Privacy update past due

Late last month — when the nation’s news cycle was still nothing but pandemic, economic grief and grisly U.S. presidential politics — the Alberta Court of Appeal issued a decision that really should have gotten more attention than it did.

In R. v. Canfield, the court found that the Canada Border Services Agency violated the section 8 Charter rights of two men charged with child pornography offences when its agents searched their phones at the Edmonton International Airport. And while the court concluded the evidence gleaned from those searches should stand in this case, it ruled that the CBSA could no longer treat personal electronic devices as “goods” under section 99(1)(a) of the Customs Act — objects that border officials are permitted to search without citing grounds.

“It’s finally addressing at court of appeal level … the sheer ability of customs and border officials to search your cellphone without any grounds at all. Not even reasonable suspicion,” Leah West, a lecturer on national security law at the Norman Paterson School of International Affairs, told an Oct. 30 CBA online panel discussion on national security, law enforcement and privacy.

The decision is interesting for two reasons that go beyond its content. First, it’s a rare case of a lower court revisiting a Supreme Court of Canada decision — one that pre-dated the appearance of modern cellphones. Second, it’s another instance of a Canadian court suspending a declaration of invalidity for a year — long enough (one hopes) for the federal government to change the law.

It’s a neat illustration of the theme of West’s panel discussion with University of Ottawa law professor Craig Forcese — the failure of privacy law in Canada to keep pace with developments in the real world. It took the Customs Act decades to fall in line with the privacy expectations attached to smartphones. All across the nexus of privacy and national security law, said Forcese and West, the federal government has a lot of catching up to do.

“We have really outdated, antiquated legislation on the books that doesn’t really … reflect current technology,” said West. “If we don’t act, we’re going to be forced to leave the courts to wrestle with all of this … [and] they are not really best placed to be dealing with this.”

Forcese agreed, saying that the Canadian habit of being “reluctant legislators” has left the country with laws in the privacy-national security field that haven’t kept pace with the flood of personal data generated by modern devices.

“The Privacy Act is itself an instrument of … an analog generation, not a digital generation,” he said. Case in point: the law is silent on what Forcese calls “mosaic profiles” — collections of individual pieces of metadata that don’t attach to an individual but, collectively, “do build up a clear picture of an individual.”

“It’s not at all clear that the act applies to those crumbs,” he said.

In general, said Forcese, the Privacy Act is far too vague for an online world. It covers the collection, use and sharing of personal information — “but it’s quite opaque,” he said. The courts have read guidance into the section on information collection over the years, he said, but “there’s just not enough detail in the act itself — a lack of protocol when it comes to who can share and receive such information, who has authority.”

Those defending the current legal structure surrounding national security and privacy law tend to point to the establishment of the National Security and Intelligence Review Agency — NSIRA — as a major advance on past oversight models. And while NSIRA has far more scope than the old Security Intelligence Review committee did, both Forcese and West warn that politicians and the public may be expecting too much of the watchdog body.

“Like every ex-post-facto assessment, the review bodies are dwarfed in size and scale by the agencies they review,” said Forcese, who sits on the NSIRA panel. He said NSIRA has a “triage” system to decide which aspects of intelligence and security operations to examine — but that means acknowledging that NSIRA can’t be everywhere at once.

“We have offloaded a whole lot onto NSIRSA,” said West. “We’ve given our agencies new powers with the expectation that it’s okay — that NSIRA will act as a check. Transparency about what NSIRA can accomplish is also really, really important.”

Some problems are too ingrained to be fixed with cash or tweaks to a mandate, however. The perennial conflict in the national security field is between intelligence agencies gathering intelligence and police agencies collecting evidence. The intelligence sector will be reluctant to turn over information and sources to the police if it suspects they might be blown in open court.

Such conflicts are supposed to be worked out through the Evidence Act, which tasks the federal court with reviewing any declarations of privilege by the attorney general. West said the process could be made easier for all by leaving it to the criminal court.

“I would like to see an end to the bifurcation between the federal and criminal courts,” she said. “When the attorney general claims privilege, it’s reviewed by the Federal Court, which leads to delays and opportunities for defence counsel to make things uncomfortable for the security services.

“Give the responsibility to review over to the trial judge, and you streamline the process.”