Privacy and Canada’s national security framework
OTTAWA, December 6, 2016 – Privacy Commissioner of Canada Daniel Therrien and his provincial and territorial counterparts have provided Public Safety Canada with a formal submission to the federal government’s review of Canada’s national security framework. Here are some of key themes and recommendations in the submission:
Metadata in a criminal law context
Metadata, generated constantly by digital devices, can be far more revealing than the information on the outside of an envelope or in a phonebook, as it is commonly characterized by law enforcement. For instance, metadata can reveal medical conditions, religious beliefs, sexual orientation and many other elements of personal information. We also saw recently that it can identify journalistic sources.
Basic ISP subscriber information — which can include name, email address, and IP address (but not the content of communications) — is a form of metadata and can clearly be useful for investigative purposes.
The federal government’s discussion paper suggests this information should be available to law enforcement more easily. Yet, Bill C-13, the Protecting Canadians from Online Crime Act lowered legal thresholds for accessing metadata when it came into force in 2015.
Under that legislation, a production order for “transmission data”, transaction records and location tracking can be obtained from a judge on “reasonable grounds to suspect.” It is unclear why these provisions do not give law enforcement adequate tools to do their job. Do police officers really need access to metadata on less than a reasonable suspicion?
Justify lowering the standards from those recently adopted under Bill C-13
Government must provide precise explanations as to why existing thresholds cannot be met, and why administrative authorizations to obtain metadata, rather than judicial authorizations, sufficiently protect Charter rights in cases where there are no exigent circumstances.
Enhance privacy protections: general considerations
Recent cases of metadata collection – for example, by the Communications Security Establishment, CSIS, the RCMP, Quebec provincial police and Montreal police – show that existing standards should, in fact, be tightened and that privacy protections should be enhanced. In many cases, the collection of metadata, including with warrants, has involved innocent people not suspected of wrongdoing.
A modernized law must reflect the fact that metadata can reveal personal information that is more sensitive than the data for which warrants have traditionally been required in the pre-digital world. It must also ensure that modern investigative tools do not violate the privacy of law-abiding citizens.
Maintain the role of judges and better define conditions for access to metadata
Maintaining the role of judges in the authorization of warrants for the collection of metadata by law enforcement is critical because they ensure the necessary independence for the protection of human rights.
However, it is also incumbent on Parliament to better define the conditions under which the sensitive metadata of Canadians should be available to police forces.
On the whole, these criteria should provide law enforcement access to metadata where necessary to pursue their investigations – but only in a way that recognizes the often sensitive nature of this type of information.
Conditions should include adopting sufficiently high legal thresholds and criteria for the issuance of court orders. For example, collection of metadata could be limited to cases where all other investigative methods have been exhausted and for violent crimes where public safety may outweigh privacy risks.
In cases where these criteria are met, there should be conditions aimed at protecting the privacy of people incidentally targeted by a warrant, but not suspected of involvement in a crime. For example, use of the data could be restricted to the crime being investigated, and metadata not related to criminal activity destroyed without delay.
Justify why new data retention requirements are required beyond current preservation orders
Preservation orders are a current tool available by law enforcement to ensure that a communications company’s customer data is not deleted during an investigation. The government’s discussion paper suggests companies should be required to retain their customers’ data without such court orders.
The imposition of such an obligation would clearly need to be justified and its scope would need to be proportional. A similar obligation imposed in a European data retention directive was invalidated by the European Court of Justice, in large part because it significantly interfered with fundamental rights and lacked sufficient limits on how law enforcement could use the information.
Metadata and national security
The British signals intelligence agency, GCHQ, has publicly stated that metadata is more revealing than the content of communications. It is therefore very useful in national security investigations. Yet the Snowden revelations, and various incidents in Canada, have demonstrated that metadata collection can include law abiding citizens. These represent examples of mass surveillance.
In Canada, two recent incidents are worth mentioning. First, the oversight authority for the Communications Security Establishment (CSE) – the Office of the CSE Commissioner – revealed in its 2014-15 annual report that metadata had been shared illegally with international security partners without being properly minimized. More recently, the Federal Court held that CSIS had unlawfully retained, for analytical purposes, the metadata of persons who were not threats to national security.
Amend the National Defence Act
Following the review of the CSE’s metadata sharing, the Office of the Privacy Commissioner of Canada recommended that the National Defence Act be amended to clarify that the CSE’s powers with respect to the collection, use and disclosure of personal information be accompanied by specific legal safeguards to protect the privacy of Canadians.
Ensure destruction of incidental personal information
The law should be amended to ensure that where the personal information of individuals not suspected of terrorism is obtained incidentally to the collection of information about threats, the former should be destroyed once it has been determined after analysis that individuals have been cleared of any suspected terrorist activities.
Interception and Encryption
The widely publicized battle between Apple and the FBI over investigators’ access to the locked cellphone of a mass shooter in California brought the difficult issue of interception and encryption to the forefront in recent months.
The government’s discussion paper notes that encryption can be a significant obstacle to lawful investigations and even to the enforcement of judicial orders. People who use encryption and companies that offer it to customers are subject to laws and judicial warrants, and these sometimes require access to personal information legitimately needed in cases where public safety is at risk.
However, encryption is also extremely important, even essential, for the protection of personal information and for the security of electronic devices such as smart phones. Unfortunately, there is no known way to give systemic access to government without simultaneously creating an important risk for the population at large. In addition, encryption often originates from foreign sources and is widely available, including to criminals and terrorists, so a Canadian law may have no impact on suspects while reducing the privacy and security protections needed by ordinary users of digital services.
Look for technical solutions before considering a new law
Parliament should proceed cautiously before attempting to legislate solutions. It would be preferable to explore technical solutions which might support discrete, lawfully authorized access to specific encrypted devices, as opposed to imposing general legislative requirements.
The government already has powers under the Protecting Canadians from Online Crime Act which, since 2015, have empowered judges to attach an assistance order to any search warrant, interception order, production order or other form of electronic surveillance. These have been used in investigations to defeat security features or compel decryption keys.
It is also important to further note that federal provisions already exist for telecommunications carriers to build in surveillance capability, retain communications metadata and provide decrypted content to government upon request. These requirements, the Solicitor-General Enforcement Standards, have been a condition of licensing since the mid-1990s.
As with the assistance order scheme, if these requirements are not being properly implemented or enforced, it would be important for the government to explain where the regime falls short.
If a new law is considered, take a narrow approach
If an obvious technological solution is not found and the government believes legislation is required, amendments should reflect the principles of necessity and proportionality in order to narrow how much information is decrypted; and also that such extraordinary measures should be used as a last resort.
Domestic information sharing
Protecting the security of Canadians is clearly an important goal and greater information sharing may sometimes lead to the identification and suppression of security threats.
However, the scale of information sharing permitted following the passage of Bill C-51, the Anti-Terrorism Act, 2015, is unprecedented; the scope of the new powers created is excessive – and may affect ordinary Canadians; and the safeguards protecting against unreasonable loss of privacy are seriously deficient.
Authorizing the sharing of information based on a standard of “relevance” to the detection of threats is a key reason why risks to law abiding citizens are excessive. For instance, the information of ordinary travelers or taxpayers could be shared with a view to detecting threats among them. And SCISA, the Security of Canada Information Sharing Act, does not mandate the destruction of this information once the vast majority of individuals, after analysis, have been cleared of any suspected terrorist activity.
Justify the need for changes
The federal government should provide a justification for the new information sharing provisions, including a clear explanation, with concrete examples, of how the previous law created barriers to information sharing required for national security purposes.
Raise the standard from “relevance” to “necessity”
Low standards authorizing information to be shared where it is merely of “relevance” to national security goals should be addressed. In contrast CSIS may only collect and analyze information that is “strictly necessary.” If “strictly necessary” is adequate for CSIS to collect, analyze and retain information, it is unclear why this standard cannot be adopted for all departments and agencies with a stake in national security.
Set clear limits around how long information received or shared is to be retained.
National security agencies should be required to dispose of information immediately after analyses are completed and the vast majority of individuals have been cleared of any suspected terrorist activities.
Create an explicit requirement for written information sharing agreements.
Elements addressed in these information sharing agreements should include, as a legal requirement, the specific elements of personal information being shared; the specific purposes for sharing; limitations on secondary use and onward transfer, and other measures to be prescribed by regulations, such as specific safeguards, retention periods and accountability measures.
Create a legal requirement to conduct Privacy Impact Assessments
The OPC has been concerned to see how few Privacy Impact Assessments were undertaken in relation to the information sharing provisions created under Bill C-51. Privacy Impact Assessments help to identify privacy risks involving the use of personal information and propose solutions to mitigate them. They are currently required under a government policy, but not under the Privacy Act.
Consider information sharing beyond Bill C-51
The information sharing provisions stemming from Bill C-51 are not the only mechanism by which information-sharing for national security purposes takes place. Safeguards such as necessity and proportionality should apply to all domestic information sharing.
International Information Sharing
International information sharing can lead to serious human rights abuses, including torture. This was demonstrated during the commissions of inquiry held in the aftermath of new security measures adopted following the tragic events of 9/11. The existing legal framework must be clarified to reduce these risks to a minimum.
Set clear rules to ensure respect for international human rights law
Clear statutory rules should be enacted to prevent information sharing from resulting in serious human rights abuses and violations of Canada’s international obligations.
Consideration should be given to incorporating into law some of the privacy principles agreed to between Canada and the United States under the Beyond the Border Action Plan.
The government’s proposal to create a new National Security and Intelligence Committee of Parliamentarians is a step in the right direction, but is insufficient to ensure effective oversight. Expert review is critical.
All government institutions involved in national security should be the subject of expert review. This includes all of the 17 agencies authorized to receive information following the passage of Bill C-51 and, among others, the Privy Council Office.
Ensure all government institutions with a national security role are subject to expert, independent oversight
A committee of Parliamentarians provides democratic accountability, but it would also be important to have review by experts with an in-depth knowledge of the operations of national security agencies and of relevant areas of the law are applied so that rights are effectively protected.
Expert review bodies should have meaningful independence from the executive, be non-partisan and have institutional expertise, with knowledge of both domestic and international standards and law.
Review bodies must be able to collaborate
Review bodies must be able to share information so that reviews can be performed in a collaborative and effective manner rather than in silos, as is currently the case.
Currently, the confidentiality provisions of the Privacy Act prevent the OPC from sharing information about ongoing investigations with other review bodies, such as the Security Intelligence Review Committee, the Office of the CSE Commissioner or the Civilian Review and Complaints Commission for the RCMP.
Review bodies must be properly resourced
In order to be fully effective, review bodies must also be properly resourced. Although public concern about privacy has increased in recent years, and the budgets of national security agencies have grown significantly, there has not been a consequential increase in funding for oversight bodies. The OPC, for example, has been forced to risk manage limited resources, moving efforts from other mandated activities. This is less than ideal and insufficient for effective review and privacy oversight.
A key aspect missing from the government’s discussion paper is the issue of transparency reporting, which is important to ensure balance and accountability.
Transparency reporting limited to the private sector is currently insufficient. It is also unacceptable that government institutions are not legally required to report on these issues (in a manner that protects investigative methods.)
Public debates and decisions on privacy need grounding in facts and legal reality. Timely, accurate statistical information on government requests and access of personal information can support such discussions and also form the basis for informed consumer choices.
Require transparency reporting by government
There should be reporting requirements on broader privacy issues dealt with by federal organizations as well as specific transparency requirements for lawful access requests made by agencies involved in law enforcement.
News release: Don’t repeat past mistakes, Privacy Commissioner warns as government reviews national security framework
Submission to the Consultation on Canada’s National Security Framework
- 30 -
For more information, please contact:
Tobi Cohen, Office of the Privacy Commissioner of Canada
Report a problem or mistake on this page
- Date modified: