Mr. Toews,
Thank you for your email and the additional information. If however, what you say is true, I wonder why the privacy commissioners and ombudsmans’ offices of every Canadian province and territory as well as the Federal Privacy Commissioner would be so concerned about this Bill? For your information, I have reproduced below the March 9, 2011 letter to your Deputy Minister, William V. Baker from the 13 Privacy Commissioners.
Today it was reported in the Toronto Star through its web site “thestar.com” that an Ontario man discovered a Global Positioning System tracking device attached to the underside of his vehicle. When he reported it to the Ontario Provincial Police, it was found that an Ontario company, Kore Wireless, had provided the device and supporting technology on contract to a US Company, US Fleet Tracking of Oklahoma, who as a matter of policy refused to tell the name of its end-user client. The police apparently could do nothing. Some might argue that spying on Canadian citizens by foreign companies is in fact a form of international terrorism that your department ought to be taking steps to eliminate.
Aside from the massive public objection to internet evesedropping in all its forms, when the Canadian government argues for “modern tools” such as covert internet surveillance and the use of cellular phones as tracking devices, what sort of message are you, as a member of the government, sending to private investigators? It seems that the attitude is developing amongst these professional snoops that it is “open season” on any Canadian citizen who “needs” to be spied upon. Public Safety Canada, I would argue should be about increasing the security and personal privacy of law abiding Canadians’ rather than lessening it. Public Safety Canada should be telling everyone that surveillance of law abiding citizens is totally unacceptable and that nobody, be they the government or a private company or individual may violate such an essential right without some mighty serious arguing before a judge.
Telling the public to simply trust in their government, coming from a political reform movement that, while in opposition, took every opportunity to admonish Canadians to in fact NOT trust the government, seems to ring quite hollow now that it is you who are in power. Even if Canadians did trust the government, which I do not think is automatically the case regardless of what party holds the most seats, what should we do if someone else forms government in a few years and inherits the enormous power that you will have have granted to whomsoever may be in charge?
No, with all due respect, Mr. Toews, I do not trust anyone to protect my privacy through legislation such as Bill C-30 (formerly Bill C-52) and other similar bills especially when the experts, the “watchdogs,” those who have been specifically hired to examine such things on the public’s behalf federally and in every province and territory, are telling the public to beware.
Sincerely,
Gary Schoenfeldt
Letter to Public Safety Canada from Canada’s Privacy Commissioners and Ombudspersons on the current ‘Lawful Access’ proposals
Privacy Commissioner of Canada Jennifer Stoddart, along with all provincial and territorial privacy guardians, have sent a letter to the Deputy Minister of Public Safety Canada regarding the privacy risks stemming from the government’s current initiative to amend the legal regime governing the use of electronic search, seizure and surveillance. Copies of the letter, dated March 9, 2011, were also provided to members of the House of Commons Standing Committee on Public Safety and National Security, as well as the House of Commons Standing Committee on Justice and Human Rights.
March 9, 2011
Mr. William V. Baker
Deputy Minister
Public Safety Canada
269 Laurier Avenue West
Ottawa, Ontario
K1A 0P8
Dear Mr. Baker:
As a group, Canada’s Privacy Commissioners remain concerned about the government’s current lawful access initiative, in particular Bill C-52, the Investigating and Preventing Criminal Electronic Communications Act. We held a teleconference on January 18, 2011 to discuss the issue and would like to relay the substance of that dialogue. While we understand the legitimate needs of law enforcement and national security agencies, as well as their challenges in the context of new information technologies, we would like to bring to your attention the following concerns about the absence of limits on the access powers, the wide scope of information required to be collected and provided by telecommunications companies without a warrant and the inadequacy of internal controls and the legislative gaps in the oversight model.
The overall lawful access initiative
Read together, the provisions of Bills C-50, C-51, and C-52 (augmented by changes in Bills C-22 and C-29) would substantially diminish the privacy rights of Canadians. They do so by enhancing the capacity of the state to conduct surveillance and access private information while reducing the frequency and vigour of judicial scrutiny. In essence, they make it easier for the state to subject more individuals to surveillance and scrutiny.
While we understand the need for law enforcement and national security agencies to function effectively in the context of new information technologies, in our view, it would be misleading to suggest that these bills will simply maintain capacity. Taken together, the proposed changes and new powers add significant new capabilities for investigators to track and search and seize digital information about individuals.
It is also noteworthy that at no time have Canadian authorities provided the public with any evidence or reasoning to suggest that CSIS or any other Canadian law enforcement agencies have been frustrated in the performance of their duties as a result of shortcomings attributable to current law, TSPs or the manner in which they operate. New powers should be demonstrably necessary as well as proportionate. Ultimately, even if Canadian authorities can show investigations are being frustrated in a digital environment, all the various powers that would be granted to address these issues must be subject to rigorous, independent oversight.
The Investigating and Preventing Criminal Electronic Communications Act (Bill C-52)
Clause 16 gives unrestricted access to subscriber data records held by telecommunications firms. We are concerned that the proposed powers are not limited in any fashion. The privacy oversight community in Canada has expressed reservations, in a joint resolution by all of Canada’s privacy commissioners signed after the original tabling of similar bills in 2009. A copy of this resolution is attached.
We are concerned that clause 16 of Bill C-52 would give authorities access to a wide scope of personal information without a warrant; for example, unlisted numbers, email account data and IP addresses. The Government itself took the view that this information was sensitive enough to make trafficking in such ‘identity information’ a Criminal Code offence. Many Canadians consider this information sensitive and worthy of protection, which does not fit with the proposed self-authorized access model.
Currently, under section 487.013 of the Criminal Code, investigators require judicial authorization to seek client information like name, address or account numbers from a financial institution or commercial entity. As you are aware, clauses 16 and 17 of C-52 provide law enforcement, CSIS, and Competition officials with warrantless access to “subscriber information” held by telecommunications companies. In our view, law enforcement and security agency access to information linking subscribers to devices and devices to subscribers should generally be subject to prior judicial scrutiny accompanied by the appropriate checks and balances.
Lack of appropriate oversight
We are also concerned by the oversight model. Clause 20(4) sets out audit powers for the federal Office of the Privacy Commissioner (OPC) which already exists in section 18 of the Privacy Act. Without additional resources to the OPC, however, this additional statutory provision does not augment existing oversight.
In addition, we believe the auditing and reporting safeguards should be strengthened. In relation to internal audits required under clause 20 (2), the requirement that law enforcement and security agencies report to “the responsible minister of anything arising out of the audit that in their opinion should be brought to the attention of the minister” should be subject to an objective standard. Agencies should be expressly required to report any collection, use or retention practices that do not appear to be necessary to the duty or function for which they were originally obtained.
Respective roles of the federal, provincial and territorial privacy offices
From our perspective, in relation to oversight, perhaps even more problematic is clause 20(6) which creates an obligation for the federal Office of the Privacy Commissioner to “report on the powers that they [public officers] have to conduct audits similar to those referred to in subject clause 20(4) with respect to police services constituted under the laws of their province.” While the OPC has jurisdiction over the Royal Canadian Mounted Police, this provision does not adequately address the issue of those municipal or provincial police services that are not subject to the jurisdiction of a provincial or territorial privacy office or the OPC.
Nor does the Bill resolve the legislative gap in jurisdictions where privacy officers do not have the powers necessary to audit compliance by provincial and municipal police forces. These gaps are evident in many jurisdictions. While recognizing that the federal Office of the Privacy Commissioner could exercise its audit provisions over the RCMP, this issue still strikes the provincial and territorial commissioners as a significant concern at the local level. Certainly it raises risks for privacy and diminishes the value of meaningful, timely review.
We are also concerned that very few of our organizations have been consulted in this process, particularly given the review role we are being asked to perform, flowing from clause 20 (3)(c). To this end, we would insist that the relevant federal officials reengage with provincial Offices of the Attorney-General or territorial equivalents. This should lead to a more open dialogue with the provincial commissioners on these issues.
Conclusion
We have collectively made a number of recommendations in our 2009 resolution for legislators to consider as they approach the individual pieces of legislation involved in the initiative. We believe that there is insufficient justification for the new powers, that other, less intrusive alternatives can be explored and that a focussed, tailored approach is vital. In our view, this balance has not been achieved.
To remedy these shortcomings, we suggest certain gaps need to be addressed. Provincial and territorial privacy officers would ask that the federal Privacy Commissioner, in reporting to Parliament on the adequacy of audit and investigation powers, should also be expressly authorized to report on whether privacy officers consider themselves to have adequate resources to conduct the necessary audits and reviews. As above, the federal government must commit to working with provincial and territorial governments to ensure that all of the relevant privacy officers have sufficient powers and resources.
It is our intention to provide Parliament and the public with further analysis and assistance with respect to the global privacy effect of proposed lawful access legislation. We also believe that the regulatory and reporting aspects of the initiative need to be as open and transparent as possible.
We appreciate your consideration of these concerns.
Sincerely,
Original signed by
Jennifer Stoddart,
Privacy Commissioner of Canada
signed by M. Munn (for F. Work)
Frank Work, Q.C.,
Information and Privacy Commissioner of Alberta
signed by E. Denham
Elizabeth Denham,
Information and Privacy Commissioner for British Columbia
signed by I. Hamilton
Irene Hamilton,
Ombudsman for Manitoba
signed by A. Bertrand
Anne E. Bertrand, Q.C.,
Access to Information and Privacy Commissioner of New Brunswick
signed by E. Ring
Ed Ring,
Information and Privacy Commissioner for Newfoundland and Labrador
signed by E. Keenan Bengts
Elaine Keenan Bengts,
Information and Privacy Commissioner for the Northwest Territories and
Information and Privacy Commissioner for Nunavut
signed by D. McCallum
Dulcie McCallum,
Freedom of Information and Protection of Privacy Review Officer for the Province of
Nova Scotia
signed by A. Cavoukian
Ann Cavoukian, Ph.D,
Information and Privacy Commissioner of Ontario
signed by M. MacDonald
Maria C. MacDonald,
Information and Privacy Commissioner of Prince Edward Island
signed by J. Chartier
Me Jean Chartier,
Président de la Commission d’accès à l’information du Québec
signed by R.G. Dickson
R. Gary Dickson, Q.C.,
Information and Privacy Commissioner of Saskatchewan
signed by T.A. McPhee
Tracy-Anne McPhee,
Ombudsman and Information and Privacy Commissioner of Yukon
c.c.: Chair, House of Commons Standing Committee on Justice and Human Rights (JUST)
Chair, House of Commons Standing Committee on Public Safety and National Security (SECU)
__________________________________________________________
—– Original Message —–
From: vic.toews.c1@parl.gc.ca
Sent: Tuesday, February 21, 2012 7:41 PM
Subject: RE: Stop Online Spying
Thank you for contacting my office regarding Bill C-30, the Protecting Children from Internet Predators Act.
Canada’s laws currently do not adequately protect Canadians from online exploitation and we think there is widespread agreement that this is a problem.
We want to update our laws while striking the right balance between combating crime and protecting privacy.
Let me be very clear: the police will not be able to read emails or view web activity unless they obtain a warrant issued by a judge and we have constructed safeguards to protect the privacy of Canadians, including audits by privacy commissioners.
What’s needed most is an open discussion about how to better protect Canadians from online crime. We will therefore send this legislation directly to Parliamentary Committee for a full examination of the best ways to protect Canadians while respecting their privacy.
For your information, I have included some myths and facts below regarding Bill C-30 in its current state.
Sincerely,
Vic Toews
Member of Parliament for Provencher
Myth: Lawful Access legislation infringes on the privacy of Canadians.
Fact: Our Government puts a high priority on protecting the privacy of law-abiding Canadians. Current practices of accessing the actual content of communications with a legal authorization will not change.
Myth: Having access to basic subscriber information means that authorities can monitor personal communications and activities.
Fact: This has nothing to do with monitoring emails or web browsing. Basic subscriber information would be limited to a customer’s name, address, telephone number, email address, Internet Protocol (IP) address, and the name of the telecommunications service provider. It absolutely does not include the content of emails, phones calls or online activities.
Myth: This legislation does not benefit average Canadians and only gives authorities more power.
Fact: As a result of technological innovations, criminals and terrorists have found ways to hide their illegal activities. This legislation will keep Canadians safer by putting police on the same footing as those who seek to harm us.
Myth: Basic subscriber information is way beyond “phone book information”.
Fact: The basic subscriber information described in the proposed legislation is the modern day equivalent of information that is in the phone book. Individuals frequently freely share this information online and in many cases it is searchable and quite public.
Myth: Police and telecommunications service providers will now be required to maintain databases with information collected on Canadians.
Fact: This proposed legislation will not require either police or telecommunications service providers to create databases with information collected on Canadians.
Myth: “Warrantless access” to customer information will give police and government unregulated access to our personal information.
Fact: Federal legislation already allows telecommunications service providers to voluntarily release basic subscriber information to authorities without a warrant. This Bill acts as a counterbalance by adding a number of checks and balances which do not exist today, and clearly lists which basic subscriber identifiers authorities can access.