Evidence of meeting #69 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cbsa.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

John Stroud  Vice-President, Corporate Services and Corporate Secretary, Canadian Air Transport Security Authority
Martin Bolduc  Vice-President, Programs Branch, Canada Border Services Agency
Robert Mundie  Acting Vice-President, Corporate Affairs Branch, Canada Border Services Agency
Natalie Sabourin  Manager , Information Management, Privacy and ATIP, Canadian Air Transport Security Authority
David Fraser  Executive Member, Privacy and Access Law Section, Canadian Bar Association
Cyndee Todgham Cherniak  Member-at-Large, Commodity Tax, Customs and Trade, Canadian Bar Association
Michael Geist  Canada Research Chair in Internet and E-commerce Law, Faculty of Law, University of Ottawa, As an Individual
Kris Klein  Partner, nNovation LLP, As an Individual

3:30 p.m.

Conservative

The Chair Conservative Bob Zimmer

Good afternoon, everyone. I think we're ready to go. We have quorum.

Welcome to the Standing Committee on Access to Information, Privacy and Ethics. Today's meeting is number 69. We're studying the privacy of Canadians at airports, borders, and travelling in the United States.

I would like to welcome from the Canadian Air Transport Security Authority, John Stroud, who is the vice-president, corporate services and corporate secretary; and Natalie Sabourin, manager, information management, privacy and ATIP; from the Canada Border Services Agency, Robert Mundie, acting vice-president, corporate affairs; and Martin Bolduc, vice-president, programs branch. We'll start with Mr. Stroud for 10 minutes.

3:30 p.m.

John Stroud Vice-President, Corporate Services and Corporate Secretary, Canadian Air Transport Security Authority

Thank you very much. I'll offer some very brief remarks.

As you said, I'm from the Canadian Air Transport Security Authority, CATSA, and I'm joined by my colleague Natalie Sabourin. She's the manager responsible for privacy and ATIP. To remind you, CATSA is responsible for security at airports. We're responsible for outgoing passengers, in comparison to my colleagues who are responsible for inbound. Our mandate focuses on the screening of passengers and their baggage, also airport workers who get into the restricted area at the airport. We also offer a restricted area identity card.

In terms of privacy and the retention of information at CATSA, we have four programs in place, and I'd be happy to tell you about any of them. One is what we call our boarding pass scanning system, which scans the passenger's boarding pass when they arrive at the checkpoint. Another is CCTV cameras that we have for the checkpoint. The third is a database where we store incident information. The last is to connect with the NEXUS card.

That's an overview of the areas where we keep personal information, but we don't share information with the United States. With that brief introduction, I'd be very happy to respond to any privacy-related questions you have.

3:30 p.m.

Conservative

The Chair Conservative Bob Zimmer

At one minute and 41 seconds that has to be a record for the opening statement. Congratulations.

We'd like to welcome Mr. Bolduc from the Canada Border Services Agency. Go ahead for 10 minutes.

3:30 p.m.

Martin Bolduc Vice-President, Programs Branch, Canada Border Services Agency

Thank you, Mr. Chair.

On behalf of the Canada Border Services Agency, I am pleased to be here to contribute to your ongoing discussions regarding privacy at Canada's airports and borders. With me today is Robert Mundie, acting vice-president of the corporate affairs branch and the agency's chief privacy officer.

The CBSA is committed to maintaining both an individual's right to privacy and the safety and security of Canadians. Our officers are trained to conduct all border examinations with as much respect for privacy as possible.

The CBSA's information collection has always maintained a balance between protection of the border and national security, while safeguarding the privacy of the information with which we have been entrusted.

Currently, under the authority of the Customs Act and the Immigration and Refugee Protection Act, we collect routine, biographical data from the passport—name, date of birth, and citizenship—and some biometric information, such as fingerprints, in certain visa-required situations.

This information is shared with international partners when and where necessary, and is covered by legislation, international treaties, and bilateral information sharing agreements.

Collection is almost always done through automation, for instance, by scanning the machine readable zone of a passport to reduce the possibility of error. Once collected, the information can be shared systematically or on a case-by-case basis.

For example, data is routinely and systematically shared with Immigration, Refugees and Citizenship Canada, and with Statistics Canada, and can be shared on a case-by-case basis with the RCMP and CSIS pursuant to an active investigation.

Robust privacy programs and policies are in place to guide information sharing and use.

We have a statement of mutual understanding, in addition to various memoranda and information sharing agreements, with the United States, highlighting privacy principles that both parties will adhere to with respect to personal information.

We also consult regularly with the Office of the Privacy Commissioner, and have prepared detailed privacy impact analyses for various initiatives.

For example, the entry/exit initiative, or Bill C-21, has submitted a PIA for each phase of the project and has implemented all of the Privacy Commissioner's recommendations. We will further engage the OPC should Bill C-21 receive royal assent.

We protect personal information through restricted system access with user profiles. In addition, detailed instructions have been provided to users on how information can be shared. For instance, they must adhere to strict information retention and disposal schedules.

Individuals may submit an access to information request to the CBSA to obtain their travel history, including records of entries and, for third country nationals and permanent residents, their exit from Canada.

In the event of any questions or discrepancies, individuals can request that the CBSA amend or correct the information. If the CBSA agrees that information should be changed, it will also automatically and systematically inform any party who received the information of that correction.

In summary, the agency collects information to support its mandate with respect to national security, border management, and immigration program integrity. It shares information only when it's relevant, proportionate, and necessary to the administration of customs and immigration law.

Before concluding, I would like to say a few words regarding an issue that I know is of interest to the committee, the searches of electronic devices at the border.

As the committee is aware, courts have long upheld that travel across international borders is voluntary, and that there is a lower expectation of privacy when travelling, particularly when entering or leaving a country's borders.

The agency uses many avenues to inform the travelling public of their rights, their obligations, and what they should expect. Travellers are aware that they, and their goods, may be subject to thorough examination.

The Customs Act gives border services officers the authority to examine goods for customs-related purposes. In this context, goods are defined in section 2(1) of the act to include “any document in any form,” which therefore encompasses electronic documents.

The examination of digital devices and media must always be performed with a clear link to administering and enforcing CBSA-mandated program legislation that governs the cross-border movement of people and goods. Individuals also have the obligation under section 13 of the Customs Act to present and open their goods if requested to do so by an officer. Because a password may be required to open and examine documents on an electronic device, officers may compel a traveller to provide it in order to allow for the fulfillment of that traveller's obligations. The examination of electronic goods may uncover a range of customs-related offences. For example, electronic receipts may prove that goods have been deliberately undervalued or undeclared. Electronic devices may also harbour prohibited goods such as child pornography. I would like to underline, however, that CBSA policy is clear: electronic devices should not be searched as a matter of routine.

In fact, officers are instructed not to do so unless there are a number of indicators that a device may contain evidence of a contravention.

It is agency policy to turn off wireless and Internet connectivity when examining a device to ensure that the examination does not extend to material not stored directly on the device. This means that information stored remotely but accessible from mobile devices or laptops—such as social media accounts or computing clouds—cannot be searched. Officers cannot compel individuals to provide passwords for accounts that are stored remotely or online.

In conclusion, the CBSA takes its privacy protection responsibilities seriously.

We welcome the views of the Privacy Commissioner and we will continue to work with his office to strengthen our information-sharing activities and the way we collect, store, retain and dispose of personal information.

Thank you, Mr. Chair. We would be pleased to answer any questions from the committee.

3:40 p.m.

Conservative

The Chair Conservative Bob Zimmer

Thank you for your testimony.

Mr. Saini has the first round of questions for seven minutes.

3:40 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

Good afternoon. Thank you very much for being here.

One of the questions I had, and I asked this of a previous witness, was on the executive order that was issued by President Trump a while ago removing the fact that privacy would not be extended to non-U.S. citizens. This question may not be clearly for CATSA, but it may be for the CBSA. What does this mean for Canadians? Can you highlight how you feel this is going to affect us?

3:40 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

Well, unfortunately, it's very difficult for me to comment on U.S. policies and legislation, so I wouldn't be able to offer any comments on your question.

3:40 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

Do we have no strategy of how we're going to deal with this at all?

3:40 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

We engage with colleagues from U.S. border protection on making sure that any agreements we have in place and the rules under which we share information and how we protect it are respected. Any information that we share with the U.S. would be managed through those MOUs and treaty. As for the general passage of people at the border and what is collected by U.S. officials, I cannot offer any comments on that.

3:40 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

When you talked about passwords, you were very clear in stating that there should be a lower expectation of privacy at the border and that, if there are certain devices you or the border officials felt could lead to some sort of finding of some information on the password device, that device had to be, I guess, demobilized in the sense that it cannot connect to the Internet, cannot go to a cloud or anywhere like that, and you cannot check any social media.

What is the reverse if a Canadian is coming through the American border? Are the rules the same, or is there a discrepancy in the rules?

3:40 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

I don't know about the rules that apply on travellers entering the U.S. I'm sorry.

3:40 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

Okay. I have no further questions then.

3:40 p.m.

Conservative

The Chair Conservative Bob Zimmer

You're only two minutes in, so you have five more minutes.

3:40 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

I guess I'll go to CATSA. If people are coming to the border going outbound—this is a general question for both of you—is there some advice you can give in terms of electronic devices? How should Canadians react at the border? What should they expect? What improvements might be made? What shortcomings do you feel are there that maybe we can improve upon?

3:40 p.m.

Vice-President, Corporate Services and Corporate Secretary, Canadian Air Transport Security Authority

John Stroud

When you're going through the security checkpoint, you need to be sure that your device can be powered on. We're looking at it from a security point of view. We're not looking at it from a privacy point of view. We ask that the device be able to be powered on, and that's it.

3:40 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

As for CBSA, I think it's important to address the myth that we often go into the personal phone of travellers. This is not the case. We conduct our examination in a progressive fashion. As we've built elements to go further in the questioning and the examination, that will eventually lead us, if we have enough grounds, to ask for a cellphone and ask the traveller to provide us with the password to be able to look into it.

The general public should not fear carrying their electronic devices across borders. As with any other electronic devices, we should be mindful of what we have on them. If we feel that there is confidential information related to business practices or you're involved in an investment and you don't want that information to be made public, or you want to keep it private, well, you shouldn't have it on your personal devices. That would be a general rule of thumb I would give to anybody.

3:45 p.m.

Conservative

The Chair Conservative Bob Zimmer

The next questions for seven minutes go to Mr. Gourde.

September 27th, 2017 / 3:45 p.m.

Conservative

Jacques Gourde Conservative Lévis—Lotbinière, QC

Thank you, Mr. Chair.

My thanks to the witnesses for being here.

My first question is for Mr. Bolduc.

For how many years have you been checking travellers’ electronic devices such as cellphones, iPhones, iTop or other devices?

3:45 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

I wouldn't be able to tell you when we started doing that. I do not have that information with me.

In this day and age, the use of those devices is widespread. Really, someone who does not have a cellphone is the exception.

However, with the permission of the chair, I could check when we started using this practice at our checkpoints.

3:45 p.m.

Conservative

Jacques Gourde Conservative Lévis—Lotbinière, QC

Mr. Bolduc, do you have any statistics on the frequency of inspections? Is one person in five being inspected? Is this done randomly? If there's a reasonable doubt, I understand that you conduct an inspection, but I think it is also done randomly.

Has the frequency of inspections increased in recent years?

3:45 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

I asked my team to find the mechanism that helps us gather that information. Since the public is very interested in this type of activity at the agency, I asked that we be able to keep statistics rigorously in order to make the information public.

The data I can provide is more anecdotal rather than rooted in the reality that our officers experience on a daily basis. However, the agency is committed to computing that data and making it public. I'm talking about the number of inspections of cellular or other electronic devices, and the types of devices that are checked.

3:45 p.m.

Conservative

Jacques Gourde Conservative Lévis—Lotbinière, QC

Were any Canadians surprised by this practice and did they refuse to disclose their passwords when their electronic devices were searched?

3:45 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

Yes, that has happened before.

3:45 p.m.

Conservative

Jacques Gourde Conservative Lévis—Lotbinière, QC

What happens then? Do you inform the person of the regulations and demand compliance?

3:45 p.m.

Vice-President, Programs Branch, Canada Border Services Agency

Martin Bolduc

It depends. We act on a case-by-case basis. In most cases, people co-operate with the authorities at the border. However, in general, an officer may order the disclosure of the password and, if the person refuses and the officer has good reason to believe that there may be prohibited material on the phone, there may be an arrest and perhaps even an appearance in court.