The government is moving to eviscerate political party privacy in Canada as it fast tracks Bill C-4, proposed legislation framed as implementing affordability measures, but which also exempts political parties from the application of privacy protections on a retroactive basis dating back to 2000. The government moved to end second reading debate yesterday without a single Liberal MP speaking to the privacy provisions in the bill and is seeking to fast track hearings in the Senate so that it can be passed before Canada Day. The provisions give political parties virtually unlimited power to collect, use and disclose personal information with no ability for privacy commissioners to address violations. The bill drops earlier proposed requirements to disclose security breaches and restrict selling Canadians’ information and it blocks the application of provincial privacy laws. The bill’s provisions set a privacy standard for political parties (effectively limited to merely disclosing their privacy practices) that would be unthinkable for the private sector and establishes an unprecedented back-to-the-future approach of wiping out any potential accountability dating back decades.
News
Why the Government’s Plan for Warrantless Access to Internet Subscriber Information Will Lead to Millions of Disclosure Demands Each Year
The government’s plan for warrantless disclosure of Internet subscriber information is rightly attracting increasing attention as sneaking lawful access provisions into a border bill raises significant privacy concerns. As I pointed out last week, Bill C-2’s new “information demand” power – which can be used by a wide range of enforcement agencies over literally any potential offence of any Act of Parliament – is certain to spark a legal challenge given the Supreme Court of Canada’s previous decisions in Spencer and Bykovets. While the government has tried to paint the information at stake as “phone book” information with little privacy value, the reality is far different. The information demand includes whether the provider provides or has provided services to a particular subscriber or client, or to any account or identifier, whether there is transmission data on hand (who was the person communicating with and what apps were they using) as well as where and when the service was provided. The information demand can also cover when service began, when it ended, and what other communications services are used by the subscriber. The specific content would require a warrant, but all of this data, which can be very revealing, would be available without judicial oversight. Further, providers would be prohibited from disclosing the disclosure for a year and would receive legal immunity if they voluntarily provide the information without even requiring an information demand request.
What Is With This Government and Privacy?: Political Party Privacy Safeguards Removed in “Affordability Measures” Bill
Fresh off Bill C-2 and lawful access provisions buried in a border safety bill, the government has now quietly inserted provisions that exempt political parties from the application of privacy protections in Bill C-4, an “affordability measures” bill. The provisions, which come toward the end of the bill, are deemed to be in force as May 31, 2000, meaning that they retroactively exempt the parties from any privacy violations that may date back decades. The ostensible reason for the provisions is a B.C. case that applied provincial privacy law to federal political parties. I discussed the case with Colin Bennett in this episode of the Law Bytes podcast in 2023. The government is now seeking to render that case moot and provide all political parties with an effective exemption from any privacy laws other than measures found in the Elections Act. An appeal of the B.C. case is scheduled to be heard later this month.
More Than Just Phone Book Data: Why the Government is Dangerously Misleading on its Warrantless Demands for Internet Subscriber Information
Government and law enforcement justifications for warrantless access to Internet subscriber information has long been defended on the grounds that the information being demanded carries little privacy interest. The go-to claim was always that it was “phone book information”, a reference to the largely discontinued practice of printing an annual public directory that included name, address, and phone number. The problem with that argument was that the information at issue included data points such as IP addresses and device identifiers, which could be used to track users and monitor online activity without a warrant. Moreover, linking a specific user to a specific IP address or other identifier effectively unlocks the door to potentially very sensitive information that is otherwise unavailable. Indeed, there is a reason that law enforcement logged over a million warrantless requests per year for basic subscriber information prior to the Supreme Court shutting down the practice.
Privacy At Risk: Government Buries Lawful Access Provisions in New Border Bill
The government yesterday introduced the Strong Border Act (Bill C-2), legislation that was promoted as establishing new border measure provisions presumably designed to address U.S. concerns regarding the border. Yet buried toward the end of the bill are lawful access provisions that have nothing to do with the border. Those provisions, which raise the prospect of warrantless access to information about Internet subscribers, establish new global production orders of subscriber information, and envision new levels of access to data held by electronic service providers, mark the latest attempt in a longstanding campaign by Canadian law enforcement for lawful access legislation. Stymied by the Supreme Court of Canada (which has ruled that there is a reasonable expectation of privacy in subscriber data) and by repeated failures to present a compelling evidentiary case for warrantless access, law enforcement has instead tried to frame lawful access as essential to address everything from organized crime to cyber-bullying to (now) border safety. Much like the government’s overreach last year on online harms, Bill C-2 overreaches by including measures on Internet subscriber data that have nothing to do with border safety or security but raise privacy and civil liberties concerns that are bound to spark opposition. This post provides the background on lawful access and an overview of some Bill C-2’s provisions with more details on key elements to come.