Thank you very much.
My name is James Turk. I'm the executive director of the Canadian Association of University Teachers. We represent 68,000 academic staff at 124 universities and colleges across Canada.
We've had a long concern with lawful access legislation as it has come through its various iterations. I would like to bring to your attention three concerns that we have with Bill C-13.
The first is, as Mr. Geist was mentioning, the reduction in the legal threshold to obtain personal records. The second is that Bill C-13 sets out that ISPs that preserve data or hand it over voluntarily will not incur civil or criminal liability. The third concern is that it adds “national...origin” to the definition of “identifiable group” in the Criminal Code. This is the part of the Criminal Code that relates to hate speech. It provides the possibility of criminalizing political discourse.
Let me deal with the first issue, and that is the lower threshold. Current Bill C-13 provisions for a production order for transmission data and tracking data reduce the threshold—as you know, I hope—from “reasonable grounds to believe” to “reasonable grounds to suspect”. This is a possible next step after a preservation demand or a preservation order for transmission data. The higher threshold—the current threshold—of “reasonable grounds to believe” still applies for production orders that exclude transmission data, so that if you want the content, the request has to meet the standard of “reasonable grounds to believe”. But if you want the metadata, it's only “reasonable grounds to suspect”.
Given the number of requests we know of in Canada in recent time, and given what we know of what is going in the United States.... You'll recall that in June 2013, the FISA court in the U.S. required Verizon to provide the NSA with all its customer metadata within the United States, including local phone calls. As a result, the NSA collected and retained all metadata for every call, every cellphone call, and every smartphone call attempted or made in the United States.
I agree with Mr. Geist that metadata can make the content irrelevant. The data crumbs that we use in communication technology, including the time and duration of the communication, the specific device that is used, and the geolocation, can allow enormous invasion of individuals' privacy rights.
Let's imagine that a member of this committee makes a telephone call to someone and then a week later visits an office building; sometime later makes a second phone call to a different number and a week after that, visits a different office building. What would the analysis of the metadata of this example look like or tell us? Well, if it is fed into a profile, the metadata on the telephone and the devices of the politician could tell a government agency that the first call was to a doctor; the first office building visited was a doctor's office. The second phone call was to a medical specialist; the second office building visit was to that specialist's office.
So what? We know that a politician has visited two doctors. All the government agency would then need to have access to is the Internet activity of that politician to have a very good idea what disease the politician was suffering from or was concerned about, if the member went on the Internet to WebMD.com/colorectal-cancer—or Parkinson's, or HIV.
Arguably, the metadata in the above example—two calls to two doctors, two visits to two separate doctors, and Internet activity in that time period—is as invasive as the content of communications. Bill C-13 lowers the threshold for state surveillance for that politician's visits to the doctors but maintains a higher level for any email message that politician might send to his or her spouse about his or her medical condition.
I can give you loads of other examples in which analysis of metadata can be highly invasive. Communication between a husband and wife can reveal many dynamics of their relationship: where they live, where they work, the time they go to sleep, when they wake up, when they leave home, and whether they're home together or not.
Access to metadata can also determine with reasonable probability that two people share a close relationship, by seeing that their devices are in the same location on repeated nights; or whether a person has a drinking problem from how often there are calls to Alcoholics Anonymous; or whether they are considering an abortion by knowing whether they have made calls to an abortion clinic; or whether they have a gambling problem, from their having made repeated calls to a bookie or to a helpline.
In other words, metadata are retained by an Internet service provider for a long period of time. The collection and analysis of these data in a large pool of metadata allow it to be matched up with real-world events. This makes it easier to get profiles and violate the privacy of individuals without the higher level of authority that would currently be needed in order to tap their telephone. A lower threshold of metadata opens the door to mass surveillance.
The second concern is the ISP immunity for turning over personal data. The Supreme Court, as you know, has reserved judgment on the constitutionality of the state obtaining subscriber information without a warrant under PIPEDA. We're expecting the decision in R. v. Spencer reasonably soon.
Advances in technology and the value of metadata for state surveillance make ISPs in many ways the gatekeepers of Canadians' privacy information. Offering civil or criminal liability exemption for ISPs invites ISPs to aid invasive state surveillance rather than incentivizing ISPs to protect Canadians' personal information with political and legal means. I would expect Telus, or Bell, or Rogers to have as their first interest protecting the confidentiality and the privacy of their subscribers' information. This bill would encourage them to see themselves as partners in state surveillance of their own customers.
The last comment is with regard to the expansion of hate speech to capture political speech. Bill C-13, as I mentioned at the beginning, adds “national...origin” to the definition of “identifiable group” in the Criminal Code. This part of the Criminal Code relates to hate speech. By including national origin as part of the definition of identifiable groups, certain speech—for example, speech critical of a national government, whether it be Israel, or Cuba, or the Ukraine—could be characterized as hate speech. We don't have to remember too far back, just to the 1980s, when a similar provision was used to prosecute persons critical of the apartheid regime in South Africa.
Like others who have appeared before this committee, we would encourage you to split the bill. Combatting cyberbullying is a worthy goal, but expanded surveillance powers over the citizenry by a government has the potential to represent an entire rebalancing between individual freedom and autonomy versus the power of the state. This fundamental tension in democratic society must be approached with care and an almost overabundance of consultation and concern for privacy.
Not doing so—refusing to split the bill and refusing to consider these concerns that Mr. Geist and I have raised—at best will represent for the Government of Canada an exercise in futility. Overreaching legislation will spend the next five to 10 years in the courts, and in our view, will be ultimately struck down as a violation of Canadians' constitutional rights. At worst, refusal to split the bill and revise these sections will increase government surveillance powers at the expense of individual liberty and autonomy, and Canadian citizens will be the worse for that.
Thank you very much.