Security shouldn't trump privacy, watchdogs to tell Trudeau government

OTTAWA -- Canada's spy agencies should destroy the data trails of innocent people they incidentally collect during terrorism investigations once the actual targets have been cleared of suspicion, say Canada's privacy watchdogs.

The declaration Tuesday from privacy commissioners across the country came after a judge recently ruled the Canadian Security Intelligence Service violated the law by keeping potentially revealing electronic data about people who were not under investigation.

The message was part of a joint submission signed by federal, provincial and territorial privacy czars that urged the Trudeau government to strengthen protection of personal information as it revamps the national security regime.

Rather than expand state powers and reduce individual rights, it is time to beef up legal standards and oversight to prevent repetition of mistakes, said federal privacy commissioner Daniel Therrien, flanked at a news conference by counterparts Brian Beamish from Ontario and Jean Chartier of Quebec.

They urged the government to learn lessons from the information-sharing blunders that led to the overseas torture of Maher Arar following 9/11 and the current uproar over surveillance of journalists in Quebec.

"National security agencies have an important and difficult mandate in protecting all Canadians from terrorist threats and we believe they generally strive to do their work in a way that respects human rights," says the submission.

"But history has shown us that serious human rights abuses can occur, not only abroad but in Canada, in the name of national security."

Just last month a Federal Court judge said CSIS broke the law by holding on to electronic data, over a 10-year period, about people who were not considered a danger to national security.

CSIS processed the data beginning in 2006 through its Operational Data Analysis Centre to produce intelligence that can disclose intimate details about individuals.

The improperly retained material was metadata -- information associated with a communication, such as a telephone number or email address, but not the message itself. Therrien's office says metadata must be handled with care because it can reveal medical conditions, religious beliefs and sexual orientation, among other personal traits.

The data is believed to have included digital trails related to friends or family members who knew targets of surveillance, but were not themselves under investigation.

CSIS says sifting through metadata can help identify patterns of movement, communication, behaviours, significant trends and links that are not otherwise apparent.

The law should be changed to ensure such incidental information is discarded once those under investigation "have been cleared of any suspected terrorist activities," the privacy commissioners' submission says.

Other recommendations:

-- Consider technical solutions to encryption, which would allow police legal access to specific locked devices rather than a new law providing broad authority to see encoded communications;

-- Set clear rules to prevent international information sharing from resulting in serious human-rights abuses and violations of Canada's obligations;

-- Ensure all federal institutions with a national security role are subject to expert, independent oversight;

-- Require government agencies involved in law enforcement to report on the requests they make for information from telecommunications firms and others.

Public Safety Minister Ralph Goodale said Tuesday the joint submission would help the government redraft security policy.

"We have two critical objectives to achieve: No. 1, keep Canadians safe, and at the same time ... make sure that Canadian rights and freedoms are respected, along with the open, generous and inclusive nature of our democratic society."