The CCLA has just been informed that a UK national, seeking to fly direct from Toronto to the UK ,was prevented from doing so by two Canadian airlines because he is on the US No Fly List. Neither flight was landing in the US — both flights were directly headed from Toronto to the UK — but apparently the airlines were concerned their planes could fly over US airspace or be required to make an emergency landing in the US.
Although we are still looking into the facts — it’s unclear by which process today the airlines would know a passenger on a potential US overflight is on the US No Fly List — we have some immediate concerns.
First, Bill C42 hasn’t yet passed, but if aircraft carriers are providing passenger information to US Secure Flight for overflights, then it would seem the aircraft carriers may be acting as if Bill C42 is already law. Prior to the phasing in of the US Transportation Security Administration’s (TSA) Secure Flight Program, airlines (including Canadian airlines) would administer the US No Fly List. However that process changed in the US with the phasing in of the US Secure Flight Program. As of November 1, 2010 within the US, the Secure Flight Program administers the US No Fly List, and requires airlines to collect and send passenger information directly to Secure Flight. Secure Flight then conducts a screening process of that passenger information with US watch lists, and next reverts with instructions to the airlines about whether or not to issue boarding passes or conduct enhanced screening of certain passengers. Since the phasing in of the US Secure Flight program, it is uncertain what process non-American airlines are following for US overflights, but it seems the intention is that international airlines will also provide passenger information directly to Secure Flight for screening against the US No Fly List.
Bill C42 is proposed legislation in Canada, which contemplates Canada’s compliance with the US SEcure Flight Program. It does this by exempting Canadian airlines from Canada’s privacy law (i.e. PIPEDA – the Personal Information Protection and Electronic Documents Act). The PIPEDA exemption means Canadian airlines would be legally allowed to give the US government passenger information on US overflights (i.e. flights that enter US airspace, but do not land in the US). However, until Bill C42 passes, PIPEDA still applies to Canadian airlines, and prevents them from supplying passenger information on US overflights to the US or any other foreign government.
Second, we have some serious concerns about the lack of legal safeguards in Bill C42. We presented our concerns to a Parliamentary Committee in November 2010, urging the Canadian government to seek written legal safeguards regarding the use, retention, dissemination and destruction of any passenger information provided for overflights.
Third, we are concerned about fairness and the listing process in general — if a person believes they were wrongfully placed on the US No Fly List, it is apparently very difficult to find out why they were placed on the list, and difficult to get their name off of the list.
Here on our website, we recently posted our continued concerns on the amended version of Bill C42 that was introduced in the 2nd reading.
BIll C42 is currently in its 3rd reading and it appears likely to pass. If Bill C42 does pass, then PIPEDA will cease to apply and Canadian airlines will be able to provide passenger information to US officials for US overflights, as required by US laws.
Earlier this month when Bill C42 was still in its 2nd reading, we wrote an article setting out our concerns. We now provide this article for you below.
Bill C42: Canada Needs to Negotiate Protections for Canadians
Apparently the Canadian government believes it no longer needs to protect the personal information of individuals on Canadian airlines.
As long as the Canadian air passenger is traveling through US airspace, the Canadian government is ready to hand over identifying information like names, gender, and possibly travel habits such as how you pay, whether you fly last minute, and if you book a single or double room.
Canada also seems ready to trust the US –(and possibly Mexico, the Dominican Republic, Panama, Chile, Argentina and Brazil) – to decide whether a Canadian should be permitted to board a flight to South America or Europe, or even back to Canada, if that flight passes through US airspace. Canada is evidently not too concerned that the US No Fly List may determine who boards an aircraft in Canada, that is not even destined to the US. Nor is Canada displaying enough concern about what recipient Governments will do with the personal information collected from Canadian airlines, or whether these Governments will share this information with third countries or non-State actors. In fact, Canada is effectively shrugging its shoulders as if to say, “we don’t have a choice”, and agreeing that the US approach to aviation security will predominate in Canada.
Sound concerning? We think so. And it is a likely outcome if Bill C-42, currently being debated in Parliament, passes into law.
Before going further we must stress that we support legal measures which lawfully, and effectively, protect against the real threat of terrorist attacks, and which strengthen aviation security. Indeed, counter-terror laws are necessary. But to be effective, such laws must actually strengthen security, protect individuals, and uphold the Canadian Charter of Rights and Freedoms and international law. By contrast, Bill C-42 only pays lip-service to any real ‘security’ – as the security measures are left to “foreign states” — and simultaneously opens up a Pandora’s box of threats to the rights and liberties of Canadians. Let us explain.
1. What does Bill C-42 do?
As written, Bill C-42 will allow Canadian airlines to provide passenger information to any foreign government, if the aircraft is flying over the United States, and if such information is required by the laws of that foreign government. The only caveat is that the foreign government must be named, by the Minister, in the regulations — right now the regulations only name the United States. There is no description in Bill C-42 of any required safeguards to deal with information sharing, surveillance, listing, or due process protections including redress. We do not believe that relying upon diplomatic assurances regarding use, storage, and destruction is enough — at a minimum Canadian laws should prescribe some process for the necessary safeguards regarding Canadian aircraft passenger information. We are also concerned that the wording of Bill C42 does not prescribe Parliamentary oversight with respect to which “foreign countries” the Minister may earmark as entitled to receive passenger information from Canadian airlines.
2. What passenger information will be provided to the US?
The US Secure Flight Program, administered by the US Transportation Security Administration (US TSA), requires the name, gender, and Redress number (if applicable) of passengers. Redress numbers are provided if an individual has been “misidentified” on a Watch List and has filed a claim with the TSA. The purpose of providing the above information to the TSA is to allow TSA to match this information with the names on the TSA’s “Selectee List” and “No Fly List”, both of which are components of the FBI’s Consolidated Terrorist Watch List. Other passenger information may be requested, and this would likely mean Passenger Name Records (PNRs) [described in (4) below].
3. Why care if a Canadian’s name is compared to a US Watch List or No Fly List?
The American listing process has been criticized within the US, and internationally, because of the alleged high number of errors or “false positives”, and because of the allegedly unlawful ways in which names end up on the list – these unlawful ways are said to include racial profiling as well as the use of “corrupted” information, that is, information that may be procured by torture conducted elsewhere in the world. If your name is on one of these Lists, it is apparently extremely difficult to get it removed. The US FBI Terrorist Watch List has several hundreds of thousands of names on it, and is used to compile the US No Fly List and Selectee List. If your name gets on the US No Fly List, you can be barred from flying into the US or into a third country if your Canadian aircraft passes over the US. There is no way to know if you are on the list until you are prevented from flying, or subjected to ‘enhanced screening’. The American Civil Liberties Union has brought a lawsuit currently challenging the US No Fly List as being “unconstitutional” and “un-American” because of its lack of due process, the hardships imposed on listed people including the stigmatization of being a ‘terrorist suspect’, and its Kafkaesque applications.
4. Why care if PNRs are passed on to the US or Foreign Governments?
PNRs contain not only identification information, but also contain information that constitutes a sort of behavioural profile. For example, religious preferences, dietary preferences, aisle or window seat preference, type of credit card or cash payments, checked baggage or carry-on, last minute travel plans etc., may be contained in a PNR, and such information may be used to see if a person fits a profile that can be deemed a security threat. In other words, if you’re a last-minute flyer or like to travel only with carry-on baggage, you may fit a profile and end up on a No-Fly List and find yourself barred from international travel, or worse, stranded in a foreign country unable to “fly” back to Canada. False positives, and names mistakenly placed on lists, are problematic because they cause hardship for the misidentified individual, and they can detract the State’s attention from persons who may pose real threats.
There is also a concern about how such information is used within other countries. Since September 11, 2001, many countries have blurred the distinctions between their law enforcement agencies, and their national security agencies. The BC Privacy Commissioner observed in 2004 that the blurring of these distinctions risks descent into a police state. It is considered a hallmark of democracy that these distinctions remain to ensure that the rule of law is upheld, and to avoid arbitrary decision-making.
5. Could providing this information to the US or foreign governments protect aviation security?
Providing passenger lists may certainly be useful, but there has to be checks and balances. Specifically, there should be safeguards on how PNRs are used, how long they are kept, when they are destroyed, and how and whether they are disseminated domestically or internationally. Right now none of those safeguards are required of foreign governments by Canadian law, and the Canadian government is basically handing over Canadian PNRs and saying to foreign governments “do as you please”, or “we’ll take your word for it” regarding use.
6. Is there a better solution?
Yes there is. The European Union has previously used rigorous and flexible data protection laws that can be useful to Canada and the United States. The EU laws are not perfect but they seem headed in the right direction — typically there is a requirement for legal safeguards regarding use, length of retention, storage, dissemination and destruction to be in place. We should at least look to the successes the EU has had among its member states in protecting information, and see if there are practical protections we can import into any agreement we have with the US. (We understand that the executive arm of the EU has entered into negotiations with the US on a data exchange agreement which does not provide the same level of protections which exist among Member States of the EU — we are looking into this further, along with our EU counterparts who are advocating that privacy protections extend to any agreement of passenger information exchange with the US).
7. What about arguments that harmonization with the US is necessary?
Harmonization with a model law, or with commonly agreed ideals as has been done in the European Union, may be helpful. But Bill C42 may not be “harmonization” so much as it is walking into an agreement that will result in an ‘acceptance’ of a US model of aviation security. Canadians must assess any model of aviation security to be sure that it complies with our Charter, and with our values. Canadians must ensure that they are well informed of both the risks and benefits of Bill C42. Canadians must consider the likely scenario that — if Bill C42 passes — Canadian airlines will interpret the US No Fly List as having final say on who boards a Canadian aircraft for US overflights, regardless of whether a person’s name is not on the Canadian No Fly List, and regardless of whether the flight is landing in the US.
The US does have the right to demand any information it chooses, but Canada also has the right and the duty to insist upon legal safeguards for any information it is willing to hand over. Indeed there are a number of complementary duties Canada has in this instance:
— Canada has the duty to protect Canadians;
— Canada has the duty to protect aviation security;
— Canada has the duty to cooperate with its allies (which includes the US) to protect international peace and security.
Not only must Canada fulfill all of these duties, but we believe that these duties are mutually reinforcing. It may be that Canada has to engage in more complicated negotiations with the US but that is the price — and also the guarantee — of protecting rights and security.
As for the argument of US sovereignty, it is true that the US has sovereignty over its airspace. But “sovereignty” doesn’t equate to “carte blanche”. Every sovereign nation is expected to uphold the UN Charter. The UN Charter call on all States to uphold its commitment to protecting human rights (which includes the right to privacy with justifiable limits), and that this commitment should supercede any conflicting bilateral agreement. The US has been very vocal about the need to protect the rights of Americans, and this is a point on which Canada can reciprocally engage (i.e. we similarly have the need to protect the rights of Canadians) to find a proper solution for two neighbouring countries which both seek to strengthen aviation security.
When Bill C-42 was being debated last fall, the Government claimed that if the Bill did not pass by December 31, 2010, we would be denied access to US airspace. Well, it’s February 2011, and Canada is still flying into the US every day. Interestingly, it’s said that for every 100 Canadian flights that fly over the US daily, 2000 US flights fly over Canadian airspace. Clearly Canada has some leverage in these negotiations — but in the view of the CCLA, the most compelling leverage is that privacy rights are a prerequisite to effectively strengthening aviation security. False positives and harmful profiling practices do not advance national security in any country. Upholding privacy rights, and ensuring that any limits are necessary, proportional and of minimal impairment, would contribute to more effective aviation security.
We believe Canada can take a lead in calling for global standards for PNR information, which standards conform with our Charter and international laws. We believe it’s very important that legal safeguards regarding use, storage, retention, sharing, destruction, and redress be provided for in Bill C-42 before it passes. Further, there must be an amendment that requires Parliamentary oversight for any listing of “foreign countries” that can receive overflight passenger information from Canadian airlines. In January 2010 Canada entered into an understanding not only with the US, but also with Panama, Chile, Brazil, the Dominican Republic, Argentina and Mexico, to work together on strengthening aviation security. If legal safeguards are not included in Bill C-42, it’s just a matter of time before the personal information of Canadians is in the hands of many foreign governments who can make decisions impacting the mobility, privacy and security of many Canadians.