Good afternoon, colleagues. I apologize for the brief delay. We are all just arriving at the committee room, which is in one of the buildings farthest away from the House of Commons, where we just concluded a vote only to find out that we will be summoned back to the House of Commons for another vote in short order.
I'm proposing that we hear as much testimony as we can from our witnesses.
We thank you for being here today. We will probably have to excuse ourselves for a few minutes to go back to vote. Given the amount of time that that will likely take, we'll make a determination at that point whether or not I'll ask you guys to patiently wait for our return. Thank you for your patience so far.
We have with us as witnesses, first, from the Canadian Civil Liberties Association, Brenda McPhail, who is no stranger to the committee.
It's great to see you, Brenda.
We also have, from the British Columbia Civil Liberties Association, Micheal Vonn, who is also no stranger to the committee, together with Meghan McDermott. From the American Civil Liberties Union, we have Esha Bhandari, the staff attorney. You are all coming to us by video conference, except Brenda, whom we're glad to have in our presence here now.
This is the 65th meeting of the Standing Committee on Access to Information, Privacy and Ethics, where we're studying the privacy of Canadians at airports, borders and when travelling in the United States.
It will be a very brief study, so without further ado, I will ask Ms. McPhail to lead us off for up to 10 minutes.
Thank you very much to the committee for inviting the Canadian Civil Liberties Association to speak on this important topic.
The CCLA, as you know, is an independent national and non-governmental organization that has fought for civil liberties in Canada since 1964.
I'm going to focus on three topics today, the first at some length and the others very briefly. First is the need to update laws and policies regarding device searches at the border in a way that reflects the heightened privacy expectations that adhere to these devices. Second is the great need for public transparency and accountability regarding the way current laws are being interpreted at the border, and the policies and procedures in place regarding particularly privacy-invasive searches, and, very briefly, the need to ensure that the new preclearance act, Bill , maintains or enhances privacy protections for Canadians and travellers on Canadian soil and does not diminish them.
I'm not going to speak at any length to President Trump's executive order excluding non-U.S. citizens from privacy protections under the U.S. Privacy Act, but I do want to just note that CCLA agrees with the concerns reflected in the Privacy Commissioner's letter of March 8, and we share his call to our government to ask the United States for improved privacy protection for Canadians under that act.
This study is both timely and extremely badly needed in light of the stories we've all heard about individuals facing intrusive and humiliating questions about religious faith, ethnic origins, sexuality, and political beliefs at both sides of the border, Canadian and American, and conversely the rhetoric we're hearing about extreme vetting that plays on pervasive fear of terror and “the other”.
I'm going to speak about law in principle for the most part, but I want to stress at the outset that the reason we need to think long and hard about how to improve privacy at the border has to do with the cost to individuals and to public trust from failing to do so.
The CCLA runs a public inquiry line, and on that line border questions have increased dramatically in the last six months. We've had calls from Muslims and Christians, and men and women of different skin colours and different sexual orientations, and they're all afraid of the same thing. They're afraid they are going to be subjected to privacy-invasive searches or questions when they cross the border. Some of them are afraid to travel at all.
We can't do much about how Canadians are treated at the United States border, but we can and we must address the problems that exist at our own. I would go further and suggest that the time is right for Canada to take a global leadership position regarding rights respecting border security laws, policies, and practices.
It is widely believed that borders are special zones in which privacy rights are reduced because of the compelling duty to protect state sovereignty and the populace. We don't disagree with that duty or with the need for effective border security that follows from it, but it is important to note that “reduced” expectations of privacy cannot and should not ever mean “non-existent”, and we argue that to be genuinely effective in the best sense, security must be both rigorous and rights-respecting in equal measure.
This is particularly true in relation to searches of electronic devices, including cellphones, laptops and wearables. We're living in a world where the tools that we increasingly use to navigate our daily lives, sometimes by design and often by default, contain, create, and connect information about us that is profoundly personal and sensitive. We have to quit trying to fit these technologies into a legal and regulatory structure created at a time when both these devices and the quantity and quality of information they can contain was inconceivable.
I know this committee has heard very similar variations on this theme in relation to its studies of the Privacy Act and PIPEDA, and it is similarly and urgently relevant here for this study.
I would argue that it is entirely possible for us to do better. When it comes to law enforcement outside the border context, we are actually in a small way starting to figure out how to address dealing with these devices, the information they store, and the potential for even seemingly insubstantial bits of information to have privacy implications. It's a work that's still very much in progress, but there has arguably been some advancement. In particular, we've recognized that the privacy-invasiveness of an electronic device search requires a clear framework under domestic law to ensure that the search itself is reasonable, that it's conducted in a reasonable manner, and that it's otherwise charter-compliant, usually by requiring prior judicial authorization—a warrant—and adequate grounds on which to base the search.
There is no compelling reason why we can't develop clear laws that allow us to do the same at the border, even taking into account its unique context. The current practice of CBSA is not sufficient. CBSA agents conduct warrantless searches of electronic devices with no defined threshold for grounds, based on largely unexplained interpretations of legislation that originally meant to apply to carriages and cars and boxes and bags. Nor has the manner of such searches yet faced a meaningful public or judicial scrutiny.
Information that is collected from devices searched or detained by CBSA is taken without public knowledge about what it will be used for; whether, how, or for how long it will be retained; and whether, how, or with whom it could be shared. Many individuals, from members of the business community to journalists, researchers, doctors, and lawyers, also have professional obligations to maintain the confidentiality and integrity of their data. The present law is entirely unequipped to deal with that reality.
There are also current constitutional challenges coming forward in the lower courts relating to device searches. While the trend up until now seems to have been to settle and make them go away, at some point these questions will have to be dealt with in the court. They should be dealt with, I would argue, by our lawmakers. It's long past time we updated the Customs Act and other legislation that applies in the border context to recognize the distinction between a bagful of underwear and a device that contains or provides access to our most intimate, personal conversations, our political musings and affiliations, our religious faith, our financial records, our commercial secrets, our health information, and many more types of information.
We also have to note in this context that certain groups—for instance, Muslim individuals, or individuals perceived to be Muslim, which are not always the same thing—have demonstrably been subject to greater scrutiny at the border, perhaps even more so since the U.S. executive order popularly known as the “Muslim travel ban”. Any measure that gives border officials powers to conduct invasive searches or that allows for continued ambiguity, uncertainty, and unchecked discretion in these matters runs the risk of disproportionately affecting these groups.
It's also impossible to talk about device searches without at least touching on related topics of compelled password disclosure and forced access to social media credentials. These practices truly highlight the illogic of treating electronic devices as equivalent to any other good that crosses the border. While it should remain within the purview of CBSA, of course, to detain devices, get a warrant, and conduct a forensic search on reasonable grounds, individuals shouldn't have an obligation to participate in that process.
We know from a 2015 interim document that was released via an access request that the CBSA believes it has the power to impose penalties on travellers who decline to provide a password for a given device. CCLA would argue that, at least in some cases, compelling that disclosure of a password that exists only in an individual's mind could interfere with the individual's charter rights to silence and against self-incrimination. This is in addition to the other privacy rights clearly at play.
Currently Canada doesn't ask for social media passwords or credentials that would allow them to access data stored remotely, and there's no legislative authority that would justify such a request. We simply want to warn against ever moving in that direction, because it would be both ineffective and likely to raise serious constitutional issues.
Social media is a place where people can and do play with identity, which would render the information profoundly unreliable. Of course we know—social science tells us—that people who think they're being watched change the way they behave and the materials they feel free to look at and explore and learn from and study. This means that such scrutiny could also have a profoundly chilling effect on other fundamental freedoms that we value, including freedom of association and freedom of expression.
The second topic I'd like to mention very briefly is the need for greater public transparency and accountability in the way in which our current laws, including the Customs Act and the Immigration and Refugee Protection Act, are being interpreted at the border, especially as they pertain to privacy-invasive searches and questions. I mentioned that we have access to a small number of policy documents. They actually reside on the website of our friend the BCCLA. However, a couple of documents received from an access request in 2015 hardly fulfills the requirement for public accountability or transparency. We don't even know if they're complete, accurate, or up to date. In contrast, if we look at our neighbours to the south, they actually have proactively published their policy documents about this kind of search, a privacy impact study that they conducted, and statistics regarding the electronic searches they conduct. There's no reason we can't do the same.
For an ordinary person at a Canadian border, it's difficult, even impossible, to evaluate whether the way a search has taken place meets constitutional standards. In other words, those scared people I was talking about at the beginning have no way to figure out if the way they're being treated at the border is lawful and fair if they have no access to the policies and procedures that are supposed to have been followed. Of course, with no independent oversight of CBSA, although there is hope that this will change, it's extremely hard to seek recourse.
In my last six seconds, I'll ask you to please take a look at Bill for its privacy implications, particularly in regard to the ability of American officers to perform strip searches if a Canadian officer declines to do so. It opens up a very dangerous territory. Borders require special consideration not just because they're zones where we need security, but also because they're the first place where people coming into Canada interact with what we hope is a free and democratic country. We need to show them who we are by making sure that our policies and laws at the border reflect our values.
Thank you to the committee for the invitation to participate in this very timely study.
Obviously, Canadians are increasingly concerned about their privacy in the context of the border and cross-border data flows. Our association assists individuals to understand their privacy rights. Just this morning, in fact, the Canadian Internet Registration Authority announced that they are jointly funding our project with CIPPIC to produce a privacy and security guide for electronic devices at the border. We're doing this because Canadians need reliable and practical advice in this realm, but they also need appropriate protection in law and policy.
There are obviously a vast number of topics that could be discussed in this context, and only a few can be addressed in a given presentation. I am going to be discussing the U.S. Privacy Act and information-sharing agreements, while my colleague is going to be discussing appropriate thresholds for searches, the new preclearance bill, and solicitor-client privilege.
We, like our colleagues at the CCLA, recommend following the OPC's concerns relating to Canada's being added to the list of designated countries whose citizens are covered by the U.S. Privacy Act. As they set out in their March 8 letter to the Ministers of Justice, Public Safety, and Defence, this would increase the level of data protection for Canadians to that granted to individuals from various European countries.
Now, it's important to note—and perhaps our colleague at the ACLU will be picking up on this—that the U.S. Privacy Act offers only limited privacy protections, given a great number of significant exemptions, including those for law enforcement and national security. Nevertheless, Canadians who have come to understand that they are denied even these limited protections, in contrast to individuals from other countries, are right to call for this to be remedied.
The recently released report of Canada's first-ever consultation on the national security framework clearly provides important context to this committee in its study. It is evident that Canadians care very deeply about privacy and are adamant that the powers of investigation and data collection for law enforcement and national security must be demonstrably necessary, proportionate, and accountable. A deeply problematic secrecy has created a growing mistrust with respect to cross-border data flows and a concern about the genuine harms to Canadians that have resulted.
Recall, if you will, a flurry of news stories that broke out just a few short years ago about individuals in Canada denied entry to the U.S. on the basis of mental health information accessed by U.S. border officials. The Office of the Information and Privacy Commissioner of Ontario had to do an investigation to even find out how U.S. border officials were coming by this sensitive Canadian health information. The privacy commissioner's report outlines how this information was being logged in the CPIC, the Canadian Police Information Centre's database, and accessed by the FBI via a memorandum of co-operation with the RCMP. That agreement allowed the FBI to further decide who else to give that information to, and they decided that the entities of the Department of Homeland Security, including border officials, should have access as well.
Those are just some of the tentacles of personal information flow facilitated by a single memorandum. We should note quickly, as I said, given the exemptions in the U.S. Privacy Act, that we would not see any remedy for those data flows if we were covered by that act.
The important question is, how much and what kinds of personal information are Canadian agencies providing to U.S. agencies through such information-sharing agreements? To our knowledge, no one knows the answer to that question.
We understand that the OPC had some years ago attempted an audit of such agreements and was unable to get the completed information. The OPC has again requested the co-operation of agencies within the government to collect the information on what information-sharing agreements exist in order to have a comprehensive picture of what important information flows are actually amounting to. We trust that this committee will appreciate the imperative of an audit of current information-sharing protocols and agreements and call upon the government to ensure full co-operation with the OPC in this urgently needed work.
I'll begin by discussing preclearance and the thresholds for searches.
Currently, electronic devices are considered goods in the context of the Canadian border and in preclearance areas at Canadian airports, and there are no statutory safeguards to protect them from arbitrary search by border agents. Preclearance areas are those designated zones in some Canadian airports where U.S. agents have been empowered to process U.S.-bound travellers.
Bill , an act respecting the preclearance of persons and goods in Canada and the United States, was introduced last June and is intended to repeal and replace the existing act from 1999. Bill C-23 contemplates that preclearance areas will be expanded beyond airports and could be established at rail, marine, and land border crossings. It expands the powers that U.S. agents have and, in our view, unjustifiably limits the rights of travellers in the preclearance areas. We've expressed our concerns with this bill in testimony to the committee on public safety and national security, and we'll make our written submission available to this committee as well. Under both the existing and the contemplated preclearance law, a traveller cannot be arbitrarily strip-searched. An agent must have reasonable grounds to suspect in order to have the legal authority to detain the traveller for a strip search.
The OPC has recommended that an identical threshold for the searching of digital devices be written into Bill . In a letter to the committee on public safety, the OPC asks that “Bill C-23 be amended to place border searches of electronic devices on the same footing as searches of persons and therefore their performance should require reasonable grounds to suspect.” The BCCLA endorses this position, as well as the OPC's further recommendation to make a consequential amendment to the Customs Act to similarly protect the privacy of Canadians who are returning home through Canadian borders. We agree with the OPC that “the idea that electronic devices should be considered as mere goods and therefore subject to border searches without legal grounds is clearly outdated and does not reflect the realities of modern technology.” Interestingly, the interim policy documents of the CBSA do appear to acknowledge that it is not appropriate to classify digital devices as “mere goods”. A CBSA operational bulletin from 2015 does not provide for suspicionless searches, but rather states that searches may be conducted if there are “a multiplicity of indicators” that ”evidence of contraventions” may be found on the digital device. We support the OPC's call to codify this policy through legislative amendments. The law should require a border agent, whether CBSA or American, in a preclearance area to have reasonable grounds to suspect that a contravention of law has occurred before they may lawfully search an electronic device. Such legislation would provide legal clarity and transparency to Canadians while also giving existing policy the force of law. It would also support the recognition by the Supreme Court of Canada that the search of electronic devices is an extremely privacy-intrusive procedure.
Finally, I have just two short points. The first is about solicitor-client privilege. This is a matter that the Canadian Bar Association flagged for the committee on public safety, and it applies to ordinary border crossings as well as preclearance areas. Neither we nor the CBA can tell whether Canada has a defined policy about claims of privilege over documents or electronic records on our digital devices. As this privilege is fundamental to our legal system, we want the government to shape a policy that recognizes solicitor-client privilege and entitles travellers to make this claim of privilege over physical or electronic information when they are crossing the border.
Secondly, we'd like to draw your attention to our recommendation to curtail the powers of U.S. officers to strip-search travellers in Canada under Bill . Last month at the committee on public safety, we strenuously objected to conferring any power on U.S. preclearance officers to perform strip searches in preclearance zones in Canada. Under current law, a U.S. agent has no legal authority to strip-search anybody in Canada. If he or she has reasonable grounds to suspect that a strip search is necessary, a Canadian agent must agree that such grounds exist, and only then can they perform that search. We maintain that only Canadian officers should have the power to perform strip searches in Canada, and only in limited circumstances, according to law.
That concludes our prepared remarks. We look forward to your questions.
I'm Esha Bhandari, and I'm a staff attorney with the American Civil Liberties Union. We appreciate the opportunity to provide testimony before the committee today.
I will address two topics. The first is privacy at the border, and specifically searches of electronic devices. The second is the President's executive order stripping Privacy Act protections from non-U.S. persons.
Regarding searches of electronic devices at the border, the current position of the U.S. government is that a regime of suspicionless searches is permissible per U.S. Customs and Border Protection Policy. This policy, dating from 2009, allows the government to search any and all travellers, regardless of citizenship status, and search specifically their electronic devices without a warrant, probable cause, or any suspicion whatsoever. This claimed authority has not yet been ruled on by the Supreme Court of the United States. There are a handful of lower court cases addressing this, but it remains in an area of legal uncertainty, and specifically with respect to whether U.S. constitutional limitations provided by the fourth amendment would apply here. The ACLU's position is that border agents should not be able to search electronic devices without probable cause at a minimum, but that a warrant is in fact constitutionally required.
The nature of searches happening at the border can vary. There may be manual or cursory searches, which happen on site when a traveller arrives at the border. Those searches could include searches of information contained on the device. They could also include searches of cloud-based data that is accessible through the device, including through social media and email applications. Our concern is that when border patrol agents ask individuals for the passwords for their devices, they have access to an unlimited trove of information through these Internet-connected cloud-based apps. While U.S. citizens or lawful permanent residents may be able to refuse to provide passwords to their devices or their cloud-based applications, visitors risk being turned away if they refuse to do so.
The other type of search that is happening is a forensic search. When this happens, U.S. Customs and Border Protection will seize the device, whether it's a cellphone or a laptop, and most often transport it to another location to be hooked up to a device that allows a full forensic search of the device. This is essentially a computer strip search. It gives the government access not only to everything that is in fact stored on the device but also to metadata and deleted files that the traveller may not have even been aware were still accessible through the device.
When a device is seized in this way, CBP is supposed to retain it for only five days initially, but per its policy, this can be extended in seven-day increments. We have heard stories of individuals having their devices seized for up to weeks at a time. According to the government's policy, any information that can be retained must be that information relating to “immigration, customs, and other enforcement matters if such retention is consistent with the privacy and data protection standards of the system of records in which such information is retained.” However, we're very concerned about information such as that belonging to journalists and their sources and attorney-client privilege information, which the policy does not adequately protect. Individuals may assert that this type of information is contained on their devices before they are searched, but apart from a requirement to consult with a supervisor, there is no limit on the U.S. government searching even this privileged information.
While we have heard of an anecdotal rise in the number of searches, we are also aware of a statistically documented rise. In fiscal year 2015, the U.S. government reports that it searched 8,503 electronic devices at the border. In fiscal year 2016, that number went up to 19,033. While these numbers represent a small percentage of overall travellers to the United States, the steep rise in numbers between 2015 and 2016 is concerning, as is the lack of any constitutional protections of “suspicion” being imposed on these searches.
There is still a greater need for transparency. We do not know how many of these searches are conducted with respect to U.S. citizens or with respect to non-citizens and, if the latter, which countries' individuals are being searched and for what reason.
I will now speak about the executive order from the President's stripping of Privacy Act protections from non-U.S. persons. President Trump's executive order stripping Privacy Act protections essentially means that every non-U.S. person, meaning anyone who is not a U.S. citizen or a lawful permanent resident, is no longer entitled to the Privacy Act protections. These protections include the ability for individuals to access their records, correct their records, and limit the dissemination and collection of information by agencies, subject to exceptions that were previously mentioned, including law enforcement use.
As a matter of long-standing practice, many U.S. agencies had extended Privacy Act protections to include the personally identifiable information of non-U.S. persons, including the many visitors and students and business people who travel to the United States from Canada. Those agencies included the State Department, the Department of Homeland Security, the Department of Justice, and the Department of Health and Human Services. In particular, in 2007, when the Department of Homeland Security adopted the policy of extending Privacy Act protections to all individuals, it noted that doing so would have the benefit of supporting data integrity, advancing cross-border information sharing, facilitating trade and travel, and encouraging protection of U.S. persons' privacy overseas.
When the executive order was signed, the ACLU sent a letter to all federal agencies, arguing that implementation of the memo as written would be contrary to law, including procedural and substantive legal roadblocks. We also wrote to the European Parliament and the European Commission, letting them know that U.S. assurances underpinning the privacy shield agreement and the U.S.–EU umbrella agreement to permit data sharing between the two regions would now be called into question by this executive order.
Nonetheless, at least the Department of Homeland Security has released guidance thus far, in April, indicating that it intends to go ahead with the terms of the executive order. This guidance from the Department of Homeland Security has made it clear that non-U.S. persons, including immigrants and non-immigrants, can only request their records through the Freedom of Information Act rather than through the Privacy Act, and that there will now be a balancing test that weighs the public interest in the information when deciding whether to disclose those individuals' personal information. That includes potential disclosure to third parties requesting information about immigrants and visitors to the United States.
Visitors to the United States and immigrants to the United States who are not U.S. persons may not amend their records through the Privacy Act anymore. Instead, the Department of Homeland Security has said that it will now apply the fair information practice principles to non-U.S. persons' information. It is unclear what this will mean, practically speaking. A large concern remains that non-U.S. persons' private information, sensitive information about immigration status, and health information may now be subject to public disclosure because the Privacy Act protections no longer exist.
I will end my testimony there. I welcome any questions.
Thank you for that advice, Chair.
Thank you to our witnesses. It was very interesting testimony and a kind of a refreshing change for the committee.
About two years ago I went across the border. My riding is Saint John—Rothesay in southern New Brunswick, and we're close to the Maine border, obviously, which is about one hour away. We went through, and the U.S. Customs obviously pulled us over. They told us to go into the building and asked us to leave our cellphones in the car.
We went into the building, and were questioned for probably 10 or 15 minutes. My son was in motocross, so we were frequently at the border. We waited upwards of probably 20 to 25 minutes. They told us that we could leave and we went back to our car. There were no phones in the car.
We went back in and they gave us the phones back, but there was maybe a 30- to 40-minute period when we didn't have the phones. They came out with the phones and they asked my son to unlock his phone. He did, and again they disappeared. To make a long story short, we got the phones back, but it was certainly concerning and unsettling for all of us.
How concerned are each of you about cloning and mirroring devices, because I hear that agencies are increasingly cloning and mirroring devices. Obviously, they could follow and track what happened long after we left that border. Is that something you think is becoming more relevant as we move forward in this age of heightened security?
The numbers you saw were originally provided by the U.S. government, but they have since revised them downward, which explains the discrepancy between the 23,000 and the 19,000. Nonetheless, even with the revision downward, it's clear that there's been a sharp spike.
We have been pushing for change on this on a number of fronts. One is, of course, litigation, which in U.S courts is pending at various levels and is often coming up in a criminal context where there is a criminal prosecution and someone is challenging the search of their phone that happened at a border. It is possible that litigation will lead to a higher standard that is required for searches—some level of suspicion.
Notably, there has been one appeals court decision, from the ninth circuit, one of the western circuit courts, which did impose a reasonable suspicion requirement for forensic searches, namely, searches that take place off-site and are the more invasive searches. We have been seeking records of compliance with that decision and so far have gotten no evidence that there has been any change in policy to acknowledge at least this higher level of suspicion, but litigation continues and is a priority.
The second area is legislation. There has been domestic legislation introduced. It would require a warrant for searches of devices, but only for U.S. citizens and lawful permanent residents, so it would provide no protections to Canadians who are visiting. That's not contemplated by this bill.
The last is our push for transparency. We think the numbers aren't enough. Specifically, we think we need to know the nationalities of individuals searched and the reasons given. It's hard to ascertain a pattern of why particular individuals might have their phones searched or not, especially when there is that policy allowing for suspicionless searches.