Privacy or security?
Culture / January 21, 2014
Privacy rights in the modern age.
By Scott Moraes
Privacy is a cloudy concept hard-pressed for a standard definition. Intellectuals from many different ages and stripes have offered their interpretations of privacy for centuries, and the debate is still a burgeoning one.
Recently, largely due to the leaks made public by Edward Snowden, privacy concerns have leaped to the foreground of public debate and spread like wildfire. Rather than simply spying on States (an old practice), Snowden’s leaks shed extensive light on the rise of surveillance of populations, at home and abroad, and through collection of digital data. Indeed, it appears that every technological novelty hailed as a security tool by either government or private entities has an inherent potential for breaching privacy rights and data mining capabilities. Evidence of governments spying on each other and on their own populations has surfaced across the globe, and with it, a rethinking of privacy rights in a digital world where all the spatial notions of privacy are suddenly hollow. This presents a challenge mainly on whether the risks of technological advances outweigh their convenience, and where to draw the line.
IS BIG BROTHER WATCHING YOU?
Lawyer Michael Vonn has been researching and talking about privacy issues for years. As policy director for the B.C. Civil Liberties Association, she was part of the team that, in October, filed a lawsuit against the Communications Security Establishment Canada (CSEC) claiming that “its secret and unchecked surveillance of Canadians is unconstitutional,” in that it breaches citizens’ protections against “unreasonable search and seizure” under section eight of the Charter of Rights and Freedoms.
The CSEC is legally permitted “to read Canadians’” e-mails and text messages, listen to Canadians’ phone calls, and to collect and analyze the metadata information that is automatically produced each and every time a Canadian uses a mobile phone or accesses the Internet.” The BCCLA also claims that there is no judicial oversight of CSEC’s actions.
In light of a judicial decision in the United States regarding similar complaints, Vonn says, “In principle, [Americans] too are protected against unreasonable search and seizure. We have different laws, but this is encouraging to us that the U.S. district court has found this to be unconstitutional. This is dragnet surveillance of electronic data. They’re sweeping up our data, warrantless, and that’s impermissible.” Judge Richard Leon of the Washington District court wrote that, “the [U.S.] government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote, also citing that the surveillance was “almost Orwellian in its scope.”
In Canada, privacy rights are set out federally inthe Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), while provincially British Columbia has its own Privacy Act, and privacy in the private sector is protected by the Personal Information Protection Act (PIPA) and in the public sector by the Freedom of Information and Protection of Privacy Act (FOIPPA). In 2008, B.C. also enacted the E-Health Act.
FOIPPA also gives a mandate to privacy commissioners, who are appointed as independent watchdogs on privacy issues, both federally and provincially, and who receive privacy complaints and issue recommendations following a review. Commissioners, however, have no power to enforce legal decisions.
As the U.S. government classifies more documents than ever (by a very large margin) and cracks down on whistleblowers, other nations are likely doing the same. As a response to the trend, in July, a document collectively written and signed by over 300 civil society groups across the globe was published online. Entitled International Principles on the Application of Human Rights to Communications Surveillance, it encompasses a set of principles that democratic societies should attempt to fulfill so that basic human rights are not compromised by the “explosion of communications metadata.” The document suggests that privacy laws should be subject to periodic review, and that the justification for the necessity and legitimacy of proposed legislation should be the responsibility of the State. It also recommends “public oversight mechanisms to ensure transparency and accountability of communications surveillance.”
GOING DIGITAL: DANGER OR CONVENIENCE
There appears to be a thorny dilemma between the desire for greater security and the sacrifice of privacy. Much like contentious economic measures are presented as beneficial, security measures are also often marketed as a necessity and the other side of the coin is usually masked from public scrutiny.
Concerns in Canada aggravated in the wake of a proposed amendment to the Criminal Code of Canada, laughably titled “Protecting Children from Internet Predators Act” or Bill C-30, which barely mentioned predators or children and was mostly meant to allow for legal police access to digital data.
Though the bill was eventually rejected following public outcry, lawmakers have not completely given up on some of its measures. “Bill C-30 was taken off the stove, but it has come back – zombielike – in a slightly different form.” warns Vonn. “The new Cyber Bullying bill [Bill C-13] has some of the C-30 ideas, but the most contentious aspects of C-30 are not part of this new bill, so that means they must have taken some of the public criticism into consideration. But again it is essentially a Trojan horse, there’s only a few pages relating to cyber bullying, the rest is related to police access to information.”
Vonn also suggests that such “Trojan horses” and omnibus bills have contributed to the watering down of B.C.’s once-exemplary privacy safeguards and that the trends present a grim picture.
Government 2.0 is the name of a blanket program presented as a technical upgrade to identity management in British Columbia. More than just an upgrade, though, it would allow for free flow and sharing of citizens’ personal information among different ministries – information that used to be held separately and minimally shared.
The official proposal claims that the strategy is “about giving citizens some of their most valuable resource: their time.” Indeed, like the titles of controversial legislation, the strategy is astutely packaged for sale. “Ultimately, citizens want easy, timely access to public services when and how they choose. Meeting those expectations is the motivation behind this strategy,” guarantees the document. The proposal also largely relies on the implication that government sees the sharing of data as a two-way street. The official rhetoric grants that new technologies could and should be used for more transparent and “proactive sharing” of government data to citizens.
At the core of Government 2.0 is a new identity card called the B.C. Services Card, which was rolled out as an optional upgrade in February 2013, but is intended to become mandatory by 2018. That the card was implemented without much public consultation led B.C. Information and Privacy Commissioner Elizabeth Denham to conclude, “Given the program’s profound reach and the amount and type of personal information involved, it is critical that citizens are included in the dialogue. I am recommending that government conduct a fulsome public consultation with British Columbians before the B.C. Services Card program proceeds to phase two.”
If the public is duly consulted, it should think not only about what it allows for in terms of efficiency, but what kind of collateral damage might come with it. “There’s nothing inherently problematic with the system proposed, but we have to ask ourselves, from which system are we going to derive the most benefit and the least detriment?” asks Vonn. “What is our great privacy protection in this arena? It starts to get very difficult to avoid surveillance.”
Vonn also warns that the card could grow to encompass a series of services and transactions, and that this could very well serve as a blueprint for a national identity card. “Very few people are going to understand the architecture that these online databases rely on. We have asked to proceed cautiously and depend on expert consultation. Insofar as a card, allowing for linkages, and for the possibility of greater access to tracking an individual, there’s a big potential problem for privacy and security.”
At the first stage, the B.C. Services Card allows for the optional marriage of the B.C. Care Card and the provincial driver’s licence. In regards to electronic health care (E-health), Vonn is also particularly wary. “With our current model, when we put our records into the shared database, the health care provider doesn’t control it, the government controls it. One of the things we fought for was a mechanism so patients could lock down their records, technically and theoretically available to thousands of people… so you could mask your records and you’d have some control. We have such a mechanism now, it’s called a disclosure directive, but the government says it’s almost useless. They won’t tell anybody it exists.”
With such a drastic change in the way personal information is handled by government, citizens should rethink how they truly feel about their privacy. “If we’re going to truly engage people and make them understand the dangers, then we’re going to have a discussion,” says Vonn. “What we know about people’s actual stances is through the social sciences studies. They show that even when people are initially adamant that they support surveillance technology that those ideas break down very easily under cross-examination. Whatever their opening gambit may be about, people care about privacy.”
On a smaller scale, but following the same trend, the Translink Compass system has also elicited privacy concerns, with some cautious critics claiming that it could allow for tracking of citizens.
WHERE THE WILD SPIES ARE
Government is not the only spy we should beware of. Spying – or for a less intrusive connotation, investigating – is at the core of a well-defined industry of private investigators. Rather than Bondesque warriors with a license to kill and womanize at will, these private eyes are more like investigative bureaucrats. According to the legislation – fairly unspecific at that – P.I.s cannot impersonate law enforcement, carry guns, make arrests, trespass (on physical property), tamper with mail, wiretap a phone without consent, or gain access to protected information without consent. Save a few specifications to regulate their trade, P.I.s can still legally make use of contentious surveillance methods and equipment.
Hackers are increasingly untraceable, and spyware is easily purchased online and in specialized stores, which usually contain a disclaimer notice on the legality of using the products. As social networking proliferates and e-commerce becomes increasingly convenient, privacy clauses are seldom read, and if they are, they’re rarely understood. Adding to that, the legal mechanisms through which to make a privacy-related complaint are little known and redress much harder to get, leading inevitably to vastly unnoticed and unpunished privacy breaches.
THE WAY AHEAD
With the growth of cloud storage, data mining, CCTV surveillance in urban areas, personalized e-marketing, private investigators, and digitalized services, it would be neglectful to sit back idly. It’s preferable to prevent damaging legislation from being enacted in the first place than to try to overturn it later on.
Technology advances much faster than legislation can keep up with, and much faster than most people can learn to interpret them. The tools themselves cannot be blamed for the crimes perpetrated with them. It is a paradox of modern life that the technology which brings us much convenience can also be exploited to the detriment of our privacy and security.
It’s vital to fully consider the risks that these trends pose to our long fought-for rights and freedoms. The argument by government and private entities that such services are meant for harmless convenience has been bankrupted by ever-mounting evidence of widespread, indiscriminate, wholesale surveillance. The official Government 2.0 document grants that the strategy “will require citizens and the public service to trust that steps can be taken to improve access to government without jeopardizing safety and security.” With trust being such a key concept in democratic societies, it cannot be blind, and the burden of proof is on government to justify to citizens that certain changes offer more benefits than risks. Citizens, the media, and watchdogs have been keeping increasing attention on privacy concerns, and as Michael Vonn concludes, “It’s not inevitable that we need to lose control, if we have the political will.”
For a comprehensive view of privacy issues in British Columbia, visit the B.C. Freedom of Information and Privacy Association at Fipa.bc.ca, and the B.C. Civil Liberties Association at Bccla.org
For information on how to file a privacy complaint to the Office of the Privacy Commissioner, visit Priv.gc.ca
All texts and legislation mentioned in this article are available online.