Subject: Examination of Bill C-30
Dear Chair, Vice Chairs, and Members of the Standing Committee on Public Safety and National Security:
Like so many Canadians, I am worried about the overreaching nature of Bill C-30 as it is currently drafted. I feel that proper study of the Bill must consider:
The notion that current investigative powers of law enforcement are insufficient. In my view, law enforcement must provide compelling evidence that this is so.
The warrantless disclosure of ISP/telecom customer information. This strikes at a bedrock principle of privacy law and is rightly opposed by the privacy and civil society community.
The possibility that police might bypass new reporting requirements in relation to disclosed subscriber information. The legislation must ensure that all ISP/telecom disclosures are logged and reported.
Section 23 of the Bill, which imposes a gag order on Internet providers, preventing them from informing affected subscribers of disclosures of information. This provision is undemocratic, and must be removed from the bill.
Section 487.0195 of the Bill, which grants ISP/telecoms full criminal and civil immunity for warrantless disclosure of information. ISP/telecoms must not be allowed to and encouraged to comply with warrantless data preservation and production.
Section 14 of the Bill, which gives government an array of powers to order ISP/telecoms to install surveillance equipment to allow for more simultaneous interceptions than is otherwise specified in the law; to comply with additional confidentiality requirements not otherwise specified in the law; to meet additional operational requirements not otherwise specified in the law; to install surveillance equipment provided by the Minister. These provisions to circumvent limitations in the law, and determine not only surveillance capabilities but the surveillance equipment itself, must be dropped.
The ISP/telecom regulatory framework. Capability requirements, requirements for ISP/telecoms to assist with testing surveillance capabilities, requirements for them to disclose the names of all employees who may be involved in interceptions, reporting requirements in relation to technical capabilities, and the draconian inspection powers of Section 34 must be closely examined and found justifiable before this proposed legislation is passed.
Oversight of lawful access. The government should follow the advice of Ontario Privacy Commissioner Ann Cavoukian by establishing an independent agency devoted to surveillance oversight.
Limits of the law. The law must be limited in its application to serious crime only, and limited in its use to law enforcement officials dealing with serious criminal matters.
The cost of lawful access. Before proceeding with the legislation, Canadians are entitled to a detailed, independent regulatory impact assessment that provides a realistic analysis of the costs created by Bill C-30 for implementation of surveillance technologies, operational costs, and resources needed for oversight.
Section 64, which makes it clear that future regulations relating to implementation of the bill will be required. The public is entitled to see all the regulations before the bill is passed, and all the regulations must be reviewed by and voted upon by the House of Commons.
Privacy laws. Given the close correlation between privacy and security, the government should commit to moving forward with reforms to the private sector privacy law (PIPEDA) in conjunction with lawful access.
Canada’s commitments in the Beyond the Border Action plan around information sharing. There is the potential that information gathered will be information shared with any U.S. police department or security agency making a request. Bringing Canada’s policies in line with U.S. policing norms without putting in place checks and balances on when and how much information is shared with other countries goes against a fundamental recommendation of the Arar Commissioner. This cannot be allowed to happen.
Thank you for your attention to these very serious concerns.