Evidence of meeting #104 for Access to Information, Privacy and Ethics in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was use.
A recording is available from Parliament.
11:50 a.m.
Conservative
The Chair Conservative John Brassard
Thank you, Mr. Villemure.
We'll go to Mr. Green for two and a half minutes. Then we'll go to Mrs. Kusie for two and a half minutes, and then Ms. Damoff. That will complete the round.
Mr. Green.
11:50 a.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Thank you very much.
I think one challenge we have is that we're only ever in these committees having these discussions kind of after the fact. We know that with the on-device technology the RCMP was using, there was no proactive disclosure there. It took some revelations around procurement for us to find that out. Now we're here in the same boat.
Going back to our earlier conversations about finding and pinpointing key recommendations to this committee, with your experience on access to information and on procurement, what are some ways that we can create a culture of proactive disclosure so that people have a better understanding of what the government is doing?
11:55 a.m.
Associate Professor, As an Individual
If we go back to the model where the OPC would have a role in procurement, then we'd have a reporting mechanism. Instead of having agencies making up their minds about what they do on their own, there's an obstacle there. There's a step that everybody has to pass through where information becomes public and where a committee like this could be asked to review a certain technology before it's used. Right now, it's really all pretty piecemeal.
11:55 a.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Yes, it's very piecemeal. We heard that as a consistent reflection from the departments. Each of them was picking and choosing its own adventure. Some of them were saying they had various forms of a privacy impact assessment. I also picked up that some of them were not assessing the actual tool, but their “programs”.
Why do you think it would be a problem to have a PIA on a program rather than the specificity of the tool?
11:55 a.m.
Associate Professor, As an Individual
Tools change all the time and their abilities change all the time. The programs are probably too general to capture the evolving capabilities of tools.
11:55 a.m.
NDP
Matthew Green NDP Hamilton Centre, ON
In your opinion, having a broad look at this entire sector of technology, is it safe to say that in both the private and the public sector, this is a completely unregulated field?
11:55 a.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Is it safe to say that in light of disinformation, misinformation and the ability for surreptitious surveillance to create profiles that form algorithms, both in the public and in the private sector, we need to have a framework in place that safeguards Canadians' data sovereignty?
Can you comment a bit on data sovereignty as an effective means for protecting our democratic institutions?
11:55 a.m.
Associate Professor, As an Individual
I couldn't say whether or not data sovereignty is out of the scope of the conversation. I think that—
11:55 a.m.
NDP
Matthew Green NDP Hamilton Centre, ON
I just put it in the scope of the conversation. What's your opinion on data sovereignty?
11:55 a.m.
Conservative
The Chair Conservative John Brassard
We're going to need a very quick opinion, please, or you can put it in writing.
11:55 a.m.
Conservative
The Chair Conservative John Brassard
Okay, it's the same thing. Submit it by one week from today at five o'clock, if you don't mind, Mr. Light.
Thank you, Mr. Green.
We now go to Mrs. Kusie for two and a half minutes.
11:55 a.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Thank you, Chair.
Thank you, Professor Light, for being here today.
Given your concerns about the lack of transparency and oversight by the current government, are you concerned when the President of the Treasury Board, the person who's supposed to be responsible for enforcing these privacy impact assessments, states that it's the job of each institution and each department to enforce this compliance themselves?
11:55 a.m.
Associate Professor, As an Individual
Yes, it's a problem, but I don't think it's necessarily limited to the current government.
This directive actually originates in 2002. This was misstated by various witnesses at this committee, who were basing this on the 2018 directive. The original directive was in 2002. I think it's been ignored since 2002.
11:55 a.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Further to your comments about oversight and transparency, we are running into this problem in our study in the government operations committee. For example, we have the individual who recently conducted the internal investigation, the executive director of professional integrity, reporting to the head of the CBSA.
We've recently seen two data breaches within the government. On November 18, 2023, it was reported by CTV that the information, both personal and financial, of the RCMP and the Canadian Armed Forces was compromised, with this breach going back as far as 1999. Second, just a few days ago, on February 12, it was reported that a subcontractor of Canada Life also had their information breached. These are two very specific examples relative to both public servants and government agencies.
Would you say that the cloud environment and these tools that you mentioned provide for a greater possibility for more breaches like these?
11:55 a.m.
Associate Professor, As an Individual
Yes, definitely. For instance, if government information is on the cloud and people access it through the cloud on a device, then that could be a possibility.
11:55 a.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Excellent.
You stated recently that Canada has entered an era of “normalization” of surveillance. Can you expand specifically beyond that, please?
11:55 a.m.
Associate Professor, As an Individual
Sure. I don't think we've entered it; I think it goes back a very long time. For instance, in my work looking at how we use radio waves to do surveillance in Canada, CSIS has had the authority from, at that time, the Department of Communications to use the airwaves to surveil domestically since 1991.
I think surveillance is something that will always be within and outside of government. I don't think it's necessarily that surveillance has become normalized. I think it's [Inaudible—Editor] that it's used. I think the lack of regulation and transparency around it has become normalized.
Noon
Conservative
The Chair Conservative John Brassard
Thank you, Mrs. Kusie and Mr. Light.
Ms. Damoff, go ahead for two and a half minutes.
Noon
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
Thank you, Chair.
Thank you to our witness for being here today.
I wanted to talk a little bit about the use of work phones. I've mentioned this previously. In 1996, in the days before we even had cellphones, I was working at Midland Walwyn. I had to sign something that said my work computer was to be used for work only.
When we talk about consent, I think employees should have a good sense that the work phone that they're given is to be used for work purposes only. Would you agree with that?
Noon
Associate Professor, As an Individual
I would, but with the caveat that as technology advances, we see a really big merger of the private and the professional.
February 15th, 2024 / noon
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
I'm not saying that people don't use it for private reasons, but there is an expectation that your employer, whether you work for the government or whether you work for an investment bank, is giving you a tool to help you with your job, not to allow you to do something out of work.
I want to share with you some of the testimony we got previously from Shared Services Canada. The witness said, “while the initial media coverage referenced spyware, I want to assure you that under no circumstances is this an accurate description of the tools used by SSC.”
They also said:
Investigations happen only when there's a credible allegation of employee wrongdoing and to ensure the security of government networks upon which Canadians depend. Impacted employees are always made aware of the conduct of these investigations, and procedural fairness is ensured.
We heard similar testimony from CBSA, where there's only a warrant. It's not when they take your phone during a secondary screening. It's only when they have a warrant.
Then the RCMP said, “The media reports suggesting that these digital forensic tools are considered spyware are inaccurate...and I will clarify”. He said, “These tools are used on digital devices that are lawfully seized through criminal investigations.”
I guess my question is this: Do you think these people are telling the truth when they come to committee to say these things?
