The Book

 

 

 

 

This blog comments on Canadian (and occasionally comparative) national security law to update my National Security Law textbook and now also my 2015 book, False Security: The Radicalization of Anti-terrorism, co-authored with Kent Roach.

Please also see www.antiterrorlaw.ca for Bill C-51-related analyses by Craig Forcese and Kent Roach.

For narrated lectures on various topics in national security law, please visit my 2017 "national security nutshell" series, available through iTunes.

Please also visit my archive of "secret law" in the security area.

By Craig Forcese

Full Professor
Faculty of Law

Email: cforcese[at]uottawa.ca

Twitter: @cforcese

 

Subscribe to National Security Law Blog
National Security Law Blog Search

Best Law School/
Law Professor Blog Award

 

Most Recent Blog Postings
Wednesday
May202015

Camden versus Turing: The Future of Legal Privacy

Speaking Notes

Queen’s University Policy Forum (Kingston, On)

April 2015

What I want to do with my few minutes to tee-up our topic with some general observations about how I think we are approaching the question of privacy & security in the modern world with outdated legal concepts.

And on that topic I want to start with two short stories: one to illustrate the origins of our principal privacy concept and another to discuss how the world has changed. 

My first story reaches far back, to the 1760s, when British Parliamentarian John Wilkes published an anonymous series of pamphlets critical of the King. Much irked, the King’s officials issued a “general warrant” responding to this “seditious libel”.

Under this warrant, the Crown’s henchmen ultimately arrested Wilkes and seized his papers, after breaking into his home.  After his release from the Tower of London, Wilkes sued the officials responsible for the warrant.

In a celebrated series of decisions, the presiding judge, Lord Camden, invalidated the warrant.  In so doing, he condemned the forcible search of Wilkes’ house as unlawful.

This early “national security” case – perhaps one of the most famous decisions of the late 18th century – galvanized opinion in colonial America, and was a clear impetus to what became the Fourth Amendment of the United States Constitution.  

That amendment in turn was the inspiration for our own section 8 of the Canadian Charter of Rights and Freedoms.

Lord Camden’s decision shaped, in other words, a legal dichotomy that persists to this day between when a state can merely watch, and when it can actively search and seize.  At core, the Camden model, in its current form, is about superimposing an independent judicial officer as a gatekeeper on when and how the state may search a protected zone of privacy around each person.

My second story is much more recent.  On February 14, 2005, Rafic Hariri, the former Prime Minister of Lebanon, was assassinated in a truck bombing.  In the aftermath of that terrorist incident, the United Nations and Lebanon created a Special Tribunal to prosecute those responsible.  Since then, five indictments have been filed against members of Hezbollah, and trials in absentia began in 2014. 

What is less well known is how investigators identified these defendants. 

A decade ago, a Lebanese police captain – Wissam Eid –hit on the relatively novel idea of focusing on the archive of metadata accumulated by cellphone companies.  Metadata is “data about data” – that is, it is the contextual information that surrounds the content of a digital communication.  Data and time of the call, the location of the device at the time of the call etc.

With a court order, Eid reviewed call and text message records for the four months up to the assassination.  In so doing, he identified a cluster of cellphones following Hariri.  These phones were ultimately linked to senior members of Hezbollah. 

Eid was himself assassinated by car bomb on Jan 25, 2008.  But Lebanese authorities transferred the Eid’s work to the UN investigators, who pieced together a jigsaw puzzle of connections from the metadata that paved the way to the ultimate indictments.

Since then, metadata has become a much more commonplace term and also the source of considerable controversy.  As you all know, Edward Snowden ignited a media frenzy in 2013 by sharing details of classified US National Security Agency (NSA) surveillance programs.  

Those disclosures, hinging in large measure on metadata collection, focused attention on CSE, which does its own analysis and assessment of metadata as part of its foreign intelligence mandate.  Inevitably, the debate turned to questions about the legal basis for any collection initiative, and the extent to which CSE is governed by robust accountability mechanisms.  They also sparked an ongoing constitutional lawsuit brought by the BC Civil Liberties Association.

To bring my two stories together: part of that lawsuit will focus on whether the metadata collected by CSE differs from the personal papers at issue in Lord Camden’s decisions.   

Or, put more concretely, is metadata a sort of information that gives rise to the sort of privacy protections Lord Camden was defending, and which are now part of our constitution?

These are not easy questions, and they twist lawyers and the national security agencies they advise into knots.  As the Hariri case suggests, the modern data waste we all spew off through our use of modern communications devices can be a vital tool of investigation – and indeed also security preemption. 

But as the Snowden revelations tends also to show, achieving this objective requires the creation of a huge haystack that may be quite revealing of the personal habits of utterly innocent people. 

This sort of struggle to reconcile data tracking that keeps us safe with limits on surveillance that allow us to remain anonymous will be a key challenge for our age.

And so far in this country, we have made no real effort to address this issue.  My thesis in brief: It is my view that the Camden approach remains important, but it was developed for a different era, and is no longer an adequate safeguard in the information rich world in which we live.  And simply ramming the Camden model into this new world creates peculiar difficulties from a security perspective while constituting a modest privacy protection.  We need to reconsider our entire approach. 

Let me unpack that assertion:

In its inception, the Camden model was about protecting geography – it is tied to an ancient tradition best encapsulated in the old chestnut that the proverbial Englishman’s home is his castle.

In an information-poor world like the 18th century, tangible information is found in specific locations and access to this information requires a physical intrusion of the state into these places.  And so personal sovereignty over spaces equates to control over the information found in those zones. 

But that is not the world we live in anymore – we leak tangible information into our environment in a way impossible in the 18th century.

Our response has, by on large, simply been to develop the same Camden model.

For instance, in the 1960s, the U.S. Supreme Court developed what we call the “reasonable expectation of privacy” test in a wiretap decision that latter heavily influenced the Canadian Supreme Court’s approach to section 8 of the Charter.  To this day, a warrant is generally required where at issue is state search or seizure of any information raising a reasonable expectation of privacy. 

Exactly what is in these zones of reasonable expectation of privacy is a matter of judgment. 

And every time a new technology emerges, and spills information to a broader world, the courts deliberate on whether it triggers constitutional privacy protections.  The decisions can be erratic. 

The juxtaposition between the Supreme Court of Canada’s recent Spencer case, involving identity information tied to internet protocol addresses, and its subsequent holding on searches of cellphones incident to arrest in Fearon as cases in point.

These cases show how the Camden model struggles to accommodate the “right to be left alone” in our technological era.  Piecemeal judicial determinations renew its classic protections, and prolong its life.  But these decisions may constitute the last battles of an unsustainable war.

And that is because we now live in an information-rich era. For sake of simplification, I’ll call the current period the Turing era, in acknowledgment of Alan Turing and his foundational contributions to computer science. 

The Turing era risks swamping the protections offered by the Camden model, giving it an almost quaint quality.  These new problems can be divided into three categories: the “problem of mosaics”, the “problem of persistence” and the “problem of mobility”.

The Problem of Mosaics

The concept of a “mosaic” will resonate with anyone familiar with government justifications for secrecy in the area of national security.  But it has a privacy analogue as well. 

In one’s everyday life, one produces a mosaic of data bytes that each individually are benign and do not implicate individually real privacy concerns.  However, cumulatively, if compiled and analyzed by a knowledgeable observer, they could betray a privacy interest as profound as any protected by the conventional Camden paradigm.

This mosaic creation is facilitated by a process that some have called “Big Data” – which is simply recognition that our computing and analytic power now allows close to instantaneous creation of mosaics that would have taken years not so long ago.

Only if the Camden model is pushed back to protect the ingredient elements of the mosaic does it protect privacy. But while government may readily invoke the mosaic theory in refusing disclose its own sensitive information, it is not emphatically recognized as a privacy concept in Canada. 

The Problem of Persistence

Persistence is another problem.  Permanent control over intangible bytes may be close to impossible.  Data collectors morph and change, information moves between subsidiaries and parents, collectors and recipients, and across borders, and legal regimes governing privacy evolve and devolve.  The bytes themselves are theoretically eternal.  Camden is absolutely hamstrung in dealing with this problem of long-term control.

The Problem of Mobility

A related issue: bytes in an information-rich era are mobile.  Privacy protections are offered by states in varying degrees, but information in the Turing era is footloose and dispatched between jurisdictions with the click of a mouse.

There is now a hint in the Supreme Court’s jurisprudence that it is attentive to this problem.  In the recent Wakeling case, a majority of the Court agreed that residual constitutional privacy protections apply to international information sharing by the Canadian government, even if the information was properly collected pursuant to an intercept warrant.

But applying this standard and putting into play through all government will be an arduous undertaking.

 

Beyond Camden

For all of these reasons, the Camden model of privacy protection is at best an imperfect approach to privacy in information-rich environments.  While it need not be abandoned, its evolution as the cardinal guarantor of privacy in the common law tradition may be reaching its natural limit.

The alternative model is a specialized, data-protection regime that focus less on close regulation of collection, and more on safeguards regarding how accumulated information is then used.  The Privacy Act is our state of the art, but it too was designed for a pre-digital age. I do not think it deals well with the mosaic issue or the persistence issue, and the breadth of its exceptions allowing information flows (now greatly facilitated by technology) may render many of its rules on mobility largely illusionary.

So let me propose a few next generation fixes, all of which require legislative renovation and not piecemeal development through litigation.

First, it seems unlikely that privacy can be preserved in any real way if bytes are cumulated in a single, master database, or chain of linked databases.  Data mining then becomes a key concern, regulated only by internal, bureaucratic buffers.  These buffers come and go, and I believe little confidence can and should be placed in them.

Instead, bytes of data accumulated by government should be archived in separate, firewalled databases.  The firewall becomes the cyber equivalent to the John Wilkes’ home: it is becomes a barrier subject to being breached only with approval by a sufficiently detached official. 

In this respect, I believe that the Camden model might be adopted to allow for what I shall call “Firewall Warrants” – instances where on reasonable and probable grounds, an independent judicial officer is persuaded that hermetically-sealed databases should be conjoined to allow data searches.

I believe that Firewall Warrants are consistent with the Supreme Court’s Wakeling case, which has acknowledged a residual privacy interest in already collected data.

However, even with the most carefully constructed court-approved logarithms, any data-mining exercise will likely reveal extraneous information unrelated to the approved search.  The state should be obliged to minimize the product of the authorized search.  So excise material unrelated to the search’s authorized objective. 

Without minimization, the results of approved searches could themselves be archived and constitute a substantial parallel data network to be mined in subsequent investigations.

Last, as these proposals suggest, judges continue to play a Camden-like role in the new data protection regime.  However, judges do not suffice.

In an information-rich environment where government itself hosts vast quantities of data, the prospect of leakage between firewalls established between different wings of the same institution must be regarded as real. 

And so the existence and maintenance of the firewalls must be audited periodically by an arm’s length official – a natural role for a data protection officer such as the privacy commissioner. 

More than this, this person should audit how firewall warrants have been used, and provide feedback to authorizing judges.  This means that this person must have robust powers and substantial resources.

 

Conclusion

In sum, information-rich environments have the potential to gut conventional privacy protections.  In truth, those protections depended in large measure on the logistical difficulties associated with collecting, storing and transmitting information. 

Those logistical hurdles are overcome in the modern period, with the result that law becomes the only remaining safeguard of anonymity.  And conventional Camden-style privacy rules no longer adequately defend this right to be left alone. 

In my view, we need proactive legislation in this area, creating institutional rules on how better to manage archived information in a fashion that protects privacy but without impeding legitimate, good faith use of information by, among others, the security services.  Camden must, in other words, become more than a simple gatekeeping doctrine limiting initial collection of data.

And I will end on this point: in my view, bill C-51 runs of the risk of increasing the scope of the data flood problem while doing nothing to provide the sort of necessary cure that I believe to be essential.

Let me end there.

Thursday
May072015

Bill C-51: They Appear to Know Not What They Have Done

Yesterday, C-51 passed the House of Commons.  It now will run its course through Senate.

One of our chief complaints about C-51 is that it is incoherent -- either on its face, or in terms of how it will operate in the context of a broader security policy.

This seems an opportune point to mull this point in relation to the version of the bill now before the Senate.  And I want to focus on one area of great controversy, that the government then tried to defuse in one of the relatively minor amendments it made to the bill in the Commons: the famous carve-out from the definition of "undermine" security in the new information sharing Act, for "lawful" advocacy, protest, dissent and artistic expression.

Recall that any activity that "undermines" the vastly defined concept of security in the new info-sharing Act triggers the ability to exchange information between a long list of government agencies.  So the carve-out from this regime matters.

The qualifier “lawful” on the carve-out from this regime provoked controversy during the the Commons committee proceedings.  “Lawful” conduct would, of course, exclude blockades from the carve-out  It would also exclude workplace strikes inconsistent with labour law and street protests lacking the proper regulatory permits.  Put another way, “lawful” does not mean “non-criminal”.  It just means "without lawful authority".

The risk was that once labour, Aboriginal or environmental protesters broke one law -- including a municipal by-law -- they would fall outside the limited safeguards in the new Act.  They would subject to security information sharing to and among, at present (the number could increase) 17 different federal institutions including revenue, finance, health as well as CSIS, borders service, the RCMP and the CSE.

On this specific question, the government's language ignored the compromise approach found in Bill C-36, the original 2001 Antiterrorism Act.  That law codified the then-new concept of “terrorist activity” and extended its reach to serious interference or disruption of an essential service, unless done for lawful protest reasons.  However, after controversy, it then expanded the carve out to where the disruption stemmed from (even unlawful) protests, so long as they were not intended to cause death, bodily harm or endanger life or cause serious risk to health.

Predictably, exactly the same controversy reappeared during debate over C-51 over use of the word "lawful".  Under pressure from civil society groups (and after having regularly rejected their concerns, sometimes obnoxiously), the Conservatives amended the bill in the committee.  But how did they do this?  They simply deleted the word “lawful”. 

So the carve-out from the "undermine" concept now reads: "For greater certainty, it does not include advocacy, protest, dissent and artistic expression."

From a legal drafting perspective, this solution, ummm, perplexes.  Maybe I shouldn't mention this, but the carve-out is now almost as big as the definition of "undermine". 

Roach and I had proposed that “lawful” be dropped, but then recommended the same C-36 compromise noted above.  That is, we recommended excluding both lawful and unlawful protest and advocacy etc, but only so long as they were not intended to cause death, bodily harm or endanger life or cause serious risk to health. 

We recommended this because we don't think that all protest, advocacy or dissent should be exempted from the new information-sharing regime.  Violent protest, advocacy and dissent of a sufficient scale can be a national security issue, justifying information-sharing.  After all, anyone dimly aware of the history of terrorism appreciates that terrorism can be a form of “protest” or “advocacy”, depending on how you define those concepts.  Terrorism is certainly a form of “dissent”.

Indeed, after all, C-51 introduces a new crime of "advocacy" of terrorism offences ("in general"). We think this is a horrible, unnecessary and unconstitutional speech crime.  But having insisted on an "advocacy" crime, you'd expect the government to be concerned about how the same word "advocacy" is used elsewhere in the same bill.

But by simply dropping the word “lawful”, the new info-sharing Act seems to preclude application of the new information sharing powers in relation to any sort of advocacy, protest or dissent, no matter how criminal or indeed, how violent.  And so government officials will now need to spend a lot of time wondering if, e.g., violent conduct really is “protest” or “advocacy” or “dissent”, and whether they can still use the Act in relation to such conduct. 

Officials will also need to sit around and ask "shall we read the carve-out in the info sharing Act (now reaching both lawful and unlawful "advocacy" or whatever character) as excluding information sharing related to the new 'advocacy' crime?"

Officials will make it work: basically, they'll just ignore the incoherence and jam the round peg into the square hole of nonsensical legislative language.  And so, to do their jobs, they'll just have to ignore the law, because (as Shakespeare would say) the law is a total ass.  And the Privacy Commissioner, reviewing this work-around, would act very properly in tearing a strip off of these officials.

So this amendment is either intentional sabatoge by goverment MPs of their own bill, or a legislative "oopsy".  Keep all this in mind as you evaluate claims about the virtues of this bill.  It is riddled with problems of a similar nature.

Thursday
Apr302015

Bill C-51: Still Baking With the Wrong Recipe on the Charter of Rights & Freedoms

First my compliments to the Chef...

I have watched with interest the senate proceedings on bill C-51 and generally congratulate the senate standing committee on national security and defence for a much more substantive and meaningful deliberation on bill C-51 than we witnessed in the sorry spectacle that was the Commons committee process.

The senate committee has invited many government witnesses and security service watchdogs -- all notably absent at the Commons level -- and all of these witnesses have presented more detailed and substantive positions that elevate the debate over this bill.

But I am afraid there is still a fly in my soup...

This is not to say, however, that they have cured concerns that Kent Roach and I have raised about the bill.  I would categorize these concerns into three categories. 

  • First, concerns that the government seeks to achieve mostly legitimate security objectives with a bill that overreaches unnecessarily with measures that exceed what is needed to meet these objectives, and thus cause avertable injury to civil liberties while risking serious counter-productive side-effects on the security side (e.g., the new speech crime and the overly broad authorization for CSIS to conduct kinetic threat reduction steps).  Kent and I have proposed amendments that would, in our view, enable the security objectives to be achieved, without the collateral damage.  But apparently with little effect.
  • Second, concerns that the bill underreaches in failing to deal with serious shortcomings in Canadian national security law (e.g., the failure to oblige information sharing by CSIS of the sort that the Air India inquiry adjuged in 2010 necessary both to cure historical problems and also on-going coordination problems between RCMP and CSIS; the failure to cure the stove-piping problem with existing review bodies and extend the remit of review powers to the many government agencies engaged in national security, but subject to no review for lawfulness and compliance with directives).
  • Third, concerns that the bill violates the Charter of Rights and Freedoms (e.g., again the speech crime and also the puzzling new warrant regime for Charter breaches by CSIS).

Debating the latter, estoric Charter issues has proven fruitless -- these are too arcane a subject for a political process.  Generally speaking the government (official) position is "Yes C-51 is Charter compliant" (although I am not sure, personally, how many first born children the government would bet on the question). 

As for outside government: they certainly exist, but it is pretty hard to find a public or constitutional lawyer outside of government who agrees with the government position.  But such is life, and the recurring pattern these days involves vain efforts to cure constitutional issues at the parliamentary level, followed by lengthy, expensive litigation to defend the constitution in the courts.

And I need to see the manager about the cake we had for dessert...

All that said, I cannot help but comment on a new version of an old government line on this Charter issue.  The government persists in articulating the jawdropping position that because court warrants exist for searches (and also detentions), then it follows a court can, by warrant, permit the override of any and all Charter rights.  I've lost count of the number of times that I or Kent Roach have outlined how this is a fundamental category error

I won't repeat in full that analysis here.  Instead let me simply offer up this analogy: Compare the Charter to the aisle in your local grocery store marked "baking goods".  There you will find a whole host of ingredients, including such things as flour, baking soda, sugar etc.  Some of these things look a lot alike -- for instance, many are white and granular.  But of course, they are very different both in their taste and in the properties they bring to any baking project.

In the government worldview, all are, however, exactly the same -- they all can be treated the same way.  And so where a recipe calls for flour, another ingredient such as baking soda or sugar may be substituted. 

The reality, of course, is that not every ingredient -- and not every Charter right -- is the same. 

The section 8 protection against "unreasonable" searches and seizures and the section 9 protection against "arbitrary" detention have built in qualifiers ("unreasonable" and "arbitrary"), and have been understood for an age (in the Charter, the US Bill of Rights and in their more ancient common law analogues) as permitting an independent authority (usually a judge) to pre-authorize searches and detentions. 

These pre-authorizations prevent a breach of these rights because it is the preauthorizaiton (among other things) that makes the search "reasonable" or the detention "non-arbtirary". 

And so these are rights that in their fabric are associated with warrants -- and keep in mind what warrants are.  They are one-sided, secret judicial proceedings done with only the government present and only with government information provided and done in advance of government action, without its full contours on the ground yet established.

It is striking that some government senators are now pointing to the Spencer decision -- which was, in effect, a classic s.8 search and seizure case -- and suggesting that in some manner the Supreme Court blessed C-51.  In Spencer, the Supreme Court said, in essence, warrants are required for identifying information associated with IP addresses. (For a description of Spencer and why it is a notable s.8 search and seizure case, see here.) 

But again, this was a case about s.8 search and seizure, and not every other right in the Charter. It is a case, in other words, about the traditional area in which warrants are part and parcel of our legal tradition -- all it does is extend s.8 with its tradition of warrants to a novel new technology which raises new sorts of privacy concerns.

So the best way to analogize the government's use of Spencer as justification for C-51 is: "Look! The Supreme Court said that flour really is included in the recipe!  So that means we really can use baking soda!" 

The cake was very chalky, strangely fluffy and tasted awful...

Let me expand on the baking soda: rights like the Charter s.12 bar on "cruel and unusual treatment" and basically every other Charter right are different from s.8 and s.9, and there is no such "reasonableness" or "arbitrary" qualifier on the right and no such tradition of warrants designed to forestall the violation of the right.  (I acknowledge that s.7 has more internal pliability than say s.12, at least for its procedural component.  Less so, it seems to me, when the court establishes a substantive element of fundamental justice).

Bottom line: We don't have, in Canada, "cruel treatment warrants" or "denying reentry to the country warrants" or "speech repression warrants" or "denial of habeas corpus warrants".  That is, courts don't decide that rights can be abrogated in advance is a one-sided, secret judicial proceedings done with only the government present and only with government information provided and done before the government action, without its full contours on the ground yet established.  We have repeatedly asked for accurate and compelling analogues for what the government proposes in C-51, and we are still waiting.

It is certainly true that in our Charter "recipe" no right is truly absolute.  But again, in the recipe that is the Charter, the nature of limitations matter.  Limitations are permissible only through advance use by Parliament of the notwithstanding clause (s.33) or through the complicated, back-end, open court adjudication on a full factual record of a limitation "prescribed by law" (which almost always means legislation that identifies intelligibly the nature and contours of the rights constraint) under s.1.  Neither of these forms of limitation are found (or satisfied) in C-51.

Seriously, Mr Manager?  Just because the Cordon Bleu school uses baking soda for fluffy bread doesn't mean they'll let you take flour out of cakes

Yet, under the government's theory a judge may, through warrant, now pre-authorize a breach of any right.  Again, I won't repeat the full objection to this, which is rehearsed elsewhere (including here).  But just take one example. 

It is a violation of the Charter to commit torture (s.7 and s.12 of the Charter would be violated).  Under the government legal theory, however, it is now perfectly feasible that such a breach would be exonerated if Parliament were to pass a law saying "police can do anything so long as first blessed by a court".  In the government's radical legal theory, the existence of the Charter bar on torture can be negated by this sort of generalized ex ante court blessing.  Anything done under the shelter of a court warrant cannot, in the government's reasoning, be unconstitutional.  It is, quite literally in some cases, a "get out of jail free" card. 

Beyond being a puzzling position for a government whose political executive rails against judicial overreach, it is simply untrue that "whatever a judge says, goes and is inherently constitutional".   Judges don't decide the persistence of a Charter right.  The existence of the Charter does not depend on judicial sufferance.  The government's theory now presents what I suppose we could call the "judicial notwithstanding clause": rights can be abrogated in advance at judicial whim.

But as I say, since the government seems committed to this constitutional adventure, the legislative process is apparently not a place where they can be persuaded to take a more conventional, and more defensible approach. 

The more conventional approach would be: enumerate specific powers that you wish CSIS to have, in the legislation, to reduce threats to the security of Canada.  In this manner, you "prescribe by law" powers that may (by implication) constrain a Charter right.  If it is challenged, the legitimacy of this new power then becomes fodder for a conventional inquiry for a court under s.1 in the regular, open-court, full evidentiary record manner. (This would also have the necessary effect of allowing us to debate in a transparent manner exactly what sort of powers we are giving CSIS.  The present bill amounts to "anything other than bodily harm, obstruction of justice or violation of sexual integrity", with the government then saying "but don't worry, it won't actually be used in a scary manner").

This conventional approach would avoid what will happen after C-51 is passed: a court challenge to the new warrant provisions that can reasonably raise the sort of objections noted above, accompanying objections that the peculiar warrant proceeding happens also to violate separation of powers principles by dragooning the courts into a Charter-limiting role and blessing unconstitutional state conduct, and a lot of very interesting arguments that will be able to deploy the Supreme Court's blessing of "reasonable hypotheticals" to explore exactly how bad the new C-51 powers could be.

All of this would have been totally avertable by a little more care and attention to the Charter's fundamental recipe.  But no, "Let them eat our very chalky, strangely fluffy and awful tasting cake!"