C-30 may be dead, but you have every reason to worry about your privacy

Ottawa’s data leak policy remains: don’t ask, don’t tell, as Jesse Brown explains


Part 3 of a four-part “Privacy Reality Check” series.  Click here for part one and here for part two.

Yesterday Justice Minister Rob Nicholson casually mentioned to reporters that Bill C-30, which has been marketed to Canadians at various times as The Internet Surveillance Bill, Lawful Access, and the Protecting Children from Child Predators Act, is dead.  It’s been dead for awhile, but somebody forgot to tell the Conservatives and the Canadian Association of Police Chiefs, who have been doggedly trying to rebrand and resell it yet again.

This is very good news for the thousands of Canadians who spoke out against the bill, proving themselves a more effective opposition to the majority government than the official opposition. It’s good news for the online tech sector, which will not be forced to build technology to constantly spy on every Internet subscriber and website visitor.  And it’s great news for Canadians, whose privacy is a good deal safer now the basic principle of court oversight for surveillance has been upheld.

The problem with C-30 was never just about granting police the ability to collect all sorts of personal information without having to get warrants.  There was always a secondary, possibly greater concern about how safe our data would be once it was in the authorities’ hands.

Last week I wrote about the dismal state of data hygiene throughout our federal government, where a superstitious fear of cloud services has resulted in a culture in which sensitive data is constantly moved about by employees via memory sticks and external hard drives. Despite recent high-profile leaks and massive losses of personal information, things at large haven’t improved.  The RCMP, incidentally, have had their share of data boners and privacy breaches. Another drive could go missing from a government workplace tomorrow. Here’s an email I received from one reader, a contract administrator for a certain federal office:

 Has anything happened, an email, a workstation configuration, any change at all to secure my workstation (since the HRSDC breach?)- nope!  From my workstation I can use USB Ports, I can burn CDs.

If what I do is copy data to a cheap USB stick – and then I lose it – would any sane person tell their boss? nope!  Therefore you can assume that many, many data leakages aren’t reported.  This building is “secure,” but thousands of people work in it so it isn’t really that secure!
At least they don’t leave backup tapes on a table in the hall – oops – that’s another email.

It’s disturbing enough to think of the untold number of data losses that have gone unreported by government employees to their superiors.  But what about the leaks and breaches managers do find out about?  What happens with those?

In all likelihood, nothing.

“I suspect there have been hundreds of data breaches we haven’t heard about,” says privacy lawyer David Fraser.  “The federal government has no obligation to let anyone know about these things.”  The Privacy Act, which legislates privacy rules for our federal government, does not make disclosure of privacy breaches mandatory.

In fact, Human Resources and Skills Development Canada’s loss of the personal banking information of 583,000 Canadians only came to light by accident.  All the ministry chose to tell the Privacy Commissioner about was an earlier loss of info about a mere 5,000 Canadians.  Even this confession seemed like it hurt HRSDC- it took them weeks after they learned about it to fess up.  Perhaps they should have kept mum.  The disclosure triggered an investigation that unearthed the far greater loss. And after the drubbing Minister Diane Finley is getting, future government goof-ups may well remain covered up.

There’s no reason for them not to.

Criminal charges can’t be laid against a federal government employee for Privacy Act violations, even if they willfully and maliciously expose our data.

To summarize:

  • The government collects our information without asking permission.
  • If (when) the government loses our information, they don’t have to tell anyone about it.
  • If we do find out about it, we can’t hold government employees responsible in a meaningful way.

Clearly, changes are needed to the Privacy Act.  Each year, our Privacy Commissioner calls for an overhaul to the 25-year-old law. And every year, she is ignored. In 2009, Justice Minister Robert Nicholson rejected a proposal to update the Privacy Act.

If Canadians are able to face down a majority government hell-bent on warrant-less snooping and stop it in its tracks, then surely they can implore that same government to protect and be accountable for the private data it already has on us.

The trouble is, we knew exactly how dangerous C-30 was the moment Public Safety Minister threatened that to disagree with him was to stand with child pornographers.

With data loss, we rarely witness such a galvanizing display, because we usually don’t even know that it’s happened.

NEXT: why our Privacy Commissioner is spending too much time on Facebook

Follow Jesse on Twitter @JesseBrown

Filed under:

C-30 may be dead, but you have every reason to worry about your privacy

  1. C-30 was nothing more than a contribution to the Harper government’s desire to get more information for their CMIS database so they can better target their robocalls and incessant marketing.

  2. Don’t believe a word of it people,

    I have been under illegal CSIS sureveillance for long time now. With proof, local police won’t do squat.

    You have a right to inform yourself on what it going on.

    Have a look at the details


    • I haven’t laughed so hard in quite a while. Gotta love conspiracy nuts to provide the best comedy.

      • Well, stop looking in the mirror then.

        but just out of curiosity, why do you think he is lying? Are you so ignorant and deprived of any ability to think for yourself that you actually believe those that hold the true power always act with integrity and with altruistic motives.

        The very fact you mock the above poster and generalize his account as ‘conspiracy’ shows how truly out of touch you are with reality and how much of a leech you are to society. You do nothing but allow those who bring evil onto society to continue to do so. I hope you are proud of yourself for helping to stifle truth and progression.

        And if anyone doesn’t think the Government/Police are watching everything on the internet you are delusional. If you’re not using a proxy or VPN, they have the ability to know everything.

    • LOL read your website, dude I think you been drinking too much of the Kool-Aid

  3. It’s a typically half-assed, old-time protestant approach to modern technology and society. The Conservatives are still trying to figure out where the ¢ sign went on their keyboards.

  4. Thanks for this series Jesse. Invaluable and necessary because we know there are those who would rather not have the general public aware of their actions .

    Keep up the good work!

Sign in to comment.