Tuesday, March 31, 2015

In a commentary in the National Post, Prof. Lisa Austin and other experts warn that the Canadian government's proposed national security bill, C-51, poses a significant threat to privacy and will be able to bypass the provisions of the Privacy Act ("How C-51 undermines privacy," March 30, 2015).

Read the full commentary on the National Post website, or below.


How C-51 undermines privacy

By Lisa M. Austin, Benjamin J. Goold, Avner Levin and Andrea Slane

March 30, 2015

It is not a mystery why the federal government would not want to hear from the Privacy Commissioner of Canada during its hearings on Bill C-51. Part 1 of C-51 enacts the Security of Canada Information Sharing Act (SCISA). The government does not want Commissioner Daniel Therrien to draw attention to what these information sharing provisions are all about: Big Data — the mining, analyzing, and sharing of personal information held by the government to create databases and dossiers, to look for patterns and create profiles, to query in various ways.

And the government does not want the privacy issues that these practices raise to become the story. After all, the Conservatives know people care about their privacy, even using that to justify scrapping the mandatory long-form census a couple of years ago. The mantle of Big Brother is not one they want to pick up.

SCISA is not primarily about targeted surveillance, as the government claims. SCISA does not authorize one part of government to pass along information it reasonably suspects or believes concerns activities that undermine national security. SCISA permits any government institution to pass information to any of the 17 listed recipient institutions where that information is “relevant” to the national security responsibilities of the recipient. It also permits further disclosure “to any person, for any purpose” which can include our foreign partners. This low test of relevance to the recipient’s responsibilities, coupled with unrestricted disclosure and a broad definition of national security that goes far beyond terrorism, potentially sweeps up a vast amount of information about people who are not suspected of anything.

To put this in perspective, we should all recall the controversial U.S. phone metadata program, which aims to collect the phone metadata of all domestic calls in the U.S. This program has been authorized under s.215 of the Patriot Act, which allows the government to collect information “relevant” to “an authorized investigation.” SCISA, like the Patriot Act, can authorize bulk collection. This goes far beyond the concerns many have raised regarding the potential targeting of legitimate protesters. We are all potentially caught by Big Data.

The government claims that privacy is protected because the Privacy Act continues to apply to this information sharing. This is smoke and mirrors. The Privacy Act permits institutions to get out of the usual use and disclosure protections of the Act when authorized by another act of Parliament. SCISA is precisely that authorization. Its effect is to nullify privacy protection. The Privacy Act has never offered strong privacy protection in the context of national security given all of the exceptions that already apply. SCISA makes this worse, not better.

One of Public Safety Minister Steven Blaney’s talking points is that SCISA applies to information that is already in the hands of the government, as if that means this is not private information. The Supreme Court of Canada has repeatedly stated that individuals do not relinquish all of their privacy interests just by sharing information with the state. Subsequent uses and disclosures, between government institutions, and even with our foreign partners, can attract Charter scrutiny. SCISA ignores all of this.

The government claims that SCISA is its response to the recommendations from the Air India Inquiry. But that Inquiry was concerned with information sharing between a small number of institutions in the context of co-ordinating terrorist investigations, not information sharing that spans the entire government in the service of some broad and diffuse notion of national security. The Inquiry also called for mandatory sharing between CSIS and the RCMP to deal with turf wars. This is absent from SCISA. Also absent is any attention to the recommendations from the Arar Commission concerning the need to ensure the reliability and relevance of information that is shared with foreign powers or an obligation to use caveats to prevent further disclosures.

SCISA does not implement the Air India Inquiry recommendations, it ignores the Arar Commission, it guts the Privacy Act and disregards the Charter of Rights. In blocking the Privacy Commissioner from testifying, the government is hoping that Canadians will not figure this out.

We suspect most Canadians would prefer filling in the long-form census.