Information & Ethics Committee on June 15th, 2017

I think whenever we hear about this regressive rolling back of privacy protections that were hard fought for, of course there is concern.

It's not clear to me the degree of risk that Canadians face, but the reality is that our online lives are not constrained by borders. We deal with U.S. companies, and we browse sites owned by U.S. companies. I don't know for sure, but my speculation would be that we should be concerned, because our information is bound to be caught up in exactly the same net that American information is going to be caught up in, in that there is no regulation about not sharing this kind of information.

Where there is some level of protection in Canada, obviously when we're talking about a law referring to ISPs, is that most of us probably have subscriptions with a Canadian service provider here in Canada, but then many of these telecommunications companies have global reach and are networked together in ways, some of which we know and some of which, as ordinary citizens, many of us don't. But, again, that would put information at risk potentially through those kinds of connections.

I have nothing substantial to add to that.

Yes, I think there is going to be a huge push-back and there already has been. The first battle over net neutrality was waged here. I think people are expecting round two.

This is a huge issue. The same community and the same coalition that fought for net neutrality the first time around is still engaged. I would say the same on the issue of ISPs.

I think, in fact, perhaps Congress was surprised by the extent to which this issue actually received a lot of coverage and a lot of attention, and got a lot of push-back, more than expected.

We don't know much beyond those numbers. There is currently a pending lawsuit seeking more information, seeking specifically the records that you mentioned: nationality of individuals searched along with the reasons.

We don't. The ACLU got some records in about 2008 to 2010, and about half of the searches conducted in that period, I would say, were of U.S. citizens, but we don't know about the other half.

We don't know systematically. Individuals who are U.S. citizens who have been aggrieved by a device search may sometimes file an administrative complaint seeking access to the records that were retained from their phone. That might give individuals an indication of what was taken from their phone, what records or notes were kept by the government. But we don't have a systematic policy stating what's being searched, what the search terms are, what's being retained. We do know that the government is supposed to destroy copies of information from a search if it finds no probable cause of an offence having been committed. Again, we don't know how often they find probable cause, how often they destroy information as they are supposed to according to the policy. This is all information that hasn't been revealed.

We don't know a lot in the Canadian context. CBSA has not provided the numbers that ACLU can provide for electronic device searches in the U.S. We don't even know the rough number of devices searched, never mind what they're looking for. We don't know what they're looking for necessarily. We don't know what's being retained. We don't know how long they can keep it. So there's a really big information vacuum.

If you go back to the level of anecdote and away from systematic collection of data, we hear stories about phones that are ostensibly being searched to look for receipts for goods that are being brought across the border, which makes perfect sense, and then the email is closed and they go off on a hunt through photos just to see if they might have anything racy.

It's hundreds of millions.

You bet. The first thing that's wrong with the interim guidelines is that we don't know whether they're being followed. They don't have the force of law. They are guidance. We would hope that they're being used, but we don't actually know, and we have no means of enforcing them if they're not.