A Preliminary Look at Bill C-59 and its Implications on Canadian Privacy Rights

By Natasha Anzik

 

The Liberals’ new national security legislation, Bill C-59, was tabled in the House of Commons on June 20th, 2017. The ten-part, 139-page legislation has taken a robust look at the current state of Canadian national security, proposing many changes and additions, but still leaves several gaps in the protection of Canadian privacy rights.

Last December the Asper Centre’s Privacy and National Security Working Group made a submission to the Department of Public Safety Canada and to the Department of Justice. This submission primarily dealt with the Charter implications of warrantless access to basic subscriber information, but also considered data retention and systems of review. Bill C-59 has also been criticized for its failure to address issues with regard to the Security of Canada Information Sharing Act, including its overbroad definition of security and the vast amount of information sharing permitted. While not discussed here, or as part of the Asper Centre’s submission, it is evidence of the breadth of issues that remain unresolved.

Basic Subscriber Information

The Asper Centre’s submission was made in response to Bill C-51 and the 2016 National Security Green Paper and called for several reformations to the accessibility of basic subscriber information (BSI) in order to be compliant with s. 8 of the Charter. BSI can simply be a name, address, telephone number, and matching an IP address. This seemingly unremarkable information, the working group argued, should be protected from warrantless access as the combination of this information can lead to inferences about an individual’s registered services, interests, organizational affiliations, and geographic location and therefore may engage one’s s. 8 Charter rights.

Issues were raised with respect to the Green Paper’s suggested lower evidentiary requirements for obtaining lawful access to BSI, and how this lower standard would run counter to the spirit of s. 8, which protects against unlawful searches. This argument was supported by the Supreme Court’s decision in R. v Spencer, which holds that subscriber information can carry a high expectation of privacy, and disclosure of this information is vulnerable to Charter challenges. As this decision was specific to Internet subscriber information, the working group recommended a consistent standard for the sharing, retention, and destruction of personal information across different platforms. Consistency across all law enforcement agencies would also help prevent backdoor information sharing. Another issue raised by the working group is that the metadata regime of the Criminal Code has historically been unclear, and interpreted to suggest that communications service providers can readily disclose subscriber information. The Asper Centre thus advocated for a federal law that clearly prohibits the voluntary disclosure of subscriber information by telecommunications companies, and requires judicial authorization for access.

The need for clarification of this area of law was echoed in the 2016 Green Paper. While the paper called for a clear law governing access to this information, Bill C-59 is notably silent on this issue. Although not considered now, its inclusion in the Green Paper suggests this issue will be addressed in future legislation, meanwhile this area of law will likely remain inconsistent and problematic for the privacy protection of Canadians.

While Bill C-59 does not address BSI specifically, the issue of access to information comes up in the regulation of the Communication Security Establishment’s (CSE) activities. The CSE is an intelligence network, focused on gathering information to protect Canada’s cyber security from external threats. The Bill provides for a large expansion of the powers of the CSE, but also provides several restrictions recognizing the potential for these expanded powers to engage the s.8 privacy rights of Canadians. One restriction includes limiting the CSE from directing their activities at Canada and people in Canada, but this does not prevent the agency from acquiring “publicly available information”, defined as information that can be made available upon request. Although the government argues that publicly available information would inherently have a lower expectation of privacy and therefore not engage s.8 of the Charter, this information could potentially include BSI that is voluntarily released by communication service provides. This allowance therefore could lead to privacy issues as described above. As the state of lawful access remains in flux, Canadians will remain vulnerable. These provisions will also be problematic in how they might inform the treatment of BSI in future legislation.

Systems of Review

One of the most prominent parts of the new Bill is its creation of the National Security and Intelligence Review Agency (NSIRA). The current system of review was an area of concern raised by the Asper Centre’s submission. The criticism focused on the limited powers of review allocated to the Privacy Commissioner and the review agencies for CSIS, the RCMP, and the CSE. This system not only creates a silo effect between agencies, but also demands increased resources and understanding to sufficiently oversee the mass of information in and between national security agencies. Bill C-59 addresses this issue and the need for increased accountability and public confidence in its creation of the NSIRA. Outlined in the Bill’s Charter Statement, the job of the NSIRA would be to “review and report in an integrated manner on the lawfulness of all national security and intelligence activities across government, thereby enhancing accountability, transparency and the safeguarding of human rights in Canada.” Part 2 of the Bill would also establish a quasi-judicial Intelligence Commissioner, who would review certain decisions regarding intelligence gathering. These new review systems seem promising in their ability to rectify the lack of broad oversight, to increase accountability, and to correct the current silo effect.

Data Retention

The Asper Centre’s submission also encouraged the establishment of a scheme of data retention that maintains a balance between Canada’s national security interests and privacy protections. The Asper Centre discouraged mandatory minimum retention schemes and unlimited information sharing between agencies, and argued that these data retention schemes should have a system of independent review for the use of information once obtained. Bill C-59 does not address this issue at length, but does allow the limited retention of datasets, which require judicial authorization that is valid for no more than two years. Dataset use must also be “strictly necessary”, and will be subject to review by the Intelligence Commissioner. While this change does not fully address all the concerns of the Asper Centre, it is a step forward in the establishment of a more robust scheme of information storage that hopefully will be refined to ensure further Charter compliance.

 

While this Bill has made strides with respect to the Asper Centre’s concerns, there are still some gaping holes with respect to the privacy protections afforded to Canadians. It seems unlikely that lawful access to basic subscriber information will be addressed in the passing of Bill C-59, as this was an issue at the attention of legislators as part of the Green Paper consultation process, but was actively excluded in the drafting of the Bill. Hopefully the review process of the Bill will lead to further clarification of the powers of the CSE in collecting information, how basic subscriber information relates to “publicly available information,” and may engage s. 8 of the Charter. These issues will have the potential to be raised to the Standing Committee on Public Safety and National Security this fall.

Natasha Anzik is the Asper Centre’s summer research assistant and an upcoming 2L JD Candidate at the Faculty of Law.

Professor Lisa Austin presented the Asper Centre brief to the Standing Committee on Access to Information, Privacy and Ethics

The submission, made on June 14, 2016 discussed how Privacy Act reform must take into consideration the Canadian Charter of Rights and Freedoms. The submission also made several recommendations to the Standing Committee.

The brief can be read here: Privacy Act Brief.