Electronic Surveillance

Electronic surveillance, given its low-cost/high efficiency and broad-ranging nature, is potentially the most insidious form of surveillance available. 'Lawful Access', a deceptively innocuous term given to the government's attempts to expand its power to spy on Internet activity by removing traditional safegaurds on its ability to use electronic surveillance. It does so by providing new ways by which law enforcemet and other state agents can lawfully access and intercept online activity and information. CIPPIC is working with other groups and individuals concerned about increasing government surveillance to assess and respond to the Canadian government's "lawful access" proposals. CIPPIC is concerned that attempts to update 'lawful access' capabilities are far from targeted and will have serious detrimental impact on Canadians' civil liberties.

Litigation

PIPEDA Complaints

Law Reform

The Supreme Court of Canada issued its long-awaited decisions in R v Marakah, 2017 SCC 59 and R v Jones, 2017 SCC 60 today, issuing a strong statement on the protection of privacy in digital contexts. The decision held that text messages continue to enjoy constitutional protection even after they are received by their intended recipient, meaning the state cannot bypass constitutional protections simply by directing its search to the recipient's cell phone, social media account or service provider. As CIPPIC argued in its interventions [Marakah, Jones], the decisions being appealed adopted a formalistic approach to concepts such as 'control' and 'access' which apply robustly in the physical world (who controls the data at the time of access, from what location is the data accessed) but have minimal bearing on privacy expectations in digital spaces. By contrast, the majority of the Supreme Court adopted a broad analysis of the privacy interests at stake, with outgoing Chief Justice Beverley McLachlin emphasizing the choice of a private conversation medium (i.e. text messaging) as driving the privacy analysis, concluding that "... privacy in electronic conversations is worthy of constitutional protection. That protection should not be lightly denied." Indeed, as McLachlin, CJ, explains on behalf of the majority in Marakah, the choice of a private messaging medium is, in and of itself, an exercise of effective control, underpinning privacy expectations in electronic messages that extend to their recipient. The choice to engage in a private electronic conversation creates a context where the sender can reasonably expect the messages to remain secure against the eyes of the state.

Image Credit: Matt Karp, CC-BY-NC-ND 2.0, May 7, 2010, Flickr

CIPPIC has helped organize letters from over 40 prominent individuals and organizations supporting Chelsea Manning's legal team in its bid to reverse her refusal of entry into Canada. As CIPPIC points out in its own letter of support, the whistleblowing activities which formed the basis for Ms Manning's sentence in the United States have been integral to debates surrounding many matters of public interest—including a casual disregard for civilian life in the Iraqi and Afghanistan wars and a program of extra-judicial assassination targeting senior Taliban and Al-Qaeda officials. These disclosures could not be shown to have caused any direct damage, and Ms Manning's sentence for her crime of conscience has since been commuted by former US President Barack Obama. Refusing Ms Manning entry into Canada on the basis of her conduct is an injustice that should be reversed. The campaign was spearheaded by independent researcher Lex Gill. CIPPIC's letter can be read here: https://cippic.ca/uploads/20171012-LT_GoC_re_Chelsea_Manning.pdf

Image credit: CC-BY 2.0, Jackie: Flickr

CIPPIC joined the BC Civil Liberties Association, Dr. Christopher Parsons and Privacy International in writing to Canada's two primary national security oversight bodies, SIRC and the CSE Commissioner. Drawing on an analysis of human rights transparency obligations, the letter notes recent efforts by these two bodies to examine cross-border data sharing arrangements entered into by the two agencies they oversee, CSIS and CSE, respectively. It then poses a few questions regarding the oversight bodies' respective abilities to find out about and assess information sharing arrangements, and regarding the processes by which information-sharing arrangements are formed. The letter constitutes the Canadian instance of an international campaign that sent comparable requests to national security oversight bodies in over 40 countries around the world. The objective is to gain a clearer picture of international data flows between national security agencies, and to establish a dialogue with national security oversight bodies on this matter. Read the letter here: https://cippic.ca/uploads/20170913-LT_re_intel_sharing_agreements-CA.pdf

CIPPIC joined a number of civil society groups in a submission outlining concerns regarding a proposition by the Council of Europe to adopt a second protocol to its Cybercrime Convention with the objective of lowering current safeguards in place when law enforcement agencies seek access to data stored in foreign countries. The submission, which was spearheaded by our friends at EDRi, establishes a number of preliminary baseline requirements for any international instrument aiming to facilitate cross-border law enforcement access to data. While only a starting point, some of the minimum requirements in the submission will surely need to be addressed if the proposed second protocol is to have the legitimacy and global adoption its authors hope. These include:

  • Limiting the second protocol to addressing gaps left by a reformed MLAT regime
  • The need for competent and independent judicial authorization as a centre-piece to any cross-border data access regime
  • The data hosting state must be notified when a foreign law enforcement agency accesses data hosted within its territory
  • A right to challenge foreign data requests in the country of the affected data subject, and by that country's standards.

In addition, as pointed out by the Electronic Frontiers Foundation in a comment on the second protocol, the proposal should not operate to lower existing protections such as Canada's prohibition on sharing digital identifiers without judicial authorization or the United States' requirement for probable cause-based production orders. Finally, the letter calls for a prohibition on data localization laws that are imposed without any privacy justification, for the primary objective of imposing often arbitrary and invasive surveillance obligations. For example, Russia has been taking increasingly aggressive steps in compelling global online platforms to host Russian data locally to facilitate invasive surveillance and censorship practices.

A letter was sent today on behalf of coalition comprised of 83 leading organizations and experts from Australia, Canada, New Zealand, the United Kingdom and the United States to their respective governments in reaction to renewed state calls for measures that would effectively weaken encryption. The letter responds to a ministerial meeting of the five governments' respective security officials hosted in Ottawa earlier this week, where possibilities for facilitating increased state access to encrypted data were discussed.

The ministerial occurred under the auspices of the 'Five Eyes' - a surveillance partnership between intelligence agencies within the five countries, including Canada's Communications Security Establishment (CSE). It generated a joint Communique, which presented encryption as a serious barrier to public safety efforts and an impediment to state agencies wishing to access the content of some communications for investigative reasons.

The coalition letter, which was organized by Access Now, CIPPIC, and researchers from Citizen Lab, called on the Five Eye governments to "respect the right to use and develop strong encryption" while urging broader public participation in future discussions such as the one that occurred earlier this week. Strong and uncompromised encryption has never been more important, as it protects our most sensitive data, our increasingly critical online interactions, even the integrity of our elections.

Last month, Public Safety Canada followed through on commitments to review and consult on Canada’s national security framework. The process reviews powers that were passed into law following the passage of Bill C-51, Canada’s recent controversial anti-terrorism overhaul, as well as invite a broader debate about Canada’s security apparatus. While many consultation processes have explored expansions of Canada’s national security framework, the current consultation constitutes the first modern day attempt to explore Canada’s national security excesses and deficiencies. Unfortunately, the framing of the consultation demonstrates minimal direct regard for privacy and civil liberties because it is primarily preoccupied with defending the existing security framework while introducing a range of additional intrusive powers. Such powers include some that have been soundly rejected by the Canadian public as drawing the wrong balance between digital privacy and law enforcement objectives, and heavily criticized by legal experts as well as by all of Canada’s federal and provincial privacy commissioners. The government’s framing of the issues are highly deficient. Specifically, the consultation documents make little attempt to explain the privacy and civil liberties implications that can result from the contemplated powers. And while the government is open to suggestions on privacy and civil liberties-enhancing measures, few such proposals are explored in the document itself. The consultation documents also fail to provide detailed suggestions for improving government accountability and transparency surrounding state agencies’ use of already-existent surveillance and investigative tools. 

In light of these deficiencies, we will be discussing a number of the consultation document’s problematic elements in a series of posts authored in conjunction with Christopher Parsons at the Citizen Lab, beginning with today's installment (after the jump, or in PDF format) regarding the government’s reincarnation of a highly controversial telecommunication subscriber identification power.

Agents of the State

In a submission filed with the Senate Committee on Legal and Constitutional Affairs in May 2007 on Bill C-31, CIPPIC objected to the expansion of personal information used for secondary purposes without the consent of electors. Under the Act, Elections Canada is required to share names and addresses from the National Register of Electors with political parties for fundraising and other campaign purposes. Bill C-31 would have added date of birth to the lists of electors shared for these purposes.  As a result of opposing to this proposal by the Privacy Commissioner of Canada and CIPPIC, sharing of date of birth was removed from the bill before it was passed by the House of Commons.

Privacy in domain name registration (CIRA & ICANN)

In response to planned outsourcing by the British Columbia government of certain database administrative duties to a U.S.-linked company, the British Columbia Privacy Commissioner invited public input by August 6, 2004 on the extent to which the USA Patriot Act allows US authorities to access the personal information of British Columbians, and the implications of such access for public body compliance with privacy legislation.

New information and communication technologies such as the Internet, email, cellphones, and encryption offer individuals new ways to communicate, organize, and engage in criminal behaviours, creating challenges for law enforcement agencies in their efforts to investigate and prosecute criminal activity. On the other hand, these same technologies provide authorities with access to potentially vast amounts of personal information on individuals.

CIPPIC staff discuss issues arising from proposed lawful access legislation.

R v Fearon, 2014 SCC 77, SCC File No 35498

Chehil/MacKenzie v. Her Majesty the Queen, S.C.C. FIle Nos. 34524 & 34397

Telus Communications Company v. Her Majesty the Queen, 2013 SCC 16

PIPEDA complaint that Canada.com's decision to outsource storage of customer emails to the United States failed to provide an adequate level of protection by exposing those emails to the risk of police access through invasive surveillance powers.

Canadian Banks and SWIFT

Bill 622: CSEC Transparency & Accountability

On February 14, 2012, the federal government once more introduced a legislative package of lawful access bills: Bill C-30Protecting Children from Internet Predators Act

Lawful Access (Bills C-50, C-51 & C-52)

Government reintroduces online spying legislation (Winter 2010)

In an open letter to the House of Commons Standing Committee on Access to Information, Privacy and Ethics, CIPPIC and a number of civil society organizations voice serious concerns with respect to Bill C-29, currently before the House and scheduled for second reading early next week. The Bill, ironically dubbed the 'Safeguarding Canadians' Personal Information Act', proposes a number of amendments to Canada's federal privacy protection statute, PIPEDA. Far from improving privacy, the Bill threatens to erode civil liberties in serious ways. Even where it attempts to improve privacy, it falls short by failing to provide any incentive for compliance.

The most troubling elements of the Bill pave the way to a dramatic expansion in the ways in which private businesses can be used in investigations against their own customers. While privacy should never be a bar to legitimate investigations of actual wrongs, the law provides mechanisms such as warrants, production orders, mandatory disclosure laws, and discovery processes that ensure investigations can occur with proper safeguards in place. This Bill essentially bypasses all of these safeguards by adding and expanding exceptions that permit organizations to simply give away their customer's information and includes elements evocative of the US PATRIOT Act and all the civil liberties violations that accompanied it.

Canada's 2010 Digital Economy Consultation

Bills C-46 & C-47, collectively the 'lawful access' or 'online surveillance' legislation, introduced on June 18, 2009.

Public Safety Canada consultations on online surveillance legislation (Fall 2007)

On November 15, 2005, the federal government introduced Bill C-74, the Modernization of Investigative Techniques Act (MITA), "an act to compel all telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number." Note that this bill does not introduce new Production Orders, Preservation Orders, or other Criminal Code amendments that are described below as part of the broader package of "Lawful Access" proposals on which the government has been consulting.

Department of Justice consultations on electronic surveillance legislation, March 2005