Thank you to the committee for allowing the Canadian Civil Liberties Association the opportunity to appear before you today and speak on Bill .
I'm going to focus on three topics: first, the need to for appropriate frameworks including explicit privacy protection for information sharing that happens between the CBP and the CBSA; second, the need to ensure that critical details about how the collection of this information will take place receives public attention and parliamentary debate rather than relying excessively on regulations; and third, the need to increase CBSA accountability commensurately with this significant increase in their powers.
The information that Canada will collect and share with the United States after Bill is passed includes biographical information as well as the date, time, and place of entry or exit for every traveller crossing the Canadian border, including Canadian citizens.
This is information on literally millions of Canadians. StatsCan suggests that in January 2017 alone Canadians made 3.6 million trips to the U.S. It also allows for information about every person who boards a plane, train, bus, or ship—if those conveyances are prescribed, because that prescription is left to regulation—in Canada to be collected and shared.
When the beyond the border agreement was signed, CCLA along with the ACLU in the United States and Privacy International in the U.K. developed and released a series of core legal principles for sharing the U.S.-Canada security perimeter. In respect of information sharing, we recommended that it should be restricted to the particular purpose—not used, disseminated, or stored for secondary uses. It needs to be subject to rules limiting the duration of retention to reasonable periods, and it should be subject to independent oversight review and accountability procedures. In particular, when the laws of the two countries differ, the highest standard that grants the best protections to individuals should prevail.
As an example of the problems introduced by different privacy standards, we're concerned that at the time this bill was originally discussed in 2014 one source suggested that Canada had decided to limit the time they could retain personally identifiable information to 15 years. The U.S. has said they reserve the right to retain it for 75 years or longer. Even 15 years is a long time, and it's worth considering whether or not that's the right time frame. It is highly questionable that Canada could maintain control over the uses of information through a memorandum of agreement with the U.S. for as long as a lifetime .
We believe the responsibility for taking such principles seriously should be explicit in the legislation. In addition to the current amendments to Bill , we would suggest including an amendment to add a preamble similar to that found in the recent national security legislation, Bill , and similar to that found in section 3 of the Immigration and Refugee Protection Act, which is another act that CBSA administers. Both of these pieces of legislation explicitly identify the responsibility of customs enforcement officers to carry out their responsibilities in a manner that safeguards the rights and freedoms of Canadians and that respects the Charter of Rights and Freedoms. One might argue that it's incumbent on them to do so whether or not that clause is inserted in the legislation, but we would argue that there is both practical and symbolic value in including it in the Customs Act at this time.
On a pragmatic level, one way to ensure that privacy protections are in place is to conduct privacy impact assessments. Clearly, for a project of this scope, which is going to collect information on millions of Canadians, these assessments should be undertaken before information is collected under this legislation and ideally in time to inform the regulations. The assessments should be reviewed by the Privacy Commissioner of Canada, and an executive summary should be publicly reported.
We realize that Bill is enabling legislation and will continue a process that has already begun. In fact, there were privacy impact assessments for the pilot stages of this project before Canadian information was collected, but these assessments need to be updated in light of the expanded collection.
CBSA also committed to conducting an analysis on all uses of personal information by all parties involved in the sharing of biographic entry data, and while that analysis to my knowledge is not publicly available, I would suggest that, as an important precautionary step before expanding the scope, the committee might wish to see if that analysis actually took place, and figure out how it's working now before we expand it.
I'd also just like to flag that in 2015, in his spring report, the Auditor General expressed concerns that the CBSA's project management framework was not conducting risk assessments at appropriate times. That would be another area where the committee might want to make sure the technological infrastructures as well as the policy infrastructures around this information are appropriately secure.
In relation to regulations, clause 2 of Bill amends the act so that proposed subsection 92(1) will allow the CBSA to collect information from prescribed sources in the prescribed circumstances, within the prescribed time, and in the prescribed manner, and then allow the Governor in Council to make regulations to fill in those blanks. The problem is that leaving so much to be prescribed means a process that is less public, less transparent, and less accountable.
In simpler terms, who we are going to collect the information from, why, when, and how is not clearly specified anywhere in the legislation, but these aren't inconsequential details. Knowing them would allow us to evaluate the nature of the collection process, weigh the potential risks to privacy, and better understand the potential costs of a leak or breach. Knowing the source of information allows us to judge its integrity. Knowing why and how it can be collected allows us to assess the proportionality of the collection in relation to its purpose. Clichés sometimes ring true: the devil is in the details.
While we appreciate the need to keep the legislation technologically neutral and flexible, flexible should not mean completely open-ended, particularly because regulations can be changed quietly, largely out of public view, with a much less democratic process than the one we're engaging in today. What current drafters intend to include in the regulations may not be what subsequent governments would choose.
We are, at this time, witness to a dramatic change in policy direction in one of our neighbours. We should take that lesson to heart. When we're talking about practices that engage charter-protected rights to privacy and mobility, safeguards should be enshrined in law. To this end we recommend the committee consider what aspects of the collection process could and should reasonably be included in the legislation.
Lastly, this bill expands CBSA powers but does not increase accountability. CBSA is still the only federal agency with security and law enforcement powers that doesn't have comprehensive, independent oversight or review of its actions. We argue that it's unwise to continue expanding their powers without increasing that accountability framework.
CBSA will now be allowed to share information for the purposes of enforcing the Employment Insurance Act and the Old Age Security Act. If mistakes are made, that could have highly detrimental effects on individuals. There should be a possibility for individuals to appeal the accuracy of the information to an independent body.
CBSA's role in controlling the exit of goods and people from Canada is expanding. The bill creates a new requirement for people exiting Canada now to answer the questions of a CBSA officer truthfully. Answering falsely is an offence. This is a broad power. There is no question that people should have to respond truthfully to a CBSA officer, but I'm sure we've all seen recent stories about agents on both sides of the border asking questions that people are alleging relate to racial background, religious beliefs, and political opinions. Potentially allowing some form of this intrusive and problematic questioning on exit as well as entry doubles the opportunity for potential abuses of power.
While creating an independent review body for the CBSA is clearly beyond the scope of this bill, allowing a potential escalation of a non-problem while simultaneously failing to provide a recourse to an independent civilian body to receive complaints, review policies or officer conduct, or investigate potential misconduct is simply wrong. Every time the CBSA's powers are increased, the lack of an independent review body to provide additional and necessary safeguards becomes more problematic.
Thank you for the opportunity to provide these comments. I look forward to your questions.
Good morning, Mr. Chairman and members of the committee. My name is Eric Jacksch, and I'm pleased to be here to discuss Bill .
By way of background, I have a B.A. in sociology-criminology and started my career working as a correctional officer and probation and parole officer for the Province of Ontario. I've also had the great privilege of serving in the Canadian Forces Reserve, both the infantry and intelligence branches. My interest in high-tech, combined with a part-time software development business, drew me to Ottawa during the tech boom in the mid-nineties, and I quickly specialized in what we now call cybersecurity.
I have more than 20 years experience in information security, as well as a background in physical security. I am board-certified in security management by ASIS International, and hold their certified protection professional, or CPP designation. I also hold the certified information security manager designation from ISACA, previously known as the Information Systems Audit and Control Association, and the certified information systems security professional or CISSP designation from the international information system security certification consortium, also known as (ISC)2.
So far in my career, I've had the pleasure of providing security services to a variety of federal, provincial, and municipal governments, as well as some of the world's largest banks, automakers, insurance companies, and postal organizations. Consulting engagements have taken me across Canada and the United States, and to the U.K., Switzerland, Spain, Netherlands, Japan, and Singapore. I have taught courses, spoken at conferences, and written numerous articles.
Perhaps most relevant to these proceedings, I have performed risk and privacy assessments for Canadian federal government departments, as well as provincial and private sector organizations required to meet Government of Canada security requirements.
A significant challenge in cybersecurity is education and awareness. In addition to running securityshelf.com, a security news aggregation site, I write a column for IT in Canada. That first put the issues underlying Bill on my radar.
Back in March 2016, just after 's visit to Washington, I read articles in the media suggesting that Canada was gearing up to start sharing more personal information with the United States. I thought it would make an interesting article for my column, so I did some research.
As it turned out, the media coverage was mostly hype. However, it did make for an interesting article entitled, “No, the sky is not falling”. You're welcome to visit canadait.com to read that and more of my articles.
I'm sure you've all been briefed on the history, but in summary, as I understand it, in December 2011, then prime minister Steven Harper and president Barack Obama released the beyond the border action plan for perimeter security and economic competitiveness. As part of the plan, Canada and the United States committed to establishing a coordinated entry and exit information system that includes sharing information so that the record of a land entry into one country can be used to establish an exit record from the other.
According to the CBSA, phase one ran from September 2012 to January 2013, during which time:
|| ...both countries tested their capacity to exchange and reconcile biographic entry information of third-country nationals (non-U.S. or Canadian citizens), permanent residents of Canada who are not U.S. citizens and lawful permanent residents of the U.S. who are not Canadian citizens [having crossed] at four land ports of entry in British Columbia/Washington State and Ontario/New York.
In June 2013, phase two expanded the program to cover all common land border ports of entry with the processing capacity to capture traveller passage as an electronic record. During this phase, information was not shared “on Canadian [or U.S.] citizens, Registered Indians, or protected persons.”
What we are essentially talking about today is the next phase of the entry-exit initiative, and expanding information sharing to all travellers at land border crossings. It's understandable that Canadians are concerned about the prospect of Canada and the United States sharing personal information. From a security perspective, I see three areas of potential concern.
First, there's the actual implementation of information sharing between CBSA and U.S. Customs and Border Protection. To understand that impact, we need to consider what's being shared. I'll quote the privacy impact assessment summary for phase two, published by the CBSA:
||At entry, each country presently collects the following data elements as agreed to for the Phase II exchange: Name (first, middle, last), Date of Birth, Nationality/Citizenship, Gender, Document information (type, number and country of issuance); these elements were demonstrated to be effective in reconciling entry and exit information in Phase I. The only data to be exchanged, which are not already known to the receiving country, will be the date of entry, time of entry and the port through which the individual has entered.
Assuming that information sharing is constrained to this set of biographical data, which I also see reflected in Bill , the exchange of information between CBSA and the U.S. CBP has no practical impact on honest, law-abiding travellers.
The second area is how this information is protected in transit and rest. Canada has proven methodologies to assess cybersecurity risk, and specific guidance on the security controls required to effectively protect this type of information is readily available. Assuming that the cybersecurity aspects of this data sharing are taken seriously, there is minimal risk to Canadians.
The third and perhaps most difficult area is ensuring that information is used only for the intended purposes. When any entity, public or private, has information, there's always a temptation to find new uses for it. Abuse of information by individuals is a problem. Informal information sharing between organizations can give rise to serious security and privacy concerns.
I understand that the Privacy Commissioner has already been involved, and I hope that continues. I also applaud CBSA for publishing a summary of their privacy impact assessment online. As legislators, I urge you to ensure that appropriate privacy controls are in place and to make it clear to Canadians how and under what circumstances this entry and exit information may be shared outside of CBSA.
Section 6 of the charter guarantees every citizen the right to enter, remain in, and leave Canada, but it doesn't say that they can do so anonymously. Canada already tracks entry and exit information for air travellers, and from a security perspective, expanding it to land border crossings makes good sense. I don't foresee any significant security obstacles in the proposed approach.
Thank you for the opportunity to speak on this topic. I welcome your questions.
Mr. Chair, good morning.
Members of the committee, good morning and thank you for inviting me here today to discuss the entry-exit initiative, as Bill is now in second reading and being studied by this committee.
Thank you for inviting me here today to discuss the entry/exit initiative.
My name is Mieke Bos, and I am the director general for the admissibility branch at Immigration, Refugees and Citizenship Canada, IRCC.
The admissibility branch within IRCC provides policy support to the managed migration of visitors to Canada and protects the health, safety, and security of Canadians. We work very closely with the Canada Border Services Agency, CBSA, on a number of files, and entry-exit is just one of them. We liaise on an ongoing basis with the CBSA on migration control and security management, including admissibility, identity management, visas, travel documents, and information sharing.
I am accompanied today by two colleagues: Emmanuelle Deault-Bonin who is the director of Identity Management and Information Sharing, and Marc-Andre Daigle, director of Strategic Initiatives and Global Case Management System Coordination in the Operations section of the department.
As you will have heard earlier in the week from the Minister of Public Safety and colleagues from CBSA, as an entry-exit initiative partner, Immigration, Refugees and Citizenship Canada will receive entry-exit data from the CBSA to support its program objectives.
Building on what you heard, I would like to focus on the significance of the entry/exit initiative for Immigration, Refugees and Citizenship Canada (IRCC).
The essence of the entry-exit initiative is about information sharing, verification, and compliance. It is about knowing who enters Canada and who exits Canada at any given moment in time. It's about providing a complete travel history for those applying to be permanent residents or Canadian citizens. It is a system to share information between Canada and the U.S., so that a record of entry into one country becomes a record of exit from the other. The benefits of this initiative are important for my department as the entry-exit system will close a knowledge gap by providing objective information on movements into and out of Canada.
Canada has also committed to collecting exit information about the air mode by requiring airlines to submit a list of all passenger information on outbound international flights.
I cannot stress enough how access to this information will enhance program integrity across multiple lines of business by providing IRCC's officers with a tool to objectively confirm an applicant's presence in, absence from, entry into, or departure from Canada. I would underscore that this is not new. IRCC already collects travel histories from clients applying for citizenship or confirming permanent resident status.
With entry-exit records, however, IRCC officers would be able to verify the accuracy of information submitted by applicants, including their time spent inside and outside of Canada. This information may impact a decision on whether or not an individual qualifies for permanent resident status or being granted citizenship.
IRCC has been working closely with the Canada Border Services Agency (CBSA) to advance this initiative and plans to obtain entry and exit information from the CBSA to support its administration of the Immigration and Refugee Protection Act, the Citizenship Act and the Canadian Passport Order. The entry and exit information will also assist in case processing and identifying instances of fraud across IRCC's multiple lines of business.
For example, an individual's presence in or absence from Canada is a key requirement in the large volumes of applications and investigations processed annually in the temporary resident, permanent resident, asylum, citizenship, and passport streams. Taking it a step further, access to the CBSA's entry-exit information will provide IRCC decision-makers with an objective travel history to support the processing of an application or investigation. I will give you a few examples.
Accurate, objective entry-exit records will allow IRCC to strengthen the integrity of citizenship and immigration programs by being able to verify that those who claim to have resided in Canada and to have met the residency requirements have actually done so.
It will allow us to better identify temporary residents who overstay their allowable period in Canada. It will allow us to verify that sponsors in the family class are residing in Canada where required by law, and to verify relationships in compliance with conditions for spouses and partners applying or admitted in the family class. It will allow us to ensure ongoing entitlement to a Canadian travel document. It will allow us to support investigations into possible fraud in relation to immigration, citizenship, and passport travel documents, and to detect persons overstaying their visa and immigration warrant closures. It will also allow us to identify individuals who may have failed to meet residency requirements for permanent residency status or citizenship applications.
Moving on to privacy safeguards and concerns, IRCC has a strong privacy track record. As the holders of a vast amount of personal information, we are well versed in the legislative and policy requirements that guide the collection, use, and safeguarding of personal information. The existing privacy frameworks that IRCC has in place for its various business lines continue to apply.
I would echo the Minister of Public Safety's comment earlier in the week that privacy is an important component of the entry-exit initiative. IRCC will be submitting its own privacy impact assessment to the Office of the Privacy Commissioner for entry-exit, and updating its application forms and website to ensure that applicants are aware that the information on their travel history will be obtained from the CBSA to support their application.
IRCC takes its privacy obligations very seriously, and together with the CBSA, and the Office of the Privacy Commissioner of Canada (OPC), we will continue to work to ensure that privacy principles are upheld.
From a functionality perspective, IRCC would only query the CBSA's entry-exit database when processing an application or when conducting an investigation. For instance, IRCC would access entry-exit data when there is a program need, for example, to confirm that an individual has met the residency requirement for a grant of citizenship.
From a client perspective, the benefits of entry-exit information means that IRCC is able to make better informed decisions that impact the lives of those clients. IRCC will use entry-exit information to enhance the processing of legitimate applications and investigations into temporary resident, permanent resident, asylum, citizenship, and passport programs.
For example, entry/exit records would make it easier for IRCC to verify that residence requirements are being met by applicants for eligibility in citizenship and immigration programs. Access to entry/exit information from the CBSA will be used to strengthen current limited travel history information found in passport stamps, which may not always be available or add to processing delays.
Collecting the entry-exit records of Canadian citizens will enhance the integrity of IRCC citizenship, immigration, and travel documents programs. Entry-exit travel records would support provisions under IRPA legislation relating to sponsorship residency and verification of family relationships. Entry-exit information would support investigations concerning the revocation of citizenship and the misuse or abuse of Canadian travel documents such as the Canadian passport.
Members of the committee, as you can tell from my remarks, from an IRCC perspective we very much welcome your consideration of Bill . The information that will become available to us once entry-exit is fully functional is important to the work of my department.
With that, I conclude my opening remarks.
Thank you again for the opportunity to be here with you today.
My colleagues and I will be pleased to answer any questions you may have.