Public Safety Committee on Oct. 24th, 2017

My understanding is that if the bill were to lead to more complete databases, by which I mean both the U.S. and Canadian governments would have a complete picture of a traveller's entries and exits over time, that could certainly paint a very detailed picture of a person's life. That information existing for a lengthy period of time can pose privacy risks, both because of the risk of the information getting out—being stolen—and because it could be shared with other government agencies for whatever purpose it may be.

On the question on the integrity of the borders, there are mechanisms to make sure that the trusted trader programs are properly supported, such as the free and secure trade program, as well as the U.S. customs trade partnership against terrorism, and the Canadian partners in protection program. The more those kinds of programs are supported and expanded, the better that scenario will be addressed. We're dealing with the ability for supply chain security all the way back to the factory, if it's a manufactured good, through to the destination, rather than just the transaction at the border. By then it's too late.

I know there's been a lot of attention particularly with CBRN, chemical, biological, radiological, and nuclear, in terms of detection, but certainly the ability to install detection portals is one approach that has been taken. There have been tests on the Canadian side. CBP has wide deployments. At this stage that's as much detail as I have for this committee off the top of my head.

If I can clarify, are we talking about the air mode or other modes, or just in general?

Through the chair, it is our expectation in the deployment of this that there would be no fees added on a transaction or other basis to pay for any kind of data system. Based on the way that Bill C-21...and the implementation to date, and in terms of information sharing, the idea is to reduce duplication and reuse data that's already available: exiting Canada as the entry record to the U.S. and exiting the U.S. as the entry record to Canada. Those are the efficiencies that would be gained from that as opposed to a transactional fee.

Thank you.

Once again, I want to thank the committee for inviting me to testify.

I would urge you, Mr. Chair, simply to consider in any new policy or new information sharing agreement to not discount the very real privacy concerns, and in fact, simply to weigh them in the balance. I think travellers to the U.S. and travellers to Canada undoubtedly value their privacy. There's no doubt about that. I don't wish to undercount the importance of the trade and the travel between the two countries, and the necessity of making their profits easier for all, which I think is a benefit, but I do think it is important for the committee to simply consider the steps or the changes that can be made that would ensure that the privacy interests are adequately balanced. I think that people increasingly are aware of the existence of massive quantities of data on them that are held not only by governments but by private parties. We've seen a rise in people taking steps to protect their privacy, to minimize the data that they put out into the world. I don't think this is any less true of travellers between both countries, and I think that people are increasingly concerned about such things as hacking of information and hacking of databases, of which even governments are vulnerable. I would conclude simply with that: the privacy considerations should be weighed.

I have not run into any appreciable differences. I know there's currently a large debate happening in the United States very much focused on data privacy. I'm less familiar with how that debate has concretely taken place in Canada.

I have two points. Both countries are going through the same phenomenon in terms of the expectation of privacy from the public overall, particularly with the very same mechanisms we spoke about earlier in the committee. The social media mechanisms, the habits of publishing photographs, posts, anything in the public domain have certainly shifted the way privacy is perceived in both countries, and the expectation of privacy, I would argue, compared to a discussion like this 20 years ago, would be quite low.

Specific to both countries and the approach on topics like this, the IRCC testimony before this committee, Mr. Chair, homed in on a key term, that there has been an examination on using privacy by design. I know that just from the standpoint that at Can/Am BTA, we've had speakers present on privacy by design. It is encouraging that this is being looked at early on, in addition to the requirements of the privacy impact assessments that are required. In the previous administration, in October 2010, the privacy commissioners around the world all endorsed privacy by design as a new standard to aspire to in terms of developing programs. That is integral for the fidelity of any idea that uses big data going forward, because at the onset, there is thinking around the issues of retention, who has access, and those kinds of things built right into the development of systems, rather than simply the submission of an impact assessment.