Position Statement on the Anti-terrorism Act

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Submission of the Office of the Privacy Commissioner of Canada to the Senate Special Committee on the Anti-terrorism Act

May 9, 2005

Jennifer Stoddart
Privacy Commissioner of Canada


I. Introduction

Anti-terrorism and the right of privacy

The right of privacy has been recognized by the Supreme Court of Canada as fundamental to personal autonomy and freedom, "at the heart of liberty in a modern state."1 Informational privacy — that is, the right of individuals to control the collection, use, and disclosure of personal information about themselves — is the basis of the right of privacy in its larger sense.

It is paradoxical that privacy rights, despite their recognized centrality to democratic freedoms, are often jettisoned in the interests of anti-terrorism and national security initiatives, which are supposed to protect our democratic freedoms. It is for this reason that Privacy Commissioners, who oversee the application of informational privacy rights, look with a careful and critical eye at initiatives like the Anti-terrorism Act2.

In this brief, I will situate the Anti-terrorism Act within the larger national security environment, discuss the Act's negative impact on informational privacy, and make recommendations for ways to address the impact.

The key question in any evaluation of this kind is proportionality. No one denies the reality of the threat that the Act was intended to address. We must ask, however, whether what it gains us in security justifies the sacrifice of privacy and other rights.

The task is made more difficult by the apparent lack of empirical assessment by the Government of the effectiveness of the extraordinary powers that the Anti-terrorism Act gives law enforcement and national security agencies. We simply do not have the information on how effective these measures have been for detecting, stopping, or deterring terrorist acts. It is incumbent on the Government to conduct such assessments, yet it would appear that no comprehensive evaluation has been undertaken of the contribution of the Anti-terrorism Act to the Government's national security objectives.

While I have a number of specific proposals for amending the Act, the Committee may wish to consider the possibility that, in the absence of serious evidence in support of its continued existence, perhaps the Act ought to be repealed, rather than simply amended. The absence of information given to citizens or to their representatives about why such extraordinary measures should persist is a problem to which I will return later.

The national security environment

I recommend that this Committee, in its review of the Anti-terrorism Act, take an expansive view of its mandate. The Act, and its implications for informational privacy rights, should be situated in the broader Canadian public policy context for public safety and national security. The Anti-terrorism Act , in fact, might be considered as heralding a new national security environment, characterized by growing state surveillance powers, fundamental changes to the machinery of government, and a public increasingly aware of, and concerned about, informational privacy rights.

Growing state surveillance powers

Since 9/11, the Canadian government has introduced a series of measures to strengthen its surveillance powers over the citizens and residents of Canada . It also has massively invested in the development of integrated information systems that collect, process and share citizens' and residents' personal information, in a wide range of aspects of their economic and civic life: as travelers, investors, consumers, and recipients of social programs, to name a few.

These information systems cross organizational and jurisdictional boundaries, and redefine the parameters of time and space. Records can now be kept indefinitely, accessed through delocalized nodes, and combined and aggregated to scrutinize virtually all aspects of private life. Systems to cross-tabulate and data-mine personal information are used to categorize, sort and classify people, and to infer, deduce, and make predictive judgments on individual attitudes and behaviors. Many of the systems, through the use of biometrics, delve deeply into the personal realm of identity.

For the most part, these systems are also being built and implemented far below the radar screen of public opinion. Public debate over the state's investments in surveillance powers and capabilities has been largely truncated from discussion of national security policy options, and from evaluation of the risks they pose to our human rights framework.

Perhaps most importantly, from a Privacy Commissioner's perspective, the emerging national security environment is marked by an intensification of information sharing between organizations and jurisdictions, and by a trans-national "continental integration" approach to information gathering and intelligence sharing. Much of this information is highly sensitive and personal. If it is abused, misused, distorted or misinterpreted, it could have serious adverse consequences for individuals, families, and communities. The problem is aggravated when the information is more or less completely removed from the reach, and the control, of the individuals to whom it relates.

Significant machinery of government changes

Another aspect of the new national security environment has been significant changes to the machinery of government, facilitating information sharing and, arguably, diminishing the ability of individuals to control their own information.

An example is the creation of the Public Safety and Emergency Preparedness (PSEP) department3. Under its enabling legislation, PSEP was given broad coordination and policy direction setting powers. It also was granted considerable information sharing authority, unchecked by parallel personal information protection provisions. When the Bill was under review by Parliament, I recommended that it include provisions for privacy accountability. Unfortunately, these proposals were not accepted by the government and did not find their way into the legislation.

Changes like these to the machinery of government, combined with stronger legislative authority for information sharing, are paving the way to an elaborate and seamless information sharing environment which will accelerate the flow and aggregation of personal information for the purposes of national security. The review of the Anti-terrorism Act cannot be divorced from a careful examination of the systems that are currently being built to support the operations of information and intelligence gathering and sharing. My Office is constantly addressing these through the Privacy Impact Assessment process.

A maturing public opinion

A public opinion poll, commissioned by the Office of the Privacy Commissioner and carried out by EKOS in March, 2005, reveals that Canadians' sense of erosion of their privacy and the protection of their personal information is very acute. There is also a sharper focus on informational privacy (i.e., the protection of personal information) than on other aspects of privacy, such as physical and personal intrusions.

In the survey, seven out of ten survey respondents indicate that they believe they have less protection of their personal information now than ten years ago. They express high levels of concern over the transfer of personal information across Canadian borders. While the level of concern for the protection of personal information relating to national security is lower than for other types of information, there is a broad consensus that strong laws are crucial to protect Canadians' personal information. Nine out of ten survey respondents see a need for on-going review of legislation to keep pace with changes in technology.

In an earlier survey in 2004, EKOS observed a "broad sense of privacy erosion and evidence that citizens are more wary of granting security agencies increased powers in the interest of security than they have been in the past."4 The survey also indicates a steady decline of support for increasing police powers at the expense of privacy.

These trends suggest that Canadians are increasingly aware of informational privacy issues and expect a reasonable and balanced approach to a national strategy to combat terrorism. The trends also suggest that the public demand for greater accountability, transparency, and control over agencies involved in national security is increasing. I conclude from these surveys that there will be strong support for democratic oversight over the practices — overt and covert — of these agencies. Canadians are viscerally attached to the values of democracy and freedom.

II. The Overall Effect of the Anti-terrorism Act

The Anti-terrorism Act has had significant effects on informational privacy rights — that is, on the right of individuals to control the collection, use, and disclosure of information about themselves, and on their right to have access to, and request correction of, information about themselves. The impacts of the Act can be grouped into three broad themes.

First, the surveillance powers of security and intelligence and law enforcement agencies have been overly broadened.

Second, constraints on the use of those surveillance powers have been unduly weakened.

Third, government accountability and transparency have been significantly reduced.

I will address each of these themes in general terms, and then turn to specific recommendations.

Broadened Surveillance Powers

As noted above, the new security environment is marked by increased collection of information about individuals, enabled by technology and legislative amendment and increased flow of personal information among organizations. This has the potential to create a broader net for surveillance of organizations and individuals, of all walks of life.

The Anti-terrorism Act set the tone for this. For example, through a series of amendments to the Criminal Code 5, it made it easier for law enforcement and national security agencies to obtain electronic surveillance warrants, imposed requirements on individuals to report to the Royal Canadian Mounted Police (RCMP) and Canadian Security Intelligence Service (CSIS) about property within their control, and made provisions for the Attorney General to obtain income tax information in investigations of terrorism.

The Act also amended the National Defence Act6 to allow the Communications Security Establishment (CSE) to gather foreign intelligence under ministerial authorization 7, and granted it the ability to intercept private communications for the purpose of protecting computer systems and networks of the Government of Canada8. Most significantly, the Act changed the CSE's interception mandate. The CSE's interceptions had until then been exclusively targeted at foreign communications; it was not permitted to intercept communications in Canada . The Anti-Terrorism Act's amendments to the National Defence Act gave the CSE, for the first time, the power to intercept Canadian communications, when such communications are one end of a network located overseas. Thus, for example, if an organization or individual targeted by CSE for surveillance in Afghanistan attempted to maintain communications with an individual in Canada , CSE would henceforth have the legal mandate to monitor both sides of the message traffic.

The Anti-Terrorism Act also amended the Proceeds of Crime (Money Laundering) Act9, renaming it the Proceeds of Crime (Money Laundering) and Terrorist Financing Act10. The amendments expand the range of financial transactions which must be scrutinized and reported by the private sector to the Financial Transactions and Reports Analysis Center (FINTRAC), and increase the flow of information from FINTRAC to other parts of government, including the RCMP and CSIS.

The Anti-terrorism Act also amended the DNA Identification Act11. DNA sampling and the banking of DNA profiles are inherently intrusive measures that should be used with caution. When Parliament originally passed the DNA Identification Act in 1998, an order for a DNA sample from an offender was restricted to conviction for serious offences where DNA evidence was likely to be relevant. These were primarily crimes where bodily substances would likely be left by a perpetrator at the crime scene. The Anti-terrorism Act expanded the scheme beyond these constraints, requiring DNA samples to be taken for offences such as participating in the activities of a terrorist group or instructing to carry out terrorist activity — serious offences, of course, but not likely to result in bodily substances being left at the crime scene.

A principle of restrained and appropriate anti-terrorism legislation is that it be focused on terrorism and not bleed over to general law enforcement purposes. The standards that govern collection of information are different for anti-terrorism than for general law enforcement. Or rather, they should be, and traditionally have been. Several post-September 11 legislative amendments have inappropriately blurred these distinctions.

For example, under the Public Safety Act12, passed in May, 2004, airlines can be compelled, without warrant, to disclose information about passengers to police for anti-terrorism purposes. It may well be that few people would question such a goal, given the risks that terrorists pose to air transport. But the use of this information is not confined to the purposes of anti-terrorism and transportation safety. The Public Safety Act also allows the information to be used to identify passengers for whom there are outstanding arrest warrants for a wide range of ordinary criminal offences. In other words, the machinery of anti-terrorism is used to nourish the needs of ordinary law enforcement, lowering the standard ordinarily demanded of law enforcement authorities.

There is a real risk that, as the logic of anti-terrorism permeates all spheres of law enforcement and public safety, large-scale systems of surveillance will increasingly erode privacy rights in Canada , without critical assessment of where it is appropriate to draw the line.

Reduced Constraints on Surveillance

At the same time that the surveillance powers of the state have been strengthened, constraints on those powers have been weakened. For example, law enforcement and national security agencies are no longer required, in anti-terrorism investigations, to consider other investigative methods prior to applying for judicial authorization for electronic surveillance; government executives, rather than judges, have the ability to issue security certificates and authorize interception of communications; and the judicial standard of "reasonable grounds to believe" has been lowered to one of "reasonable grounds to suspect."

The most important constraint on surveillance powers may be independent oversight. As in any domain where personal information is collected and processed, the Government in its national security initiatives must establish a high degree of public trust and confidence that it is doing everything it can to prevent misuse and abuse of personal information. This trust is engendered, in part, by strong and independent oversight of government activity.

Regrettably, a number of the legislative amendments enacted under the Anti-terrorism Act have had the effect of weakening independent and judicial oversight of the surveillance activities of law enforcement and security and intelligence organizations. I strongly question this.

The Chair of the Commission for Public Complaints Against the RCMP addressed Senate Committee members on April 18, 2005 , to express her concerns about the need for a mechanism to review RCMP national security activities. Similarly, there is no independent review mechanism for the Canada Border Services Agency. The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) are overseen by the Security Intelligence Review Committee (SIRC) and the Commissioner of the Communications Security Establishment respectively, but both operate on a limited budget. It should be noted that there is no Parliamentary committee with a mandate to review these agencies.

Parliament and Canadians need to question the measures in the Anti-terrorism Act that reduce the role of the judiciary and other independent agents in oversight of the surveillance powers of the state. Independent review should be the rule, not the exception.

Decreased Government Transparency

The right of individuals to know what information the Government has about them, and the right to insist that the information be appropriate and accurate, is a basic element of the right of privacy. It is the effective means by which individuals control their personal information, and it is of course critical when an individual faces accusations of wrongdoing.

Amendments brought about by the Anti-terrorism Act have added to the secrecy surrounding legal proceedings, contrary to the fundamental principles that court hearings should be conducted openly and that individuals should be entitled to know the charges against them and the evidence relevant to the charges. Among the most significant changes affecting transparency and access of individuals to their own personal information are the amendments to section 38 of the Canada Evidence Act13, the section that addresses the judicial balancing of interests between the public interest in disclosure and the interest of the state in national security and maintaining foreign confidences.

Mandatory in camera proceedings

Section 38.01 of the Canada Evidence Act imposes obligations on parties to notify the Attorney General of Canada if they anticipate the disclosure of sensitive or potentially injurious information in the course of legal proceedings. The Attorney General then has the opportunity to contest the disclosure in Federal Court.

Section 38.02 provides a broad statutory gag order that prohibits not only the disclosure of the information but also the mere fact that notice has been given to the Attorney General, an agreement made with the Attorney General, or an application made to the Federal Court with respect to disclosure of the information.

These last three mandatory restrictions on disclosure under paragraphs 38.02(1)(b), (c), and (d) are, in my view, overbroad. The same can be said for section 38.11, a provision pre-dating the Anti-terrorism Act, which mandates that hearings and appeals shall be heard in private. These provisions are contrary to the principles established by the Supreme Court of Canada in an important recent case under the Privacy Act14, Ruby v. Canada15, where it was held that mandatory (as opposed to discretionary) in camera provisions cannot be justified as a proportionate restriction on rights to open court guaranteed under the Canadian Charter of Rights and Freedoms. These provisions also failed on the question of minimal impairment. This case was decided in 2002, subsequent to the passage of the Anti-terrorism Act, and so should be seen as indicative of how the Supreme Court approaches these issues, even after the events of September 11.

The section 38 restrictions have been the subject of adverse judicial comment by Chief Justice Lutfy of the Federal Court Trial Division in Ottawa Citizen Group v. Canada16. The Ottawa Citizen case is most significant for an interesting postscript added by Chief Justice Lutfy under the heading "Post scriptum: too much secrecy???", where he stated:

For some twenty years now, Federal Court hearings under section 38 have been in private... The amendments enacted in the anti-terrorism legislation have added to the secrecy shrouding a section 38 proceeding. This application raises some examples of the difficulties presented by the secrecy requirements. Under the current law, no one is to disclose that a notice of application under section 38 has been filed with the Federal Court: paragraph 38.02(1)(c). Put simply, not even the Court can acknowledge publicly that it is seized of a section 38 proceeding. This can lead to unintended, even absurd, consequences... .The Federal Court is required by section 38 to keep secret a fact which has been referred to publicly in the court or tribunal from which the proceeding emanates. It is unlikely that Parliament could have intended that the drafting of section 38 would result in such a consequence.

Justice Lutfy also noted that s.38.11 required hearings and appeals to be heard in private; he commented as follows:

... the need for privacy during all sessions of a proceeding involving secret information has been successfully challenged in the context of the Privacy Act, R.S.C.1985, c. P-21: Ruby v. Canada (Solicitor General), [2002] 4 S.C.R. 3 at paragraphs 52-60 . . . The Supreme Court of Canada, in its recent consideration of another provision of the Anti-terrorism Act , has reiterated the importance of the public's access to court proceedings. The open court principle is a cornerstone of our democracy and '... is not lightly to be interfered with': Vancouver Sun (Re), 2004 SCC 43 at paragraphs 23-27. Section 38 is the antithesis to this fundamental principle. These post scriptum comments concerning the Court's experience in this and other section 38 proceedings may be relevant to those involved in the review of the anti-terrorism legislation. They may wish to consider whether certain provisions in section 38 unnecessarily fetter the open court principle.17

These comments suggest that at least one expert observer who is experienced with s.38 and the need for secrecy believes that parts of s.38 go too far in requiring secrecy about judicial proceedings. The mandatory closed court provisions in ss.38.02 and 38.11 go against the Supreme Court's approach which favours a discretionary and proportionate approach to the balance between open courts and national security.18

Executive override

The Anti-terrorism Act further amended the s.38 procedures by permitting the Attorney General to override a Federal Court order that the information should be disclosed. This extraordinary power is unnecessary in view of the judicial rigour that already exists in the process under s.38.06, and should be repealed.

Section 38.06 appropriately allows the judge to determine the balance of the competing interests in disclosure and national security. This provision is already very sensitive to state interests in national security and defence, as evidenced from recent jurisprudence from the Federal Court of Appeal.19

At present, however, where the above s.38.06 process results in an order to disclose all or some information, the Attorney General can override or trump that process by issuing a certificate under section 38.13. This certificate prohibits the disclosure of information in connection with a proceeding for the purpose of protecting information obtained in confidence from, or in relation to, a foreign entity or for the purpose of protecting national defence or national security. A section 38.13 certificate issued by the Attorney General expires 15 years after it is issued but may be re-issued.20

In my view, there is a real question of whether the certificate process contemplated under s.38.13 is necessary, given the judicial balancing test of s.38.06. Section 38.13 allows the executive to trump judicial and other adjudicative orders for disclosure. It is no answer on the part of the Attorney General to say that the section 38.13 certificate power has never been used. Just as we object to an actual infringement of individual rights, we object to the potential to do so. The onus is on the government to justify the utility of retaining this power. Should it be retained, it would be appropriate for this extraordinary executive intervention in judicial processes for disclosure of information to be subject to the same sunset and reporting provisions as apply to the use of investigative hearings and preventive arrests — that is, a five year renewable sunset and annual reports on the use of this power .

In the event that s.38.13 is retained, the Committee should consider recommending that the legislation allow appeals from the judicial review of an Attorney General's certificate provided for under s. 38.131, or allow the review to be conducted by three as opposed to one judge of the Federal Court of Appeal. This would encourage greater checks and balances and the possibility for the expression of dissent. It would also ensure greater fairness, in that section 38.131 does not provide for any balancing of the competing interests of disclosure and national security as allowed under s.38.06.21

In conclusion, in its review of the Anti-terrorism Act, the Committee should require the Government of Canada to demonstrate the necessity of those measures which limit access of individuals to information that may incriminate them and which, de facto , challenge procedural fairness and the open court principle.

III. Impact of Cumulative Encroachments

The Anti-terrorism Act should not be viewed in isolation. It was just one of several measures introduced in the wake of the September 11 attacks. Although I appreciate that the Committee's formal mandate is limited to reviewing the Anti-terrorism Act , I urge the Committee to step back and examine the cumulative impact of these measures on the privacy rights of Canadians.

Bill C-44, An Act to amend the Aeronautics Act22, was passed in late 2001. It authorized Canadian air carriers to disclose personal information about airline passengers to the customs and immigration authorities of a foreign state. This Bill was passed in response to U.S. legislation, the Aviation and Transportation Security Act23, which required international air carriers landing in the United States to provide U.S. customs officials with certain information about the passengers and crew members on board the aircraft. While my predecessor was able to persuade the government to impose privacy-protective limitations on the system, the fact of the increased surveillance remains.

The Public Safety Act of last year is arguably companion legislation to the Anti-terrorism Act, and I believe it equally deserving of careful post-enactment review. Among other things it allows the Minister of Transport, the RCMP and CSIS to require air carriers and operators of aviation reservation systems to provide them with information about airline passengers. As I noted above, the use of this information is not confined to the purposes of anti-terrorism. As well, the Act amended the Personal Information Protection and Electronic Documents Act24 to allow organizations to collect personal information, without consent, for the purposes of disclosing this information to government, law enforcement and national security agencies. When I appeared before the Senate Standing Committee on Transport and Communications to discuss the Act, I objected to the legislation on the grounds that it was far too broad and that "it co-opts private sector organizations by pressing them into service in support of law enforcement activities." I stand by that assessment of the Act.

Again, I urge the Committee to look past the individual legislative measures and take note of the cumulative impact. The cumulative impact is that a much greater portion of the population is subject to surveillance. The state is now collecting much more information — including travel patterns, financial transactions, and day-to-day activities — about far more people. And the information is being shared more widely, both within Canada and with other countries, most notably the United States .

As law enforcement and national security organizations collect more information, from more sources, about more individuals, and share this information with more bodies, the likelihood increases for personal profiling. With that, the likelihood increases of administrative decisions being based on information of questionable accuracy or out of context. Mistakes have occurred and will continue to occur. And because of the lack of transparency, we may never know why these individuals were wrongly targeted or where the system broke down.

IV. Recommendations

A Privacy Commissioner ventures into the subject of anti-terrorism with some trepidation. My area of expertise is informational privacy, not national security. But I have observed the impact on privacy of increased surveillance, diminished constraints on surveillance, and a lack of transparency and openness. I urge this Committee to take these matters seriously, and to look closely at the proportionality of the measures that the Government has adopted in the interests of anti-terrorism.

Assessment of Effectiveness and Proportionality

As I noted above, it is difficult to assess proportionality without empirical evidence of whether the Act is effective in combating terrorism. In this respect, my first recommendation is that the Government of Canada should carefully examine the continued need for the Act.

Recommendation 1

The Government of Canada should conduct an empirical assessment of the effectiveness of the extraordinary powers granted to law enforcement and national security agencies under the Anti-terrorism Act , and the proportionality of the loss of established rights. The examination should include an exploration of alternative models for achieving national security objectives without unnecessarily encroaching on informational privacy.

I have a number of specific recommendations to make in the area of informational privacy, regarding limitations on surveillance and preservation of the right of individuals to know what information the state has about them.

Contained Surveillance and Increased Oversight

I have indicated to this Committee my concern about how the Anti-terrorism Act has diminished judicial oversight of surveillance and accorded greater powers to law enforcement and security agencies. In particular, amendments to the Criminal Code have made it easier for law enforcement and national security agencies to obtain electronic surveillance warrants, and amendments to the National Defence Act allow the Communications Security Establishment to intercept private communications under ministerial authorization.

I have several recommendations for improving the controls on electronic surveillance under the Criminal Code of Canada and the National Defence Act:

Recommendation 2

The ordinary requirement that a judge be convinced that other methods of investigation have been tried or would fail should be applied to electronic surveillance for terrorism offences under the Criminal Code.

The Committee may wish to note that this is consistent with the requirements for warrants under the Canadian Security Intelligence Service Act25.

Recommendation 3

The Criminal Code's ordinary time limits for such warrants — 60 days authorization and up to one year for notification — should be required, and the exceptions in the Anti-terrorism Act for warrants up to a year and up to three years without authorization should be repealed26.

Recommendation 4

The Anti-terrorism Act's amendments to the National Defence Act to allow the Communications Security Establishment to intercept private conversations that may involve people in Canada should be amended to require prior judicial authorization.

One possibility is that a warrant similar to those under the CSIS Act be required in such circumstances. Such a warrant process would still make generous allowance for the state's interests in national security, while responding to concerns about the lack of any judicial oversight of the CSE's activities.

Recommendation 5

Section 273.65(2)(d) of the National Defence Act, which purports to protect the privacy of Canadians in the face of CSE surveillance of communications, should be amended. The requirement for "satisfactory measures... to protect the privacy of Canadians and to ensure that private communications will only be used or retained if they are essential to international affairs, defence or security" should be amended, either to require " all reasonable measures to protect privacy" or to specify in greater detail what constitutes "satisfactory" measures.

Recommendation 6

Section 273.65(4)(d) of the National Defence Act, which permits CSE to collect information essential to protecting the government's computer systems, places limitations on what can be "used" and "retained". This should be amended to place limitations on what information CSE can obtain.

The harm to privacy is done when information is surreptitiously obtained by the government, not only when it is retained and used. The CSE's mandate to help the government protect its computer systems should not become an entry into domestic surveillance by an organization that is not subject to judicial controls.

Recommendation 7

Section 273.65(8) of the National Defence Act should be amended so that the CSE Commissioner is required to ensure not only that intercepts of private conversations have in fact been authorized by Ministerial direction, but that the direction itself is authorized by the law and consistent with the Canadian Charter of Rights and Freedoms and the Privacy Act.

In addition to these specific amendments that would help to contain surveillance and ensure oversight of specific surveillance actions, a more general review of the way in which national security activities are controlled and overseen should be undertaken:

Recommendation 8

Parliament should undertake a systematic review of the overall mechanism for oversight of national security activities, taking into account the existing bodies and identifying areas where these bodies overlap, but more importantly, identifying areas where there are gaps in coverage.

Ideally, the Office of the Privacy Commissioner and other existing oversight bodies should be properly resourced to undertake regular audits of national security activities. My Office is prepared to assist the Security Intelligence Review Committee and the CSE Commissioner in the fulfillment of their duties, and we would of course welcome their assistance in the fulfillment of ours. Contrary to a number of suggestions recently, I do not recommend, at this time, the creation of a new oversight mechanism. The Office of the Attorney General should avail itself of the capabilities of these existing offices.

Transparency and Openness

Section 38 proceedings

The greatest diminution of the basic informational privacy rights associated with government transparency and openness have been in connection with the section 38 procedures under the Canada Evidence Act. I believe that a better balance can be found between disclosure interests and national security interests, and I make the following recommendations:

Recommendation 9

The mandatory in camera proceedings and the mandatory ban on even revealing that a s.38 proceeding is taking place found in ss.38.02 and 38.11 should be repealed, following the principles in Ruby v. Canada and the comments by Chief Justice Lutfy in the Ottawa Citizen Groupcase. A more proportionate alternative is to allow the judge to hold proceedings in camera when necessary to protect national security.

Recommendation 10

Section 38.13 should be repealed on the basis that it is superfluous to empower the executive to trump an adjudicative order for disclosure. Section 38.06 already allows courts to balance the conflicting interests in disclosure and national security and impose conditions on the release of information in a manner that reconciles these two important concerns; it has been interpreted by the courts in a way that makes generous allowance for the state's interests in national security, national defence and international relations.

Recommendation 11

Should s.38.13 certificates be retained, they should be subject to the same reporting and sunset requirements as the use of investigative hearings and preventive arrests (that is, a five year renewable sunset and annual reports on the use of this power) , because they constitute extraordinary interventions by the executive into the adjudicative process. A section 38.13 certificate should also not last for 15 years but for 5 years, perhaps subject to renewal.

Recommendation 12

A judicial balancing of competing disclosure and security interests as available under s.38.06 should also be available under s.38.131, which provides for review by one judge of the Federal Court of Appeal of a s.38.13 certificate issued by the Attorney General. Thought should also be given to allowing appeals from the judicial review of the s.38.13 certificate, or of allowing the review to be conducted by three as opposed to one judge of the Federal Court of Appeal, so as to encourage greater checks and balances and the possibility for the expression of dissent.

Special Advocate

I recognize that there are times when security imperatives simply do not permit information to be disclosed. Provisions of the Anti-terrorism Act and the Immigration and Refugee Protection Act27 allow ex parte submissions by the Government that information should not be disclosed to the affected party (i.e., evidence should remain secret) because of concerns about national security. The mere claim that there is such a security imperative, however, should not decide the matter. The difficulty may be in determining how these claims can be tested without compromising security and revealing information that genuinely should remain secret.

Recommendation 13

I recommend that the Committee give consideration to the creation of a security-cleared special advocate position to carry out this function. Such an advocate could play a useful role, both in challenging arguments by the government that information should not be disclosed to the affected party, and in challenging information that cannot be disclosed before the judge28.

This would ensure that a judge hears an advocate for the greatest possible disclosure possible before making a decision. The special advocate could also examine any evidence that the judge decides cannot be disclosed to the affected person and, where appropriate, challenge the government's reliance on such secret evidence.

The Office of the Privacy Commissioner is willing to offer its policy expertise and experience in applying privacy legislation to assist in the development of special advocates.

In addition to my specific recommendations above for amendment of the Anti-terrorism Act, I have a number of other recommendations to which I would like to see this Committee, and the Government, give consideration.

Recommendation 14 — Continuing Review

The Anti-terrorism Act, along with the Public Safety Act29, should be considered extraordinary legislation. As such, they should be subject to periodic Parliamentary review to assess their continued relevance, and to keep them in the public eye. We cannot allow these extraordinary measures to become the new "normal" state of affairs in Canada.

Recommendation 15 — A Privacy Management Framework

The Government should articulate the operating principles of a privacy management framework, including the development of internal privacy audit capacity, privacy leadership responsibilities incorporated in the performance agreement of senior executives, privacy protection performance indicators, and a strengthened role for Access to Information and Privacy coordinators.

The elements of a privacy management framework will be familiar to the Government. I recently (March 16, 2005) wrote to the President of the Treasury Board to suggest a number of measures to strengthen the Government's privacy management regime.  These range from a thorough review of outsourcing and off-shoring of personal information and the development of contractual clauses to mitigate privacy risks, to strengthening the reporting requirements to Parliament under the Privacy Act.  

These measures should be applied to the Departments and Agencies forming the Public Safety and Emergency Preparedness portfolio.  Given the extent of personal information collection and processing in the PSEP portfolio, Deputy Heads should be subjected to the highest standards of privacy protection and accountability.

I should point out that I am encouraged by the PSEP Deputy Minister's commitment to review and reinforce her portfolio's reporting requirements under s. 72 of the Privacy Act.  I am also encouraged by the recent annual privacy reporting guidelines issued by the Treasury Board of Canada, which require Deputy Heads to report comprehensively on a broader spectrum of privacy management responsibilities, including those under the Treasury Board Policies on Privacy Impact Assessment and Data Matching.

Consideration should also be given to the development of an internal privacy audit capacity which would complement the external audit role of the OPC .  Privacy leadership responsibilities should also be incorporated in the performance agreement of senior executives and be an integral part of the performance management cycle.  The Management and Accountability Framework should incorporate privacy protection effectiveness indicators, against which Deputy Ministers and Ministers could report in their annual Departmental Performance Reports.   There is also a need to strengthen the role and function of the ATIP coordinators to ensure that PSEP managers benefit from substantive policy content and technological expertise to design privacy architectures and systems that will offer a greater level of protection and accountability for personal information.   

Recommendation 16 — Reporting to Parliament

Departments and agencies with an anti-terrorism role under the Anti-terrorism Act should be required to report to Parliament on a periodic basis, perhaps at the same time as the legislative review, with a general description of their anti-terrorism programs, and accounting of how effective these measures have been for detecting, stopping or deterring terrorist acts.

Recommendation 17 — Parliamentary Oversight

The Government recently tabled a proposal to create a National Security Committee of Parliamentarians. The Office of the Privacy Commissioner supports this initiative and recommends that the Committee address as part of its mandate, the need to reconcile privacy protection with national security requirements.

Recommendation 18 — Privacy Act Reform

The Government of Canada should, in the context of the new national security environment, examine the adequacy of legislation that governs personal information collected, processed and shared by the Canadian government. This means a thoroughgoing reconsideration of the Privacy Act , of course, something that has been seriously overdue since before 9/11. The Government of Canada and Parliament should also assess the completeness and adequacy of the institutional framework (including the Office of the Privacy Commissioner) to safeguard privacy rights, and the powers and authorities of oversight bodies, including their capabilities and resources.

V. Conclusion

At first glance, the provisions of the Anti-terrorism Act may appear, at least where privacy issues are concerned, to be merely minor amendments to existing statutory protections. If they were the only legislative response to the increased threat of terrorism, this might be true. But they are not, and an examination of the cumulative impact of amendments across a broad range of legislation reveals that the changes involved are not merely changes in degree, but changes in kind.

More information about citizens and residents is collected. The collection of the information is facilitated by improvements in technology, by legislative amendments, and by changes to the machinery of government. Flows of personal information between and among organizations, and between and among Canadian jurisdictions and those outside Canada , are significantly increased.

There has been a fundamental shift in the balance between national security, law enforcement and informational privacy, with a concomitant loss of privacy and due process protections for individuals within that environment

Contrary to what is sometimes thought, security and human rights do not exist in a zero-sum relationship. Over-broad state powers and a "trade-off" approach to national security issues may in fact imperil the very self-identity of democratic nation states, and thus their true security. It is imperative that the means and measures adopted to combat security threats do not end up abrogating the freedoms that define and give substance to the democracy that we claim to be defending.

Security and the protection of informational privacy need not be seen as a trade-off, where one is sacrificed in the interest of the other. Both can be achieved with well-designed law, prudent policy, and effective checks and balances. My comments and recommendations are intended to contribute to the achievement of this goal.

VI. Summary of Recommendations

Recommendation 1

The Government of Canada should conduct an empirical assessment of the effectiveness of the extraordinary powers granted to law enforcement and national security agencies under the Anti-terrorism Act , and the proportionality of the loss of established rights. The examination should include an exploration of alternative models for achieving national security objectives without unnecessarily encroaching on informational privacy.

Recommendation 2

The ordinary requirement that a judge be convinced that other methods of investigation have been tried or would fail should be applied to electronic surveillance for terrorism offences under the Criminal Code .

Recommendation 3

The Criminal Code 's ordinary time limits for such warrants — 60 days authorization and up to one year for notification — should be required, and the exceptions in the Anti-terrorism Act for warrants up to a year and up to three years without authorization should be repealed.

Recommendation 4

The Anti-terrorism Act's amendments to the National Defence Act to allow the interception of private conversations that may involve people in Canada should be amended to require prior judicial authorization.

Recommendation 5

The requirement in section 273.65(2) (d) of the National Defence Act for "satisfactory measures... to protect the privacy of Canadians and to ensure that private communications will only be used or retained if they are essential to international affairs, defence or security" should be amended, either to require " all reasonable measures to protect privacy" or to specify in greater detail what constitutes "satisfactory" measures.

Recommendation 6

Section 273.65(4)(d) of the National Defence Act , which permits CSE to collect information essential to protecting the government's computer systems, should be amended to place limitations on what information CSE can obtain .

Recommendation 7

Section 273.65(8) of the National Defence Act should be amended so that the CSE Commissioner is required to ensure not only that intercepts of private conversations have in fact been authorized by Ministerial direction, but that the direction itself is authorized by the law and consistent with the Canadian Charter of Rights and Freedoms and the Privacy Act .

Recommendation 8

Parliament should undertake a systematic review of the overall mechanism for oversight of national security activities, taking into account the existing bodies and identifying areas where these bodies overlap, but more importantly, identifying areas where there are gaps in coverage.

Recommendation 9

The mandatory in camera proceedings and the mandatory ban on even revealing that a s.38 proceeding is taking place found in ss.38.02 and 38.11 should be repealed, following the principles in Ruby v. Canada and the comments by Chief Justice Lutfy in the Ottawa Citizen Group case. A more proportionate alternative is to allow the judge to hold proceedings in camera when necessary to protect national security.

Recommendation 10

Section 38.13 should be repealed on the basis that it is superfluous to empower the executive to trump an adjudicative order for disclosure. Section 38.06 already allows courts to balance the conflicting interests in disclosure and national security and impose conditions on the release of information in a manner that reconciles these two important concerns; it has been interpreted by the courts in a way that makes generous allowance for the state's interests in national security, national defence and international relations.

Recommendation 11

Should s.38.13 certificates be retained, they should be subject to the same reporting and sunset requirements as the use of investigative hearings and preventive arrests, because they constitute extraordinary interventions by the executive into the adjudicative process. A section 38.13 certificate should also not last for 15 years but for 5 years, perhaps subject to renewal.

Recommendation 12

A judicial balancing of competing disclosure and security interests as available under s.38.06 should also be available under s.38.131, which provides for review by one judge of the Federal Court of Appeal of a s.38.13 certificate issued by the Attorney General. Thought should also be given to allowing appeals from the judicial review of the s.38.13 certificate, or of allowing the review to be conducted by three as opposed to one judge of the Federal Court of Appeal, so as to encourage greater checks and balances and the possibility for the expression of dissent.

Recommendation 13

I recommend that the Committee give consideration to the creation of a security-cleared special advocate position, to test Government claims that information should not be disclosed because of concerns about national security. This would ensure that a judge hears an advocate for the greatest possible disclosure possible before making a decision. The special advocate could also examine any evidence that the judge decides cannot be disclosed to the affected person and, where appropriate, challenge the government's reliance on such secret evidence.

Recommendation 14

The Anti-terrorism Act, along with the Public Safety Act , should be considered extraordinary legislation. As such, they should be subject to periodic Parliamentary review to assess their continued relevance, and to keep them in the public eye.

Recommendation 15

The Government should articulate the operating principles of a privacy management framework , including the development of internal privacy audit capacity, privacy leadership responsibilities incorporated in the performance agreement of senior executives, privacy protection performance indicators, and a strengthened role for Access to Information and Privacy coordinators.

Recommendation 16

Departments and agencies with an anti-terrorism role under the Anti-terrorism Act should be required to report to Parliament on a periodic basis, perhaps at the same time as the legislative review, with a general description of their anti-terrorism programs, and accounting of how effective these measures have been for detecting, stopping or deterring terrorist acts.

Recommendation 17

The Government recently tabled a proposal to create a National Security Committee of Parliamentarians. The Office of the Privacy Commissioner supports this initiative and recommends that the Committee address as part of its mandate, the need to reconcile privacy protection with national security requirements.

Recommendation 18

The Government of Canada should, in the context of the new national security environment, examine the adequacy of legislation that governs personal information collected, processed and shared by the Canadian government. This means a thoroughgoing reconsideration of the Privacy Act, of course, something that has been seriously overdue since before 9/11. The Government of Canada and Parliament should also assess the completeness and adequacy of the institutional framework (including the Office of the Privacy Commissioner) to safeguard privacy rights, and the powers and authorities of oversight bodies, including their capabilities and resources.

VII. Endnotes


1 R. v. Dyment, (1988) 2 S.C.R. 417

2 Anti-terrorism Act , S.C. 2001, c.41

3 The Public Safety and Emergency Preparedness portfolio includes the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, Correctional Services of Canada, the National Parole Board, the Canadian Firearms Center and the Canadian Border Services Agency.

4 The Security Monitor, wave 5, October 2004, page 4.

5 Criminal Code, R.S.C. 1985, c. C-46

6 National Defence Act R.S.C. 1985, c. N-5

7 National Defence Act s.s. 273.65(1) The Communications Security Establishment, reporting to the Minister of National Defence, provides the federal government with foreign "signals intelligence," gathering and analyzing information about foreign countries by intercepting and studying their radio, radar and other electronic communications. Until the passage of the Anti-terrorism Act , the CSE's mandate was not set out in enabling legislation; its mandate was stated rather than legislated. The Office of the Privacy Commissioner, in its 1995-1996 Annual Report, called on the government to introduce legislation establishing explicitly a legal framework for CSE's operating programs and activities, to allow its personal information management practices to be measured objectively.

8 National Defence Act s.s. 273.65(1)

9 Proceeds of Crime (Money Laundering) Act, Repealed, S.C. 2000, c. 17, s. 98

10 Proceeds of Crime (Money Laundering) and Terrorist Financing Act, S.C. 2000, c. 17

11 DNA Identification Act, S.C. 1998, c. 37

12 Public Safety Act, 2002, S.C. 2004, c. 15

13 Canada Evidence Act, R.S.C. 1985, c. C-5

14 Privacy Act, R.S.C. 1985, c. P-21

15 Ruby v Canada (Solicitor General) , [2002] 4. S.C.R. 3. This case involved a Charter challenge to mandatory requirements under section 51 of the Privacy Act that the Federal Court hear applications on an in camera basis where an individual has been denied access to information on the basis of foreign confidences or national security. The Supreme Court held that the mandatory in camera provision was an unjustified restriction on freedom of expression and the open court principle when compared to the less restrictive alternative of a discretionary power to hear submissions in camera when necessary to preserve foreign confidences or national security, a practice supported by the actual practice of the government and the courts. The court's remedy was to read down the in camera requirement so that it applies only to the parts of the hearing involving ex parte submissions. This ruling suggests that the mandatory in camera proceedings as well as the mandatory ban on even revealing that a judicial proceeding is taking place found in ss.38.02 and 38.11 of the Canada Evidence Act may be an unjustified violation of freedom of expression given the more proportionate alternative of allowing the judge a discretion to hold proceedings in camera when necessary to protect national security.

16 Ottawa Citizen Group v. Canada (Attorney General) 2004 FC 1052

17 Ibid at paras 43 — 45.

18 In further support of the open court principle, I note that the Government has made amendments to section 37 of the Canada Evidence Act, which contains the procedures for objecting to disclosure of information on the basis of a specified public interest. As originally enacted in the Anti-terrorism Act, s.37.21 required that the hearing of the objection to disclosure "shall be heard in private", but this provision was repealed in 2004 (" An Act to amend the Criminal Code and other Acts ", S.C. 2004, c.12) so that the court will only exercise its discretion to hold an in camera hearing in appropriate case. This amendment complies with the thrust of the Supreme Court's ruling in Ruby v. Canada that mandatory in camera hearings are not a proportionate restriction on freedom of expression. It also demonstrates recognition by the government itself that there was some overreaching in the name of secrecy in the Anti-terrorism Act as originally enacted.

19 Section 38.06 has been considered in a series of cases arising from the criminal prosecution of a person, Ribic, accused of hostage taking in Bosnia . These cases consider the weighing of the State's interest against the interest of the accused required under section 38.06. Ribic v. Canada 2002 FCT 290, R v. Ribic 2002 FCT 839, Ribic v. Canada 2003 FCT 10, R v. Ribic 2003 FCT 43. At the appeal from two of these proceedings, Létourneau J.A. for the Federal Court of Appeal articulated a three part test under s.38.06 that is quite protective of state secrets even in the context of disclosure to the accused in a criminal trial. R v. Ribic 2003 FCA 246. The first issue is that the information requested must be relevant to the defence, the second issue is whether the disclosure of the information would be injurious to international relations, national defence or national security, and in the third stage the party seeking disclosure bears the burden of proving that the public interest scale tipped in its favour. Létourneau J.A. stated for the Federal Court of Appeal at paras 18-19:

It is a given that it is not the role of the judge to second-guess or substitute his opinion for that of the executive... . This means that the Attorney General's submission regarding his assessment of the injury to national security, national defence or international relations, because of his special access to special information and expertise, should be given considerable weight by the judge to determine, pursuant to subsection 38.06(1) whether the disclosure of the information would cause the alleged and feared injury.

The relevance of this jurisprudence is that the balancing test under s.38.06 is already very sensitive to state interests in national security and national defence and that this makes unnecessary the ability of the Attorney General to overrule disclosure decisions made under s.38.06 by issuing a certificate under s.38.13.

20 A further consequence of the Attorney General certificate is found in ss.103 and 104 of the Anti-terrorism Act, which amend the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA) respectively, removing the information subject to a confidentiality certificate from the oversight role of the Privacy Commissioner, thereby precluding all possibility for an affected individual to gain access to any personal information about them.

The Anti-terrorism Act provided that where a certificate under section 38.13 of the Canada Evidence Act prohibiting the disclosure of information (contained in a record or the personal information of a specific individual) is issued before a complaint is filed under the Privacy Act or the Personal Information Protection and Electronic Documents Act (PIPEDA) in respect of a request for access to that information, these Acts do not apply to the information. Where this type of certificate is issued after the filing of a complaint, then all the proceedings are discontinued and the Access to Information Commissioner or Privacy Commissioner, as the case may be, must not disclose the information and must return the information to the head of the government institution that controls or provided the information.

21 In response to concerns about the unreviewable power that the Attorney General had under s.38.13, a procedure for judicial review of the s.38.13 certificate was added by the 20 November 2001 amendments. Under section 38.131, a party to the proceeding referred to in section 38.13 may apply to a single judge of the Federal Court of Appeal for an order varying or canceling the certificate. The judge who hears the application must make an order varying or canceling the certificate if part or all of the information subject to the certificate does not relate to information obtained in confidence from or in relation to a foreign entity or to national defence or security. However, the judge must make an order to confirm the certificate if all of the information subject to the certificate relates to information obtained in confidence from, or in relation to a foreign entity or to national defence or security. The judge's determination of this matter is final and is not subject to appeal.

22 2001 c.38

23 Pub. L. 107-71

24 Personal Information Protection and Electronic Documents Act , S.C. 2000, c. 5

25 Canadian Security Intelligence Service Act, R.S.C. 1985, c. C-23

26 I note, however, that the Anti-terrorism Act does not require judges to extend these requirements to the maximum. Accordingly, this amendment is not as pressing as the need to consider whether other less intrusive methods of investigation would work.

27 Immigration and Refugee Protection Act, S.C. 2001, c. 27

28 Under, for example, ss.5 and 6 of the Charities Registration (Security Information) Act S.C.2001, c.41, ss.83.05 and 83.06 of the Criminal Code, s.38 of the Canada Evidence Act, and s.78 of the Immigration and Refugee Protection Act.

29 The Public Safety Act should be seen as companion legislation to the terrorism Act. In many ways its privacy impacts are far more severe. I recognize that this Committee cannot necessarily tailor its mandate, but I would urge it nonetheless to include a review of the Public Safety Act in its deliberations to the degree that it can, and I would certainly hope to see any future reviews of the Anti-terrorism Act extend to the Public Safety Act.

Date modified: