News

  • Government's Defence of Proposed CSE Act Falls Short
    - 2018-01-30 -

    As Bill C-59, the National Security Act, 2017, winds its way through committee (SECU), the Government has made available a lightly redacted copy of its briefing notes developed in support of the Bill. A central point of contention in Bill C-59 is the proposed CSE Act, which will provide a new and comprehensive framework for the CSE, Canada's foreign signals intelligence agency. Elements of this framework are long overdue, such as its creation of NSIRA, which will have far-reaching capabilities to review the CSE's activities, and an Intelligence Commissioner which, if properly empowered, will provide an independent check on some of the CSE's activities.  However, as we (jointly with the Citizen Lab) pointed out in a recent analysis, the CSE Act requires significant  revision if it is to provide a reasonable framework for the CSE's activities. The briefing notes provide helpful additional insights into Bill C-59 and in particular into some of the CSE's anticipated uses of its new powers embodied in the proposed  CSE Act. However, we re-joined the Citizen Lab in analyzing these briefing notes and concluded that the government's justifications for some of the more controversial elements of the CSE Act (particularly its new poers to carry out cyber operations and an exceptoin that will permit it to direct its ativities at Canadians when collecting 'publicly available information') simply fall short. Specifically, the briefing notes present only the most innocuous uses to which the CSE's new powers might be put, painting an extremely sparse picture of provisions that are far more permissive in scope. The short analysis supplements this sparse presentation, and reaffirms the need for reform of the new proposed provisions. Read the analysis, which is authored by (in alphabetical order) Lex Gill (Citizen Lab), Tamir Israel (CIPPIC) and Christopher Parsons (Citizen Lab) after the jump, or you can obtain the analysis in PDF format here.

    Image Credit: Junaldrao, "Jorge Bamboa, The Tip of the Iceberg", June 2, 2017, CC-BY-ND 2.0, Flickr

    + read more
  • CIPPIC Files Intervention in health data case, BC v Philip Morris
    - 2017-12-21 -

    CIPPIC has filed its intervention factum in Her Majesty the Queen in Right of British Columbia v. Philip Morris International, Inc., SCC No. 37524. The case presents the Supreme Court with a conflict of values: do the privacy interests of third parties bar a defendant to an action from accessing large health datasets in order to challenge the results of the plaintiff’s analysis of that data?

    CIPPIC argues that this conflict between privacy and transparency will be mediate by the dual protections of anonymization procedures, implemented in accordance with guidelines familiar to the health industry, and flexible judicial safeguards embedded in disclosure orders.

    The case raises important issues about the right to challenge the outcomes of analytics performed on large data sets. As we increase our reliance on big data and algorithmic decision-making technologies, privacy and accountability will be increasingly at issue.

    + read more
  • Our Analysis with the Citizen Lab Recommends Sweeping Changes to Foreign Intelligence Overhaul Attempt
    - 2017-12-18 -

    CIPPIC joined the Citizen Lab today in releasing a detailed analysis of Bill C-59 which, among other things, seeks to comprehensively modernize the Communication Security Establishment (CSE)'s legal framework. The CSE, Canada's foreign intelligence agency, is granted expansive powers and a mandate that is intended to be 'foreign facing', a tradeoff intended to limit safeguards applied to the Establishment while limiting its ability to impact on Canadians. The Bill C-59 reforms in many ways improve the CSE's current operational regime, by requiring the CSE to operate in a proportionate manner and under some independent control for the first time. Ultimately, while the Bill modernizes many of the CSE's powers and capabilities, it remains stuck in the past with respect to its oversight and control regime—a regime that remains driven by executive authority. The report suggests over 50 reforms to the Bill, with varying degrees of impact. Of particular concern is the Bill's open embrace of mass and bulk surveillance practices, a range of newly introduced exceptions that will grant the CSE more scope to operate domestically, a new domestic private sector cybersecurity regime, and new cyber operation powers that would allow the CSE to disrupt and undermine security, the integrity of communications networks and human rights in Canada and abroad.

    At the same time, the report points to deficiencies in the independent control and oversight mechanism proposed by Bill C-59. The embodiment of these mechanisms (the Intelligence Commissioner) is presented as a quasi-judicial check on the Minister's otherwise broad powers to authorize the CSE's activities. However, the Commissioner lacks the independence and scope of oversight necessary to meaningfully carry out the function envisioned for it. Notably, while the Commissioner may now refuse some authorizations as issued by the Minister of National Defence, the process remains largely driven by the executive branch of government. The Commissioner lacks basic fact-finding powers, mechanisms for direct adversarial input, formalized appeal mechanisms and even the obligation to issue reasons when approving a ministerial authorization. The scope of Commissioner oversight is similarly deficient. As others have noted, Commissioner approval is only required if CSE activities would otherwise violate a law of Canada or the Charter, a triggering mechanism that falls well short, allowing significant invasive CSE conduct to fall outside the scope of Commissioner control. Critically, Bill C-59 introduces a range of new cyber operation powers that could well be the most invasive in the Establishment's toolkit, yet these fall altogether outside the scope of Commissioner control. As Bill C-59 continues to make its way through parliamentary committee, it is hoped that some of these issues (and others itemized in a civil society coalition statement) will be addressed.

    Image Credit: Gautier Poupeau, "Magnifying Glass [Loupe], 1963, Roy Lichtenstein", July 14, 2013, CC-BY-2.0, Flickr

    + read more
  • CIPPIC Joins Article 19's CJEU Intervention on Global De-Registration Orders
    - 2017-12-15 -

    CIPPIC joined in an intervention (FR) which highlights the negative impact on freedom of expression that can result if the Court of Justice of the European Union endorses global content de-referencing orders. The regulatory action under appeal in C-507/17, Google Inc v Commission Nationale de l'Informatique et des Libertés (CNIL), arise from an order issued by the French data protection authority (CNIL) which would compel Google to extend its de-referencing of content to protect the privacy of Spanish citizens beyond google.fr. Content removal or de-referencing orders of this nature have the effect of leveraging the global reach of central online intermediaries such as Google in order to apply one nation's laws to the entire world. As a result, other states lose the ability to establish their own standards with respect to critical questions such as, in this instance, addressing the balance between the right to privacy and to freedom of expression.

    The specific type of content de-referencing order at issue in Google v CNIL seeks to protect the privacy of individuals by de-referencing their names from certain online articles: when someone searches for 'Alice Dubois', the first search hit that results will no longer be an account of Ms Duboius' 14 year old debt security proceedings. Ms Dubouis can retain some measure of control over how she represents herself to her employers, colleagues, friends—the world. However, in formulating such a right, great caution must be taken to ensure the right balance is struck between the need to protect individual's privacy and the public's right to receive information. Can professionals use this right to remove negative reviews of their products or services? Can those repeatedly convicted of fraud shield their convictions from future perspective customers? Does this right of de-referencing apply to all types of content or just prominently referenced articles that display sensitive information (an individual's sensitive financial information or health condition, for example)? The intervention (which was led by Article 19 and draws on the experience of co-interveners from Canada, Korea, Latin America, the United States, and Member States of the EU) argues that states must be allowed to balancing the important constitutionally protected interests at stake in such questions for themselves, rather than having the question determined by globally applicable content de-referencing orders.

    Image credit: Tyler Menezes, "The worst thing about censorship", June 27, 2008, CC-BY-SA 2.0, Flickr

    + read more
  • Supreme Court Vindicates Digital Privacy Rights in Instant Messaging
    - 2017-12-08 -

    The Supreme Court of Canada issued its long-awaited decisions in R v Marakah, 2017 SCC 59 and R v Jones, 2017 SCC 60 today, issuing a strong statement on the protection of privacy in digital contexts. The decision held that text messages continue to enjoy constitutional protection even after they are received by their intended recipient, meaning the state cannot bypass constitutional protections simply by directing its search to the recipient's cell phone, social media account or service provider. As CIPPIC argued in its interventions [Marakah, Jones], the decisions being appealed adopted a formalistic approach to concepts such as 'control' and 'access' which apply robustly in the physical world (who controls the data at the time of access, from what location is the data accessed) but have minimal bearing on privacy expectations in digital spaces. By contrast, the majority of the Supreme Court adopted a broad analysis of the privacy interests at stake, with outgoing Chief Justice Beverley McLachlin emphasizing the choice of a private conversation medium (i.e. text messaging) as driving the privacy analysis, concluding that "... privacy in electronic conversations is worthy of constitutional protection. That protection should not be lightly denied." Indeed, as McLachlin, CJ, explains on behalf of the majority in Marakah, the choice of a private messaging medium is, in and of itself, an exercise of effective control, underpinning privacy expectations in electronic messages that extend to their recipient. The choice to engage in a private electronic conversation creates a context where the sender can reasonably expect the messages to remain secure against the eyes of the state.

    Image Credit: Matt Karp, CC-BY-NC-ND 2.0, May 7, 2010, Flickr

    + read more
  • CIPPIC Granted Leave to Intervene in Data Case, BC v Philip Morris
    - 2017-12-06 -

    CIPPIC has been granted leave to intervene in Her Majesty the Queen in Right of British Columbia v. Philip Morris International, Inc., SCC No. 37524. The case involves the defendant's pre-trial discovery of the health-related databases of B.C. in the province's action against for recovery of the health care costs to the province caused by Philip Morris' tobacco products. CIPPIC's intervention will address (1) privacy and the risks of re-identification, (2) the need for those affected by government decisions based on large dataset to be able to challenge the data itself and to test (and contest) the algorithms used to arrive at its analyses, and (3) how to balance privacy with accountability in this context.

    The case raises important issues about the right to challenge the outcomes of analytics performed on large data sets. As governments increase their reliance on big data and algorithmic decision-making technologies, privacy and government accountability will be increasingly at issue and, at times, at odds.

    + read more
  • CIPPIC Appears before SCC on Defamation Jurisdiction Case
    - 2017-11-29 -

    CIPPIC Director David Fewer was joined by his co-counsel Professor Marina Pavlovic and Professor Jeremy de Beer to provide the Supreme Court of Canada with argument in its intervention in Haaretz.com, et al. v. Mitchell Goldhar, Professor de Beer did an excellent job addressing CIPPIC's argument, which focused on access to justice, forum shopping concerns, and technological neutrality.

    Students Lora Hamilton and CIPPIC intern Adam Soliman provided CIPPIC with outstanding support throughout the intervention, and were able to attend the hearing.  Great job, team!

    + read more
  • Charitable Contributions to CIPPIC on Giving Tuesday are Matched
    - 2017-11-28 -

     

    On Giving Tuesday (November 28), charitable contributions to CIPPIC will be matched 50¢ to the dollar to a $500 max per donor for the first $150,000 donated to the University of Ottawa. Give to CIPPIC and help protect your digital rights and freedoms in Canada!

     

     

     

    + read more
  • CIPPIC Joins Canadian, American & Mexican Law Professors, Academics and Policy Experts Calling for Copyright Balance in Trade Agreements
    - 2017-11-15 -

    NAFTA MapCIPPIC has joined international copyright law experts calling for NAFTA and other trade negotiators to support a set of balanced copyright principles. In "The Washington Principles on Copyright Balance in Trade Agreements", the experts urge trade negotiators to support policies like fair dealing, safe harbor provisions, and other exceptions and limitations that permit and encourage access to knowledge, flourishing creativity, and innovation.

    Signers lay out the following copyright principles to ensure consumers’ digital rights:

    • Protect and promote copyright balance, including fair dealing
    • Provide technology-enabling exceptions, such as for search engines and text- and data-mining
    • Require safe harbor provisions to protect online platforms from users’ infringement
    • Ensure legitimate exceptions for anti-circumvention, such as documentary filmmaking, cybersecurity research, and allowing assistive reading technologies for the blind
    • Adhere to existing multilateral commitments on copyright term
    • Guarantee proportionality and due process in copyright enforcement

    Read the text:

    + read more
  • UN SR on Violence Against Women Seeks Input on Technology-Facilitated Violence, Harassment & Abuse
    - 2017-11-02 -

    CIPPIC contributed to Citizen Lab's submission to the United Nations Special Rapporteur on violence against women, its causes and consequences, Dubravka Šimonović, who is seeking best practices for addressing technology-facilitated violence, harassment and abuse against women. The submission highlights the need to acknowledge the real-world harms that flow from technology-facilitated abuse—harms which are too often disregarded or trivialized. The atmosphere created by such abusive conduct operates at to exclude women and girls from critical digital spaces, can have professional consequences and can leverage technical capabilities to wage long-ranging and persistent harassment campaigns. Often, technology-facilitated abuse does not, however, fall neatly within existing causes of action or criminal prohibition, which poses a challenge for those seeking to leverage legal powers to find relief from such abuse. The online platforms on which technology-facilitated abuse too often plays out present an equally challenging landscape for women and girls facing online abuse. Voluntary mechanisms adopted by these platforms to address online abuse are opaque, highly inconsistent, and continue to fail those who attempt to rely on them. Other private actors compound technology-facilitated abuse of women by actively feeding a robust commercial stalkerware market that facilitates violent and harassing conduct and allows for pervasive surveillance of women by abusive partners. Citizen Lab's submission can be read at: https://citizenlab.ca/2017/11/submission-un-special-rapporteur-violence-women-causes-consequences/

    + read more
More news items...