After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.
While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.
The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.
My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill. Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.
The post Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks appeared first on Michael Geist.
The Supreme Court of Canada issued its decision in R. v. Fearon today, a case involving the legality of a warrantless cellphone search by police during an arrest. Given the court’s strong endorsement of privacy in recent cases such as Spencer, Vu, and Telus, this seemed like a slam dunk. Moreover, the U.S. Supreme Court’s June 2014 decision in Riley, which addressed similar issues and ruled that a warrant is needed to search a phone, further suggested that the court would continue its streak of pro-privacy decisions.
To the surprise of many, a divided court upheld the ability of police to search cellphones without a warrant incident to an arrest. The majority established some conditions, but ultimately ruled that it could navigate the privacy balance by establishing some safeguards with the practice. A strongly worded dissent disagreed, noting the privacy implications of access to cellphones and the need for judicial pre-authorization as the best method of addressing the privacy implications.
Earlier this year, Canada and the European Union announced that they had reached agreement on sharing airline passenger name record data. The data shared includes names, addresses, and credit card numbers of airline passengers. The agreement was signed in June (video of the signing here), but approval from the European Parliament was required. In light of growing privacy concerns, that approval has proven more difficult to obtain than previously anticipated.
Rather than simply grant approval, the European Parliament has narrowly voted to send the agreement to the European Court of Justice for review to ensure that it is compliant with European law including EU treaties and the European Charter of Rights and Freedoms (the final vote was 383 to 271 with 47 abstentions). The resolution notes that the European Data Protection Supervisor (effectively the Privacy Commissioner for the EU) issued an opinion in September 2013 that questioned the necessity and proportionality of agreements to transfer passenger information between jurisdictions. The EDPS opinion features an extensive review of the agreement and raises pointed questions about specific provisions along with numerous recommendations for reform.
The decision means that the Canada – EU data sharing agreement will be delayed by at least one to three years while the court conducts its review. The review will raise several important privacy issues including the effectiveness of exchanging passenger information in combating terrorism and the state of Canadian privacy law. The European Court of Justice has already struck down the European Data Retention Directive, suggesting that this agreement could also face tough scrutiny.
The post Canada – European Union Data Sharing Agreement Sent to EU Court of Justice for Review appeared first on Michael Geist.