Information & Ethics Committee on Sept. 18th, 2017

We're talking about two different things here, right?

Can you be specific on the right of redress? What does that actually entail?

I have one final question. From my understanding, when a Canadian border officer searches a phone, that phone has to be disabled and that phone cannot connect to the Internet and it cannot connect to a cloud service. Is it true that the only thing searchable on that device is what's contained in that device?

On the American side, do they have that ability? Is the policy the same?

Thanks very much.

Mr. Kent, you mentioned you had a follow-up.

Yes. It follows on from Mr. Saini's question.

You suggested earlier that if a traveller to the United States, or conversely to Canada, wanted to protect and manage data, they could park it on the cloud and then access it at their destination. Doesn't that suggest that already border security services, both Canadian and American, are somewhat behind the curve? There are those who might have criminal or other evil intent who would then be able to avoid the examination of a personal device and use the cloud to get around it. Besides the naive—

Thank you.

Do you have a follow-up?

I'm confused with the testimony to Mr. Saini and to Mr. Kent because you said that, essentially, the practice in Canada is not to allow our border agencies to take a device, search the device, and then use that device to search the person's cloud information. However, you said both law and practice in the U.S. would allow a U.S. border official to access the cloud through a device. In earlier testimony, you said perhaps if people were worried they could park information on the cloud and then re-access commercial or government information once landed in the U.S. Do you understand? I may have misheard you just as to how the advice given before seems to be contrary to what the reality might be.

Let's say I'm leaving for the U.S. I have highly sensitive government documents on my device, so I park them in the cloud. I go across the border, and they ask for not only my password for my phone, but they say they notice there's a cloud so they'd like the password for my cloud as well.

Therefore, parking information in a cloud going into the U.S. is not actually going to do anything if I have sensitive documents that I would rather not have in the hands of U.S. border officials.

I just wanted to be clear. Again, I'm catching myself up to the technology.

We've noticed these executive orders that have come down from the current administration. In terms of the travelling public, what's the biggest change that's happened since the election of President Trump with respect to the issues that we're dealing with here today? Would there be one significant difference in the way that information is handled or sought versus under the previous administration, or is it more or less a continuance?

A signal was sent.

Mr. Zimmer, I believe, has a short question, and then I have a few questions.

Again, thanks for coming. You talked about the deconstruction of data. I am familiar with databases and with them not being necessarily destroyed like expected. How do we have assurance from the federal government in the U.S. when it says that it's only going to retain specific information for a certain period of time?

How can we be reassured that if it says the information has been deleted that it actually has been? I hate to use that on record, but is it just a simple respect of the other country that it's going to do what it says it's going to do? How do we know if that data has been absolutely destroyed? What can we do if we're suspicious that it hasn't been? Is there any recourse for Canadians?