Thank you, Mr. Chair.
On behalf of the Canada Border Services Agency, I am pleased to be here to contribute to your ongoing discussions regarding privacy at Canada's airports and borders. With me today is Robert Mundie, acting vice-president of the corporate affairs branch and the agency's chief privacy officer.
The CBSA is committed to maintaining both an individual's right to privacy and the safety and security of Canadians. Our officers are trained to conduct all border examinations with as much respect for privacy as possible.
The CBSA's information collection has always maintained a balance between protection of the border and national security, while safeguarding the privacy of the information with which we have been entrusted.
Currently, under the authority of the Customs Act and the Immigration and Refugee Protection Act, we collect routine, biographical data from the passport—name, date of birth, and citizenship—and some biometric information, such as fingerprints, in certain visa-required situations.
This information is shared with international partners when and where necessary, and is covered by legislation, international treaties, and bilateral information sharing agreements.
Collection is almost always done through automation, for instance, by scanning the machine readable zone of a passport to reduce the possibility of error. Once collected, the information can be shared systematically or on a case-by-case basis.
For example, data is routinely and systematically shared with Immigration, Refugees and Citizenship Canada, and with Statistics Canada, and can be shared on a case-by-case basis with the RCMP and CSIS pursuant to an active investigation.
Robust privacy programs and policies are in place to guide information sharing and use.
We have a statement of mutual understanding, in addition to various memoranda and information sharing agreements, with the United States, highlighting privacy principles that both parties will adhere to with respect to personal information.
We also consult regularly with the Office of the Privacy Commissioner, and have prepared detailed privacy impact analyses for various initiatives.
For example, the entry/exit initiative, or Bill C-21, has submitted a PIA for each phase of the project and has implemented all of the Privacy Commissioner's recommendations. We will further engage the OPC should Bill C-21 receive royal assent.
We protect personal information through restricted system access with user profiles. In addition, detailed instructions have been provided to users on how information can be shared. For instance, they must adhere to strict information retention and disposal schedules.
Individuals may submit an access to information request to the CBSA to obtain their travel history, including records of entries and, for third country nationals and permanent residents, their exit from Canada.
In the event of any questions or discrepancies, individuals can request that the CBSA amend or correct the information. If the CBSA agrees that information should be changed, it will also automatically and systematically inform any party who received the information of that correction.
In summary, the agency collects information to support its mandate with respect to national security, border management, and immigration program integrity. It shares information only when it's relevant, proportionate, and necessary to the administration of customs and immigration law.
Before concluding, I would like to say a few words regarding an issue that I know is of interest to the committee, the searches of electronic devices at the border.
As the committee is aware, courts have long upheld that travel across international borders is voluntary, and that there is a lower expectation of privacy when travelling, particularly when entering or leaving a country's borders.
The agency uses many avenues to inform the travelling public of their rights, their obligations, and what they should expect. Travellers are aware that they, and their goods, may be subject to thorough examination.
The Customs Act gives border services officers the authority to examine goods for customs-related purposes. In this context, goods are defined in section 2(1) of the act to include “any document in any form,” which therefore encompasses electronic documents.
The examination of digital devices and media must always be performed with a clear link to administering and enforcing CBSA-mandated program legislation that governs the cross-border movement of people and goods. Individuals also have the obligation under section 13 of the Customs Act to present and open their goods if requested to do so by an officer. Because a password may be required to open and examine documents on an electronic device, officers may compel a traveller to provide it in order to allow for the fulfillment of that traveller's obligations. The examination of electronic goods may uncover a range of customs-related offences. For example, electronic receipts may prove that goods have been deliberately undervalued or undeclared. Electronic devices may also harbour prohibited goods such as child pornography. I would like to underline, however, that CBSA policy is clear: electronic devices should not be searched as a matter of routine.
In fact, officers are instructed not to do so unless there are a number of indicators that a device may contain evidence of a contravention.
It is agency policy to turn off wireless and Internet connectivity when examining a device to ensure that the examination does not extend to material not stored directly on the device. This means that information stored remotely but accessible from mobile devices or laptops—such as social media accounts or computing clouds—cannot be searched. Officers cannot compel individuals to provide passwords for accounts that are stored remotely or online.
In conclusion, the CBSA takes its privacy protection responsibilities seriously.
We welcome the views of the Privacy Commissioner and we will continue to work with his office to strengthen our information-sharing activities and the way we collect, store, retain and dispose of personal information.
Thank you, Mr. Chair. We would be pleased to answer any questions from the committee.