1 / 54

Personal Information Protection in the Face of Crime and Terror: Information Sharing by Private Enterprises for National

Industries Reviewed. Telecommunications: Aba StevensRetail: Tamir IsraelBanking: Ali MianAirlines: Michelle Yau. Telecommunications Industry (Aba Stevens). Overview of Telecommunications IndustryNearly universal reachGrowth concentrated in Internet and wireless serviceRegulation of PrivacyCR

winola
Download Presentation

Personal Information Protection in the Face of Crime and Terror: Information Sharing by Private Enterprises for National

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Personal Information Protection in the Face of Crime and Terror: Information Sharing by Private Enterprises for National Security and Law Enforcement Purposes Centre for Innovation Law and Policy March 2008

    2. Industries Reviewed Telecommunications: Aba Stevens Retail: Tamir Israel Banking: Ali Mian Airlines: Michelle Yau

    3. Telecommunications Industry (Aba Stevens) Overview of Telecommunications Industry Nearly universal reach Growth concentrated in Internet and wireless service Regulation of Privacy CRTC under the Telecommunication Act PIPEDA dominates

    4. Information Collected by the Telecommunications Industry 2 Broad categories Active information collection Access to information that passes over the network

    5. Active Information Collection General Principle: collection limited to that necessary for the provision of the service May include Name E-mail address Mailing address Phone number Record of complaints Birth date Financial information Service and equipment Also known as subscriber data

    6. Access to Information Passing Over Network May Include Data pertaining to transmission of communication (Traffic data) Content of communication (Content data) Often transient Costs and technical demands are disincentives to storage ISPs may store data due to Failure of recipient to download Disabling of account Suspension of client’s account

    7. Legal Regime Governing Collection PIPEDA (dominant statutory regime) Contractual Undertakings of ISPs Terms of Service require compliance with Acceptable Use Policies (AUP) ISPs explicitly reserve right to monitor network and aspects of service to ensure compliance with acceptable use policies Potentially affects reasonable expectation of privacy Implications of Buhay Limited recourse to Charter Monitoring for compliance with AUP generally does not involve government

    8. Information of Interest to Law Enforcement Convention on Cybercrime Categories of Investigatory Information (from least to most intrusive of privacy) Subscriber data Traffic data Content data ? law enforcement is interested in all 3 categories

    9. Subscriber data Access to customer name, address and other identifiers without a warrant Modernization of Investigative Techniques Act (Bill C-416) stalled

    10. Traffic Data Simplified process for acquisition (similar to process for Dialed Number Recorders) preservation orders

    11. Content data Continued judicial authorization Risk of Increased Access due to increased access to other categories will increase access to content data Bill C-416 advocates obligation for Telecoms to increase intercept capability

    12. Legal Mechanisms Shaping Info Sharing PIPEDA dominant statutory regime Discretionary Authority? Charter – the agent of the state test (Weir)

    13. Formal and Informal Sharing Practices Terms of Service and AUPs create varying expectations about when ISP will disclose information Emerging Practice for Child Pornography Cases – Formal/Informal

    14. Gaps and Controversies Legal Uncertainty Overlapping statutory regimes No formal decision from Privacy Commissioner lack of authoritative judicial treatment eg reasonable expectation of Privacy for new communication forms interpretation of s. 7(3) – Do telecoms, indeed, have a discretionary authority? which legal regime best applies to computer monitoring? Search and seizure Electronic surveillance Result: broad scope for telecoms to strike balance between privacy and law enforcement Controversy of Law Reform Agenda Industry concern ? Who will bear the cost? OPC and Privacy advocates believe current law provides sufficient access Constitutional implications?

    15. Recommendations Clarification should be given to the discretionary authority of private entities to disclose information under s. 7(3) of PIPEDA Section 7(3) (c.1) should remain discretionary, and not be amended to make disclosure to law enforcement mandatory. Consideration should be given to allowing police to request information in the absence of a warrant only pursuant to tailored legislative provisions, namely only if the crime being investigated is of a serious nature, the crime is of such a nature that inability of the state to access the information will foreclose the investigation and the information is of a sort for which the privacy interest of the individual is relatively low.

    16. Retail Industry (Tamir Israel) Overview of Retail Industry There is currently an equilibrium between privacy and security interests in the retail sector. This equilibrium is unstable and has few safeguards preserving it.

    17. Information Collected by the Retail Industry Retailers cover a broad range of personal information. This information is sent with consent to data brokers for analysis. Retailers retain control of the information, restricting the activity of data brokers Forthcoming technological developments will encourage retailers to collect greater quantities of information and store it in more accessible form.

    18. Legal Regime Governing Information Handling PIPEDA: PIPEDA permits secondary uses of information only with consent. Retailers prevented from selling information to data brokers as acquiring requisite consent would alienate consumers. Data brokers are unable to gain control over large amounts of data and organize it in accessible ways. There are no explicit safeguards preventing extensive use of such information by law enforcement.

    19. Information of Interest to Law Enforcement The type of information retailers possess is sensitive and very personal in nature. It can include: age, gender, religious affiliation, hobbies, reading preferences, and travel arrangements. This type of information prompts predictive investigations and random virtue testing. FBI System To Assess Risk (STAR) Most current information sharing emerges from individual investigations

    20. Legal Mechanisms Shaping Info Sharing PIPEDA Charter

    21. PIPEDA s. 7 (3): For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is: (c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;   (c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that   it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs, the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or the disclosure is requested for the purpose of administering any law of Canada or a province; Allows for information sharing without a warrant. Treated by many retailers as condoning information sharing with law enforcement.

    22. Charter Information will often be used at investigative phase The individual will in many cases be unaware their privacy has been interfered with Information will often not make part of formal legal case and effectively avoid Charter scrutiny Otherwise such information could only be acquired from an individual with a warrant or by consent.

    23. Formal and Informal Sharing Practices Information sharing with law enforcement occurs primarily on an informal basis The permissive stance taken by PIPEDA leaves it to individual retailers to decide whether or not to comply with requests Retailers take this as encouragement to comply with information requests. Some formalization would be beneficial. Warrants Not PAXIS

    24. Gaps and Controversies Given the permissive stance PIPEDA takes, customers cannot predict if their information will be shared with law enforcement or not. While customers retain an expectation of privacy in information, it can be acquired by law enforcement without a warrant or consent.

    25. Recommendations Customers should be informed when the information that they disclose to their retailer may be disclosed to public investigators, perhaps through the inclusion of this practice in the retailer’s privacy policy. The Privacy Commissioner should provide greater guidance to retailers regarding voluntary information sharing with law enforcement and national security agencies. Given the likelihood of increased information sharing between public investigators and retailers, there should be clarification of the extent to which collaboration is permissible and desirable and under what circumstances it should take place. It may be appropriate to place certain types of personal information such as reading preferences or hobbies out of the bounds of non-consensual, warrantless disclosure. Legislation compelling retailers to contribute personal information of consumers to a database similar to the Canada Border Services Agency’s PAXIS database should be avoided.

    26. Banking Industry (Ali Mian) Overview of Banking Industry The Canadian banking industry is one of the most highly regulated industries in Canada

    27. Information Collected by the Banking Industry Collected to provide products and services: the client’s name, address, e-mail address, telephone number, SIN, birth date, employment, annual income, credit history, transaction history, and health information. Banks also generally reserve the right to collect personal information on clients that is publicly available. Most banks also reserve the right to record and retain the content of all client telephone discussions with its representatives. Similarly, most banks reserve the right to collect and retain information relating to the use of its online services, namely the Internet Protocol (IP) address used by the client and the web pages he or she visits within the bank’s website.

    28. Legal Regime Governing Collection The industry is governed generally by the Bank Act as well as the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and PIPEDA

    29. Information of Interest to Law Enforcement The most sought after information from a bank is obviously financial information. Financial information is that of an identifiable client and includes bank account balances, bank account activity, payment history and credit history.

    30. Legal Mechanisms Shaping Information Sharing s. 8 Charter jurisprudence PIPEDA PCMLTFA

    31. Section 8 Charter Courts have long held that clients have a reasonable expectation of privacy in their bank records. However, not all information held by banks will constitute bank records for purposes of Charter protection. For instance, the following are not protected as no reasonable expectation of privacy exists in the information: ‘Tombstone information’ in the form of the name(s) of an account holder and its signatory authority A client’s signature The existence of banking activity, such as a cheque deposit into a particular account, without client identification

    32. PIPEDA The Privacy Commissioner of Canada has rarely discussed the law enforcement exception in the banking context. Where it has, discussion has been about banks’ internal security rather than external law enforcement or national security services. Although there are many Privacy Commissioner findings on the legality of banks’ personal information handling practices, several issues remain to be resolved: the extent to which PIPEDA limits the collection of financial information when banks are giving clients investment advice or limits the collection of health information when banks are providing insurance products. whether banks can share illegally collected information with law enforcement and national security officials. retention of illegally collected personal information.

    33. PCMLTFA The PCMLTFA requires the reporting to government of such things as large transactions, suspicious activities and terrorist property. Therefore banks also currently keep a record of the party names, date, time, amount, currency, and method of all transactions.

    34. Formal and Informal Sharing Practices Formal Personal Information Sharing Police will deliver court-issued documents (warrants, subpoenas, and court orders) to bank branches or bank headquarters, depending on each bank’s policy. Banks will record all requests for bank records received in the form of court-issued documents.

    35. Informal Sharing Practices a) Requests for bank records pursuant to some ‘other’ legal authority Statutory powers- i.e. BIA Common law investigative powers b) Proactive Release of Bank Records – i.e. FINTRAC

    36. Gaps and Controversies There are few laws that limit the amount of information a bank can retain on its clients. Laws presently do not require banks to document informal police requests for bank records. There is a lack of transparency in the types of circumstances in which banks proactively disclose information to police. The “reasonable ground to suspect” standard that FINTRAC uses to disclose personal information to the police for those suspected of criminal activity may be unconstitutional. Again, on the issue of the appropriate standard to be applied to disclosure of bank records to police during criminal investigations, there are no laws which regulate Canadian police when they obtain Canadian bank records from foreign entities on a lower standard than credibility based probability.

    37. Recommendations Recommendation 1: Banks should provide clear guidelines to clients on what types of personal information can and must be collected for services such as investment advice. Recommendation 2: All banks should keep track of the nature and extent of informal police requests for bank records, especially the authority under which these records are being sought, as well as the circumstances in which the records are disclosed. Recommendation 3: An independent and publicly accountable authority, such as the Office of the Privacy Commissioner of Canada, should be tasked with assessing the legality of informal police requests for bank records which banks document.

    38. Recommendations Recommendation 4: Parliament should clarify PIPEDA terms such as ”lawful authority” and “national security threat” by providing examples of when personal information such as bank records can be disclosed without judicial authorization. Recommendation 5: The Government of Canada or the Privacy Commissioner should bring a reference to the Supreme Court of Canada to inquire whether the standard of ‘reasonable suspicion’ can ever be justified to disclose personal information, such as bank records, to police in a criminal context.

    39. Airline Industry (Michelle Yau) Overview of Airline Industry Information sharing in this industry currently a “hot topic” A lot of potential for breaches of privacy or worse

    40. Information Collected by Airline Industry Every time a passenger purchases a ticket, advance passenger information (API) and passenger name record (PNR) information is collected by airlines A PNR can reveal many intimate details with whom, for how long, and at whose expense someone travels affiliations with organizations religious practices

    41. Airline Privacy Policies Airline privacy policies are vague may be liable to collect/provide “any other personal information… as required by [a] government authority.” Do not mention specific government agencies Do not mention purposes for which personal information may be used or further disclosed Travelers not told at time of collection that their info may be disclosed for national security or law enforcement purposes

    42. Legal Regime Governing Information Sharing Aeronautics Act Immigration and Refugee Protection Act (IRPA) and IRP Regulations Protection of Passenger Information Regulations, also created under IRPA Customs Act

    43. Aeronautics Act Requires disclosure of 34 items of information on request to: Department of Transport RCMP CSIS Also allows these agencies to share collected info with each other and to match collected info with other info Allows these agencies to share info collected with various entities: Canadian Air Transport Security Authority (CATSA) air carriers peace officers, aircraft protective officers

    44. IRPA and IRP Regulations Requires airlines to provide documents, written information, and access to reservation systems upon request to officers of Citizenship and Immigration Canada The Protection of Passenger Information Regulations, also created under IRPA, allows Canada Border Services Agency (CBSA) to retain API/PNR info and to disclose it to any Canadian government department if a CBSA official determines that the info relates to terrorism/transnational crimes

    45. Customs Act Allows government officials to provide access to customs information to “prescribed persons or classes of persons, in prescribed circumstances for prescribed purposes, solely for those purposes”

    46. Information of Interest to Law Enforcement Examples: Itinerary/gaps in itinerary Who paid for ticket/method of payment Seat requests Travel document information (type, number, country of issuance)

    47. Formal and Informal Sharing Practices Formal Officer presents request in writing or by other means Airline verifies officer’s identity, confirms active investigation, confirms court order, warrant or legislative provision authorizing collection of the information by the officer Airline discloses information Continuous data streaming of API/PNR info on all passengers entering Canada Informal Not much known Some anecdotal evidence that front line staff share info inappropriately

    48. Gaps and Controversies Various legislation requiring disclosure on request without conditions makes it difficult for airlines to protect their customers’ privacy They also give government agencies too much leeway to share info amongst each other and to use the info for a variety of purposes Some airline sharing practices such as continuous data streaming create danger of mass violations of privacy without accountability

    49. Gaps and Controversies The Passenger Protect Program, which finds its legislative basis in the Aeronautics Act and the Aeronautics Act Identity Screening Regulations, does not provide adequate safeguards false listing and false matching no adequate mechanisms of redress Little direct evidence that privacy violations are occurring on a regular basis However current legislative regime and info sharing practices create real danger of such violations Thus it is important that the legislation be amended, and that airlines and government agencies adopt new practices safeguarding privacy

    50. Recommendations Legislation should be amended to specify conditions that must be met before an officer can compel an airline to disclose personal information of customers. Warrants, court orders, or at least some conditions The Customs Act provisions should be made more specific to minimize threat to privacy posed by PAXIS database. Continuous data streaming should not be the norm. Facilitates fishing Safeguards should be put in place to ensure the accuracy and minimize imprecision of the Passenger Protect Program. Clear listing criteria, address/phone number should be required to confirm match Airlines should adopt policies to discourage informal information sharing between airline staff and government. Minimize contact between officers and front line staff Requests must be in writing

    51. Summary of Concerns (Andrea Slane) Recurring concerns include: Lack of clarity regarding the interpretation of s. 7(3) of Personal Information Protection and Electronic Documents Act; The impact of technological development on the balance of relevant interests; Lack of transparency regarding informal information sharing, and A tendency towards collection of increasing amounts of personal information identified in some of the industries.

    52. Summary of Charter Concerns Departure from the principal of judicial authorization in cases of information sharing without warrants, subpoenas or court orders; Lack of certainty regarding whether there is a reasonable expectation of privacy in various contexts; Constitutional sufficiency of the standard for disclosure where information is obtained notwithstanding a lack of reasonable probable grounds to believe that a crime has been committed. This last concern is particularly pressing where disclosure of information to national security agencies had been made mandatory.

    53. Summary of Recommendations Generally respond to the concerns: Clarify s. 7(3) of PIPEDA, especially section 7(3)(c.1), including the term “lawful authority”; Promote transparency and accountability regarding the extent and nature of informal information sharing; Seek judicial guidance on limits on information sharing without judicial authorization. In the meantime, OPC to provide guidelines. Suggested limits might balance the seriousness of the crime being investigated, whether the nature of the crime is such that the inability of the state to access the information will foreclose the investigation, and whether the information is of a sort for which the privacy interest of the individual is relatively low; Seek judicial guidance on sufficiency of the standard for disclosure where information is obtained without reasonable probable grounds, especially where disclosure of information to national security agencies had been made mandatory.

    54. http://www.innovationlaw.org/ projects/privacy.htm

More Related