engagement on this specific legislative  package.  In addition, Canada’s federal and provincial Privacy Commissioners have significant expertise on this subject matter. However, the attempt to address cyber‐bullying and lawful access matters in one set of committee hearings has led to the exclusion of many of these groups in order to accommodate a long list of experts and affected parties on both issues. Notably, not one civil liberties or privacy group has been invited to testify, and not one Privacy Commissioner will have the opportunity to do so. Moreover, we note that  while  some  sessions  of  this  committee  study  have  focused  exclusively  on  cyber‐bullying,  the lawful access elements of  the legislation have not received  the same level of dedicated  consideration,  contributing  to  the  predominant  examination  of  Bill  C‐13’s investigative powers through the narrow context of cyber‐bullying investigations.

We therefore call on the government, through its majority control of the Standing House of Commons Committee which is currently reviewing this legislation, to bifurcate Bill C‐13 so that meaningful discussion of its distinct cyber‐bullying and lawful access components can be discussed in isolation.

Growing List of Privacy Problems Left UnAddressed

The problems arising from Bill C‐13 and the failure of a meaningful discussion of its privacy shortcomings in Committee are indicative of a broader disregard that is becoming evident in this government’s approach to privacy.  The lawful access components of Bill C‐13 are designed to update police powers for the 21st century. However, law enforcement powers have been updated many times to meet the technical challenges of the digital age. Indeed, many of the powers that are supplemented and amended by Bill C‐13, including the general production  power  and  the  general  immunity  for  voluntary  third  party  cooperation  with police  investigations  (current  sections  487.012  and  487.014  of  the  Criminal  Code, respectively), were introduced as recently as 2004.

This  constant  and  sustained  effort  to  update  police  powers  in  order  to  meet  technical challenges has been matched with a  failure  to similarly update privacy protections by its refusal to address long‐standing privacy problems. These include:

  • Failure to address or acknowledge serious and well documented problems arising from shortcomings in the  oversight, accountability and authorization  regime  for Canada’s foreign intelligence agency, the Communications Security Establishment of Canada;
  • Failure to address or critically examine state surveillance in Canada.  While the wiretapping provisions of the Criminal Code include comprehensive statistical reporting and individual notice obligations, there is no comparable transparency requirement regarding any other state surveillance practices.  Exacerbating this transparency problem is the significant degree of state access to data that relies on voluntary cooperation of private companies and, hence, occurs outside of any legal authorization regime.  While these companies are permitted by law to facilitate state investigations, they are prevented by law from informing the public of the scope of such disclosures through existing legal instruments;
  • Failure  to  conduct  a  mandatory  statutory  review  of  PIPEDA,  Canada’s  federal privacy  protective  framework.  This review was statutorily mandated to have occurred in 2011. The inclusion of minor additional reforms in Bill S‐4 does not address the range of long‐standing privacy problems that must be addressed in order to keep PIPEDA relevant;
  • The  government  has  refused  to  update  two  additional  statutes  essential  to effective  privacy  protection  and  transparency  in  surveillance: the  Privacy  Act, which has not been meaningfully reformed since it was first enacted over 30 years ago, and the Access to Information Act, which was enacted in 1982, has not been updated for the digital age and lacks key obligations such as a duty to document.

This ongoing neglect is troubling. We call on the government to establish a panel or royal commission to examine state surveillance and privacy protection in the digital age.

Canada’s Next Privacy Commissioner

With great respect and without any intended slight on his abilities, we feel obligated to object to the Government’s recently announced appointee for Privacy Commissioner of Canada, Mr. Daniel Therrien. As long‐standing Assistant Deputy Attorney General  for  Public Safety, Mr. Therrien  lacks  the  perspective  and  experience  necessary  to  immediately  tackle  Canada’s many privacy  problems.  Privacy protection – and particularly  commercial  privacy  as protected by the Personal Information Protection and Electronic Documents Act (PIPEDA) – is a  highly  specialized  field,  with  greatly  nuanced  legal  and  policy  challenges.  The Assistant Deputy Attorney General for Public Safety is accustomed to approaching privacy issues from a  wholly  opposite  perspective  that  does  not  engage  these  specific  nuances.  Moreover, Mr. Therrien’s direct responsibility for and oversight of many of the programs that he will now be  called  upon  to  advocate  against  will  exacerbate  the  already  steep  learning  curve  with which  he is  faced. We  are  further  concerned  that, in light  of  his  role  as legal  adviser  on  a number of these programs, Mr. Therrien may face conflicts of interest that could effectively disqualify  him  from  challenging these  programs  as  Privacy  Commissioner.  The lack of a strong privacy watchdog, particularly at this juncture when critical issues are being decided that will impact the privacy of Canadians for decades to come, is indefensible.

We  therefore  respectfully  urge  the  government  to  reconsider  its  nomination  of  Mr. Therrien as Privacy Commissioner of Canada.

Conclusion

In  conclusion,  we  hope  that  this  letter  will  remind  the  government  of  its  obligation  to safeguard the privacy of Canadians. We would be pleased to engage with the government on any of these or related issues.

SIGNATORIES

AMINA Corp.
Lisa Austin, Faculty of Law, University of Toronto
Colin Bennett, Department of Political Science, University of Victoria
British Columbia Civil Liberties Association (BCCLA)
British Columbia Freedom of Information & Privacy Association (BCFIPA)
Canadian Civil Liberties Association (CCLA)
Canadian Access and Privacy Association (CAPA)
Canadian Institute of Access and Privacy Professionals (CIAPP)
Andrew Clement, Faculty of Information, University of Toronto
Kris Constable,
The Open Government Project
Democracy Watch
Connie Fournier, FreeDominion
Peter Hope‐Tindall
Ian Kerr, Canada Research Chair in Ethics, Law & Technology, University of Ottawa
International Civil Liberties Monitoring Group (ICMLG)
Eric Lawton, MAPP, Director, Privacy and Access Council of Canada
David Lyon, Queen’s Research Chair in Surveillance Studies
Kevin McArthur
Dr. Kate Milberry
Claire Milne, Executive Director, David Asper Centre for Constitutional Rights
Benjamin J. Mueller, Associate Professor, Department of Political Science, King’s University
College, Centre for American Studies, Western University
Dr. Adam Molnar, Post‐Doctoral Fellow, Surveillance Studies Centre, Queen’s University
David Murakami‐Wood, Canada Research Chair in Surveillance Studies, Queen’s University
National Council of Canadian Muslims (NCCM)
OpenMedia.ca
Dr. Christopher Parsons, Postdoctoral Fellow, Citizen Lab, Munk School of Global Affairs
Sharon Polsky, MAPP, President, Privacy & Access Council of Canada
Privacy & Access Council of Canada – Conseil du Canada de Accѐs et la vie privée
Public Interest Advocacy Centre (PIAC)
Rocky Mountain Civil Liberties Association (RMCLA)
Samuelson‐Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC)
Leslie Regan Shade, Faculty of Information, University of Toronto
John Wunderlich, Open Notice Project

Obert Madondo is an Ottawa-based progressive blogger, and the founder and editor of The Canadian Progressive. Follow him on Twitter.com/Obiemad

The following two tabs change content below.

Obert Madondo

Publisher and editor
Obert Madondo is an Ottawa-based independent journalist and progressive political blogger. He's the publisher and editor of The Canadian Progressive.