News
12 min

The Conservative surveillance bill that will invade your privacy

Guess who has eyes for you

Ten months after dropping its contentious internet predator bill, the Harper Conservative government introduced an equally contentious cyberbullying bill that critics say will invade your privacy. Credit: Xtra files

“He can either stand with us or with the child pornographers.”

With that infamous statement, former public safety minister Vic Toews sparked an inferno of public outrage in 2012 against the controversial Bill C-30, which ostensibly promised to protect children from internet predators.

Twelve months later, the Harper government dropped the bill after its first introduction to the House of Commons. Then-justice minister Rob Nicholson said it was dead and wouldn’t be coming back.

“We will not be proceeding with Bill C-30, and any attempts that we will continue to have to modernize the Criminal Code will not contain the measures contained in C-30,” he promised reporters in February 2013. “We’ve listened to the concerns of Canadians, who have been very clear on this.”

The Conservative government kept that promise for almost 10 months. In November 2013, Justice Minister Peter MacKay resurrected parts of Bill C-30 and slipped them into the newly packaged Bill C-13, this time under the auspices of combating cyberbullying. Opponents are concerned that these bills will allow the government to invade your privacy. The truth is, it’s been happening for years.

* * * *

The federal government asks Canadian telecommunications companies for private customer information an average of 1.2 million times a year, according to documents released in April by the federal privacy commissioner. Those numbers were obtained by the commissioner’s office in 2011 and represent the responses of nine telephone and internet companies that “represent a substantial proportion of Canada’s telecommunications customer connections.”

The nine companies provided their responses in aggregate through an intermediary law firm so that none of their answers could be attributed to any individual company.

From those 1.2 million requests, the telecoms handed over private customer information at least 784,756 times. The real number is likely higher, since only three of the nine companies disclosed how many times they had complied with government requests. It’s also unknown how many of those requests were made without warrants.

In March, the House of Commons also learned that the Canada Border Services Agency (CBSA) made 18,849 requests for customer data between April 1, 2012 and March 31, 2013. Of those, the majority were requests for “basic subscriber information,” and 99 percent of them were provided without warrants. That basic subscriber information includes names, addresses, telephone numbers, email addresses, internet protocol addresses and local service providers.

Other information requested by the CBSA included geolocation (cellphone tower locations), call detail records (date/time of calls, calling number, called number, redirecting number, length of call), text message content, voicemails, cell tower logs, websites visited and personal identification info like dates of birth. In all but 13 of the cases, the individual customers were not notified that their information had been accessed.

The CBSA disclosure came after NDP MP Charmaine Borg made an official inquiry in Parliament as to how, why and how often federal agencies accessed Canadian telecom data.

The Canadian Security Intelligence Service (CSIS) and the Royal Canadian Mounted Police (RCMP) did not disclose how many requests their agencies had made. The RCMP said they were unable to answer because they don’t keep centralized records of the requests they make to telecoms. CSIS also declined to answer Borg’s questions.

“For reasons of national security and to protect CSIS’ ability to collect intelligence and provide advice to Government, CSIS does not disclose details of its operations and tradecraft,” their written response explained.

In January, the CBC reported that classified documents released by American whistleblower Edward Snowden showed that Canada’s electronic spy agency tracked thousands of airline passengers for days after they left a Canadian airport by using WiFi information from their wireless devices.

Despite these revelations, the Conservative government insists that concerns over invasions of privacy are unfounded and that Canadians have nothing to worry about.

“What we do say is that privacy laws are respected by the government,” Prime Minister Stephen Harper told the House of Commons in April.

“Law enforcement and other investigative agencies always seek warrants when they are required to do so,” he continued. “There is independent surveillance, independent oversight, to make sure that these laws are respected.”

The government maintains that while warrants are needed to read the contents of emails and texts, or to listen to voicemails, they aren’t needed for what they claim is information more akin to what might be written on the outside of an envelope or in a phonebook.

Critics aren’t so quick to dismiss the importance of snooping through our digital crumbs.

* * * *

When we use telephones, mobile phones, desktop computers, laptops, tablets or other computing devices, we leave behind a digital trail of metadata. Metadata is information about other information. It’s the data created by communications devices and telecom service providers.

In her paper “A Primer on Metadata: Separating Fact from Fiction,” Ontario’s privacy commissioner, Ann Cavoukian, explains the significance of these digital crumbs.

“Metadata includes information that reveals the time and duration of a communication, the particular devices, addresses, or numbers contacted, which kinds of communications services we use, and at what geolocations. And since virtually every device we use has a unique identifying number, our communications and internet activities may be linked and traced with relative ease — ultimately back to the individuals involved,” she writes.

Government officials in both Canada and the US have repeatedly defended the collection of this information as “only metadata.” Their position is that while the content of emails or phone calls should be private, the rest is fair game.

But many experts argue that metadata is far more revealing than the actual content of our calls and emails. Even supposedly aggregate metadata isn’t that anonymous. A 2013 MIT study showed that only four time-and-location data points were needed to uniquely identify someone in 95 percent of cases.

Sometimes whom you call is just as revealing as what you’re saying. What if you call a rape hotline, a domestic violence hotline, an addiction hotline or a support line for gay teens?

What secrets would your cellphone reveal about you right now? What about your internet history? The more data someone can access, the more that person can learn about you. In isolation, a few bits of data may not say much, but start to piece them together and they begin to paint a vivid picture: where you live, what time you wake up, what time you leave for work, where you work, how you get to work, who your friends are and how often you talk to them, how close you are with your family, what time you go to bed.

When you then pair that information with a second or third person’s data, that image can reveal much more.

If your phone spends every night at the same location as another phone, then it likely indicates you have some kind of relationship with the other phone’s owner.

If you make a call to a gay men’s health centre and then later that week your phone visits that centre, what could that say about you? Or if you start making regular phone calls to a doctor who specializes in HIV, or one who specializes in cancer? Or if you visit a psychiatrist frequently?

What if you’re making late-night calls to someone who isn’t your spouse?

If every Saturday night you visit a gay nightclub and afterward your phone spends the night at a different location, never at the same place twice, what could someone infer about you or about your personal life? What could they infer if you never call back the people at whose places you stayed overnight?

Do you use any dating or hook-up apps? OkCupid? Grindr? Squirt? Scruff? All of the above? How often? Whom do you communicate with? Do you have a type?

Now take all that information and combine it with your internet history. Which news sources do you read? The National Post? Sun News? The Globe and Mail? Do you visit gay-themed websites?

What about porn? Do you have specific tastes or fetishes? Twinks? Bears? Twinks who dominate bears? How often do you watch porn and for how long?

Privacy experts say that all sorts of details about people’s personal lives can be inferred by where they go and how they interact with others, both in person and online: including but not limited to health/medical history (abortions, HIV status), sexual orientation, sexual practices, religion and politics.

The futurists who predicted Orwellian government-owned surveillance were partially wrong. Governments don’t need to create their own massive surveillance apparatus when they can just compel corporations to turn over what they know about their customers.

In this current data age, information has become a valuable and monetized commodity to big business. Many companies you deal with — from the supermarket to your bank — collect swathes of information about you so they can learn how to make more money from you. But once that information is in the hands of corporations, it takes only a short jump for governments to access it as well.

* * * *

Not surprisingly, Bill C-13 and its predecessor, Bill C-30, have awoken opponents from all directions of the political spectrum. Even after public outrage forced the government to kill Bill C-30, privacy advocates remained on guard that the Conservatives would try again.

Last fall, more than 50 Canadian organizations joined the Protect our Privacy coalition, under the coordination of openmedia.ca. Members include the right-leaning Canadian Taxpayers Federation and the Canadian Constitution Foundation, as well as a slew of more progressive groups, including Xtra’s publisher, Pink Triangle Press (PTP).

“More than ever, Canadians need strong, genuinely transparent, and properly enforced safeguards to secure privacy rights. We call on Government to put in place effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities,” the coalition’s founding statement reads.

When the controversial Bill C-30 was first tabled, it was briefly called the Lawful Access Act before being retitled the Protecting Children from Internet Predators Act. But aside from the title, the bill didn’t actually include any mention of children or predators.

So when MacKay introduced C-13, the Protecting Canadians from Online Crime Act, last November, championing it as a much-needed tool to combat the scourge of cyberbullying, for many privacy advocates there was a distinct sense of déjà vu.

“[Cyberbullying] is clearly a case of the worst form of harassment, intimidation and humiliation of young people, which resulted in a feeling of hopelessness, that there was no other way out, and they took their lives,” MacKay told Parliament.

Openmedia.ca’s executive director, Steve Anderson, welcomes the sections of the bill directed at cyberbullying but says there’s little in the bill to address it. Instead, he says, the bill focuses, once again, on government access to private information.

“There are proposals in this legislation that are common sense and that nobody would disagree with. Yet by having most of this legislation consist largely of failed online spying proposals that Canadians have already clearly rejected, the government is doing great disservice to an issue many citizens care deeply about,” Anderson said in a press statement.

“Our consultation with legal experts suggests that this legislation could enable state authorities to force telecoms to keep our sensitive private information in giant unsecured databases,” he said. “What’s more, it could give a range of authorities access to the private lives of almost any Canadian, even if they are not suspected of any wrong doing. It could open the door to suspicionless surveillance. That why it’s so important that the government address the concerns Canadians have by strengthening the privacy safeguards in this draft legislation and removing all the off-topic content.”

NDP justice critic Françoise Boivin worries that the Conservatives are using a popular and sensitive issue to shield some of the bill’s other provisions from criticism.

“Nobody is against giving better tools to the police to make sure there is no cyberbullying happening,” Boivin tells Xtra. “But that bill is so much more than that.”

She accuses the Conservatives of stonewalling critics’ valid concerns about privacy intrusion.

“With this government it’s so hard to get the actual answers,” she says. “It’s more like [they’re] laughing at the opposition for even raising the issues.”

* * * *

The government claims that Bill C-13 is entirely different from its predecessor and that the contentious portions have been removed.

Xtra’s request for an interview with Justice Minister Peter MacKay was declined. Instead, a spokesperson provided links to an online statement called “Myths and Facts.”

According to the Department of Justice, “The Bill does not contain the former Bill C-30’s controversial amendments relating to warrantless access to subscriber information and telecommunication infrastructure modification. It simply aims to provide police with the necessary means to fight crime in today’s high-tech environment while maintaining the judicial checks and balances needed to protect Canadians’ privacy.”

Two of the most controversial elements from C-30 — warrantless mandatory disclosure of basic subscriber information and the requirement for telecoms to build intercept capabilities in their systems — have been removed. Privacy advocates like Michael Geist still say that C-13 should raise alarms for Canadians. A University of Ottawa law professor, Geist is one of the country’s leading experts in internet law.

“We now know that many of the kinds of surveillance capabilities that I think people were envisioning and concerned about, when they were thinking about Bill C-30, may already be in place,” Geist says.

He notes that the government has been trying to introduce similar and related measures for years; first under the spectre of fighting terrorism, then combating spam, then child endangerment and now cyberbullying.

According to Geist, Bill C-13 has two significant issues that would affect Canadians’ privacy. First, it lowers the evidentiary bar for the government to get a warrant for your metadata. Under C-13, these warrants would be available if officials have “reason to suspect” that an offence has or will be committed, instead of the current “reason to believe.”

Second, it grants immunity to telecoms that provide your personal information voluntarily. As it stands now, companies can either provide your information voluntarily during a normal police investigation or they can tell police that a warrant is needed before they will cooperate. This immunity would eliminate the threat of lawsuits launched by consumers concerned about their privacy and essentially give corporations no reason not to hand over your information when requested by the government.

Ken Popert, the president and executive director of Pink Triangle Press, thinks that gay Canadians should be especially concerned about the government’s push for increased spying powers.

“The deeper issue here is that the whole politics of equality do not address the content of our sexual and emotional lives, and those are the things that remain vulnerable to surveillance abuse,” he told Xtra in October.

“There is a reason why Facebook has privacy settings and a reason why people use them,” he continued. “The very fact of what Grindr actually is would upset a lot of straight people if they understood it. It’s treated in the press as a humorous thing in a way but could be put to other purposes.”

Popert thinks the mere suggestion of surveillance could scare people into silence. “We belong to a community that has a long history of being subjected to unbenevolent surveillance by government agencies,” he points out. “Now they want to keep an eye on everyone, not just us.”

“There’s a deeper question of why the government wants to know anything about us, let alone to the extent it seems it’s willing to go into the details of our personal lives,” he says.

He dismisses the common argument that only people who have done something wrong should be worried about heightened government surveillance.

“Anybody who says that sincerely is stupid, and I think that an awful lot of people just say it cynically as an easy way of characterizing people who are opposed to this kind of surveillance as having criminal intentions,” he says.

“What you think is wrong might not be the same as what the government thinks is wrong,” he notes. “There’s an awful lot of things that aren’t wrong that we do that we might not want everyone to know about.”

He also worries about the potential for abuse by individual police or government employees who could use the system for their own personal gain, pointing to recent instances of police officers caught using databases to spy on former romantic partners.

* * * *

Bill C-13 made it through its second reading in Parliament at the end of April and is now under the scrutiny of the House’s justice committee.

Earlier this year, MacKay told reporters that he hopes the new bill will pass this spring and become law before Parliament recesses near the end of June. While that timeline may be overly ambitious, the government has indicated that it’s willing to extend Parliament’s sitting hours to prioritize its passage.

So far, MacKay has shown no signs of willingness to amend or remove the bill’s most contentious components. 

* * * *

Tips to remain anonymous online

Between the potential threats of government surveillance, criminal hackers and corporations, protecting your online privacy can seem like a daunting task (especially if you’re starting from scratch). Here are four beginner tips to start shielding your data from prying eyes. 

1. Use a personal virtual private network (VPN)

For a monthly fee, you can subscribe to a VPN service, which creates a secure tunnel online between the VPN server and your computer or device. It masks your IP address and encrypts all your internet activities. Any websites that you visit will see the IP address of the VPN server and not yours. It also allows you to use public WiFi safely. Be sure to do some research to find a provider within your budget that doesn’t keep logs of your activity and will protect your anonymity.

2. Disable GPS and WiFi on your phone until you need them

While your cellphone company can figure out your approximate location using cell towers, GPS can provide your exact location. When WiFi is enabled on your phone, it broadcasts detailed information about your device, so turn it off when you’re not using it.

3. Stop using public WiFi

While public WiFi may be convenient and free, it also leaves your information vulnerable to hackers. Never ever use public WiFi to access private information such as banking, social media or email.

4. Reconsider what you share on social media sites

Facebook’s entire business model is based on collecting and using your personal information, and if they have it, then they can share it with the government. If you’re not prepared to give up all social media just yet, then do your best to stay anonymous. Use pseudonyms when you sign up to make it harder for searchers to find you. Also, create a new email account for each website you join, so all your accounts can’t be connected or identified through a common email.