Free Expression Matters: Digital Privacy and

Surveillance

By ​Pari Rajagopalan​ | February 5, 2016 at 3:13 pm | ​0 Comments​ | ​Blog​ | Tags: ​Canadian Issues​, ​free expression

matters​, ​surveillance

Each year, PEN International prepares a report assessing the state of freedom of expression in the
country in which its congress is held. In October 2015, PEN International released a ​report on free
expression in Canada​ ahead of the 81st congress in Québec City, Québec. Based on this briefing note,
PEN Canada presents “Free Expression Matters” a series that breaks down free expression issues in
Canada. In this fourth instalment we look at surveillance in the Canadian context and examine how the
activities of government agencies can threaten the digital privacy of Canadians.

Click ​here​ to see previous “Free Expression Matters” on ​defamation​, ​public servants,​ and ​political
audits​.
What does privacy and surveillance have to do with free
expression?

In 2013, the UN Special Rapporteur on the right to freedom of opinion and expression wrote that
interference in individuals’ privacy can limit the “free development and exchange of ideas.” For writers,
the major concern is self-censorship. Will we explore controversial ideas online if the government can
track our activity? Will we share our opinions in private e-mails if third-parties can access them?

In dealing with government agencies in Canada, the right to privacy is protected by:

● Section 8 of the ​Canadian Charter of Rights and Freedom​ which protects against unreasonable
search and seizure and recognizes the expectation of privacy.

● The ​National Defence Act​, ​which prevents the Communications Security Establishment from
directing its intelligence or defence mandates at Canadians or people in Canada.

● The ​Privacy Act​, which limits the collection, use, and disclosure of personal information by all
federal departments and agencies.

Surveillance in Canada has become increasingly commonplace, and recent revelations have shown
that Canadians and others have been surveilled under numerous programs with little oversight or
transparency.

What Canadian agencies engage in activities that can

threaten our digital privacy?

1. Law enforcement agencies​ like police, border and correctional services – and even officers of
Environment Canada and Canada Post –can request information from Internet Service
Providers (ISPs) and other telecommunications companies for the purpose of an investigation.
However, there has been a trend towards recognizing the importance of the right to privacy and
the need for safeguards preventing the arbitrary collection of personal information:
○ In April 2014, Canada’s Privacy Commissioner Chantal Bernier revealed that ISPs have
disclosed a significant amount of information to the federal government and urged them
to be more transparent about these disclosures.

○ In June 2014, the Supreme Court of Canada barred ISPs from providing law
enforcement agencies with the personal information of customers without a warrant.
 The court emphasized the importance of the right to privacy and the need for police to
obtain a warrant for information except in mitigating circumstances.

○ In January 2016, an Ontario Superior Court judge ruled that broad police search
warrants forcing telecommunications companies to provide the cellphone records of
thousands of customer’s are a breach of privacy and violates the ​Charter of Rights and
Freedoms​. The decision also specifies that police may only obtain a minimal amount of
information about cellphone users relevant to their investigation.
2. The Communications Security Establishment (CSE)​, which is a federal agency that supports
the Canadian government by collecting “foreign signals intelligence”, protecting high-value
digital networks, and assisting law enforcement agencies with their “unique technical
capabilities.” The CSE is reviewed only by the Office of the CSE Commissioner and there is no
judicial oversight over its powers. This absence of oversight has allowed the CSE to share
information with other governments, monitor the downloads of millions of Internet users around
the world, and mine communications for “​metadata​.”

What is metadata?

Metadata is data that describes data. For example, metadata collected from cellphone records could
include the length of a call, the number called, and the location of the call – everything but the content of
the call itself. Even without direct eavesdropping on conversations (which the CSE ​is​ permitted to do on
any communication with a foreign contact), metadata can reveal significant amounts of personal
information and can be misused by Canadian law enforcement agencies in the absence of judicial
oversight.

What is Canada’s metadata surveillance program?

The government’s metadata surveillance program, though targeted at foreign communications, enables
the CSE to capture and analyze metadata from every phone and Internet-based activity undertaken by
Canadians. The program was renewed by ministerial directive in 2011, despite concerns raised in 2008
by the CSE Commissioner who stated that: “characteristics of contemporary communications
technology mean that the interception of communications by CSEC runs the inherent risk of acquiring
the private communications of Canadians.”
Have we seen threats to privacy in practice?

In 2014, documents retrieved by US whistleblower Edward Snowden revealed that the CSE used
information from free wireless Internet services in major Canadian airports to track wireless devices of
passengers for days after they left the terminal. The documents also confirmed the existence of an
information-sharing agreement between CSE and the United States’ National Security Agency (NSA)
that enables both agencies to circumvent laws that prohibit them from spying on their own citizens by
sharing, without warrants, information each has gathered on the other country’s citizens.

In January 2015, documents from the Snowden leak showed CSE monitoring uploads and downloads
of millions of Internet users across the globe. Code-named “LEVITATION”, the operation analyzes
records of up to 15 million downloads every day. The CSE can search for specific IP addresses (your
computer’s unique address) using tools from Britain’s GCHQ, track users’ online activity, and
sometimes link the IP address to a specific Facebook or Google profile. Of the 15 million records
collected daily, approximately 350 records are deemed “interesting.”

In the CSE’s 2014-15 annual report released in January 2016, Commissioner Jean Pierre Plouffe
disclosed that certain types of metadata had not been properly “minimized” –i.e. stripped of Canadian
identity information– before being shared with international partners. This was a result of technical
deficiencies the CSE discovered 2013 during an internal review, after which the CSE stopped the flow
of metadata to international partners. The report also found that the ministerial directive governing
CSE’s collection, use, and disclosure of metadata lacks clarity and recommended that the agency seek
a new directive. In a statement, Defence Minister Harjit Sajjan stated that although the “privacy impact
was low,” the CSE will not resume information sharing until he is satisfied that “effective systems and
measures are in place.”

What actions, if any, has the federal government and/or the

CSE taken to minimize threats to the privacy of Canadians?
In January 2014, US President Barack Obama publicly announced reforms to the NSA in response to
the Snowden revelations. By contrast, the Canadian government made no attempt to increase CSE’s
transparency and accountability until recently. The bill C-51 anti-terrorism legislation passed in June
2015 grants the CSE significant new powers, allowing it to access information collected by other
government agencies including the Canada Revenue Agency and Health Canada. However, in 2016, in
addition to the CSE’s suspension of information sharing with international partners and stated pursuit of
more effective systems, Public Safety Minister Ralph Goodale stated that the federal government is in
the process of reviewing its security intelligence operations and is committed to introducing new
parliamentary oversight of intelligence agencies.