A secure society: Meshing privacy and public safety
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Remarks at training session on national security held at the Federal Court of Canada
January 21, 2011
Address by Jennifer Stoddart
Privacy Commissioner of Canada
(Check against delivery)
I am very honoured to be asked to join you at this important function. Over the years, your rulings on the Privacy Act and PIPEDA have – and will continue – to determine privacy rights for Canadians.
I welcome your interest in the complex issues raised by our evolving national security landscape -- and, in particular, the relationship between national security and privacy. A challenge that often confronts you.
National security, like public safety more generally, raises issues of paramount concern for my Office. This is one of our four priorities for research, compliance activities and public education. It is one of the issues that we feel could have the most profound and lasting impacts on the privacy rights of individuals.
National security and its relationship to privacy is something that, like you, we have followed for years – in Parliament, in the courts and, of course, in the real world, in Canada and around the globe.
Governments and corporations, with the aid of technology, are building ever more personal information databases, of increasing scope and sophistication. Egregious amounts of personal information are being accumulated, shared, matched and compared, for a host of known – and often unknown -- purposes.
We’re seeing in Canada and allied countries the mass collection and patterning of global communications traffic, worldwide financial transaction monitoring, and the profiling of the itineraries of international air travellers – to name just a few of the state’s areas of interest.
Just yesterday, Britain’s Information Commissioner criticized the Serious Organised Crime Agency, Britain's elite crime-fighting unit, for maintaining a secret database of suspected fraudsters and money-launderers.
The Commissioner estimates that the database, known quaintly as “Elmer,” holds records on one million citizens. An investigation by the Commissioner’s office found that suspects had no way of knowing they were on the registry, and most were probably innocent. Even trivial and unproven records were being kept in perpetuity.
The Commissioner concluded that the database, introduced 10 years ago under anti-terrorism legislation, breaks data protection and human rights laws.
As David Loukidelis, B.C.’s former Privacy Commissioner and now the province’s Deputy Attorney General has pointed out, programs of this kind often amount to surveillance of the many to find the guilty few.
And I mean few: According to the Washington Post, the U.S. Department of Homeland Security created something called the Guardian database, where state and local authorities, businesses, and private citizens can report suspicious activities to the FBI for analysis.
As of December, there were 161,948 suspicious-activity files in the classified database. Another 7,000-plus were stored in an unclassified section of the database. Of those, 103 led to full-blown investigations, resulting in some five arrests.
Convictions so far? Zero.
One of any government’s principal tasks is to ensure the well-being of its citizens, their safety and communal sense of security. In order to do this, law enforcement and security officials are entrusted by our society with some very significant powers, many quite invasive.
Engaging those powers can have grave consequences.
As you well know, since you wrestle with these issues daily, innocent people can be barred from travel on the basis of faulty information. They may be excluded from education, employment or other economic opportunities. Far worse, the law may require that they be imprisoned, stripped of their citizenship, and even deported.
Because there is so much at stake, we all recognize that any national security cases that find their way into Canada’s court system are fraught with complexity, sensitivity and import.
Part of the complexity lies in balancing competing fundamental rights – at the level of principles and values, and at a practical, operational level. I hope to persuade you in my remarks here today that the right to privacy is not at odds with the goal of protecting safety.
Values underlying privacy
For the individual, privacy, in many cases, speaks to liberty and self-actualization. The unchecked accumulation of data about people’s movements, activities and communications can ultimately constrain their fundamental right to go about their business in anonymity and freedom from state monitoring.
Privacy is also a societal good, because social cohesion hinges on trust between citizens and their neighbours; between citizens and the state.
That trust, in turn, forms the underpinnings for a secure and well-functioning state.
Citizens need to trust that the state will protect them – but not at the cost of other fundamental rights, including the right to privacy. And they look to our judicial system for the protection of those rights.
But, where those rights are infringed, and citizen trust hits a low point, security measures may be undermined, ignored, circumvented or resisted.
Queen’s University Professor David Murakami Wood, Canada Research Chair in surveillance studies and a pivotal contributor to the 2008 UK House of Lords report on surveillance and its effects on the citizen and state, speaks of a “tacit social contract,” under which individuals expect to be free, and to have those freedoms protected.
Indeed, “the main reason for security,” he says, “is to protect our rights to go about our daily business unhindered.”
“Where that protection starts to remove those freedoms themselves,” Prof. Wood observes, “that tacit contract is challenged.”
Pragmatic value of privacy
While privacy is critical to Canada’s free, democratic tradition, it also has practical value in the security context.
Let’s start from the position that the mere creation of a personal file on an individual creates risk. No collection of data can be one hundred percent secure. There can be mistakes and misuses of data. The data itself may be erroneous. There can be breaches, inappropriate sharing, and unintended outcomes.
As recent federal commissions of inquiry made clear, several Canadian individuals endured great suffering. The commissioners’ reports pointed to a cascade of factors, but the triggers, invariably, were gross violations of their privacy.
For instance, inaccurate or misleading intelligence was compiled and inappropriately shared. It was then used to justify the detention, deportation and even torture of the men.
The truth is that, in modern intelligence, gathering information presents no serious obstacle for security agencies. The real problem lies in digging through the mountains of data to isolate what is actually important – the accurate and relevant snippet that signifies a genuine threat.
In other words, security forces have become supremely efficient at collecting dots; what they struggle with is connecting them.
And here’s what’s truly Kafkaesque: In a world where secrecy reigns supreme, many individuals do not even know when data about them is being collected.
In the absence of that knowledge, how can they meaningfully exercise their rights to access their information, or to set the record straight? How, in fact, can they even dream of obtaining compensation or redress?
Fair information principles
There are no simple remedies. But we can look for inspiration to the fair information principles, developed more than 30 years ago by the OECD, that underlie data-protection laws in Canada and around the developed world.
Those principles direct organizations to collect only the personal information that is necessary and relevant for their purpose. The accuracy of the information should be verified and validated. It should be retained for limited times. Somebody should be designated as accountable for the information, and logical and appropriate limits should be prescribed for the disclosure of sensitive information to other parties. Individuals, moreover, should have access to their personal information, and the opportunity to correct it if it’s wrong.
Fair information principles need not be an impediment to the collection or exchange of information by security officials. They were designed to safeguard privacy, but they also serve as a powerful lens to focus its analysis.
The inquiries led by the Honourable Mr. Justice O’Connor and the Honourable Mr. Justice Iacobucci never referred to these principles per se. But what they did underline was the importance of security agencies properly managing the collection, validation and exchange of personal information.
More recently, the Air India inquiry, headed by the Honourable Mr. Justice Major, pointed to the limits of collection of information about people and the relevance of examining objects and merchandise in the context of air travel.
That is also the gist of what my Office recommended to the RCMP a few years ago in an audit of how the force manages its burgeoning data holdings. We found the RCMP’s exempt databanks were crowded with tens of thousands of national security and criminal operational intelligence records that should not have been there – raising potential risks for individuals identified in those files.
OPC privacy and public safety reference document
To help people think through the complex issues that lie at the nexus between privacy and public safety, my Office developed a reference guide for policymakers, practitioners and citizens.
Published last November, the guide draws on expertise residing in the legal community, academia, civil society, politics, intelligence, law enforcement and oversight. It comes at the challenge from both a theoretical and a practical direction.
What, for instance, does “personal information” mean in the context of the myriad kinds of data that security organizations might collect on individuals today?
With reference to the views of Canadian courts, the document also explores what a “reasonable expectation of privacy” entails, when positioned against national security and public safety threats.
Building on those bedrock concepts, the reference paper then outlines the basic framework that an organization needs to think through in order to integrate core privacy considerations into a security program or policy.
In integrating privacy into a new security initiative, the bulk of the effort has to come at the front end.
And so we urge proponents of the initiative to justify their intentions against a four-part test.
The test, which flows from the Supreme Court of Canada’s reasoning in Oakes in 1986, considers whether a law, program or exercise of power can be justified as necessaryto achieve the stated purpose, and effectivein achieving the stated objective.
Any intrusion on privacy should also be demonstrably proportionate to the purported security benefits. And, as a fourth consideration, the proponent of an initiative should be able to show that there are no alternatives that could achieve the same ends, with less impact on privacy.
Once the initiative has been justified at a conceptual level, the document goes on to provide concrete guidance on designing and implementing it in a way that respects privacy. The guide also addresses issues of ongoing monitoring, evaluation, oversight and redress.
The point is not to furnish the right answers, because these cannot realistically be predetermined. Rather, it is to raise the right questions that can guide security agencies, policymakers and others in their search for that elusive equilibrium between public security and privacy rights.
Let me offer you now a specific example of where this kind of reasoning and analysis plays out.
Last November, the government reintroduced a package of bills related to lawful access. The principal elements are the Investigative Powers for the 21st Century Act, Bill C-51, and the Investigating and Preventing Criminal Electronic Communications Act, or Bill C-52.
The two work as a package with other legislation now before Parliament. Bill C-29 would update Canada’s private-sector privacy law; Bill C-22 targets child pornography; and C-50 would streamline certain warrant applications.
Changes to the Canadian legal regime governing seizure, search and surveillance powers
Most of the package has yet to reach committee stage, but my provincial and territorial counterparts joined me in expressing reservations about previous iterations of the legislation. I’ll describe those concerns in a moment.
Together, the suite of bills aims to:
- Ensure authorities are alerted quickly to certain illegal online activities such as child pornography or suspected fraud;
- Give police broad tools to freeze and preserve data to be used as evidence;
- Allow government investigators to trace digital transactions and communications, by way of new transaction- and vehicle-tracking warrants;
- Cement the interception powers of police and security agencies by compelling companies providing telecommunication services in Canada to build intercept capabilities into their networks; and
- Allow law enforcement, CSIS and the Competition Bureau to access company records on subscribers without a warrant.
Let me be clear: Our Office understands the challenges faced by law enforcement and national security authorities at a time of rapidly changing communications technologies.
Even so, whenever new surveillance powers or programs are proposed – especially in this new, online, digital, globalized environment -- the government must demonstrate that the measures represent a truly necessary, effective and proportionate response. To date, however, this case has not been convincingly made for all aspects of the proposal.
I did not object to the adoption by the House of Commons of the bill on child pornography. It targets a specific crime, which is – most unfortunately – a growing phenomenon. Its victims are children.
However, Bill C-52 would go far beyond the kind of response that Canadians might expect, because the unlimited powers it contemplates would not be restricted to specific offences.
It would require all wireless, Internet and other telecommunications companies to allow for intercept capabilities – now and when they upgrade their software or network infrastructure – and to maintain those capabilities over time.
This universal intercept capability would apply to all types of telecommunications technology, including conventional wire line service, wireless communications, Internet-based communications, satellite communications, and any other technology used in telecommunications, from Skype and SMS texts to online chats and PIN-to-PIN communications on BlackBerrys.
Bill C-52 would also oblige companies to comply with law enforcement agencies — CSIS, the RCMP, the Commissioner of Competition and any police service constituted under the laws of a province — when they seek subscriber data without judicial authorization.
‘Subscriber data’, in the bill, is broadly defined, including everything from the individual’s name and e-mail address to the identity module card number associated with the person’s telecom service and equipment.
An earlier version of this lawful access legislation raised serious concerns among privacy commissioners from across Canada. We raised questions about the impact of the measures on privacy rights, as well as on the judicial warrants process.
In September 2009, we issued a joint resolution, calling on legislators to exercise caution in this area, and to explore less-invasive alternatives. We felt that the powers ought to be tailored to specific and serious crimes, and that appropriate legal thresholds for authorization should be considered. We also asked for effective and ongoing oversight measures and regular public reporting.
Shortly after, I wrote to the Commons Standing Committee on Public Safety and National Security, as well as the ministers of Justice and Public Safety, to reiterate and elaborate on these points.
In that letter, which followed extensive discussion with a broad range of stakeholders, I also urged a re-examination of the administrative processes and resourcing requirements of court applications and the warrant system. You can find the resolution and the letter on our website.
When Parliament resumes debate on this new suite of lawful access legislation, I hope to offer my detailed analysis before a Committee.
To sum up, I would not want to imply that privacy rights are absolute, or that they somehow trump the right to security. Without the stability and safety afforded by a dedicated, impartial and professional system of authorities, privacy rights are mere abstractions.
Even so, I am the first to acknowledge that the intersection between privacy and national security is a diabolically complex one.
Little in this field is clear cut, which can make it frustrating – certainly for me, as an advocate for privacy rights. It can also be extremely challenging for you, who make rulings on actual cases, as well as for the institutions that put your decisions into effect.
But, at the same time, privacy is not something that should be seen as a lesser value, one that can be traded away or sacrificed in times of heightened security pressures.
Instead, security and privacy should be viewed as twin rights -- fundamental and inalienable rights that can – indeed, must – coexist.
In the day-to-day world, however, the risk exists that the pursuit of one will come at the expense of the other.
I welcome your questions…
- Date modified: