Two countries negotiating a perimeter security agreement can easily be compared to two individuals drastically redefining their relationship.
Without question, Canada and the United States are certainly neighbours. To some, a perimeter agreement means removing a fence; to others, it’s tantamount to a sort of marriage.
Regardless, before we take the plunge, we have to think about what we share and where we differ.
Without question, we have a lot in common. We’re both democracies with enshrined respect for human rights. Canadians and Americans both strongly value their privacy and realize its importance to the vitality of our democracies.
As things stand today however, some key legislative differences on privacy protection exist between our countries.
I want to explain these and show why, rather than jumping into a newly defined relationship with both feet, we should only do so with both eyes wide-open.
First of all, both of our countries have enacted legislation to protect citizens’ privacy from their governments.
The U.S. Privacy Act of 1974 fulfils this function for the federal government south of the border, while Canada’s Privacy Act of 1983 does so for Canadians.
The U.S. law includes safeguards to secure Americans’ personal information in the hands of the federal government, but these extend only to citizens and permanent residents.
Conversely, personal information held in Canada is subject to the protection of Canadian privacy law. That said, Canada’s Privacy Act is far from perfect and in need of modernization (as I’ve noted in the past).
Secondly, when it comes to protecting personal information in the private sector, there are American laws specific to certain sectors and the Federal Trade Commission’s consumer protection law provides some protection with regard to issues of fairness and deception.
Unlike Canada however, there is no overarching national legislation applying to the private sector as a whole.
In the Unites States a lack of private sector-wide coverage provides opportunities for commercial data brokers to assemble data bases.
Such databases are made available to subscribers, which include U.S. federal agencies. There are already several dozen fusion centers across the country doing precisely this sort of search and analysis every day.
Consequently, government authorities can access information from privately-held databases with no strings attached.
It’s also worth noting that the USA PATRIOT Act, enacted weeks after the 9/11 attacks, has the ability to circumvent sector-specific privacy protections to facilitate national security investigations. National security can be, and has been, defined quite broadly.
Thirdly, there is a vast difference when it comes to privacy oversight between our two countries. Law enforcement and national security authorities in the US simply do not operate under the privacy oversight structure that exists in Canada.
In Canada, my office reports directly to Parliament and not the Government, allowing autonomy in holding the Government to account.
In the United States there is no equivalent independent authority mandated to investigate privacy issues with regard to government data-handling.
While the Privacy and Civil Liberties Oversight Board could theoretically fulfill this function, it remains inoperative.
Finally, Canada’s approach to privacy centers on protecting individuals’ right to control their personal information except where limits can be demonstrably justified in a free and democratic society.
This is an approach which should not be compromised or watered-down in order to reach a perimeter security agreement.
This isn’t to say that Americans value privacy any less than Canadians. It’s just that our respective legislative frameworks to protect it are very different.
This all goes to say that if we compare a security perimeter agreement to a marriage and Canadian negotiators wish to enable Canadians to keep control of their personal information, a clear line on privacy needs to be written into a strong “pre-nup.”