The question of online reputation

In 2015, the Office of the Privacy Commissioner of Canada chose “Reputation and Privacy” as one of its priority areas for the next five years. The OPC wanted to examine the risks “stemming from the vast amount of personal information posted online”, with the goals of enriching the public debate, ensuring they can advise Parliament effectively, and developing their own policy position on the issue. To that end, they put out a discussion paper and a call for input on online reputation and privacy.

FIPA agrees that online reputation is a hugely important subject—it affects our employability; our relationships with friends, family, and acquaintances; our connection to our younger selves; our ability to create online communities or participate in existing ones, and come together to advocate for ourselves; and our ability to learn about people in powerful positions and hold them to account—and we decided to weigh in.

We are, after all, an organization that often deals with the intersection of information freedom and the right to privacy.

So, building on the ideas and principles of set out in an earlier submission about privacy and open courts, and with an eye to our organizational values, our online reputation submission strives to paint a picture of what is needed—and what should be avoided—to allow Canadians to have control of information about them, to prevent and reduce information-based harm, and to ensure reputational privacy enhances—and does not impede—free association and democratic free expression. And we tried to keep it brief.

We started by looking at existing protections—laws, social norms, market solutions, and even online architecture—and proposed a few ways to fill in the gaps. We talked about public education that takes a rights-based approach to online reputation, higher standards for social networks’ privacy controls (including privacy protective default settings), and legislation that specifically targets problematic behaviour.

We also took a stab at what a “right to be forgotten” could look like in Canada, urging great caution and making a handful of broad recommendations.

You can see it all here, in the Policy Submissions and Letters section of the FIPA website.

Read more from the May 2016 Bulletin »

FIPA talks ATI reform with Commons Committee

FIPA was back in Ottawa earlier this month, once again talking about reform of the ancient Access to Information Act. This is something we have done going back to the last century, with very little to show for our efforts to-date.

There is a difference this time, however, because the minister responsible for the Act, Treasury Board President Scott Brison, has promised legislation this fall or early in 2017 to bring in some ‘quick wins’ for ATI, followed by a full review of the Act in 2018 (one year before the next federal election).

Recognizing what the government has imposed by way of a time-limited consultation process and legislative agenda, we dealt with a limited number of recommendations in detail in our submission, but urged the Committee to look at the dozens of other recommendations we made to the Information Commissioner during her 2012 consultation.

The government’s proposals include some restatements of what the Liberal Party promised during their election campaign, but some new elements have been added.

For example, the federal Liberals promised during the election to provide the Information Commissioner with order-making power, (similar to what we have long had here in BC). However, the proposals are now raising the possibility that the orders could be subject to an override by ministers . They have also floated the idea that government departments be given the power to bar requesters by claiming their requests are frivolous or vexatious.

Another issue: there is nothing in the government’s proposals about eliminating the exclusions in the Act, the most notorious being the exclusion of anything claimed to be a Cabinet document from review by either the Commissioner or the Federal Court.  We pointed out that the number claims of Cabinet confidences have increased dramatically over the last few years, and that if nothing is done to close this “information black hole”, the improvements to ATI will be undermined.

Also missing from the government’s proposals is a legislated duty to document. We pointed out to the Committee members that their equivalents in the BC Legislature—those reviewing the provincial access legislation—had just recommended the government put a duty to document into law. We urged them to follow suit at the federal level.

Hopefully the Committee will take our words and those of other witnesses to heart. Their report on recommended changes to the Act is expected to be released before the summer break.

Read more from the May 2016 Bulletin »

To surveil and protect (records from the public)

The VPD may or may not be engaging in mass cell phone surveillance

 Do you know if the Vancouver Police Department (VPD) is using surveillance tools to spy on peoples’ cell phone activity? Chances are you don’t, and neither do we. That’s because the VPD has refused to confirm or deny the existence of records relating to the use of IMSI-catchers, commonly known as Stingrays, in response to an FOI filed by PIVOT Legal Society.

FIPA has joined the BC Civil Liberties Association and OpenMedia as intervenors in an appeal filed by PIVOT to the B.C. Office of the Information and Privacy Commissioner.  We are all arguing that the records must be disclosed under FIPPA.

Stingrays are a surveillance tool used by police that mimic cell phone towers, essentially tricking cell phones to transmit their locations, identifying information, texts, emails and voice conversations. The controversial use of Stingrays by police in the United States has been well-documented.

Stingrays can’t single out a suspect’s phone and therefore gather information from all cellphones in a given area. The devices could be used to store data on citizens that could be searched at a later date, raising concerns about an increase in the already high number of cases where police break privacy rights by illegally accessing individuals’ private records.

Irrespective of concerns that Stingrays could facilitate warrantless police surveillance or other privacy rights violations, Innovation, Science and Economic Development Canada (formerly Industry Canada) has not granted authority to security agencies to use surveillance-dragnet devices that target cellphones.

The VPD argued, under sections 8 (2) and 15 (1)(c) of FIPPA that it would “neither confirm nor deny the existence of records” regarding Stingrays on the basis that the release of records would “harm the effectiveness of investigative techniques and procedures currently used, or likely to be used, in law enforcement.”

FIPA argued that PIVOT is entitled to the information because the sections of FIPPA cited by the VPD do not apply.  The VPD would have had to argue that simply disclosing the existence or nonexistence of the responsive records related to the use of Stingrays would somehow cause harm to law enforcement.

The fact, however, that Canadian police may be using Stingrays is well-publicized and could be assumed by anyone committing a crime. The level of detail in the request – do these records exist or not? – is quite different than a targeted request that would facilitate potential criminal acts, such as the type of undercover police cruisers used and their capabilities.

If this interpretation is upheld by the Office of the Information and Privacy Commissioner, it could apply to virtually any type of police equipment. The result could be not only an absurd level of secrecy within the police force, but a deficit in terms of accountability and oversight. FIPA will continue to speak out on the case due to its implications for privacy breaches and warrantless police surveillance, as well as the need for judicial oversight governing the use of this technology.

Read more from the May 2016 Bulletin »

Charges laid for the cover-up of the Triple-Delete scandal

Back in October, the BC Information and Privacy Commissioner released a scathing report on the destruction of email records related to missing women on the Highway of Tears.

This was the result of an investigation initiated after a former executive assistant to BC’s Minister of Transportation wrote the Commissioner a letter stating that he was ordered by another staffer—former ministerial assistant George Gretes—to “triple-delete” records responsive to a Freedom of Information request.  The Commissioner investigated, and found that the ministry did indeed contravene the Freedom of Information and Protection of Privacy Act (FIPPA) in ways that seriously “threaten the integrity of access to information in British Columbia.” Commissioner Elizabeth Denham said “It is difficult to overstate the seriousness of the problems my office discovered.”

No charges were laid for the deletion of the now-unrecoverable Highway of Tears records—a shortcoming of the current FOI regime with which the Commissioner, FIPA, and a number of other groups have taken issue—but on March 11th, Gretes was charged for giving false testimony under oath during the investigation. Denham’s report summarizes this discovery:

After initially testifying under oath that he did not engage in the practise of “triple deleting” emails, George Gretes ultimately admitted that he did in fact engage in this practice.

 The Commissioner has referred this case to the RCMP for investigation, including Gretes’ failure to tell the truth under oath.

The Criminal Justice Branch originally announced Gretes’ court date as April 20th, but that has since been rescheduled to June 1st – a date that, as journalist Bob Mackin noted, falls after the scheduled end of the spring sitting of BC’s Legislature.

While it is good to see that Gretes will have to face justice for willfully making false statements to attempt to mislead the Information and Privacy Commissioner, we remain severely disappointed that there are no legal consequences for improper destruction of email records.

The Government Information Act, passed only one year ago, changed the law in a way that eliminated penalties for government staff who improperly destroy documents.

FIPA, among others, has been calling on the government to not only re-introduce these penalties, but to also create a positive “duty to document” government decisions and actions. And we appear to have British Columbians’ support: An Ipsos poll commissioned by FIPA and released in February shows that 96% of British Columbians believe it is important that government officials be legally required to keep accurate, complete records of what they do on the job. A further 84% think government officials who interfere with access to information rights should face penalties (with 12% stating they don’t know).

The deletion of the Highway of Tears email records is not a case of “one bad apple”; it is a serious escalation of the growing—and deeply disturbing—trend of government avoiding its legal obligation to release information.

Gretes will face penalties for false testimony, but the real crime is that there are no charges for the improper destruction of records.

Read more from the May 2016 Bulletin »