Net surveillance: divide and conquer
The push for new Internet surveillance capabilities dates back to 1999, when a diverse group of government departments and agencies began crafting proposals to institute new surveillance technologies within Canadian networks along with additional legal powers to access surveillance and subscriber information. The group, which included the Department of Justice, Industry Canada, Public Safety and Emergency Preparedness, the RCMP, CSIS, and the CSE, saw their work become reality with the Liberal government's introduction of the Modernization of Investigative Techniques Act (MITA) last fall.
The so-called "lawful access" bill died on the order paper, though not before critics dubbed it "awful access," for giving law-enforcement authorities new snooping powers without appropriate court oversight. However, given the Conservative government's emphasis on law and order, there was widespread speculation this spring that the legislation would be quickly reintroduced. Although that may still happen, as the weeks slip by the return of lawful access legislation no longer appears imminent.
Why the change of heart?
Internal government documents recently obtained under the Access to Information Act provide some insight into how officials view, and have managed, the initiative. It uncovers a clear recognition of the negative public reaction to the proposals, a divide-and-conquer strategy for managing that reaction, and lingering internal doubts about the effectiveness of Canadian privacy legislation to address Internet privacy threats.
The negative public reaction is no secret to anyone who has followed the issue through the media. Indeed, a Department of Justice memorandum drafted just after the last federal election acknowledges that "although the public generally responds positively to the idea of 'getting tough on crime', proposals to introduce new investigative tools raise concerns about the surveillance powers of the state and the public’s underlying anxiety is heightened by the media and statements of privacy and civil liberties advocates."
The memorandum continues by noting that "in the past, media coverage (albeit based on inaccurate and misleading interpretations) was highly critical and alarmist. Almost all stakeholders indicated generally that the lawful access proposals seemed to be moving ahead without the government having provided a convincing justification for the new measures."
With internal discussion focusing on public anxiety and critical media coverage, the issue may be well be viewed as a political liability that is best avoided by a minority government.
Should lawful access legislation be reintroduced, officials will be armed with detailed analysis of how stakeholder groups are likely to react. Ottawa has twice consulted the public on the matter - a broad consultation in 2002 and a more limited, by-invitation only consultation with selected stakeholders in 2005.
The Department of Justice commissioned a detailed analysis of the major stakeholder concerns and shifts in position between 2002 and 2005. That analysis, also released under the Access to Information Act, focuses specifically on the concerns of Canadian privacy commissioners and civil society groups.
The report identifies the key agenda items for these groups and includes a "Master Position List" that scores the relative importance of their concerns. For example, it notes a major shift toward focusing on accountability and oversight of Internet surveillance, with gradual acceptance of the surveillance itself. The report also emphasizes that the privacy of email and Internet use remains a key concern.
The report also sheds light into how the government has strategically sought to minimize stakeholder criticism. At least two proposals from 2002 became law in 2004 when they were quietly included in legislation designed to counter insider trading. The report notes that these changes had "low visibility" as few people realized that lawful access provisions were being implemented in this fashion.
Moreover, the decision to divide lawful access in two parts - the Modernization of Investigative Techniques Act and a Criminal Code reform package - had the effect of splitting opposition. The government enlisted Justice officials to consult with privacy and civil society groups on the Criminal Code reforms, while the telecommunications companies worked with Public Safety and Emergency Preparedness officials on MITA.
The report concludes that the approach reduced the likelihood that privacy and civil society communities would join forces with the telecommunications industry in opposing lawful access. Given that "industry also has much more lobbying power than privacy commissioners and civil society. . . [those groups] will need to work harder to influence matters in 2006 than in 2002."
With the government working to diminish the effectiveness of the privacy community, it is particularly disheartening to learn that officials also recognize that Canadian privacy legislation suffers from serious shortcomings. A Department of Justice memorandum candidly notes that "current privacy laws may not be sufficient to protect Canadians' personal information," acknowledging that "federal privacy legislation is not responsive to new technologies, including the Internet, biometrics, data matching and data mining, video and infrared surveillance, the decoding of the human genome, the need for protection of genetic information and the ability to store and manipulate large personal data banks."
Officials are open to reform, stating that "as the privacy and personal information of citizens and businesses is increasingly vulnerable in the online environment, substantive measures to protect personal information need to be considered." Potential solutions apparently considered by the Department of Justice include the establishment of a new Task Force on online privacy.
While a task force would be a step in the right direction, these government documents point to a simpler solution - rather than searching for ways to diminish the privacy community, officials should be actively working with them to identify reforms that protect both privacy and security.