APPENDIX 4: VISIT NOTE21-25
1. This note constitutes the official record of the
Committee's visit to Canada and the United States of America as
part of the inquiry into surveillance and data collection.
Department of Justice Canada and the Public Prosecution
Service of Canada
2. The participants from the Department of Justice
were Mr Stanley Cohen (Senior General Counsel, Human Rights Law
Section); and Ms Sarah Geh and Mr Shawn Scromeda (Counsels, Human
Rights Law Section). Mr George Dolhai (Acting Deputy Director
of Public Prosecutions, Criminal Litigation and Organized Crime
Branch) participated from the Public Prosecution Service of Canada.
3. The Canadian Charter of Rights and Freedomsa
bill of rights entrenched in the Canadian Constitution passed
in 1982supplemented the earlier Bill of Rights which had
on occasion been described as 'toothless'. The Charter played
an important role in protecting personal privacy (particularly
in terms of surveillance) but the jurisprudence was still immature.
There had been an 'ebb and flow' in the decisions of the courts
and it is possible that, in future, they may not be as favourable
towards privacy as previously. One key provision of the Charter
was section 8. Although this section did not provide an explicit
right to privacyit is worded as a protection against "unreasonable
search or seizure"the jurisprudence of the courts
had gone some way towards establishing such a right under this
provision, as well as under the Charter's fundamental justice
provision, section 7.
4. One of the responsibilities of the Department
of Justice (DoJ) was to monitor developments in this field and
to examine different government departments' proposals for data
sharing provisions etc. DoJ lawyers provided advisory services
to all government departments. These lawyers worked in the legal
services of individual departments and at Justice Headquarters,
and provided advice on government initiatives that may affect
privacy interests. In addition, the Minister of Justice had a
statutory responsibility to certify that legislation was compatible
with the Charter of Rights.
5. The privacy commissioners (one at the federal
level and one in each province and territory) played an important
role in monitoring information sharing across government. In general,
the commissioners were concerned about the growth of information
sharing and the aggregation of ever greater amounts of data. There
was also significant concern expressed by privacy commissioners
about information sharing across national borders; for example,
US companies processing Canadian data were subject to US law so
it was not possible for the Canadian government or other bodies
to guarantee the security of those data.
6. The interception of communications by state authorities
was regarded as a very intrusive power which normally required
judicial authorisation. The written application for judicial authorisation
is put together with a great deal of care. It is made available
in any subsequent court proceedings. It was for the courts to
decide whether any parts of the intercept material itself should
be redacted before being disclosed in the course of a prosecution.
The Minister of Public Safety reports annually on the number of
7. Currently in Canada DNA samples were not collected
upon arrest and indeed were taken only pursuant to a judicial
warrant or from people convicted of certain crimes. The use of
these powers was scrutinised by an advisory committee. Potential
changes to DNA provisions were often a matter for public debate.
Mr Michael MacNeil, Director, Public Interest
8. The Public Interest Advocacy Centre (PIAC) was
made up of various consumer groups, operated by holding consultations
and making representations to the government and parliament on
a variety of different subjects, including the privacy implications
of legislative proposals.
9. Whilst the Charter did not articulate a specific
right to privacy, section 8 (on search and seizure) was relatively
well-developed in protecting privacy. Section 7 (on life, liberty
and security of person) was less well-developed in this respect.
In general, there was a tendency to use the Charter as a kind
of 'touchstone' and the courts had said that it should inform
the development of the common law. The Charter was useful because
it set out a series of general privacy principles that could guide
the legislative process. By contrast, specific statute such as
the Privacy Act (which governed the public sector) was liable
to become out-of-date and require regular amendment. Codes of
conduct were probably less useful than legislation for protecting
privacy because of inconsistencies in their application.
10. Turning to intercepts, the system of judicial
oversight was thought to provide a greater measure of protection
although this was hard to prove in practice. It was true to say
that this system tended to encourage authorities seeking a warrant
to make significant efforts to justify their proposed actions.
The intercept material had to be disclosed once the suspect had
been charged, subject to any redactions agreed to by the judge.
Specially appointed representatives were able to view the redacted
Roundtable Discussion at the University of Ottawa
11. The Committee held a roundtable discussion with
the following people: Professor Ian Kerr (University of Ottawa);
Professor Jane Bailey (University of Ottawa); Professor Valerie
Steeves (University of Ottawa); Ms Stephanie Perrin (Service Canada);
Ms Pippa Lawson (Canadian Internet Policy and Public Interest
Clinic); Ms Heather Black (former Assistant Privacy Commissioner
of Canada); and Mr Murray Long (Privacy Consultant, Murray Long
12. In constructing the legislative framework in
this area, it was important to have an overarching statement of
principles setting out the importance of privacy to democratic
society and providing the judiciary with appropriate language
and concepts. An excellent example was Australia's privacy charter.
In order to achieve this, the Canadian Charter needed to be clearer
on what constitutes a 'reasonable expectation of privacy' and
whether this should be understood in terms of a desirable norm
rather than in terms of what people have actually come to expect,
which is subject to decline. This presented problems, however,
because such a concept was bound to be subjective and was likely
to change (probably diminish) as technologies developed and became
standard. The growing use of technologies such as radio frequency
identification (RFID) and social networking sites were particularly
significant in this regard. It was therefore necessary to think
in advance about the acceptable uses of such technologies, including
through the medium of a rigorous public policy debate, whilst
also bearing in mind that certain data may yield more and different
information in the future.
13. In Canada there were privacy commissioners at
both federal and provincial level. The federal commissioner was
an Officer of Parliament who reported to parliament annually,
which provided a good opportunity to highlight the most pressing
issues. However, there were very few effective sanctions available
to the commissioners and there was widespread non-compliance with
the Personal Information Protection and Electronic Documents Act
(PIPEDA) which governed privacy in the private sector. Enforcement
action did take place through the courts but this was very expensive.
It was suggested that it should be made easier for private sector
companies to be held to account and that the privacy commissioners
should be given order-making powers. In addition, the privacy
commissioners in the provinces needed greater resources if they
were to engage proactively in investigations.
14. It was also necessary to tighten up the current
Privacy Act (parliament was in the process of looking at it) which
was weaker than PIPEDA. Unfortunately there was only sporadic
interest in surveillance and data issues in parliament, although
this partly reflected the fact that there was much less surveillance
in Canada than in other countries such as the UK. The Committee
on Access to Information, Privacy and Ethics did play an important
role but tended to focus on headline-grabbing issues like ID theft,
which was not a core data protection issue.
15. It was felt that public awareness of surveillance
and data protection issues was episodic, partly because Canadian
citizens tended to trust the government and its assertions that
bringing in tighter privacy protections meant that government
could not operate so effectively. There had been an outcry in
2000 when it emerged that the state held dossiers on every citizen
(the Longitudinal Labour Force File), but the data sets had subsequently
been decompiled and there were now more effective safeguards in
place. Such episodes raised public awareness. Also, research showed
that people do care about their privacy but express it differently
in different contexts.
16. As for the private sector, people were generally
content to provide their personal information in order to obtain
store loyalty cards and so forthindeed, this was often
a highly rational processbut most of them did not necessarily
consider the cumulative effect of handing over such data to a
range of organisations. They did however show concern when organisations
were perceived to be using data in an underhand or non-transparent
manner. There was also a growing awareness that data could sometimes
be used in ways which could result in discrimination against certain
types of people.
17. There was further concern amongst those present
about the leaching of information from the private sector to the
public sector, particularly in the absence of statutory authorisation.
For example, internet service providers (ISPs) shared information
on child pornography with the police but these arrangements had
never been validated by a transparent public policy decision and
there seemed to be no 'reasonable expectation of privacy' with
regard to ISPs. In this connection, there was also concern about
the use of warrants to gain access to ISP records, and about the
reversal of the presumption of innocence.
18. Similarly there was consternation about the flow
of information (particularly health information) from the public
sector to the private sector when public functions were outsourced.
This was particularly worrying where foreign companies were involved.
Indeed, British Columbia had amended the law so that companies
holding health information have to be Canadian-controlled and
all data processing must take place in Canada, in order to ensure
that data are not exported abroad and then misused.
19. Turning to the issue of DNA, it was felt that
the Canadian government would not be able to introduce the kind
of extensive DNA database that existed in the UK because it would
fall foul of the Charter and the wider privacy culture, and because
of the likely cost to the taxpayer. However, the very limited
database in Canada was growing through 'mission creep'.
Office of the Privacy Commissioner of Canada
20. The Office of the Privacy Commissioner of Canada
was represented by Ms Jennifer Stoddart (Privacy Commissioner
of Canada) and colleagues.
21. The Privacy Commissioner of Canada, an Officer
of Parliament, reported directly to a parliamentary select committee
rather than a minister and her budget was determined by an all-party
review panel chaired by the Speaker of the House of Commons (so
far, the panel had agreed to all budget requests from the Privacy
Commissioner's Office). These arrangements reflected the importance
of the post-holder being autonomous from the Government. Keeping
abreast of technological changes was difficult but they did their
best by employing two full-time technology experts to advise (it
was also possible to commission external advice) and by having
representation on other bodies within and outside Canada where
questions of, for example, wireless technologies and CCTV were
22. Canada also had a federal Information Commissioner,
who was entirely separate from the Privacy Commissioner except
in budgetary terms. The two of them rarely had disagreements.
It was not really important whether there were two separate commissioners
(as in Canada) or one Information Commissioner fulfilling both
functions (as in the UK); it was the powers and resources available
to the commissioner(s) that mattered.
23. The Privacy Commissioner had been calling for
reform of the Privacy Act, which was weaker and more out-of-date
than PIPEDA, although this might be difficult to achieve while
the government lacked a majority. PIPEDA had benefited from the
history of its development, which involved making Canadian privacy
protection 'adequate' in accordance with the EU Data Protection
Directive. Under PIPEDA, private sector privacy disputes were
increasingly being taken to the federal courts, and it would be
desirable for a revised Privacy Act to make it easier to do the
same in respect of the public sector. Government officials resisted
strengthening the Privacy Act.
24. Reform of the Privacy Act should also cover Privacy
Impact Assessments (PIAs). PIAs were currently 'encouraged' through
funding mechanisms under the Treasury Board Directive, and the
Privacy Commissioner was empowered to suggest changes to them
which were usually accepted. However, it would be preferable for
PIAs to be made a mandatory requirement and for them to be made
more widely available to the public in order to inform dialogue.
PIAs gave the Commissioner a window into how major government
programmes worked and into proposals such as the enhanced drivers'
licence scheme. It had taken a while before PIA requirements had
been comprehended by agencies, and the Commissioner had developed
systems for auditing and vetting agencies' PIA practices.
25. It would also be desirable for the Treasury Board
definition of 'data matching' to be broadened so as to increase
the inadequate scrutiny of government activity in this important
area. For example, the courts had ruled that it had been permissible
under the Privacy Act as currently drafted for the public not
to be told that information obtained from landing cards was being
matched with the employment insurance database to ensure that
unemployed people were staying in Canada and looking for jobs.
26. Canadians tended to be instinctively opposed
to the collection and use of DNA along the lines of a UK-style
system. The Commissioner would be particularly concerned by practices
of familial analysis and the sharing of DNA profiles with countries
where the data would be inadequately protected. However, there
had been a gradual increase in the use of DNA in Canada and the
Royal Canadian Mounted Police had pointed to the UK as a model
in this regard. The defence industry was also finding new uses
for DNA. Developments in forensic science acted as a driver to
Information Commissioner of Canada
27. The current Information Commissioner, Mr Robert
Marleau, had previously been the Clerk of the House of Commons
and subsequently the Interim Privacy Commissioner (IPC). Like
the Privacy Commissioner, the Information Commissioner was an
Officer of Parliament which reinforced his independence from government
and his influence with parliament.
28. There had been an inquiry in 2005, conducted
by a former Justice of the Supreme Court, Gérard La Forest,
into the question of whether the roles of Privacy Commissioner
and Information Commissioner should be merged (as in the UK).
Both Mr Marleau and Jennifer Stoddart, the Privacy Commissioner,
had opposed such a merger. The inquiry had also come out against
a merger because, while there was not much interest outside Ottawa
in access to information, there was a strong interest in privacy
(especially in light of 9/11) so a full-time Privacy Commissioner
was needed. There was also a tension between the principles of
privacy and access to informationalbeit a generally positive
tensionso it was preferable to have two separate commissioners
representing people's rights in each area. Both commissioners
should share a mandate to educate the public.
29. Where privacy and public access were both involved
in an issue, Mr Marleau thought that one should err on the side
of privacy. In fact, there had only been one court case in 25
years in which the two conflicted, and public access had lost
out. Since 2005, there had been a parliamentary committee on Access
to Information, Privacy and Ethics. It was a useful committee,
providing greater scrutiny of freedom of information and privacy
protection issues. The committee was able to subject bills to
pre-legislative scrutiny, although it had not yet done so. The
Information Commissioner could give to the committee 'performance
report cards' on government departments.
30. As IPC, Mr Marleau had faced two key issues:
CCTV and ID cards. His predecessor, George Radwanski, had campaigned
strongly against CCTV and brought a major case in British Columbia.
However, the case was becoming very expensive and would probably
have been lost on grounds of jurisdiction, so Mr Marleau decided
to drop the action. He reached agreement with the police that
guidelines on CCTV use should be formulated, and these were published
in 2006. This informal, non-statutory approach was preferable
to passing detailed legislation which might result in drawn-out
court cases. Similarly, the large number of CCTV cameras in the
UK would not necessarily be a problem provided that there were
clear guidelines and policy statements, as well as maximum transparency.
31. Mr Marleau had taken a very firm stand against
ID cards when he was IPC because there had been insufficient justification
for introducing them. The issue had arisen again recently with
enhanced drivers' licences which would, using radio-frequency
identification (RFID) technology, speed up border crossings into
the USA. Not only might this scheme be a first step towards a
national identity card, there was also concern about sharing personal
information with the USA (which could potentially turn that information
into a commercial product) and about possible data mining.
Mr Larry Kearley, Vice-President, Canadian Access
and Privacy Association (CAPA)
32. The Canadian Access and Privacy Association (CAPA)
was a national non-profit organisation which aimed to promote
knowledge and understanding of access and privacy laws and experiences
in Canada. It dealt with both the three levels of government (federal,
provincial, local) and the private sector.
33. The Canadian Charter and the European Convention
on Human Rights had much in common. They were both quite vague,
unlike the American Bill of Rights, but this allowed a measure
of flexibility which enabled them to accommodate changes in society
and so forth. However, it was noteworthy that neither document
was specifically aimed at surveillance or data issues.
34. There were however significant differences between
the UK and Canada in terms of levels of surveillance and data
collection. For example, the UK was well-known as a CCTV society,
whereas Canadians were very suspicious of surveillance camerasperhaps
because of the lower crime rates and risks of terrorism compared
with the UK and the USA, although Canadians were concerned about
crime and child pornography. In addition, it was significant that
the UK had only one privacy/information commissioner for 60 million
people, whereas the Canadians had numerous privacy and information
commissioners for just 30 million people.
35. A potential danger facing all countries was the
increase in cross-border information flows. There were particular
dangers from outsourcing personal data to countries such as India,
where privacy protections tended to be weaker. Moreover, many
of these high-risk countries suffered from terrible poverty so
the chances of identity theft were much higher than elsewhere.
36. The effective protection of privacy required
a mixture of laws, codes of practice and privacy-enhancing technologies
(PETs). Members of the public could use encryption and anonymity
devices, but only a minority would be able to benefit from these
unless they were built into software. Chief Privacy Officers could
be useful but in the private sector they saw their primary role
as protecting their companies rather than limiting the invasion
of customers' privacy. Privacy Impact Assessments were also a
good idea, but so far were used mainly in the private sector,
and for risk assessment.
Madam Justice Rosalie Abella, Supreme Court of
37. The Canadian Charter of Rights and Freedoms had
had a very significant impact on the country's jurisprudence.
The Charter contained both 'freedom from
to those contained in the US Bill of Rightsand equality
rights, which had gained currency after the Second World War.
38. There had been a Bill of Rights (enacted in 1960)
before the Charter, but judges had not generally been comfortable
with the idea of enforcing rights and pronouncing on state-citizen
relations. Once the Charter was enacted in 1982, the Supreme Court
increasingly took up the concept of rights and in the 1990s encountered
significant hostility from the media and the public over its attempts
to uphold the rights of the accused and of gay people. In the
current decade, the Court had perhaps retrenched from some of
the more radical decisions of the 1990s. Crucially, it was possible
for parliament, in extremis, to overrule the court's interpretation
of the Charter.
39. Most significant privacy rulings of the Supreme
Court had been concerned with criminal issues, although there
had been a very important ruling establishing a woman's right
to choose to have an abortion. A recent ruling on informational
privacy in R. v Tessling  had concerned airborne
Forward Looking Infra-Red cameras (FLIRs) heat-sensor devices
that could help to search for marijuana cultivation in buildings
and whether the police needed a warrant to operate them. The lower
courts had ruled that a warrant was needed, but the Supreme Court
overturned that decision. An important issue was what constituted
a 'reasonable expectation of privacy'. This should always be a
contextual assessment because in certain circumstancessuch
as when you cross a national borderyou inevitably have
a reduced expectation of privacy. Indeed, the courts had upheld
the idea that people have a reduced expectation of privacy in
certain places. However, even with a contextual assessment the
'reasonable expectation' formula was ambiguous because of the
different expectations of different kinds of people: for examples,
whites, ethnic minorities or gay people.
40. The British courts had been robust in upholding
citizens' rights, for example in the rulings on the detention
of foreign terrorism suspects and control orders. It also appeared
that privacy rights in the UK were increasingthe Naomi
Campbell case being a prime examplebut they were still
not well-defined. However, it would not necessarily be advisable
for a tort of privacy to be developed in the British courts.
Mr Ken Anderson, Assistant Commissioner (Privacy),
Office of the Information and Privacy Commissioner of Ontario
41. In Ontario there was just one commissioner responsible
for both information and privacy (Dr Ann Cavoukian), but she had
two assistant commissionersone dealing with information
and the other with privacy. With 93 employees in total, the Office
was very well staffed.
42. Whilst the Assistant Commissioner (Information)
focused predominantly on tribunals, Mr Anderson spent 90 per cent
of his time on advocacy and research. A key role of the Commissioner's
Office was to influence politicians and police chiefs on privacy
and access issues, for example through policy briefings, meetings
and communications with the media. The Office also worked with
interest groups and the Human Rights Commission. It aimed to gain
leverage by working with players in various fields to make systematic
changes; for example, the Office had worked with Facebook (a popular
social networking website) to enhance privacy and online safety.
At the international level, the Office had discussed with the
USA's Department of Homeland Security matters such as the information
held on passengers taking cross-border flights.
43. Privacy Impact Assessments (PIAs) could be useful
but they varied widely in quality. It was not sufficient simply
to produce a template PIA and leave it at that, because constant
thought and improvement were required. In Ontario, PIAs were used
extensively in the healthcare fieldespecially by large
organisationsbut should also be extended to other sectors.
It was sometimes desirable to use PIAs to do a "snapshot"
of existing policies; for example, this might be a good way of
assessing the use of CCTV in the UK.
44. CCTV was not as popular in Canada as it was in
the UK, although around 70 per cent of Canadians supported its
use on public transport (a figure which tended to rise to 80 per
cent or more if there had been a recent criminal incident). All
privacy commissioners in Canada produced guidelines on the use
of CCTV. The Office worked with the police to limit the collection
of images. The latest suggestion for enhancing people's privacy
was to encrypt images of people caught on CCTV (particularly where
the camera's primary purpose was something other than crime prevention)
in order to anonymise them. Images could subsequently be unencrypted
where necessary, for example if a crime was committed.
45. In Canada, the rules governing the collection
and retention of DNA samples were set out in the Criminal Code,
which had the force of statute. The police were able to take DNA
samples in certain specified circumstances, although generally
they had to apply to the courts for a warrant. DNA samples could
also be taken from volunteers, but there were no provisions in
the Criminal Code governing retention in such circumstances. Canada
had no equivalent of the UK's National DNA Database Ethics Committee.
UNITED STATES OF AMERICA
Mr Tom Oscherwitz, Vice President of Government
Affairs and Chief Privacy Officer, IDAnalytics
46. IDAnalytics was a company that collected personal
data in order to deliver accurate predictions of the likelihood
of identity risk associated with applications for credit. Having
collected the available data, the company processed them (through
a series of complex computer programmes) to produce a 'score'
which was given to clients; the data themselves were not shared
with clients so there was minimal risk of data being misused.
47. The kind of assessments provided by IDAnalytics
were needed because business nowadays operated in a more impersonal
and less 'one-to-one' way than in the past. It was desirable for
trusted parties to hold large amounts of data which could be used
to provide a conclusion or summary to bank and other organisations,
because this kept the data secure and removed the need for large
amounts of information to be disseminated. In addition, holding
data could help to protect people's privacy by preventing fraud
and identity theft, which in itself was a social good. Data mining
could also be beneficial, but it was important to avoid mission
creep. It was difficult to determine where privacy protection
ended and identity verification began.
48. The proliferation of chief privacy officers was
a relatively new phenomenon. The role involved ensuring compliance
with relevant laws and regulations and adherence to the company's
served to provide an interface with members of the public over,
for example, access to information requests.
Centre for Democracy and Technology
49. The participants from the Centre for Democracy
and Technology (CDT) were: Mr Greg Nojeim (Senior Counsel and
Director of CDT's Project on Freedom, Security and Technology);
Mr Ari Schwartz (Vice President and Chief Operating Officer);
and Professor Peter Swire (Policy Fellow).
50. In addition to the US Bill of Rights, the US
Constitution provided an architecture of checks and balances that
enabled any excesses by government departments to be discovered.
There was nonetheless a need for the executive to exercise self-restraint
when it came to the invasion of privacy, for example through the
use of due diligence checklists which had the potential to cool
the initial enthusiasm about a particular idea by highlighting
possible problems and downsides. Privacy Impact Assessments (PIAs)
were useful in this regard, because they were made public and
therefore increased transparency and forced departments to answer
concerns. However, if departments were determined to press ahead
with particular schemes, it was unlikely that PIAs could make
51. The Clinton presidency, taking its lead from
Canada and the private sector, had viewed PIAs as a best practice
tool. Since 2002 they had been required in certain circumstances
but they tended to be very variable in quality, and some amounted
to little more than 'box-ticking' exercises. For example, the
PIA of the new passport system had been only one page in length.
However, as part of the reauthorisation of the E-Government Act,
further consideration was being given to how PIAs ought to be
conducted. The Office of Management and Budget (OMB) in the executive
branch was drafting a 'best practice' manual on PIAs.
52. There were no privacy commissioners in the USA
and, while it would be desirable to introduce them, it was in
reality necessary to work with the existing bodies such as the
Federal Trade Commission (FTC). The CDT sometimes took winnable
cases to the FTC on issues such as spyware.
There was also a Privacy and Civil Liberties Oversight Board which
was tasked with advising the President in the context of the fight
against terrorism, although it had initially been seen as too
close to the White House. The Board had now been re-modelled and
was likely to be more independent, with its members having to
be approved by the Senate, but it currently had neither members
nor funding. It would probably not start operating until the next
President took office.
53. The current administration, with its overwhelming
focus on national security, was thought to have neglected the
issue of personal privacy. In particular there had been widespread
abuse of so-called National Security Letters (NSLs) which enabled
the FBI, without obtaining a court order, to require a particular
entity or organisation to hand over various records and data pertaining
to individuals. It was particularly notable that NSLs could be
used to obtain personal data from overseas that were held by American
companies. Moreover, the FBI was entitled to forbid an organisation
subject to an NSL from telling anyone about the demand. Congress
had put in place an audit system which had picked up some of the
abuses as well as ascertaining that NSLs had been used hundreds
of thousands of times. The government had subsequently issued
better-practice guidelines but it was not certain how far they
were being followed.
54. There was a more general concern that the protections
provided by the 4th Amendment (protection from unreasonable search
and seizure) were getting progressively weaker. First, the government
had undermined the principle that warrants were required for searches
and seizures, often by classifying investigations as foreign intelligence
gathering rather than regular law enforcement, thus bypassing
traditional 4th Amendment protections. Second, the Supreme Court
had become chary of the 4th Amendment and had made it less useful.
Access to communications data was not covered by the Amendment
because the 'search and seizure' pertained to internet service
providers rather than individuals or their homes.
55. Another key concern was the REAL ID Act, which
provided for homogenised federal driving licences. There was considerable
opposition to this scheme from the states and the public because
it federalised something that had been under state control. Moreover,
it was easier for the federal government than state governments
to share people's personal data, and federal law trumped any privacy
requirements in state constitutions.
American Civil Liberties Union
56. The participants from the American Civil Liberties
Union (ACLU) were: Mr Wes Macleod-Ball (Chief Legislative and
Policy Counsel); Ms Michelle Richardson (Legislative Counsel);
and Mr Jay Stanley (Public Education Director, Technology &
57. Attitudes to privacy did not break down on political
lines: just as many libertarian Republicans as Democrats were
concerned about the erosion of privacy, so there was a great opportunity
to make progress. Whilst national security remained a high priority
amongst Americans, a growing number of them were becoming increasingly
concerned about privacy issues although they did not always understand
what happened to their data in terms of profiling and sharing.
The ongoing challenge was to show people how they could be affected
by certain initiativesespecially the PATRIOT Act and programs
similar in means and ends to the now defunct Total Information
Awareness (TIA) Program (such as the one that the NSA seems to
be pursuing)in practical, concrete ways. The ACLU strongly
encouraged members of the public to put any concerns to their
congressmen, which was often more effective than direct lobbying
or litigation. The media also played a hugely important role.
58. It was essential that controversial legislation
such as the PATRIOT Act should contain sunset clauses, because
Congress was generally loath to revisit legislation unless they
had to do so. It was perfectly possible for law enforcement agencies
to adjust to changes in their powers.
59. The excessive collection of personal data by
the government was thought to be a breach of privacy in itself,
regardless of whether those data were subsequently used for malign
purposes. There was particular concern about the REAL ID Act which
was seen as a mechanism for introducing a de facto national
identity card. Not only were the ACLU concerned about a potential
shift towards a 'checkpoint society' where citizens have to show
their papers or identification on a regular basis, they were also
worried about the database behind the cards because the aggregation
of data could be very problematic given the potential insecurity
of the database. There was further concern about the private sector's
realisation that collecting their customers' data could be commercially
advantageous, particularly since the government could potentially
seize or buy those data.
60. The collection and retention of DNA samples was
another pressing issue in the USA. Almost all states required
convicted felons to be on a DNA database, but a battle was now
being fought over whether arrestees should also be added as in
the UK. However, unlike in the UK, most states pursuing this path
were also specifying that an arrestee's sample should be removed
if he or she was not charged or convicted of an offence.
Roundtable Discussion at the Electronic Privacy
61. The Committee held a roundtable discussion at
the Electronic Privacy Information Center.
62. The events of 9/11 had resulted in the prioritisation
of national security, often at the expense of privacy and civil
liberties. This went well beyond the USA PATRIOT Act which, although
very important in itself, had assumed a symbolic importance and
had been kept in the public eye by the need to renew the sunsetted
provisions. But just as civil liberties were coming increasingly
under threat in the name of national security, the Supreme Court
had arguably moved away from protecting such liberties. This meant
that advocacy groups had become more important than ever. Technology
helped them to organise public campaigns quickly and effectively
and they continued to be active on Capitol Hill and in the media.
63. The National Commission on Terrorist Attacks
('the 9/11 Commission') had emphasised that new security measures
needed to be counter-balanced by oversight. Chief Privacy Officers
were an important part of this oversight process and had made
an effort to 'reach out', but they had to oversee a huge policy
areaparticularly Hugo Teufel in the Department of Homeland
Security (DHS)and were not genuinely independent (those
in the DHS and the Department of Justice were political appointees).
Moreover, PIAs were not as effective as they could be: the statutory
requirements were minimal; they were only effective when the organisation
in question was committed to them; they were sometimes conducted
after the scheme in question had already been implemented; and
the sheer volume of them often diluted the impact of even the
most important ones.
64. There were big cultural differences between the
USA and the UK in terms of public attitudes towards CCTV. After
9/11, there had been proposals to create a UK-style CCTV system
in the USA but these had been met by serious concerns from both
sides of the political spectrum. The biggest driver behind CCTV
in Washington DC was crime rather than terrorism, and CCTV images
were generally only viewed in the course of investigating a specific
crime. There were more cameras in New York City, where Mayor Michael
Bloomberg had proposed a security system similar to the 'ring
of steel' around the City of London. It was notable that the Department
of Homeland Security (like the Home Office in the UK) encouraged
the installation of CCTV by offering funding to local councils.
65. There was a very real threat of 'ubiquitous surveillance'
in the future, for example if CCTV cameras were linked into Google's
'Street View' product. Further threats were presented by potential
technological developments which would, among other things, make
CCTV cameras much harder to spot. The current legislation (e.g.
the Video Voyeurism Protection Act 2004) and the common law provided
inadequate protection against these threats. In light of this,
and the fact that no challenges to CCTV had so far been made under
the US Constitution, it was necessary to promulgate a set of principles
governing the use of CCTV. The concept of a 'reasonable expectation
of privacy' could be useful, but it could also lead to an inexorable
spread of CCTV in high crime areas (because of lower resistance
to CCTV amongst the local community) and the automation of policing.
66. It was possible that Congress would only be prompted
to take action by a high-profile Supreme Court case, perhaps involving
a celebrity. This reflected the fact that it was often necessary
to have some 'trigger' event before the exertion of central control
became acceptable to the public or palatable to politicians. It
was also necessary for the civil rights community to engage with
CCTV and related issues, moving on from the issues of the 20th
century and confronting the new challenges presented by technology.
Such an engagement with the issues would increase the pressure
67. Public opinion in the USA was generally against
identity cards. The REAL ID Act (see paragraph 55 above) had never
been properly debated in Congress and there was now a considerable
public backlash against it. Around 20 states had passed legislation
opposing the Act and there was an ongoing stand-off between the
states and the Department of Homeland Security. There was also
a dispute about who should pay for the scheme. The main problem
in many people's eyes was the database behind the identity documents.
It would be preferable (and possible) to design a system whereby
only the individual could 'unlock' information about themselves.
This would avoid the dangers of having an enormous database and
remove the temptations of 'function creep'. However, even revealing
a name would enable law enforcement officials to conduct further
searches, so it might be desirable to have a system whereby individuals
could establish their entitlement to something but without revealing
68. The courts had upheld the DNA database on the
basis that convicted felons have a lower expectation of privacy
than others. However, law enforcement agencies were constantly
pushing the boundaries; for example, the FBI had proposals on
familial searches and partial matches (which could well fall foul
of the courts) and there was a suggestion that some police forces
had taken to following suspects in an attempt to obtain an item
which might yield a DNA sample and thus link the suspect to the
scene of a crime.
Office of Representative Jerry Nadler
69. In the absence of Representative Jerry Nadler,
the Chairman of the House Judiciary Subcommittee on the Constitution,
Civil Rights and Civil Liberties, the Committee met with his Chief
of Staff, Mr David Lachmann, and his Legislative Counsel, Ms Carole
70. There had been many abuses of National Security
Letters (NSLs) since the USA PATRIOT Act had been passed. A bill
put forward by Representative Nadler would restore many of the
pre-PATRIOT controls on the issuance of NSLs, but the administration
was resisting the bill because it felt that the issue could be
dealt with by means of administrative changes. The bill did not
have the Republican support it needed to pass the House, partly
because the law enforcement agencies had said that they felt that
the proposed changes to the current regime would stop them doing
their jobs properly. Nonetheless, there was considerable momentum
behind the aims of the bill.
71. Chief Privacy Officers (CPOs) could be a valuable
assetindeed, the first CPO at the Department of Homeland
Security, Nuala O'Connor Kelly, had been highly respectedbut
generally they lacked the degree of independence that CPOs across
the world tended to have. It would therefore be desirable to bring
in a new generation of more independent CPOs.
72. The REAL ID Act was a big issue at state and
local level and there was in general a visceral public opposition
to ID cards in the USA. Indeed, the federal government was offering
grants to encourage reluctant states to implement the Act. There
were also constitutional concerns regarding requirements placed
on immigrants and visitors, and issues of due process. A recent
US Supreme Court case on voters' ID had raised issues about impediments
to voting and whether a requirement for ID was an impediment if
the ID did not have to be paid for by the voter.
Federal Trade Commission
73. The Committee met with Commissioner Jon Leibowitz
74. The Safe Harbor arrangement provided a way for
US companies to comply with the EU Data Protection Directive.
So far, the Federal Trade Commission (FTC) had not dealt with
any problems or complaints under the arrangements and, whilst
they were by no means perfect, this was taken to be an indication
of adequacy. Data flows across national boundaries were now very
common and it would be desirable for different countries to agree
common standards; however, this would be very difficult in practice.
75. The FTC could intervene if a US company holding
data on UK citizens unlawfully shared or lost that data. However,
if those data were demanded by a US law enforcement agency (for
example through a National Security Letter) then the FTC was not
empowered to do anything. Indeed, whilst the FTC liaised with
government on a departmental or agency basis, it did not have
any jurisdiction over other governmental organisations.
Department of Homeland Security
76. The participants from the Department of Homeland
Security (DHS) were: Mr Hugo Teufel III, Chief Privacy Officer
and Chief Freedom of Information Act Officer; Mr John Kropf, Deputy
Chief Privacy Officer; and other members of staff.
77. Privacy Impact Assessments (PIAs) were required
in certain circumstances under section 208 of the E-Government
Act 2002, although the DHS also carried out some PIAs not required
by statute (e.g. the PIA on full body imaging). The DHS PIAs were
based on the eight 'fair information principles' which in some
ways resembled the principles in the UK Data Protection Act. PIAs
were useful because they forced the DHS to think very carefully
about privacy and how to build in privacy safeguards. The system
also had 'teeth' because, unlike in Canada, PIAs were linked to
funding. It was important that PIAs should be made public so as
to inform peopleand perhaps give them confidenceabout
the government's activities.
78. A handful of government departments, including
the DHS, had been required to employ Chief Privacy Officers (CPOs)
since the 9/11 Commission reported. The different CPOs worked
very closely together. CPOs were desirable because it was better
to counsel and advise departments from the inside, rather than
have an independent privacy officer (such as Richard Thomas) criticising
from the outside. However, it was true to say that CPOs varied
in their approaches depending on how seriously they were taken
and how independent they were. It might be advisable for the United
Kingdom to use departmental CPOs.
79. It was important to note that key decisions to
invade individual privacy were taken by legislators, not by government
agencies and their employeesit was up to Congress to scrutinise
proposals and approve or disapprove them. The DHS talked informally
to Congress and testified as part of the oversight process, but
the CPO served the President and the Secretary of the Department
of Homeland Security so would not express views to Congress that
disagreed with the President's policies. However, he did see it
as his responsibility to speak candidly within the DHS itself.
Mr Ken Mortensen, Acting Chief Privacy and Civil
Liberties Officer, Department of Justice
80. It was important to have an officer focused on
privacy issuesindeed, the job of the CPO was to protect
the public from the Department of Justice (DoJ). Unlike the CPO
in the DHS, the CPO in the DoJ oversaw civil liberties issues
but not freedom of information. He was also more integrated into
the rest of the department so tended to be present during the
policy development phase, whereas the DHS CPO had an independent
81. The Office of Legal Counsel (OLC) within the
DoJ consisted of lawyers tasked with determining the meaning of
existing laws and setting out the ways in which the executive
could or could not act. The courts paid heed to OLC opinions.
Most government agencies also had a general counsel who was able
to ask the OLC to clarify any points of legal uncertainty.
82. Until recently in the United States, it had only
been possible to take DNA samples from convicted criminals, but
law enforcement agencies were now permitted to take samples from
arrestees for purposes of identification. The samples were to
be kept for 100 years, as with fingerprints, and there was a possibility
of a certain amount of 'function creep'. Fingerprints and basic
biographical information could be shared across law enforcement
agencies but there were severe restrictions on sharing with other
bodies. There was a mechanism for data matching across states
for criminal justice-related purposes as well as for some non-criminal
justice purposes where access was possible (for example criminal
record checks for employment).
234 Spyware is computer software that is installed
surreptitiously on a personal computer to intercept or take partial
control over the user's interaction with the computer, without
the user's informed consent. Back