I would largely echo David's comments.
I can recall appearing before a couple of House and Senate committees on Bill C-13, the lawful access bill, and much of the discussion for many of the witnesses was to try to emphasize the import of metadata. It's refreshing to have the issue raised right off the top and to have a recognition of the privacy import of that information.
I think the privacy community and the technical community, both of which have come forward on these issues, have consistently tried to argue that what we need is to take metadata far more seriously as a privacy issue. That has been largely missing. Frankly, we were met with largely dismissive responses and the law enforcement perspective that this is little more than dust and the sense that, somehow, lower thresholds were appropriate.
Yet when you take a look at what that metadata can ultimately reveal, as authorities in the United States have sometimes said.... I think Stewart Baker, the former general counsel of the NSA, has said, “We kill people based on metadata”.
The value of that information and the potential import of that information is huge, so I don't think it's a question of where it appears. I think it's actually essential that we address it as equivalent to some of the most sensitive privacy information that we potentially have both in our Privacy Act and in other legislative instruments where that same data is touched on.