540 likes | 694 Views
Industries Reviewed. Telecommunications: Aba StevensRetail: Tamir IsraelBanking: Ali MianAirlines: Michelle Yau. Telecommunications Industry (Aba Stevens). Overview of Telecommunications IndustryNearly universal reachGrowth concentrated in Internet and wireless serviceRegulation of PrivacyCR
E N D
1. Personal Information Protection in the Face of Crime and Terror: Information Sharing by Private Enterprises for National Security and Law Enforcement Purposes Centre for Innovation Law and Policy
March 2008
2. Industries Reviewed Telecommunications: Aba Stevens
Retail: Tamir Israel
Banking: Ali Mian
Airlines: Michelle Yau
3. Telecommunications Industry (Aba Stevens) Overview of Telecommunications Industry
Nearly universal reach
Growth concentrated in Internet and wireless service
Regulation of Privacy
CRTC under the Telecommunication Act
PIPEDA dominates
4. Information Collected by the Telecommunications Industry
2 Broad categories
Active information collection
Access to information that passes over the network
5. Active Information Collection General Principle: collection limited to that necessary for the provision of the service
May include
Name
E-mail address
Mailing address
Phone number
Record of complaints
Birth date
Financial information
Service and equipment
Also known as subscriber data
6. Access to Information Passing Over Network May Include
Data pertaining to transmission of communication (Traffic data)
Content of communication (Content data)
Often transient
Costs and technical demands are disincentives to storage
ISPs may store data due to
Failure of recipient to download
Disabling of account
Suspension of client’s account
7. Legal Regime Governing Collection PIPEDA (dominant statutory regime)
Contractual Undertakings of ISPs
Terms of Service require compliance with Acceptable Use Policies (AUP)
ISPs explicitly reserve right to monitor network and aspects of service to ensure compliance with acceptable use policies
Potentially affects reasonable expectation of privacy
Implications of Buhay
Limited recourse to Charter
Monitoring for compliance with AUP generally does not involve government
8. Information of Interest to Law Enforcement Convention on Cybercrime Categories of Investigatory Information
(from least to most intrusive of privacy)
Subscriber data
Traffic data
Content data
? law enforcement is interested in all 3 categories
9. Subscriber data Access to customer name, address and other identifiers without a warrant
Modernization of Investigative Techniques Act (Bill C-416) stalled
10. Traffic Data Simplified process for acquisition (similar to process for Dialed Number Recorders)
preservation orders
11. Content data Continued judicial authorization
Risk of Increased Access due to
increased access to other categories will increase access to content data
Bill C-416 advocates obligation for Telecoms to increase intercept capability
12. Legal Mechanisms Shaping Info Sharing PIPEDA dominant statutory regime
Discretionary Authority?
Charter – the agent of the state test (Weir)
13. Formal and Informal Sharing Practices Terms of Service and AUPs create varying expectations about when ISP will disclose information
Emerging Practice for Child Pornography Cases – Formal/Informal
14. Gaps and Controversies Legal Uncertainty
Overlapping statutory regimes
No formal decision from Privacy Commissioner
lack of authoritative judicial treatment
eg reasonable expectation of Privacy for new communication forms
interpretation of s. 7(3) – Do telecoms, indeed, have a discretionary authority?
which legal regime best applies to computer monitoring?
Search and seizure
Electronic surveillance
Result: broad scope for telecoms to strike balance between privacy and law enforcement
Controversy of Law Reform Agenda
Industry concern ? Who will bear the cost?
OPC and Privacy advocates believe current law provides sufficient access
Constitutional implications?
15. Recommendations Clarification should be given to the discretionary authority of private entities to disclose information under s. 7(3) of PIPEDA
Section 7(3) (c.1) should remain discretionary, and not be amended to make disclosure to law enforcement mandatory.
Consideration should be given to allowing police to request information in the absence of a warrant only pursuant to tailored legislative provisions, namely only if the crime being investigated is of a serious nature, the crime is of such a nature that inability of the state to access the information will foreclose the investigation and the information is of a sort for which the privacy interest of the individual is relatively low.
16. Retail Industry(Tamir Israel) Overview of Retail Industry
There is currently an equilibrium between privacy and security interests in the retail sector.
This equilibrium is unstable and has few safeguards preserving it.
17. Information Collected by the Retail Industry Retailers cover a broad range of personal information.
This information is sent with consent to data brokers for analysis.
Retailers retain control of the information, restricting the activity of data brokers
Forthcoming technological developments will encourage retailers to collect greater quantities of information and store it in more accessible form.
18. Legal Regime Governing Information Handling PIPEDA:
PIPEDA permits secondary uses of information only with consent.
Retailers prevented from selling information to data brokers as acquiring requisite consent would alienate consumers.
Data brokers are unable to gain control over large amounts of data and organize it in accessible ways.
There are no explicit safeguards preventing extensive use of such information by law enforcement.
19. Information of Interest to Law Enforcement The type of information retailers possess is sensitive and very personal in nature.
It can include: age, gender, religious affiliation, hobbies, reading preferences, and travel arrangements.
This type of information prompts predictive investigations and random virtue testing.
FBI System To Assess Risk (STAR)
Most current information sharing emerges from individual investigations
20. Legal Mechanisms Shaping Info Sharing PIPEDA
Charter
21. PIPEDA s. 7 (3): For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is:
(c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;
(c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that
it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs,
the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or
the disclosure is requested for the purpose of administering any law of Canada or a province;
Allows for information sharing without a warrant.
Treated by many retailers as condoning information sharing with law enforcement.
22. Charter Information will often be used at investigative phase
The individual will in many cases be unaware their privacy has been interfered with
Information will often not make part of formal legal case and effectively avoid Charter scrutiny
Otherwise such information could only be acquired from an individual with a warrant or by consent.
23. Formal and Informal Sharing Practices Information sharing with law enforcement occurs primarily on an informal basis
The permissive stance taken by PIPEDA leaves it to individual retailers to decide whether or not to comply with requests
Retailers take this as encouragement to comply with information requests.
Some formalization would be beneficial.
Warrants
Not PAXIS
24. Gaps and Controversies Given the permissive stance PIPEDA takes, customers cannot predict if their information will be shared with law enforcement or not.
While customers retain an expectation of privacy in information, it can be acquired by law enforcement without a warrant or consent.
25. Recommendations Customers should be informed when the information that they disclose to their retailer may be disclosed to public investigators, perhaps through the inclusion of this practice in the retailer’s privacy policy.
The Privacy Commissioner should provide greater guidance to retailers regarding voluntary information sharing with law enforcement and national security agencies. Given the likelihood of increased information sharing between public investigators and retailers, there should be clarification of the extent to which collaboration is permissible and desirable and under what circumstances it should take place. It may be appropriate to place certain types of personal information such as reading preferences or hobbies out of the bounds of non-consensual, warrantless disclosure.
Legislation compelling retailers to contribute personal information of consumers to a database similar to the Canada Border Services Agency’s PAXIS database should be avoided.
26. Banking Industry(Ali Mian) Overview of Banking Industry
The Canadian banking industry is one of the most highly regulated industries in Canada
27. Information Collected by the Banking Industry Collected to provide products and services:
the client’s name, address, e-mail address, telephone number, SIN, birth date, employment, annual income, credit history, transaction history, and health information.
Banks also generally reserve the right to collect personal information on clients that is publicly available. Most banks also reserve the right to record and retain the content of all client telephone discussions with its representatives. Similarly, most banks reserve the right to collect and retain information relating to the use of its online services, namely the Internet Protocol (IP) address used by the client and the web pages he or she visits within the bank’s website.
28. Legal Regime Governing Collection The industry is governed generally by the Bank Act as well as the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and PIPEDA
29. Information of Interest to Law Enforcement The most sought after information from a bank is obviously financial information. Financial information is that of an identifiable client and includes bank account balances, bank account activity, payment history and credit history.
30. Legal Mechanisms Shaping Information Sharing s. 8 Charter jurisprudence
PIPEDA
PCMLTFA
31. Section 8 Charter Courts have long held that clients have a reasonable expectation of privacy in their bank records.
However, not all information held by banks will constitute bank records for purposes of Charter protection. For instance, the following are not protected as no reasonable expectation of privacy exists in the information:
‘Tombstone information’ in the form of the name(s) of an account holder and its signatory authority
A client’s signature
The existence of banking activity, such as a cheque deposit into a particular account, without client identification
32. PIPEDA The Privacy Commissioner of Canada has rarely discussed the law enforcement exception in the banking context. Where it has, discussion has been about banks’ internal security rather than external law enforcement or national security services.
Although there are many Privacy Commissioner findings on the legality of banks’ personal information handling practices, several issues remain to be resolved:
the extent to which PIPEDA limits the collection of financial information when banks are giving clients investment advice or limits the collection of health information when banks are providing insurance products.
whether banks can share illegally collected information with law enforcement and national security officials.
retention of illegally collected personal information.
33. PCMLTFA The PCMLTFA requires the reporting to government of such things as large transactions, suspicious activities and terrorist property. Therefore banks also currently keep a record of the party names, date, time, amount, currency, and method of all transactions.
34. Formal and Informal Sharing Practices Formal Personal Information Sharing
Police will deliver court-issued documents (warrants, subpoenas, and court orders) to bank branches or bank headquarters, depending on each bank’s policy.
Banks will record all requests for bank records received in the form of court-issued documents.
35. Informal Sharing Practices a) Requests for bank records pursuant to some ‘other’ legal authority
Statutory powers- i.e. BIA
Common law investigative powers
b) Proactive Release of Bank Records – i.e. FINTRAC
36. Gaps and Controversies There are few laws that limit the amount of information a bank can retain on its clients.
Laws presently do not require banks to document informal police requests for bank records.
There is a lack of transparency in the types of circumstances in which banks proactively disclose information to police.
The “reasonable ground to suspect” standard that FINTRAC uses to disclose personal information to the police for those suspected of criminal activity may be unconstitutional.
Again, on the issue of the appropriate standard to be applied to disclosure of bank records to police during criminal investigations, there are no laws which regulate Canadian police when they obtain Canadian bank records from foreign entities on a lower standard than credibility based probability.
37. Recommendations Recommendation 1: Banks should provide clear guidelines to clients on what types of personal information can and must be collected for services such as investment advice.
Recommendation 2: All banks should keep track of the nature and extent of informal police requests for bank records, especially the authority under which these records are being sought, as well as the circumstances in which the records are disclosed.
Recommendation 3: An independent and publicly accountable authority, such as the Office of the Privacy Commissioner of Canada, should be tasked with assessing the legality of informal police requests for bank records which banks document.
38. Recommendations Recommendation 4: Parliament should clarify PIPEDA terms such as ”lawful authority” and “national security threat” by providing examples of when personal information such as bank records can be disclosed without judicial authorization.
Recommendation 5: The Government of Canada or the Privacy Commissioner should bring a reference to the Supreme Court of Canada to inquire whether the standard of ‘reasonable suspicion’ can ever be justified to disclose personal information, such as bank records, to police in a criminal context.
39. Airline Industry(Michelle Yau) Overview of Airline Industry
Information sharing in this industry currently a “hot topic”
A lot of potential for breaches of privacy or worse
40. Information Collected by Airline Industry Every time a passenger purchases a ticket, advance passenger information (API) and passenger name record (PNR) information is collected by airlines
A PNR can reveal many intimate details
with whom, for how long, and at whose expense someone travels
affiliations with organizations
religious practices
41. Airline Privacy Policies Airline privacy policies are vague
may be liable to collect/provide “any other personal information… as required by [a] government authority.”
Do not mention specific government agencies
Do not mention purposes for which personal information may be used or further disclosed
Travelers not told at time of collection that their info may be disclosed for national security or law enforcement purposes
42. Legal Regime Governing Information Sharing Aeronautics Act
Immigration and Refugee Protection Act (IRPA) and IRP Regulations
Protection of Passenger Information Regulations, also created under IRPA
Customs Act
43. Aeronautics Act Requires disclosure of 34 items of information on request to:
Department of Transport
RCMP
CSIS
Also allows these agencies to share collected info with each other and to match collected info with other info
Allows these agencies to share info collected with various entities:
Canadian Air Transport Security Authority (CATSA)
air carriers
peace officers, aircraft protective officers
44. IRPA and IRP Regulations Requires airlines to provide documents, written information, and access to reservation systems upon request to officers of Citizenship and Immigration Canada
The Protection of Passenger Information Regulations, also created under IRPA, allows Canada Border Services Agency (CBSA) to retain API/PNR info and to disclose it to any Canadian government department if a CBSA official determines that the info relates to terrorism/transnational crimes
45. Customs Act Allows government officials to provide access to customs information to “prescribed persons or classes of persons, in prescribed circumstances for prescribed purposes, solely for those purposes”
46. Information of Interest to Law Enforcement Examples:
Itinerary/gaps in itinerary
Who paid for ticket/method of payment
Seat requests
Travel document information (type, number, country of issuance)
47. Formal and Informal Sharing Practices Formal
Officer presents request in writing or by other means
Airline verifies officer’s identity, confirms active investigation, confirms court order, warrant or legislative provision authorizing collection of the information by the officer
Airline discloses information
Continuous data streaming of API/PNR info on all passengers entering Canada
Informal
Not much known
Some anecdotal evidence that front line staff share info inappropriately
48. Gaps and Controversies Various legislation requiring disclosure on request without conditions makes it difficult for airlines to protect their customers’ privacy
They also give government agencies too much leeway to share info amongst each other and to use the info for a variety of purposes
Some airline sharing practices such as continuous data streaming create danger of mass violations of privacy without accountability
49. Gaps and Controversies The Passenger Protect Program, which finds its legislative basis in the Aeronautics Act and the Aeronautics Act Identity Screening Regulations, does not provide adequate safeguards
false listing and false matching
no adequate mechanisms of redress
Little direct evidence that privacy violations are occurring on a regular basis
However current legislative regime and info sharing practices create real danger of such violations
Thus it is important that the legislation be amended, and that airlines and government agencies adopt new practices safeguarding privacy
50. Recommendations Legislation should be amended to specify conditions that must be met before an officer can compel an airline to disclose personal information of customers.
Warrants, court orders, or at least some conditions
The Customs Act provisions should be made more specific to minimize threat to privacy posed by PAXIS database.
Continuous data streaming should not be the norm.
Facilitates fishing
Safeguards should be put in place to ensure the accuracy and minimize imprecision of the Passenger Protect Program.
Clear listing criteria, address/phone number should be required to confirm match
Airlines should adopt policies to discourage informal information sharing between airline staff and government.
Minimize contact between officers and front line staff
Requests must be in writing
51. Summary of Concerns(Andrea Slane) Recurring concerns include:
Lack of clarity regarding the interpretation of s. 7(3) of Personal Information Protection and Electronic Documents Act;
The impact of technological development on the balance of relevant interests;
Lack of transparency regarding informal information sharing, and
A tendency towards collection of increasing amounts of personal information identified in some of the industries.
52. Summary of Charter Concerns Departure from the principal of judicial authorization in cases of information sharing without warrants, subpoenas or court orders;
Lack of certainty regarding whether there is a reasonable expectation of privacy in various contexts;
Constitutional sufficiency of the standard for disclosure where information is obtained notwithstanding a lack of reasonable probable grounds to believe that a crime has been committed. This last concern is particularly pressing where disclosure of information to national security agencies had been made mandatory.
53. Summary of Recommendations Generally respond to the concerns:
Clarify s. 7(3) of PIPEDA, especially section 7(3)(c.1), including the term “lawful authority”;
Promote transparency and accountability regarding the extent and nature of informal information sharing;
Seek judicial guidance on limits on information sharing without judicial authorization. In the meantime, OPC to provide guidelines. Suggested limits might balance the seriousness of the crime being investigated, whether the nature of the crime is such that the inability of the state to access the information will foreclose the investigation, and whether the information is of a sort for which the privacy interest of the individual is relatively low;
Seek judicial guidance on sufficiency of the standard for disclosure where information is obtained without reasonable probable grounds, especially where disclosure of information to national security agencies had been made mandatory.
54. http://www.innovationlaw.org/projects/privacy.htm