About this Project

This blog comments on Canadian (and occasionally comparative) national security law to update my National Security Law textbook and now also my 2015 book, False Security: The Radicalization of Anti-terrorism, co-authored with Kent Roach.

Please also see www.antiterrorlaw.ca for Bill C-51-related analyses by Craig Forcese and Kent Roach.

For narrated lectures on various topics in national security law, please visit my 2017 "national security nutshell" series, available through iTunes.


For a continuing conversation on Canadian national security law and policy, please join Stephanie Carvin and me at A Podcast Called INTREPID.


Please also visit my archive of "secret law" in the security area.

By Craig Forcese

Full Professor
Faculty of Law

Email: cforcese[at]uottawa.ca

Twitter: @cforcese


Subscribe to National Security Law Blog
National Security Law Blog Search

Best Law School/
Law Professor Blog Award


Most Recent Blog Postings

Latest Book: Available from Irwin Law in April 2018.


The Ugly Canadian? International Law and Canada’s New Covert National Security Vision

Speaking Notes

CBA National Section on International Law Notes
May 28, 2015

Craig Forcese

Thank you for your invitation.  I have been asked here this evening to speak about the international law aspects of two new laws – bill C-44, now enacted, and bill C-51, all but certain to be enacted by next week.

Most of you are probably familiar with at least C-51.  It is a large omnibus, with a number of moving parts.  But perhaps the most controversial part of the bill would give our covert security service -- CSIS – the powers to “reduce” threats to the security of Canada by taking any “measure”, except bodily harm, violation of sexual integrity or obstruction of justice.  

The government calls these “disruption” powers, although no one has clearly articulated what that means.  What we do know, however, from the legislative history is that the government intends CSIS to be able to pick from a menu of responses.  Politically, this has been painted as an anti-terror response.  Legally, CSIS’s new powers reach its entire national security mandate, and so apply to sabotage and espionage, violent subversion and so-called foreign influenced activities, as well as terrorism.

We also have some sense from the legislative history as what specifically the government has in mind.  Famously, the government has said it wants CSIS to be able to speak to parents of radicalizing children.  CSIS already does so, and so we need to look further. 

The parliamentary record includes suggestions that, legally speaking, the government believes the new powers could be used to interfere with mobility rights (as in returning Canadians); that the door is not closed legally speaking on rendition; and that the door is not closed in terms of some form of detention, although not criminal arrest. 

Other things that CSIS specifically identified as being among its new powers are “disrupting a financial transaction done through the Internet, disabling mobile devices use in support of terrorist activities, and tampering with equipment that would be used in support of terrorist activities”.

And the government also pointed to analogs – actually quite poor – in other laws that allows the state to remove content from the internet, in the context of discussing the CSIS power.  This suggests internet site take-downs are on the list. 

Exercising some of these powers would require warrants, because the bill requires a warrant where a measure would breach Canadian law or the Charter.

You may be less familiar with bill C-44.  This bill was tabled in the Fall, and on its face seeks to remedy confusion caused by a series of Federal Court cases concerning the extraterritorial reach of CSIS’s conventional surveillance jurisdiction.  Specifically, the court cases cast doubt on whether CSIS may legally conduct covert surveillance in violation of foreign law, and therefore territorial sovereignty. At any rate, they held that the court itself was not empowered to issue a warrant permitting such activity. 

Through a perplexing serious of events, these questions are now before the Supreme Court in the Re X matter, scheduled for hearing this Fall.

Critically, both C-51 and C-44 provide new extraterritorial reach for CSIS activities: they emphatically allow CSIS to operate internationally, and they emphatically allow courts to issue warrants in violation of foreign and "other (aka international) law.

Which brings me to today’s topic:  how it this to be evaluated with an eye to international law?  And do we risk becoming the proverbial “ugly Canadians”, because of international law banditry?

I will start by saying that the international law of spying is underdeveloped.  Certainly, sovereignty is a core precept of public international law, guarding a state’s essentially exclusive jurisdiction over its own territory.  A concomitant principle is the rule of non-interference in the internal and external affairs of any other state.

I want to focus first on collection of intelligence from human or electronic sources by non-diplomats.  Non-diplomatic state agents collecting human intelligence or engaging in electronic surveillance do not benefit from any diplomatic cover, or arguments that their activities fall within the scope of a diplomatic mission. 

They are, therefore, personally culpable for any violation of the laws of the state in which they spy, and their states are responsible for any resulting breaches of international law. 

On this last point, however, everything hinges on the breadth of the customary prohibitions on intervening in the internal or external affairs of any other state.  Does, for instance, a failure by a state agent to comply fully with the territorial state’s laws always amount a breach of sovereignty, and therefore of international law?

The exercise of what is known as “enforcement jurisdiction” by one state and its agents in the territory of another is clearly a breach of international law – it is impermissible for one state to exercise its physical power on the territory of another, absent consent or some other permissive rule of international law.  And so I pause here to say that much of the physical, kinetic activity that CSIS might undertake under C-51, done covertly without state consent, would violate international law.

More uncertain is whether a state agent’s violation of domestic rules through spying necessarily constitutes a violation of international law.

There is no international jurisprudence on peacetime espionage, state practice is a muddle, and the academic literature is deeply divided on the question of legality. 

Helpfully, the academic literature splits into three categories: those who regard espionage as illegal in international law; those who see it as “not illegal”; and those who envisage espionage as neither legal nor illegal. 

The very fact that there are three camps with such diametric and somewhat uncertain positions itself suggests that the third view – neither legal nor illegal -- lies closest to the truth: there is no clear answer on the international legality of extraterritorial espionage, assessed from the sovereignty perspective. And the international community seems content with an artful ambiguity on the question.

On the other hand, human rights principles constrain the means and methods of spying by prohibiting torture, cruel, inhuman and degrading treatment and unauthorized intrusions into privacy.  But when and whether these rules apply to extraterritorial spying is a complex question.

The answer to that question depends on whether international human rights instruments have extraterritorial reach.  Put succinctly, a state’s obligations under the Torture Convention extend to territories over which it has factual control.  Its ICCPR responsibilities, meanwhile, attach to persons under its effective control, including potentially those detained surreptitiously for purposes of interrogation. 

The rules governing extreme forms of interrogation do, therefore, extend to extraterritorially.  It is difficult to see, however, how the ICCPR concept of “effective control” applies to privacy interests and constrains, for instance, extraterritorial electronic surveillance.  Extraterritorial surveillance, almost by definition, will not be of persons within the spying state’s effective control.

I would note that since the Snowden revelations, there has been a lot of soft law emerging in this area – and so customary law here will likely become a moving target.  But we’re not there yet.

And so what does all this mean for CSIS going forward.  First, covert surveillance done without the consent of a foreign state may currently be ungoverned by international law – although whether it would nevertheless be governed by section 8 of the Charter is a novel issue that may well be reached by the Supreme Court in the Re X case.  And so international law is mostly unhelpful in assessing C-44.  (Subject to the caveat that the more kinetic the surveillance -- the more it amounts to a physical exercise of state powers -- the more likely it is to stray across an enforcement jurisdiction boundary).

The situation with C-51 is more complex.  Some of CSIS’s possible, so-called disruption activities clearly stray into the enforcement jurisdiction range: holding someone in custody; rendering someone.  These are kinetic activities of a sort that amount to enforcing state powers on the territory of another state. 

It is also possible to conceive of hacking into a foreign bank account to delete an account or attacking a foreign server to bring down a website as sufficiently physical acts in today’s world to amount to the wrongful exercise of enforcement jurisdiction.

More than this if CSIS detains someone or renders someone, it seems very likely that the human rights standards in the ICCPR apply.  The effective control standard would be met.

CSIS, review bodies, and courts will need to keep this range of possibilities in mind as they approach CSIS’s new powers.  It would be cardinal mistake to treat every exercise of CSIS’s new powers as equivalent, in international law. Each requires a unique international law assessment.

I will end on a final point: I mentioned that in both bills, the Federal Court is empowered to issue a warrant authorizing CSIS conduct.  At issue, however, is when the Service needs to seek a warrant – if it doesn’t need to actually seek a warrant, it can act unilaterally. 

C-44 is ambiguous – probably intentionally -- on this question.  It specifies no precise trigger for seeking a warrant.  The implied trigger would be whenever a warrant is required under the Charter.  Since the extraterritorial reach of the Charter is a disputed issue, we will need clarity from the Supreme Court on that question in Re X.

In C-51, a warrant must be sought if CSIS’s conduct will violate Canadian law or the Charter.  Canadian statutory law rarely applies outside Canada, and again the reach of the Charter is contested.  And so, this too risks becoming a closely litigated issue. 

To obviate the possibility of CSIS unilateral extraterritorial action, my own view would be that principles of customary international law, such as state sovereignty, are part of the common law of Canada.  Common law persists unless displaced by statute.  These are settled issues in Canadian law.  I would then argue that there has been no such displacement of the common law by C-51.  And since CSIS requires a warrant for a breach of Canadian law – a concept that properly includes common law – a warrant is required under C-51 every time the Service does anything that violates state sovereignty.

I suspect that the government will not warmly embrace this analysis.  And so I imagine some of these arguments will soon be made in a more formal setting.

Thanks for your interest.


Getting to Yes on National Security Law and Policy

Speaking Notes

May 2015

I’m on this panel to offer the perspective of a government outsider.  I suppose in my case, I might be described as an outsider with some occasional insider experience and who, by reason of the fact that I work in Ottawa, is usually lurking around the doors.

So I have been on the periphery of government and government policy issues for my entire professional life, most recently in the area of national security law. I am also (in a much less informed and much more distant way) an observer of how public policy in national security works in other democracies, such as the United States and the UK and Australia.

Based on that perspective, I’ll make three brief points.

First, Canadian national security policy making suffers from significant silos.   Some of this silo effect is compounded by today’s unproductive political environment.  But some of it is more structural and long-standing.

Silos exist between government and those outside of it.  But from where I sit, I believe silos also exist within government, between and even within agencies. Policy is developed internally, through a sometimes imperfect interdepartmental process, and then sometimes shared and applied unevenly.

I confess, I am sometimes dumbfounded by admissions suggesting that even those you’d expect to have their finger on the pulse aren’t able to stay on top of the whole picture.  I see a lot of agencies focusing on trees, but I am sometimes left wondering whether the government is good at seeing forests.

And that may be the reality of a complicated world, where officials are distracted by the crises of the hour in big sprawling bureaucracies.  But bigness can be overcome as a collective action problem, so long as there is more transparency.  Transparency allows us to capitalize on what, in the modern jargon, we call “crowdsourcing”.

And that brings me to the poverty of our consultative tradition. 

In Canada, national security (and many other) policies or law projects are almost always sprung on the world without any meaningful advance external consultation.  Yes, sometimes, some people – a select few -- are given advanced notice of a policy development.  But this is not real consultation, and at any rate this process is uneven and itself opaque.  And more than that, it sometimes done for optics, not for effect.

We are nowhere near having emulated the quite important UK tradition of floating policy ideas in national security law through detailed discussion papers and emphatically eliciting responses.  Nor have we emulated the UK and Australian experience of an independent reviewer of anti-terrorism law – more on that in a second.

We have had, through the now terminating Kanishka initiative, an emerging process of feeding academic research into government.  There are also academic outreach initiatives in some of the security services.  But in my experience, those events are often either the presentation of a finished government product, or a one way expression of views by academics to a sometimes very inert government audience.

Perhaps I look across the Atlantic with rose coloured glasses.  But again, the Canadian practice is quite different from apparently meaningful and seemingly rich, prior consultation on actual policy and law that occurs in the UK.

It is not as if the UK always arrives a good outcomes -- quite the contrary.  Consultation is not a perfect foil to bad ideas, especially if it is pro forma.  But it also seems clearly the case that the result in Canada of our stovepiped, closed door policy making is suboptimal outcomes.  Not all wisdom is monopolized by government.  I promise not to beat up on C-51, but I will say this: Had it been floated through a UK style process, I firmly believe it would have been possible to arrive at each and every one of the bill’s security objectives, without much of what has and will happen in response to that bill, including at least a decade of avertable litigation.

So to sum up on this point: the silo approach risks outcomes reflecting tunnel vision and creates unnecessary adversaries.

Second, because the silo approach spits out untested policy and law as a finished product, efforts to improve that outcome necessarily becomes a political issue.  In our current unhappy political environment, the political executive seems to view any change as a loss of face, to be avoided at all costs.  As a consequence, the political process polarizes and makes no distinction between those pressing for changes in good faith to improve outcomes, and those opposing measures because of more myopic agendas.  All tend to be tarred with the same brush, and all tend to be dismissed, sometimes through ad hominem attacks.

This is a not a phenomenon confined to national security law.  Nor should we assume that it is always unintended.  In 2009, the PM’s former chief of staff reportedly explained at an academic conference at McGill that it has been politically helpful to have academics and others attack government positions in the criminal justice area, on the theory that academic opposition actually enhances support in the famous “base”.  More than this, it meant, in his words, that the government “never really had to engage in the question of what the evidence actually shows about various approaches to crime.”  And ironically, this propensity exactly explains why government criminal laws are faring poorly in the courts, not least in the recent Nur decision.

At some level, the C-51 debate again is a classic and depressing example of this problem.  Indeed, the problem is even more acute with C-51 because the level of national security law knowledge in Parliament and among political staffers is very low, sometimes because of indifference, but probably more often as a knock-on effect of our closed-door silo approach. 

Having now appeared before more than 20 parliamentary committees, my experience is that it is close to impossible to address complex issues in a parliamentary environment, even without today’s acidic partisanship and ready recourse to non-sequitur speaking lines.

We suffer here again from the absence of an independent reviewer of anti-terrorism law able to feed disinterested and credible data into a distracted Parliament.  In the UK, for instance, that person issues periodic reports, and also scrutinizes government law projects.  This sparks thorough and meaningful government responses, and all this feeds into what appears to be a more sophisticated parliamentary process, relative to our experience here.

Moving on to my third point, which I will try to make more uplifting than my prior two.  We need an exit strategy from this morass.  We will not, as a society, meet sustainable national security objectives in our current manner.  I confess, many of my colleagues in the legal and academic profession simply take the view that there is little point trying to break down the silos at this point.  They await the next government.

But while some governments will be worse on this issue than others, we suffer in Canada from an excessively closed culture on national security – and always have.  Changing that does not just happen with a change in political leadership.  It requires also a changed culture within government institutions and also among those of us outside government.

I won’t propose specific, concrete suggestions – we could spend a lot of time on that.  But let me end by throwing out three, high level attitudinal steps. 

First, our security services need to decide that this is a priority.  For instance, when invited to speak at events and explain positions, they need to be willing to enter the lion’s den.  In my experience, now, they won’t, except in the most controlled circumstances.  It really is unfortunate to attend events which do influence opinion, and look down the table and realize that no one will be able to offer the government perspective, and not for lack of trying by the organizers. 

In those situations and because I am a contrarian who dislikes intellectual love-ins, my practice is often to try to act as a proxy for government positions, as best I can.  But having me acting as government proxy is not something that should really enthuse anyone in government. 

The risk post-C-51 is that the security services will just circle the wagons more closely, especially as they are subjected to heightened scrutiny in court cases and through a renewed media interest.

Second, and in keeping with this comment, we need the recruit and advance people inside these institutions who resist confirmation bias and do not become captive to their institutional cultures.  That is, we need people who are prepared to run the risk of greater transparency and are prepared to trust that this transparency can produce better outcomes.  

Which is a form of saying, we need the best and the brightest – there is a reason I encourage the students in my national security law classes to look seriously at government work.

Third, those of us outside, in civil society, also need to take a big breath.  There is now a culture of “gotcha” accountability.  This is partly because there is very little trust-building across the silos, and essentially none at the political level. 

It is partly because it is easy to assume the worst of faceless agencies, and much harder to assume bad faith when the human beings in those agencies are your neighbours who welcome you into the tent to work on a common cause.  

And honestly, I think this is a huge issue – most people have never met a CSIS officer, or Public Safety policy official, or a Justice lawyer.  And so their impression of these people can be like something out a fairytale.  And I must say – it goes both ways.  Those in government can perceive those outside as inevitable adversaries and beyond redemption, based on superficial stereotyping.

The gotcha environment is also partly a function of the 24 hour news cycle and social media.  And the general level of attention deficit in public discourse make communicating nuance very hard.

But that is not to say we shouldn’t try.  There will always be shock-jocks on both sides of the silo whose objective is to tarnish, not improve.  But it is a huge mistake to react to the existence of those persons by shutting off relationship building.  The shock jocks are undercut to the extent that relationship building creates a constituency more inclined to nuance. 

The challenge for civil society is to develop a mantra of “criticism if necessary, but not necessarily criticism”. 

The challenge for government is to open up so that those of us outside of government, making independent decisions on whether to criticize or not, do so based on fact, and not ignorance.

And the challenge for all of us is not to conflate good faith disagreement on the many contested issues in this field with animus.

Let me end there.


Camden versus Turing: The Future of Legal Privacy

Speaking Notes

Queen’s University Policy Forum (Kingston, On)

April 2015

What I want to do with my few minutes to tee-up our topic with some general observations about how I think we are approaching the question of privacy & security in the modern world with outdated legal concepts.

And on that topic I want to start with two short stories: one to illustrate the origins of our principal privacy concept and another to discuss how the world has changed. 

My first story reaches far back, to the 1760s, when British Parliamentarian John Wilkes published an anonymous series of pamphlets critical of the King. Much irked, the King’s officials issued a “general warrant” responding to this “seditious libel”.

Under this warrant, the Crown’s henchmen ultimately arrested Wilkes and seized his papers, after breaking into his home.  After his release from the Tower of London, Wilkes sued the officials responsible for the warrant.

In a celebrated series of decisions, the presiding judge, Lord Camden, invalidated the warrant.  In so doing, he condemned the forcible search of Wilkes’ house as unlawful.

This early “national security” case – perhaps one of the most famous decisions of the late 18th century – galvanized opinion in colonial America, and was a clear impetus to what became the Fourth Amendment of the United States Constitution.  

That amendment in turn was the inspiration for our own section 8 of the Canadian Charter of Rights and Freedoms.

Lord Camden’s decision shaped, in other words, a legal dichotomy that persists to this day between when a state can merely watch, and when it can actively search and seize.  At core, the Camden model, in its current form, is about superimposing an independent judicial officer as a gatekeeper on when and how the state may search a protected zone of privacy around each person.

My second story is much more recent.  On February 14, 2005, Rafic Hariri, the former Prime Minister of Lebanon, was assassinated in a truck bombing.  In the aftermath of that terrorist incident, the United Nations and Lebanon created a Special Tribunal to prosecute those responsible.  Since then, five indictments have been filed against members of Hezbollah, and trials in absentia began in 2014. 

What is less well known is how investigators identified these defendants. 

A decade ago, a Lebanese police captain – Wissam Eid –hit on the relatively novel idea of focusing on the archive of metadata accumulated by cellphone companies.  Metadata is “data about data” – that is, it is the contextual information that surrounds the content of a digital communication.  Data and time of the call, the location of the device at the time of the call etc.

With a court order, Eid reviewed call and text message records for the four months up to the assassination.  In so doing, he identified a cluster of cellphones following Hariri.  These phones were ultimately linked to senior members of Hezbollah. 

Eid was himself assassinated by car bomb on Jan 25, 2008.  But Lebanese authorities transferred the Eid’s work to the UN investigators, who pieced together a jigsaw puzzle of connections from the metadata that paved the way to the ultimate indictments.

Since then, metadata has become a much more commonplace term and also the source of considerable controversy.  As you all know, Edward Snowden ignited a media frenzy in 2013 by sharing details of classified US National Security Agency (NSA) surveillance programs.  

Those disclosures, hinging in large measure on metadata collection, focused attention on CSE, which does its own analysis and assessment of metadata as part of its foreign intelligence mandate.  Inevitably, the debate turned to questions about the legal basis for any collection initiative, and the extent to which CSE is governed by robust accountability mechanisms.  They also sparked an ongoing constitutional lawsuit brought by the BC Civil Liberties Association.

To bring my two stories together: part of that lawsuit will focus on whether the metadata collected by CSE differs from the personal papers at issue in Lord Camden’s decisions.   

Or, put more concretely, is metadata a sort of information that gives rise to the sort of privacy protections Lord Camden was defending, and which are now part of our constitution?

These are not easy questions, and they twist lawyers and the national security agencies they advise into knots.  As the Hariri case suggests, the modern data waste we all spew off through our use of modern communications devices can be a vital tool of investigation – and indeed also security preemption. 

But as the Snowden revelations tends also to show, achieving this objective requires the creation of a huge haystack that may be quite revealing of the personal habits of utterly innocent people. 

This sort of struggle to reconcile data tracking that keeps us safe with limits on surveillance that allow us to remain anonymous will be a key challenge for our age.

And so far in this country, we have made no real effort to address this issue.  My thesis in brief: It is my view that the Camden approach remains important, but it was developed for a different era, and is no longer an adequate safeguard in the information rich world in which we live.  And simply ramming the Camden model into this new world creates peculiar difficulties from a security perspective while constituting a modest privacy protection.  We need to reconsider our entire approach. 

Let me unpack that assertion:

In its inception, the Camden model was about protecting geography – it is tied to an ancient tradition best encapsulated in the old chestnut that the proverbial Englishman’s home is his castle.

In an information-poor world like the 18th century, tangible information is found in specific locations and access to this information requires a physical intrusion of the state into these places.  And so personal sovereignty over spaces equates to control over the information found in those zones. 

But that is not the world we live in anymore – we leak tangible information into our environment in a way impossible in the 18th century.

Our response has, by on large, simply been to develop the same Camden model.

For instance, in the 1960s, the U.S. Supreme Court developed what we call the “reasonable expectation of privacy” test in a wiretap decision that latter heavily influenced the Canadian Supreme Court’s approach to section 8 of the Charter.  To this day, a warrant is generally required where at issue is state search or seizure of any information raising a reasonable expectation of privacy. 

Exactly what is in these zones of reasonable expectation of privacy is a matter of judgment. 

And every time a new technology emerges, and spills information to a broader world, the courts deliberate on whether it triggers constitutional privacy protections.  The decisions can be erratic. 

The juxtaposition between the Supreme Court of Canada’s recent Spencer case, involving identity information tied to internet protocol addresses, and its subsequent holding on searches of cellphones incident to arrest in Fearon as cases in point.

These cases show how the Camden model struggles to accommodate the “right to be left alone” in our technological era.  Piecemeal judicial determinations renew its classic protections, and prolong its life.  But these decisions may constitute the last battles of an unsustainable war.

And that is because we now live in an information-rich era. For sake of simplification, I’ll call the current period the Turing era, in acknowledgment of Alan Turing and his foundational contributions to computer science. 

The Turing era risks swamping the protections offered by the Camden model, giving it an almost quaint quality.  These new problems can be divided into three categories: the “problem of mosaics”, the “problem of persistence” and the “problem of mobility”.

The Problem of Mosaics

The concept of a “mosaic” will resonate with anyone familiar with government justifications for secrecy in the area of national security.  But it has a privacy analogue as well. 

In one’s everyday life, one produces a mosaic of data bytes that each individually are benign and do not implicate individually real privacy concerns.  However, cumulatively, if compiled and analyzed by a knowledgeable observer, they could betray a privacy interest as profound as any protected by the conventional Camden paradigm.

This mosaic creation is facilitated by a process that some have called “Big Data” – which is simply recognition that our computing and analytic power now allows close to instantaneous creation of mosaics that would have taken years not so long ago.

Only if the Camden model is pushed back to protect the ingredient elements of the mosaic does it protect privacy. But while government may readily invoke the mosaic theory in refusing disclose its own sensitive information, it is not emphatically recognized as a privacy concept in Canada. 

The Problem of Persistence

Persistence is another problem.  Permanent control over intangible bytes may be close to impossible.  Data collectors morph and change, information moves between subsidiaries and parents, collectors and recipients, and across borders, and legal regimes governing privacy evolve and devolve.  The bytes themselves are theoretically eternal.  Camden is absolutely hamstrung in dealing with this problem of long-term control.

The Problem of Mobility

A related issue: bytes in an information-rich era are mobile.  Privacy protections are offered by states in varying degrees, but information in the Turing era is footloose and dispatched between jurisdictions with the click of a mouse.

There is now a hint in the Supreme Court’s jurisprudence that it is attentive to this problem.  In the recent Wakeling case, a majority of the Court agreed that residual constitutional privacy protections apply to international information sharing by the Canadian government, even if the information was properly collected pursuant to an intercept warrant.

But applying this standard and putting into play through all government will be an arduous undertaking.


Beyond Camden

For all of these reasons, the Camden model of privacy protection is at best an imperfect approach to privacy in information-rich environments.  While it need not be abandoned, its evolution as the cardinal guarantor of privacy in the common law tradition may be reaching its natural limit.

The alternative model is a specialized, data-protection regime that focus less on close regulation of collection, and more on safeguards regarding how accumulated information is then used.  The Privacy Act is our state of the art, but it too was designed for a pre-digital age. I do not think it deals well with the mosaic issue or the persistence issue, and the breadth of its exceptions allowing information flows (now greatly facilitated by technology) may render many of its rules on mobility largely illusionary.

So let me propose a few next generation fixes, all of which require legislative renovation and not piecemeal development through litigation.

First, it seems unlikely that privacy can be preserved in any real way if bytes are cumulated in a single, master database, or chain of linked databases.  Data mining then becomes a key concern, regulated only by internal, bureaucratic buffers.  These buffers come and go, and I believe little confidence can and should be placed in them.

Instead, bytes of data accumulated by government should be archived in separate, firewalled databases.  The firewall becomes the cyber equivalent to the John Wilkes’ home: it is becomes a barrier subject to being breached only with approval by a sufficiently detached official. 

In this respect, I believe that the Camden model might be adopted to allow for what I shall call “Firewall Warrants” – instances where on reasonable and probable grounds, an independent judicial officer is persuaded that hermetically-sealed databases should be conjoined to allow data searches.

I believe that Firewall Warrants are consistent with the Supreme Court’s Wakeling case, which has acknowledged a residual privacy interest in already collected data.

However, even with the most carefully constructed court-approved logarithms, any data-mining exercise will likely reveal extraneous information unrelated to the approved search.  The state should be obliged to minimize the product of the authorized search.  So excise material unrelated to the search’s authorized objective. 

Without minimization, the results of approved searches could themselves be archived and constitute a substantial parallel data network to be mined in subsequent investigations.

Last, as these proposals suggest, judges continue to play a Camden-like role in the new data protection regime.  However, judges do not suffice.

In an information-rich environment where government itself hosts vast quantities of data, the prospect of leakage between firewalls established between different wings of the same institution must be regarded as real. 

And so the existence and maintenance of the firewalls must be audited periodically by an arm’s length official – a natural role for a data protection officer such as the privacy commissioner. 

More than this, this person should audit how firewall warrants have been used, and provide feedback to authorizing judges.  This means that this person must have robust powers and substantial resources.



In sum, information-rich environments have the potential to gut conventional privacy protections.  In truth, those protections depended in large measure on the logistical difficulties associated with collecting, storing and transmitting information. 

Those logistical hurdles are overcome in the modern period, with the result that law becomes the only remaining safeguard of anonymity.  And conventional Camden-style privacy rules no longer adequately defend this right to be left alone. 

In my view, we need proactive legislation in this area, creating institutional rules on how better to manage archived information in a fashion that protects privacy but without impeding legitimate, good faith use of information by, among others, the security services.  Camden must, in other words, become more than a simple gatekeeping doctrine limiting initial collection of data.

And I will end on this point: in my view, bill C-51 runs of the risk of increasing the scope of the data flood problem while doing nothing to provide the sort of necessary cure that I believe to be essential.

Let me end there.