Electronic Surveillance - News

  • – 2015-06-05 –

    Monday, June 15, at 6pm CIPPIC, Amnesty International Canada & the Ottawa Public Library will host a free public screening of CitizenFour. The documentary explores how former National Security Agency contractor Edward Snowden approached reporters Laura Poitras (who also directed the Academy Award winning documentary), Glenn Greenwald and others with a treasure trove of classified documents exposing the shear unprecedented scope and magnitude of the NSA's monitoring of the world's digital activities. This, in turn, launched an international debate about the protection of privacy in the digital age and the appropriate role of our foreign intelligence agencies.

    Today marks the two year anniversary of the day the Guardian first reported on an NSA program that mandated Verizon and other US-based telecommunications companies to hand over metadata on all phone calls (domestic and foreign) on a regular basis in order to populate a metadata base that it could data-mine at will as part of its foreign intelligence program. The story sent ripples around the globe, and last week the US congress greatly restricted it by limiting the NSA's surveillance powers for the first time in decades. But the expansive metadata program, it turned out, was just the tip of the iceberg as a string of revelations from Snowden's files followed, each more staggering than its predecessor and confirming privacy advocate's worst predictions (CJFE hosts a searchable archive of these). We have also learned much about Canada's complicity (by its participation in the Five Eyes intelligence partnership with the US, UK, Australia & New Zealand) in creating this global web of surveillance. The film is a must-see for any privacy advocate, as well as for anyone who wants to learn about Snowden's experience or how our communications networks are monitored. Join us June 15! More details after the jump or download the event flyer

  • – 2015-04-30 –

    CIPPIC, OpenMedia and Canadian Journalists for Free Expression have released a primer on Bill C-51, the government's latest initiative to expand its state security apparatus. As the primer explains the Bill, which has been opposed from broad segments of Canadian society, signals a dramatic new direction for Canadian security. Presented as anti-terror legislation, the Bill adopts an excessive approach that will harm online innovation, political discourse and our civil liberties. It will reverse Canada’s rich multicultural heritage and replace it with an atmosphere of fear, distrust and racial profiling – where neighbours are encouraged to turn on neighbours on the basis of ‘reasonable fears’. The Bill was drafted and defended in an atmosphere openly hostile to civil liberties, and this is reflected in every element of it. One element of the Bill even seeks to allow our spy agencies to violate the Charter of Rights and Freedoms – our most vital protection against egregious state intrusion into our lives. It signals a return to a time when our security agencies were empowered to carry out dirty tricks against our citizens – and did so with impunity.

    It fails to address long standing and well-documented problems with Canada’s already excessively broad security powers, the misuse of which has led to the torture, detention, flight restriction and privacy invasion of many innocent Canadians since they were introduced post 9/11. Innocent Canadians’ lives have been ruined. This Bill not only fails to remedy those flaws, it replicates and expands the underlying problems without adding any meaningful safeguards to ensure the expansive powers it grants will not be similarly abused. It is little wonder that few who have carefully examined the Bill can fully support it in its current form. In spite of this, the government is currently rushing the Bill through not just one house of parliament, but both.

  • – 2015-01-29 –

    Data Privacy Day (a.k.a. Data Protection Day) 2015 marked a range of developments - some good, some bad, all significant. Data Privacy Day is celebrated annually to commemorate the world's first data protection treaty: the Council of Europe's Convention 108. This year, the day began with a series of startling revelations from CBC, which released documents acquired through former NSA Analyst Edward Snowden detailing a comprehensive electronic surveillance program that monitored various file upload sites around the world. The program, implemented by Canada's foreign intelligence agency, CSEC, involved combing through its comprehensive meta-data-bases in order to identify individuals uploading or accessing 'questionable' documents on sites such as MegaUpload and Rapidshare. Visitors to such documents are then subjected to intense meta-data-scrutiny in order to find their identity through such things as Facebook and email login cookies. Aside from the millions of documents tracked by the program daily, the program demonstrates an immensely invasive capacity that can emerge from mere analysis of the metadata held by CSEC and its Five EYEs partners. Far from acknowledging these concerns, we expect more of the same, with State promises to introduce expanded lone wolf surveillance powers this Friday.

    Some tentatively promising developments from APEC also came this week. CIPPIC had endorsed a letter sent by a number of privacy groups in late December pointing to several issues with APEC's certification of TRUSTe as an accountability agent capable of overseeing compliance with APEC obligations for the purpose of receiving personal data transfers from other APEC member states such as Canada. This week, APEC and TRUSTe addressed a number of the concerns, but left a few (particularly those relating to conflicts of interest between TRUSTe board members and some of the commercial organizations it is tasked with overseeing) outstanding. In brighter news, the Mexican data protection authority announced it would be officially signing the International Principles on the Application of Human Rights to Communications Surveillance (IPAHRCS-es for short!), designed to provide comprehensive suggestions on how to conduct electronic surveillance in a targeted and privacy respective manner. The IPAHRCS have now been endorsed by over 480 international organizations, experts and government officials. An eventful data privacy day, for better or worse!

  • – 2014-12-11 –

    The Supreme Court of Canada issued its decision in R. v. Fearon, 2014 SCC 77, today, which addressed whether law enforcement could indiscriminately search the mobile devices of individuals upon arrest. Whereas the Charter requires prior judicial authorization based on reasonable grounds in most instances, law enforcement are granted more latitude when searching individuals under arrest. The question in Fearon (and in a similar appeal heard by the United States Supreme Court around the same time - Riley v. California, 134 St.Ct. 2473 (2014), was whether this broad rule should be applied to mobile devices given the rich amounts of information contained on these devices. In its intervention, CIPPIC argued that the breadth of the power to search on arrest combined with the ubiquitous use and far-ranging data contained on mobile devices will leave few instances where law enforcement cannot rummage through cell phones.

    While acknowledging the high privacy interest in mobile devices requires limiting access on arrest to situations where an immediate investigative purpose exists, a split decision of the court provided wide latitude for law enforcement to scour mobile data receptacles on arrest in many if not most instances. This is because, as noted by the dissent, mobile devices are implicated in most of our activities, so law enforcement will almost always be able to advance a general prospect that such a device might yield evidence of a witness, co-conspirator, or object of crime. Similarly, as noted by the dissent, while not each search of a mobile device will reveal sensitive information, the knowledge of an impending search is likely to have a chilling effect and, in those instances where an invasion occurs, there will not be an opportunity to remedy the issue ex post. In spite of this, the majority found that law enforcement objectives must prevail. The decision appears at odds with a string of supreme court decisions upholding additional protections for data receptacles, as well as with the United States. In the US, a concern for officer safety and the need to prevent destruction of evidence has, historically, motivated a search on arrest rule as broad as Canada's, but as the US Supreme court recently found in Riley/Wurie​, this rule does not extend to mobile devices.

  • – 2014-07-31 –

    CIPPIC attempted to intervene at the Federal Court of Appeal on a matter that raises many fundamental issues arising from the ability of Canadian intelligence agencies to make use of the extensive -- and arguably unconstitutional -- practices of foreign intelligence partners such as the U.S. National Security Agency (NSA) and the UK Government Communications HeadQuarters (GCHQ). The proceeding, an appeal of a decision issued by Justice Mosley of the Federal Court last December, has been shrouded in secrecy due to the important national security interests it is examining. This secrecy has made it difficult for CIPPIC to attempt intervention in a timely matter and its request for directions regarding any such intervention arrived too late in the proceeding. CIPPIC will continue to monitor this file as it is likely to make its way to the Supreme Court of Canada.

  • – 2014-06-18 –

    Bill C-622, the CSEC Accountability and Transparency Act, introduced today by Joyce Murray, (Liberal-Vancouver Quadra), seeks to address a number of the many problems inherent in the surveillance activities of Canada's foreign intelligence signals agency, the Communications Security Establishment of Canada (CSEC). CSEC currently operates largely on its own, subject only to broadly-frame authorizations and directives from the Minister of National Defence (MND) and non-binding oversight from the CSE Commissioner. While the Bill fails to substantially restrict CSEC's mass harvesting of Canadians' data by imposing disciplined surveillance practices, it does make meaningful progress on the long list of CSEC-related problems that need to be addressed, by:

    • Removing the MND's capacity to authorize interception of Canadians' private communications. Such authorization can only come from a judge following an adversarial proceeding;
    • Adopting an inclusive definition-Protected Information-which unambiguously includes all data associated with communications, including metadata, not just content;
    • Imposing stricter limits on how long CSEC can retain Canadian data that is incidentally collected in its surveillance activities, however the MND may override these limits under certain conditions; and
    • Removing CSEC's ability to conduct 'classes of surveillance activities', but retaining its capacity spy on 'classes of persons' without any need for reasonable grounds.

    In addition, the Bill enhances transparency and oversight by establishing a non-partisan parliamentary oversight committee and requiring the CSE Commissioner's annual report on CSEC activities to include greater detail. More after the jump.

  • – 2014-06-10 –

    A comprehensive report was issued today which examines the technical and policy response to foreign intelligence problems highlighted by the unique window into the operation of such agencies that has been provided by whistleblower Edward Snowden over the past year. The report, which focuses mostly on developments at the national level within 18 countries (there is also one EU-wide section and one section that examines the private sector), points to a strong shift in perception and growing acknowledgement and concern over foreign intelligence activities. However, in spite of this concern, it points to minimal tangible changes to date across surveyed countries (aside from the United States, where some nascent changes have already taken root).

    This is perhaps not surprising -- while the Snowden revelations have certainly shined a light on foreign intelligence activities around the world, the primary focus of these documents has been the activities of the US-based NSA. In addition, while reporting on the leaks began one year ago, the staged release of these revelations has meant that a complete picture has only emerged in the past few months. It is, then, perhaps unsurprising that most changes to date have occurred in the United States or at the international level. The report was generated by privacy scholar Simon Davies. CIPPIC, in conjunction with Christopher Parsons (Citizen Lab) and Micheal Vonn (BCCLA), provided the Canada chapter.

  • – 2014-05-30 –

    A large coalition of Canada's leading privacy experts and civil society groups wrote to Prime Minister Stephen Harper Friday regarding the federal government's increasing failure to protect the privacy of Canadians. The letter points to the government's efforts to increase the ability of law enforcement and other state agencies' ability to exploit new technologies in order to invade Canadians' privacy (pointing specifically to Bill C-13, currently being rushed through parliamentary committee under the guise of 'cyber bullying' legislation), while steadfastly refusing to address long-standing privacy problems raised by the same technological developments. The letter specifically points to the unchecked surveillance activities of Canada's foreign intelligence agency, CSEC, and the steadfast refusal to update ageing but central privacy and transparency statutes as indication of some of the long-standing privacy problems the government has refused to act on. It calls on the government to take its review of the privacy-invasive elements of Bill C-13 seriously, and to establish a commission to examine privacy and state surveillance in the digital age. Finally, the letter decries the controversial nomination of a government official as Privacy Commissioner of Canada, a nomination which was made in direct contradiction to the government's own own selection committee. Specifically, the letter noted the problematic timing of this appointment, which arrives at a time when fundamental decisions that will affect the privacy of Canadians for decades are being made and leaves Canada without a privacy watchdog to weigh in on these formative debates.

  • – 2014-05-28 –

    A comprehensive legal analysis of human rights obligations with respect to electronic surveillance has been released by the Electronic Frontiers Foundation and Article 19. The report was generated in support of the International Principles for the Application of Human Rights to Communications Surveillance (IPAHRCS), which represent an attempt to bring privacy protections into the digital age. The IPAHRCS also known as the "Necessary & Proportionate Principles" have been endorsed by over 470 civil society organizations, political parties, elected officials and privacy experts from around the world as well as by over 275,000 individuals, to date.

    The report sets out the human rights law basis for elements of the IPAHRCS, including the extra-territorial application of the obligations they impose, the extension of strong human rights protections beyond the 'content' of communications to include metadata and subscriber information, and the adoption of an all-encompassing definition of communications surveillance that does not permit artificial definitions to justify invasive surveillance activities. It also justifies a number of other substantive elements of the principles, such as the need for prior independent authorization, the need to notify individuals that their communications have been surveilled and the need for effective safeguards against communications surveillance in violation of human rights, including through strong whistleblower protections. A short summary of the IPAHRCS can be found here. CIPPIC co-authored and co-edited the report.

  • – 2014-05-23 –

    The Supreme Court of Canada heard R. v. Fearon, S.C.C. File No. 35298, today, an appeal in which Canada's highest court will examine the degree of privacy that can be expected in mobile devices. Typically, police are permitted to search through objects in a persons' possession for evidence related to the offence for which they are being arrested. This is a very broad rule, and the question is whether it should be applied 'as is' to moblie devices such as cell phones, tablets, wearable computing and perhaps even laptops. In its intervention, CIPPIC argued that these types of devices are capable of holding immense amounts of data and, moreover, are used to create and carry sensitive information of a type that individuals would only rarely have upon their person when being arrested in the pre-digital age: