Language selection

Search

From the Courts, to the Hill, to the Streets: Seeking an Appropriate Balance between Public Safety and Privacy

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Address given at the 22nd congress of the Association sur l’accès et la protection de l’information entitled “Making your mark”

Quebec City, Quebec
April 16, 2015

Address by Patricia Kosseim
Senior General Counsel and Director General, Legal Services, Policy, Research and Technology Analysis Branch

(Check against delivery)


Introduction

Thank you for the invitation to speak on the topic of the balance between public safety and privacy. Striking an appropriate balance between these interests has always been a core issue for the Office of the Privacy Commissioner of Canada and for our counterparts in Canada and around the world. But lately it has grown in significance, due largely to rapidly evolving technology and the emergence of Big Data.

While advances in information technology and processes such as analytics provide new tools for law enforcement and national security agencies to identify and suppress threats, they raise fundamental privacy challenges relating to accountability, governance and transparency.

Today I want to illustrate some of these challenges by focusing on developments in the Supreme Court of Canada, in Parliament and in local law enforcement agencies – from the courts, to the hill, to the streets.

In the Courts: R v. Spencer

The Supreme Court of Canada has long recognized the impact that emerging technologies can have on personal rights and liberties, including the right to be free from unreasonable search and seizure under section 8 of the Charter. 

Last June, the Supreme Court of Canada rendered an important decision which addressed the balancing of public safety and privacy on the Internet, recognizing how the rapid evolution of technology has made seemingly benign personal information (such as a customer’s name and address) more sensitive and more revealing than in pre-digital times.

The seminal decision of R. v. Spencer  laid out how and when the state should be permitted to access Internet subscriber information that can be linked to Internet activity.

The case arose out of a police investigation into possession and distribution of child pornography online.  Having identified an IP address associated with suspected  online sharing of child pornography, police sought to obtain the subscriber information associated with that specific address from the Internet Service Provider (Shaw Communications).  The Court held that the accused had a reasonable expectation of privacy in that subscriber information, and that absent exigent circumstances or a reasonable law, police needed a warrant to obtain such information in the circumstances.

I won’t get into all the specifics of that decision here today, but I would like to highlight some of the more fundamental points.

First, the Court confirmed that one of the components of “informational privacy” as protected by section 8 of the Charter includes anonymity which permits individuals to act in public places while preserving their freedom from identification and surveillance.  “The mere fact that someone leaves the privacy of their home and enters a public space does not mean that the person abandons all of his or her privacy rights...”, wrote the Court.  Even beyond physical space, anonymity in virtual space can be particularly important.  Citing an earlier Ontario Court of Appeal decision in Ward, the Court held that anonymity on the Internet is “essential to the individual’s personal growth and the flourishing of an open and democratic society.” For the Court, a defining characteristic of some types of Internet usage is that “the communication may be accessible to millions of people but it is not identified with its author.”

Second, the Court held that there was a reasonable expectation of privacy in the subscriber information at issue.  The information sought by the police was not merely a name and an address as you would find in a telephone book, as the Crown argued, but rather, was the very key linking a specific person to specific online activities, including searching and browsing activities that may have been undertaken by an individual anonymously. Such information was capable of revealing sensitive details about the user, thereby engaging significant privacy interests which, depending on the context, can attract constitutional protection.   

Although sympathetic to the Prosecutor’s argument that recognizing anonymity interests could promote a crime-friendly space on the Internet and risk impeding the effectiveness of law enforcement, the Court was not swayed by it.  Using this case as an example, the police had ample opportunity to obtain a production order before asking Shaw to provide the subscriber information corresponding to the observed activity.  For the Court, the case was not about whether the accused had a legitimate privacy interest in concealing his use of the Internet to access child pornography, but instead, “whether people generally have a privacy interest in subscriber information with respect to computers which they use in their home for private purposes.”

At the time the decision was handed down, we were in the midst of a review of the RCMP warrantless access requests to telecommunications companies.  Due to limitations in the RCMP’s information management systems, we were unable to determine how often the RCMP had up until then collected subscriber data without a warrant. Following the decision, senior officials at the RCMP informed us that it would ensure its practices were in line with the ruling.  As a result, our review was halted. While what we learned was limited, we used this as an opportunity to call upon the RCMP and other federal institutions to properly document and report on access requests. As Commissioner Therrien noted, “Canadians want and deserve to have a clearer picture of how, when and why federal institutions are collecting personal information.”

On the private sector side, some prominent Canadian telecommunication service providers changed their policies following the Spencer decision.  While a few had already begun producing annual transparency reports to shed light on the number and types of access requests they receive, others committed to follow suit.  In general, our Office sees these actions as very positive developments towards greater openness and transparency.  And, we are working with organizations to carry forward this momentum even further.

For example, we are currently working with key federal departments and telecommunications and Internet service providers to develop a consistent approach for annual reporting of lawful access requests.  We hope to arrive at uniform reporting categories and common terminology that can be compared across sectors, between companies and over time.  This would provide Canadians with reliable data and analyses about what happens to their personal information and allow them to make  informed choices  when selecting products and services that could implicate their privacy. 

On the Hill – Bill C-51

I would now like to take us up Wellington Street, from the Supreme Court building to Parliament Hill.  Striking an appropriate balance between public safety and privacy is also the focus of debate surrounding the proposed Anti-Terrorism Act or Bill C-51.

The tragic incidents in St-Jean-sur-Richelieu, Ottawa, Paris and Sydney provide a sombre backdrop to the legislation and underline even more the importance of protecting public safety. Yet the debate centers on the appropriate limits and oversight of the broad powers that would be given to the state to effectively counter threats to the national security of Canada.

As some of you may have read or seen, Commissioner Therrien has expressed serious concerns about the potential impact upon the privacy of all Canadians in the draft legislation, concerns that have been echoed in legal, policy and privacy communities.

Our Office’s concerns arise primarily from Part 1 of C-51 which proposes to enact the Security of Canada Information Sharing Act. This would permit any federal department or agency to share any or all personal information they have about any or all Canadians with 17 federal organizations if deemed “relevant” to “activities that undermine the security of Canada”-- a term which itself is very broadly defined.  Furthermore, the 17 receiving agencies could retain this information indefinitely, which sets the grounds for a broader surveillance of all Canadians using big data analysis, and the creation of risk profiles to identify potential security threats among the population. 

For example, historically, tax information held by the Canada Revenue Agency has been highly protected. But, under the proposed Bill, tax information could be broadly available to these 17 departments and agencies if CRA officials, who are not intelligence experts and operate without the benefit of any third-party oversight, disclose such information on the belief  that it is “relevant” to the detection of a security threat. Or consider personal information about young persons originally collected for a specific purpose such as travel or public health purposes.  It could conceivably now be shared among the 17 entities and data mined with a view to identifying those youth vulnerable to radicalization.

As now proposed, Bill C-51 could potentially create a web of interlocking information – one that  could affect any Canadian – not just terrorist suspects. It opens the door to collecting, analysing and potentially keeping forever personal information of any or all Canadians in efforts to find virtual needles in ever-expanding haystacks, all without establishing a proper governance context to review these new information-sharing tools and powers.

Our written submission to the Commons Committee on Public Safety and National Security recommended that C-51 should be amended to:

  • Raise the threshold for information sharing between departments from mere “relevance” to the national security mandate, to “necessity” or “proportionality” in detecting actual or suspected threats to Canada’s security;
  • Set clear limits on how long information is to be kept, with an obligation to destroy information that is not necessary or proportionate;
  • Ensure that all 17 entities are subject to independent review by an expert body, not only the three national security agencies that currently have dedicated, specialized review agencies;
  • Legally require written information-sharing agreements among the 17 departments and agencies that clearly set out agreed-upon rules and parameters for how personal information should be used and disposed of. 

The Commissioner will appear before the Senate Standing Committee on National Security and Defence on April 23rd to present his view on Bill C-51.

On the Street: Body-Worn Cameras

From the Supreme Court of Canada and Parliament Hill, I now shift to the streets in the heart of our towns and cities. The key challenge remains the same – striking the appropriate balance between public safety and privacy. One contemporary issue that highlights the importance of getting this balance right is the growing use of body-worn cameras by police officers, which can record high-quality video and sound. This is especially relevant in the context of recent incidents which unfolded in the United States.

Body cameras are intended to record police interactions with members of the public. In the vast majority of cases, the recordings will contain personal information and therefore will be subject to privacy laws across Canada.

In February, our Office along with our provincial and territorial counterparts collectively released a guidance document intended to help law enforcement agencies develop policies and procedures for the use of body-worn cameras. We recognize that there may be benefits of body-worn cameras such as a reduction in the use of force by or against officers and in the number of public complaints or accusations from either side. As well, body-worn cameras can enhance accountability of police officers, bolster public trust, and collect evidence for use in Court proceedings.

Our guidance calls upon law enforcement agencies to evaluate whether the expected benefits outweigh the impact on privacy and whether a demonstrable operational need is being fulfilled before widely using body-worn cameras in a particular context.  We have also recommended the use of pilot projects and privacy impact assessments as useful means of weighing the benefits of body-worn cameras against the privacy risks and mitigating those risks accordingly. 

An important decision in any such program is whether the cameras should operate continuously or whether officers should be able to turn them off and on. Indeed, the less time the cameras are turned on, the less personal information they will collect. However, we are also mindful of the need to ensure for accountability reasons that officers cannot simply turn them off as it suits them.

Other privacy considerations include notifying the public that the cameras are being used through clear and visible means, such as noticeable badges on officers’ uniforms and blurring the faces of innocent bystanders.  Strict rules on retention and secondary use must be adopted and proper safeguards must be in place, such as limiting access, keeping audit trails and encrypting recordings.

Privacy concerns may become even greater if recordings from body-worn cameras are integrated with video or audio analytics, licence plate recognition or facial and pattern recognition technology. Such technologies usher in an additional dimension of privacy risks which should be carefully thought through and mitigated well before the deployment of cameras.

Conclusion

In closing, I hope that my brief remarks have demonstrated that public safety and personal privacy need not be seen as a non-zero sum game. In light of the ongoing discussion concerning threats to public security, one would be tempted to think that forced to choose between the two, Canadians would pick security over privacy.  But let me leave you with a fact that seems to say otherwise.

The most recent public opinion survey carried out for our Office found that 57 per cent of Canadians were uncomfortable with warrantless information requests concerning their telephone or Internet usage. While that’s a fairly strong majority on its own, consider that our survey was taken between October 21 and November 10 last year – just following the tragedies in Saint-Jean-sur-Richelieu and Ottawa – a time when terrorism was perhaps never so real, never so close to home for Canadians.

In other words, Canadians can be in favor of greater security protection against terrorism, but when it touches them personally, they still remain protective of their privacy. Even in the days when they were reacting to such tragedies and when public concerns about terrorism were justifiably high, Canadians maintained a healthy balance between privacy protection and public safety.  Surely they expect no less from their institutions. 

Thank you.

Date modified: