Good morning. My name is Howard Bohan. I'm vice-president of operations and customer experience for the Greater Toronto Airports Authority. I'm also here on behalf of the Canadian Airports Council. My colleagues are Toby Lennox, vice-president of corporate affairs and communications, and Normand Boivin, vice-president, airport operations and aviation development with Aéroports de Montréal.
Thank you for the opportunity to appear before you today to provide airports' perspective on aviation security. We also appreciate the time that the committee is taking to examine this critical issue. It is our view that an open dialogue on aviation security with key industry partners will help to produce an even more efficient and effective aviation security system. We will be pleased to answer any questions that the committee may have, both at this session and at any member's convenience.
The Canadian Airports Council was formed in 1992 as the federal government devolved control of airports to local private non-share corporations. Since that time, the CAC has evolved into the national representative for airports on a wide range of significant issues and concerns.
Canada's airports are engines for economic development in the communities they serve and are one of their most important elements of local infrastructure.
The CAC's membership represents more than 200 Canadian airports, including all of the national airports system airports and most passenger services in every province and territory.
Together, CAC members handle virtually all of the nation's cargo and international passenger traffic and 95% of the domestic passenger traffic. They create well in excess of $45 billion in economic activity in the communities they serve, and more than 200,000 jobs are directly associated with CAC member airports, generating a payroll of more than $8 billion annually.
Mr. Chairman, the airport community understands and supports the importance of aviation security. The safety and security of our passengers and air carriers is paramount. It is our first concern in operating the airports and informs everything we do. There is, in our view, a direct link between stable, dependable airport security and the health of the Canadian air transportation system.
It is very clear that attacks on aviation, even those not originating in or directed at Canada, have an impact on people's willingness to travel by air. Canada is a vast nation, where communities are linked to each other and to the wider world by our transportation system. Airports are mindful that the security of that transportation system is crucial to our economic and national well-being.
The thankfully failed attack of December 25 served as a serious reminder. We need to continually re-examine the current air security system to ensure that it adequately addresses risks and vulnerabilities, and that it is playing that foundational role in the economic success of Canada.
We therefore enthusiastically welcome the decision of this committee to conduct the current study and the decision of the Government of Canada to engage in a comprehensive national security review. It is entirely appropriate that we engage in this review, and we look forward to providing whatever assistance is necessary.
It is important to recognize that any discussion of aviation security should not simply examine and unpack what happened on December 25. Rather, the discussion should look forward to anticipate future threats in light of the significance of the economic importance of aviation security.
December 25 reminded us that the threat is very real, but also that we can no longer simply balance security with customer service. It is no longer a trade-off. The singular challenge we face is that we as an industry have to excel at both.
We must work together to find better, more efficient ways of identifying, assessing, and mitigating risk holistically, with a new appreciation for the impact on business and industry sustainability.
In achieving this lofty goal, we ask that any review consider the vital role of the airport operators. They are the only ones who can connect all the dots through recognition of industry/business interdependencies and associated impacts of security-related interruptions.
Unlike particular agencies whose mandates are necessarily limited, it is only the airport operators who are able to see the entire airport as a system. As a result, we are able to identify and address the various challenges of implementing a fully integrated and holistic security system, which starts at the perimeter of the airport and goes through to the aircraft seat.
The events of December 25 placed a tremendous strain on the ability of the air transportation system to function. The implementation of measures in one area resulted in unintended consequences in another, simply because the airport operator was not able to coordinate the various activities. It is also critical that any review recognize the very real distinctions between the size and roles of the various airports in Canada. It is essential that airports be engaged, whether they are regional airports or gateway airports. The question is one of “scalability” and taking advantage of the opportunities that exist in each type of airport. Smaller airports simply do not have the complexities of the larger ones, but their smaller, more communal character can serve to enhance security in ways that are not possible at gateway airports such as Montreal, Toronto and Vancouver.
Systems should be flexible enough to deliver security in a completely different manner, depending on a number of factors, including available resources and levels of risk. We recognize that it will not be easy, but we feel that the issue of “scalability” should be viewed as an opportunity, not a challenge.
If there is one impression that we would want to leave with the committee today, it is that airports recognize the importance of airport security, which is a top priority at all airports across the country. As well, as partners in the aviation industry, we must work together to create an integrated system that anticipates threats of the future and offer a customer experience that will ensure that people choose to fly.
Should there be an incident similar to the event of December 25 at one of our airports, we understand that the impact could be immediate and devastating. Clearly, we are motivated to make sure that such an event never happens again. Again, I stress on behalf of the Canadian Airports Council that the safety and security of our passengers and air carriers is paramount. We are committed to working with all stakeholders, including the federal government and our various security agencies, to ensure that the safety and security of Canada's aviation system is world-class.
I would like to thank you for having invited me. My name is Nathalie Des Rosiers, and I am here on behalf of the Canadian Civil Liberties Association. The first part of my presentation will be in French, and the second in English.
The Canadian Civil Liberties Association is a non-profit organization that is recognized for its work on issues related to civil liberties in Canada. The organization was founded in 1964, and its expertise has been recognized both by the courts and House of Commons.
In our view, four security models are the subject of the current debate on airport security. The first, relatively new model is based on what I would call "profiling", which is an Israeli model that makes use of behavioural profiling techniques in order to subject certain types of people to more in-depth investigations. The profiling model imposes a greater burden on some passengers and less on others. We suppose that this type of regime gives preferential treatment to some in order to avoid long line-ups. This first model identifies certain passengers and places them in different security categories.
The second model is what I would call the "technological" security model, which relies on increasingly sophisticated detection techniques that apply to all passengers in order to ensure the highest level of security. The recent investment in body scanners, following the events of last December, would fall into this category.
The third model relies more on random testing, on the unpredictability of search methods and implementation, which may prevent potential terrorists from figuring out the system and getting around it.
The fourth model is more dependent on intelligence services in order to detect terrorist networks and prevent their members from entering airports and boarding planes. Our association is particularly concerned with Canada's passenger protection program. I will come back to that later.
My presentation will look at these four systems and outline what are the concerns of a civil libertarian with each one of them, and what are some of the recommendations that you should look at, whether you choose any one of them. We suspect that probably we'll be in a mode where there will be different visions that may be applied to different airports, but certainly these visions are not mutually exclusive. In any event, each system requires that civil liberty concerns be addressed.
On the pros and cons of the profiling model, the first model, I think many people are skeptical about the idea of adopting the Israeli model, pointing out that the level and types of threats differ between Canada and Israel. According to them, threats against the Israeli airports are more frequent, at a type of higher level, and focus on one particular political situation, whereas Canada may have a lower level of threat but certainly a more diffuse type of threat.
Extremists will vary, and I think I join my colleagues here in thinking that the designation of the airport security should be made not with one type of terrorist in mind, but in recognizing that our history has included also the Air India disaster and other internal political conflicts. I think we should be careful, as we design the model, to assume that the threat of terrorism is just like the ones affecting other countries and, more importantly, that it will remain the same.
With each new wave of immigration, one may imagine that new conflicts may transform themselves and radicalize conflicts leading to terrorism. My point is simply that we ought not to design the system with only September 11 or December 25 in mind.
There are many objections to profiling, behavioural or other. In the Israeli model that has been presented to us, it invites workers, after training, to go with their hunches a bit and to watch all travellers, to spot the people who would present traits of edginess, nervousness, and act on these hunches to interview and inspect more fully the travellers so identified.
In our view, this certainly has the potential for engaging in racial profiling of the worst kind and engaging many false positives. This proposal has the potential of disrupting always the same kinds of people: the young Arabic-looking man or the people with a fear of flying or people with mental illness, the people who display some awkwardness in airports.
Profiling by country, which is another aspect that comes out in this, is equally as reprehensible, if not more. The image of a young Canadian soccer team arriving at the airport and being split into whether people are indeed born in Canada or born elsewhere is unacceptable, I think, in our imagery. It is indeed also against common sense, I think, to fail to recognize that we need community engagement to identify potential terrorists and not to marginalize them. So profiling by country of origin and country of destination seems to be counterproductive.
In our view, other preferable alternatives exist. I will get to them in a minute. But if you are going to consider profiling in any way, we urge you to do the following.
The model must be vetted by the Canadian Human Rights Commission. It must ensure against the possibility that racial profiling will be done. It must be constantly evaluated for its impact on travellers, particularly with respect to race, age, and religion.
It must provide--and I will come back to this a couple of times in my presentation--for some compensation for the travellers who, because of having been wrongly identified, suffer inconvenience or miss their flights or suffer other serious inconveniences. In my view, we have to start thinking that this is like a vaccination. If we're going to display a model where some people will be identified for the benefit of all, then we should ensure that they are compensated and that they don't have to spend years of fighting to get some recognition for what they have suffered.
The profiling model is also applied in the positive sense, with the possibility of safe travellers having special passes to forego all screening or to minimize screening. Again, this may be worrisome, I assume, because we would expect that savvy future terrorists may be able to acquire the special passes.
Just to summarize, our concern on the profiling regime being put forward is that it may lead to racial profiling, whether they admit it or not, and it should be evaluated clearly on that basis. We should not skirt our responsibility to look at that.
The technological model applies universally and does not have the potential drawbacks that I just explained. However, it raises three types of issues.
First, as we've discussed several times, are the privacy concerns and the risks of what I would describe as malfunction and malfeasance.
Any time you have a technology, there is the risk that it will not function properly. Therefore, with the body scanners, the concern that the CCLA has expressed several times is that even if the images are supposed to disappear quickly, there is indeed a risk that they will be circulated.
There's also the risk of malfeasance. Someone watching famous people—some of you may be coming to the airport—might take the image and make some money from it.
There is a risk for privacy when we invest in technology, particularly when it's a technology that is more and more invasive.
I think there is a great sense that there are false positives; the last time I appeared, we mentioned the Kelowna experience. When we looked at the Kelowna report, in our view it showed a really high degree of false positives. It could be with training that this will decrease. It was 68% for false positives, according to the report. It seemed to us that this was a pretty high level. Now, maybe with training, this will be reduced. Nevertheless, false positives, again, are not an efficient way of doing security. This may also lead to a false sense of comfort in the travelling public.
In a way, it's an expensive system, because there's no end in sight. There's an exponential growth of security apparatus that could be invented. At some point, I think, we have to arrive at the point where we decide whether the marginal costs are sufficient to warrant it, both the cost to privacy and the cost to the travelling public.
I think if you are going to go this way and continue to recommend further involvement and investment in privacy-invasive technology, it is important that the privacy commissioners continue to be involved and that the safeguards to protect privacy continue to be in place. In our experience with body scanners in other airports outside of Canada, after a number of years the possibility of choice is no longer there. It becomes a matter of routine and the initial safeguards are forgotten. So if you're going to go this way, make sure they continue to be evaluated.
I have one minute left. On the third model, randomness, in our view, we think that constantly varying the randomness of the testing may defuse terrorist action and so on.
I want to finish on the pros and cons of the intelligence model and simply refer you to our previous submissions on passenger protection problems. I urge you to adopt a legislative framework for this. In our view, the passenger protection program as it now exists is unconstitutional. It is a violation of the right to mobility and liberty and it is not prescribed by law. It is not prescribed by a statute.
I think it is the responsibility of Parliament to enact a passenger program, and if they decide to do so, it must be a no-fly list that is bound by the rule of law and does provide for some procedural safeguards. Indeed, we now have some experience in designing programs where you need to have special advocates. Certainly, again, my plea would be that it is important that this not be left simply as an administrative program, but that it be scrutinized by Parliament and established through this.
It does, but unfortunately I've heard it before, Mr. Bohan. I guess I'm expressing the same frustration that everybody who recognized me this morning wanted to burden me with. I told them I was coming to a committee, and here you are, so I wanted to discharge some of my responsibility.
I don't think the public is convinced, and neither am I, because you're talking about a management paradigm that surely has to be improved. I know that you don't have the responsibility and neither do any of your client airports. But CATSA starts at the screen; it doesn't go beyond the airport boundaries. So there's something in the management structure that's a problem.
I only have another minute, but if you'll allow me, I'd like to go to Madame Des Rosiers, because what you said really has something to do with what she said earlier on, and that is that some of these surges--to use your word--can be prompted by people who have ambitions for resolving a problem elsewhere.
A few weeks ago, we heard about the Khalistani movement in Canada actually threatening some members of Parliament. One can imagine that if there is a serious approach by CATSA, there might have been a surge on issues, especially with planes taking off and going elsewhere.
A similar situation happened not that long ago, in 2006, when CSIS, the RCMP, and government officials examined some 14,000 people who were leaving the war zone of southern Lebanon. There were only 11,000 registered, but 4,000 non-registered permanent residents or non-Canadian citizens found themselves on planes and boats coming back to Canada. Now, I think a logical person would ask if 3,000 people weren't registered, what kind of pre-screening happened to integrate those individuals into a Canadian environment knowing that might exacerbate a problem elsewhere?
I don't know, Madame Des Rosiers. I know what the government is going to say all the time: that you make a great case, but security trumps human rights, privacy rights, and any system you want to put in place. That's what they'll say.
Thank you very much for attending today.
One thing we have heard on this in the last several years is that the security system is only as good as the weakest link. The entire system depends on the weakest link, so whether it be an airport in Yellowknife or an airport in Toronto, the situation is such that security should be kept at a vigilant time....
I would also agree with Ms. Des Rosiers. I apologize for my français. All of your comments I think were very good, and there are some concerns that the government shares as well, but I would say that I don't necessarily agree with your analysis that we are currently in violation of the charter based on trusted traveller and passenger protect. And even if we are, I think it's a reasonable infringement given what we face today under the charter and also the Constitution.
Since I agree with so much of your presentation, I would like to zero in with our other guests today. I know that 200 Canadian airports, 95% of domestic passengers...in no small way are we all impressed with what you bring to our economy and our GDP as airports across this country. We recognize that fully.
But what we want to do today is think about what could happen to the productivity of the country if we could make that system 1% more efficient, or even 10% more efficient, while maintaining the same security and vigilance. That's what I want to concentrate on in the next few minutes. I'd like your input and some thinking outside of the box.
First of all, we're winding up most of our study here and we would like to have some practical application of this. If you have any suggestions on who we could listen to, such as queueing experts—I think we are possibly having a queueing expert in the near future—but also on that low-hanging fruit that we can implement to make our system more productive and more efficient. I would look forward to your comments on that.
Keeping that in mind, I want to say—and I'm not long on speeches, at least most of the time—that in Israel 50% of their citizens are on a trusted traveller type of pass. That's what we heard evidence on. We are in the low-digit percentiles, if that, in Canada and the United States, and I think that is one way that we can certainly move forward: a trusted traveller type of scenario.
I would like to hear from the three of you on what you see as the low-hanging fruit that we can reach out for and grab and recommend to the government in the near future to make your system more productive and more efficient, and, in essence, to make a much stronger economic future for all of us.
Thank you, Mr. Chairman.
My name is Chantal Bernier. I am Assistant Privacy Commissioner for the Privacy Act. Today I am accompanied by Carman Baggaley, principal analyst in our office, who has a vast experience in the subject under discussion.
Today I would like to talk about aviation security and share with you the approach of the Office of the Privacy Commissioner.
What I would like to do, then, is address privacy in the context of aviation security, explain to you our approach, and apply it specifically to the passenger protect program as well as the secure flight program. While I do not intend to include in my presentation the issue of body scanners, I will be happy to answer any questions in that regard.
Let me start with this premise: privacy and security do not have to be at odds. In fact, they must be integrated. And they converge. They converge in this fashion: privacy commands that we collect as little information as possible, in a minimal approach, and as well in the effectiveness of security, in the sense that its effectiveness rests upon collecting only the information that is relevant.
The Canadian Charter of Rights and Freedoms and the Privacy Act, as well as the Personal Information Protection and Electronic Documents Act, together with the case law that interprets them, provide the basis for integrating privacy and security. It may be summarized in the following four principles.
The first one is that the right to privacy is a fundamental right that cannot be infringed upon, unless it is demonstrably necessary for the public good. It follows, then, that the collection of personal information can only occur when it is proven necessary, and it must be proportionate to that necessity. Third, that necessity must be assessed on an ongoing basis by verifying that the collection of personal information is indeed effective and necessary in relation to the identified necessity. Finally, it must also be demonstrated that there are no less privacy-intrusive measures available to reach the same goal.
When the collection and use of personal information are justified under human rights law, then privacy protection must be assured by strict management of personal information according to the rules of personal data protection. We have audited the passenger protect program from this perspective, and I will now turn to that.
Our office has taken an active interest in the Passenger Protect Program since its inception. Most recently, in the fall of 2009, we issued an audit report on the passenger protect program and its specified persons list, commonly called the “no-fly list”.
Our audit focused on the issue of whether Transport Canada has adequate measures in place to protect the personal information within its control. We found that these measures were generally adequate; however, we made recommendations to improve the privacy safeguards of the program. In particular, we recommended that the Transport Canada official who is designated to add or remove names from the list be provided with more information before a final decision is made.
Second, we recommended that Transport Canada strengthen the technological information security safeguards to protect the list.
Third, we recommended that Transport Canada improve its oversight of air carriers to ensure they protect the information on the list. All these recommendations are being or have been implemented. However, we remain concerned by the difficulty of ensuring that foreign carriers are not disclosing information on the list to their government or other parties. This perspective ensures that we both respect the right to privacy in analyzing security measures and that we duly take into account the security needs that must be met.
Let me move now to Secure Flight. We are hearing that there is a possibility of the implementation of the American secure flight program, including overflights. As a U.S. government program, this program is outside our jurisdiction. However, we have looked carefully at this program, including the privacy impact assessment prepared by the Department of Homeland Security, the DHS, because it will have an impact on Canadian travellers when fully implemented.
From a Canadian perspective, the most controversial aspect of Secure Flight is that it will apply to overflights; therefore, to flights to and from Canada that fly through American airspace without necessarily landing in the United States. This means, for example, that American authorities will have the ability to prevent someone in Canada from boarding a flight to Mexico.
We are not questioning the American government's authority to implement such a program, as international law is clear that a state's sovereignty extends to its airspace, but we do need to understand how it may affect Canadian travellers.
I would like to highlight some of the significant aspects of the program. First, air carriers will be required to provide DHS not only with basic identifying information, such as name, date of birth, and gender, but also, if available, with additional information such as passport information and itinerary information. Since this information will always be available for international flights from Canada flying over U.S. airspace, this information will always be provided in full.
Although the DHS privacy impact assessment is somewhat unclear on this, our understanding is that information collected can be disclosed and used for purposes other than aviation security, such as for law enforcement and immigration purposes.
Another aspect is that DHS will retain this information for as long as seven days after the journey has been completed, even for individuals who have raised no issues and do not match the list; for seven years for potential matches; and for 99 years for confirmed matches. A redress mechanism exists to resolve false positives, but it will take 50 to 60 days on average, thus, in effect, cancelling people's travel plans.
One important difference between the secure flight program and the Canadian program as it exists now is that the responsibility for checking passengers against the no-fly list will shift from airlines to DHS. This brings both privacy safeguards and privacy risks.
It is intended to lead to greater accuracy and, therefore, to fewer false positives, for example, for someone who has a similar name but is the wrong person. It eliminates the concerns that air carriers will use, misuse, or inappropriately disclose the list. As I mentioned earlier, this was one of our concerns in the audit of the PPP, the passenger protect program.
On the other hand, this also means that DHS will collect the personal information of Canadian travellers. This is not without risk. We understand that the Canadian government attempted to have Canadian overflights exempted from Secure Flight.
Unfortunately, the government was unsuccessful, except for flights between two Canadian cities. We also understand that the Government of Canada, by way of a diplomatic note, stated that protection of the privacy of Canadians was of “critical concern” in relation to Secure Flight.
We urge the Canadian government to continue to negotiate with American authorities to minimize the impact of Secure Flight and to take the following measures. I would like to make six specific recommendations.
Firstly, the Canadian government should negotiate the collection of minimal personal information, meaning strictly as necessary to ensure proper identification and therefore avoid false positives.
Secondly, question the retention periods of seven days for no match and seven years for potential matches to fulfill the commitment from the U.S. authorities themselves to collect personal information only as necessary for airline security.
Thirdly, negotiate robust and accessible redress mechanisms for Canadians to minimize the impact of an erroneous match.
Fourth, implement measures to support Canadians availing themselves of the DHS redress mechanisms.
Fifth, inform Canadians of the exact scope of personal information that will be collected by DHS on them under Secure Flight.
Finally, clarify Canadian law on the conditions of disclosure of personal information by airlines to DHS to ensure public debate and legal certainty.
In closing, Mr. Chairman, I want to emphasize the point I made earlier about the importance of integrating privacy into aviation security measures. If we can do so, both security and privacy will be enhanced.
I will be happy to take your questions. Thank you.
Ms. Bernier and Mr. Baggaley, thank you for your opening remarks. I have already had the pleasure of hearing this presentation or a similar one.
What I am still troubled by is the relationship between the Canadian government and the American government. As you already indicated, there is a geographical problem. We have to cooperate with the Americans because we use a right that belongs to them, that is the right to fly over their territory.
But the problems that I guess we still all have.... And I don't want to bash government on this because it's a necessity that our governments need to negotiate overflight, given that at least half of all flights in Canada emanate from southern Ontario, i.e. Pearson International. We will have, no matter what, a situation where approximately half the flights are going to go across American airspace even though they're not going to the States. So the negotiation is important.
But I'd like your impression about the secure flight program, especially since the Americans can ignore our Privacy Act, everything you stand for, and everything you have indicated simply by using the Patriot Act. Once they engage the Patriot Act, everything that you say and everything that your colleague Madame Des Rosiers said from a human rights perspective goes completely out the window.
It's wonderful to say that we need to integrate security concerns in the aviation industry or, as was said by some of the people from the airport authorities who preceded you here, that we need to integrate security as part of the customer service package that we provide.
But if the Americans are determined to use the Patriot Act to tell you to go fly a kite, rather than a plane, what do you propose?
Mr. Chair, I will be sharing my time with Ms. Brown.
First of all, thank you very much for your attendance today.
I want to let you know that there is another group of people out there, and I'm one of them. I'm from northern Alberta, so maybe that sets me aside a bit from normal Canadians. But I look at the passenger protect program over here and the trusted traveller program over here, and we are working from both ends to come to the middle. I don't want to talk about the passenger protect program; I want to talk about the trusted traveller program.
Why I say there are different people out there is that I travel a lot. I'm a “Super Elite” member on Air Canada. I fly back and forth to Fort McMurray. I've travelled the world. I like travelling. I'm totally prepared to let the U.S. or any government, any democracy, have any amount of information they want on me--just don't make me wait in line. That's my position.
I don't want to wait in line. I'm tired of lineups. I wait in lines all the time. I don't have to wait in line to get into this place. I don't have to go through any security to be here with all the cabinet ministers and all the MPs, but I have to wait in Ottawa for half an hour, and sometimes for an hour, as we heard from our friend Mr. Volpe, at Lester B. Pearson airport. It's a long time.
I want to talk very briefly about privileges and the right or the privilege--because we don't have a right to fly. We do have rights under the charter, but the right to fly is not one of them, if I can say this. I'm a lawyer by background, so I understand that the Supreme Court has said there's no right to drive. It's a privilege to drive, and that's why you have to get a licence, and that licence can be taken away at the whim of the state.
It's the same with flying. It's the same with going through our airports. There's no right to go through our airports and there's no right to fly, just like there's no right to go over American airspace. It's a privilege for Canadians to be able to fly our planes over American airspace, and it's a privilege for us to drive.
From my perspective, you can just take my information and keep it as long as you want, a hundred years if you want, because I'll be gone by then. I don't care as long as it's not a VISA number or my e-mail, because I don't want to be contacted either. Just take my information and let me go through.
What do you say to that?
Mr. Chair, I just need to address a comment that Mr. Volpe made earlier about the length of time for information that is collected. My great-grandmother was 104 and her sister was 110, so I think I have longevity on my side. I may be hit by a House of Commons bus this afternoon, but my information may be around for a long time too.
Hon. Joseph Volpe: All the more reason to eliminate it--
Mr. Brian Jean: Joe will throw himself in front of the bus.
Voices: Oh, oh!
Ms. Lois Brown: Ms. Bernier, thank you for the comments about the trusted traveller program. I'd like to pursue that just a little bit more if we may.
I think what we've heard in all of the presentations around this discussion of airport security is that we need to develop a seamless process. Not only is that important for a passenger's sense of well-being, which is so important, but it's also important for the productivity of our nation. All of that has to be taken into consideration.
My question comes in around other areas where information is being attracted by persons who are using it for ill, where people have already given their personal information on forums like Twitter and Facebook. I know you identify that there are technological threats.
When I have consensually given my information to NEXUS and I've made my application, I do not find that intrusive. What kind of information do you think is appropriate for us to be asking for? Do you have comments on that? What direction would you give the government on how we collect that and what we collect?