The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, August 01, 2008
There's been a bit of a buzz lately about laptop inspections by the Department of Homeland Security (Crossing the border? Consider the possibility of laptop searches, Hands off my laptop, Your papers and laptops, please?, US Customs confiscating laptops). Today, the Washington Post is reporting on recently disclosed policies used by the DHS to take and inspect laptops:
Travelers' Laptops May Be Detained At Border (washingtonpost.com)... The policies state that officers may "detain" laptops "for a reasonable period of time" to "review and analyze information." This may take place "absent individualized suspicion."
The policies cover "any device capable of storing information in digital or analog form," including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover "all papers and other written documentation," including books, pamphlets and "written materials commonly referred to as 'pocket trash' or 'pocket litter.' "
Reasonable measures must be taken to protect business information and attorney-client privileged material, the policies say, but there is no specific mention of the handling of personal data such as medical and financial records.
When a review is completed and no probable cause exists to keep the information, any copies of the data must be destroyed. Copies sent to non-federal entities must be returned to DHS. But the documents specify that there is no limitation on authorities keeping written notes or reports about the materials.
"They're saying they can rifle through all the information in a traveler's laptop without having a smidgen of evidence that the traveler is breaking the law," said Greg Nojeim, senior counsel at the Center for Democracy and Technology. Notably, he said, the policies "don't establish any criteria for whose computer can be searched." ...
If you want to take a look at the policy itself, it's here.
Thanks to Rob Hyndman for the tipoff.
Labels: border, homeland security, international travel, laptop, patriot act, privacy
Tuesday, April 22, 2008
A US Federal Appeals Court has overruled a lower court ruling that had previously restricted laptop searches at the border. The 9th Circuit Court of Appeals, in a unanimous three judge ruling, held that border agents do not need any probable cause to rummage through portable electronics.
Border Agents Can Search Laptops Without Cause, Appeals Court Rules Threat Level from Wired.com... Federal agents at the border do not need any reason to search through travelers' laptops, cell phones or digital cameras for evidence of crimes, a federal appeals court ruled Monday, extending the government's power to look through belongings like suitcases at the border to electronics.
The unanimous three-judge decision reverses a lower court finding that digital devices were "an extension of our own memory" and thus too personal to allow the government to search them without cause. Instead, the earlier ruling said, Customs agents would need some reasonable and articulable suspicion a crime had occurred in order to search a traveler's laptop.
On appeal, the government argued that was too high a standard, infringing upon its right to keep the country safe and enforce laws. Civil rights groups, joined by business traveler groups, weighed in, defending the lower court ruling.
The 9th U.S. Circuit Court of Appeals sided with the government, finding that the so-called border exception to the Fourth Amendment's prohibition on unreasonable searches applied not just to suitcases and papers, but also to electronics.
Via Boing Boing.
Previously: Canadian Privacy Law Blog: Crossing the border? Consider the possibility of laptop searches, Canadian Privacy Law Blog: Your papers and laptops, please?, Canadian Privacy Law Blog: US Customs confiscating laptops.
Labels: border, international travel, laptop, patriot act, privacy
Friday, April 11, 2008
Jennifer Stoddart has released a letter addressed to Minister of Public Safety Stockwell Day in response to remarks made by the U.S. Secretary of Homeland Security suggesting fingerprints are not “personal data”.
Letter to the Minister of Public Safety and Emergency Preparedness CanadaThe Honourable Stockwell Day, P.C., M.P. Minister of Public Safety and Emergency Preparedness Canada Public Safety Canada Room: 19A-7400 269 Laurier Avenue West Ottawa, ON K1A 0P8
Dear Minister,
I am writing to express my concern about remarks U.S. Secretary of Homeland Security Michael Chertoff made yesterday while in Ottawa, suggesting fingerprints are not “personal data”.
As you know, Canadian privacy legislation defines fingerprints as personal information. In Canada, we have traditionally taken a more restrained approach to the collection of fingerprints, largely restricted to cases were individuals are charged with or convicted of certain criminal behaviour.
In contrast, the U.S. has increasingly relied upon the collection of biometric data, including fingerprints, from a broad range of individuals for border control purposes and in order to identify and track suspected terrorists. Fingerprints constitute extremely personal information for which there is clearly a high expectation of privacy. Canadian courts have held that, absent lawful authority, compelling persons to provide fingerprints may violate their rights under the Charter of Rights and Freedoms.
No one doubts the need to strengthen information-sharing among nations. We all share a common goal of ensuring our national security. However, as Privacy Commissioner, I strongly urge the Government of Canada to ensure that the privacy rights of individuals are respected and protected at all times.
Canadians rightly expect their government to respect their civil liberties and safeguard their personal information from abuse. The challenge lies in finding the balance between the protection of civil liberties and the need for national security.
As Privacy Commissioner, I certainly expect to be consulted if the Government of Canada is considering new programs to share biometric information – or any personal information – with foreign governments.
I expect your assurance that adequate oversight and control mechanisms are built into the collection, use and safeguarding of personal information that may be shared with other governments, and I expect the opportunity to review these mechanisms.
I know that our respective staffs have built a solid working relationship in matters of security and privacy, and expect that the concerns identified above will be addressed as programs are expanded or new programs are considered.
Sincerely,
Original signed by
Jennifer Stoddart Privacy Commissioner of Canada
Labels: biometrics, international travel, privacy
Sunday, March 09, 2008
As March Break is almost in full swing, it's timely to read Compterworld's recent 5 things you need to know about laptop searches at U.S. borders. State sovereignty usually means that a country has total control over who and what gets in and traditional searches are being extended to laptop searches. This makes sense on one level but seems futile as any traveller can upload ilicit digital content before crossing into the US and then download it on the other side of the border.
But searches are happening, so make sure you delete from your computer all content that you wouldn't want disclosed as part of such a search. Lawyers should particularly remove any privileged content they don't need to be taking with them. And if you're a public servant from BC, Alberta or Nova Scotia, you can't take it with you thanks to the USA Patriot Act blocking legislation in your province.
Labels: alberta, international travel, laptop, patriot act, privacy
Saturday, March 08, 2008
Passengers flying through Heathrow Airport, Terminal 5, will be photographed and fingerprinted twice before being permitted to board domestic flights. The British Airport Authority, which runs the new terminal through which all British Airways passengers will travel say this measure is "necessary to prevent criminals, terrorists and illegal immigrants trying to bypass border controls."
The only reason why this may be necessary is that the design of the new terminal permits international and domestic passengers to mingle in the secure area. Theoretically, transiting international passengers would be able to swap boarding passes with a domestic passenger circumventing border controls. On balance, it just makes sense to ramp up the big brother factor if it means the BAA doesn't have to follow the non-intrusive but universal designs used by every other airport I have ever been through.
The BAA also says the fingerprints will be discarded after 24 hours, unless -- of course -- they are of interest to the police. See: Heathrow airport first to fingerprint - Telegraph. Via the ever vigilant Boing Boing: Heathrow Terminal 5 to fingerprint domestic passengers - Boing Boing.
Labels: air travel, airlines, europe, international travel, privacy, surveillance
Thursday, February 07, 2008
Labels: international travel, laptop, privacy
Saturday, May 12, 2007
Canada's new no-fly list is ready to take off:
CNW GroupAir security strengthened - Passenger Protect ready to take flight
OTTAWA, May 11 /CNW Telbec/ - The Honourable Lawrence Cannon, Minister of Transport, Infrastructure and Communities, together with the Honourable Stockwell Day, Minister of Public Safety, today announced new regulations that will strengthen air passenger security screening. Once implemented, new measures under a program known as Passenger Protect will prevent persons who pose an immediate threat to aviation security from boarding a commercial aircraft.
This made-in-Canada program was developed to provide an additional layer of security for the aviation system and to enhance public safety in a way that complies with the Canadian Charter of Rights and Freedoms and federal privacy legislation.
"Canadians want to fly secure, and Passenger Protect is a significant step forward. We must remember that Canada is not immune to the threat of terrorism and we must remain vigilant," said Minister Cannon. "Passenger Protect will not only make Canada's aviation system more secure, it will also help keep the world's skies safe by reaching beyond Canadian borders to screen everyone getting on a flight to Canada."
Under the new program, the Government of Canada is maintaining a list of specified persons who may pose an immediate threat to aviation security should they attempt to board a flight. Air carriers will be able to screen passengers against the specified persons list through a secure online system. If the air carrier identifies a person as a possible match with an entry on the list, the air carrier will contact Transport Canada to confirm the passenger's identity, and obtain a decision whether or not to allow him or her to board the flight. "Canada has one of the best aviation systems in the world and is always looking for ways to increase the safety and security of the travelling public,"said Minister Day.
The Government of Canada has held discussions with airlines, airports, and labour representatives, as well as civil liberties and ethno-cultural groups in developing Passenger Protect, to create a program that enhances security, respects the needs and realities of the aviation industry and protects the rights of Canadians. As part of the consultations, Transport Canada has established a reconsideration process to provide a non-judicial, efficient way for any members of the public who have been denied boarding to have their cases reviewed by persons independent of those who made the original recommendation.
Transport Canada has worked closely with the Office of the Privacy Commissioner in order to further strengthen the privacy provisions of the program. Implementation for flights within Canada and international flights to and from Canada will begin on June 18, 2007.
As of this date, new Identity Screening Regulations will require air passengers within Canada who appear to be 12 years of age or older to present one piece of government-issued photo identification (ID) that shows name, date of birth and gender or two pieces of government-issued ID - one of which shows name, date of birth and gender - before boarding an aircraft. The boarding pass provided by the air carrier must match the name on the ID.
Canadians will not need a passport for travel within Canada but rather can present a range of government-issued ID to the air carriers including a health card, a birth certificate, a driver's licence and a social insurance card. Current requirements for international travel will remain in place. This practice is consistent with procedures currently in use by most major airlines, and will allow the air carrier and Transport Canada to confirm the identity of a passenger who is a possible match with an entry on the specified persons list.
These proposed regulations were first published in the Canada Gazette, Part I on October 28, 2006, after which a 75-day period followed to enable interested parties and the public to provide comments.
The final regulations will be published in the Canada Gazette, Part II on May 16, 2007.
A backgrounder with more information on the Passenger Protect program and the new Identity Screening Regulations is attached.
<< -------------------------------------------------------------------------
BACKGROUNDER
-------------------------------------------------------------------------
PASSENGER PROTECT PROGRAM
-------------------------
The Government of Canada began consulting with industry on passenger assessment in May 2004, and expanded consultations on a program proposal for Passenger Protect in the summer of 2005. Consultations with air carriers, airports, labour representatives, civil liberties and ethno-cultural groups as well as the Office of the Privacy Commissioner were essential to the successful design and implementation of a program that enhances security, respects the needs and realities of the aviation industry, and ensures that the privacy and human rights of Canadians are protected.
The Passenger Protect program adds another layer of security to Canada's aviation system to help address potential threats. Terrorist groups continue to target civil aviation, and seek means to defeat existing safeguards and measures.
Under the program, the Government of Canada is maintaining a list with the name, date of birth and gender of each specified person that will be provided to airlines in secure form. The airlines will compare the names of individuals intending to board flights with the names on the specified persons list, and will verify with the individual's government-issued identification when there is a name match. Identification will be verified in person at the airport check-in counter. When the airline verifies that an individual matches in name, date of birth and gender with someone on the list, the airline will be required to inform Transport Canada.
A Transport Canada officer will be on duty 24 hours a day, every day, to receive calls from airlines when they have a potential match with a specified person on the list. Transport Canada will verify information with the airline, confirm whether the individual poses an immediate threat to aviation security and inform the airline, if required, that the individual is not permitted to board the flight. The Royal Canadian Mounted Police (RCMP) would be notified immediately in the event of a match, and police of jurisdiction at the airport would be informed and take action as required.
The Passenger Protect program will be implemented for Canadian domestic flights and international flights to and from Canada on June 18, 2007. Creating the Specified Persons List
The Minister of Transport, Infrastructure and Communities has the authority under the Aeronautics Act, to specify an individual who is a threat to aviation security and to require airlines to provide information about the specified person.
A Transport Canada-led Advisory Group will assess individuals on a case-by-case basis using information provided by the Canadian Security Intelligence Service and the RCMP, and will make recommendations to the Minister of Transport, Infrastructure and Communities concerning their designation as specified persons or the removal of that designation. The Advisory Group includes a senior officer from the Canadian Security Intelligence Service and a senior officer from the RCMP (as advised by the Department of Justice), with input from representatives from other Canadian government departments and agencies.
Individuals are added to the specified persons list based on their actions, which lead to a determination that they may pose an immediate threat to aviation security, should they attempt to board an aircraft. Guidelines in making that determination are focused on aviation security, and may include:
- an individual who is or has been involved in a terrorist group, and who, it can reasonably be suspected, will endanger the security of any aircraft or aerodrome or the safety of the public, passengers or crew members;
- an individual who has been convicted of one or more serious and life-threatening crimes against aviation security; and
- an individual who has been convicted of one or more serious and life-threatening offences and who may attack or harm an air carrier, passengers or crew members.
Identity Screening Regulations
As of June 18th 2007, new Identity Screening Regulations will require airlines to screen each person's name against the specified persons list before issuing a boarding pass, for any person who appears to be 12 years of age or older. The regulations take into account the various ways in which the boarding pass may be obtained: at a kiosk, through the Internet, or at an airport check-in counter.
Where there is check-in via Internet or kiosks, airlines will not allow printing of the boarding pass when there is a name match with the specified persons list. Passengers refused a boarding pass at a kiosk or through the Internet will be directed to the airline agent for in-person verification of government-issued identification (ID). ID verification will determine whether the name, date of birth and gender match those of a listed person.
The regulations also require air carriers to screen individuals at the boarding gate by comparing the name on government-issued ID with the name on the boarding pass. If the name on the ID is not the same as the name on the boarding pass, the air carrier will be required to check the name on the ID against the list.
Transport Canada will work with air carriers to provide training for agents and staff who will be involved in implementing the ID verification requirement, and establish procedures that respect the rights of passengers.
The ID requirement under the Passenger Protect program is for one piece of valid government-issued photo ID that shows name, date of birth and gender, such as a driver's licence or a passport, or two pieces of valid government-issued ID, at least one of which shows name, date of birth and gender, such as a birth certificate. The verification of passengers' ID is already a practice followed by most major air carriers in Canada.
The regulations will be published in the Canada Gazette, Part II on May 16, 2007.
Reconsideration and Appeals
The Passenger Protect program also includes a reconsideration process for individuals who wish to contest the denial of boarding. An individual who has been denied boarding under the Passenger Protect program will be able to apply to Transport Canada's Office of Reconsideration (OOR), which may arrange for an independent assessment of the case and make a recommendation. The goal is to provide a non-judicial, efficient mechanism for any member of the public to have their case reviewed by persons independent of those who made the original recommendation to the Minister. Individuals have the further option of making application to Federal Court for judicial review. Privacy and Human Rights
The protection of privacy and human rights is a core element of the Passenger Protect program. In developing the program, Transport Canada worked with stakeholders and consulted with civil liberties and ethno-cultural groups, and the Office of the Privacy Commissioner on privacy aspects.
A summary of the Privacy Impact Assessment conducted on the Passenger Protect program is available on the Transport Canada website at www.tc.gc.ca/vigilance/sep/passenger_protect/executive_summary/menu.htm. In addition, the Office of the Privacy Commissioner of Canada posed a series of questions to Transport Canada about the Passenger Protect program in August 2005. The questions and the answers shed light on the privacy protection features of the program and are available on the Web at www.tc.gc.ca/vigilance/sep/passenger_protect/Q&A/menu.htm.
More details on the Passenger Protect program and the new Identity Screening Regulations are available on Transport Canada's website at www.tc.gc.ca/vigilance/sep/passenger_protect/menu.htm.
May 2007
Labels: air travel, airlines, cardsystems, health information, international travel, national security, no-fly list, privacy
Tuesday, January 23, 2007
CanWest News Service is running a very interesting feature-length report on the upcoming Canadian "no fly" list. Read the entire article ...
Canadian airline passengers will be kept under close scrutinyCanadian airline passengers will be kept under close scrutiny
Don Butler
CanWest News Service
Tuesday, January 23, 2007
OTTAWA - The RCMP and the Canadian Security Information Service will be able to examine up to 34 pieces of information about everyone who flies in Canada under a comprehensive passenger screening program being developed by Public Safety and Emergency Preparedness Canada.
Among other things, the program will require airlines to gather and share the full legal name, date of birth, citizenship or nationality and gender of all passengers - information they don't currently collect for domestic flights.
The new program will affect about 90 million passenger trips a year, two-thirds of which are purely domestic.
The program is authorized under Section 4.82 of the Aeronautics Act, which gives CSIS and the RCMP the right to receive and analyse Advance Passenger Information (API) and Passenger Name Record (PNR) data from air carriers and operators of aviation reservation systems without a warrant.
API data is collected at check-in and include name, date of birth, gender, citizenship or nationality and travel document information. PNR data is collected at the time of booking and includes information relating to a traveller's reservation and itinerary.
Section 4.82, added to the Aeronautics Act in 2004 when the Public Safety Act was passed but not yet in force, also authorizes CSIS and the RCMP to match passenger information against any other data under their control.
The Section 4.82 program ''is envisioned as the next step'' in a two-pronged strategy to use airline passenger information to combat terrorist threats, said Philip McLinton, a spokesman for Public Safety and Emergency Preparedness Canada.
The first step - Canada's new no-fly list - will be introduced in March for domestic flights and in June for international flights.
McLinton said it's ''impossible to speculate how 4.82 would impact the no-fly list. It's just too early to say.''
Since 2002, airlines flying to Canada from abroad have had to provide API and PNR data to the Canadian Border Services Agency, which analyses and risk-scores it to identify passengers who require further review on arrival in Canada. The agency doesn't get the information until flights have departed for Canada.
Under the Section 4.82 program, the collection and analysis of passenger information will dramatically expand. Airlines and operators of reservation systems will have to send passenger information to the RCMP and CSIS for all domestic and international flights. And they'll have to do so before flights depart.
The no-fly program, known as Passenger Protect, obliges airlines to vet the names of passengers against the no-fly list and notify Transport Canada is there is a match. That responsibility will shift to the RCMP and CSIS under the Section 4.82 program.
...
Section 4.82 also authorizes CSIS and the RCMP to disclose passenger information to other organizations or individuals to promote public safety. They include the minister of Transport, the Canadian Air Transport Security Authority, air carriers, airport operators and police officers. ...
It is unclear how, or even whether, the passenger information gathered under the Section 4.82 program would be shared with the U.S. and other allies. The feasibility study cites two issues with the PNR data that would be collected and shared under the section 4.82 program.
...
Another issue is passenger information that is currently not collected during the reservation process, but is essential for the new Section 4.82 program to operate effectively.
Most important is full name, date of birth and gender, which the study says is ''widely viewed as the core set of information required'' to match existing law enforcement records. That information is not currently collected for domestic passengers, so regulations may be needed to make provision of that information mandatory.
''For domestic flights, if the government regulates a requirement for passengers to provide full name, date of birth and gender, the air carriers' view is that passengers would comply, and that air carriers would provide this data,'' the feasibility study says.
To avoid causing delays to the travelling public, the study also says swift and timely information flow is required that can take account of last-minute changes such as no-shows.
...
Ottawa Citizen
Here's the list of 34 pieces of information to be collected by airlines on everyone who travels on domestic or international flights flying in or out of Canada:
1. Surname, first name and initial or initials.
2. Date of birth.
3. Citizenship or nationality or, if not known, the country that issued the travel documents for the person's flight.
4. Gender.
5. Passport number and, if applicable, visa number or residency document number.
6. The date on which passenger name was first recorded with airline.
7. If applicable, a notation the person arrived at the departure gate with a ticket but without a reservation for the flight.
8. If applicable, the names of the travel agency and travel agent who made the person's travel arrangements.
9. Date airline ticket was issued.
10. If applicable, a notation the person exchanged their ticket for another flight.
11. The date, if any, by which a ticket for a flight had to be paid to avoid cancellation of the reservation; or the date, if any, on which the request for a reservation was activated by the air carrier or travel agency.
12. Airline ticket number.
13. Whether the flight is a one way.
14. If applicable, a notation the person's ticket for the flight is valid for one year and is issued for travel between specified points with no dates.
15. The city or country where the flight begins.
16. All points where a passenger will embark or disembark.
17. The name of airline.
18. The names of all airlines to be used on trip.
19. The aircraft operator's code and flight ID number.
20. The person's destination.
21. The travel date for the person's flight.
22. Any seat assignment on the person's flight selected for the person before departure.
23. Number of pieces of baggage checked by the person.
24. The baggage tag numbers
25. Class of service (first class, business class, economy).
26. Any specific seat request.
27. The passenger name record number.
28. Phone numbers of the person and, if applicable, of the travel agency that made the arrangements.
29. Passenger's address and, if applicable, that of the travel agency.
30. How the passenger paid for the ticket.
31. If applicable, a notation the ticket was paid for by another person
32. If applicable, a notation there are gaps in the passenger's itinerary that necessitate travel by an undetermined method.
33. Departure and arrival points, codes of the aircraft operators, stops and surface segments.
34. If applicable, a notation the ticket is in electronic form and stored in an aviation reservation system.
Labels: air travel, airlines, international travel, law enforcement, national security, no-fly list, privacy, surveillance
Tuesday, October 24, 2006
The blogosphere has recently been buzzing about what appears to be a growing practice of laptop searches when entering the United States. The NYT had a piece on this yesterday (At U.S. Borders, Laptops Have No Right to Privacy - New York Times) and Boing Boing is linking to it.
It's a long established soverign right to strictly regulate what comes into a country. Increasingly, information has value and is even regulated from both the export perspective and the import perspective. This appears to be a simple extension of customs officers having the right to go through your dirty clothes on your way back from vacation, but certainly has privacy effects.
More and more people keep intimate information on their laptops and crossing a border with one is akin to crossing the border with your personal archives. If they were in paper form, there's no doubt the customs folks would have the right to take a peek. But laptops also often contain information that is a cut above the routine. A lawyer's laptop is full of privileged material and a physician's laptop is full of confidential information. It doesn't sound like there are any protections built into the system to acknolwedge this and that's particularly troubling.
Labels: international travel, laptop, privacy
Friday, July 14, 2006
The Office of the Privacy Commissioner of Canada has just recently released the result of its audit of the Canada Border Services Agency, focusing particularly on the sharing of information between the CBSA and other countries. The Commissioner's office found that the CBSA hasn't been following the required procedures when it comes to information sharing with the United States, as much information is provided verbally without any record being made of the information provided and to whom. Here is the executive summary from the Audit:
Audit of the Personal Information Management Practices of the Canada Border Services Agency (June 2006) Privacy Commissioner of Canada1.1 We found that the Canada Border Services Agency (CBSA) has systems and procedures in place for managing and sharing personal information with other countries. However, significant opportunities exist to better manage privacy risks and achieve greater accountability, transparency and control over the trans-border flow of data. Trans-border data flows refer to personal information that is collected or disclosed across international borders.
1.2 Written requests for assistance from foreign governments are processed in accordance with requirements. However, many of the information exchanges between the CBSA and the United States at the regional level are verbal, and are not based on written requests. These exchanges are not recorded consistently and do not follow the approval process as established under CBSA policy. Furthermore, they are not compliant with the terms of the Canada-United States Customs Mutual Assistance Agreement of June 1984.
1.3 The CBSA needs a coordinated method of identifying and tracking all flows of its trans-border data. The Agency cannot, with a reasonable degree of certainty, report either on the extent to which it shares personal information with the United States, or how much and how often it shares this information. By extension, it cannot be certain that all information sharing activities are appropriately managed and comply with section 107 of the Customs Act and section 8 of the Privacy Act.
1.4 Generally, the controls surrounding the Passenger Information System (PAXIS) and the Integrated Customs Enforcement System (ICES) are sound. These two key systems contain sensitive personal information about millions of travellers. Notably, foreign jurisdictions do not have direct access to these systems, and electronic disclosures to the United States under the Shared Lookout and High-Risk Traveller Identification initiatives are transmitted over secure channels. However, there are opportunities to strengthen controls to further reduce the risk that personal information could be improperly used or disclosed. These opportunities include:
- completing the introduction of a new security management framework as initiated by the CBSA;
- updating and clarifying roles and responsibilities for IT functions;
- ensuring system access rights are kept up-to-date;
- implementing audit control capability for lookout data printouts; and
- introducing a mechanism for Canada and the United States to assure each other that the system controls and protection of shared personal information are adequate.
1.5 The CBSA needs to explore ways to improve the quality and control of data it acquires under the Advance Passenger Information/Personal Name Record (API/PNR) initiative to ensure that personal information is as accurate and complete as possible.
1.6 The CBSA has not yet evaluated the effectiveness of the High-Risk Traveller Identification (HRTI) Initiative with the United States because the project has yet to be fully implemented. In particular, it should assess the extent to which inaccurate or incomplete data may affect enforcement objectives and individual travellers. Until the CBSA has evaluated the initiative, the Agency will not be able to demonstrate that it has achieved its objective and, accordingly, that the collection and use of vast amounts of personal information about millions of travellers is justified.
1.7 The CBSA is a new entity. Therefore, the time is opportune for the Agency to articulate and implement a comprehensive privacy management framework. In particular, the CBSA should work toward updating and strengthening its agreements with the United States covering the sharing of personal information. The Agency should also consolidate its reporting of privacy incidents and look for ways of improving the monitoring of personal information disclosures.
1.8 Finally, the activities associated with sharing data across borders should be made more transparent. A clear and complete picture of these activities is not readily available to show what information is shared with whom, and for what purpose. As is true for other departments, the CBSA’s trans-border data flows are not accounted for in meaningful detail. More transparency is needed to better inform Parliament and the Canadian public about activities in this area.
1.9 Addressing such matters is in the public interest. We believe that strong privacy management and accountability are essential for dealing with the public’s concerns about the flow of personal information from Canada to other countries.
Labels: international travel, privacy
Tuesday, June 20, 2006
According to Computerworld, European authorities have supposedly found a way around European privacy laws to allow the continued sharing of air passenger personal information with American law enforcement:
Europe to continue sharing passenger records with US:June 19, 2006 (IDG News Service) -- Two weeks after Europe’s highest court overturned a European Union agreement to share passenger data with American authorities, the European Commission has proposed a new law that does much the same as the one that was annulled.
The Commission, the Union’s executive body, agreed Monday to propose a new law that uses different legal grounds to have the same effect: it will allow European airlines to share personal information about their passengers flying to the U.S. with U.S. customs and security officials.
Normally it would be illegal under Europe-wide privacy laws for a company to share European citizens’ personal data with a country with weaker data protection laws such as the U.S. However, after the attacks of Sept.11, 2001, mounted using commercial airline flights, American authorities demanded the information.
Airlines would be fined or worse, denied landing slots by American aviation authorities if they failed to provide the information, which includes details such as name, address and credit card information. But they would be sued in Europe for breaking data protection law if they did provide the Americans with the information.
To avoid havoc in the airline industry and a potential disruption of transatlantic flights, the Commission and the 25 national governments passed a law allowing the handover of most of the information the U.S. demanded....
For a bit o' background, check out: The Canadian Privacy Law Blog: European court blocks passenger data sharing deal with US.
Labels: air travel, information breaches, international travel, privacy
Sunday, May 07, 2006
Canadian immigration authorities are starting a "low key" biometrics trial in a number of centres, including a handful of border crossings in British Columbia and Ontario.
The fact of the trial is interesting enough, but the polling and spin plan referred to in the following article is also very interesting:
Print Story - canada.com networkBiometric screening program planned
The controversial technology would be used on immigrants and refugees
Peter O'Neil
Vancouver Sun
Saturday, May 06, 2006
OTTAWA -- The Conservative government, concerned about negative media coverage and public concerns over privacy issues, is taking a "low-key" approach to its plans to launch a six-month trial later this year of controversial biometrics screening technology at key entry points for immigrants and refugees, according to internal documents.
The $3.5-million trial program will take place at two Canada-U.S. border stations in B.C., Vancouver International Airport, a refugee processing centre in Etobicoke, Ont., and visa offices in Seattle and Hong Kong.
...
The trial marks one of the government's first moves into the controversial use of biometrics -- the use of physical characteristics such as DNA or face, iris or fingerprint scans -- to confirm identity documents.
Privacy Commissioner Jennifer Stoddart has raised questions about biometrics in the context of broader post 9/11 concerns about how the personal information of Canadians can be distributed, often without their knowledge, to governments, corporations and even U.S. security agencies through the powerful and intrusive Patriot Act.
Polls show that numerous Canadians don't trust the technology, fear who may have access to it, and view their physical characteristics as "extremely personal," said Florence Nguyen, a media spokeswoman at Stoddart's office.
"They're very concerned."
CIC officials consulted Stoddart's office on the trial program, which was first funded by the former Liberal government in 2003. Nguyen said privacy officials proposed changes to improve privacy protection, and will await results on the trial program before passing final judgment.
A March 15, 2006 slide presentation to Solberg described the trial as a "sensitive issue."
It noted that an internal poll found that more than 70 per cent of Canadians support biometrics for use in passports and at borders, but that the polling also indicates "mixed opinions" and added that "security still surpasses privacy concerns but is weakening."
The presentation, noting that media coverage of biometrics has been "negative" due to privacy concerns, argues against strongly publicizing the initiative.
"Communications strategy takes this into consideration, proposing a low-key approach and news release upon launch of the trial," states the plan, obtained by Ottawa researcher Ken Rubin through the Access to Information Act.
Charette's March 15 partly-censored briefing note predicts a strong reaction from media and non-governmental organizations to the trial and says "communications strategy will include the preparation of "media lines" for Solberg and a "broad communications strategy on the field trial."
The third component of the media strategy is also whited out, although Access to Information officials at Citizenship and Immigration Canada refused to disclose in the document which specific section of the legislation was used to justify the exclusions.
There are indications CIC is following through on the plan to lay low about the trial.
CIC published a brief notice of the trial on its website last month announcing the trial, identifying Unisys Canada Inc. as the company that has won the contract to supply the biometrics technology. However, no formal news release was issued, and CIC spokeswoman Sheila Watson said the department can't explain why it issued a notice rather than a press release, and couldn't explain whether the two forms of communication have different distribution networks to the media and other organizations.
...
Labels: air travel, airlines, bc, british columbia, information breaches, international travel, patriot act, privacy
Tuesday, November 30, 2004
I was contacted by the Canadian Broadcasting Corporation yesterday to comment on a new inititiave to speed cross-border travel between the US and Canada for "low risk" travellers. New technologies allow pre-screened passengers to skip through customs and immigrations after confirming their identity with an iris scan:
Eye scans at airport for U.S.-bound travellers:"...The iris scans are voluntary, and no one is compelled to go through a process that critics say is invasive.
But Halifax privacy lawyer David Fraser says increasingly, people are deciding it's worth it.
'Survey after survey says that people are concerned about their privacy, but they really don't put their money where their mouth is,' he says.
'It's easy to tell a pollster that, but when it comes to trading privacy for convenience, people often chose convenience.' ..."
Labels: air travel, airlines, information breaches, international travel
Wednesday, September 22, 2004
From Washington Technology:
Canada-DHS pilot program to use iris scanning:"The Canada Border Service Agency, which is working on a Registered Traveler-style pilot program with the U.S. Homeland Security Department, is implementing iris-scanning technology at Canadian airports to verify the identity of travelers.
The program, called Nexus Air, will begin in November at Vancouver International Airport, Vancouver, British Columbia, before rollout at other Canadian airports for a yearlong trial. ...
Nexus Air builds on Canada’s Canpass Air program, which has 4,000 members and also uses iris scanning. As in the U.S. Transportation Security Administration’s Registered Travel pilot program, frequent fliers enroll in Canpass Air -- and soon Nexus Air -- by volunteering personal information and submitting to an iris scan. In return, they can then enjoy expedited check-in and customs screening. "
Labels: air travel, airlines, bc, homeland security, information breaches, international travel
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.