In celebration of International Right to Know Day, September 28^th, the Privacy and Access Council of Canada (PACC-CCAP.ca), the leading national association of access and privacy professionals in Canada, joined a global coalition of civil society organizations and concerned citizens in issuing a joint letter calling on Treasury Board President Scott Brison to provide meaningful reform of Canada’s access-to-information regime.

The signatories — who are committed to ensuring a strong access to information system in Canada and share the concern that Bill C-58 does little to fix the many systemic problems in the current access-to-information — call on the government to withdraw the government’s inadequate Access to Information Act (ATIA) reform legislation, Bill C-58, and introduce a bill that provides a genuine and effective right to access information held by public authorities.

The government’s proposed reforms fail to address a number of serious problems in the Act, which is now almost 35-year old. The bill does nothing to narrow the broad exemptions that allow federal agencies to keep information secret, impose a duty for public authorities to document important decision-making processes, or expand the limited scope of coverage of the Act. The bill also fails to extend the ATIA to the Offices of the Prime Minister and Ministers, as promised by the Liberal party during the 2015 federal election.

Privacy and Access Council of Canada president Sharon Polsky, MAPP, notes that members are concerned that Bill C-58 will further undermine access-to-information. “Bill C-58 expands the broad discretion of public authorities to avoid responding to requests by allowing the heads of public bodies to characterize access requests as vexatious or frivolous,” notes Ms Polsky, “and that gives the heads of federal public bodies the power to disregard access requests — strengthening the already opaque shield against access that is contrary to the intent of the legislation and undermines democracy.”

The coalition calls for a bill that include the following changes to enable Canadians to obtain the information they need to participate meaningfully in democratic processes, while also holding Canada’s public officials and Members of Parliament accountable:

• Deliver on the promise to expand the scope of the Act to cover the Office of the Prime Minister and Ministers’ Offices by allowing individuals to make requests for information from these bodies, as they may do with other public authorities, while retaining the proposed proactive publication obligations.
• Introduce a formal duty to document for all public authorities, and require them to preserve records of their decision-making.
• Implement a robust system for limiting the discretion of public authorities to extend the time limits for responding to requests and formalise in law the fee waivers contained in the May 2016 Interim Directive on the Administration of the Access to Information Act.
• Ensure that exceptions and exclusions to the right of access are narrowly defined and subject to both a test of actual harm and a mandatory public interest override.
• Give the Information Commissioner binding, enforceable order powers over all complaints regarding requests for information. This was one of the few significant reforms included in Bill C-58, and it should be retained.

Coalition members are calling on Canadians to sign an online petition calling on Minister Scott Brison to scrap Bill C-58 and write a new bill that respects the public’s right to know.

Signatories,

Organisations:

AMINA Corp.

Amnesty International Canada (English Branch)

Atlantica Party

British Columbia Civil Liberties Association (BCCLA)

British Columbia Freedom of Information and Privacy Association (BC FIPA)

Canadian Association of Journalists (CAJ)

Canadian Council for International Co-operation (CCIC)

Canadian Federation of University Women (CFUW)

Canadian Journalists for Free Expression (CJFE)

Canadian Taxpayers Federation

Canadians for Accountability

Centre for Law and Democracy (CLD)

Department of Women’s and Gender Studies, University of Regina

Committee to Protect Journalists (CPJ)

Ecology Action Centre (EAC)

Fédération professionnelle des journalistes du Québec (FPJQ)

Greenpeace Canada

International Civil Liberties Monitoring Group

Isomer Design

Lawyer’s Rights Watch Canada (LRWC)

Ligue des droits et libertés

MiningWatch Canada

OpenMedia

Open North

Our Right to Know

Pen Canada

Privacy and Access Council of Canada — Conseil du Canada de l’Accès et la vie Privée (PACC-CCAP)

Queer Ontario

Reporters Without Borders (RSF)

Research and Education for Solutions to Violence and Abuse (RESOLVE), Saskatchewan

Rideau Institute

RightOnCanada.ca

Rocky Mountain Civil Liberties Association (RMCLA)

Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC)

Voices-Voix

Individuals:

Elizabeth Ball, Academic Librarian (retired)

Donna Bowman, Librarian

Bruce Campbell, 2016 Law Foundation of Ontario, Leadership in Justice Fellow

Stephen Chapman, Isomer Design

Ann D. Cooper

Phyllis Creighton, Order of Ontario

Lisa Di Valentino, Law and Public Policy Librarian, University of Massachusetts

Mary Francoli, Associate Professor, School of Journalism and Communication, Carleton University

Michael Geist, Canada Research Chair in Internet and E-commerce Law, University of Ottawa

Dr. Brydon Gombay, Community Psychologist

Carla Graebner, Librarian for Research Data Services and Government Information, W.A.C. Bennett Library, Simon Fraser University

Larry Hannant, PhD historian, University of Victoria

Dr. Steve Hewitt, Senior Lecturer, University of Birmingham

Laverne Jacobs, Associate Professor, Faculty of Law, University of Windsor

Vincent Kazmierski, Associate Professor, Department of Law and Legal Studies, Carleton University

Gregory S Kealey, Professor Emeritus, University of New Brunswick

Abby Lippman, Professor Emerita, McGill University

Claire McNeil, Dalhousie Legal Aid Service

Eugen Melinte, M. Eng

Sharon Polsky, MAPP, Data Protection Advocate & Privacy by Design Ambassador

J.M. Porup, Editor, MuckRock Canada

Marian Ramage, Brandon, Manitoba

Teresa Scassa, Canada Research Chair in Information Law, University of Ottawa

Jacquelyn Shaw

Tania Thomas, Youth Services Librarian – Outreach to Newcomer Families, Surrey, British Colombia

Stanley Tromp, Journalist and Author

-30-

The Privacy and Access Council of Canada (PACC-CCAP.ca) joined 40 organizations and individual experts from across Canadian civil society in issuing a joint letter to the Hon. Minister Ralph Goodale, the Hon. Minister Jody Wilson-Raybould, and the Hon. Minister Ahmed Hussen detailing concerns with Bill C-59, An Act respecting national security matters.

Introduced after last year’s extensive public consultations in which Canadians overwhelmingly made clear they wanted the government to overhaul Bill C-51 (the former government’s controversial anti-terrorism law), Bill C-59 is a good first step toward improving the national security regime. The signatories all share the concern that Bill C-59 does not provide the essential elements necessary to ensure that Charter-protected and internationally recognized rights and freedoms are at the core of Canada’s national security framework.

Not only does Bill C-59 fail to reverse the legacy of its unpopular predecessor, Bill C-51, but it creates additional problems as well. While all Canadian laws must comply with the Charter, Bill C-59 allows intelligence agencies to engage in conduct that threatens freedom of expression, freedom of association, privacy, and public safety — contrary to Supreme Court decisions that placed limits on the excessive activities of our country’s spy agencies.

“Bill C-59 would legalize state-sponsored hacking and other illegal conduct, jeopardizing private communications and compliance with the country’s privacy and access laws,” said Sharon Polsky MAPP, President of the Privacy and Access Council of Canada. “Moreover, Bill C-59 offers no guarantee that the government will protect encrypted communication technologies which are essential for PACC members and organizations across the country to be able to comply with the country’s many privacy and access-to-information laws and their professional obligations.”

Bill C-59 introduces some improvements to our national security framework and creates important new oversight bodies to review and control national security activities, but It also offers little assurance of genuine transparency or accountability about criminal activities it will legalize. Equally troubling is the absence of any commitment to fund the oversight bodies, leading Canadians to wonder how sincere the government is about ensuring effectiveness and genuine accountability.

PACC and the other signatories also point to a number of specific aspects of Bill C-59 that require serious attention and meaningful change, including:

• The newly-renamed Security of Canada Information Disclosure Act still permits far too much information to flow between too many departments, and to further concerning objectives;
• The no-fly list still lacks adequate due process while proposed redress mechanisms remain unfunded;
• The bill fails to reverse the low threshold Bill C-51 set for terrorism peace bonds;
• The preventative detention powers introduced in 2001 are still in place and remain deeply problematic;
• The risk for abuse of CSIS disruption powers is reduced, but the government has yet to demonstrate either their necessity or constitutionality;
• The newly created oversight agencies lack the guarantees necessary to ensure their effectiveness;
• The general risk that our security activities will once again contribute to torture remains;
• CSE “active” cyber security powers (i.e. offensive hacking) are introduced without a rationale for their necessity or measures to adequately prevent abuse;
• The new bill fails to reverse the erosion of due process C-51 extended in security certificate proceedings; and
• The bill legitimizes troubling conduct, including mass surveillance by our foreign intelligence agency and extensive data-mining.

The letter, which sets out these and other issues in greater detail, can be found here in English and here in French.

Here is what other signatories have to say about Bill C-59:

“Bill C-59 improves on some, but certainly not all, of the troubling human rights problems that were at the heart of C-51. It also gives rise to new concerns and fails to address longstanding human rights failings that predate C-51. Human rights should be the very foundation to how Canada protects and delivers national security; with C-59 it is clear that there is still more work to be done to get us there.” – Alex Neve, Secretary General of Amnesty International Canada

“Some of the most egregious aspects of C-51 have been tamed, but the new bill still leave a lot to be desired. From no-fly lists to CSIS ‘disruption’ powers, there are many provisions that will need to be amended before C-59 passes.” – Vincent Gogolek Executive Director of the BC Freedom of Information and Privacy Association.

“We’re concerned that Canadians will see the positive aspects of this Bill, such as strengthened oversight of security agencies, and not notice the intrusive powers that it keeps or even strengthens – powers which will dangerously erode civil liberties.” – Kevin Malseed, Inter Pares

“Major parts of Bill C-51 were contrary to the Constitution and common sense. With some improvements in Bill C-59, we are no longer at rock bottom lows for deprivations of our fundamental freedoms. However, amendments that only scratch the surface of oversight of agencies with unprecedented powers will not suffice. More safeguards and accountability measures against abuse of power are required.” – Faisal Mirza, Chair of the Canadian Muslim Lawyers Association

“While Bill C-59 contains many positive changes, including reforming the unconstitutional “terrorist speech” crime, it unnecessarily extends the powers of Canada’s spy agencies in ways that could seriously undermine our privacy and free expression rights.” – Tom Henheffer, Executive Director, Canadian Journalists for Free Expression (CJFE)

At the instigation of the US government, the North American Free Trade Agreement (NAFTA) is about to be renegotiated. NAFTA came into force in 1994 — before computers, smart phones, social media, and advanced analytics were in common usage — and was intended as a vehicle to minimize trade barriers between Canada, Mexico and the United States.

In July 2017, the United States Trade Representative released a Summary of Objectives for the NAFTA Renegotiation which sets out the US objectives — and makes clear that the renegotiation will affect how, where, and by whom information may (and may not) be processed, stored and managed. The list of objectives indicates that the US seeks to reduce “barriers to digital trade” and to:

Establish rules to ensure that NAFTA countries do not impose measures that restrict crossborder data flows and do not require the use or installation of local computing facilities.

The Canadian government will be represented in the negotiations by a “NAFTA Council” that it created, and which is composed of individuals who have impressive track records in industry and the political sphere. The Council is missing key perspectives and representation from the privacy and access profession, and from civil society.

As a voice for privacy and access in Canada that speaks on behalf of its members and other concerned Canadians, PACC seeks input about the impact that proposed NAFTA changes could have on the ability of Canada’s access, privacy, data governance and compliance professionals to fulfill their roles and responsibilities.

This is your opportunity to have your voice heard. Complete the short survey by August 31, 2017 so that we can integrate the results into a single comprehensive report to Government. (Survey site: https://www.surveymonkey.com/r/RSWNDHN)

Your employment or other associations could hamper your freedom to express personal or unpopular views. As an independent organization, PACC is at liberty to convey the views of its members and others.

The survey asks for very basic demographic information, but does not (and will not) seek to identify respondents.

For a copy of the survey results, email NAFTA_at_pacc-ccap_dot_ca with appropriate contact information.

The U.S. Department of Homeland Security (DHS) and The University of Utah invite you to participate in the 2017 National Seminar and Tabletop Exercise for Institutions of Higher Education on October 10-11, at the S.J. Quinney College of Law.

This two-day event will include workshop sessions, a tabletop exercise and an after-action review session on preparing participants to respond to a campus emergency. This year’s event will focus on a failure in campus infrastructure caused by cyber-attack. More detailed information on the specific topics for workshops and the tabletop exercise will be available closer to the event.

The event seeks to provide participants with insight into planning, preparedness and resilience best practices for the academic community. Because emergency planning involves a team of individuals from across an institution, we recommend a team of up to five (5) senior leaders representing various functions (i.e. information technology, security, leadership, public safety, student life, communications, etc.) attend from each institution. Participants also will include representatives from federal departments and agencies that support campus resilience.

Foreign nationals are permitted to attend and participate in this informative and interactive learning event.

This event qualifies for CPD credits applicable toward PACC Professional Certification.

For more information on the National Seminar and Tabletop Exercise for Institutions of Higher Education Series, visit https://dhs.gov/nttx

The Privacy and Access Council of Canada has joined more than 20 other organizations and individuals in calling on the Government of Canada to seize the rare opportunity now available to take a leadership in the Open Government Partnership (OGP).

Accepting a leadership role in the OGP would be a concrete demonstration of the Government’s commitment to being open and accountable to Canadians — a move that would support the important and challenging work carried out by PACC members and other access and privacy professionals in private sector, public sector, and non-profit organizations across the country.

The full text of the letter is below.

10 July 2017

Dear Prime Minister,

We are writing to you as Canadian organisations and individuals who have engaged with the Open Government Partnership (OGP) within Canada and/or internationally and who believe strongly in the importance of the OGP as a forum for advancing transparency, accountability and civic engagement.

We are aware that Canada has been considering playing a more active role in the leadership of the OGP first by acting as a support co-chair for one year and then as the lead country chair for another year. We are also aware that the OGP requires a decision on this imminently, while Canada has been delaying its response.

We urge Canada to take on this important role within the OGP. Although many of us have asked Canada to do better in some of the areas of focus for the OGP, at the same time we are conscious that Canada is well poised to play a leadership role within the organisation. Indeed, Canada is enjoying an unprecedentedly strong global reputation at the moment, and becoming the lead country chair would build on that in ways which would benefit both Canada and other members of the OGP. Globally and within the member countries of the OGP, civil society space is shrinking, and Canada’s leadership to promote inclusion and high quality participation, both at home and abroad, can be of great value to the initiative.

Other countries have made their contribution by acting as chair and it is now Canada’s turn to step up and take on this important global support role. We are willing to work with and support the government in this.

We look forward to hearing a positive announcement from Canada regarding the OGP chair position very shortly.

Signed,

Organisations:

1. Canadian Taxpayers Federation
2. Centre for Law and Democracy (CLD)
3. Open North
4. Powered by Data
5. Privacy and Access Council of Canada – Conseil du Canada de l’Accès et la vie Privée
6. Reboot
7. Rocky Mountain Civil Liberties Association
8. Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC)

Individuals:

1. Ana Brandusescu, Researcher, World Wide Web Foundation
2. Merlin Chatwin, Open Government Consultant, Researcher
3. Rob Davidson, Open Data Institute Ottawa
4. Mary Francoli, Associate Professor, School of Journalism and Communication, Carleton University
5. Jury Konga, Open Knowledge Canada Ambassador
6. Tracey P. Lauriault, Assistant Professor, Critical Media and Big Data, School of Journalism and Communication, Carleton University
7. Panthea Lee, Co-Founder & Principal, Reboot
8. Don Lenihan, Senior Associate, Policy and Engagement, Canada 2020
9. Lindsey Marchessault Open Contracting Partnership
10. Heather Morrison, Associate Professor, School of Information Studies, University of Ottawa
11. Daniel J. Paré, Associate Professor, Department of Communication, School of Information Studies, and Institute for Science, Society and Policy (ISSP), University of Ottawa
12. Sharon Polsky MAPP, Access & Privacy Advisor
13. Teresa Scassa, Canada Research Chair in Information Law, University of Ottawa
14. Claire Schouten, Senior Program Officer, International Budget Partnership
15. Mary-Doug Wright, Information Specialist/Consultant, Apex Information
16. Geoff Zakaib, Executive Director, Open Calgary

Registration is open for the National Privacy & Data Governance Congress being hosted by the Privacy and Access Council of Canada with the support of the Office of the Information and Privacy Commissioner of Alberta, Miller Thomson LLP, Legal Education Society of Alberta, the Runnymede Society, (ISC)², CIPS, CHIMA, and NIHI. The Congress is organized in collaboration with the Rocky Mountain Civil Liberties Association.

From April 5-7, regulatory authorities and thought leaders from industry, government and academia will gather to share insights about technological trends and regulatory developments that affect public and private sector organizations’ efforts to protect data and comply with privacy laws.

The Focus

The Congress theme — A World of Change — will focus on the most critical and timely privacy and data protection issues facing organizations today: those that foretell significant consequences for employers, employees and policy makers. A range of topics will address timely issues affecting employers and employees including:

• Privacy Impact Assessment Fundamentals
• Managing a Data Breach
• Privacy Guidance for Small & Medium Businesses
• Crafting Clear Cloud Computing Contracts
• GDPR and the Death of Privacy Shield
• Urgent Privacy Challenges in the Internet of Things
• Digital Privacy at the Border

Participants

The National Privacy & Data Governance Congress is an important opportunity to increase awareness about the intersection of privacy, security, law and technology. The Congress takes a uniquely multi-disciplinary approach that offers practical guidance that can be put to use right away — to increase skills, minimize risk, and improve compliance.

Lawyers, privacy professionals, access-to-information practitioners, members of the media, civil libertarians, as well as compliance, security, and governance and public policy professionals will find value in the Congress.

How often have you marveled at a child’s cleverness? They quickly catch on to new concepts — whether how to dress their latest doll, ride a bike, or use their parent’s cellphone or tablet. The newfound skills are acquired and honed at the child’s pace, typically with plenty of encouragement but little guidance.

Long before many children are taught about online safety they receive a mobile phone for their own use — and tacit guidance that it’s perfectly fine to reveal their innermost secrets to a smartphone or computer screen. Using FaceTime, Skype or any other videoconferencing system allows children to see and talk with a face on screen. Mommy has said the face is that of Grandma — whom the child might have never met — and the repeated experience inculcates the youngster with the clear knowledge that talking to a face on a computer screen is perfectly fine. Mommy said so.

Another facet of this training — or, more correctly, desensitization — process comes in the form of countless toys armed with digital sensors, microphones and speakers. Imagine how thrilling it will be for any child to be able to talk to their new Hello Barbie doll. No more imaginary friends. Hello Barbie is real.

Like Nest and Alexa that help around the house, Wifi enabled Hello Barbie monitors what’s going on around her. Not only is she among the latest toys that desensitizes children to accept surveillance as the norm, but Mattel continuously updates and enhances Hello Barbie’s vocabulary. Within months of being launched into the market, more than 1700 phrases had been added to Hello Barbie’s voice recognition/response system that is programmed with more than 8,000 lines of dialogue,

By listening to children’s delightful banter Hello Barbie learns everything it can: Her likes and dislikes, her preferences, her family and friends, and the nearby conversations and sounds.

Does Mattel really need to hear, record and retain the conversations from a child’s bedroom or living room? Do parents realize that inviting Hello Barbie and other digital surveillance devices into their home might (and often does) grant virtually unlimited access to their personal information? Perhaps parents are reassured knowing that Hello Barbie has been reviewed by kidSAFE Seal Program and that, like My Little Pony Storybook Collection, it meets minimum standards of online safety and/or privacy.

Like their children, many mommies and daddies (many of whom are teachers!) are baffled why targeted ads appear on their screen so soon after asking ‘Mr Google’ a related question. They marvel at how accurately Google can predict their needs and pander to their predilections; but few appreciate how that came to be.

Although desktop computers became commonplace in the early 1980s — almost 40 years ago — online privacy, safety and digital citizenship remain foreign concepts to many people. The extent of many people’s digital education is the oft-repeated mantra “stay safe online” — which imparts as much knowledge as does tossing one’s car keys to a 10-year-old and urging them to “stay safe out there”.

The parallel to driving is even greater: The time lag between the world’s first practical automobile to be powered by an internal-combustion engine — in 1885 — and the first high school driver’s education course, in 1935, was 50 years. That was long after the first automobile-related fatality was recorded in the United States, in 1899 and only 15 years before the millionth in 1951.

Computers, on the other hand, became commonplace in offices and homes at about the same time that Canada’s Privacy Act and the Access to Information Act were proclaimed, in July of 1983. When dial phones were giving way to push button phones and fax machines were being introduced. The technology-based future that Star Trek predicted a mere 20 years earlier had started to come to life, and moved ahead at light speed.

No need to wait until Stardate 1513.1 in the 23rd century for personal communicators. We carry those already. iPhones. Androids. Galaxies. And we count on our pocket-sized computers for staying in touch in our personal lives, and often for our professional existence as well.

The power and potential of new phones, new apps, and new disruptive technologies offer tremendous potential benefit for people, nations and corporations. But without a clear and correct understanding of how their design can affect people — not just corporate bottom lines or governments’ tax revenues — the trend of ignorance that has been so carefully cultivated will continue. And it is being further entrenched as curricula are updated to include robotics and coding — but not how to evaluate risk or be self-sufficient.

Young coders will soon be able to tinker with the inner workings of computers and apps, but remain ignorant about how to evaluate risk. Governments, lawmakers and lobbyists know that there is great utility in ignorance. Perpetuating ignorance is important to ensuring people continue to be reliant on third parties. It’s also important to ensure they are unable to link the cause and effect of their new apps that transmit personal information and health data to nameless, faceless corporations that promise to provide a better user experience.

Perhaps that’s why, for all the breaches that have occurred, despite the billions of dollars devoted to developing and promoting security and privacy safeguards, there’s been precious little improvement. Breaches — that continue to occur with increasing frequency and impact — have been used as justification for new apps and laws ostensibly to help protect people from their own ignorance — but not for new education enabling people to be knowledgeable and self-sufficient about computer technology.

Like youngsters who grow up with their head under the hood of a car and can adjust a car’s fuel injectors, but don’t know the rules of the road, it’s an accident waiting to happen.

Depending on one’s perspective, it’s all very discouraging or very, very motivating indeed!

The Privacy and Access Council of Canada (PACC) will be participating in the Canadian Cybersecurity Alliance (CCA) / Alliance canadienne sur la cybersécurité (ACC). The CCA-ACC (originally initiated as the Inter-Association Working Group on Cyber Security – IAWGCS) is a voluntary, non-hierarchical, not-for-profit agile network, founded by Grant Lecky in 2013. The primary purpose of the CCA-ACC is to enhance the professionalization of the Canadian cyber domain through effective inter-association engagement and knowledge-sharing.

To date, more than 90 associations with a stake in cyber security have confirmed their participation in the CCA-ACC, making this initiative unprecedented in both scale and scope. Each of the participating associations contribute their own unique perspective on the Canadian cyber landscape.

The CCA-ACC is administered by a National Council, whose role includes maintaining the structure of the CCA-ACC itself, and facilitating inter-association dialogue.

PACC President Sharon Polsky, MAPP, will be the primary association representative to participate on behalf of PACC.

The Alliance is a national network that contributes to an increased understanding of the current state of cybersecurity in Canada, and the identification of future directions for research, education, dialogue and professionalization of the domain.

Alliance members include the Canadian branch of the High Technology Crime Investigation Association,  the Canadian Centre for Cyber Risk Management,  Gaming Security Professionals of Canada, the Canadian branch of the International Information System Security Certification Consortium (ISC2),  the Association de la sécurité de l’information du Québec (ASIQ), the Ottawa Area Security Klatch (OASK), the Canadian Association of Petroleum Producers, The Canadian Gas Association, the Canadian Advanced Technology Association (CATA), the Cloud Security Alliance (Canada), the Canadian Information Processing Society (CIPS) , National Cyber-Forensics and Training Alliance Canada and others.