House of Commons Hansard #80 of the 41st Parliament, 2nd Session. (The original version is on Parliament's site.) The word of the day was agencies.

Topics

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

4:50 p.m.

NDP

The Deputy Speaker NDP Joe Comartin

As we are all aware, the range that we allow for debate in this House on any topic, including this one, is quite broad. I have to say I have been following, to some degree, the point being made. I think I know where the member for Kootenay—Columbia is going, so I am going to allow him to continue.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

4:50 p.m.

Conservative

David Wilks Conservative Kootenay—Columbia, BC

Mr. Speaker, these new binding agreements give the Privacy Commissioner more power to ensure organizations are accountable.

Currently, agreements made between organizations and the commissioner are non-binding. If a firm does not undertake the action it agrees to, the commissioner has little power to hold the organization to account, but with a binding compliance agreement, the organization knows that if it does not abide by the terms of the agreement, the Privacy Commissioner can take it to court.

It may interest my colleagues to know that compliance agreements are a common tool used by other commissioners to ensure that the rules are followed, that includes the Commissioner of the Financial Consumer Agency of Canada to enforce the Bank Act, as well as the Minister of Health to administer the Consumer Product Safety Act.

As I mentioned earlier, we are also proposing an increase in the length of time an individual or the Privacy Commissioner has to take organizations to court. Currently, complainants only have 45 days to file a court application. This timeframe is a crucial window for the commissioner to collect evidence or to negotiate an agreement with organizations. However, 45 days is simply is not enough time. The commissioner often provides organizations with a reasonable amount of time to collect their privacy practices. It is often over 45 days, and in some cases it is up to a year.

With the 45-day clock ticking, and having run out in most cases, the commissioner is left with little recourse if any organization reneges on the agreed-upon recourse. This is why we are proposing to increase the timeline to one year between the time the report is issued and the deadline for taking matters to court.

The third improvement we are proposing is to give the Privacy Commissioner the ability to name and shame non-compliant organizations with the public. Currently, the commissioner can only publicly reveal information about the way in which an organization handles personal information. The commissioner cannot, for example, disclose that an organization is not co-operating with an audit or is otherwise acting in bad faith, and yet, for many organizations, this could be the most effective tool in holding them to account and encouraging them to improve their practices.

It could be used, for example, against foreign-based companies that are otherwise beyond the reach of Canadian courts. If they refuse to co-operate with the request for information, the commissioner could publicly disclose this fact, which would send a signal to consumers of the privacy implications of the organization's practices. The organization would in turn have to explain to their customers why they are not respecting Canadian privacy laws.

Ultimately, this empowers Canadians. It gives consumers the information they need to make informed choices about the practices of the companies they deal with.

Our government is taking action to give the Privacy Commissioner new power to ensure Canadians' privacy is protected and that Canadians play by the rules. This is just one of the ways we are providing Canadians with the confidence that their privacy and personal information are protected.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

4:55 p.m.

Liberal

Kevin Lamoureux Liberal Winnipeg North, MB

Mr. Speaker, I would like to go back to the number of requests. We hear about 1.2 million requests, and that is a large number of requests. Every time there is a request, identification is provided to whomever happens to be making the request. The question I have for the member is strictly with reference to who is making the request.

One of his colleagues made reference to the fact that there were 18,000 requests from the Canada Border Services Agency. How many requests in 2011, even if he could give us a ballpark number, did the RCMP and CSIS make, and, most importantly, what other agencies made requests? Are there other agencies that we are not aware of that made requests that make up that 1.2 million in total? Does the member have any sense of who has actually made requests that he could share with Canadians this afternoon?

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

4:55 p.m.

Conservative

David Wilks Conservative Kootenay—Columbia, BC

Mr. Speaker, although I do play baseball, I cannot give the member a ballpark figure. I do not have them. There were 1.2 million requests made and if the Privacy Commissioner found any of them to be out of line, I am sure he or she would have said so.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

4:55 p.m.

NDP

Charmaine Borg NDP Terrebonne—Blainville, QC

Mr. Speaker, my question deals with the answer my Conservative colleague gave to the last question he was asked. He said that if the Privacy Commissioner had found that any of the 1.2 million requests were out of line, she would have said so. The problem is that the Privacy Commissioner does not have access to that information because the government and the telecommunications companies are not required to give it to her. That is what we are asking for today.

If none of the 1.2 million requests were out of line, then that information and all of the details surrounding those requests should be made public. That is what we are asking for today. I do not understand why the Conservatives are opposed to our motion today. We want more transparency and that seems to be what they want too.

Can the member explain why he is opposed to this motion?

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5 p.m.

Conservative

David Wilks Conservative Kootenay—Columbia, BC

Mr. Speaker, the way this government is taking care of the privacy of Canadians is very good for all Canadians and this motion will do nothing for Canadians.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5 p.m.

Scarborough Centre Ontario

Conservative

Roxanne James ConservativeParliamentary Secretary to the Minister of Public Safety and Emergency Preparedness

Mr. Speaker, I want to touch on the questions being asked by the Liberal member of Parliament for Winnipeg North. He has brought up something twice with regard to a previous speech and Canada Border Services Agency. He referenced the 18,000 requests for basic subscriber information. I believe the total figure was 18,729 requests.

The important thing to note is that the fruits of those particular requests have resulted in the removal of over 115,000 people who are in this country illegally. These are people with serious criminality. I would like to thank the member for Winnipeg North for bringing it to my attention. This is just one example of how crucial it is for different law enforcement agencies, including Canada Border Services Agency, to obtain this information, investigate, and remove the people who are causing harm or threat to Canadian citizens.

The question I would like to pose for my hon. colleague is whether there are any privacy concerns. It is, in fact, true that here in this country there are independent bodies that oversee these types of agencies and it has never been brought to our attention that there has ever been a violation of the laws that govern these agencies. I would like to ask the member for Kootenay—Columbia if he could comment on that and whether any concerns have come from those independent bodies.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5 p.m.

Conservative

David Wilks Conservative Kootenay—Columbia, BC

Mr. Speaker, I have not heard from any other agency with regard to information that should not have been released. To be quite clear on this, an individual's private information that is protected under the charter cannot be released without a warrant. Police officers and other enforcement agencies in Canada are well aware of that fact.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5 p.m.

NDP

Don Davies NDP Vancouver Kingsway, BC

Mr. Speaker, it is a pleasure to stand in support of the official opposition New Democratic motion introduced by our superb colleague, the member for Terrebonne—Blainville. I should point out that I will be sharing my time with my hon. colleague, the equally commendable member for Beaches—East York.

The motion before the House today reads as follows:

That, in the opinion of the House, the government should follow the advice of the Privacy Commissioner and make public the number of warrantless disclosures made by telecommunications companies at the request of federal departments and agencies; and immediately close the loophole that has allowed the indiscriminate disclosure of the personal information of law-abiding Canadians without a warrant.

If we think about those words, and I know Canadians will think about the text of the motion, who could possibly not support this? Who could possibly oppose a motion of the House of Commons in Canada that the government should simply tell the public how many warrantless disclosures are made by telecommunications companies at the federal government's request and close a loophole that allows the indiscriminate disclosure, meaning the improper disclosure, of personal information of law-abiding Canadians without a warrant?

I would have thought that every member of the House would stand in support of such a motion, a motion that preserves and protects the very elementary privacy rights and expectations of Canadians everywhere, but that is not the case, because Conservatives in the House do not support the motion.

I am going to talk about how the motion came to be.

In summary, the motion addresses what we now have learned are rampant requests to telecommunications companies in Canada by various government agencies for Canadians' private information, often—in fact, normally and mostly—without a warrant.

We are calling on the government to listen to the Privacy Commissioner, an independent officer of the House, to make public the number of requests disclosed by these companies, and to tighten the rules that allow it to happen.

This came out of an access to information request that determined that at least one Canadian telecom was giving the government unrestricted access to communications on its network, according to documents from Canada's Privacy Commissioner. The documents were obtained by University of Ottawa digital law Professor Michael Geist. He cited at that time an unnamed telecom firm as saying that it had allowed the government to essentially copy the communications data moving on its networks.

I quote Mr. Geist:

Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transits to network of data nodes.

Then the Privacy Commissioner's document states:

This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes.

“Deep packet inspection” is a method of analyzing Internet traffic to determine the exact type of content. It can distinguish between emails, file-sharing and other types of internet communication, and can be used to build statistics about an internet user.

This statement appears in the document prepared by the law firm Gowling Lafleur Henderson for the Privacy Commissioner. It summarizes nine telecom firms' responses to questions about law enforcement access posed by the commissioner.

Mr. Geist called this “an incredible admission”.

He asks:

Are there legal grounds for these disclosures? Who is doing this?

He goes on to say later:

Given the uncertainty of the enormous privacy implications, the Privacy Commissioner of Canada is surely entitled to investigate this admission using her current powers under PIPEDA.

Documents subsequently released by the interim Privacy Commissioner, Chantal Bernier, revealed that the government made about 1.2 million requests for subscriber data about Canadians from Canadian telecoms in 2011 alone. Mr. Geist calculates that it works out to one request every 27 seconds, and the Privacy Commissioner's report showed that telecom firms complied with the requests at least 784,000 times.

This issue engages one of the most important values that mark our nation. It is a value that marks our democracy. It is cherished by Canadians, valued by Canadians, and expected by Canadians. That is the value of privacy.

The government exists to protect its citizens. It exists to safeguard our rights, our interests, and our opportunities, so when the government is actually found to be the source of secret requests to private firms to try to get private information about Canadians without their knowledge and without ever appearing before a judge in a court to demonstrate that the government has any lawful interest in that information, in my view that is a violation of the most fundamental precept and obligation of the government. That is what is happening under the watch of the Conservative government.

I want to go through a few facts here. Canadian telecommunications providers collect massive amounts of data about their subscribers. These are the firms that have been asked by the government's agencies to disclose that information to law enforcement agencies. In 2011, providers responded to almost 1.2 million requests, but the actual total is likely even greater, since only three of nine telecom companies told the commissioner's office how many times they granted the government's request for customer data.

In 2010, RCMP data showed that 94% of requests involving customer name and address information was provided voluntarily, without a warrant. The Canada Border Services Agency obtained customer data from telecom companies 19,000 times in one year, and it obtained a warrant in fewer than 200 of those cases. Significantly, one Canadian company has told officials that it has installed “what is essentially a mirror” on its network so that it can send raw data traffic directly to “federal authorities”.

The Privacy Act, which is meant to protect Canadians' privacy and keep the government accountable, has not been updated since 1983, before the Internet, Google, email, Facebook, and Twitter were even invented. PIPEDA, which protects Canadians' privacy in the private sector, has not been updated since 2000. Once again, that is before Facebook, Twitter, and social media had really taken off in our country.

I would think that if the government is really concerned about the values of privacy and protecting Canadians' rights, it would spend time in this place modernizing those acts and doing so in a way that is consistent with Canadians' expectations. Instead, it is doing the opposite. It has introduced Bill C-13, a bill that is expressed to be aimed at attacking cyberbullying, but which is expected to expand warrantless disclosures of Internet or cellular subscriber information to law enforcement.

Bill S-4, the digital privacy act, has been introduced in the Senate. It would also extend the authority to disclose subscriber information without a warrant to private organizations, and not just law enforcement agencies. It would also allow telecom companies to disclose the personal information of consumers without their consent and without a court order to any organization investigating a contractual breach or possible violation of a law.

There are many validators of the New Democratic position. New Democrats think privacy laws should be modernized and strengthened to better protect Canadians' personal information, not weakened. New Democrats believe that we can and should aggressively pursue criminals and punish them to the full extent of the law without treating law-abiding Canadians like criminals and violating their rights.

Privacy is something that must be judiciously and carefully guarded by every generation. We have people as diverse as Benjamin Franklin, who said that those who would give up liberty for a little security deserve neither. We have organizations as diverse as the Council of Canadians and the Canadian Taxpayers Federation, who are joining together in their concern about the issue of violations of privacy and surveillance of Canadians' private interests on the Internet by the government.

I say that what Canadians want of their federal government is for it to protect their privacy interests, not be complicit in violating them.

For the Conservative government to allow 1.2 million requests to go to telecoms for Canadians' personal information without their consent, without their knowledge, and without a court order is something that every Canadian in this land would disapprove of.

I ask all of my colleagues in the House to vote for this well-thought-out motion.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:10 p.m.

Conservative

David Wilks Conservative Kootenay—Columbia, BC

Mr. Speaker, on a number of occasions the member referred to the term as “warrantless search”. My understanding as a police officer of 20 years is that there is no such thing as a warrantless search. One either has a warrant or one does not. If not, then voluntary compliance can be asked for, but that is as far as it goes, and the amount of information that can be provided without a warrant is very minimal.

I would ask my colleague to please define what a warrantless search is, because I have never heard of one as a police officer.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:10 p.m.

NDP

Don Davies NDP Vancouver Kingsway, BC

Mr. Speaker, it is fortunate to have a police officer asking a lawyer about the law, and I will be happy to elucidate for him a little bit.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:15 p.m.

Conservative

David Wilks Conservative Kootenay—Columbia, BC

I never listen to lawyers either.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:15 p.m.

NDP

Don Davies NDP Vancouver Kingsway, BC

Mr. Speaker, it is too bad that the member does not listen to lawyers, because he would know that there is the concept of hot pursuit, which is a situation in which police officers believe that a crime is in process and they do not have time to get a warrant. In those opportunities they are allowed to proceed with a warrantless search, and I am surprised the member does not know that. Those are the two different possibilities of a warrantless search.

The point here is that Canadians believe our police officers and our law enforcement agents need the tools required to catch criminals. All of us in the House agree with that. However, general respect for our law and our general legal system require federal authorities to go before a judge and demonstrate to that judge why Canadians' expectation of privacy should be violated before that is done.

It is not up to Canadians to have to justify why they deserve privacy; Canadians have that as a matter of right. It is up to the state to justify why it intends to violate Canadians' privacy.

I would guess that if 1.2 million requests by the government for information on Canadians were done without a warrant, then many of those examples were probably done without just cause and violated Canadians' privacy. That is wrong.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:15 p.m.

NDP

Linda Duncan NDP Edmonton Strathcona, AB

Mr. Speaker, it is always a pleasure to listen to the member's very cogent comments on topics involving legal issues.

The member is speaking to plain view evidence. From my engagement in environmental enforcement, I know that reasonable cause is needed to seek a warrant, or it can be plain view evidence. In this case, is it because they simply do not have reasonable cause,that they they are circumventing and trying to get the information they could not even get a warrant for?

I wonder if the member could speak to the contradiction that is going on in what the government is doing. It has denied repeated requests by the commissioner of elections to seek information in the investigation of election fraud and has refused to give powers to the commissioner of elections, yet it is extending this power to persons who are not even police officers and in some cases, I understand, are not even regulatory officers.

Perhaps the member would like to speak to the contradiction that is going on in the government.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:15 p.m.

NDP

Don Davies NDP Vancouver Kingsway, BC

Mr. Speaker, I want to commend my hon. colleague from Edmonton—Strathcona for her outstanding work in the House.

She is a lawyer as well, so she is highly conversant with many of these concepts. I wish more of our friends on the other side of the House were. Given their recent record before the Supreme Court of Canada, it would seem that nobody on that side of the House is aware of the Charter of Rights and Freedoms or how the Constitution works in this country.

The contradictions are amazing. I heard a contradiction earlier today that really summarized the lack of coherence in the government. The government justified its removal of the long form census because it felt that it invaded Canadians' privacy by asking them how many bedrooms they had in their house. I heard Conservatives stand in the House and claim that this was a serious violation and justified the removal of what Canadians have relied on as data integral to planning all sorts of social programs and government policies in this country.

However, Conservative after Conservative has stood in the House and justified and defended and backtracked on information that their own agencies that they are supposed to be in charge of are sneaking behind Canadians' backs 1.2 million times and getting their private information from telcos without telling them and without putting that information before a judge for a warrant. The contradictions are stark right there.

As my hon. colleague just pointed out as well, police officers need and deserve to have the tools they need to interdict crime when it is happening. If evidence is in plain sight or if evidence is at risk of being destroyed imminently, there are all sorts of opportunities in our law that justify and allow a police officer to act quickly without having to get a warrant, including telewarrants, which I neglected to mention. There is a 24-hour opportunity to get telewarrants when it is impractical to get a warrant and wait that length of time.

It is up to police officers to justify why they need these extraordinary powers to violate Canadians' privacy. It is not up to Canadians to justify it.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:15 p.m.

NDP

Matthew Kellway NDP Beaches—East York, ON

Mr. Speaker, I am very pleased to stand in the House this afternoon in support of the motion by my colleague, the MP for Terrebonne—Blainville, on this great opposition day.

It is a day in the House to be talking about privacy issues. This morning I had the privilege of speaking in support of Bill C-567, an act to amend the Access to Information Act (transparency and duty to document), put forward by my colleague from Winnipeg Centre.

This morning's bill and this afternoon's motion complement each other very well. Together they demonstrate to Canadians our NDP desire that it be the citizens of this country, not the government of this country, who are able to conduct their lives with a reasonable expectation of privacy and that it be the government of this country, not its citizens, that has the obligation to operate in a manner that is transparent, open, and accountable.

If there is a simple conclusion to draw from the sum of the whole day, it is that the current Conservative government has it backwards, upside down, and twisted all around. The Conservatives stand in support of government privacy, of, in fact, the necessity to operate free from the scrutiny of the citizenry of Canada and those they elect to hold the government accountable.

How, the Conservatives ask in response to Bill C-567, can they operate at once openly and honestly? If they are to tell the truth, it must be behind the curtain, they argue, in the dark, out of earshot, and away from the gaze of the public and opposition members of this place. On the other hand, they demonstrate no mere disregard of the privacy rights of Canadian citizens. They demonstrate an appetite, a voracious, seemingly insatiable appetite, for the private information of Canadians.

Much is made of the fact that we live in new and different times, with new forms of information and new means of accessing that information. There is truth, of course, to this, undeniably. I think all of us are alive to the ease with which information we consider private is accessible to those who want to put some effort, and not much is required, into accessing it. Our expectation of privacy is diminished as a result, simply because we know the ease with which we are vulnerable. Therefore, we see the narrative here being one of the need to modernize our laws to take these new circumstances into account. That does not account for the conduct of the current government.

The problem before us is not simply one of a government that has not come up to speed, that has failed to respond in a timely way to these new circumstances, and that has left exposed loopholes in the formulation of the laws of this country. That would paint a picture of an incompetent or slow, but certainly benign, government. No, the current Conservative government is anything but benign.

Confronted with a loophole for accessing the private information of Canadians, a benign government may simply fail to close that loophole. The current government lets through that loophole, fully, completely, and head first, with great enthusiasm and an obvious lust for what it might find on the other side. What we have before us is evidence of this lust.

Very recently, the Privacy Commissioner of Canada, Chantal Bernier, revealed that Canadian telecom companies disclosed massive volumes of information to government agencies, including the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, Canada Border Services Agency, and provincial and municipal authorities.

Telecom companies disclosed personal data to the Canadian government 1.2 million times in a single year. We can of course concede that a balance is to be found between privacy rights, public security, and other concerns, including immediate danger to life. However, this can be nothing other than an indiscriminate fishing expedition of monumental proportions that the Privacy Commissioner has revealed to us.

These volumes equate to information requests with respect to one in every 34 or so Canadians. The vast majority of these requests are made without warrants. These volumes equate to a request for personal data, by the federal government to a telecom company, once every 27 seconds.

So great is the volume of information requests that one telecom company has advised that it has installed what it calls “a mirror” on its network so that it can send raw data traffic directly to federal authorities. Michael Geist, a digital law professor at the University of Ottawa, says this of what is happening:

This is happening on a massive scale and rather than the government taking a step back and asking is this appropriate...we instead have a government going in exactly the opposite direction—in a sense doubling down on these disclosures

It is easy to find further evidence of this doubling down, of this appetite for private information. One cannot help but note that Bill C-13, which is purportedly about cyberbullying, is more about lowering the bar on government access to information. The “reason to believe” standard is being replaced with a “reason to suspect” standard, opening up much greater warrantless access to electronic information. Moreover, Bill C-13 would allow a broader and lower range of government officials to have access to the private information of Canadians.

Bill S-4 will also be coming before this House, we suspect. That bill would permit non-governmental organizations and corporations to have access to information from telecom companies. FATCA, the Foreign Account Tax Compliance Act, buried deep in the budget bill, would expose the financial information of about one million Canadians to the U.S. government, and so on.

In light of all of this, one could argue that there is a kind of naiveté to the motion I speak in support of today. Certainly the first part of the motion is easy enough. It is, in fact, all the Privacy Commissioner has requested. She has said:

I'm not disputing that there are times when there is no time to get a warrant—life is in danger....

What we would like is for those warrantless disclosures to simply be represented in statistics so that Canadians have an idea of the scope of the phenomenon.

...It would give a form of oversight by empowering citizens to see what the scope of the phenomenon is.

It is a modest enough proposal: at least let me see what it is the federal government is doing here.

However, we are also asking the government to close the loophole that has allowed the indiscriminate disclosure of the personal information of law-abiding Canadians without warrants. In so doing, we must recognize that we are asking the predator to restrain itself, to bind itself, to limit its own appetite for our private information, to guard itself. It has no such impulse, no such sense of constraint, as is obvious from the 1.2 million requests, by Bill C-13, by Bill S-4, and by FATCA.

Here is the very saddest part of this. As we engage with each other through the technologies of this modern world, we do so with some trepidation about how exposed we are to the prying eyes and interests of others, and part of what we need to be concerned about now, we find out, are the prying eyes and interests of our own government. Rather than being able to rely on our own government to support us and to protect our privacy in this modern world, it appears that our government is itself a cause for concern.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:25 p.m.

Liberal

Kevin Lamoureux Liberal Winnipeg North, MB

Mr. Speaker, I want to go back to the Privacy Commissioner's request. My understanding is that there was a request to some 13 companies. Of those 13 companies, nine responded anonymously and four did not respond. We know that they included companies such as Bell Canada, Telus, Rogers, Shaw, SaskTel and other companies, such as Twitter, Google, Apple, and so forth.

We understand that in excess of one million pieces of information about Canadians were actually released. From what we can tell, it included things such as their addresses and names and phone numbers. In trying to get a breakdown of where or who the people were who were actually requesting, we found out earlier that Border Services was one of them. I asked how many requests there were from the RCMP and CSIS, and there were blank faces on the other side. We do not know how many have actually been requested by organizations such as those.

Does the member not believe that it would have been of some value, given the importance of today's debate, if the government members had come a bit better prepared to answer questions of that nature?

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:25 p.m.

NDP

Matthew Kellway NDP Beaches—East York, ON

Mr. Speaker, yes, I think it would have been reasonable for the government to come more fully prepared to answer those questions, but what it reveals are the contradictions I was speaking to in my speeches this afternoon and this morning. The government has no interest in shining light on its own operations and activities. The Conservatives are happy to stand behind the curtain, to conduct the operation of government behind the curtain and to grasp as much of Canadians' private information as possible.

In light of these contradictions, it is no surprise that the Conservatives do not come to reveal that information to us in this House, and through us, to all Canadians.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:30 p.m.

NDP

Charlie Angus NDP Timmins—James Bay, ON

Mr. Speaker, I listened with great interest to my hon. colleague.

It has been fascinating listening to the Conservatives, because in their upside-down world, they are opening the door to widespread snooping and spying on Canadians but are somehow protecting their privacy.

I ask my hon. colleague about what we are reading in the National Post about the government's supposed fix, Bill C-13. We have been hearing from their tough-on-crime guys. It is all about the police investigation and the importance of investigation. We need to be able to investigate and go after the crooks, the perverts, and the crazy terrorists. However, under Bill C-13, the Conservatives' fix would take out the provision, the caveat, that enforcement agencies would actually have to be doing an investigation. It would no longer be for investigating crime but for anything that would help in “administering any law in Canada”.

It is the ultimate free ride for fishing expeditions, not just for law enforcement but for corporations. Under Bill S-4, corporations could demand information on our Internet use, as could public officers, which include, if we look up the definition, reeves, mayors, and even people who work for the Department of Fisheries, fisheries officers.

I would like to ask my hon. colleague why he thinks the government is so intent on changing the law to allow widespread snooping. Is it possibly because this is what the standard practice has become under the Conservatives' watch?

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:30 p.m.

NDP

Matthew Kellway NDP Beaches—East York, ON

Mr. Speaker, this goes to what I was talking about, which is that often some of us put forward a narrative that this is a government that needs to modernize laws, because things have changed. We are living in different times. However, when one looks more closely at the evidence, one finds that this is a government with its own appetite and impulse to dig up more and more of the private information of Canadians.

We are asking the Conservatives today to in effect put constraints on themselves and to try to curb their own appetite. That is why I suggested that perhaps, as much as I support the motion today, there is a certain naïveté to it. As evidenced by my friend's question and the absurdity of the kinds of activities it would allow government officials to carry on without warrants, this is a government that seems bound and determined to dig deeper and deeper into Canadians' private information, without inhibitions.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

May 5th, 2014 / 5:30 p.m.

Oshawa Ontario

Conservative

Colin Carrie ConservativeParliamentary Secretary to the Minister of the Environment

Mr. Speaker, our government is committed to promoting the interests of Canadian consumers and the protection of their private information.

In an increasingly digital world, it is important that we have strong privacy protections in place to ensure organizations are treating the private information of Canadians appropriately. Many of these protections are already found in the Personal Information Protection and Electronic Documents Act, commonly known as PIPEDA.

However, a lot has changed in the more than 13 years since PIPEDA came into effect. Our government is taking important steps to ensure organizations are accountable for how they handle the personal information of their clients and customers in today's digital world.

That is why on April 8, we tabled Bill S-4, the digital privacy act. The bill introduces new measures to update our private sector privacy legislation, which sets out specific rules that businesses and organizations must follow whenever Canadians' personal information is lost or stolen.

Recently, we have seen a disturbing example of this problem south of the border with Target Corporation. Just before Christmas last year, Target learned that malicious software had been installed on the company's computer systems, allowing the personal information of some 70 million customers to be stolen, including 40 million payment card records.

It is because of situations like these that we must continue to ensure Canadians' personal information is safe. Data breaches can happen in many different ways and to any type of organization, large or small. Data breaches can result from improper disposal, for example, of paper documents sent for recycling instead of shredding or computers resold without scrubbing hard drives clean, or it can be stolen through sophisticated cyber attacks like those experienced by Target.

Unfortunately, this is a growing problem. Last year saw an all-time high for the number of data records lost or stolen worldwide. The Verizon data breach investigations report estimated that in 2012 between 575 million and 822 million records were compromised in data breaches.

We know that cybercrime is a growing problem in Canada. Last October a study reported that cybercrime cost Canadians some $3 billion over 12 months, up from $1.4 billion the previous year.

That is why our government has already put a number of significant measures in place to combat cybercrime and protect our digital infrastructure, such as Canada's cyber security strategy. In addition to this, Canada's anti-spam law will begin to come into force July 1, later this year. This law will help Canadians deal with unwanted commercial emails, and will also protect Canadians from cyber threats, like malware and fraudulent websites that seek to steal their personal information.

These measures are significant, but more is needed. We must ensure organizations have strong incentives in place to implement strong data security. Currently in PIPEDA there is no obligation for businesses and organizations to inform customers and clients when their personal information has been lost or stolen. This means if a company loses people's credit card information, that company is not obligated to tell them. With the digital privacy act, our government is proposing to correct this.

Stolen data can be used to create false identities that are used in criminal activities. They can be used to hack onto online banking services. In the wrong hands, lost or stolen health information, employee records, even criminal records can create countless problems to those who have had their personal information compromised.

I also want to state, Mr. Speaker, that I will be splitting my time with the member for Desnethé—Missinippi—Churchill River.

We believe it is up to all organizations to put in place the safeguards to protect the personal data they have collected from their clients and customers. This is a responsibility that most take very seriously. However, with the changes we have proposed, if a company has its computer systems hacked and believes personal information has been stolen or if that information has been lost inadvertently, the company will need to take a number of steps.

If the company determines that the breach poses a risk or harm to individuals, it will need to notify the Canadians affected and make a report to the Privacy Commissioner of Canada. Organizations will also be required to document and keep a record of the event, including the result of its risk assessment. This would be required for every breach, even if the company did not think the breach was harmful. The organization would have to provide these records to the commissioner upon request, providing oversight and holding organizations accountable.

Let me provide an example. Say that an organization determines that a laptop containing customer personal information has been lost. It will be required to make a record of this loss. If the breach involves unencrypted sensitive personal information such as credit card numbers, other financial or health information, for example, it would pose a real risk and potential significant harm to those involved. As a result, the organization would be required by law to notify the customers who were impacted.

The company would be not only required to tell customers when it lost information, it would also be required to report the loss to the Privacy Commissioner. The commissioner may then request a copy of the company's records to see if there is a history of similar losses that would be a cause for concern. The Privacy Commissioner would then have the option of opening an investigation into the matter.

It should be clear to all members in the House that implementing a requirement for mandatory data breach notification is a significant improvement to our private sector privacy laws. Our government believes there needs to be serious consequences for any organization that deliberately breaks the rules and intentionally attempts to cover up data breach. The changes that our government has proposed will also make covering up a data breach an offence. In cases of deliberate wrongdoing, an organization could face fines of up to $100,000. To be clear, it will be a separate offence for every person and organization that is deliberately not notified of a potential harmful data breach and each offence will be subject to a maximum $100,000 fine.

The digital privacy act would address the concerns posed by data breaches and has received good reception so far. In fact, the Privacy Commissioner commented that she welcomed the proposals in this bill. She said that it contained very positive developments for the privacy rights of Canadians. Even the member opposite for Terrebonne—Blainville said, “We have been pushing for these measures and I'm happy to see them introduced. Overall, these are good...steps”.

Our government has taken a balanced approach to the responsibilities placed on businesses and organizations, while protecting Canadian consumers by giving individuals the information they need to protect themselves when their information has been lost or stolen. The digital privacy act demonstrates our government's commitment to providing Canadians with the confidence that their privacy and personal information are protected.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:40 p.m.

Liberal

Wayne Easter Liberal Malpeque, PE

Mr. Speaker, I question how Conservative members can say that our private information is protected, because they do not know either. I asked the minister at committee the other day whether CSIS, the RCMP and Canada Border Services Agency were involved in the 1.9 million requests for information. He said yes. We do not know if they all had warrants. We are the only country in the Five Eyes, so-called, that does not have parliamentary oversight.

The Communications Security Establishment Commissioner, in his findings and recommendations, stated:

However, a small number of records suggested the possibility that some activities may have been directed at Canadians, contrary to law....

After in-depth and lengthy review, I was unable to reach a definitive conclusion about compliance or non-compliance with the law.

It is this simple. I do not know why members on the government side are accepting the word of the bureaucracy. It does not know either. Why not have the review for which this motion asks? That just makes sense in the interests of Canadians.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:40 p.m.

Conservative

Colin Carrie Conservative Oshawa, ON

Mr. Speaker, what the member brings forward is ridiculous. What the NDP would like to propose is something that would put Canada at a disadvantage compared to other countries around the world.

The member should know that the Personal Information Protection and Electronic Documents Act was passed by the previous Liberal government in 1999 and in place since 2001. The NDP even voted for voluntary disclosure when it supported the act.

Let me be clear. An individual's private information is protected under the charter and cannot be released without a warrant. The telecommunications companies have already said that they only release 411 style information. In other words, like in the old days when we were younger, there was a reverse lookup for a telephone number. This is the type of information that is being disclosed, and we fully expect these companies to comply with the law and play by the rules when handling the private information of Canadians.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:40 p.m.

NDP

Matthew Dubé NDP Chambly—Borduas, QC

Mr. Speaker, I would like to pick up on that and speak to the comment made by my Conservative colleague. I would like to talk some more about what my colleague from Terrebonne—Blainville raised earlier today, and that is the comparison that is being made with 411 information or using the yellow pages to obtain someone's address or telephone number.

Comparing today's digital data, all of that information, to an address or telephone number is way off base. It demonstrates a complete lack of understanding of this issue. As my colleague from Terrebonne—Blainville said, a person's movements can be followed when they access a Wi-Fi network.

I would like to know if my colleague understands the difference between those two realities and if the government will finally come to understand that, in 2014, we cannot equate that information with something as simple as a telephone number. Technology has evolved considerably.

Safeguarding of Personal InformationBusiness of SupplyRoutine Proceedings

5:45 p.m.

Conservative

Colin Carrie Conservative Oshawa, ON

Mr. Speaker, the government absolutely does understand. The problem in the House is that the NDP does not understand.

When we talk about hooking into WiFi, there is always a little box that we check off and we can choose to go into that WiFi site or not. It is the same with location services. For example, many people today will look at Google Maps and MapQuest, which will ask for location services on their device to let the company know where they are so they can go from point A to point B without having to type it out.

This is something with which individual Canadians have a choice. That is why the digital privacy act is important because it would strengthen informed consent. I think everybody would be in support of this. We have young kids out there who sometimes do not understand the implications of checking off these little boxes. It is very important that the NDP understand that there is a certain way to look at these sites because people can choose whether to check that box or not. It is very important and behooves all of us to read some of those agreements that we check yes or no to.