First of all, let me thank the committee for this hearing and for my invitation.
I will make my presentation in English, but I can answer questions in French.
At least, I hope so.
I want to make two primary points about the current legislation before this committee. The first is that this act deals with two kinds of data and with the destinations of those data. The two kinds are API and PNR data. API is “advance passenger information”. That is the normal information that occurs on your passport: your name, your date of birth, your gender.
However, PNR information, which would also be required to be disclosed by airlines if this bill is passed, is much more far-reaching. PNR was originally a commercial system designed by the airlines to facilitate travel. It includes not only one's name and identification, but also fields for payment information, such as your credit card details; contact details, such as your phone number or home address; frequent flyer information; in some cases age, if the passenger is either young or elderly; special service requests, such as a meal request or a seating preference; special instructions; and blank fields that airlines and travel agents are able to fill in as they wish.
Governments want this information so that they can build profiles of not just risky passengers but safe passengers as well. Research clearly demonstrates that in the United States and the U.K., government agencies are trying to collect as much data about travellers as possible. Government agencies such as the UK Border Agency try to develop very sophisticated algorithms that predict not which individuals are dangerous, but what kinds of itineraries are dangerous.
For example, if there were a sudden death or illness of a Canadian citizen and a person rushed to the Ottawa airport and bought a ticket to Colombia, paid in cash, and had no baggage, that profile itself would be considered risky because of the reaction to the “underwear bomber” or to Richard Reid, who also arrived at the airport with no luggage for a long flight and paid in cash that day.
What worries me about this particular legislation is that the data not only go to the destination country but may go to all states that the airline might fly over. That, I feel, is the significant change that this legislation brings, and it worries me a great deal.
Flights that use the polar routes from Vancouver to Hong Kong would have to go over Russia and China. Are we suggesting that they are reasonable destinations for the passenger data of Canadian citizens? Flights that go to Colombia or Brazil must overfly any number of Latin American countries. Flights to Dubai must overfly most European countries and some Middle Eastern countries. Is the Government of Canada confident that the destination for their data can provide adequate protection? Are Air Canada and other air providers confident of that as well?
I understand that one of the reasons for this legislation is to get around the requirements of PIPEDA for Air Canada to provide such data. What worries me is that neither the government nor other agencies have put protection in place for data that will now go abroad.
I'm very heartened by the serious and complex debate in the House of Commons on this legislation, but while I don't want to contradict the parliamentary secretary to the Minister of Public Safety, it seems to me that on October 19 he refers to the ACLU's—the American Civil Liberties Union's—endorsement of the secure flight program. I assume from my own research that he is referring to a news release from 2005 that refers specifically to the change in the secure flight program in 2005 when they decided not to use commercial data services for the processing of PNR data. I would just like to point out that the ACLU has since changed its 2005 position and no longer endorses the secure flight program in the way that seemed to be implied on October 19.
The ACLU has argued, as I think we would all argue, that the no-fly list of the secure flight program in the United States is at best a very blunt instrument. There are more than one million names on the U.S. no-fly list, to the best of our knowledge. What the secure flight program does is automatically compare the names that are entered through API data against the multiple watch lists.
What concerns me is that PNR data adds a lot of extraneous data. It adds a great deal of cost, but provides us with no security benefit.
Let me make three points in conclusion.
First, I think it is dangerous to sacrifice our privacy and our freedoms for the dream of zero risk or perfect security. This particular measure does not provide additional security for the aviation sector, and it places an additional burden on Canadian citizens who are flying.
Second, Canada has set a high global standard for the use of PNR, in particular with the Canada-EU agreement relating to PNR matters. This agreement is praised by both Canadian and European data protection authorities because it has specific time periods for the disposal of data, it limits the data's use, and it limits in particular the individualization of that data. The information is rendered anonymous, which allows the security services to build up the profile without attaching it to any one individual. This has become one of the global standards for international treaties on PNR agreements, and we are moving away from that high standard with the passage of this legislation.
Third, the use of this commercial data, because it is created by airlines for their use, poses clear risks to privacy and no clear benefit. There is no reciprocity among any of the other countries. We are simply making Canadians more vulnerable to the security services of other nations, and we are doing so for countries that may not have the same robust privacy legislation or commitment that we have in Canada.
Canadians' data should not be hostage to the most paranoid regime that an air company chooses to fly over. The proposed change to these data protection regulations to include overflight states dramatically increases the vulnerability of Canadians' data while offering no means of redress or appeal.
We can assume that citizens know when they travel to a particular country that they are consenting. They know they go through a visa process and a border process, so they know their data is being evaluated. However, Canadians would have no way of knowing which of the countries they flew over would get their data, what would happen to their data, or how to appeal the use of that data. I think this is a dangerous change that poses clear costs but offers no benefit.
Again, thank you very much for the opportunity. I look forward to your questions.