A proposed federal anti-terrorism law is drawing widespread criticism and it’s not just coming from protest groups—legal experts and even the federal government’s top privacy watchdog are also speaking out.
Critics say that Bill C-51 will turn the Canadian Security Intelligence Service into a secret police force, endanger free speech, and even threaten the ability of Canadian tech companies to do business internationally.
Over the weekend, protests against the bill were held in at least 55 Canadian cities.
For privacy advocates—including the Privacy Commissioner of Canada—one of the main concerns is that the law will vastly expand the amount and type of information that government agencies share with each other, effectively creating a vast network of surveillance.
“The scale of information sharing being proposed is unprecedented, the scope of the new powers conferred by the Act is excessive, particularly as these powers affect ordinary Canadians, and the safeguards protecting against unreasonable loss of privacy are seriously deficient,” Daniel Therrien, the privacy commissioner wrote in a statement.
“While the potential to know virtually everything about everyone may well identify some new threats, the loss of privacy is clearly excessive. All Canadians would be caught in this web.”
Now, some people will say, they have nothing to hide, so what do they have to fear?
Maher Arar had nothing to hide when the RCMP gave inaccurate information about him to the U.S. government. He was kidnapped by U.S. authorities and taken to Syria to be tortured.
The experience of Arar – and the lessons learned at the public inquiry into the failures of the RCMP and other Canadian officials – figures prominently in a critique of the bill written by law professors Kent Roach, of the University of Toronto, and Craig Forcese, of the University of Ottawa.
“In what we have called ‘Arar amnesia,’ there is nothing in the proposed Act about steps to ensure the reliability and (for the most part) relevance of the information that is shared,” they write. “We raise, here, the injustice implications of sweeping information sharing of intelligence with varying levels of reliability. Improperly shared information may result in rumours and innuendo being reconceived as fact, and used to justify action, sometimes of a very troubling sort.”
It’s not just about terrorism, according to Roach and Forcese, “the proposed Act is built on a wildly overbroad concept of ‘activities that undermine the security of Canada.’ This is a new concept in Canadian law” and they warn that it creates “quite simply, the broadest concept of security that we have ever seen codified into law in Canada” one that could easily see otherwise legal activities come under government surveillance.
One of the government agencies which will be sharing private information with intelligence services is Health Canada.
That could lead to more cases like that of a Toronto woman who was denied entry to the United States in 2013 because she had been briefly hospitalized for depression over year earlier.
Also on the list of agencies included in the proposed information sharing network is the Communications Security Establishment, Canada’s top-secret signals intelligence agency. In late January it came out that the CSE, tracks at least 10 million downloads every day, sharing information (though just what information remains unclear) with allied intelligence agencies, like the U.S. National Security Agency.
Beyond the obvious risks for abuse, the proposed law could also hurt the ability of Canadian tech companies to do business in places like Europe, where stricter privacy regulations are still in force.
In the United Kingdom, concerns have already been raised over a local e-book seller’s plans to transfer its customers libraries’ to Kobo, which is based in Canada, when it winds down operations. The company, Blinkbox, has even had to issue refunds to some customers who are worried about the privacy implications of having their data stored on Canadian servers.
It’s an issue Canadians are usually on the other side of. IBM is expanding the number of servers it has in Canada for just this reason.
Even when it comes to cloud-based services people want to know and control where their data is physically located (and therefore which laws apply to it), called “data sovereignty” it’s an issue that is certainly not going away.
Of course, these concerns are all based around the assumption that the worst thing that can happen to your data in the hands of the Canadian government will be what the government does with it. But, given the federal government’s track record when it comes to securing private data, it might also be worth worrying about someone else getting their hands on it.