Evidence of meeting #79 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cbsa.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Wesley Wark  Visiting Professor, Graduate School of Public and International Affairs, University of Ottawa, As an Individual
Esha Bhandari  Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union
Solomon Wong  Executive Board Member, Canadian/American Border Trade Alliance

10:20 a.m.

NDP

Matthew Dubé NDP Beloeil—Chambly, QC

Thank you, Chair.

Ms. Bhandari, I want to go back to the retention thing, but just before that, I want to look at.... I was looking at the DHS report on phase 3 of the entry-exit border agreement, the Beyond the Border agreement, from last fall if I'm not mistaken, 2016. There is a part in here talking about privacy risk and mitigation which says, “CBSA permits CBP to use CBSA land border crossing data for: immigration management; law enforcement; national security; counterterrorism; public health and safety; and to the extent required by U.S. law”.

I'm wondering if you can speak to the concerns associated with having such a broad, open potential use of Canadians' data that we have agreed to share in this way, in relation to some of the privacy protections you were speaking about, because despite what I seem to be hearing from colleagues, there is an agreement in place to share that information, as you can tell from that excerpt of the DHS report.

10:20 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

I think it needs to be credited as relevant to the committee. I would just note, Mr. Chair, that the Privacy Act protections that I mentioned, which have now been rescinded from data involving non-U.S. citizens, or non-green card holders, I think leaves it as an open question as to what the limits are on sharing of information pertaining to Canadian citizens.

As mentioned through the information sharing agreement, I think it is not clear whether there are any limitations on how that information shared with the U.S. government will in turn be protected by the U.S. government, and whether it can be shared across U.S. government agencies and to the public, or shared with other countries.

The default protection for a U.S. citizen is the Privacy Act. In the absence of the Privacy Act, there are not necessarily clear protocols and it might even vary from agency to agency in the United States.

10:20 a.m.

NDP

Matthew Dubé NDP Beloeil—Chambly, QC

Thank you.

I will just go back to the idea of retention, and you already alluded to this in terms of future law enforcement needs. There is the 75-year period, which, let's face it, is, essentially as optimistic as we may be, someone's lifetime. But then in the same report on the same issue of entry-exit information, which is the bill before us, we see that any IIS, Internet information services, records that are linked to active law enforcement lookout records, CBP enforcement activities, or investigations will remain accessible for the life of the law enforcement activities to which they are related.

In the context of, for example, any kind of racial profiling happening at the border, which arguably could fall under CBP enforcement activities and things of that nature, are you concerned with that openness to the retention of data on someone in that particular context? Because, let's face it, any time there is profiling going on those categories could be used as justification for some kind of ongoing activity, or even with false positives as another example.

10:20 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

There is certainly a risk of false positives and there is also a risk of disproportionate data retention, meaning that if there aren't safeguards against racial profiling on either side of the border with information that is then collected and shared between both countries, there is the concern that the databases of information skew disproportionately on the basis of those who have been profiled. That, again, contributes to the unequal treatment of individuals' privacy rights and data if some subset of travellers are more likely to have their information shared and retained. That is certainly a concern.

10:25 a.m.

NDP

Matthew Dubé NDP Beloeil—Chambly, QC

There are colleagues reading more excerpts, but there is a sense that you get, reading through this report, that there are a lot of letters of intent and memorandums of understanding, and so forth.

Does your organization, with regard to how people are treated on both sides of the border, have concern about the extent to which many of these aspects of the agreement—length of retention, types of data retained, and the way in which it's shared—are relying on essentially, not to be too crass about it, a piece of paper, and not actually having any kind of legal force?

10:25 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

I think that such agreements can be one tool if they are in fact enforced.

As an example, when the executive order on Privacy Act protection being removed from non-citizens was passed, the ACLU sent a letter to the European Parliament and the European Commission letting them know that U.S. assurances under pending agreements with the EU may be called into question now because those agreements that permitted data sharing between the EU and the U.S. relied on certain protections and guarantees of how information would be retained, and limiting access and limiting its use.

Certainly we think that if those agreements exist, they should be enforced, and particularly if those agreements form the basis for the information sharing.

10:25 a.m.

NDP

Matthew Dubé NDP Beloeil—Chambly, QC

Great. Thank you very much.

I just want to end with you, Mr. Wong. I have a question.

You mentioned false positives. Are there concerns from any members of your organization, given that this information is going to be shared through different government departments to enforce different programs, of having folks who perhaps regularly cross the border, with whom I'm sure you work on many occasions, flagged erroneously by this kind of program, as different departments attempt to crack down on the use of different government programs, for example?

10:25 a.m.

Executive Board Member, Canadian/American Border Trade Alliance

Solomon Wong

Mr. Chair, I don't think there are any direct concerns around how prescribed uses of data would provide tools to make the border more secure and efficient.

But in the implementation of name matches, I think there is a lot more attention that needs to be paid in terms of the mechanisms for recourse and other things that other witnesses have raised. This does become important from both an efficiency standpoint in terms of just making sure you don't have a lot of people who are stuck in secondary...which is the additional process for more scrutiny—

10:25 a.m.

NDP

Matthew Dubé NDP Beloeil—Chambly, QC

I don't mean to cut you off, but I'm on my last 10 seconds. Would it be appropriate for the recourse to take place directly vis-à-vis CBSA?

10:25 a.m.

Executive Board Member, Canadian/American Border Trade Alliance

Solomon Wong

Can/Am BTA doesn't have a stated position on that topic itself, but my personal view is that it is inherently complex to find your way to the part of the Government of Canada where you would get a recourse mechanism. Passenger protect has its own. You have different channels, and there's certainly room to make that simpler.

10:25 a.m.

Liberal

The Chair Liberal John McKay

Thank you, Mr. Dubé.

Monsieur Picard, you have seven minutes, please.

October 24th, 2017 / 10:25 a.m.

Liberal

Michel Picard Liberal Montarville, QC

Thank you.

Mr. Wong, I would like to hear from you on the trade side of things. Do I understand correctly that you think Bill C-21 should be one of many tools to increase and facilitate trade between the two countries and to do so in a more efficient way?

10:25 a.m.

Executive Board Member, Canadian/American Border Trade Alliance

Solomon Wong

We do see provisions, Mr. Chair, that provide additional powers related to outbound inspections. Certainly from the use of the powers, we'll have to see what that means in practice. We have seen the responses from CBSA to the committee on some of the questions on that, but it's something that, again, will depend on how things are exercised in practice.

The U.S. and Canada largely have co-operated a lot in terms of data elements and different things already, in terms of manifest information on shipments. Certainly the approach and moving towards other initiatives unrelated to Bill C-21 around single window and those kinds of things are still very important, but they are outside of the relevance of this particular piece of legislation.

10:25 a.m.

Liberal

Michel Picard Liberal Montarville, QC

In terms of the proposed changes to subsection 95(1) in part V of the Customs Act, besides the transit issue, it has been suggested that from now on people would have to declare everything to customs, every bit and piece of information—contents, goods, whatever—before leaving the country. In fact, exportation in part V of the Customs Act is much more elaborate than just section 95, and people are not supposed to declare everything, except what is regulated.

Is it your understanding that the changes that are suggested in the new section 95 will change that, or is it just a matter of precision with respect to transit and answering the customs officer if someone asks you a question?

10:30 a.m.

Executive Board Member, Canadian/American Border Trade Alliance

Solomon Wong

Our understanding of the use of that section is that it's a power that's available for additional questions, just as there are separate provisions already dealing with currency. The expansion under Bill C-21 as proposed would allow for an officer, a BSO, if they do need to ask somebody a question about goods in their possession that may be controlled exports, to be able to answer truthfully.

10:30 a.m.

Liberal

Michel Picard Liberal Montarville, QC

It's pretty much business as usual with an exception where required. A customs officer may act on specific cases.

10:30 a.m.

Executive Board Member, Canadian/American Border Trade Alliance

Solomon Wong

That's our understanding in terms of the enforcement power that's provided for questions and a potential investigation.

10:30 a.m.

Liberal

Michel Picard Liberal Montarville, QC

Thank you.

Ms. Bhandari, if I go into the U.S., my phone and computer may be searched, and all the content in it may be looked at, and I can't do anything about that. Is that what you said?

10:30 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

If it's just a visitor, not someone who has a lawful permanent resident status in the United States, then individuals who don't consent to have their devices searched or who don't consent to answer all questions may be turned away.

10:30 a.m.

Liberal

Michel Picard Liberal Montarville, QC

Does that also apply to the professionals who are going to work in the U.S. for a few days or a few weeks? Are they subject to a search?

10:30 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

Yes, all visitors, regardless of the length of time, are subject to search.

10:30 a.m.

Liberal

Michel Picard Liberal Montarville, QC

What if that happened the other way around? If a U.S. citizen's iPhone and computer are searched by a foreign government, does he have any recourse? Does he have any tools, any way to go against that or prevent it? How does the U.S. treat its own citizens in a similar case the other way around?

10:30 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

To my knowledge there isn't any legal recourse, at least not through the U.S. system, for American visitors travelling abroad.

One of the reasons we advocate for limitations on the U.S. government not only on device searches—which I understand are not an issue in the bill under consideration—but in terms of the questions asked and the information recorded, is that other governments may behave in a reciprocal manner. They might similarly demand information about people's activities and record, retain, and share that information in a way without limitations. Our concern is that if this becomes a worldwide norm, that will have implications for freedom of speech, freedom of association, human rights, and people's ability to travel freely without concern that their privacy will be unduly burdened.

Certainly there's a concern that whatever the U.S. government implements in terms of a policy of data retention will be copied by other governments, and that there will be limited recourse for people who face the choice of either travelling or not.

10:30 a.m.

Liberal

Michel Picard Liberal Montarville, QC

What about the concern about the privacy side of it? My data will be gathered in a database, handled by CBSA or whatever customs power. There's nothing I can do against someone who decides to steal a database and sell it to someone. To a certain point there's a limit to my own security, regardless of the technology I use.

10:30 a.m.

Staff Attorney, Speech, Privacy, and Technology Project, American Civil Liberties Union

Esha Bhandari

That is certainly a reason, Mr. Chair, to think hard about the amount of information that is retained and collected in the first place. There are concerns about the security of data any time it exists, and any time it exists for a long period of time. Any time more information is collected than is strictly necessary for the government activity at issue, that is a concern.