The integral role of civil society in balancing privacy and national security
Remarks at the 2012 International Intelligence Review Agencies Conference
May 30, 2012
Address by Chantal Bernier,
Assistant Privacy Commissioner of Canada
(Check against delivery)
I would like to begin by commending the organisers for the particular focus of this panel. Why? Because it is at the core of what is at stake in a new national security context: simply put, the new national security context, with unprecedented types of threats and surveillance capacity, impacts so radically on the traditional protections of privacy, that we need a societal debate to recalibrate the rapport between privacy and security. And that debate can only happen through interaction with civil society.
That is my central point today. I will develop it in three parts:
- First, I will highlight the characteristics of the new national security context that impact upon privacy;
- Then I will explain the principles followed by the Office of the Privacy Commissioner of Canada (OPC) in integrating privacy principles in this new national security context, including with respect to the relationship with civil society;
- And finally, I will provide concrete examples where we put forward interaction with civil society as inherent to protecting the right to privacy.
But even before I move to the characteristics of the new national security context that are most relevant to privacy, I need to make a clarification.
Because of the rapidity and significance of change in relation to privacy risks and protection today, we too often hear that the right to privacy, or even the desire for privacy, has changed or worse, has vanished.
It is important to dispel that assertion at the outset: the right to privacy is NOT changing. In fact, it is immutable as it corresponds to a visceral, essential need to protect our dignity, to protect the exercise of our fundamental freedoms and to protect our place in society.
As evidence of that, take the media coverage on concerns over privacy in a connected world, take the survey results that show that 65% of Canadians consider privacy to be one of the most important public policy issues for the near future, or take the 30% increase in complaints to our Office in the last year. All speak of the instinctual need for privacy.
The right to privacy can be defined, simply, as the right to choose what others know about us. We make that choice individually, in relation to what we disclose to private companies in return for services, or to other individuals in the course of relationships, and collectively, in relation to the State, in return for proper governance, whether fiscal, social or, as the case in point, for greater security.
What is changing, rapidly and constantly, are the risks to privacy and therefore the modalities to protect it. And that is what calls into play the interaction with civil society.
No field illustrates this better than national security.
1. Privacy impacts of a new national security context
Two main drivers are forcing a rethinking of the modalities of privacy protection in the context of national security:
- The diffusion of the threat: The expansion of the focus of national security measures from traditionally more circumscribed targets to a broader spectrum brings law-abiding citizens, like never before, under the intrusive lens of national security; most obvious is in relation to air travel;
- Technological developments: In both the private and public sectors, technology has generated an unprecedented level of surveillance capacity, which needs to be bridled.
It is the convergence of these two drivers, and their impact on privacy, that forces a societal debate on what we are ready to accept as far as government intrusion upon privacy in the name of national security.
That debate necessarily calls upon interaction with civil society. In a moment, I will address the principles and process that must guide this interaction.
But first, we need to step back and look at the tugs and pulls in the debate that pits privacy against national security to understand the dynamic tension between the two.
For those of you who are interested in exploring this further, I refer you to a particularly insightful article by Professor Jennifer Chandler, entitled “Privacy versus National Security: Clarifying the Trade-off”Footnote 1. From her work and from my own files, I would highlight four main drivers in this tug and pull between national security and privacy:
- The first tug and pull I would call the “concreteness of danger vs the abstraction of rights”: I am referring to how the national security vs privacy debate pits, on the one hand, the concrete, accessible and overwhelming notion of physical danger against, on the other hand, the abstract and remote notion of fundamental freedoms. It is expressed in the “better safe than private” fallacy, which is supported by the human perception of risk and by the irrational thinking it generates. The potential erosion of civil liberties seems, in comparison, an abstract problem, a dystopian future that might never come to pass.
- The second tug and pull is a binary approach that opposes, on the one hand, the non-negotiable, absolute right to life and, on the other hand, the relative, transactional right to privacy. While we would never compromise our right to life, we constantly “negotiate” our privacy—to obtain services, to build relationships or to manage our image. Hence, one appears imperative while the other, expendable.
- The third tug and pull is that of collective interests versus individual interests. While we assert the right to national security and safety as a community, we are, in a way, left alone to assert our individual right to privacy. The right to security imposes itself by mere numbers and apocalyptic scenarios even without much evidence of risk. The right to privacy then appears as but capriciousness.
- Finally, there is the tug and pull of distributive impact. I am referring to the widespread view that security initiatives only affect a suspicious few. This ignores the actual reach of national security measures in relation to privacy and confuses intimacy and guilt—the “nothing to hide, nothing to fear” fallacy, that suggests that if you are not guilty of anything, you have no need for privacy.
In short, the societal debate around balancing national security and privacy is challenged by the asymmetry of the equation.
The Chief Justice of the Supreme Court of Canada herself, the Rt. Hon. Beverley McLachlan, has warned us against the distortion that can undermine our rational balancing of national security and privacy. She reminds us that:
“The fear and anger that terrorism produces may . . . perhaps . . . lead governments to curtail civil liberties and seek recourse in tactics that may not, in the clearer light of retrospect, be necessary or defensible.”Footnote 2
To correct that distortion we must, first, ground our analysis in established principles and empirical evidence and, second, engage civil society.
This brings me to the second part of my presentation: the OPC’s approach to integrating the protection of privacy and national security.
2. The OPC’s approach to integrating national security and privacy
To address the challenge of protecting privacy in a new national security context, the OPC has developed an analytical framework called A Matter of Trust: Integrating Privacy and Public Safety in the 21st Century.
The impetus for the development of this analytical framework was essentially practical: we wanted to make sure that national security measures, about which we review PIAs, are firmly anchored in Canadian laws and values in order to respond to new threats without undermining civil liberties in a matter that is unnecessary or indefensible, to paraphrase Chief Justice McLachlin.
To put it bluntly, we wanted to cut through the rhetoric, on both sides, by applying an evidence-based approach to the integration of privacy and public safety in general.
The analytical framework was developed in consultation with national security and law enforcement professionals, representatives of civil society and academics.
The title of the document puts forth the two defining elements of our approach:
- First, it firmly identifies what is at stake in the weighing of security and privacy: trust. Trust of citizens in government, which is essential to social peace; trust among citizens, which is essential to social cohesion; and trust of governments in their citizens, which is essential to the respect of individual rights. In short, one can argue that without trust, no government can function properly.
- Second, the title puts forward the goal at hand: it is not a matter of pitting safety against privacy, in a binary, contradictory relationship. It is rather a matter of integrating them, of accommodating both safety AND privacy.
To further articulate this stance, I particularly like this quote from Stanley Cohen, from his Chapter in In The Balance, for the careful neutrality in his choice of words. He writes:
“To be effective, national security measures necessarily actively engage and impact upon individual liberty.”Footnote 3
He uses the words “engage” and “impact” rather than the words “limit” or “restrict”. I read from it that he does not presuppose the outcome, he does not put privacy and national security in opposition, but rather in a rapport that remains open to changes according to circumstances.
He continues by adding that national security measures “call into question what it means to be free in a democratic society”. Again, the words “call into question” bear the wisdom of referring to a dialogue rather than a foregone conclusion. That is the place for interaction with civil society.
To structure the integration of national security and privacy protection, the OPC’s analytical framework is articulated around four main steps:
- The first one is establishing the legitimacy of national security measures that may encroach upon privacy, by providing empirical evidence of necessity and effectiveness. Even duly taking into account the need for a certain level of secrecy, citizens are entitled to know why privacy intrusive measures are necessary and whether they are effective in relation to that necessity.
- The second step is protecting legitimately collected information through proper safeguards. Government must respect the modalities under which citizens have accepted to provide their personal information in the pursuit of a collective goal.
- The third step is ensuring internal accountability for compliance with privacy rules. It includes audit trails and audit reviews, that document, for public consumption, the means and results of compliance measures in relation to privacy protection.
- The fourth step is the one that engages civil society most directly: ensuring external oversight. As national security authorities are entrusted with significant powers that impact upon privacy, the democratic principles of checks and balances call for reporting to citizens, whether through specialized oversight bodies, Parliament, and, crucially, public dialogue or consultations that engage civil society.
I will conclude with two specific examples where our Office has made interaction with civil society a central recommendation in order to protect privacy.
3. Specific examples
The first example is in our submission to the Government of Canada’s Beyond the Border Working Group on the Canada-U.S. Action Plan on the Border Security Perimeter where two of our recommendations directly speak to interaction with civil society.
- First, with respect to the continental exit-entry system, we believe that the mere breadth of privacy impact calls for both governments to clearly explain the program goals to citizens, its perceived necessity, and the modalities of its application. What will that change, you may ask? It allows us to hold those in power accountable for respecting our democratic values—in this context, the right to privacy—and if they don’t, we can engage in a public dialogue to hold them to it—or vote them out of office.
- Our recommendation in relation to Canada-U.S. joint protection of cyber-infrastructure is also of such broad reach that we recommended that Canada engage in broad public consultations, dialogue and outreach with civil society to fully empower Canadians to weigh in on the proper integration of privacy and security.
I want to stress that with more information and dialogue, as a society, we will make better choices, both with respect to privacy and national security.
The second example is the amendments to the Aeronautics Act which were necessary to allow Canadian airlines to disclose personal information to U.S. authorities in order to be able to fly over the U.S. under the Secure Flight program.
While recognizing that it corresponded to a requirement of the US government, we still made recommendations to the Canadian government to ensure transparency, in the form of Parliamentary and public debate for Canadians, as a society, to be informed of the measure and to be, again, empowered to hold authorities accountable for its proper application.
These two cases lead me to my conclusion. In fact, they bring me back to my initial argument: in both cases, the engagement of civil society emerges as the expression of a fundamental feature of the right to privacy: the right to choose what others know about us, which can only be exercised with proper information and consideration.
The unprecedented national security challenges we face, and the unprecedented technological means we develop, make this interaction imperative for an enlightened societal debate on integrating national security and privacy.
I will be happy to hear your comments.
- Date modified: