Canada & The PATRIOT Act: Get Over It
It is somewhat fitting that Halloween and the anniversary of the enactment of the PATRIOT Act are close together. In Canada, the latter, which turned 10 last week, has come to embody fear about government access to personal information. The troubling part is that this fear may needlessly complicate life for everyone in this country.
For those not familiar with the PATRIOT Act, the Foreign Intelligence Surveillance Act (“FISA”) provides American authorities with the power to gather intelligence on foreign agents in the United States and abroad, pursuant to orders issued by the Foreign Intelligence Surveillance Court.
To better protect the United States against international terrorism and against foreign intelligence activities, the PATRIOT Act amended FISA to allow US authorities to obtain records and other “tangible things” (Section 215) and that intelligence gathering need only be “a significant purpose”, rather than the sole purpose, of FISA searches or surveillance in the US (section 218).
Section 505 of the Patriot Act lowered the threshold for the issuance of “national security letters” which require financial institutions, telephone companies and ISPs to disclose information about their customers. The threshold went from requiring specific facts to simply being relevant to an authorized investigation. The scope of coverage was later expanded to include travel agencies, real estate agents, the US Postal Service, jewellery stores, casinos and car dealerships.
In Canada, the popular view appears to be that American authorities use these powers to obtain access to personal information located in Canada about Canadians because of such information is in the custody or control of an American company.
It doesn’t help that US courts have no difficulty ordering disclosure of records held outside the US, as long as a person or organization — subject to the US court’s jurisdiction — has a legal or practical ability to access those records. Some American courts have found that control of records exists whenever there is a US parent-Canadian subsidiary corporate relationship.
While failure to comply with a FISA order may result in contempt charges, section 215 relieves a person of liability in the US for complying with a FISA order. As a result, American corporations have an incentive to comply with such orders — even if it may breach contractual or legal obligations in other countries, including Canada.
By the way, if you thought the PATRIOT Act was all about fighting terrorism, read this story and think again.
Is this “easier” access to your “state-side” records the real issue though? If people in Canada are concerned about law enforcement access through the PATRIOT Act, why aren’t they saying anything about similar Canadian laws?
What laws? See Part II of the Canadian Security Intelligence Service Act which allows designated judges from the Federal Court secret to issue warrants authorizing (1) the interception of communication, (2) obtaining any information, record, document or thing by (a) entering any place, (2) searching, removing and examining any thing, or (installing, maintaining or removing any thing.
Then read s. 273.65 of the National Defence Act with respect to the abilities of the Communications Securities Establishment to intercept communications pursuant to a Ministerial authorization.
Even in PIPEDA, some access requests need to be run by law enforcement authorities and denied if an institution is:
“of the opinion that compliance with the request could reasonably be expected to be injurious to (a) national security, the defence of Canada or the conduct of international affairs; (a.1) the detection, prevention or deterrence of money laundering or the financing of terrorist activities; or (b) the enforcement of any law of Canada, a province or a foreign jurisdiction, an investigation relating to the enforcement of any such law or the gathering of intelligence for the purpose of enforcing any such law.”
Just as our federal Privacy Commissioner cooperates with the U.S. Federal Trade Commission (see Accusearch Inc.) law enforcement authorities in our two countries cooperate as well. The process of getting information under mutual legal assistance treaties can be slow but the mechanisms do exist and, in an emergency, you can imagine things move very quickly on an informal basis.
You may (or may not) question the interpretation, effectiveness or ongoing utility of these intelligence gathering tools but the legal frameworks to allow their use exist both in Canada and the United States. Why then do people single out the PATRIOT Act? Perhaps not unsurprisingly, people cite the PATRIOT Act and “privacy concerns” when they really have another agenda.
It seems that people are starting to recognize this grandstanding for what it is. We’re seeing a more critical eye being cast on PATRIOT Act arguments. See this 2009 Lakehead University arbitral decision and, reported in this blog post, this 2010 Alberta arbitral decision.
In the emerging world of cloud computing, Canadians will have to recognize that more of our personal information will go “offshore”. If it does, should law enforcement access be the primary concern? I think we need to worry less about “where” and more about “how secure” and “how accessible”.