A group of Canadian lawyers and academics has sent an open letter to the federal government saying that parts of proposed lawful access legislation raise “serious constitutional concerns” and could violate privacy and Charter rights.
The May 4 letter, signed by 13 scholars and practitioners from across the country, says the current version of Bill C-22 improves on its predecessor, Bill C-2, but still raises cause for concern.
“Bill C-22 marks an improvement over its predecessor in several respects,” the signatories wrote. “But certain provisions of the bill as currently drafted raise serious constitutional concerns and fail to strike a reasonable balance between the legitimate needs of law enforcement and the privacy rights of Canadians.”
Bill C-22, also known as the Lawful Access Act, was introduced on March 12 by Public Safety Minister Gary Anandasangaree. It would expand law enforcement’s authority to access digital information, introduce new requirements for retaining metadata, and compel telecommunications and online service providers to grant authorities access to user data.
The government says the measures are needed to address investigative gaps created by rapidly evolving digital technologies.
Legal Threshold Concerns
The letter, addressed to Anandasangaree, Prime Minister Mark Carney, Justice Minister Sean Fraser, and opposition leaders, was first published online by signatory Robert Diab, a law professor from Thompson Rivers University.
Other signatories include Michael Geist, the Canada research chair in Internet and E-Commerce Law at the University of Ottawa; Lisa Austin, a law professor at the University of Toronto; Matt Malone of the Balsillie School of International Affairs; and Professor Katie Szilagyi, an associate professor of law at the University of Manitoba.
A central concern is the bill’s proposed production order for digital subscriber information. The signatories argue that it lowers the legal threshold for access from “reasonable grounds to believe” to “reasonable grounds to suspect,” while allowing for a broad range of personal data to be disclosed.
“The new production order for subscriber information … retains a legal threshold that is too low and a scope of disclosure that is too broad,” the letter states.
The letter notes that police already have legal tools to find identifying details for an IP address or phone number, but they can only be obtained if authorities have “reasonable grounds to believe” there has been an offence. Bill C-22, by contrast, allows access to this information based solely on “reasonable grounds to suspect.”
This difference is crucial, according to the signatories.
“The courts have held that this distinction is not semantic: in R v West, the Ontario Court of Appeal excluded evidence obtained through a production order precisely because the officer had established only grounds to suspect rather than grounds to believe,” the letter notes.
It also raises concerns that authorities would be able to access detailed personal information other than the identity behind an IP address or phone number.
“It can be directed to a physician, a cable company, or a platform like iCloud, requiring disclosure of what cable packages a person subscribes to, what medical services they receive, or what devices they use. Much of this information carries a high privacy interest and calls for a higher legal standard,” the letter states.
In its Charter statement on the proposed bill, the justice department says the law would not give police open-ended access to a person’s digital activity and would still maintain the judge as a gatekeeper to grant or deny any more intensive requests.
Specifically, the department says authorities would only be able to determine if a provider offers a service to a specific subscriber, but wouldn’t obligate the provider to give out the full account record. A more detailed request such as this delving into account activity would still need a separate judicially-authorized production order to move forward, according to the department.
CSIS and Oversight Concerns
The scholars also say they are concerned about the bill’s extension of powers to the Canadian Security Intelligence Service (CSIS).
“The Charter concerns are more acute with CSIS, and the Service should have to satisfy a ‘reasonable grounds to believe’ threshold for all of these authorities,” they write. “Unlike criminal defendants, ‘persons of interest’ to CSIS are never given an opportunity in court to challenge the intrusion of state power into their private lives.”
For its part, the federal government says CSIS’s powers under the bill include rigorous oversight, including requiring certain ministerial orders under Part 2 of the bill to be approved by the intelligence commissioner before going into effect. Part 2 of the bill pertains to the obligation of service providers to be able to help authorities and CSIS access information where necessary.
According to the signatories, another red flag in the legislation is the requirement for telecommunications and digital service providers to store user metadata for up to one year.
“This amounts to a blanket obligation to preserve a detailed record of the movements and associations of every Canadian who uses a regulated service, with no requirement for individualized suspicion,” the authors write, arguing that similar laws have been struck down in Europe.
“A blanket obligation to retain the metadata of millions of Canadians for up to a year without any individualized trigger is not consistent with section 8 and will not survive a constitutional challenge,” the letter states.
Section 8 of the Canadian Charter of Rights and Freedoms states that all individuals have “the right to be secure against unreasonable search or seizure.”
The open letter also criticizes the bill’s requirements that service providers work to help law enforcement and provide information to authorities and intelligence services, which they say could carry cybersecurity risks.
The act could require providers to “develop, implement, test, and maintain technical capabilities for law enforcement access, including capabilities related to extracting and organizing information,” the letter states.
Ottawa has said that obligations for information to be accessible in such a way is necessary because of modern encryption and technical complexity, requiring that service providers be willing and able to grant access when a court has ordered it.
“Canada is far behind our most important allies. Our laws are stuck in another century while technology has moved forward,” Anandasangaree said in promoting the bill.
Requests
The letter calls for stricter oversight mechanisms in the bill and a stronger role for the privacy commissioner.
“There is no independent assessment of the necessity and proportionality of particular orders before they take effect, and no meaningful role for the Privacy Commissioner of Canada,” the letter states, calling for specific revisions of the bill to ensure it complies fully with constitutional rights.
“Canadians deserve privacy protections that are consistent with the Charter and with the values that the Supreme Court of Canada has consistently affirmed.”
The Lawful Access Act, Bill C-22, passed second reading in the House of Commons on April 20 and is now under study at the House Standing Committee on Public Safety and National Security. It is still open to amendment and has not yet reached the report stage, third reading, or consideration for Senate approval.
Friends Read Free
Copy
Facebook
Tweet
