Good morning. I'm delighted to be with you again today and to appear with my colleague, Professor Giasson.
I am a professor of political science at the University of Victoria. I have been studying and publishing on privacy protection issues for around 30 years in Canada and internationally. In 2012, I co-wrote a report for the Office of the Privacy Commissioner on the use of personal data by Canadian political parties. Since then, I have been researching the nature and influence of data-driven elections in Canada and overseas, and I have been warning about the implications for privacy and other democratic values.
The current controversy that you are investigating raises a range of interrelated issues, and it is important to carefully distinguish them. There is the monopoly power of companies like Facebook in the platform economy, the harvesting of data on one's social network through third party applications, violations of campaign spending limitations, issues concerning the accountability of targeted political ads, cyber-threats to election integrity, the larger role of big data in our elections, and what I really want to talk about today, which is the role political parties play in data-driven elections and their relationship with our regime of privacy protection.
Cambridge Analytica and AggregateIQ are part of a larger voter analytics industry. There are many other companies, mainly American, that have taken advantage of more flexible privacy standards in the U.S. and the ability to process vast amounts of personal information from public and commercial sources, used to micro-target consumers in an increasingly granular manner.
There has been a lot of hype about the importance of big data in elections and recent scholarly work that sheds a skeptical light on the extent to which data analytics do indeed influence election outcomes. Nevertheless, the competitiveness of current elections continues to place enormous pressure on major political parties in most democracies to continue to use data analytics to gain any edge over their rivals. Thus, more data on voters are being captured, and those data are increasingly shared through a complicated and dynamic network of organizations involving some quite obscure companies that play important roles as intermediaries between the voters and their elected representatives.
This industry is not as extensive in Canada, but there is still a large variety of businesses that offer various services on polling, data analytics, software development, digital ad placement, social media outreach, and so on. We lack a comprehensive understanding of the role that personal data plays in the political process in Canada, and we lack an accurate picture of this industry. I'm going to let my colleague, Professor Giasson, speak more about this.
I have followed your hearings very carefully. The investigation is an important beginning, but it is only a beginning, and we need a lot more analysis. I would like to make three general points about policy development going forward.
My first point is the critical importance of bringing Canadian privacy law in line with the GDPR. The recent decision of Facebook to move the data on all its non-European users from Ireland to the United States is motivated in part by a desire to escape some of the more stringent rules inherent in the GDPR. To discourage this kind of jurisdiction shopping, it is critically important that Canada raise its privacy standards to make it more difficult for companies to engage in this kind of behaviour. Your February report is an excellent start.
Particularly critical for these issues about the processing of information on political opinions, which is defined as sensitive to data in the GDPR, is the need, first, to strengthen PIPEDA’s consent provisions; second, to implement provisions for algorithmic transparency, as you advise; third, to make privacy by design and default central legislative principles in PIPEDA; fourth, to strengthen the Privacy Commissioner’s audit and enforcement powers; and last, to clarify those categories of sensitive personal data, including those on political opinions.
My second point is that there is a pressing need to bring our political parties within Canada’s regime of privacy protection law. I have testified about this to you before. One of the keys to preventing the kinds of abuses we've seen in other countries is to establish some clearer and consistent rules on the kinds of data that political parties may use for campaigning purposes. We need to establish a level playing field that essentially prevents companies like Cambridge Analytica from engaging in the same practices in Canada that have been witnessed elsewhere.
We are one of the only advanced democratic countries where privacy protection law does not cover political parties. For the most part, they are not covered by PIPEDA. They are not government agencies. They are not covered by the Privacy Act. They are also largely and expressly exempt from the anti-spam legislation, as well as from some of the do-not-call list regulations administered through the CRTC. There are privacy and security rules within the Canada Elections Act, but these apply to the voters lists, not to other sources of personal information.
Thus, with respect to political parties, Canadians do not have the legal rights that they have with respect to both government agencies and commercial operations.
Moreover, whereas the Privacy Commissioner can investigate Facebook, he cannot investigate the practices of our political parties, so he cannot get the full picture in the way that the Information Commissioner in the U.K. can, and is, under her current investigation.
There are four legislative options with respect to regulating federal political parties: the Privacy Act, the Canada Elections Act, PIPEDA, and stand-alone legislation. There is a need for serious legal and constitutional analysis about the various legislative options, because each approach has its pros and cons. I could go into this in the Q and A, if you'd like.
However, it does appear to me that the status quo in this respect is untenable. First, there is going to be continuing publicity about the use of personal data in elections, which will only increase leading up to the federal election of 2019, particularly with respect to political micro-targeting on Facebook.
Second, it should be noted that political parties do have to comply with B.C.'s privacy law, the preferred Personal Information Protection Act. The commissioner in B.C. is currently investigating the practices of B.C.'s provincial parties. I believe, as do many, that federal political parties are also governed by this legislation to the extent that they are capturing information on voters in B.C. If federal parties have to comply with B.C.'s privacy legislation, which is consistent with PIPEDA, then there is no sensible reason why they should not extend those same good practices across the country.
Third, I do sense a growing recognition among parties that pursuing good privacy management practices is in their interests, as well as those of citizens.
Finally, therefore, my third point is that political parties should self-regulate as far as they can to improve their privacy policies and practices. Legislative change might take some time. In the meantime, though, there is much that parties can do to self-regulate and restore public confidence.
I have analyzed the privacy policies of federal and provincial political parties, and the commitments that have already been made. I've shared this paper with the committee, and I understand it's being translated.
There have been some improvements since our 2012 report, but they are still incomplete and, in my view, inadequate. None provide clear commitments against all 10 principles contained in the national privacy standard, which is at the heart of PIPEDA.
I don't see why all parties can't publicly endorse these principles and adhere to a common privacy code that comprehensively addresses the protections for all personal information under their control. It's not enough, but it would create a more level playing field. In 2013, the Chief Electoral Officer recommended that adherence to such a code be a condition for receiving the voters list. It's unlikely that one party would pursue such a course on its own, so leadership will be necessary, involving the CEO and the Privacy Commissioner.
In my view, in terms of what should change, there should be greater transparency on the sources of data, captured directly or indirectly, that enter parties' voter relationship management systems; a common commitment that parties do not and will not purchase commercial sources of personally identifiable information; an agreement on how social media platforms should, and should not, be used for electoral purposes, particularly with respect to automated bots; commitments to privacy accountability, including designated chief privacy officers, and better training of staff and volunteers on privacy and security; stronger commitments to provide rights of access and correction to individuals; better management and updating of internal do-not-call lists; a common commitment to provide unsubscribe options for email and text messages; better management of the access to party databases; and clearer policies about how to respond to data breaches.
None of this should be difficult or contentious, and I don't think it should be a party-political issue. Political parties have a responsibility to educate and mobilize the electorate, but there should also be an appropriate balance between their important interests and roles and the privacy rights of Canadians.
No organization likes data breaches—just ask Facebook. Just think of the ramifications of a major data breach for any political party in the course of an election campaign.
Thank you very much for your attention.
Thank you, Mr. Chair and members of the committee.
My name is Thierry Giasson. I am a full professor in the department of political science at Laval University. I am also the director of the Groupe de recherche en communication politique.
To start, I would like to thank you for your invitation to share with you the findings of some of my work on how political parties collect and use data from digital tools and media. I would like to recognize the importance of the study you began a few weeks ago further to the media reports about Cambridge Analytica and possible ramifications for Canadian citizens.
To avoid going over the same information that my colleague Colin Bennett will be sharing with you, I will limit my remarks to how political parties in Canada and Quebec currently collect and analyze digital data.
Many of you are of course familiar with these practices. However, as your proceedings are public, and the average Canadian citizen is less familiar with these practices, I thought it was worth explaining them for the benefit of the general public.
My presentation focuses on three areas.
First, I will talk about some of the current practices for collecting personal information that political parties use for electoral marketing purposes or political communications. I will then examine what types of personal data political parties use, and how they compile it.
Second, I will introduce the objectives associated with analyzing this data and the analysis methods preferred by the parties. I will examine why political parties analyze data on Canadian voters.
Last, I will go over some of the implications for Canadian democracy associated with using Canadians’ personal digital data.
To begin, what data is compiled by political parties, and how is it collected?
First of all, it is important to mention that collecting and analyzing Canadians’ personal data has been part of the political marketing process that political parties have used for more than 30 years, but it has increased dramatically in the last 15 years or so.
Political marketing involves an in-depth analysis of segments of the population so that election decisions can be made that will help the party identify the electoral districts and segments of the electorate to focus on during the election campaign in order to generate votes. The entire process is intended to help the party gain votes.
The purpose of political marketing is to create more targeted voter messaging and, ultimately, to win elections. The more accurate and extensive the data, the higher the quality of the analysis will be. For many years, election marketing was based on survey data and discussion groups. In the past 10 years, however, parties have also been using personal data collected online, primarily because that data is geotagged.
When a person has an account on a social media platform, they often provide their postal code, for instance, which pinpoints their location very accurately. This gives political parties a very precise, almost granular level of detail on voters. All these forms of data are added to analysis platforms and run through various mathematical procedures or algorithms. We will come back to this in a moment.
The political parties collect personal information in three main ways. First, several months before an election is called, Elections Canada and the other provincial election bodies give the parties access to all the personal information on the voter registration list. These lists provide citizens’ names and addresses and so forth. To this initial data, the parties then add aggregate data from national surveys carried out for the parties by market research firms, and from research reports produced by organizations such as Statistics Canada. In addition, for the last decade, parties have been mining citizens' personal information online. This data may be volunteered or it may be provided to political parties without the citizen’s knowledge.
Political parties collect information when voters provide their email address, postal code or phone number on the party website, when they attend a partisan event, or when they sign an online petition sponsored by the party on a specific issue.
This information is given willingly to the political parties by citizens. However, most people don’t know what the parties do with it. Moreover, as my colleague Colin Bennett pointed out, the parties are not required to tell them what exactly they will do with that information.
Next, parties can collect information on voters by studying users’ social media usage. All the major social media companies such as Facebook, Google, and Twitter offer their corporate clients various forms of aggregate data on how people react to the messages that political parties post on social media platforms. These companies also offer consulting services to political parties to develop targeted communication campaigns for specific sub-groups of users.
Lastly, and this is rarer in Canada, political parties can also purchase personal digital information on Canadians through companies specializing in that field. Those companies sell data on the consumption habits or debt levels of customers, for example. These data brokers are commercial intermediaries that generate databases using various methods, more or less legally, and sell the information, almost always without users knowing it.
For example, that is what AggretateIQ, the Cambridge Analytica intermediary, was doing. It harvested personal information on users through a digital application linked to Facebook, which Cambridge Analytica then resold to its clients to be used to target voters and certain segments of the population.
Why do parties collect data in this way, and how is the data analyzed?
As parliamentarians and active members of your respective political parties, you are well aware that Canadian political parties are seeing a drop in membership and funding, while at the same time voters are more flexible in their party loyalties and more critical of our political institutions.
Many of the strategists I interviewed as part of my research told me that the leaders of Canadian political parties now have to overcome major organizational hurdles to win an election. In the last 20 years, they have turned to political marketing and digital communication to try to generate new human and financial resources.
As political marketing integrates into contemporary campaign development in Canada, it does so in a context of major technological change. Election preparations and political marketing combine traditional approaches to political organization and emerging approaches that, as you know, involve a variety of online and offline platforms.
Influenced by the technological innovation used in the American presidential elections in 2008, 2012, and 2016, political parties now make digital tools a central part of their election preparation process. This has led to the emergence of a new category of political strategists specializing in social media, computer scientists, mathematicians, and software engineers, a whole cohort of data analysis specialists. These people did not work for political parties 15 years ago, or were responsible for creating websites or disseminating content at that time. They were not necessarily responsible for focusing specifically on election campaigns. These digital strategists are now at the centre of organizational processes and election campaigns.
In 2004, the Conservative Party of Canada was the first party to use a voter analysis system linked to a database with personal information on Canadian voters. Leading up to the 2015 election, the NDP and the Liberal Party also developed their own databases to target voters, and collected and analyzed citizens' information. Segment profiling is done using computer-based algorithms that identify the co-occurrence of socio-demographic and political characteristics among voters, whose information is aggregated in databases.
The parties now collect this information on voters in a permanent database, particularly through online advertisements and social media applications such as Twitter and Facebook. Political parties pay these companies to access the metadata of their subscribers. Geotagged information from social media provides the parties with information on users’ socio-demographic characteristics, how often they visit that social media platform, and what they like or share.
Using political marketing leads the parties to develop election platforms that are more targeted and tailored to individuals. The party’s position addresses the priorities of a select group of voters, their targets, who are identified during the market study and selected based on their potential for a positive reaction. For example, this targeted approach led the federal Conservatives to make niche commitments, such as the tax credit for tools for people in the trades, the universal child care benefit, and eliminating the federal long-gun registry.
Once again, digital technology is used for communicating these hypertargeted messages. Targeting election communications ensures that party messaging reaches the micro-audience that it is exclusively intended for.
Everything done online, including collecting and analyzing Canadians’ personal digital information, has the end goal of putting the parties in direct contact with individual voters and persuading them to get out and vote. You can appreciate that the obsession with winning the election will always be the driving force behind what political parties do, and that includes collecting and using personal information.
In conclusion, this brings us to the risks to Canadian democracy that these practices may pose. While they do help political parties overcome the strategic challenges I mentioned earlier, in my opinion and in that of various other Canadian researchers, these emerging election organization practices compromise the quality of our democracy and our civic duty. The growing use of political marketing and voter analytics is largely taking place behind closed doors, unbeknownst to Canadians. This restricts both the representation of interests and information sharing, thereby progressively eliminating the concepts of the common good and public debate.
Exercising citizenship and election choices...
Your use of quotation marks around the notion of better representing people is significant, as it's really a matter of perspective. Some would say that the data isn't used to represent people, but rather to better target them. After all, we're only really talking about “some” citizens. You're playing semantics a bit, Mr. Bernier. We're not talking about the electorate as a whole.
You know just as well as I do that, when the leader of a political party addresses the Canadian people, they aren't talking to each and every Canadian man and woman, but indeed to a particular segment of the population, about issues that matter to those voters. They aren't really talking to however many Canadians are not in that particular segment. The analyses of polling data and personal information show that those other Canadians are much less likely to react positively to the party in question. So, we're playing semantics a bit, but the quotation marks you used in your remarks are very significant.
Data are in fact being used and transparency is therefore of critical importance. It lies at the heart of the issue we are facing today. The Canada Elections Act needs an overhaul to address, on the one hand, the issue of how political parties can collate data, and on the other, the whole question of research. The act allows political parties to spend money on research during a campaign, but it doesn't clearly define what is meant by research.
If we decide to allow political parties to compile personal information on voters in Canada, the issue needs to be well defined according to specific parameters, in the Canada Elections Act as well as in the Privacy Act.
We will need to make political parties subject to the regulations governing privacy protection and management of personal information. There is legislation on the books that restricts the types of related activities that different kinds of organizations can engage in, but it doesn't apply to political parties. These need to be brought back into the Canadian regulatory framework so that we may restrict what they do with their information and ensure that it complies with the basic principles of the Canada Elections Act. We also need to develop mechanisms that would ensure greater transparency within political parties.
Earlier, in response to a question posed by your colleague Mr. Kent, I gave the example of someone who accesses the Conservative Party of Canada's website. Whenever someone accesses your or any other party's website, a little window pops up to welcome them, asking for their e-mail address, and even their phone number and postal code. The data is then collated, but no one tells us what it will be used for. It would be easy to have a little dialogue box pop up with “Yes, I agree” and “No, I disagree” options that would alert the constituent as to the possible ways in which the political party in question might use their information.
It's still a bit like the wild west right now; we don't know what you're doing. That's why we need to make some key information available to people, but also to ensure that political parties are subject to new elections and privacy regulations.
Today is a challenging time for the Internet, particularly as it relates to the collection, use, and sharing of people's personal information from the web. These challenges are demonstrated by the breach of trust involving Facebook and Cambridge Analytica, but they are not unique to those companies.
We as an industry, in partnerships with governments and committees like this one, have a responsibility to build a healthier Internet ecosystem that gives people meaningful control over their privacy. Mozilla appreciates the seriousness with which this committee is taking this issue, and we thank you for inviting us here to express our views.
My name is Marshall Erwin. I am the director of trust and security at the Mozilla Corporation. My role primarily involves working with our product and engineering teams to understand the privacy properties of the Firefox browser to make sure that, within that browser, we are practising the same principles that we preach on a day-to-day basis regarding privacy.
First, I am going to talk about Mozilla's approach to privacy, and then I'll talk a bit more generally about our perspective on where the industry is.
Mozilla is a mission-driven organization dedicated to creating an Internet that truly puts people first, where individuals shape their own experience and are empowered, safe, and independent online. That commitment to our mission is why, when the story regarding Facebook and Cambridge Analytica first broke, we made the decision to pause our advertising on Facebook. That advertising remains paused today.
That commitment to our mission also lives within the Firefox browser that we produce and that is used by hundreds of millions of people around the world. We practise a set of data privacy principles within that browser that shape the data collection we have.
Firefox is essentially your gateway to the Internet. As such, the browser, the piece of software that runs on your computer or your phone, will manage and have access to a lot of sensitive information about you and about the websites you visit. That is information that stays on your device; Mozilla does not collect it. As a browser-maker, we actually don't know very much about how our users browse the web or about their interests. That is a big challenge for us, but it's also by design. If you are using the Firefox browser to do something sensitive or personal, you can have confidence that Mozilla is not going to learn about that.
Mozilla does collect a limited set of information from the browser by default to help us understand essentially how people are using the technology. This is information, for example, about the types of features you use in the browser, but it is not about your web-browsing activity itself, which is an important distinction that we make.
Mozilla has a set of policies and processes in place to govern the data collection we have. I can talk about these in a lot more detail, but what I think is important for this committee to understand is that it is possible to build a product that hundreds of millions of people use that collects some data by default while respecting the users' privacy and not putting that privacy in jeopardy. That is what we have done at Mozilla with the Firefox browser.
It can be difficult to find the right balance between privacy and the features that people want. This is not easy. We believe that we strike the right balance with the browser. Unfortunately, that is not where the rest of the industry is today.
Let's talk a bit about the technology industry, where it is doing well, and where it needs to improve.
The technology industry, especially its biggest players, is doing a decent job providing people with privacy controls. If you are a Facebook user and you care about your privacy, you can take steps to limit what data the company retains and what data it shares with others. However, the industry is coming up short in three areas that I want to call your attention to.
First, those privacy controls are often buried and difficult to find. The industry does not proactively help people understand and use their privacy settings. As a result, Internet users might have technical privacy controls, but they do not have meaningful control over their privacy today.
Second, the default state of those controls is not reasonable and does not align with users' expectations of what will happen when they use a product or a service. Users are defaulted into the collection and sharing of sensitive data. This violates what we call the sensible settings principle that we practise within Firefox. These sensible settings do not exist for much of the technology industry today.
Third, the data collection and sharing that are tied to those privacy settings are still expansive and permissive. The basic limited data principle—again, one that we practise within Mozilla—is not one that is followed by the industry.
If you examine the issues regarding Facebook and Cambridge Analytica, you will find that all those issues are at play.
I want to call the committee's attention to one specific issue that deserves further consideration, which is the collection and use of people's browsing activity as they navigate the web, sometimes referred to as cross-site tracking on the Internet. This type of activity is often associated with the Facebook's Like button.
If that button is on a website that you visit, and irrespective of whether you click that button, Facebook may collect data about the page you visited and use that data in targeted advertising.
The three problems within the industry that I identified are all still present here. Internet users do not have meaningful control over this tracking activity, nor do they even understand that it exists. The default is to track users across the web, and there are few limits on the data collection through that tracking. This tracking is a problem. It creates privacy risks and it undermines the basic trust that people have when they go online today.
Facebook argued before the U.S. Congress two weeks ago that its cross-site tracking activity is no different than what companies like Twitter, Pinterest, and Google do every day. Facebook was right about that. This is a common tactic across the industry and is not unique to Facebook in any way. However, we are at an important inflection point. Organizations like Facebook should be asking what they can do to lead the industry to some place that does not involve tracking people across the web without giving them meaningful control over that tracking.
There is a critical role for committees like this one to play in pushing Facebook and other companies to explain their cross-site tracking activity, to state plainly whether they believe their users understand and have meaningful control over that tracking, and to articulate what they are doing to lead the industry to a better place on this issue.
Again, I want to thank the committee for inviting us here today. I look forward to answering any questions you may have on Mozilla's overall approach to privacy or the perspectives that we have on the industry.