Public Safety committee  Thank you. Once again, I want to thank the committee for inviting me to testify. I would urge you, Mr. Chair, simply to consider in any new policy or new information sharing agreement to not discount the very real privacy concerns, and in fact, simply to weigh them in the balance.

Public Safety committee  I have not run into any appreciable differences. I know there's currently a large debate happening in the United States very much focused on data privacy. I'm less familiar with how that debate has concretely taken place in Canada.

Public Safety committee  My understanding is that if the bill were to lead to more complete databases, by which I mean both the U.S. and Canadian governments would have a complete picture of a traveller's entries and exits over time, that could certainly paint a very detailed picture of a person's life.

Public Safety committee  Yes, all visitors, regardless of the length of time, are subject to search.

Public Safety committee  If it's just a visitor, not someone who has a lawful permanent resident status in the United States, then individuals who don't consent to have their devices searched or who don't consent to answer all questions may be turned away.

Public Safety committee  To my knowledge there isn't any legal recourse, at least not through the U.S. system, for American visitors travelling abroad. One of the reasons we advocate for limitations on the U.S. government not only on device searches—which I understand are not an issue in the bill under consideration—but in terms of the questions asked and the information recorded, is that other governments may behave in a reciprocal manner.

Public Safety committee  That is certainly a reason, Mr. Chair, to think hard about the amount of information that is retained and collected in the first place. There are concerns about the security of data any time it exists, and any time it exists for a long period of time. Any time more information is collected than is strictly necessary for the government activity at issue, that is a concern.

Public Safety committee  I think that such agreements can be one tool if they are in fact enforced. As an example, when the executive order on Privacy Act protection being removed from non-citizens was passed, the ACLU sent a letter to the European Parliament and the European Commission letting them know that U.S. assurances under pending agreements with the EU may be called into question now because those agreements that permitted data sharing between the EU and the U.S. relied on certain protections and guarantees of how information would be retained, and limiting access and limiting its use.

Public Safety committee  I think limits on access are an important tool. I think they don't fully address the retention question, because, as I mentioned, there can be privacy harms when data and information about individuals is retained essentially indefinitely for potential future law enforcement needs decades down the road.

Public Safety committee  I think it needs to be credited as relevant to the committee. I would just note, Mr. Chair, that the Privacy Act protections that I mentioned, which have now been rescinded from data involving non-U.S. citizens, or non-green card holders, I think leaves it as an open question as to what the limits are on sharing of information pertaining to Canadian citizens.

Public Safety committee  There is certainly a risk of false positives and there is also a risk of disproportionate data retention, meaning that if there aren't safeguards against racial profiling on either side of the border with information that is then collected and shared between both countries, there is the concern that the databases of information skew disproportionately on the basis of those who have been profiled.

Public Safety committee  I'm sorry, could you clarify something? Requesting information as part of a law enforcement activity—is that the question?

Public Safety committee  I'm not qualified to speak about the information sharing arrangements that the Canadian government has with the U.S. government, so I can't speak to what the bounds of those information sharing agreements are.

Public Safety committee  I can speak to that. As I mentioned, I think the default currently is 75 years for information retained by the U.S. government. I think that does raise privacy concerns when travel histories and travel information of individuals is retained for such a long period of time. Certainly it then becomes open and available in a way that information would never previously have been available to law enforcement or any other agencies.

Public Safety committee  That's correct. We certainly know that percentage-wise it's a very small percentage of travellers who at the moment have their devices seized. I think there are two concerns that animate our position. One, of course, is the domestic constitutional concern, which is not relevant to the committee in the same way.