Category: Canada

Harper’s nominee for Privacy Commissioner must be challenged

The current Canadian government has been in a lot of trouble recently over nominations to various federal offices. It’s been accused of cronyism, overly partisan, inappropriate  and even illegal nominations to senior positions. Many have been rejected. It comes as no surprise then to find that Prime Minister, Stephen Harper, has nominated someone who seems almost entirely inappropriate to be the next federal Privacy Commissioner.

The nominee, Daniel Therrien, has spent almost all his career as a government insider. If Therrien was a privacy expert, this wouldn’t necessary be an obstacle even to someone taking a job which is supposedly an arm’s length position, as much a watchdog on government as a government office.

If he was a privacy expert.

But he’s not.

Therrien’s experience comes mainly in corrections (prisons and parole offices) and latterly with immigration and border issues. He’s currently the Assistant Deputy Attorney General, Public Safety, Defence and Immigration Portfolio, at the Department of Justice. It is in this position that he has had some involvement with privacy issues, and in some ways, this involvement makes his nomination even more troubling.

Therrien was one of the leaders of the Canadian negotiating team that dealt with the privacy principles of the Beyond the Border Accord, the agreement that essentially allows the USA to extend its ‘perimeter’ around Canada (the original proposed version of the agreement was refered to as the North American Perimeter agreement).

So what do the principles say? Essentially they are a vague set of reaffirmations of well-understood data protection principles combined with the recognition of domestic laws. They don’t do anything specific or new. They certainly will not guarantee that sensitive personal information is not shared across borders or provide for genuine protection when they are. And it seems clear that while necessity and proportionality and data quality are all referenced, necessity seems to trump everything else. As the final principle on ‘Retention’ states:

“The United States and Canada are to retain personal information only so long as necessary for the specific purpose for which the information was provided or further used.”

But as we know from almost everything that has happened since 9/11, necessity is the mother of expansion.

In addition, most of the principles also use the phrase “in accordance with their respective domestic laws”, or similar. A paragraph on ‘Effective Oversight’ states

“A system of effective data protection supervision is to exist in the form of a public supervisory authority or authorities with effective powers of intervention and enforcement. These powers may be carried out by a specialized public information protection authority or by more than one supervisory public authority to meet the particular circumstances of different legal systems.”

Translated, this means “business as usual.” Canada can carry on having its system of Commissioners and the USA can carry on having its in-house Privacy Officers. This does nothing to resolve the issue of what happens when privacy laws and systems of oversight are in conflict or incompatible – as they frequently are.

The Prime Minister is quoted in the press release as saying: “­­­­­­­­­­I am pleased that Daniel Therrien has agreed to be nominated for the position of Privacy Commissioner. He is a well-qualified candidate who would bring significant experience in law and privacy issues to the position.”

I guess it all depends what one considers to be ‘significant experience’. He has some experience. But he is neither a privacy lawyer not a privacy expert by training nor has be become such by virtue of his career. And his limited experience is almost entirely in the context of the furthering of neoliberal trade and security agreements with the USA, it is not in domestic privacy protection.

Daniel Therrien may well have had an impeccable professional record. He may well be an excellent Assistant Deputy Attorney General. He may well be a good person. But none of those things are the issue here: Therrien is not “a well qualified candidate” to be the federal Privacy Commissioner. He could, like the current interim Commissioner, Chantal Bernier, legitimately be appointed as Deputy Commissioner in order to build up his qualification in the area. But as the Commissioner? No.

Luckily, this nomination is not a foregone conclusion. It must be approved by both the Senate and House of Commons, and Liberals, NDP and Greens have all voiced concerns already. I am adding my own voice to this in saying that this nomination must be challenged in the most robust terms. Personally, I also think it’s a great shame that the capable and directly experienced Bernier was not given the opportunity to retain the seat that she has only been keeping warm for the next Commissioner…

Transparent Lives: Surveillance in Canada

The New Transparency project is coming to an end, and we are launching our major final report, Transparent Lives: Surveillance in Canada / Vivre à nu: La surveillance au Canada, in Ottawa on Thursday 8th May (which is also my birthday!). The report is being published as a book by Athabasca University Press, so it is available in all formats including a free-t0-download PDF. We want as many people in Canada (and elsewhere) to read it as possible.

The launch will be covered by the Canadian press and was already blogged in the Ottawa Citizen a few days ago.

A website with resources and summaries will be here very soon, and there is also a promotional video / trailer here in Youtube.

 

More on ID, this time in BC

There’s a great piece just out today from Adam Molnar, guesting on Chris Parsons’ blog, about the soon-to-be released British Columbia Services Card, which features a Near-Field Communications (NFC) chip. It’s well worth reading Chris Parsons’ blog on a regular basis anyway, so check it out!

$100 to anyone who can find a ‘privacy-compliant camera’ in Canada

Actually, the headline (from the Toronto Metro free paper) is a little misleading as what my friend and colleague Andrew Clement is actually betting on here is that no-one can find a video surveillance system in Canada that is fully compliant with Canadian privacy law. Which of course may of may not be the same as ‘privacy’ in any other terms. But it’s an interesting challenge – that is largely to do with signage. Prof Clement and his team at the iSchool at UofT have been monitoring the way in which video surveillance systems in Canada are signed for quite some time. As their website, surveillancerights.ca (which is also where you can try to claim your $100…) says

“Signs should at a minimum clearly tell you:

  • who is operating the camera
  • who you can contact if you have questions
  • the purpose(s) of the surveillance”

The signs should also in themselves be clearly visible, not hidden away somewhere. There’s more detailed information about requirments here.

So, who’s going to take up this bet?

(Thanks to Matthias Vermeulen for the story and Aaron Martin for noticing the difference between privacy and privacy law.)

Canadian police to expand drone use

qube_mediagallery
AeroVironment Qube (avinc.com)

The Royal Canadian Mounted Police (RCMP) are investing more in micro-UAVs, in particular little remote-control surveillance helicopter drones, according to the National Post today. The new drones will be the quad rotor AeroVironment Qube model, one of the most popular small drones used by police worldwide.

According to the police themselves, they will limit the use of the drones to “accident reconstruction, search-and-rescue operations, major crime scenes and situations involving emergency response teams”, however as the article also notes, they don’t actually have a formal policy on the use of UAVs, and as with other controversial purchases by Canadian police, for example the LRAD accoustic weapons in Toronto and Vancouver, this highlights how little oversight there is of what technologies police can purchase.

(Thanks to Chris Prince for the story)