Huge win for privacy in Supreme Court, federal justification for online spying unconstitutional

Provincial private sector privacy laws will also be affected

The Supreme Court of Canada has blown away the underpinnings of the federal government’s online spying legislation, but the effects will be much wider.In a decision handed down last week, the Court found that contrary to the statements by a number of government officials and lawyers, the collection of IP address information and other metadata is a search, there is a reasonable expectation of privacy in the information being collected and that a warrant is required in order to allow Internet Service Providers to give that information to the authorities.This means the government’s proposed amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) Bill S-4, and the cyberbullying/online spying bill (C-13) are unconstitutional and will have to be rewritten.

The government and security services have justified their current and future mass surveillance by misinterpreting the meaning and importance of ‘metadata,’ despite several privacy experts and Commissioners pointing out that this type of data can reveal detailed personal information about Canadians including their medical history, political leanings, religious beliefs, sexual orientation, and financial state. The Supreme Court has now shown the critics were right.

Provincial privacy laws have similar provisions allowing for collection of personal information without consent, and those provisions are now of questionable constitutionality as well.

In a letter sent before the Supreme Court ruling, BC Information and Privacy Commissioner Elizabeth Denham highlighted concerns about the provincial law having similar problems to the federal legislation:

“The proposal in Bill S-4 has been the focus of some concern and sheds light on privacy issues in relation to the analogous provision in PIPA. Given the extent that personal information is available to some organizations in today’s digital world, there may be unintended consequences in providing authorization for personal information-sharing between organizations under such broad conditions.”

BC and Alberta both have their laws under review, and it is now imperative that these powers be scaled back.

FIPA has been active in this fight going back to the original lawful access proposals brought out at the turn of the century. Click on the links below for some of what we have been saying recently about this and other important privacy issues.

CBC clip

Joint op ed with BCCLA in Times Colonist

Huge Coalition unites to demand end to Spy Agency Cash Grab

FIPA is joining over 50 major organizations and tens of thousands of Canadians today in a new campaign to tell the federal government to stop wasting billions on Canada’s hugely expensive online spying apparatus. The campaign is part of a worldwide day of action against online spying called the Day We Fight Back, and is being launched on federal Budget Day. It is expected that MPs will be asked to approve the rapidly growing annual budget for Canadian spy agency CSEC (Communications Security Establishment Canada).

CSEC is expected to cost taxpayers over $460 million this year, well above earlier forecasts of $420 million. CSEC’s inflation-adjusted annual budget has more than doubled over the past decade. Taxpayers are also on the hook for over $4 billion to build and operate a new CSEC headquarters, described as “the most expensive government building ever built” and as a “spy palace”.

The groups speaking out are members of the Protect Our Privacy Coalition, which is working for effective legal measures to safeguard Canadians’ privacy from government spies. The coalition includes over 45 organizations from across the political spectrum, along with over a dozen leading academics, privacy experts, and tens of thousands of Canadians. Coalition members are launching a new tool (http://thedaywefightback.ca) to make it easy for Canadians to tell their MP to take a stand against CSEC’s online spying and wasteful spending

The larger global campaign includes prominent web platforms such as Reddit and Mozilla. More information about the international campaign can be found at http://thedaywefightback.com

CSEC has recently been the subject of a series of stunning revelations highlighting how it is systematically collecting the private data of thousands of law-abiding Canadians. The government and security services are trying to hide the mass surveillance of their own people by misinterpreting the meaning and importance of ‘metadata’. However several privacy experts and Commissioners have pointed out that this type of data can reveal detailed personal information about Canadians including their medical history, political leanings, religious beliefs, sexual orientation, and financial state.

If we can’t rein in this Cold War-era spying, let’s at least bring the laws they operate under into the 21st century.

Over 27,000 Canadians have pledged their support to a campaign aimed at stopping all illegal spying on Canadians, with more signing on every day at http://openmedia.ca/ourprivacy Join with us today and call on your MP to oppose this waste of our tax dollars on CSEC spying.

Groups ask for CSEC testimony to be taken under oath

In a letter sent to the Senate Defence Committee chair, BC FIPA called for the testimony of three senior intelligence officials to be given under oath when they appear before the Committee on Monday.

The letter, also written on behalf of OpenMedia, and the Samuelson-Glushko Canadian Internet and Public Interest Clinic (CIPPIC), is in response to revelations that Canada’s secretive spy agency CSEC has collected the private information of unsuspecting travellers at one of Canada’s major airports.

The documents show that for two weeks CSEC monitored members of the public who were using the airport’s free Wi-Fi system, and were then able to track these travellers for a week or more as their devices logged on to other Wi-Fi hotspots across Canada. In fact, the CBC reports that CSEC was even able to track these individuals ‘back in time,’ following them in the days leading up to their arrival at the airport.

This indiscriminate collection of Canadians’ information falls way outside CSEC’s mandate to collect foreign intelligence, and is clearly both illegal and contrary to statements by CSEC denying that the spy agency targets Canadians with its surveillance.

This is part of a pattern of intelligence agencies and other government officials in this country and elsewhere being ‘economical with the truth ‘about their activities.

The Senate Committee has the opportunity to do this by putting CSEC’s senior officials under oath.

Read FIPA’s letter to the Senate Committee here.

Government tries to hide return of online spying in ‘cyberbullying’ bill

This week Justice Minister Peter MacKay introduced Bill C-13; legislation that is being touted as a solution to the serious issue of cyberbullying, but which on closer examination seems to be little more than a carbon copy of the controversial Bill C-30 with a new title.

And Bill C-30 itself was a reboot of Bills C-50, 51, and 52, introduced in 2010. These were reintroductions of the same provisions in C-46 and 47 from 2009, and these bills were remarkably similar to C-74 from 2005. In short, various governments going back for over a decade have been trying to pass the same consistently rejected online surveillance legislation, and have offered up a range of timely justifications.

First this legislation was necessary to bring Canada in line with the Council of Europe’s Convention on Cybercrime. Then terrorism became the motivator, following the World Trade Centre attacks in 2001. Organized crime was also cited, and more recently, former Public Safety Minister Vic Toews claimed that increased online surveillance powers were necessary to stop child pornography (and that anyone not supporting the bill was therefore siding with child pornographers). And now online surveillance is being justified as an attempt to prevent cyberbullying.

The rationale changes but the legislation stays pretty much the same.

When the now all-too-familiar legislation was brought back last year in the form of Bill C-30, it was vehemently opposed by Canadians (including Conservative MPs), prompting then-Justice Minister Rob Nicholson to reassure the public that “We will not be proceeding with Bill C-30 and any attempts that we will continue to have to modernize the Criminal Code will not contain the measures contained in C-30.”

And yet that seems to be exactly what the government has done; much of Bill C-13 is almost a cut-and-paste of C-30. The major difference is that the overly broad surveillance provisions are rolled up with provisions dealing with a genuine problem (cyberbullying). Can we now expect Justice Minister Peter MacKay to stand in the House next week and declare ‘you can stand with us or you can stand with the cyberbullies’?

Although it goes against the government’s habits, this bill should be split up so we can have a full debate on both the cyberbullying provisions and the resurrected C-30 provisions. Not much has changed since we saw them the last time, but in case you’ve forgotten, here are the high/lowlights:

  • Production orders for transmission data (metadata) and location data can be made at a lower standard. This is concerning because metadata can be more sensitive than content in terms of what it reveals about us- it is the data that shows who we communicate with, when, where, for how long, through what medium, and how frequently, among a host of other things.
  • Private sector organizations are given immunity for offering voluntary assistance. This means that there is no reason for companies to decline to turn over user data voluntarily- even when no warrant is presented.
  • A lower standard is required to compel service providers to preserve customer communications. This is especially concerning when paired with private sector immunity, as once the information is collected, service providers could choose to voluntarily turn it over to police without a warrant.
  • The inclusion of software as an ‘unauthorized device’ that could be used to obtain a telecom service without payment. Far from preventing cyberbullying, this is clearly a very different kind of offense that is being lumped in.

The government has announced Bill C-13 will be given Second Reading next week, after which it will presumably go to committee.

It’s time for the House to split this bill, to allow for debate on measures to deal with cyberbullying to happen independently of the resurrection of overbroad online surveillance. Unless the government is afraid of what its own MPs might have to say about it…