The CCLA seeks to ensure that personal privacy is adequately respected by police when they are handling personal information. This is particularly important in the context of procedures that may result in the disclosure of personal information, such as background checks.
Privacy is part of the Public Safety program. You can find more information about it on its main program page.
By Abby Deshman
on March 27, 2013
The CCLA is extremely pleased with the Supreme Court’s decision in R. v. Telus, which upholds strong privacy protections for the millions of Canadians who communicate via text message. The Criminal Code contains comprehensive provisions on intercepting private communication, giving individuals heightened privacy protection when police apply for a wiretap authorization. The Canadian Civil Liberties Association intervened in Telus to ensure that these privacy protections remain meaningful in an era dominated by cell phones and text messaging. The CCLA argued that text messages that are surreptitiously obtained from a cell phone service provider in the midst of the transmission process must be subject to the protections offered to wiretaps in the Criminal Code.
The decision affirms that there is no practical difference between texting and a traditional phone conversation, nor should differences inherent in new technology determine the scope of protection afforded to private communications. Police may not use technical differences in how text messages are transmitted from one person to another to avoid the more rigorous scrutiny of a wiretap authorization: if law enforcement wants to access text messages that will be sent from one person to another, they need to get a wiretap authorization.
Over the past few years Telus, the cell phone provider, has received tens of thousands of search warrants, production orders and interception authorizations from police requiring them to hand over customer information and communications. Usually, warrants and production orders require cell phone providers to produce past communications, and interception orders allow for real-time surveillance. In March 2010, however, the police served Telus with a General Warrant and Assistance Order requiring the company to produce all text messages to and from a specific customer over the next 14 days. The police argued that, because Telus stored text messages for a period of time as part of their transmission process, this was not a wiretap. In practice, however, this type of warrant would give police prospective authorization to have daily, surreptitious access to all private messages, at times allowing law enforcement to read messages before the text had been received or read by the intended recipient.
The majority of the Supreme Court ruled that, under these circumstances, a General Warrant is not available and police must obtain an authorization to intercept private communications in order to access these types of messages.
To read CCLA’s factum click here.
To read the Supreme Court’s decision click here.
By Abby Deshman
on February 20, 2013
Generally, the police do not need a warrant to search a person who is under arrest, and regularly do look through arrestees’ bags and pockets to ensure officer safety and secure potential evidence. Fifteen years ago this kind of search might turn up a wallet, some papers, maybe an address book. Today, however, through the modern magic of cell phones, we can carry our entire digital existence – phone records, contact lists, emails, social media profiles, location records, photos and much more – in our pockets. The privacy implications of giving police warrantless access to this information upon arrest are enormous. Should cell phones really be treated like the scraps of paper, notes or printed photos we carry in our pockets or knapsacks? Or should they be seen more like entirely distinct places – with vast amounts of personal information and correspondence and an unknown number of automatically-entered passwords that open doors to any number of linked accounts.
In September 2012 CCLA appeared before the Ontario Court of Appeal in R. v. Fearon to argue that a cell phone is not like a wallet or papers you may carry in your purse – and the law should not treat it in the same way. We urged that, absent exigent circumstances such as danger to life or imminent loss of evidence, the police should be required to get a warrant before searching a person’s hand-held electronic device.
On Wednesday the Court released their decision, and unfortunately did not agree with CCLA’s argument. They found that, so long as the police reasonably believe there may be evidence on the phone, they can conduct a warrantless “cursory” search of an arrestee’s cell phone if unlocked.
While the judgment makes it clear that there are limits to police search powers incident to arrest, the ruling gives a significant amount of discretion to individual police officers. Arresting someone is not the same as charging them with a crime. Many people who are arrested never even proceed to charges, let alone end up in trial in front of a judge! The privacy implications of new technologies are often misunderstood by the courts: a cell phone is not a wallet. We will continue to advocate a better understanding of the privacy implications of new technology in the context of policing. This is not the end of this story, in the meantime, lock your phone.
To read CCLA’s factum at the Court of Appeal click here.
To read the Court of Appeal’s decision click here.
By Noa Mendelsohn Aviv
on January 23, 2013
As part of an ongoing public discussion with the Toronto Police Services Board about race-based harassment (racial profiling), CCLA’s Equality Program Director Noa Mendelsohn Aviv will address the Board. The current issue is the “receipt” the police will provide to individuals who are detained by police, questioned, and “carded” (the practice by which police record the identity and personal information about a person in the police database). CCLA is urging the Board to make sure individuals receive a mirror copy of certain basic information recorded by police about them, and the specific reason for the stop.
For CCLA’s submissions to the TPSB on this matter, click here.
By Abby Deshman
on January 18, 2013
When is a police officer’s suspicion ‘reasonable’, and when it is a subjective hunch that could easily target innocent individuals – perhaps based on improper or stereotypical assumptions about ‘suspicious’ people or behaviour? Four years ago, in a 5-4 split, a majority of the Supreme Court found that the police could conduct warrantless searches using sniffer dogs so long as they had a “reasonable suspicion” that a person was engaged in a drug crime. Although the Court provided some guidance, the precise contours of what constituted a reasonable suspicion, was left to lower courts to decide on a case-by-case basis. On Tuesday, January 22, the Supreme Court of Canada will again examine sniffer dogs and the ‘reasonable suspicion’ standard as they consider a pair of cases, R. v. MacKenzie and R. v. Chehil. In each case the trial court found that the police did not have enough evidence to form a reasonable suspicion – assessments that were overturned by the respective courts of appeal.
CCLA counsel will appear before the Supreme Court to argue that a rigorous, restrictive approach must be taken when examining the content of the ‘reasonable suspicion’ standard. As Justice Binnie stated in the first Supreme Court case that considered this issue, the court’s after-the-fact examination of police conduct is the only protection an individual has against unlawful police dog searches. The police must be able to offer objectively-verifiable evidence, and a proven link between ‘suspicious’ facts they observed and crime. Over-reliance on generalized malleable ’profiles’ of criminals or unsupported assertions of police expertise opens the door to stereotyping and profiling. And finally, the number of innocent people who could be falsely caught up in warrantless searches must also be taken into consideration: even if it is true that all drug couriers travel from Vancouver to Halifax, that does not mean that it is reasonable to suspect all individuals taking those flights.
To read CCLA’s factum click here.
In the MacKenzie case currently on appeal, the trial judge concluded that there was not enough to support a ‘reasonable suspicion’ that Mr. MacKenzie was trafficking drugs. The trial court’s summary of the officer’s reasons for suspicion included “the driver’s “very high level of nervousness”; … the pinkish hue of the driver’s eyes, which in the police officer’s opinion is consistent with the use of marihuana; and the course of travel of the driver, which was from Calgary to Regina.” Although the officer testified that Calgary was a known source of narcotics and Regina was a known destination of sale, no evidence was offered to support that opinion. The BC Court of Appeal overturned the trial court, ruling that the officer’s observations were enough to support a “reasonable suspicion” that Mr. MacKenzie was trafficking drugs. Similarly, in the Chehil case, the “reasonable suspicion” was based on the observations that Mr. Chehil was travelling alone, that he had bought a one-way ticket from Vancouver to Halifax at the airline counter using cash, and that he had checked a relatively new, locked suitcase. Again, the trial judge found there was not enough objective evidence to support a reasonable suspicion, and the Nova Scotia Court of Appeal overturned the ruling.
By Dora Chan
on January 17, 2013
Canadian Civil Liberties Association at McGill Law and Pro Bono Students Canada present a panel discussion on Freedom of Expression in the Internet Age: The policy challenges of web 2.0
By Abby Deshman
on December 21, 2012
The Supreme Court of Canada’s released its decisions in R. v. Yumnu, 2012 SCC 73, R. v. Emms, 2012 SCC 74 and R. v. Davey, 2012 SCC 75, a trilogy of cases that examined the consequences of improper, privacy-invasive background checks that the Crown and police undertook into potential jurors. While the results of these background checks were used by the Crown, they were not disclosed to the defence as required by law. The Supreme Court ruled that, although the Crown’s conduct was “improper and should not be repeated,” there was no violation of fair trial rights and the actions did not rise to the level of a miscarriage of justice. Deferring to the factual findings at the Court of Appeal, the Supreme Court ruled that there had been no actual impact on the composition of the jury, that the government had acted in good faith when conducting the background checks, and that the failure to disclose the information to the defence, while serious, was “not done for improper reasons.” The Court therefore concluded that the conduct did constitute a serious interference with the administration of justice, and was not so offensive to the community’s sense of fair play and decency that the proceedings should be set aside. All the appeals were dismissed.
CCLA has major concerns regarding the judgments – in particular the precedent it sets for court responses to improper Crown and police behaviour and the privacy-invasive disclosure practices it sanctions.
In the cases before the court, the Ministry of the Attorney General violated the privacy rights of thousands of potential jurors, contravened the Juries Act in the way they disclosing the names of potential jurors, and violated their disclosure obligations – a key constitutional safeguard against unfair trials and wrongful convictions. The police also misused confidential police databases, repeatedly contravening provincial privacy laws. And this improperly-obtained information was used by the Crown during the jury selection process. Yet the Court’s decisions provide absolutely no remedies for these serious and wide-spread wrongs.
The decisions also set the stage for serious continuing privacy invasions into the lives of potential jurors. The Court ruled that police may only check their databases for criminal convictions or other information that would legally disqualify a person from serving on a jury. They also stated, however, that in the course of these background checks authorities may come across other information that would “call into question” a person’s suitability for jury duty. This might include, for example, whether a person has been a victim or complainant in another matter – information that then must be shared with the defense counsel as well. CCLA has spoken out loudly about the privacy consequences of disclosing the intensely personal information contained in police databases. We fear that this decision, and the process it sets out for juror background checks, opens the door to significant, wide-spread, and regular privacy invasions into hundreds of thousands of Canadians.
Between 2006 and 2009 about one third of Ontario Crown offices asked police to conduct background checks on potential jurors by searching confidential police databases. Often the information they obtained was used to inform the prosecution’s jury selections and was not disclosed to defence counsel. In a 2009 report the Ontario Information and Privacy Commissioner found that the actions of Crown counsel and police had violated thousands of individuals’ privacy rights, and policy changes were subsequently put in place to ensure that all background checks were strictly limited to whether or not an individual was competent, under the law, to serve on a jury.
The CCLA appeared before the Court to argue that, when determining whether there has been a breach of the Charter, the Court should consider not only the fair trial rights of the accused, but also the impact of government conduct on the privacy rights of thousands of Canadians. State actions contravened government policy, privacy laws, jury list distribution rules, and disclosure obligations. In the CCLA’s view, the repeated violation of thousands of potential jurors’ privacy rights and the use of confidential personal information to inform prosecutorial jury selections constituted an abuse of process and a violation of the Charter.
To read CCLA’s factum before the Supreme Court click here.
Read the Supreme Court’s decisions in R. v. Yumnu, 2012 SCC 73, R. v. Emms, 2012 SCC 74 and R. v. Davey, 2012 SCC 75.
By Abby Deshman
on December 7, 2012
The Canadian Civil Liberties Association is appearing before the Supreme Court today to argue that employers should have to justify why privacy-invasive workplace policies are a reasonable intrusion into workers’ private lives. In CCLA’s view, employers have no right to access their employees’ bodily substances and medical information, or to monitor what they do in their private lives outside of the workplace where it has no effect on their job performance. Where an employer seeks to impose an intrusive, privacy-invasive policy on employees, the employer should be required to demonstrate that the policy is reasonable and necessary to secure workplace safety. This should include an examination of whether the policy is necessary to achieve an important safety goal, will actually be effective in increasing safety, is minimally intrusive into employees’ privacy, and is a proportionate response to the underlying problem.
In the case being heard today, Communications, Energy and Paperworkers Union of Canada, Local 30 v. Irving Pulp & Paper, the employer tried to unilaterally impose a random alcohol testing program on the employees. The union challenged the policy, and the arbitrator found that the policy was unreasonable, due in part to the finding that the employer had not brought persuasive evidence that there were significant alcohol-related safety concerns at the workplace. The Court of Queen’s Bench and the Court of Appeal both found that the arbitrator’s decision was unreasonable.
To read CCLA’s factum click here.
By Abby Deshman
on December 4, 2012
Canada recently announced that it would engage in negotiations regarding “expanded information exchange” with the United States to increase tax compliance. The United States is pursuing these agreements with multiple countries to facilitate the foreign information collection that will be mandated by the U.S. Foreign Account Tax Compliance Act (FATCA).
International information-sharing can result in significant privacy and rights violations, and the scope of information that the US government is seeking under FATCA is alarmingly broad. “Foreign financial institutions” is expansively defined in the U.S. Internal Revenue Code and according to a recent academic paper by Andrew Bonham includes “all chartered Canadian banks, stock-brokers, and virtually any entity engaged in the financial sector in Canada – ‘everyone from financial advisors to pension funds.’” This very broad category of institutions and individuals is required to report on most “US persons” holding accounts. This would encompass, with some exceptions, not only US citizens, but also many former green-card holders that have permanently left the United States or even individuals who have spent a substantial amount of time in the U.S. over a number of years. Finally, the information the U.S. government is seeking on all these individuals includes the person’s name, address, account number, account balance, gross receipts and payments from the account and their US taxpayer identifying number. The proposed financial penalties envisioned for individuals and financial institutions that do not comply with this regime are significant.
CCLA believes that Canadians’ privacy should not be invaded without an objectively compelling purpose. And as the Hon. Jim Flaherty, Minister of Finance has already publicly stated,
…put frankly, Canada is not a tax haven. People do not flock to Canada to avoid paying taxes. In addition, we have existing ways of addressing these issues with the United States through our Bilateral Tax Information Exchange Agreement. As I said, we share the same goal of fighting tax evasion and we already have a system that works.
To rigidly impose FATCA on our citizens and financial institutions would not accomplish anything except waste resources on all sides.
This should be the Canadian government’s starting and end point. Privacy-invasive collection and disclosure of personal information should only be done when necessary. Under the Canadian government’s own assessment, that threshold has not been met in this case.
To read CCLA’s full letter to the Department of Finance click here.
By Dora Chan
on October 31, 2012
On February 14, 2012, the federal government unveiled Bill C-30 or the “Protecting Children from Internet Predators Act.” While the government claims this bill targets criminals and child pornographers, in fact its provisions will impact the privacy rights of all Canadians who use computers, cell phones, GPS devices, and the Internet. The bill is currently on the backburner, but in the meantime, we need Canadians to let the government know we haven’t forgotten about our right to online privacy.
WHAT: The York University Chapter of CCLA will be holding a public speaking engagement on online surveillance and privacy with Micheal Vonn, a lawyer and Policy Director of the BC Civil Liberties Association and an expert on online privacy
WHEN: Wednesday, November 7, 2012 at 7 pm
WHERE: Room 001 in Health, Nursing, and Environmental Building at York University Keele Campus
About Micheal Vonn
Micheal Vonn is a lawyer and has been the Policy Director of the BCCLA since 2004. She has been an Adjunct Professor at the University of British Columbia (UBC) in the Faculty of Law and in the School of Library, Archival and Information Studies where she has taught civil liberties and information ethics. She is a regular guest instructor for UBC’s College of Health Disciplines Interdisciplinary Elective in HIV/AIDS Care and was honoured as a recipient of the 2010 AccolAIDS award for social and political advocacy benefitting communities affected by HIV/AIDS. Ms. Vonn is a frequent speaker on a variety of civil liberties topics including privacy, national security, policing, surveillance and free speech. She is an Advisory Board Member of Privacy International.
Some photos from the event
By Abby Deshman
on October 31, 2012
Last week we posted about the Supreme Court’s recent decision in R. v. Cole, which dealt with privacy in the workplace and police access to private employee information. Frank Addario, CCLA Board Member and lead counsel for the respondent in the case, has put out a useful summary of the decision and its implications for employees, employers and police. Check it out below or download the pdf copy!
Regina v. Richard Cole: the company computer gets personal
What Cole says:
The Supreme Court of Canada’s decision in R. v. Cole (http://scc.lexum.org/decisia-scc-csc/scc-csc/scc-csc/en/item/12615/index.do) addresses personal privacy rights in a computer. For the first time, the Court recognized that citizens can have a reasonable expectation of privacy on work-issued devices. For the first time, it stated that Internet use and web browsing history is “protected private information” even when that information is stored on a employer-issued computer. When an individual reasonably uses an Internet-connected device for personal purposes, the device is assumed to contain “extremely personal information” over which the user has a valid privacy interest.
Employers cannot eliminate this privacy interest simply by enacting policies declaring information on the device to be their property. An employer who discovers evidence of criminal activity on a work-issued device can tell the police what they found. They can turn the device over to the police for safekeeping if there is a concern about the potential loss of evidence. The employer cannot consent to a police search of the device.
What Cole does not say:
Cole does not establish that employees always have a protected privacy interest in personal information on employer-owned devices. The key is “reasonableness.” Whether personal information attracts a reasonable expectation of privacy depends on the facts of the case. An individual cannot claim a privacy interest in information that she could not have reasonably expected to keep private. Use of a shared device, or an organization’s express prohibition on personal use, for example, are factors to be considered in determining the scope of an individual’s reasonable expectation of privacy.
Although the Supreme Court admitted the evidence seized by the police from the computer, Cole does not establish that warrantless examination of work-issued devices is a permissible breach. The Court admitted the evidence because the law governing privacy expectations in work computers was still unsettled and thus the police did not act in bad faith in failing to get a warrant. In future, the police will be expected to know they need a warrant to search any Internet-connected device used for personal purposes. Breaches of this rule are not likely to attract the same judicial leniency.
The Cole decision will affect the way organizations view their employees’ use of workplace devices, the way police investigate crimes involving work-issued devices and the way in which defence counsel prepare for trials involving the seizure of such evidence.
An organization’s computer use policies should reflect the reality that most work-issued devices will contain protected information. Employers should consider the following rules and principles in regulating computer use by their employees:
- Use policies do not determine privacy rights. It is not enough to assert that data and messages generated on or handled by employer-owned equipment belong to the employer. If a policy permits an employee to use a device for personal purposes, courts will likely find that the employee has a protected privacy interest in at least some information stored on it.
- Ownership of the device does not confer the right to consent to a police examination of the device.
- Employers may inform the police of the discovery of contraband or criminal activity on a work-issued device.
- Where necessary, employers may turn a physical device over to the police – but only to safeguard potential evidence. Employers should inform the police that an employee has been using the device for personal purposes. This will trigger the need to obtain a warrant.
Defence counsel should consider the following questions in applying to exclude information seized from an employer-owned device:
- Is there a written administrative policy relating to the device?
- If so, does the policy expressly permit or prohibit personal use?
- Is there a convention or custom in the workplace that employees can use devices for personal use regardless of a contrary written policy?
- Regardless of written policies, was the employee able to use the work-issued computer for browsing the Web or sending personal e-mail?
- Who else had access to the information on the device, and to what extent?
- Was the device shared or did the client have exclusive use? Was the device password-protected?
- Did the employer have access to the device and, if so, how frequently and for what purpose?
- Did the client know that technicians, webmasters or other users had access to the device?
These factors will help counsel determine the strength of the argument that their client had a reasonable expectation of privacy in personal data on their work-issued devices.