The Office of the Privacy Commissioner of Canada has warned the Harper government it “does not believe Canadians are willing to accept a ‘levelling down’ of their privacy protections simply in pursuit of an enriched perimeter security agenda.” The Commissioner, who submitted her office’s initial comments on the perimeter deal to the Beyond the Border Working Group in June, says no new cross-border information sharing agreements should signed “until an enhanced legal framework has been put in place to allow proper oversight and privacy protections and through a concerted public discussion and debate in our respective legislatures.”
The OPC and its commissioner, Jennifer Stoddart, were singled out, along with Maude Barlow, national chairperson of the Council of Canadians, as potential high-profile critics of the latest security integration talks in a Harper government communications strategy leaked to the media in December. Stoddart’s office has been vocal on the flaws with post-9/11 security measures, including no-fly lists and other biometric databases, as too invasive and ineffective.
Her latest report on the proposed perimeter security deal with the U.S. recognizes the importance of facilitating trade between Canada and the U.S. while helping secure the border. But she says it must be done under strict rules which limit the amount and type of information allowed to flow across the border. The report backs up this recommendation with examples of how existing security practises at the border are affecting people’s privacy.
For example, she writes:
In 2005, many individuals living in Canada who had previously travelled freely to and from the US began reporting difficulties (or outright denials of entry) as they attempted to cross the border for business, shopping or to visit friends and family. Research indicates this may stem from new powers authorizing agents with U.S. Customs and Border Protection (CBP) to use information from a variety of public sources and private data services to augment their background checks on individuals seeking entry. In essence, CBP officers can screen not simply against dedicated systems for specific outstanding warrants or look-outs, but general publically-available information on individuals, including travel, news and academic searches.
Ms. Stoddart reminds the Harper government, in its submission to the Beyond the Border Working Group, that careless sharing of everything the RCMP had in its counter-terrorism database with FBI colleagues after 9/11 eventually led to the deportation to Syria of Maher Arar, who was determined guilty by association by U.S. officials. It played a similar role in the detainment and torture abroad of three other Canadians. The Arar and Iacobucci commissions both urged counter-terrorism investigators to include more checks and balances on the delivery of personal information on Canadians to any foreign government. Ms. Stoddart repeats that recommendation here.
On biometrics, the OPC unfortunately downplays the problems with so-called enhanced drivers licenses available in several provinces, including Ontario, Manitoba and British Columbia. But the report does caution against centralizing biometric information–normally personal information linked to an image or other physical features such as an iris scan or fingerprint–because of the tendency for mission creep, or using centralized databases for reasons beyond what they were intended.
Ms. Stoddart also comments on the proposal for a common Canada-U.S. entry-exit system to log each individual as they transit ports of entry in either country. Such a system, linked to a biometric identifier such as a fingerprint or iris scan, “would constitute a major shift in the dynamics of our current datasharing regime,” she says. “It would also raise serious privacy concerns, which generally accompany the use of any biometric identification system.” The OPC recommends:
The government should strongly advocate for a made-in-Canada model heavily influenced by the European approach — that is, a model that reflects Canadians concern for care and protection of their personal information. By gathering only that information which is truly necessary for border security, such a program should limit the threat of over-collection and inappropriate use. By comparison, adopting a US model would see Canada share personal information on travelers visiting locally, and in some cases, where individuals have made a conscientious decision to not travel to the US. Such an approach would not only offend the value Canadians traditionally place in their privacy but may have the effect of hurting the reputation of Canada abroad as a destination of choice.
To read the full OPC report, click here.