Monday, December 30, 2013

Getting the facts straight as we rush to legislate cyberbullying

Over the past number of months, Halifax Chronicle Herald reporter Selena Ross has been researching the failure of the authorities to lay any charges in the Rehtaeh Parsons case (until political pressure resulted in the case being reopened). This past week, she published her findings into the police investigation and the crown's refusal to lay charges. The fact that it has taken months to get this level of information speaks volumes. They also make depressing reading.

The tragedies of Rehtaeh Parsons and Amanda Todd galvanized attention on the issue and lawmakers have swung into action by passing laws to address it. First, we saw the Cyber-safety Act in Nova Scotia and more recently the federal Conservative government introduced Bill C-13, Protecting Canadians from Online Crime Act. The Nova Scotia statute creates a CyberScan unit, headed by a former cop, to investigate cyberbullying, allows for anti-cyberbullying orders and allows victims (with their parents permission) to sue cyberbullies. The proposed federal legislation makes it a crime to distribute intimate images without consent.

When these laws were introduced, there was much self-congratulatory back slapping about how we are finally doing something, with the clear implication that these laws would have saved the lives of Rehtaeh Parsons and Amanda Todd, if only they’d been in effect earlier. That is simply not true.

Rehtaeh Parsons and Amanda Todd died because the police and the prosecutors did not use the laws that existed to seriously investigate the crimes that they were already the victims of. Making up new crimes may be a useful endeavour, but saying that it was the absence of laws like these that was responsible for these horrendous tragedies is an outright lie.

Amanda Todd was the victim of extortion, harassment, and child pornography at the hands of an adult online and her peers. All of these were crimes the day she was born and continued to be crimes the day that she died. The Royal Canadian Mounted Police failed to investigate, failed to prosecute and failed to give her hope for justice. The British Columbia agencies charged with protecting children in the province failed her as well.

Rehtaeh Parsons was the victim of sexual assault, harassment, child pornography and voyeurism offences at the hands of her peers. All of these (other than the voyeurism offence) were crimes the day she was born and and all were crimes the day that she died. The Royal Canadian Mounted Police and the Halifax Regional Police Service failed to adequately investigate, failed to prosecute and failed to give her hope for justice.

Instead of stepping up and taking responsibility for the horrendous failure of those who are charged with protecting children, investigating and prosecuting crimes, police agencies and the politicians to whom they report have shrewdly deflected the attention of the media and the public towards new initiatives under the clear implication that it was the absence of these laws that failed these two young women.

While both laws (with their flaws) fill an important legal void as far as cyberbullying is concerned, the principal benefit to be derived from these laws is likely that it gives authorities fewer excuses to do nothing when children are the victims of such crimes.

Monday, December 23, 2013

Special prosecutor required to investigate spies and their lawyers lying to the Federal Court

On Saturday, I blogged about the stunning decision of Justice Mosley of the Federal Court in IN THE MATTER OF an application by [xxxxx xxxxxx ] for a warrant pursuant to Sections 12 and 21 of the Canadian Security Intelligence Service Act, R.S.C. 1985, c. C-23, 2013 FC 1275 [PDF](See Canadian Privacy Law Blog: Canadian intelligence agencies lied to obtain warrants, Federal Court judge says).

The Court specifically found that agents of the Canadian Security Intelligence Service -- on the advice of and with the concurrence of their Department of Justice lawyers -- misled the Federal Court of Canada in order to obtain a warrant or warrants under the CSIS Act. The Court specifically found -- as a fact -- that this had occurred:

[117] In my view, as soon as it was determined that the Service would rely on the general power to investigate set out in s 12 of the Act to request second party assistance with the interception of the communications of Canadian subjects abroad, that determination constituted facts known to the affiant which could lead the Court to find that there was no investigative necessity to issue a 30-08 warrant. The failure to disclose that information was the result of a deliberate decision to keep the Court in the dark about the scope and extent of the foreign collection efforts that would flow from the Court’s issuance of a warrant.

[118] This was a breach of the duty of candour owed by the Service and their legal advisors to the Court. It has led to misstatements in the public record about the scope of the authority granted the Service by the issuance of the 30-08 warrants.

Courts are generally hesitant to go so far as to say that an affiant or a legal advisor lied to the court. That the Court did so in this case highlights how significant and egregious it was. This sort of conduct brings the administration of justice into disrepute and casts a pall over every warrant ever issued by the Court.

The decision names five Department of Justice lawyers who made "appearances" at the hearing of this matter but does not specify on whose specific advice CSIS was acting.

The warrant system only works if CSIS and their lawyers are truthful to the Court. This duty of candour is greatly elevated when they are the only ones appearing before the Court, as there is nothing adversarial to ensure that the truth comes out.

This cannot go unnoticed. This is not a "no harm, no foul" situation. The Government needs to appoint a special prosecutor to investigate how this came to be and the law societies governing those five lawyers should investigate what really appears to be egregious professional misconduct. Only a special prosecutor can do the job, as all five of the lawyers were arguing their case on behalf of the Deputy Attorney General of Canada, the country's top lawyer and prosecutor. Anything less would be sweeping this under the rug.

Saturday, December 21, 2013

Canadian intelligence agencies lied to obtain warrants, Federal Court judge says

In what can only be called a stunning decision (IN THE MATTER OF an application by [xxxxx xxxxxx ] for a warrant pursuant to Sections 12 and 21 of the Canadian Security Intelligence Service Act, R.S.C. 1985, c. C-23, 2013 FC 1275 [PDF]), a judge of the Federal Court of Canada has concluded that Canadian intelligence agencies essentially lied to the court in order to get warrants that never would have been granted had they exercised the appropriate level of candor. In addition, they sought to have other members of the "Five Eyes" group carry out surveillance of Canadians that they would have been prohibited from doing themselves.

The Ottawa Citizen does a great job summarizing the decision and its impact: CSIS asked foreign agencies to spy on Canadians, kept court in dark, judge says. It also includes good insights from national security law expert Craig Forcese at the University of Ottawa.

Some extracts from the decision:

“I am satisfied that a decision was made by CSIS officials in consultation with their legal advisers to strategically omit information in applications for 30-08 warrants about their intention to seek the assistance of the foreign partners. As a result, the court was led to believe that all of the interception activity would take place in or under the control of Canada.”

“The principle of comity between nations that implies the acceptance of foreign laws and procedures when Canadian officials are operating abroad ends where clear violations of international law and human rights begin. In tasking the other members of the Five Eyes to intercept the communications of the Canadian targets, CSIS and CSEC officials knew ... this would involve the breach of international law by the requested second parties.”

“There is nothing in any of the material that I have read ... that persuades me that it was the intent of Parliament to give the service authority to engage the collection resources of the second party allies to intercept the private communications of Canadians.”

“It must be made clear, in any grant of a 30-08 warrant, that the warrant does not authorize the interception of the communications of a Canadian person by any foreign service on behalf of the service either directly or through the assistance of CSEC.”

“There must be no further suggestion in any reference to the use of second party assets by CSIS and CSEC, or their legal advisers, that it is being done under the authority of a (section) 21 warrant issued by this court.”

The Citizen also obtained the following unsurprising reactions from CSIS and CSEC, which I would also say don't live up to any reasonable interpretation of "candor":

CSIS: “Protecting Canada’s national security interests in today’s globalized world is increasingly challenging, with little margin for error, especially in matters of counterterrorism. The international character of terrorism means that security is more than ever a shared effort. Everything that CSIS does, alone or with trusted partners, is consistent with Canadian law and Canadian values.

“We understand that protecting Canada’s national security interests is not just an important mandate but a sensitive one. As an organization, we are always looking to become more effective as we adapt to increasingly complicated threat environments.”

CSEC: “We will be reviewing this decision carefully. CSE may only conduct intelligence activities in Canada under its mandate to provide assistance to federal law enforcement and security agencies upon request. These activities respect Canadian laws and Canadian values, and are conducted under the requesting agency’s legal authorities, such as any applicable court warrant. CSE is bound by and must respect any limits in those authorities. All CSE activities are subject to review by the CSE commissioner, who for 16 years has reported that CSEC continues to act lawfully in the conduct of its current activities.”

The Globe & Mail also has good coverage of this decision: Canada’s spy agencies chastised for duping courts.

I can't help but think that though spies are not expected to have scruples and ethics, the Federal Department of Justice lawyers who participated in this likely failed to meet their professional obligations that exist regardless of their political masters and whom they are representing.

The misleading affidavits used at the ex parte hearings to obtain the warrants were prepared by and sworn in front of lawyers who have a free-standing, ethical obligation to never mislead the court. This is noted by Justice Mosley:

[82] The duty of full and frank disclosure in an ex parte proceeding was discussed by the Supreme Court of Canada in Ruby v Canada (Solicitor General) 2002 SCC 75, [2002] 4 S.C.R. 3 at para 27:

In all cases where a party is before the court on an ex parte basis, the party is under a duty of utmost good faith in the representations it makes to the court. The evidence presented must be complete and thorough and no relevant information adverse to the interests of that party may be withheld; Royal Bank, supra, at paragraph 11. Virtually all codes of professional conduct impose such an ethical obligation on lawyers. See for example the Alberta Code of Professional Conduct, c.10, r.8.

[83] The DAGC acknowledges that this duty, also known as the duty of utmost good faith or candour, applies to all of the Service’s ex parte proceedings before the Federal Court: Harkat (Re), 2010 FC 1243 at para 117, rev’d on other grounds 2012 FCA 122, appeal on reserve before the Supreme Court; Charkaoui (Re), 2004 FCA 421 at paras 153, 154; Almrei (Re), 2009 FC 1263, para 498. In making a warrant application pursuant to sections 12 and 21 of the CSIS Act, the Service must present all material facts, favourable or otherwise.


The Court then goes on to note that this misleading conduct was sanctioned by DOJ counsel:

[90] Based on the documentary record before me and Mr. Abbott’s evidence, I am satisfied that a decision was made by CSIS officials in consultation with their legal advisors to strategically omit information in applications for 30-08 warrants about their intention to seek the assistance of the foreign partners. As a result, the Court was led to believe that all of the interception activity would take place in or under the control of Canada.

I find this to be appalling conduct on the part of CSIS, but it is even more egregious that it was in consultation with legal counsel. It brings shame on the profession and also brings the administration of justice into disrepute.

Friday, December 20, 2013

American telcos agree to release transparency info; where are Canadian telcos?

Today, both AT&T and Verizon have agreed to follow Google's (and more recently, Twitter's) lead by releasing transparency reports, disclosing the extent to which they disclose customer information to law enforcement (Verizon to Publish Transparency Report Disclosing Law Enforcement Requests for Customer Information and AT&T Update On Government Surveillance Position: Plans to publish semi-annual transparency report).

Meanwhile, Canadian telecommunications companies and internet service providers are silent even though many disclose customer information to law enforcement without a warrant. It's about time that Canadian telcos step up and tell their customers what information they provide, with and without a warrant.

Monday, December 16, 2013

US congressional group calling out Canada on trade protectionism under the banner of national security

Just posted on the Canadian Cloud Law Blog:

Canadian Cloud Law Blog: US congressional group calling out Canada on trade protectionism under the banner of national security

The National Post is reporting that a group of powerful US lawmakers are calling out Canada on the frivolous use of "National Security" as a thinly-veiled effort at protectionism. In an number of very large scale procurement contracts, regardless of the security classification of the information, the government has disqualified any vendor where the data may cross the Canadian frontiers.

I have seen this first-hand where government paranoia about the cloud simply leads bureaucrats to the risk-averse decision of keeping data exclusively in Canada under the banner of "data sovereignty." This is one of the reasons why Canada lags behind in the adoption of cloud computing and why Canadian governments spend hundreds of millions of dollars on operating and maintaining thousands of little data centres instead of taking advantage of the massive savings offered by cloud computing.

The Treasury Board of Canada has long-standing guidelines that require a risk assessment in every case that takes into account the sensitivity of the data and the risk of exposure, but Public Works appears to have adopted a one size fits all "no-can-do" attitude.

It will be interesting to see if this turns into a proceeding before the international trade tribunals.

See: John Ivison: Powerful U.S. Congress group accuses Canada of trade protectionism under guise of national security | National Post.

Friday, December 13, 2013

Nova Scotia politician alleges cyberbullying, calls the authorities on tweeting teen

I wrote, some time ago, that Nova Scotia's Cyber-safety Act is poorly written, infringes freedom of expression and may be abused. I am afraid to report that I was right. An old cliché says that bad cases make bad law, but we are seeing how a bad law is leading to a bad case.


In the first publicised case referred to the CyberSCAN Units established under the province's Cyber Safety Act, a Nova Scotia politician has called the authorities after a teenager tweeted a topless but public image of the politician. (See: Lenore Zann, L Word actor turned MLA, alleges cyberbullying - Nova Scotia - CBC News and Lenore Zann, actress turned Nova Scotia MLA, launches cyberbullying investigation after teen tweets nude image of her from The L Word | National Post). Apparently Lenore Zann previously appeared topless in the cable TV program "The L Word" and a quick look using your favourite search engine will turn up images. So I'm told.

Not only did the thin-skinned politician call the CyberSCAN Unit on the young fellow, she called his parents, his school principal and the police. And I would say that she also engaged in cyberbullying him. (Not that this is new ... her previous retweets would likely hurt Rob Ford's feelings, too.)

To make it even worse, she called the cybercops on another person who had the temerity to question her judgement in responding to this. The cybercops called him and told him to take down his tweets. I find this incredibly troubling.

The problem with the law is what it captures within the incredibly broad definition of "cyberbullying":

(b) "cyberbullying" means any electronic communication through the use of technology including, without limiting the generality of the foregoing, computers, other electronic devices, social networks, text messaging, instant messaging, websites and electronic mail, typically repeated or with continuing effect, that is intended or ought reasonably be expected to cause fear, intimidation, humiliation, distress or other damage or harm to another person's health, emotional well-being, self-esteem or reputation, and includes assisting or encouraging such communication in any way;

Yup, anything that you do online that hurts someone's self-esteem or their reputation is cyberbullying. Did what this kid do (or was reported to have done) qualify as cyberbullying under this law? Perhaps. Did what she did qualify as cyberbullying? Yup.

Some have suggested that the law has to be so broad to capture all the harmful conduct and we should leave it to the courts and the cybercops to use their judgement in how it is applied. I'm sorry, but as soon as an employee of the government of Nova Scotia picks up the phone and tells a citizen to remove Charter protected speech from the internet, that crosses the line. That goes waaaaay over the line. Canadians have an absolute right to speak truth to power. Canadians have an obligation to call out politicians on hypocrisy and idiocy. An elected official like Lenore Zann, before publicly admonishing a minor, should educate herself about "copyrwite (sic) law", fair dealing and the criminal code. (A bit of free advice: Bill C-12 isn't the law yet and an image taken on a sound stage surrounded by a filming crew for the purpose of international broadcast on cable television likely does not qualify as an intimate image "in respect of which, at the time of the recording, there were circumstances that gave rise to a reasonable expectation of privacy".)







The tragedy is that cyberbullying is a real problem and Lenore Zann is turning this into a farce. The CyberSCAN Unit has a starring role in this farce. The previous government passed a law that is offensive to freedom of expression which will ultimately get struck down and will leave the real victims of cyberbullying with one fewer remedy.

At the risk of having the cybercops calling me (here's my number):

  • The government that jammed this defective law through the legislature without reflection and debate, solely to deflect attention away from police and prosecution failures in the case of Rehtaeh Parsons was contemptible,
  • Lenore Zann is too thin-skinned and has displayed a lack of judgement that makes her unqualified to be an elected official,
  • Lenore Zann comparing herself to Rehtaeh Parsons is OUTRAGEOUS, and
  • if a member of the Cyber Safety Unit actually phoned a citizen and told him to delete a tweet, the Cyber Safety Unit is complicit in this.

And who is going to lose? Freedom of expression and actual victims of cyberbullying. And that's a damn shame.

Update: Here's this evening's CBC TV coverage of the story, including an interview with me. It starts at 7:17.

Tuesday, December 10, 2013

Massive loopholes in Canadian privacy laws permit sharing of personal information with foreign governments and law enforcement

Over the course of the past few weeks, Canadians have been surprised to learn about circumstances where the US immigration authorities appear to have obtained access to sensitive health information about Canadians proposing to travel to the US. (See: Access to Canadian health files by U.S. border agency sparks demands for inquiries | Toronto Star and Toronto woman with bipolar disorder refused entry into U.S. for being a ‘flight risk’ | Toronto Star).

Canadian privacy regulators are looking into these incidents, but it is worth considering the incredibly wide latitude that police in Canada have for sharing the sensitive personal information of Canadians with foreign law enforcement agencies.

The Privacy Act, for example, explicitly authorizes police to hand your information over to foreign cops in a range of circumstances:

Disclosure of personal information

8. (1) Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.

personal information may be disclosed

(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed ...

(f) under an agreement or arrangement between the Government of Canada or an institution thereof and ... the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful investigation;

Notice that it is not limited to written treaties, written agreements or even written arrangements. Also note that it is refers to "administering any law", which can include administering a foreign law, which does not have to be consistent with the Canadian Charter of Rights and Freedoms.

The provinces also have very similar laws with enormous "law enforcement" loopholes. As another example, here's Ontario's Freedom of Information and Protection of Privacy Act on the subject:

Where disclosure permitted

42. (1) An institution shall not disclose personal information in its custody or under its control except, ...

(f) where disclosure is by a law enforcement institution,

(i) to a law enforcement agency in a foreign country under an arrangement, a written agreement or treaty or legislative authority, or

(ii) to another law enforcement agency in Canada;


(g) where disclosure is to an institution or a law enforcement agency in Canada to aid an investigation undertaken with a view to a law enforcement proceeding or from which a law enforcement proceeding is likely to result;


The Privacy Commissioner of Canada pointed out this problem a decade ago, but it fell on deaf ears. This is from her later recommendations in 2008:

However, the Privacy Act does not reflect this increase in international information sharing. The Privacy Act places only two restrictions on disclosures to foreign governments: an agreement or arrangement must exist; and the personal information must be used for administering or enforcing a law or conducting an investigation. The Privacy Act does not even require that the agreement or arrangement be in writing. The Privacy Act does not impose any duty on the disclosing institution to identify the precise purpose for which the data will be disclosed and limit its subsequent use by the foreign government to that purpose, limit the amount of personal information disclosed and restrict further disclosure to third parties. Moreover, the Privacy Act even fails to impose any basic obligations on the Canadian government institution itself to adequately safeguard personal information. ARCHIVED - Proposed Immediate Changes to the Privacy Act (April 29, 2008) Privacy Commissioner of Canada.

Yup, it's essentially carte blanche for government institutions to disclose your information without a warrant for law enforcement purposes and for them to share it with foreign governments. It may be lawful, but it's not right.

Thursday, November 28, 2013

Privacy Commissioner suprisingly approves cyberbullying bill’s ‘lawful access’ powers

Whoa. According to the Globe & Mail, the outgoing Privacy Commissioner of Canada has come out supporting the lawful access provisions of the government's new so-called cyberbullying bill (Bill C-13) (See: Privacy watchdog backs cyberbullying bill’s ‘lawful access’ powers - The Globe and Mail.)

From the Globe:

Ms. Stoddart – who steps down Monday after a high-profile 10-year term – was a vocal critic of the 2012 bill. She said the latest version appears to be an improvement and she doesn’t fault the government for linking lawful access and cyberbullying.

“I think it stands to reason that in order to literally police the Internet, you do need these powers. And if you want to be effective against cyberbullying, I would understand you do need extraordinary powers, so it doesn’t seem to me inappropriate,” she said. “That’s my take on it at the moment, but as we learn more, perhaps there are things in there that you don’t need.”

I am very surprised and, frankly, disappointed.

The bill creates a number of new production orders, by which the police can require a third party to hand over any kind of information, including location tracking data. And all the production orders require that the police convince a justice of the peace that you are a suspect of having violated any Canadian federal law (such as the Copyright Act) without any obligation to substantiate that you likely committed a crime. Current search warrants require "reasonable grounds to believe", not the incredibly low "reasonable suspicion" standard.

These production orders can apply to your text messages, your e-mail messages, your internet history, your banking information and any other information that a third party may know about you.

For more on this, see my post on the new cyberbullying bill.

Update (2013-11-28) - The statements attributed to the Commissioner have been significantly tempered by a posting on the OPC's website:

Statement from the Privacy Commissioner of Canada regarding Bill C-13 - November 28, 2013


OTTAWA, November 28, 2013 – Privacy Commissioner of Canada Jennifer Stoddart today issued the following statement in response to requests for her Office’s preliminary comments on Bill C-13, An Act to amend the Criminal Code, the Canada Evidence Act, the Competition Act and the Mutual Legal Assistance in Criminal Matters Act:

My Office is currently reviewing the Bill thoroughly and, in particular, we are examining legal controls over any new investigative powers. We will make our full comments to Parliament in due course, with the goal of contributing constructively to the eventual study of this Bill in keeping with our role as an Agent of Parliament.

We commend the government for recognizing the gravity of privacy intrusions online, and for proposing action to address the issue of cyberbullying.

We recognize that law enforcement authorities need up-to-date tools to fight online crime at a time of when technologies are changing rapidly, but this must be done in a way that respects Canadians’ fundamental right to privacy.

As for our preliminary observations on Bill C-13, we note that many troubling aspects of the former Bill C-30 have not been repeated, for example, warrantless access to personal information. However, we have questions about the following issues:

  • new investigative powers, (including preservation orders) proposed by the Bill and the thresholds for their use;
  • the potentially large number of “public officers” who would be able to use these significant new powers; and
  • a lack of accountability and reporting mechanisms to shed light on the use of new investigative powers.

My Office was not consulted on the Bill and the first time we saw a copy was Wednesday, November 20th, when the legislation was tabled. Justice Canada officials met with officials from our Office this summer, at which time we discussed specific recommendations made in a report by Federal-Provincial and Territorial officials on cyberbullying.

We look forward to sharing more comprehensive comments on the Bill with Parliament.

Update (2013-12-03) - The Commissioner has responded to the Globe & Mail's report in a letter to the editor:

Dec. 3: Safety derailed – and other letters to the editor - The Globe and Mail

Privacy but …

Re Privacy Online (letters, Dec. 2): We welcome the fact that government is taking action against cyberbullying; we are also pleased to see that the government has not repeated some of the more privacy-intrusive aspects of previous lawful access legislation – in particular, access to personal information without a warrant.

However, after a preliminary review of the legislation, we have a number of questions, specifically with respect to proposed new investigative powers and thresholds for their use, as well as the potentially large number of “public officers” who would be able to use these significant new powers. We also note there is a lack of accountability and reporting mechanisms to shed light on the use of new investigative powers.

The Office of the Privacy Commissioner will make its full comments to Parliament in due course, with the goal of contributing constructively to the eventual study of this bill.

Jennifer Stoddart, Privacy Commissioner of Canada

Wednesday, November 27, 2013

Notice of Vacancy: Privacy Commissioner

Earlier today, the Prime Minister's Office announced that Chantal Bernier has been appointed interim Privacy Commissioner of Canada upon the retirement of Jennifer Stoddart next week.

PM ANNOUNCES APPOINTMENT OF CHANTAL BERNIER AS INTERIM PRIVACY COMMISSIONER

Ottawa, Ontario

27 November 2013

Prime Minister Stephen Harper today announced the appointment of Ms. Chantal Bernier as Interim Privacy Commissioner, to serve pending the completion of the publicly advertised selection process for the next Privacy Commissioner. The appointment is effective December 3, 2013.

The Prime Minister took the opportunity to thank outgoing Privacy Commissioner, Ms. Jennifer Stoddart. “I would like to thank Jennifer Stoddart for her years of service as the Privacy Commissioner of Canada,” said the Prime Minister. “Canadians have been well-served by her exemplary leadership in overseeing compliance with Canada’s privacy laws.”

The Office of the Privacy Commissioner was created in 1977 under the Canadian Human Rights Act, Part IV. The Privacy Act, which currently governs the functions of the Privacy Commissioner, was adopted in 1983.

As an Agent of Parliament, the Privacy Commissioner oversees compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act, Canada's private sector privacy law. The mission of the Office of the Privacy Commissioner of Canada is to protect and promote the privacy rights of individuals. The Privacy Commissioner of Canada, who is independent of government, reports directly to Parliament.

In the meantime, if you're looking for a cool gig and want to be Privacy Commissioner of Canada, they are advertising for the position:

Notice of Vacancy: Privacy Commissioner (full-time position) - Opportunities at the Office of the Privacy Commissioner of Canada

Notice of Vacancy

Office of the Privacy Commissioner Of Canada

Privacy Commissioner (full-time position)

Salary: $295,500

Location: Ottawa, Ontario (until relocated to Gatineau, Quebec in February 2014)

The mission of the Office of the Privacy Commissioner of Canada is to protect and promote the privacy rights of individuals. The Office oversees compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law, along with some aspects of Canada’s anti-spam law.

As an Agent of Parliament, the Privacy Commissioner reports directly to the House of Commons and the Senate. The Commissioner’s powers to further the privacy rights of Canadians include: investigating complaints; conducting audits and pursuing court action under the Privacy Act and PIPEDA; publicly reporting on the personal information-handling practices of public- and private- sector organizations; undertaking and publishing research related to the protection of personal information; and promoting public awareness and understanding of privacy issues. The Commissioner works independently of the government to investigate complaints from individuals with respect to the federal public sector and the private sector.

The ideal candidate should possess a degree from a recognized university in a relevant field of study, or an acceptable combination of education, job-related training and/or experience. A degree in law would be considered an asset.

The ideal candidate would have management experience at the senior executive level in a private or public sector organization, including managing human and financial resources. Experience working with and rendering decisions on complex sensitive issues, preferably in areas related to privacy (data protection, security, cyberspace, technology, etc.) is desired. He or she would also have experience in the interpretation and application of legislation, regulations and policies. Experience dealing with government, preferably with senior government officials, as well as stakeholders and the media, is sought.

The ideal candidate would have knowledge of the principles of the Privacy Act and PIPEDA as well as the mandate, roles, responsibilities and accountabilities of the Privacy Commissioner. Knowledge of the role of an Agent of Parliament and its relationship with Parliament and the Government, as well as knowledge of the Canadian government, including its policies, practices and decision-making frameworks, are desired. The candidate would have knowledge of the global nature of privacy and data protection. Knowledge of privacy regimes in other jurisdictions – provincial, territorial, national and international – would be considered an asset.

The ideal candidate would possess superior leadership skills in managing a team of people and championing privacy interests in an ever-changing environment and the ability to develop and maintain effective relationships with a broad range of stakeholders that include the private sector, policy makers at all levels of government nationally and internationally, the media and civil society. The ability to interpret relevant statutes, regulations and policies, and analyse complex situations in order to make equitable and timely decisions and recommendations, while anticipating their short- and long-term consequences is desired. The candidate would also have the ability to think strategically, anticipate trends and act to influence the policy development process. He or she would have superior communication skills, both written and oral, and the ability to act as a spokesperson on privacy issues in dealing with Parliament, the Government, the media, the general public and other organizations on both a national and international level.

To achieve the Office of the Privacy Commissioner of Canada’s objectives and carry out its mandate, the Privacy Commissioner would possess strong professional ethics, sound judgement, objectivity and diplomacy. A person of integrity, he or she would possess superior interpersonal skills, tact and discretion.

Proficiency in both official languages is required.

The Office of the Privacy Commissioner of Canada’s head office is currently located in Ottawa, Ontario, but will be relocating to Gatineau, Quebec in February 2014; therefore, the successful candidate must reside in or be willing to relocate to the Ottawa/Gatineau area or to a location that is within reasonable commuting distance.

The Government is committed to ensuring that its appointments are representative of Canada’s regions and official languages, as well as of women, Aboriginal peoples, disabled persons and visible minorities.

The selected candidate must comply with the Ethical and Political Activity Guidelines for Public Office Holders. The guidelines are available on the Governor in Council Appointments website, under "Reference Material".

The selected candidate will be subject to the Conflict of Interest Act. Public office holders appointed on a full-time basis must submit to the Office of the Conflict of Interest and Ethics Commissioner, within 60 days of appointment, a confidential report in which they disclose all of their assets, liabilities and outside activities. For more information, please visit the Office of the Conflict of Interest and Ethics Commissioner’s website.

This notice has been placed in the Canada Gazette to assist the Governor in Council in identifying qualified candidates for this position. It is not, however, intended to be the sole means of recruitment.

Further details about the Office of the Privacy Commissioner of Canada and its activities can be found on the website.

For more information, please contact:

Michelle Richard or Paul Marshall at (613) 742-3217 or paul.marshall@odgersberndtson.ca

Monday, November 25, 2013

Class Action filed against Health Canada in Medical Marijuana privacy breach


Marijuana privacy breach class action blog post

This afternoon, my firm filed a statement of claim in the Federal Court against Health Canada (John Doe v. Her Majesty) in connection with the massive privacy breach associated with the government’s medical marijuana program. As we understand it, Health Canada irresponsibly deviated from their usual practice of plain brown envelopes, couriers and registered mail by sending a mailing to around 40,000 individuals associated with the program clearly announcing the “Medical Marihuana Program” on the return address.

Between Friday and today, I have had many calls from individuals whose privacy was compromised by this breach, most of them fearing for their jobs and all of them concerned about their own safety. If it gets out in your community that you lawfully possess cannabis, this makes you a target for break and enters. The risk is even more heightened if you are a licensed grower of the plant. While this is a lawful program, the use of medical marijuana is heavily stigmatized.

This is not like most large-scale privacy breaches where the harm is mostly theoretical, since the missing hard-drive or thumb-drive likely didn’t leave the building. In this case, sensitive personal information was exposed to people who had no right to see it. I am told that some people have already lost their jobs because of this. For the rest, it is hard to put a price on legitimate concern about your family’s safety. I lived for a number of years in a community of 400 people, where the Canada Post employees were also neighbours.

Health Canada has dismissed this as a simple administrative error that they’ll endeavour to not repeat. But that’s not good enough from our government. People get to choose the businesses they deal with. If you don’t like how your bank or other service provider handles your personal information, you can change banks or businesses. But that’s not the case with your government. It’s a non-consensual relationship and the government owes a special duty of care to its citizens to protect them and to protect their sensitive personal information. Participants in this program were obtaining a restricted drug for medical purposes and could not do so lawfully except through the government program. Citizens should not have to choose between doing it lawfully or doing it safely. And we are talking about sensitive personal health information, which is generally recognized in Canada as the most sensitive personal information.

If you, or anyone you know, has been affected by this breach, please go to http://www.healthprivacyclassaction.com to provide your contact information so we can keep you apprised of this case as it progresses. Please provide an e-mail address that is confidential only to you. If this breach has had a particular impact on you, there is a portion of the form to provide details about this. Any information you provide will be kept confidential.

Here is the media release:

McInnes Cooper law firm files national class action in medical marijuana privacy breach

HALIFAX, Nov. 25, 2013 /CNW/ - McInnes Cooper law firm today filed a proposed class action in Federal Court against the Government of Canada in response to Health Canada's breach of the privacy rights of 40,000 patients in the Marijuana Medical Access Program. Under the Marijuana Medical Access Program, patients are permitted to grow marijuana in their residence for medicinal purposes.  

Earlier this month, Health Canada sent these patients a letter via Canada Post that clearly indicated on the envelope that the named patient participated in the Marijuana Medical Access Program.

Health Canada's disclosure of the patients' private medical information has raised serious employment and security concerns, and caused the patients to suffer considerable stress and anxiety.

"As a result of Health Canada's error, we have already spoken with a number of people whose lives have been affected by this breach," said David Fraser, a national expert on privacy law, and McInnes Cooper's lead lawyer on this case.

"We have heard that some individuals have already lost their jobs as a result, and everyone we've spoken with is concerned about their safety in their homes."

SOURCE: McInnes Cooper

The statement of claim is here:

FEDERAL COURT

 

PROPOSED CLASS ACTION

 

 

BETWEEN:

 

JOHN DOE

 

                                                                                                                            PLAINTIFF

 

- and -

                                                                                                                                                                

                                                                                                                                                                 

HER MAJESTY THE QUEEN

 

                                                                DEFENDANT

 

 

STATEMENT OF CLAIM

 

 

TO THE DEFENDANT:

 

A LEGAL PROCEEDING HAS BEEN COMMENCED AGAINST YOU by the Plaintiff.  The claim made against you is set out in the following pages.

 

                IF YOU WISH TO DEFEND THIS PROCEEDING, you or a solicitor acting for you are required to prepare a statement of defence in Form 171B prescribed by the Federal Courts Rules, serve it on the Plaintiff’s solicitor or, where the Plaintiff does not have a solicitor, serve it on the Plaintiff, and file it, with proof of service, at a local office of this Court, WITHIN 30 DAYS after this Statement of Claim is served on you, if you are served within Canada.

 

                If you are served in the United States of America, the period for serving and filing your Statement of Defence is forty days.  If you are served outside Canada and the United States of America, the period for serving and filing your Statement of Defence is sixty days.

 

                Copies of the Federal Courts Rules, information concerning the local offices of the Court and other necessary information may be obtained on request to the Administrator of this Court at Ottawa (telephone: 613-992-4238) or at any local office.

 

                IF YOU FAIL TO DEFEND THIS PROCEEDING, judgment may be given against you in your absence and without further notice to you.

 

 

Date:  _____________________________________

 

Issued by:  _________________________________

[Registry Officer]

 

Address of local office:  1801 Hollis Street,

                                            17th Floor, Suite 1720

                                            Halifax, N.S.  B3J 1S7

                             

 

To:                   The Attorney General of Canada

Attention:     Mr. Willian F. Pentney, Deputy Attorney General of Canada

 

 

 

Claim

 

1.    The Plaintiff claims on his own behalf and on behalf of the proposed Class:

 

a.    An Order pursuant to Rules 334.16(1) and 334.17 of the Federal Courts Rules certifying this action as a class proceeding;

 

b.    An Order pursuant to Rules 334.12(3), 334.16(1)(e) and 334.17(b) appointing the Plaintiff as the representative plaintiff for the Class;

 

c.    Damages for the torts of intrusion upon seclusion, publicity given to private life, breach of confidence and negligence;

 

d.    An Order pursuant to Rule 334.28(1) and (2) for the aggregate assessment of monetary relief and its distribution to the Plaintiff and the Class;

 

e.    Prejudgment interest pursuant to section 36 of the Federal Courts Act;

 

f.     Costs, if appropriate; and

 

g.    Such further and other relief as this Honourable Court deems just.

 

Parties

 

2.    The Plaintiff is an individual who resides in Nova Scotia. He is employed in the health care field.

 

3.    The Plaintiff brings this action on his own behalf and on behalf of the members of the proposed class, which is defined as follows:

 

All persons who were sent a letter from Health Canada in November 2013 that had the phrase Marihuana Medical Access Program or a similar French phrase visible on the front of the envelope.

 

4.    The Defendant, Her Majesty the Queen, is named as a representative of the Federal Government of Canada and Health Canada. Health Canada administers the Marihuana Medical Access Program under the Marihuana Medical Access Regulations.

 

Medical Marihuana Access Program

 

5.    Through the Marihuana Medical Access Program, the Defendant grants access to marihuana for medical use to Canadians suffering from grave and debilitating illnesses.

 

6.    Marihuana (cannabis) is categorized as a controlled substance, regulated in Canada under the Controlled Drugs and Substances Act. It is not legal to grow or possess marihuana except with legal permission by the Defendant under the Marihuana Medical Access Program.

 

7.    The Plaintiff applied to participate in the Defendant’s Marihuana Medical Access Program to grow and possess marihuana to alleviate the pain that he suffers due to a medical condition. The Defendant approved the Plaintiff’s application.

 

Disclosure of the Plaintiff’s Private Information

 

8.    The Defendant typically corresponds to the Plaintiff by courier service with plain unmarked brown envelopes.

 

9.    During the week of November 21, 2013, the Defendant sent the Plaintiff a letter plainly and clearly indicating on the envelope that it was from Health Canada and that it was in regards to the Marihuana Medical Access Program.

 

10.  By publically indicating that the Plaintiff was a participant in the Marihuana Medical Access Program, the Defendant disclosed the personal health information about the Plaintiff. Furthermore, the Defendant’s disclosure creates a security concern by alerting other individuals that the Plaintiff may possess and/or grow marihuana at his residence.

 

Negligence

 

11.  At all material times, the Defendant owed a duty of care to the Plaintiff and the proposed Class.

 

12.  Furthermore, the Defendant had a statutory duty under subsection 8(1) of the Privacy Act to not disclose personal information without that individual’s consent. The Plaintiff’s and the Class’ participation in the Marihuana Medical Access Program constitutes personal information as it is confidential information and relates to their medical history.

 

13.  The Defendant breached its duty of care owed to the Plaintiff and the Class by:

 

a.    Failing to meet its statutory duties and/or policies in the collection, retention and disclosure of personal information;

 

b.    Failing to take reasonable steps to ensure the personal information was not disclosed;

 

c.    Failing to communicate with the Plaintiff and the Class in a manner that did not disclose their personal information; and

 

d.    Other such particulars as counsel may advise.

 

Publicity Given to Private Life

 

14.  Through its actions stated above, the Defendant gave publicity to the Plaintiff’s private, personal information, particularly his medical condition.

 

15.  The Plaintiff’s private personal information is of no legitimate concern to the public. The Defendant’s disclosure of the Plaintiff’s private personal information is highly offensive to a reasonable person.

 

Breach of Confidence

 

16.  The Plaintiff states that the Defendant committed the tort of breach of confidence.

 

17.  In applying to participate in the Marihuana Medical Access Program, the Plaintiff conveyed confidential information in confidence to the Defendant.

 

18.  In its actions stated above, the Defendant misused the Plaintiff’s confidential information to the Plaintiff’ detriment.

 

Intrusion upon Seclusion

 

19.  The Defendant’s above stated actions constitute an intrusion on seclusion in a manner that would be highly offensive to a reasonable person.

 

Relief Sought

 

20.  The Defendant’s actions have caused the Plaintiff and the Class to suffer the following damages:

 

a.    Costs incurred in taking additional security precautions;

b.    Damage to reputation;

c.    Damage to employment;

d.    Mental distress;

e.    General damages; and

f.     Inconvenience, frustration and anxiety.

 

General

 

21.  The Plaintiff proposes that this trial take place in Halifax.

 

DATED at Halifax, in the Province of Nova Scotia, this 25th day of November 2013.

 

 

PLACE OF TRIAL:                    HALIFAX, NOVA SCOTIA

 

 

                                                                ____________________________________

                                                                            David T.S. Fraser

Solicitor for the Plaintiff

 

Wednesday, November 20, 2013

Some comments on the new Canadian Cyberbullying bill, aka Bill C-13 "Protecting Canadians from Online Crime Act"

As promised, and perhaps not surprisingly, I have some things to say about the new Bill C-13, called the "Protecting Canadians from Online Crime Act". It was introduced as Canada's cyberbullying law, but it's more than that. The summary of the bill only refers to the portions of the legislation that deal with cyberbullying, but the government has buried a number of other provisions in the statute that seem to have little, if nothing, to do with cyberbullying.

A word of caution: I've only just gotten my hands on the Bill and my comments are necessarily quick off the mark and without a whole lot of opportunity for reflection. My opinions may change as I digest this or hear responses to this. And, of course, this does not reflect the opinions of my firm, its clients, my friends, my cat or anyone else. If I make a mistake, please let me know and I will be glad to correct it.

First of all, the actual cyberbullying parts, which start at Clause 3 of the Bill:

The heart of it is the creation of a new crime of the non-consensual distribution of intimate images.

162.1 (1) Everyone who knowingly publishes, distributes, transmits, sells, makes available or advertises an intimate image of a person knowing that the person depicted in the image did not give their consent to that conduct, or being reckless as to whether or not that person gave their consent to that conduct, is guilty

(a) of an indictable offence and liable to imprisonment for a term of not more than five years; or

(b) of an offence punishable on summary conviction.


Definition of “intimate image”

(2) In this section, “intimate image” means a visual recording of a person made by any means including a photographic, film or video recording,

(a) in which the person is nude, is exposing his or her genital organs or anal region or her breasts or is engaged in explicit sexual activity;

(b) in respect of which, at the time of the recording, there were circumstances that gave rise to a reasonable expectation of privacy; and

(c) in respect of which the person depicted retains a reasonable expectation of privacy at the time the offence is committed.


Defence

(3) No person shall be convicted of an offence under this section if the conduct that forms the subject-matter of the charge serves the public good and does not extend beyond what serves the public good.

Question of fact and law, motives

(4) For the purposes of subsection (3),

(a) it is a question of law whether the conduct serves the public good and whether there is evidence that the conduct alleged goes beyond what serves the public good, but it is a question of fact whether the conduct does or does not extend beyond what serves the public good; and

(b) the motives of an accused are irrelevant.


This is a very difficult provision to get right and an easy provision to get wrong. It is a good thing, in my view, that in order to be found guilty, the accused has to have known that the person depicted did not give consent. But the standard is then lowered to being reckless about whether or not the person gave their consent. This is problematic, in my view.

Imagine a scenario where a woman (let's call her Anne and also assume she's an adult) takes an intimate image of herself and sends it to her boyfriend, Bob. By doing that she has at least consented to having that image sent to him. Anne sent it to Bob, afterall, but there is not explicit communication of the consent involved. Bob is an idiot and a braggart, so he then sends the image to his friend Carl. Did Bob not have Anne's consent to do that? Probably, but the police would have to prove that he knew that he did not have her consent or that he was reckless about a lack of consent. This would have to be proven beyond a reasonable doubt. But now Carl has it and is two steps removed from Anne and has little knowledge about the circumstances under which Bob got the image. It's harder to convict him of knowledge of lack of consent and probably about his recklessness. Imagine that Bob and Anne broke up. As I said, Bob is an idiot, so he posts it on a website, where it is viewed by Dan and Ed. Both Dan and Ed like the photo, so they re-post it and tweet it all over the internet. Dan and Ed have no idea who Anne or Bob are and have no knowledge of this history. They also don't know that Bob took the photo and posted it on the internet to hurt Anne. Are Dan and Ed criminals in this situation? Are they reckless if they don't inquire into it? Can they, since they don't know who Anne is or how to contact her? In this scenario, I would think that Bob is and Carl may be criminals, but Dan and Ed are too far removed to know whether there was consent and the law can't assume any sort of knowledge about lack of consent. It has to be proven. I would not want the law to assume a lack of consent unless the distributor had confirmed it.

I also wonder what is meant by "publishes". Criminal liability should not attach to an intermediary who has no knowledge of the background and the law should not place an obligation on that intermediary to somehow establish the provenance of the photo or image.

The new Section 162.2 allows a court to prohibit someone convicted under the previous section from using the internet for any indeterminate period of time set by the court.

162.2 (1) When an offender is convicted, or is discharged on the conditions prescribed in a probation order under section 730, of an offence referred to in subsection 162.1(1), the court that sentences or discharges the offender, in addition to any other punishment that may be imposed for that offence or any other condition prescribed in the order of discharge, may make, subject to the conditions or exemptions that the court directs, an order prohibiting the offender from using the Internet or other digital network, unless the offender does so in accordance with conditions set by the court.

Duration of prohibition

(2) The prohibition may be for any period that the court considers appropriate, including any period to which the offender is sentenced to imprisonment.

Court may vary order

(3) A court that makes an order of prohibition or, if the court is for any reason unable to act, another court of equivalent jurisdiction in the same province may, on application of the offender or the prosecutor, require the offender to appear before it at any time and, after hearing the parties, that court may vary the conditions prescribed in the order if, in the opinion of the court, the variation is desirable because of changed circumstances after the conditions were prescribed.



I can see the logic behind this, but I often find myself wondering whether the people who draft these laws and the people who enforce them are detached from living in the modern world. Refusing access to the internet is not the same as prohibiting ownership of a firearm. It is virtually impossible for a young person to live any sort of normal life without access to the internet. I know of few jobs these days, other than flipping burgers, that doesn't involve using the internet in one way or another. It's pretty hard to even get a cell phone that doesn't have access to the internet. (Even the old Nokia 252 sitting in the bottom of my junk drawer can access the internet.) I am concerned that such a measure may be imposed too regularly without enough consideration of what sort of impact this may have on the ability of someone to reintegrate into society.

Next up are a number of amendments to existing sections of the Criminal Code which allow for the seizure of obscenity, child pornography and "crime comics" (yes, you read that right), to which "intimate images" are added.

After that, Clause 6 provides for the forfeiture of property related to the offence.

Clause 7 adds the distribution of intimate images to the category of offences that are applicable for certain warrants. some other sub-clauses look like housekeeping, though I'll take a closer look later.

Clause 8 deals with authorizations to intercept certain private communications with the consent of a party to the communication. It adds a new subsection (5) to Section 184.2 of the Criminal Code:

(5) A judge who gives an authorization under this section may, at the same time, issue a warrant or make an order under any of sections 487, 487.01, 487.014 to 487.018, 487.02, 492.1 and 492.2 if the judge is of the opinion that the requested warrant or order is related to the execution of the authorization.

Likewise, clause 9 adds a similar subsection to section 186 of the Criminal Code:

(8) A judge who gives an authorization under this section may, at the same time, issue a warrant or make an order under any of sections 487, 487.01, 487.014 to 487.018, 487.02, 492.1 and 492.2 if the judge is of the opinion that the requested warrant or order is related to the execution of the authorization.

Clause 10 deals with keeping the affidavit to obtain a warrant secret. This appears, at first glance, to be housekeeping. Clause 11 also looks like a housekeeping amendment.

Oddly out of place, Clause 12 seems to expand the categories of identifiable groups for the advocating genocide crime under Section 318 of the Criminal Code:

(4) In this section, “identifiable group” means any section of the public distinguished by colour, race, religion, national or ethnic origin, age, sex, sexual orientation, or mental or physical disability.

Clauses 13 amends the provisions of the Code dealing with hate propaganda.

Clauses 14-17 amend the existing sections in the Criminal Code addressing computer crime, none of which have anything to do specifically with cyberbullying. Clause 15 augments the offence of possession of a device to obtain use of telecommunication facility or telecommunication service while Clause 17 amends the offence of Possession of device to obtain unauthorized use of computer system or to commit mischief.

Clause 18, on the other hand, actually has to do with cyberbullying. It amends the existing provisions of the Code related to harassing communications and extends them to include all modes of telecommunications:

Message in false name

371. Everyone who, with intent to defraud, causes a message to be sent as if it were sent under the authority of another person, knowing that it is not sent under that authority and with intent that it should be acted on as if it were, is guilty of an indictable offence and liable to imprisonment for a term of not more than five years.

False information
372. (1) Everyone commits an offence who, with intent to injure or alarm a person, conveys information that they know is false, or causes such information to be conveyed by letter or any means of telecommunication.

Indecent communications

(2) Everyone commits an offence who, with intent to alarm or annoy a person, makes an indecent communication to that person or to any other person by a means of telecommunication.

Harassing communications

(3) Everyone commits an offence who, without lawful excuse and with intent to harass a person, repeatedly communicates, or causes repeated communications to be made, with them by a means of telecommunication.

Punishment

(4) Everyone who commits an offence under this section is

(a) guilty of an indictable offence and liable to imprisonment for a term of not more than two years; or

(b) guilty of an offence punishable on summary conviction.


Clause 20 adds new categories of production orders to the Criminal Code, including orders related to transmission data and tracing data, along with giving law enforcement the ability to demand that anyone preserve computer data for 21 or 90 days, depending upon the nature of the offence. They are all somewhat problematic, since all that is required is a "reasonable suspicion", not "reasonable and probable grounds to believe" or another higher threshold. The drafters appear to think that the sort of information that would be produced is not sensitive and should not be afforded a high level of protection.

Preservation demand

487.012 (1) A peace officer or public officer may make a demand to a person in Form 5.001 requiring them to preserve computer data that is in their possession or control when the demand is made.

Conditions for making demand

(2) The peace officer or public officer may make the demand only if they have reasonable grounds to suspect that

(a) an offence has been or will be committed under this or any other Act of Parliament or has been committed under a law of a foreign state;

(b) in the case of an offence committed under a law of a foreign state, an investigation is being conducted by a person or authority with responsibility in that state for the investigation of such offences; and

(c) the computer data is in the person’s possession or control and will assist in the investigation of the offence.

Limitation

(3) A demand may not be made to a person who is under investigation for the offence referred to in paragraph (2)(a).

Expiry and revocation of demand

(4) A peace officer or public officer may revoke the demand by notice given to the person at any time. Unless the demand is revoked earlier, the demand expires

(a) in the case of an offence that has been or will be committed under this or any other Act of Parliament, 21 days after the day on which it is made; and

(b) in the case of an offence committed under a law of a foreign state, 90 days after the day on which it is made.

Conditions in demand

(5) The peace officer or public officer who makes the demand may impose any conditions in the demand that they consider appropriate — including conditions prohibiting the disclosure of its existence or some or all of its contents — and may revoke a condition at any time by notice given to the person.

No further demand

(6) A peace officer or public officer may not make another demand requiring the person to preserve the same computer data in connection with the investigation.

I don't have any particular concerns with this new provision, other than subsection (5), which seems to give the peace officer unfettered discretion to place conditions on the demand, including a gag order. If a gag order is contemplated, it should be clearly set out in the Code, the criteria to justify it should be clearly set out as well and it should be subject to judicial review. Providing the police with such discretion only means it will be exercised in the vast majority of cases.

The following sections allow a police officer to seek a judge's order that data be preserved in similar circumstances.

Next up is a new Section 487.014 of the Code, which provides for a "general production order".

General production order

487.014 (1) Subject to sections 487.015 to 487.018, on ex parte application made by a peace officer or public officer, a justice or judge may order a person to produce a document that is a copy of a document that is in their possession or control when they receive the order, or to prepare and produce a document containing data that is in their possession or control at that time.

Conditions for making order

(2) Before making the order, the justice or judge must be satisfied by information on oath in Form 5.004 that there are reasonable grounds to believe that

(a) an offence has been or will be committed under this or any other Act of Parliament; and

(b) the document or data is in the person’s possession or control and will afford evidence respecting the commission of the offence.

Form

(3) The order is to be in Form 5.005.

Limitation

(4) A person who is under investigation for the offence referred to in subsection (2) may not be made subject to an order.


Subsequent sections add on production orders for tracing communications (new s. 487.015), to obtain transmission data (new s. 148.016), to obtain tracking (location) data (new s. 487.017) and to obtain financial data from a financial institution (new s. 487.018).

The Bill introduces new production orders that do require judicial authorization, but the threshold for obtaining them are very low. As with the preservation demand, all that is required are “reasonable grounds to suspect” that an offence has been committed, rather than the more onerous “reasonable and probably grounds to believe”. The specific production orders fall under the categories of “general production order” related to any document, tracing data, tracking data, non-content transmission information and financial information. For example the tracking data provisions read:

“tracking data” means data that relates to the location of a transaction, individual or thing.

Production order — tracking data

487.017 (1) On ex parte application made by a peace officer or public officer, a justice or judge may order a person to prepare and produce a document containing tracking data that is in their possession or control when they receive the order.

Conditions for making order

(2) Before making the order, the justice or judge must be satisfied by information on oath in Form 5.004 that there are reasonable grounds to suspect that

(a) an offence has been or will be committed under this or any other Act of Parliament; and

(b) the tracking data is in the person’s possession or control and will assist in the investigation of the offence.


Form

(3) The order is to be in Form 5.007.

Limitation

(4) A person who is under investigation for the offence referred to in subsection (2) may not be made subject to an order.


New Code section 492.1 provides for warrants to authorize the installation of “tracking devices” on vehicles and things carried or worn by individuals and “transmission data recorders” to obtain transmission data. Again, both these warrants only require “reasonable grounds to suspect”.


The Bill also provides immunity to third parties who voluntarily provide information to the police:

For greater certainty

487.0195 (1) For greater certainty, no preservation demand, preservation order or production order is necessary for a peace officer or public officer to ask a person to voluntarily preserve data that the person is not prohibited by law from preserving or to voluntarily provide a document to the officer that the person is not prohibited by law from disclosing.

No civil or criminal liability

(2) A person who preserves data or provides a document in those circumstances does not incur any criminal or civil liability for doing so.


It does however seem unusual that a service provider would need the immunity in subsection (2) if the “is not prohibited by law from disclosing” is satisfied from subsection (1).

Provisions in the Competition Act related to telemarketing are amended by Clauses 28-35, while the Mutual Legal Assistance in Criminal Matters Act is amended by Clauses 36 – 45 to extend these new investigative powers to incoming requests from foreign authorities. Also amended is the Canada Evidence Act so that a spouse is a competent and compellable witness for the prosecution with respect to the new offence of non-consensual distribution of intimate images.

Anti-cyberbullying bill tabled in Canadian Parliament

This afternoon, the Canadian Justice Minister and the Minister of Public Safety and Emergency Preparedness announced a new bill designed to counter specific aspects of online cyberbullying. The bill does not create any new crime of cyberbullying (as existing laws can deal with harassment, extortion and the like), but it does create an offence related to the non-consensual distribution of intimate images online.

While I haven't had the opportunity to scrutinize the bill in great detail (update: now posted online here), it does create an to prohibit the non-consensual distribution of intimate images – punishable by a maximum penalty of five years’ imprisonment on indictment or six months’ imprisonment on summary conviction. An intimate image is one that depicts a person engaged in explicit sexual activity or that depicts a sexual organ, anal region or breast. Further, the image would be one for which, at the time of the recording, the person depicted had a reasonable expectation of privacy and, at the time of the offence, had not relinquished his or her privacy interest. How this will be construed by the courts will be something to watch closely.

The Bill also would permit the Court to order the removal of an intimate image that is posted online. This may ultimately be problematic as many of the online services that host such content would be based outside of Canada and likely beyond the effective jurisdiction of Canadian court orders. It may be more effective for any order to be directed that the person who posted it in the first place, who likely retains the ability to have it removed.

The law also augments existing investigation powers of the police -- all of which the Government has taken great pains to emphasise involve judicial oversight -- including preservation demands.

More analysis to follow. In the meantime, here is the media release and backgrounder prepared by the Department of Justice:

GOVERNMENT INTRODUCES LEGISLATION TO CRACK DOWN ON CYBERBULLYING

OTTAWA, November 20, 2013 – The Honourable Peter MacKay, P.C., Q.C., M.P.

for Central Nova, Minister of Justice and Attorney General of Canada, today introduced legislation to address criminal behaviour associated with cyberbullying. This legislation demonstrates the Government’s firm commitment to ensuring that Canadians are better protected against online exploitation. Minister MacKay was joined by the Honourable Steven Blaney, Minister of Public Safety and Emergency Preparedness.

“Our Government is committed to ensuring that our children are safe from online predators and from online exploitation. We have an obligation to help put an end to harmful online harassment and exploitation.

Cyberbullying goes far beyond schoolyard bullying and, in some cases, can cross the line into criminal activity,” said Minister Mackay. “With the click of a computer mouse, a person can be victimized before the entire world. As we have seen far too often, such conduct can destroy lives. It clearly demands a stronger criminal justice response, and we intend to provide one.”

The legislation being introduced today would:

  • Prohibit the non-consensual distribution of intimate images;

  • Empower a court to order the removal of intimate images from the Internet;

  • Permit the court to order forfeiture of the computer, cell phone or other device used in the offence;

  • Provide for reimbursement to victims for costs incurred in removing the intimate image from the Internet or elsewhere; and

  • Empower the court to make an order to prevent someone from distributing intimate images.

The proposed investigative powers to identify and remedy this and other cybercrimes would be subject to appropriate judicial oversight.

The Government worked closely with the provinces and territories in developing the report and recommendations on which this legislation is closely based.

“With this legislation, we are confirming that this type of behaviour is absolutely unacceptable and has serious consequences,” added Minister Blaney. “As part of Bullying Awareness Week, we are committed to reminding victims that they are not alone, and encouraging them to reach out to a teacher, a trusted adult, a parent or a friend. Bullying – whether online or off – is a problem that affects us all, and we all have a role to play in stopping it.”

Working with partners in the public and private sectors, the Government of Canada is taking action to address all forms of bullying through education, awareness and prevention activities.

For example, the Government is also supporting the development of a number of school-based projects to prevent bullying, as part of $10 million in funding that was committed in 2012 towards new crime prevention projects.

Other important projects that the Government supports to address cyberbullying include the Cybertip.ca and NeedHelpNow.ca websites operated by the Canadian Centre for Child Protection. Canadians can use these websites to report online sexual exploitation of children and to seek help for exploitation resulting from the sharing of sexual images.

In addition, through the Government’s GetCyberSafe campaign, Canadians can get the information they need to protect themselves and their families against online threats, including cyberbullying.

For more information on Bullying Awareness Week, please visit the website www.bullyingawarenessweek.org.

Backgrounder

Cyberbullying and the Non-Consensual distribution of Intimate Images

Bullying and Cyberbullying

Bullying, including cyberbullying, is a form of aggression, usually among children and youth but not always. When the bullying behaviour occurs via electronic means, it is often referred to as cyberbullying.

Bullying, including cyberbullying, can take many forms. Some forms, such as name-calling, teasing, belittling and social exclusion, are familiar and may be hurtful but are not criminal offences. However, bullying and cyberbullying conduct can escalate to more serious activities that are criminal offences under the Criminal Code, including criminal harassment (section 264); uttering threats (section 264.1); intimidation (subsection 423(1)); mischief in relation to data (subsection 430(1.1)); unauthorized use of computer (section 342.1); identity fraud (section 403); extortion (section 346); false messages, indecent or harassing telephone calls (section 372); counselling suicide (section 241); incitement of hatred (section 319); child pornography (section 163.1); and defamatory libel (sections 298-301).

More recently, a new form of cyberbullying has emerged that is not covered by the criminal law. It involves the distribution of intimate (sexual) images without the consent of the person depicted in the image.

Sometimes the motivation is to take revenge on a former partner (sometimes colloquially referred to as “revenge porn”). Young people are increasingly exchanging intimate images consensually, which is a problem in itself, but one that is exacerbated if those images later become fodder for humiliating cyberbullying attacks involving non-consensual distribution or so-called “sexploitation.”

Impact of Cyberbullying

Bullies have been around throughout history, but the widespread use of new communications technologies increases the potential impact of bullying behaviour. Bullies can now expand their audience from the schoolyard to around the globe. Once the bullying conduct is in cyberspace, it may be permanently available over the Internet, where it can spread quickly and often uncontrollably. This may compound feelings of fear, humiliation, and social isolation and have other negative effects on victims. There have been several reported cases of teen suicide where cyberbullying is alleged to have played a part.

Finding Solutions

At their October 2012 meeting, Federal-Provincial-Territorial Ministers responsible for Justice and Public Safety directed senior officials to identify potential gaps in the Criminal Code on cyberbullying and the non-consensual distribution of intimate images. The results of that review were published in a report in July 2013. The report concluded that a multi-pronged approach was needed to address cyberbullying. In addition to education, public awareness, and family and community support, the report recommended that the Criminal Code be amended to address certain gaps in the law and give law enforcement officers better tools to deal with the issue.

Bullying is also being addressed through non-legislative means, including education, awareness and prevention activities.

This reflects the fact that bullying is a social problem that needs comprehensive responses from schools, non-government organizations, the police, and community groups.

Proposed Criminal Code amendments

The federal Minister of Justice has introduced legislation to amend the Criminal Code to:

  • Create a new offence to prohibit the non-consensual distribution of intimate images – punishable by a maximum penalty of five years’ imprisonment on indictment or six months’ imprisonment on summary conviction;

  • Direct the sentencing judge to consider whether or not a person convicted of the new offence should be subject to a prohibition order that would restrict his or her use of the Internet for a specified period;

  • Authorize a judge to order the removal of an intimate image from websites if the person depicted did not consent to having the image posted;

  • Allow a judge to order restitution following a conviction to enable the victim to recoup expenses involved in having the images removed from the Internet or social media;

  • Empower the court to seize and order the forfeiture of property related to the offence, such as computers and mobile devices;

  • Specify that a justice may issue a recognizance order (peace bond) where there are reasonable grounds to believe an individual will commit the new offence; and

  • Ensure that the spouse of an accused person is eligible to testify against the accused in court.

For purposes of the Criminal Code, “intimate image” would be defined as an image that depicts a person engaged in explicit sexual activity or that depicts a sexual organ, anal region or breast. Further, the image would be one for which, at the time of the recording, the person depicted had a reasonable expectation of privacy and, at the time of the offence, had not relinquished his or her privacy interest.

The proposed amendments to the Criminal Code would also modernize existing investigative powers (warrants and other judicial orders) to enable police – subject to prior judicial oversight –to obtain electronic evidence from the Internet and other new technologies more efficiently and effectively. More specifically, the proposed amendments would:

  • Provide for preservation of volatile computer data;

  • Require judicial authority to acquire preserved computer data, and require the deletion of such data when it is no longer needed;

  • Update production orders and warrants to make them more responsive and appropriate for today’s advanced telecommunications environment;

  • Give the police better tools to track and trace telecommunications to determine their origin or destination; and

  • Streamline the process for obtaining multiple warrants and orders that are related to the execution of a wiretap authorization.

To safeguard privacy, none of the updates of investigative powers would allow access to data or subscriber information without prior judicial oversight.