Electronic Surveillance - News

  • – 2014-02-11 –

    CIPPIC has joined over 6,000 organization and individual websites in an international day of action protesting against mass surveillance. The Day We Fight Back, which began as a U.S. based initiative spearheaded by the Electronic Frontier Foundation, Fight for the Future, Access, Center for Democracy & Technology, Mozilla, Reddit, and others, has taken on international dimensions as groups and individuals throughout the world are speaking out against the increasingly disproportionate overreaching of their respective national spying agencies.

    The grassroots campaign includes a Canadian component, an international component and a U.S.-based component. The Canadian-based component provides a mechanism, hosted at http://thedaywefightback.ca by OpenMedia.ca, which lets individuals send their local MPs a message calling for an end to the government's excessive surveillance practices. The international component lets individuals sign on to the International Principles for the Application of Human Rights to Communications Surveillance, a set of legal principles developed by CIPPIC and a number of other civil society groups designed to secure privacy and other human rights in an environment where it is rapidly becoming technologically feasible to collect 'everything'. The U.S. component allows individuals to either phone or email their congressional representatives in support of legislation that seeks to roll back the expansive powers of U.S. investigative agencies. So far, as of 2 pm, over 170,000 individuals have signed the International & Canadian calls to action since this morning. In the United states, 45,000+ and 100,000+, respectively, have phoned and emailed their U.S. congressional representatives.

  • – 2013-10-29 –

    CIPPIC joined the Electronic Frontier Foundation and Privacy International in writing a submission to the Inter-America Commission on Human Rights (IACHR) as part of a thematic hearing examining the U.S. National Security Agency's (NSA) electronic surveillance activities and their consistency with human rights protections. The thematic hearing constitutes the first time that the IACHR (an autonomous organ of the Organization of American States and one of the key institutions that oversees human rights protections within the inter-American system) is to examine the NSA's mass surveillance programs.

    The submission, which was signed by 24 organizations from throughout the Americas, highlighted the scope and legal framework of the NSA's surveillance programs and argued that these violated the right to privacy and free expression, as guaranteed by the Declaration on the Rights and Duties of Man. In particular, the submission pointed to the indiscriminate nature of the NSA's surveillance programs as recently confirmed by whistle-blower Edward Snowden, as well as the explicit disregard for the human rights of non-US persons that is at the heart of its legal authorization framework.

  • – 2013-07-31 –

    CIPPIC has joined over 120 civil society groups from around the world in endorsing a set of principles (FR) geared towards re-asserting what it means to protect privacy and associated human rights in light of increasing state surveillance capacities. Over the past several years, several gaps and cracks have developed in constitutional privacy frameworks around the world, which have simply not kept up with technological advances. Slipping through these cracks, government monitoring has grown to exponential proportions, as highlighted most recently and dramatically by a string of revelations regarding the unchecked surveillance programs operated by several foreign intelligence agencies in Canada and around the world. Over the past year, CIPPIC has worked with a number of civil society groups including the Electronic Frontier Foundation, Privacy International and Access to develop these principles as a means of addressing several of these shortcomings. As detailed below, the Principles collectively call for:

    • Transparency in Surveillance. The basis and interpretation of surveillance powers must be on the public record, and rigorous reporting and individual notification obligations are required;
    • Technical Neutrality. It is no longer acceptable to rely on artificial technical distinctions such as 'content' or 'non-content' as a basis for harvesting mass amounts of personal information;
    • Proportionality & Due Process. It is time to re-assert what has historically been the primary vehicle for preventing electronic surveillance from getting out of hand: prior authorization by an independent judicial entity based on a determination that the surveillance is highly likely to provide evidence that will address a serious harm;
    • Formalized Trans-Border Access. All access to any data of any individual must occur in a manner that is consistent with these Principles. It is no longer acceptable to bypass domestic privacy protections by relying on secretive and informal information sharing arrangements with foreign states, on voluntary cooperation by private international companies, or by treating individuals as though they lack privacy rights simply because they live in another country.

    It is time to turn back the surveillance tide. If your organization is interested in endorsing these principles or in learning more, please email: rights@eff.org. The full set of principles can be found at https://en.necessaryandproportionate.org and https://fr.necessaryandproportionate.org/.

  • – 2013-03-27 –

    The Supreme Court of Canada issued its ruling in R. v. Telus Communications Company, 2013 SCC 16, in which it was called upon to decide the extent to which important privacy protections offered for the interception of private communications should apply to advanced communications delivery mechanisms. Normally, a special interception warrant (called a Part VI authorization) is required before police are authorized to access private communications that have not yet occurred. In this case, however, the government argued it should be able to bypass the critical privacy protections found in Part VI because one company, TELUS, decides to temporarily store these as part of its message delivery process. The premise for this argument was that Part VI only protects against 'interceptions', and you cannot 'intercept' something that is not in motion, including TELUS' temporarily stored text messages. Therefore, the government can gain access to future messages that have not yet been sent, and no 'interception' occurs since the messages are taken from TELUS' stored databases.

    The problem is that, while real-time voice was the predominant form of electronic communications in the late 70s when Part VI protections were enacted, many forms of electronic communications, including SMS and email, employ temporary storage as part of the delivery process. The question then arises: do we throw away a critical set of privacy protections just because private communications are being transmitted by new techniques? In our intervention in this case, we argued against an overly narrow definition of Part VI that would defeat its ultimate purpose -- the protection of private communications. Today's decision saw a 5-3 majority of the Supreme Court rejecting the argument that police can do what is effectively and practically the type of 'electronic conversation' that Part VI was intended to protect. Access to text messages that have not yet been sent normally requires Part VI authorization. Just because TELUS stores its messages for a short period of time as part of the delivery process does not mean Part VI can be ignored.

  • – 2013-01-28 –

    Data Privacy Day and its European counterpart, Data Protection Day, commemorates the signing of the world's first international treaty on data protection -- the Council of Europe's Convention 108. Data protection is rapidly becoming an international norm, as recent developments have brought the number of countries with data protection legislation to 89, globally. Additionally, 2012 saw an unprecedented commitment by lawmakers in one of the largest data markets -- the United States, a long-time adherence of a sectoral approach to privacy protection -- committing to the enactment of data protection laws. Our courts have similarly advanced the cause of privacy with landmark decisions that recognized the right to anonymity in judicial proceedings, a constitutional right to individual notification when police intercept communications in an emergency, and the right to privacy in our work computers. In addition, our Federal Privacy Commissioner released a sweeping (but yet to be enforced) Finding on the privacy practices of a youth-based social networking site, Nexopia. Finally, advances in transparency have helped us better understand how our information is being accessed by the government, as more organizations began publishing statistics on government access, and Google, who pioneered the transparency reporting model, has increased the scope of their own reports so that the public can better assess the nature of government requests.

    At the same time, the challenges have never been greater with online surveillance legislation, long over-due updates to our federal privacy statutes (PIPEDA and the Privacy Act) still nowhere in sight, and legislative initiatives that will allow our online service providers to hand over our data to litigants and copyright trolls alike -- all on the horizon. More after the jump.

  • – 2013-01-07 –

    UPDATE: These hearings will be live streamed beginning at 9:30 a.m. on January 22, 2012

    CIPPIC has filed its intervention in two joint appeals before the Supreme Court of Canada: Chehil v. Her Majesty the Queen, S.C.C. File No. 34524 and MacKenzie v. Her Majesty the Queen, Supreme Court File No. 34397. These appeals call on our highest court to clarify the parameters of what constitutes a 'reasonable suspicion'. The reasonable suspicion standard forms the basis of an increasing panoply of state surveillance powers. The crown is seeking a 'reasonable suspicion' standard that effectively rubber stamps law enforcement 'intuition'. If adopted, courts will need to defer to law enforcement 'expertise' in assessing whether suspicions are reasonable. In addition, police will be able to systematically apply 'suspicious' profiles to mine data repositories and invade the privacy of many Canadians.

    The cases under appeal involve sniffer dogs. Individuals were deemed 'suspicious' on the basis of a confluence of innocuous factors such as: travelling from known drug centres (Vancouver and Calgary, respectively), purchasing a last minute ticket (Chehil), travelling two kilometres above the speed limit (MacKenzie), checking just one bag on a flight (Chehil), appearing nervous (MacKenzie) and buying a plane ticket with cash (Chehil). The ultimate constituent elements of this standard will have far-reaching implications, as what is considered 'reasonably suspicious' will form the basis of many surveillance powers. Under Bill C-30 alone, if it passes, the government will be able to force service providers to hand over cell phone location data, traffic data (such as what websites you visit), and interaction data (such as who you speak to or who you interact with online) if they are able to convince a judge that they have 'reasonable suspicion'. For more, see https://cippic.ca/sniffer_dogs.

  • – 2012-11-05 –

    The Supreme Court of Canada has granted CIPPIC leave to intervene in R. v. Chehil & R. v. MacKenzie (SCC File Nos. 34524 & 34397, respectively), two now joint appeals in which the SCC that will examine the 'reasonable suspicion' standard in the context of sniffer dog searches. The 'reasonable suspicion' standard forms the basis for a rapidly increasing number of privacy-invasive state powers including several electronic surveillance powers currently being proposed by the Government in an attempt to increase its online spying capacities.

    As stated in its motion for leave to intervene, CIPPIC intends to argue for a reasonable suspicion standard that cannot be marshalled in order to conduct mass surveillance of individual citizens. CIPPIC is particularly concerned that an overly permissive standard will be used to justify privacy infringements by means of a vast array of police-assisted tools. Many have noted this potential for sniffer dog judgements to be applied more broadly to other means of technological surveillance, most recently in the context of an upcoming Supreme Court of the United States hearing on sniffer dogs. For more information and resources, see CIPPIC's project page for this intervention: https://cippic.ca/sniffer_dogs.

  • – 2012-10-15 –

    Today, the Supreme Court of Canada will hear Telus Communications Company v. Her Majesty the Queen, SCC File No. 34252. The case will decide whether police will be permitted to bypass special privacy protections the Criminal Code provides against the interception of text messages. The argument is that because TELUS stores text messages passing through its system for the purpose of ensuring delivery, these messages are no longer 'in transit' and, hence, acquiring them is not an 'interception' and does not warrant the special Criminal Code protections in question.

    In its intervention in this case, CIPPIC argues that courts should not let narrow interpretations of provisions defeat important protections offered to constitutional rights such as privacy. Such provisions should be interpreted in a flexible manner that accounts for evolutions in communications delivery mechanisms. Temporary storage is a natural feature of evolved communications mechanisms such as text messaging, Email, and other web-based interactions. Temporary storage of this nature, particularly when undertaken by communications intermediaries such as TELUS, is typically considered part and parcel of the communications process. Storage for the purpose of message delivery should, therefore, be considered part of the message delivery process. While this may not provide special protection for communications that is in storage and in control of the user (a voice message, for example, or archived email), it does provide protection for communications stored by communications companies solely as part of the delivery process.

  • – 2012-07-13 –

    CIPPIC has been granted leave to intervene before the Supreme Court of Canada in Telus Communications Company v. Her Majesty the Queen, SCC No. 34252. The case involves the application of the general warrant power in order to force TELUS to hand over text messages not yet in its possession. TELUS' appeal challenges the use of general warrants in a manner that effectively amounts to an 'interception' and bypasses the special protections provided for 'interceptions' in Part VI of the Criminal Code, while the government argued that, since TELUS stores text messages on its servers for a number of weeks, access to these messages should not be considered a 'real-time interception'.

    In its motion for leave to intervene, CIPPIC argued that law enforcement should not be permitted to bypass important privacy safeguards designed to protect Canadian communications against unauthorized interception. The purpose of Part VI Criminal Code protections is to ensure that police co not leverage the mechanisms by which private communications are delivered to spy on Canadians unless there is strong reason to do so and other methods have been tried and have failed. Text messages are cached as part of the communications delivery process and caching, in general, is widely used in Internet transactions. If courts permitted superfluous caching to defeat the special protections provided against interception, it could have wide-ranging implications for the privacy of online interactions.

  • – 2012-04-18 –

    CIPPIC, alongside a broad coalition of U.S. and Canadian civil society groups, is participating in a week long protest against online spying in the name of cybersecurity. 'Stop Cyber Spying Week' is a response to the impending legislative enactment of a U.S. cybersecurity strategy that is excessively overbroad and will have serious implications for online privacy and expression.

    The development of an invasive U.S. cybersecurity strategy will have direct implications for Canadian civil liberties. We have, for one thing, committed to a 'Beyond the Borders' Initiative that seeks to harmonize Canada-United States approaches to a number of security issues, including cybersecurity. This means that a U.S. cybersecurity strategy adopted today may well become a Canadian cybersecurity strategy tomorrow. A comprehensive report published by the Rideau Institute in late 2011 suggests that the 'Shared Vision' espoused by the Canada-United States Initiative is very likely to involve a compromise on Canadian privacy. A Resolution issued last week by all of Canada's Federal/Provincial Privacy Commissioners expressed similar concern that programs adopted under the Initiative will lead to an unnecessary and unjustifiable loss of privacy for Canadians. All this does not bode well for Canadian privacy (or sovereignty) in general, but at the same time it makes the current U.S. cybersecurity debate particularly relevant to Canadians!