In this special edition episode of our Data Subjects podcast, we revisit our Policing Info World conference. On May 23, 2019, we co-hosted a conference that explored the data behind crime, law enforcement, and surveillance. Along with department of criminology at Kwantlen Polytechnic University and the BC Civil Liberties Association, we heard from experts in law enforcement, academia, and the legal profession.
As this was a full-day conference, this episode is very long. Please see the show notes below to find the time codes and descriptions for specific panels and panelists.
This conference wouldn’t have been possible without the support of our sponsors: CUPE BC, News Media Canada, and Web exPress.
Panel 1: Data and New Surveillance Modes and Capacities
Moderator: Mike Larsen (Professor and Co-Chair, Department of Criminology, Kwantlen Polytechnic University, FIPA President)
Michelle Davey (Superintendent, Investigative Support Services, Vancouver Department)
Dr. Wade Deisman (Associate Dean, Faculty of Arts, Kwantlen Polytechnic University)
Josh Paterson (Executive Director, BC Civil Liberties Association)
Panel 2: Data and Predictive Policing
Moderator: Dr. Carroll Boydell (Instructor,Department of Criminology, Kwantlen Polytechnic University)
Ryan Prox (S/Constable, Crime Analytics Advisory & Development Unit, Vancouver Police Department)
Mike Larsen (Professor, Department of Criminology, Kwantlen Polytechnic University)
Panel 3: Data and Bias-Free Policing
Moderator: Sara Neuert (Executive Director, BC Freedom of Information and Privacy Association)
Dylan Mazur (Community Lawyer, BC Civil Liberties Association)
Michelle A. Cameron (Advisor / Investigator, the University of British Columbia)
Panel 4: Data and the Border
Moderator: Mark Hosak (Director of Community Engagement, BC Civil Association)
Peter Edelmann (Immigration Lawyer, Edelmann and Company Law Offices)
Meghan McDermott (Staff Counsel, BC Civil Liberties Association)
We’ve been hearing from a lot of
British Columbians who are concerned about sharing their Social Insurance
Number (SIN) with the Ministry of Finance in the administration of the new
Speculation and Vacancy Tax.
The Social Insurance Number is a sensitive piece of personal information that should only be provided under very specific circumstances. The concern from the public centers around the justification of the provincial government in asking for this information.
In order to provide more information to the public, we’ve reached out to the Ministry of Finance about where they draw the authority to request SINs, why they are necessary in the administration of the new tax, and how this information is going to be kept secure.
What follows is a response from the Ministry of Finance:
Authority to Collect SIN:
Social Insurance Numbers (SIN) are fundamental to British Columbia and Canada’s taxation system. The Speculation and Vacancy Tax Act, subsection 64(1) authorizes the administrator to collect information from property owners through the annual declaration in order to administer the act. Requiring personal information, including the SIN, is necessary for the administrator to determine tax liability, identifying whether property owners pay income taxes in Canada and whether an individual may be eligible for a tax exemption or BC tax credit.
Why the SIN is being collected:
The collection of SIN is crucial to identify whether home owners pay tax in Canada and to confirm residency information. This information is relevant to ensure individuals that live in their home, and are eligible, receive the principal residence exemption. In addition, residency information is required to determine the amount of tax an individual is subject to, and, if applicable, the amount of speculation and vacancy tax credit an individual may receive.
How information is kept secure:
The SIN is one piece of personal information that is collected through the online declaration application. eTaxBC is the online secure government application that is used for the declaration process. All information entered into eTaxBC is encrypted at the time of entry. Once a SIN is collected it is masked and the ability for employees to view the number is controlled by security access on a need to know basis. The personal information that is collected under the Speculation and Vacancy Tax Act is protected in a manner consistent with the BC Government’s Information Security Policy, Federal Security Standards, and provisions of the Freedom of Information and Protection of Privacy Act.
He then put forward two concepts he deemed to be main pillars of the current state of privacy: Surveillance Capitalism as discussed in Shoshana Zuboff’s new book and Bernard E. Harcourt’s study on the Expository Society.
“Privacy is a collective good. Thinking about the perils that privacy faces right now requires us to think about privacy as a democratic good.”
– Mike Larsen
The two ideas were both entirely unsurprising, yet undeniably unsettling. While the monetization of data has become fairly well-known (and seemingly accepted), Larsen disputed the belief that the collection of our digital footprint is dedicated solely to economic means like marketing and advertising. I heard noticeable gasps from around the audience when he delved into the other side of surveillance, the one we don’t talk about enough: prediction of behaviour, political sentiment, and voting practices – and information such as these can open the possibility for the steering and manipulation of the public.
discussion on the Expository Society veered towards a more academic vernacular,
the subject in its most basic nutshell did hit close to home. It is essentially
a critique on how the digital age and the dawn of social media have changed our
habits, how we have become more incentivized and inclined to share personal
information in public spaces, which in turn builds copious amounts of
about the safety of our data was a sentiment that Vonn echoed in her
discussion, stating that we create more data than most places, but
unfortunately, “we can’t really protect it.” Vonn also delved into sovereignty
and transparency, citing the lack of ability to hold government bodies
accountable, relative to the amount of access government has to our personal
information. As for tips and solutions, Vonn proposed a tactic she admittedly
described as unpopular – go analog. A self-confessed Luddite, Vonn spoke of the
security measures created by simply leaving devices like laptops (and yes, even
phones) at home when travelling or crossing the US-Canada border.
only celebrate Data Privacy Day once a year, the discussion it generates allow
for issues surrounding data, surveillance, and privacy to permeate our general
discourse. And while the meaningful action that we seek can come so few and far
between, these discussions do represent a small victory. At the end of the day,
we want as many people talking and caring about these issues. After all,
privacy is a collective good.
As of December 3rd, 2018, one week following the publication of this blog post, and a couple of weeks after more than 400 Canadians exercised their privacy rights and requested their personal information through an OpenMedia campaign that FIPA assisted with, Statistics Canada has announced that they are suspending their practice of obtaining personal credit records from TransUnion and are delaying their plans to access the banking details of 500,000 Canadians.
When I heard that Statistics Canada had been accessing the credit scores of Canadians, I wanted to find out if I was affected. I filed a request under the Privacy Act for “any records or data related to me that was received by Statistics Canada from TransUnion,” which is one of Canada’s two credit bureaus.
As someone interested in privacy and privacy rights, I was curious as to why Statistics Canada would be interested in my personal financial information and how they would safeguard it.
The letter I received confirmed that Statistics Canada had, in fact, accessed my complete credit history. It was apparently protected though; the letter went on to explain that any personal information that could identify me had been scraped from my financial information. They had only recombined the information and re-identified me in order to fulfill my request (Click on the image to the below right to read the full letter).
Then they tucked these sensitive records, which contain my complete credit profile, into an envelope, attempted to close it with two pieces of scotch tape, and sent it to me in the mail.
Two pieces of scotch tape.
Forget for the moment that I had asked for electronic copies of my records and that Statistics Canada made a choice to print this sensitive financial information and send it through the mail.
Please also forget that the envelope was addressed to the wrong person.
Because I’m able to open the package, read the letter from Statistics Canada detailing the importance of safeguarding my personal financial information, flip through several pages that contain my Social Insurance Number, birth date, address, contact information, all of my banking information, including available credit, debts, accounts, balances, and more—and then I’m able to seal the envelope closed again with those same two pieces of scotch tape.
I would never know if this envelope had been opened prior to arriving at my residence.
If Statistics Canada does, in fact, take privacy seriously and does believe that it can responsibly hold the detailed and sensitive financial records of Canadians, then it needs to be able to comply with the Privacy Act in a way that doesn’t mean sacrificing privacy. That is the tragically ironic position that Statistics Canada finds itself in.
Here is one possible solution that Statistics Canada could consider employing as an additional “essential security measure”: Send an encrypted CD-ROM through the mail and provide a password in a separate letter or through email. This two-step authentication method means that anyone who interrupts the original package won’t have access to the sensitive records that Statistics Canada holds.
It would also mean providing access to the records through the means that I had initially requested.
But Statistics Canada made a choice about how they were going to respond to the request that I made through the Privacy Act. In doing so, they both fulfilled my request and put my privacy at tremendous risk. Perhaps, they were trying to send a message: Don’t bother us about our security measures if you want your data to be kept safe.
But alas, there is a saying that goes something like, “Attribute not to malice what can be attributed to incompetence.” This example illustrates why Statistics Canada shouldn’t have access to the sensitive financial information of 500,000 Canadians.
In era where trust in public bodies is eroding, and progressive technologists look towards adopting decentralized models like block chain, our government needs to be rebuilding trust. For Statistics Canada, that starts with taking decisive steps towards protecting the privacy of Canadians, of doing the fundamental work to earn the trust of its stakeholders.
And, quite frankly, two pieces of scotch tape won’t cut it.
Bryan Short is the Program Director at BC FIPA. He holds a master’s degree in Journalism and a bachelor’s degree in English Literature from the University of British Columbia.