Archive for the ‘National Security’ Category

9 Nov 2016

Privacy Tech-Know Blog: Pay me to regain access to your personal information! Ransomware on the rise

business growth 1

Ransomware is a type of malicious software (malware) which, when installed on a device or system, prevents access to that device, or that device’s content or applications. Once installed and operational, the malware prompts you to pay a ransom to restore full functionality to the device. Personal or sensitive data have been targeted with ransomware, or accessed when attackers were rifling through organizational computers or networks. In fact ransomware has affected a range of devices, including those running Windows, OS X, and Android, and has affected healthcare providers, police services, public schools, universities, and various types of businesses, in addition to individual consumer users. It’s an increasingly prevalent issue, with Symantec estimating that Canadians were affected by over 1,600 ransomware attacks a day in 2015.

Read the rest of this entry »

9 Jul 2013

Safe journey, Bon voyage !

Learn more about privacy at airports and border crossings by referring to the new featured topic, and have a safe journey! 

Canadian border crossing

photo by 12th St David

There’s a common expression that says, “It’s not the destination that counts, it’s the journey.” Well, if you’re like me, when I have to travel—especially with moody teenagers—I get anxious just thinking about all of the hoops I have to jump through before I arrive at my destination. At airports, border crossings and sea ports, there are security screenings everywhere.

Security measures are presented as a trade-off for safer skies for travellers. But that doesn’t mean you have to check your privacy rights with your luggage.

It is important to know that as a Canadian traveller, your privacy rights kick in from the moment you book a flight—online or through a travel agency—and continue on through the airport terminal and into the pre-boarding area.

However, the measures used to ensure your safety make you wonder: where do your privacy rights begin and end? To help you answer that question, the Office of the Privacy Commissioner of Canada (OPC) just posted a new topic page entitled Privacy Rights at Airports and Border Crossings. It contains explanations of the law, describes the impact of security measures on your personal information and privacy rights, and lets you know where you can turn to if you feel your rights have been violated.

The topic page presents all of the OPC’s materials related to airports and border crossings in one place: fact sheets, reports, publications, Parliamentary appearances and audits to give you an overview from a privacy perspective of key security initiatives that have been implemented over the last 10 years.

Want to learn more? Click here to consult the new page.

15 Feb 2012

Preliminary reaction from the Office of the Privacy Commissioner of Canada to Bill C-30

Our Office understands the challenges faced by law enforcement and national security authorities in fighting online crime at a time of rapidly changing communications technologies and the need to modernize their tactics and tools accordingly.

We’re not necessarily opposed to legislation that modernizes police powers online – but it must demonstrably help protect the public, respect fundamental privacy principles established in Canadian law and be subject to proper oversight.

Upon a preliminary review following the tabling of Bill C-30, the Office of the Privacy Commissioner recognizes the government has made improvements to this Bill from previous iterations. On balance, however, significant privacy concerns remain.

We recognize that the government has reduced the number of data elements which could be accessed by authorities without a warrant or prior judicial authorization.  At the same time, by requiring authorities to conduct regular audits and to provide them both to the relevant Minister and oversight bodies, including our Office, this appears to help address past concerns about a lack of oversight.

On the balance however, the new Bill still contains serious privacy concerns, similar to past versions.

In particular, we are concerned about access, without a warrant, to subscriber information behind an IP address.  Since this broad power is not limited to reasonable grounds to suspect criminal activity or to a criminal investigation, it could affect any law-abiding citizen.

Going forward, we will be reviewing this Bill in full to determine:

How the Government justifies this warrantless access in a free and democratic society?;

How does “after the fact” review by ministerial and non-judicial bodies compare with “up front” oversight by the courts?;

Whether the new powers proposed by the legislation are demonstrably necessary, proportionate and effective?; and

Are there less privacy-invasive alternatives to achieve the desired outcomes?

It is through this lens that our Office will undertake a thorough review of the Bill.  We look forward to sharing our views with Parliament.

This post is closed to comments.

28 Nov 2011

Better answers through better questions

I was listening to Daniel Solove’s presentation at the Reboot Ottawa conference earlier today. His talk was modeled on the main points of his latest book, Nothing To Hide, and he addressed four “fallacies” that skew the debate between privacy and national security in favour of the latter.

The first fallacy is the “nothing to hide” argument. We have all heard about how if we had nothing to hide, we would have nothing to worry about. Solove counters that the “nothing to hide” argument belies a misunderstanding of what privacy is: it doesn’t exist to hide bad things; rather, it is many different, related things that are linked to dignity and integrity.

The second is the deference argument: we have to defer to the authorities because they know best. Solove mentioned that even some eminent jurists in the US are rallying behind the argument that the courts don’t know enough to pass judgement on law enforcement activities. Solove suggests we hold law enforcement and national security authorities accountable for the effectiveness of the measures they propose—they should prove the measures are effective.

The third argument countered by Daniel Solove this morning was the “all or nothing fallacy.” Solove pointed out that you don’t get more security by giving up privacy, and that you don’t get more privacy for giving up security. Rather, privacy can be—and must be—integrated into security measures. In developing this point, he touched on the idea that privacy should not necessarily be viewed as an individual right (to be pinned against collective interests), but rather as a social interest itself. Privacy should be protected on a societal level.

And finally, Solove addressed what he called the failure of the reasonable expectation of privacy test, which according to him asks the wrong question. The “reasonable expectation of privacy” rests on the assumption that people know how their privacy is being violated and that they have the power to do something about it, which is not necessarily the case. He suggests the courts shouldn’t be asking if a security measure violates a reasonable expectation of privacy (which opens up the door to esoteric debates about what is privacy), but rather, should this measure be allowed without judicial oversight and accountability.

It appears this idea of asking the right questions and putting the right elements on the balance was the running theme of Daniel Solove’s presentation: he suggests we shouldn’t be asking ourselves if a security measure in itself violates privacy, but rather if the security measure is acceptable with no oversight, no court order, no probable cause and no accountability. We shouldn’t be questioning whether the state has a right to intrude upon privacy for security reasons, but rather if we are getting better security as a result.

In a nutshell, Daniel Solove suggests what we should weigh on either side of the balance are not privacy and security, but rather a specific security measure by itself, and the same security measure with privacy protection.

A very interesting talk by a very engaging speaker.

14 Nov 2011


Two countries negotiating a perimeter security agreement can easily be compared to two individuals drastically redefining their relationship. 

Without question, Canada and the United States are certainly neighbours.  To some, a perimeter agreement means removing a fence; to others, it’s tantamount to a sort of marriage.

Regardless, before we take the plunge, we have to think about what we share and where we differ.

Without question, we have a lot in common.  We’re both democracies with enshrined respect for human rights. Canadians and Americans both strongly value their privacy and realize its importance to the vitality of our democracies.

As things stand today however, some key legislative differences on privacy protection exist between our countries. 

I want to explain these and show why, rather than jumping into a newly defined relationship with both feet, we should only do so with both eyes wide-open.

First of all, both of our countries have enacted legislation to protect citizens’ privacy from their governments. 

The U.S. Privacy Act of 1974 fulfils this function for the federal government south of the border, while Canada’s Privacy Act of 1983 does so for Canadians.

The U.S. law includes safeguards to secure Americans’ personal information in the hands of the federal government, but these extend only to citizens and permanent residents.

Conversely, personal information held in Canada is subject to the protection of Canadian privacy law. That said, Canada’s Privacy Act is far from perfect and in need of modernization (as I’ve noted in the past). 

Secondly, when it comes to protecting personal information in the private sector, there are American laws specific to certain sectors and the Federal Trade Commission’s consumer protection law provides some protection with regard to issues of fairness and deception. 

Unlike Canada however, there is no overarching national legislation applying to the private sector as a whole. 

In the Unites States a lack of private sector-wide coverage provides opportunities for commercial data brokers to assemble data bases.

Such databases are made available to subscribers, which include U.S. federal agencies.  There are already several dozen fusion centers across the country doing precisely this sort of search and analysis every day.

Consequently, government authorities can access information from privately-held databases with no strings attached.

It’s also worth noting that the USA PATRIOT Act, enacted weeks after the 9/11 attacks, has the ability to circumvent sector-specific privacy protections to facilitate national security investigations.  National security can be, and has been, defined quite broadly

Thirdly, there is a vast difference when it comes to privacy oversight between our two countries.  Law enforcement and national security authorities in the US simply do not operate under the privacy oversight structure that exists in Canada.

In Canada, my office reports directly to Parliament and not the Government, allowing autonomy in holding the Government to account.

In the United States there is no equivalent independent authority mandated to investigate privacy issues with regard to government data-handling.

While the Privacy and Civil Liberties Oversight Board could theoretically fulfill this function, it remains inoperative.

Finally, Canada’s approach to privacy centers on protecting individuals’ right to control their personal information except where limits can be demonstrably justified in a free and democratic society.

This is an approach which should not be compromised or watered-down in order to reach a perimeter security agreement.  

This isn’t to say that Americans value privacy any less than Canadians.  It’s just that our respective legislative frameworks to protect it are very different. 

This all goes to say that if we compare a security perimeter agreement to a marriage and Canadian negotiators wish to enable Canadians to keep control of their personal information, a clear line on privacy needs to be written into a strong “pre-nup.”

14 Sep 2011

Privacy needs respect and protection within any perimeter

The tragedy of September 11th shook our sense of collective security to its core. With that, security measures were tightened, constricting the movement of travellers and trade across the Canada-US border.

As its decade anniversary approaches, discussions are underway on a Canada-US perimeter agreement to ensure security and ease trade.

It remains to be seen how any plan to achieve these goals will incorporate respect for privacy. Given nearly two-thirds of Canadians indentify privacy protection as one of the next decade’s most important issues, this question is important. 

There’s no denying that the last decade has seen security initiatives resulting in an unprecedented amount of travellers’ personal information being shared to cross the border. 

A decade ago, we needed to show customs agents a birth certificate and photo ID.  Today, our passports are scanned, our image is captured by surveillance cameras; we are checked against watch lists and police records; our laptop or smart-phone may be searched; and the agent may even Google us to see what pops up. 

Understandably, due to the tragedy of ten years ago, governments have sought stronger security. But, as the pursuit of greater security continues, it doesn’t have to come at privacy’s expense.

At the same time, privacy is not an unconditional entitlement and there may be cases when its protections must give way to meet a greater good.

However, anytime we’re considering adopting a security measure which lessens privacy, we should ask: 

  • Is it absolutely necessary to achieve the desired end?
  • Is it proportionate to the perceived threat?
  • Will it be effective in addressing it?; and
  • Is there a less invasive alternative that could achieve the same outcome?

And just as stronger security needn’t weaken privacy, any agreement Canada enters into should neither reduce Canadians’ privacy rights, nor curtail Canada’s control over the protection of its citizens’ personal information.

On these notes, I take some comfort in the February Declaration which started the process. It pledged the countries to “work together to promote the principles of human rights, privacy, and civil liberties as essential to the rule of law and effective management of our perimeter.”  And just recently, Foreign Affairs Minister John Baird addressed the discussions, saying If we want to ensure cross-border law enforcement activities and other programs, they have to respect the legal and the privacy rights of Canadians.”

Given my role, I want to see those words ring true.  Therefore, following an earlier submission made to the Beyond the Border Working Group, I offer the following essential conditions that any future agreement should meet in order to truly and properly “promote” and “respect” our privacy rights.

1)  Canadians have a unique perspective on privacy, formalized by federal laws protecting personal information.

Their respect should be reflected in any agreement.

Clear terms and fixed agreements must be established for sharing Canadians’ personal information with the US.

Furthermore, its use and disclosure should fall under Canadian standards of protection and due process.

2)  Real privacy oversight, due process and legal redress are vital.  

A good example to consider is the European Union model for managing its ‘perimeter.’  This model shares information on visitors’ exit and entry with member states under carefully structured agreements and conditions, collects photographs; and provides very limited access to domestic law enforcement agencies. 

For example, access can be granted for purposes such as: finding missing persons; recovering stolen luggage; or providing information on prior crimes committed within member states.

Similarly, the Canada-US security perimeter should restrict links to agencies’ information resources on the basis of demonstrated security need.  Moreover, an accessible and transparent appeal process must be put in place to remedy errors or abuse.

3)  The collection and sharing of any biometric data (like fingerprints or retinal scans) should be as minimal as possible and, wherever practical, used only for verification rather than identification 

Biometrics, properly used, can enhance privacy by confirming identity and avoiding mistakes.  

However, when collected indiscriminately and stored in networked databases, we draw ever closer to the bleak reality of a “surveillance society;” which I believe citizens on each side of the border want to avoid. 

Consequently, access to such data should be permitted only for very specific and minimal purposes, and certainly not connected to other agency databases.

I make these suggestions bearing in mind that Canadians and Americans have lost a lot over the last decade.

The list includes thousands of innocent people sadly gone forever, save for their loved ones’ memories; and a previously unparalleled sense of continental safety and inviolability, likely to never return.

Our leaders should avoid starting the next decade by adding any unjustifiable weakening of our privacy to this list.


This article originally appeared on on September 8, 2011.

3 May 2010

Transparency, search engines and government appetite for data

There has been a long-standing debate between privacy advocates and government officials about the extent of government interest in the information transmitted across domestic and international networks. The passage of USA PATRIOT Act intensified this debate and prompted concern from a more general audience as well. Ever since, the digerati and online crowd have been whispering and wondering about the interface between search engines, particularly Google, and law enforcement and national security bodies.

In brief, this comes up in classrooms and at conferences in roughly the following exchange:

Q. “So, should I worry about what Google knows about me?”

A. “Maybe, but I’d worry more about what the government gets out of Google, then matches with what they already know about you.”

Around this issue, researchers like Chris Soghoian in the US (as well as Ben Hayes and Simon Davies overseas) have been pushing for greater transparency from both companies and government on the use of broad data production powers.  Last week, to their great credit, Google took a big first step and published an interactive map on the numbers and types of data requests they recieve from governments around the world.  This coincides with another important US private sector push – – that is asking for clear, consistent and accountable measures to be put in place when government ask companies to ‘check up’ on their customers.

We commend Google and others involved for this significant first step, look forward to improvements and more details as they tweak the reporting model and sincerely hope other companies (and, ahem! governments) follow suit.

5 Jan 2010

Extracts from “The Reality of Privacy and Security in the 21st Century”

Remarks delivered to the Annual Conference of the Canadian Association for Security and Intelligence Studies, October 30, 2009 by Chantal Bernier, Assistant Privacy Commissioner of Canada

… As you may know, I came to the Office of the Privacy Commissioner of Canada from the Department of Public Safety, where I had the privilege of serving as Assistant Deputy Minister in the Community Safety and Partnerships Branch.

As such, I have had substantial engagement in a range of security and intelligence files.

My entire presentation is premised on this tenet: Privacy and security are not at odds.

On the contrary: I would put to you that measures to protect privacy must be integral to any initiatives to fight terrorism or other crimes.

Why? Because we live in a free and democratic society where individuals enjoy the right to live, to move around, to communicate and to go about their daily lives, free from unwarranted interference by the state.

And for practical reasons too:

Any effort towards greater security that is strictly tailored to the actual risk – and that therefore minimizes the infringement of privacy or other rights – will be more targeted and more effective.

For example, an investigation that is carried out in accordance with the law, and in a way that respects privacy and other rights, will yield cleaner evidence and a more compelling case for the prosecution.

In other words, all the work that is poured into greater security is more likely to pay off if it is carried out in a strategic, targeted manner. And an essential consideration in that regard is due respect for the right to privacy.

Airport scanners

Another file in which we are deeply involved relates to plans by CATSA, the Canadian Air Transport Security Authority, to install millimetre-wave whole-body imaging scanners at several Canadian airports.

These machines can penetrate clothing to expose concealed objects such as weapons or drugs. Their principal advantage over metal detectors is that they can identify non-metallic objects, such as ceramic weapons or liquid or plastic explosives.

Our Office has examined two Privacy Impact Assessments, or PIAs, prepared by CATSA – first for a pilot test conducted at Kelowna Airport, and more recently for the full program.

As we told CATSA earlier this week in our response to its PIA, we consider this technology to be inherently sensitive as it reveals an outline of the traveller’s body. Many people may perceive it as privacy invasive.

As such, we have worked with CATSA to ensure appropriate privacy safeguards.

One of the key results is that the technology will be used only for secondary purposes, after an individual has already passed through the metal detector. What’s more, the scans will be voluntary, with passengers given the option of going through them, or having a physical pat-down.

And – this is key from a privacy perspective – the images will not be recorded, printed or transmitted. Indeed, they will be deleted as the passenger leaves the scanner.

Four tests

In weighing this and any other government initiative with a potential impact on privacy, our approach is to apply four tests: Necessity, proportionality, effectiveness, and the existence of less-intrusive alternatives.

We ask ourselves: Is the proposed measure really necessary? Have the proponents offered proof of a genuine problem, with no other viable solutions?

Our next criterion is proportionality. Many measures will infringe on privacy; that is just the price we pay for living in a community. Any benefit to the group will generally restrict some liberties of the individual, but the invasion of privacy must be proportionate to the benefit derived.

We also want some assurance of effectiveness. We want to ensure that a measure that infringes on privacy, in the name of the collective good, really meets that specific objective.

As for the fourth test: If a measure is proposed that will affect the privacy of individuals, we want to know that it is justifiable on the grounds that there are no less intrusive alternatives already available.

17 Nov 2009

Audit of the Financial Transactions and Reports Analysis Centre of Canada

(from our news release)

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada …

Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing.  For example:

  • A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
  • An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
  • A financial institution filed a report about an individual who had deposited a cheque from a law firm.  The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

9 Sep 2009

A sneak peek at a government file ABOUT YOU

Ever wonder what information a government agency might hold about your traveling habits? Thanks to an anonymous U.S citizen, we can sneak a peek at a travel record held by the United States Department of Homeland Security. The scanned copies are posted on philosecurity, and include data like:

  • IP address used to make web travel reservations
  • Hotel information and itinerary
  • Full Name, birth date and passport number
  • Full airline itinerary, including flight numbers and seat numbers
  • Cruise ship itinerary
  • Credit card number and expiration
  • Phone numbers, including. business, home & cell
  • Every frequent flier and hotel number, even ones not used for the specific reservation

Several countries, including Canada, collect similar information as part of an Advanced Passenger Information or Passenger Name Record program.

While we would all prefer it if the government did not collect information about our travel habits, these programs are meant to provide security agencies with enough advance information to screen travelers and identify potential risks to transport security. If your travel plans include the European Union, Switzerland or the United States, information in Canada’s database will also be shared with their security agencies.

More information about the Canada Border Services Agency’s programs is available, including directions on how each individual can access the travel data the Agency holds on you.