Each year, PEN International prepares a report assessing the state of freedom of expression in the country in which its congress is held. In October 2015, PEN International released a report on free expression in Canada ahead of the 81st congress in Québec City, Québec. Based on this briefing note, PEN Canada presents “Free Expression Matters” a series that breaks down free expression issues in Canada. In this fourth instalment we look at surveillance in the Canadian context and examine how the activities of government agencies can threaten the digital privacy of Canadians.
What does privacy and surveillance have to do with free expression?
In 2013, the UN Special Rapporteur on the right to freedom of opinion and expression wrote that interference in individuals’ privacy can limit the “free development and exchange of ideas.” For writers, the major concern is self-censorship. Will we explore controversial ideas online if the government can track our activity? Will we share our opinions in private e-mails if third-parties can access them?
In dealing with government agencies in Canada, the right to privacy is protected by:
- Section 8 of the Canadian Charter of Rights and Freedom which protects against unreasonable search and seizure and recognizes the expectation of privacy.
- The National Defence Act, which prevents the Communications Security Establishment from directing its intelligence or defence mandates at Canadians or people in Canada.
- The Privacy Act, which limits the collection, use, and disclosure of personal information by all federal departments and agencies.
Surveillance in Canada has become increasingly commonplace, and recent revelations have shown that Canadians and others have been surveilled under numerous programs with little oversight or transparency.
What Canadian agencies engage in activities that can threaten our digital privacy?
- Law enforcement agencies like police, border and correctional services – and even officers of Environment Canada and Canada Post –can request information from Internet Service Providers (ISPs) and other telecommunications companies for the purpose of an investigation. However, there has been a trend towards recognizing the importance of the right to privacy and the need for safeguards preventing the arbitrary collection of personal information:
- In April 2014, Canada’s Privacy Commissioner Chantal Bernier revealed that ISPs have disclosed a significant amount of information to the federal government and urged them to be more transparent about these disclosures.
- In June 2014, the Supreme Court of Canada barred ISPs from providing law enforcement agencies with the personal information of customers without a warrant. The court emphasized the importance of the right to privacy and the need for police to obtain a warrant for information except in mitigating circumstances.
- In January 2016, an Ontario Superior Court judge ruled that broad police search warrants forcing telecommunications companies to provide the cellphone records of thousands of customer’s are a breach of privacy and violates the Charter of Rights and Freedoms. The decision also specifies that police may only obtain a minimal amount of information about cellphone users relevant to their investigation.
- The Communications Security Establishment (CSE), which is a federal agency that supports the Canadian government by collecting “foreign signals intelligence”, protecting high-value digital networks, and assisting law enforcement agencies with their “unique technical capabilities.” The CSE is reviewed only by the Office of the CSE Commissioner and there is no judicial oversight over its powers. This absence of oversight has allowed the CSE to share information with other governments, monitor the downloads of millions of Internet users around the world, and mine communications for “metadata.”
What is metadata?
Metadata is data that describes data. For example, metadata collected from cellphone records could include the length of a call, the number called, and the location of the call – everything but the content of the call itself. Even without direct eavesdropping on conversations (which the CSE is permitted to do on any communication with a foreign contact), metadata can reveal significant amounts of personal information and can be misused by Canadian law enforcement agencies in the absence of judicial oversight.
What is Canada’s metadata surveillance program?
The government’s metadata surveillance program, though targeted at foreign communications, enables the CSE to capture and analyze metadata from every phone and Internet-based activity undertaken by Canadians. The program was renewed by ministerial directive in 2011, despite concerns raised in 2008 by the CSE Commissioner who stated that: “characteristics of contemporary communications technology mean that the interception of communications by CSEC runs the inherent risk of acquiring the private communications of Canadians.”
Have we seen threats to privacy in practice?
In 2014, documents retrieved by US whistleblower Edward Snowden revealed that the CSE used information from free wireless Internet services in major Canadian airports to track wireless devices of passengers for days after they left the terminal. The documents also confirmed the existence of an information-sharing agreement between CSE and the United States’ National Security Agency (NSA) that enables both agencies to circumvent laws that prohibit them from spying on their own citizens by sharing, without warrants, information each has gathered on the other country’s citizens.
In January 2015, documents from the Snowden leak showed CSE monitoring uploads and downloads of millions of Internet users across the globe. Code-named “LEVITATION”, the operation analyzes records of up to 15 million downloads every day. The CSE can search for specific IP addresses (your computer’s unique address) using tools from Britain’s GCHQ, track users’ online activity, and sometimes link the IP address to a specific Facebook or Google profile. Of the 15 million records collected daily, approximately 350 records are deemed “interesting.”
In the CSE’s 2014-15 annual report released in January 2016, Commissioner Jean Pierre Plouffe disclosed that certain types of metadata had not been properly “minimized” –i.e. stripped of Canadian identity information– before being shared with international partners. This was a result of technical deficiencies the CSE discovered 2013 during an internal review, after which the CSE stopped the flow of metadata to international partners. The report also found that the ministerial directive governing CSE’s collection, use, and disclosure of metadata lacks clarity and recommended that the agency seek a new directive. In a statement, Defence Minister Harjit Sajjan stated that although the “privacy impact was low,” the CSE will not resume information sharing until he is satisfied that “effective systems and measures are in place.”
What actions, if any, has the federal government and/or the CSE taken to minimize threats to the privacy of Canadians?
In January 2014, US President Barack Obama publicly announced reforms to the NSA in response to the Snowden revelations. By contrast, the Canadian government made no attempt to increase CSE’s transparency and accountability until recently. The bill C-51 anti-terrorism legislation passed in June 2015 grants the CSE significant new powers, allowing it to access information collected by other government agencies including the Canada Revenue Agency and Health Canada. However, in 2016, in addition to the CSE’s suspension of information sharing with international partners and stated pursuit of more effective systems, Public Safety Minister Ralph Goodale stated that the federal government is in the process of reviewing its security intelligence operations and is committed to introducing new parliamentary oversight of intelligence agencies.