A US Federal Court has declared that the Bush-era "warrantless wiretap" program was unlawful. The administration, up to and including the Obama administration, argued that in a time of war, it was lawful to eavesdrop on communications without a warrant, particuarly international communications. The decision is here: http://cryptome.org/alharamain-v-nsa.pdf and the New York Times' has an article on the decision here: Federal Judge Finds N.S.A. Wiretaps Were Illegal - NYTimes.com.

Labels: national security, surveillance, warrants

The incomparable Frank Work, Information and Privacy Commissioner of Alberta, appears to have an opinion on body scanning technologies.

Privacy boss pans scans

New naked body security measures at airports don't fly, he says

By MICHAEL PLATT

The thin edge of the wedge -it's not the happiest of analogies when the subject is naked body scans and orifice-probing technology.

But that's the uncomfortable warning from Alberta Privacy Commissioner Frank Work, following a federal decision to install full-body security scanners at major Canadian airports, including Calgary and Edmonton.

Blasting the move as a serious blow to personal privacy and dignity, Work says he expects the obvious flaws in body-scanning security will result in more high-tech "toys" to fill the gaps.

"What will they do next, after the next incident? We're running out of toys and technological silver bullets," said Work, one day after the federal government announced the new airport security measures.

Work guards the privacy of Albertans, be it information or images.

If this was an Alberta rule or an airport decision, Work would surely step in and prevent the visual strip-search.

But being federal legislation, Work fears there is nothing he can do to block the airport scanners, which expose naked images of passengers to the eyes of prying security staff.

"The bottom line is it's a dignity issue, and either out of fear or because we don't want to stand in line too long, we've forsaken any notion of dignity -- it's like, all right, we'll assume the position," said Work.

He's awaiting a call from federal Transport Minister John Baird, but Work believes his hands are tied.

Work said that because human-monitored body scanners aren't perfect, showing only a surface view of the nude passenger, he believes it's a matter of time and/or tragedy before the next step is taken.

"The system is still prone to failure, so let's say the next guy packs his ass with however many grams of (plastic explosive) he can shove up there, and either successfully or unsuccessfully detonates it. What do they do next?" said Work.

"How do they trump full body scans? There actually is a device called the BOSS -- the Body Orifice Security Scanner -- where you sit in a plastic armchair and it can detect plastic or metal in body orifices. Is this next?"

The privacy boss knows his technology, and the chair he references is used in U.S. prisons, in lieu of the old rubber glove approach. That it could easily be installed in airport security areas is a squirmy thought.

Work believes it's just a matter of time.

"At what point do we say, 'Holy crap man, you're patting me down, you've got pictures of me naked, you've got me squatting on a chair, and you've taken my water bottle away'. I mean at what point is enough, enough?"

The federal government is installing 44 of the $250,000 body-scanners across Canada, as well as implementing a new system of visual observation, where security staff will monitor passenger behaviour.

The changes come in response to a Christmas Day attempt to blow up a jetliner over Michigan, when a Nigerian man failed to ignite explosives sewn into his underwear.

While the new body-scanners reportedly wouldn't have caught the underwear bomber -- the explosives were spread too thin -- U.S. demands for extra security have forced countries like Canada to follow suit.

Work says Canada obviously has little choice, if citizens want to travel internationally.

While the U.S. is forcing Canadian travellers to surrender their dignity, Work said the real danger is people starting to believe in safety, purchased through an invasion of privacy.

"The thing that troubles me most as the privacy commissioner, is we're getting more and more used to this stuff.

"Maybe we have to throw in the towel on the body scanners, but the next time the police or authorities come along wanting to blanket the city in cameras for safety reasons, we'll be that much more compliant."

Labels: air travel, airlines, homeland security, national security, privacy

For over a year now, the United States and the European Union have been negotiating an arrangement so that US law enforcement and national security organizations can have easier access to data in Europe and about Europeans. The New York Times is reporting that that the two parties are closer to an arrangement that would permit trolling through personal information for suspicious activities, such as the review of SWIFT data that the American government undertook as the data was resident in the United States. One of the remaining issues is whether European citizens will have an ability to sue the Americans for misuse of their data.

The fact that Europe and the Bush administration are engaged in this process is a good thing. The alternatives are to shut off the tap entirely, which may not be a good idea, or to allow American authorities to freely troll through European data as easily as information about Americans, which would be worse. In Canada, Maher Arar learned the hard way about what can happen if an unstructured, unregulated information sharing "system" results in the transfer of unreliable information to the Bush administration.

Recently, the Canadian Bar Association presented its recommendations to Parliament, demanding that all information sharing arrangements be in writing with safeguards and oversight to make sure that information is accurate and does not unreasonably invade personal privacy.

The NYTimes article is here: U.S. and Europe Near Accord on Privacy - NYTimes.com.

Thanks to Rob Hyndman for the link.

Labels: europe, law enforcement, lawful access, national security, patriot act, privacy

I thought this was interesting and a sign of the times in the US ...

It is now newsworthy that a confidential manual from Comcast written to assist law enforcement in properly requesting customer information suggests they take privacy seriously! I'll repeat: they appear to take customer privacy seriously. Declan McCullagh has more: Secret manual shows Comcast (gasp!) protects customers' privacy The Iconoclast - politics, law, and technology - CNET News.com.

Labels: law enforcement, national security, privacy

It appears that SWIFT is going to move its global data centre from the United States to Switzerland, to avoid having to deal with US fishing expeditions. See:

heise online - SWIFT puts EU data beyond the immediate reach of the US

SWIFT puts EU data beyond the immediate reach of the US

The supervisory board of SWIFT has approved the plans for the restructuring of the systems architecture of the financial messaging network the outlines of which had been known for some time. The core of the realignment is the creation of a global data processing center in Switzerland. To this will be added a command-and-control center in Hong Kong. The first step toward the realization of the project that has now been approved by the supervisory board will involve the expansion of the central news platform of SWIFT, in an attempt to aid the setting up of several processing zones.

By engaging in the restructuring effort that is scheduled to be completed by the end of 2009 the financial messaging network based in Belgium is trying to accomplish a score of targets aimed at satisfying the desires of customers. Thus by preventing immediate access by US authorities to international transfer data -- as is currently the case via the network's computing center in the United States -- data privacy concerns are to be dispelled. In addition SWIFT hopes that the new message architecture will boost the processing capacity of the system, improve reliability, lower information transfer costs and, into the bargain, open up new business opportunities in general.

The financial messaging service intends to create two message processing zones: Europe and Transatlantic. The new global computing center would as a partner of the extant European data processing center, among other things, take on the mirror function of the current US facility, the organization declared. Transfer information belonging to the European zone would be processed and, if need be, stored there. The Swiss location would also process and store data emanating from the US center, it was said. "Messages within a zone will in future remain in their region of origin," SWIFT CEO Lázaro Campos said by way of explaining the new principle, which takes account to a greater degree of concerns voiced by data privacy watchdogs and members of the European Parliament and which will define the future modus operandi for the European Economic Area at least.

According to statements made by SWIFT the choice of Switzerland as the seat of its global data processing center was the result of a comprehensive survey of possible European locations. The decisive factors determining the choice of location had been the suitability of existing infrastructure, the availability of skilled staff and the presence of an appropriate framework of data privacy legislation, SWIFT noted. Switzerland had fulfilled these criteria to an outstanding degree, the organization observed. The financial messaging network has put the costs of the approved initiative at the one-off sum of 150 million euros. In addition some 50 jobs would be created in the European and Asian branches of SWIFT, it was said.

The network has managed to secure a safe harbor agreement for the existing data center in the United States that will stay in effect until the new Swiss computing center commences operations. The company has thus volunteered to abide in the US by data protection provisions that accord with European standards, allowing it thereby to benefit from the transatlantic safe harbor concept. A breach of the data protection provisions agreed to could in theory cause the Federal Trade Commission (FTC) to intervene. However, as the United States can on its territory order data to be handed over the seizure order of the US government remains in force for the time being. SWIFT has, however, assured its customers that it has implemented "unique protective measures" and has received "security guarantees" from the US government for the remaining period of time. These fulfilled the obligation to protect the privacy of customer data and the requirements of EU and US law, the organization stated. One of the most important data access restrictions was the one according to which the US Treasury Department was only given access to data that met specific search criteria in the context of a terror investigation, SWIFT explained. There was moreover a supervision regime in place when data requested by a US authority was made available to the authority in question, the organization added.

SWIFT processes international bank transfers with a volume of about 4.8 trillion euros every day. About 8,100 banks from 208 countries and regions are connected to the network. On its busiest day to date 13,663,975 bank transfer messages shot through SWIFT's data lines. Last year it emerged that US security authorities have access to SWIFT servers and are in a position to analyze the information that is being collected. Following the safe harbor assurances given by SWIFT the European Commission has given its blessing to the current financial-data access regime in the United States. In the US two customers of US banks have filed lawsuit alleging that bank transfer data of theirs was illegally passed on to security authorities by the network; the government for its part is trying to block these lawsuits. (Stefan Krempl)

For previous posts on this topic, see SWIFT.

Labels: law enforcement, national security, privacy, swift, warrants

The US Bill of Rights Defence Committee has produced a two-part video on National Security Letters under the USA Patriot Act. There are additional materials on their website: FBI Unbound: How National Security Letters Violate Our Privacy

Labels: law enforcement, national security, patriot act, privacy, surveillance, warrants

Over the last week, there's been a huge fuss in the media and among bloggers about the consultation that was initiated by the Department of Public Safety over an apparent revival of "lawful access" in Canada. Two things really seemed to catch the attention of commentators: first, the suggestion that the government is again contemplating a system of warrantless access to personal information and, second, that the consultation was taking place in secret. I first heard about it from Michael Geist, who deserves a lot of credit for making it well-known (Public Safety Canada Quietly Launches Lawful Access Consultation). Since then it has been widely reported on in the media and among bloggers.

So what is the fuss about? I hope I can provide some background and context for some of the discussion that is taking place.

Canadian law enforcement and national security agencies are looking for a quick and easy way to obtain access to the names, phone numbers, IP addresses, etc of customers of Canadian telecommunications service providers. (Quick and easy, in this context, means without the delay and paperwork involved in applying to a judge for a search warrant.) This information is sought in a number of contexts, including in the very beginning of investigations or as part of "intelligence gathering." It is also sought, at times, when there is insufficient evidence to connect an individual to a crime so that a judge would not issue a warrant. (Which raises the question: Why should the police be able to require the information without oversight in circumstances where a judge says that the Charter of Rights and Freedoms doesn't permit them to require the information?)

So why shouldn't telecommunications service providers, being good citizens, hand over this information when asked by the police or by national security agents? Simply put, because it is illegal for them to do so. Since 2001, Canadian telecommunications service providers have been subject to the Personal Information Protection and Electronic Documents Act (aka "PIPEDA"). PIPEDA requires the consent of the individual for all collection, use and disclosure of personal information, subject to a number of exceptions. "Personal information" includes any information about an identifiable individual. If it is information and it's about an identifiable individual (either alone or in combination with information that it accompanies), it's "personal information". This would include my name, my address, my phone number, the IP address of my computer, etc.

Some might say that's public information, because my name and phone number may be in a phone book. Interesting point, but that doesn't remove the protections to the information if it is in the hands of my TSP. If the police get it from the phone book, then they can do what they want with it. But if they want to get it from my TSP, then it is personal information and the TSP can't disclose it unless a "consent exception" applies. (See s. 7(1)(d), 7(2)(c.1) and 7(3)(h.1) of PIPEDA and, very importantly, the Regulations Specifying Publicly Available Information (SOR/2001-7)).

The police (who are not bound by PIPEDA) may be within their rights to ask for the information, but TSPs (who are bound by PIPEDA are not able to hand it over without consent unless a PIPEDA consent exception applies. Section 7 contains many consent exceptions, some of which might apply in the circumstances described in the consultation document put out by Public Safety Canada:

"Some [telecommunications] companies provide this information voluntarily, while others require a warrant before providing any information, regardless of its nature or the nature of the situation. If the custodian of the information is not cooperative when a request for such information is made, law enforcement agencies may have no means to compel the production of information pertaining to the customer. This poses a problem in some contexts. For example, law enforcement agencies may require the information for non-investigatory purposes (e.g., to locate next-of-kin in emergency situations) or because they are at the early stages of an investigation. The availability of such building-block information is often the difference between the start and finish of an investigation."

Under PIPEDA, TSPs can likely disclose information about a customer in an emergency. Section 7(3)(e) permits a disclosure without consent if the disclosure is:

(e) made to a person who needs the information because of an emergency that threatens the life, health or security of an individual and, if the individual whom the information is about is alive, the organization informs that individual in writing without delay of the disclosure;

What it doesn't permit is disclosures to law enforcement unless they have a warrant. In this context, s. 7(3)(c.1) is the subject of a bit of debate. This reads:

7(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is ...

(c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;

(c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that

(i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs,

(ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or

(iii) the disclosure is requested for the purpose of administering any law of Canada or a province;

It must be noted that these provisions are permissive, meaning that they allow the TSP to disclose the information in these circumstances without offending PIPEDA. Nothing in the above requires a TSP to disclose the information. Any compulsion has to come from another statute or rule of law. Section 7(3)(c) says if they have a warrant, the TSP can hand it over. (The obligation comes from the warrant, not PIPEDA.) There is authority from the Ontario Courts that an investigation does not create the "lawful authority" to obtain the information. "Lawful access" is an effort to change the law to have an investigation constitute "lawful authority". Or just remove the "lawful authority" requirement altogether.

What is also very interesting from the consultation document is that many TSPs currently hand over the information when asked by law enforcement (worth quoting again):

"Some [telecommunications] companies provide this information voluntarily, while others require a warrant before providing any information, regardless of its nature or the nature of the situation. If the custodian of the information is not cooperative when a request for such information is made, law enforcement agencies may have no means to compel the production of information pertaining to the customer. This poses a problem in some contexts. For example, law enforcement agencies may require the information for non-investigatory purposes (e.g., to locate next-of-kin in emergency situations) or because they are at the early stages of an investigation. The availability of such building-block information is often the difference between the start and finish of an investigation."

I have it on reliable authority from within the industry that most internet service providers will provide a customer's full name and billing address when given an IP address. It doesn't seem to be because they think they legally can, but because they have succumbed to pressure from law enforcement who take a position that not providing the information puts them in league with child molesters and terrorists.

The fact remains, and must be borne in mind, that if a person's life or safety is in jeopardy, the TSP can disclose information without consent. This would include the ticking bomb scenario, a child being abused, etc. In exigent circumstances, the police always have access to the expedited telewarrant procedures in the Criminal Code. There isn't an exception in PIPEDA, the Criminal Code or the Charter for compelled disclosures of personal information absent lawful authority.

Labels: health information, ip address, law enforcement, lawful access, lawful authority, national security, privacy, warrants

The lawful access consultation information is now online on the Public Safety Canada website.

(It refers to telecommunications service providers who are "not cooperative", which should read who "choose not to violate the law respecting the privacy of subscriber information.)

Public Safety Canada :: Home :: Programs :: National security :: Policy advice and support

Customer Name and Address Information Consultation

Public Safety Canada and Industry Canada are seeking current views and/or new issues associated with the question of accessing customer name and address in the modern telecommunications world. We are consulting with a range of stakeholders, such as the police, industry representatives, civil liberties groups as well as other groups interested in privacy and victim of crimes issues. If you and/or your organization would like to provide input on any or all of the issues identified in the posted consultation document, please submit written comments, by October 12th, 2007 to:

Customer Name and Address Consultation

Public Safety Canada

16C, 269 Laurier Avenue West

Ottawa , ON, Canada K1A 0P8

Email: cna-consultations@ps-sp.gc.ca

Modern telecommunications and computer networks such as the Internet are a great source of economic and social benefits, but they can also be used in the planning, coordination, financing and perpetration of crimes and threats to public safety and the national security of Canada. By extension, the rapidly evolving nature of these technologies can pose a significant challenge to law enforcement and national security officials who are entrusted with combating these threats, and who employ lawful access to communications and information to do so.

The principles and powers of lawful access must be exercised in a manner consistent with the rights and freedoms guaranteed in the Canadian Charter of Rights and Freedoms and while adapting to the rapid pace of technological change.

The consultation process

Public Safety Canada, in collaboration with Industry Canada, is presently examining how to address the challenges faced by police, the Canadian Security Intelligence Service (CSIS) and the Competition Bureau when seeking timely access to basic CNA information in a modern telecommunications milieu. This question was previously considered by stakeholders in broader consultation processes on lawful access issues held in 2002 and 2005.

The purpose of this consultation is to provide a range of stakeholders - including police and industry representatives and groups interested in privacy and victims of crime issues - with an opportunity to identify their current views on possible approaches to updating Canada’s lawful access provisions as they relate to law enforcement and national security officials’ need to gain access to CNA information in the course of their duties. The possible scope of CNA information to be obtained is later identified, but it should be noted from the outset that it would not, in any formulation, include the content of communications or the Web sites an individual visited while online.

The objectives of this process are to maintain lawful access for law enforcement and national security agencies in the face of new technologies while preserving and protecting the privacy and other rights and freedoms of all people in Canada. In striving to attain these goals, it is essential to ensure that the competitiveness of Canadian industry is taken into account and that the solutions adopted do not place an unreasonable burden on the Canadian public.

Current context

Timely access to CNA information is an important tool used by law enforcement and national security agencies to fulfil their public safety mandates. This type of information can be vital in the context of investigations of online criminal activity, such as child exploitation.

Law enforcement agencies have been experiencing difficulties in consistently obtaining basic CNA information from telecommunications service providers (TSPs). In the absence of explicit legislation, a variety of practices exists among TSPs with respect to the release of basic customer information, e.g., name, address, telephone number, or their Internet equivalents. Some companies provide this information voluntarily, while others require a warrant before providing any information, regardless of its nature or the nature of the situation. If the custodian of the information is not cooperative when a request for such information is made, law enforcement agencies may have no means to compel the production of information pertaining to the customer. This poses a problem in some contexts. For example, law enforcement agencies may require the information for non-investigatory purposes (e.g., to locate next-of-kin in emergency situations) or because they are at the early stages of an investigation. The availability of such building-block information is often the difference between the start and finish of an investigation.

CNA information

In the context of options under consideration by Public Safety Canada and its partner departments and agencies, CNA information refers to basic identifiers that would assist law enforcement and national security agencies to determine the identity of a telecommunications service subscriber, if this information was necessary to the performance of their duties.

The scope of CNA information obtained could include the following basic identifiers associated with a particular subscriber:

• name;
• address(es);
• ten-digit telephone numbers (wireline and wireless);
• Cell phone identifiers, e.g., one or more of several unique identifiers associated with a subscriber to a particular telecommunications service (mobile identification number or MIN; electronic serial number or ESN; international mobile equipment or IMEI number; international mobile subscriber identity or IMSI number; subscriber identity module card number of SIM Card Number);
• e-mail address(es);
• IP address; and/or,
• Local Service Provider Identifier, i.e., identification of the TSP that owns the telephone number or IP address used by a specific customer.

Possible model

Options based on an administrative model are being considered closely by officials.

Possible safeguards

Further to input received during 2002 and 2005 consultations, a number of safeguards could be included under a possible administrative model requiring the release of limited basic CNA information to law enforcement and national security agencies upon request. These could include:

• clear limitations on what customer information could be obtained upon request;
• limiting the number of employees who would have access to CNA;
• requiring that individuals with access be designated by senior officials within their organizations;
• limiting requests to those made for the purpose of performing an official duty or function;
• requiring that requests be made in writing, except in exceptional circumstances;
• requiring that designated officials provide associated information with their request, e.g., identification of a specific date and time for a request relating to an IP address;
• requiring designated officials to record their status as such when making a request, as well as the duty or function for which a particular request is made;
• limiting the use of any information obtained to the agency that obtained it for the purpose for which the information was obtained, or for a use consistent with that purpose, unless permission is granted by the individual to whom it relates;
• requiring regular internal audits by agency heads to ensure that any requests for CNA information are being made in accordance with the protocols and safeguards in place;
• reporting to responsible ministers on the result of any internal audits;
• provision of any audit results to the Privacy Commissioner of Canada, the Security Intelligence Review Committee, or provincial privacy commissioners, as appropriate; or
• provision for the Privacy Commissioner and SIRC to conduct audits related to the release of CNA information.

Under no option being examined would TSPs be compelled to track the actions of customers or to collect information about them in the absence of necessary court authorizations governing such activity in Canada, nor would law enforcement or national security agencies be permitted to obtain the content of a customer’s communications without such authorizations.

Conclusion

Officials plan to meet with a range of interested parties in September, 2007 to discuss the issues raised in this paper.

Labels: ip address, law enforcement, lawful access, national security, privacy, surveillance, warrants

US District Court Judge Victor Marrero (U. S. District Court, Southern District of New York) has struck down portions of the USA Patriot Act as unconstitutional. Specifically, the provisions related to National Security Letters and the prohibition of disclosing their existence has been found to violate the First Amendment and the separation of powers under the US Constitution. From the Washington Post:

Judge Rules Provisions of Patriot Act Unconstitutional - washingtonpost.com

A federal judge today struck down portions of the USA Patriot Act as unconstitutional, ordering the FBI to stop issuing "national security letters" that secretly demand customer information from Internet service providers and other businesses.

U.S. District Judge Victor Marrero in New York ruled that the landmark anti-terrorism law violates the First Amendment and the Constitution's separation of powers provisions because it effectively prohibits recipients of the FBI letters (NSLs) from revealing their existence and does not provide adequate judicial oversight of the process.

Marrero wrote in his 106-page ruling that Patriot Act provisions related to NSLs are "the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values."

The decision has the potential to eliminate one of the FBI's most widely used investigative tactics. It comes amid widespread concern on Capitol Hill over reported abuses in the way the FBI has used its NSL powers....

Thanks to fellow privacy lawyer Cappone D'Angelo at McCarthy's for passing along the news, hot off the presses.

Labels: law enforcement, national security, patriot act, privacy, surveillance

Wired recently published a summary of materials obtained under a Freedom of Information request related to DCSNet, the national surveillance infrastructure built on the Communications Assistance to Law Enforcement Act.

Inside DCSNet, the FBI's Nationwide Eavesdropping Network

Labels: law enforcement, national security, privacy, surveillance

Apparently the American government is about to implement its latest version of the no-fly list, without data mining using commercial sources. It looks a lot like the Canadian "Passenger Protect" program:

Even Bruce Schneier thinks it shows common sense.

Feds offer simpler flight screening plan on Yahoo! News

By MICHAEL J. SNIFFEN, Associated Press Writer

Thu Aug 9, 6:34 PM ET

The government proposed a new version of its airline passenger screening program Thursday, stripped of the data mining that aroused privacy concerns and led Congress to block earlier versions.

It's been three years since the Sept. 11 Commission recommended and Congress ordered that the government take over from the airlines the job of comparing passenger lists with watch lists of known terrorist suspects to keep them off flights. Even this new version of the Secure Flight program is open for public comment and will be tested this fall before it can be implemented fully in 2008.

The third version of the program, once known as CAPPS II, drew positive reviews from privacy advocates and members of Congress who had objected to more elaborate earlier versions. Congress enacted legislation blocking earlier plans to collect private commercial data — like credit card records or travel histories — about all domestic air travelers in an effort to predict which ones might be terrorists.

The new plan would require passengers to give their full name when they make their reservations — either in person, by phone or online. They also will be asked if they are willing to provide their date of birth and gender at that time to reduce the chance of false positive matches with names on the watch lists.

"Finally, this appears to have a coherent, narrow and rational focus," said James Dempsey of the Center for Democracy and Technology, a privacy advocacy group. "This is a vast improvement over what we've seen before."

Even Democrats in Congress were cautiously positive.

"They've been slow to admit that minimizing invasions and breaches of Americans' privacy is part of their job," said Senate Judiciary Committee Chairman Patrick Leahy, D-Vt. "We will evaluate these steps to see if they measure up."

House Homeland Security Chairman Bennie Thompson, D-Miss., said he hoped the administration would stay alert to privacy issues. "I am extremely disappointed it has taken three years and passage of several pieces of legislation to get us to step one."

Thompson added that he hoped it was a sign of foresight that the new plan was announced along with new screening arrangements for international travelers.

At a news conference at Reagan National Airport, Homeland Security Secretary Michael Chertoff also announced that starting six months from now airlines operating international flights will be required to send the government their passenger list data before the planes take off rather than afterward, as is now the case.

Earlier sharing of passenger information is designed to give U.S. authorities more time to identify terrorists like Richard Reid, who attempted to light a shoe bomb on a trans-Atlantic flight in December 2001, and keep them off planes.

"Now the airlines give us their manifests after the plane has left the ground and that is too late," Chertoff said.

The Homeland Security chief said he was unaware of any specific, credible threat against airlines. But based on recent car bomb attempts in Great Britain and public statements by terrorists, he repeated his view that "we are entering a period where the threat is somewhat heightened."

"Look at the history of al-Qaida," Chertoff said. "The airplane has been a consistent favorite target of theirs."

On the domestic side, transferring watch-list checks to Transportation Security Administration officers "should provide more security and more consistency, and thus reduce misidentifications" that have frustrated passengers, Chertoff said.

Existing screening has been widely ridiculed because people like Sen. Edward M. Kennedy, D-Mass., other members of Congress and even infants have been blocked from boarding or delayed because their names are similar to names on the lists.

Chertoff said the new domestic system will avoid activities envisioned earlier that raised privacy concerns.

"Secure Flight will not harm personal passenger privacy," Chertoff said. "It won't collect commercial data (about passengers). It will not assign risk scores and will not attempt to predict behaviors."

Such plans alarmed Congress so much that it barred implementing the program until it passed 10 tests to ensure privacy and accuracy. The Government Accountability Office, Congress' auditing arm, found the previous version failed almost all of them.

Currently, only a passenger's full name is required when reservations are made although date of birth and gender usually become known to transportation security officers later in the boarding process.

Transportation Security Administrator Kip Hawley said volunteering those two items earlier would reduce misidentifications in watch-list matching.

"With the full name, we can resolve 95 percent of the cases correctly. The date of birth adds 3.5 percent to that, and the gender adds another one percent," Hawley said.

Privacy advocates like Dempsey and Bruce Schneier, chief technology officer at the security company BT Counterpane, also were pleased with limits on how long most records will be kept. A check that produces no match — which will be the case for the vast majority of travelers — would be kept only seven days. A false positive match would be kept seven years. Confirmed matches would be kept 99 years.

"On the surface, it looks pretty good," Schneier said. "I'm cautiously optimistic. It's nice to see some common sense."

Labels: air travel, airlines, national security, no-fly list, privacy, schneier

This is pretty amazing. Cory Doctorow of Boing Boing! has posted a picture of a notice received from Cedars Sinai hospital, providing the purposes for which patients' health information may be disclosed.

The purposes include "Protective services for the President and [unnamed] others", and "national security, intelligence purposes".

Originally uploaded by gruntzooki, via Boing Boing. And thanks to Rob Hyndman for pointing me to it....

Labels: health information, national security, privacy

The Federal and Provincial Privacy Commissioners are meeting in Fredericton this week. About an hour or so ago, they jointly released the following joint resolution calling for the suspension of the "Passenger Protect" program (aka no fly list).

Canada's privacy guardians call for comprehensive changes to no-fly list program

Federal-Provincial-Territorial Meeting of Privacy Commissioners & Ombudsmen

FREDERICTON, June 28 /CNW Telbec/ - Federal, provincial and territorial privacy guardians are united in calling on the federal government to suspend its new no-fly list program, Passenger Protect, until it can be overhauled to ensure strong privacy protections for Canadians.

The information and privacy commissioners and ombudsmen today issued a joint resolution outlining reforms urgently required for Passenger Protect. (The resolution is available on the web site of the Office of the Privacy Commissioner of Canada: www.privcom.gc.ca.)

The Commissioners, who are meeting in Fredericton to discuss issues of common concern, also released the following joint statement:

The Passenger Protect Program involves the secretive use of personal information in a way that will profoundly impact privacy and other related human rights such as freedom of association and expression and the right to mobility.

We are particularly troubled that Canadians will not have legally enforceable rights of appeal, to independent adjudication or to compensation for out-of-pocket expenses or other damages. Commissioners and Ombudsman are unanimously of the view that the use of such lists in the interests of airline security should only occur in a manner consistent with Canadian values in the area of privacy protection.

It is alarming that Transport Canada has not provided assurances that the names of individuals identified on its no-fly list will not be shared with other countries. We do not want,to see, through the failure to take adequate safeguards,other tragic situations arise where the security of Canadian citizens may be affected or compromised by security forces at home or abroad.

There is a very real risk people will be stopped from flying because they have been incorrectly listed or share the name of someone on the list. There have been many cases with the US no-fly list where false positives have meant that even children and well-known public figures such as Senator Edward Kennedy have been questioned or denied boarding.

Being placed on the list has serious repercussions for people. This is particularly worrisome since Canada's federal public-sector Privacy Act is in critical need of reform and offers no adequate protection or remedies to address the privacy risks that inappropriate use of the no-fly list creates.

Until the government substantially overhauls Passenger Protect in order to address significant risks of the no-fly list to the privacy and other rights of Canadians, the program should be suspended. Alternatively, Parliament should ensure that the program functions under strict ministerial scrutiny with regular public reports to Parliament until a comprehensive public Parliamentary review is completed and reforms are made.

See also:

• CANOE Travel - News - Privacy watchdogs call on Ottawa to suspend no-fly list until privacy assured
• CTV.ca | Privacy watchdogs want Ottawa to halt no-fly list
• globeandmail.com: Suspend no-fly list, privacy watchdogs urge

I happen to be in Fredericton as well and was interviewed by Global TV. You should be able to see it online here, if you're interested.

Labels: national security, no-fly list, privacy

With the no-fly list coming online in the last twenty-four hours, I haven't heard of any instances of people being excluded from flying on the first day. It will be interesting to see how it all shakes out.

I spoke with Chris Lambie of the Chronicle Herald yesterday morning and he spent part of the afternoon at the airport seeing how it went on. Here's his article:

Smooth lift-off for no-fly list - TheChronicleHerald.ca

Airline passengers seemed keen on heightened security

By CHRIS LAMBIE Staff Reporter

The federal no-fly list caused no problems Monday at Halifax Stanfield International Airport.

Passengers seemed keen on the idea of a list meant to screen out anyone who poses a potential threat to aviation security.

"As long as my name’s not on it, I’m happy," Mike Moir said as he waited for a flight back to Ontario.

"If the people are bad, I don’t want them on my plane."

The 67-year-old Hamilton, Ont., man was in Nova Scotia to work as an official for last weekend’s national canoe team trials on Lake Banook in Dartmouth.

The only dilemma he can see with the scheme to flag potentially dangerous flyers is if an innocent person has the same name as someone on the list.

"How many Smiths are there in the world?" Mr. Moir said. "If they just pick everybody with the same name, it could be a problem."

Still, he thinks the list is a necessity.

"With all the terrorism going on in this world nowadays, it’s a good measure."

Dawson Wentzell and his wife, Bethany, were waiting with their toy poodle, Bailey, to board a plane for Edmonton.

The list could prompt lawsuits against the federal government if people lose money because they couldn’t board flights due to name mix-ups, Ms. Wentzell said.

"If someone is delayed from work and this is the reason why, someone is going to get sued," she said.

They didn’t even think about the new security measure before checking in for their flight to Nova Scotia.

"We got up at 5 a.m. and believe me my mind wasn’t on lists," she said.

The couple from Daniel’s Harbour, N.L., wasn’t on the no-fly list and neither was their dog.

"God help us if he was," Ms. Wentzell said. "We’d really be in trouble then."

The no-fly list didn’t cause any problems at the facility, said airport spokesman Peter Spurway.

"If you didn’t know it was on, you wouldn’t know it was on," he said. "It has not made a single impact on our operations today or the operations of our partners in the airline business. I checked around a couple of times and it’s just been chugging along."

But David Fraser, a privacy lawyer in Halifax, won’t be surprised to hear from clients who suddenly discover their names are on the no-fly list.

"We’re likely to hear people are going to have some difficulty in Canada simply because of the way that these sorts of lists have to be structured in order to catch or include in them people with non-English or French names that have to be transliterated or made into English equivalents, and some of them can be common names," Mr. Fraser said. "So there’s probably a fair amount of wiggle room in the way that they match against peoples’ names."

The Specified Persons List, announced last fall, includes the name, birth date and gender of anyone who might pose an immediate threat to aviation security. Airlines that fly into and out of Canada must check the names of their passengers against the list.

"There’s really the opportunity that a whole bunch of people who aren’t actually on the list, just people who have similar names and similar birthdates and other identifying characteristics (as those) on the list," Mr. Fraser said.

"I think that there’s a good chance that people will be not allowed to fly based on that sort of confusion."

Travellers only find out their name is on the list when they try to check in and get a boarding card.

"Vacation plans can be ruined," Mr. Fraser said. "There’s no real accountability at that end for the real sort of negative impact that inclusion on this list might have."

Ottawa has refused to release the number of people on the list.

"There’s always a very delicate balance when you’re dealing with national security issues, Mr. Fraser said. "It’s a delicate balance between openness and necessary secrecy. I think the whole process needs to be done in sunlight.

"Everything related to the process of the inclusion criteria and how it’s actually applied and recourse that individuals might have to get off the list really needs to be completely open and transparent and subject to significant scrutiny.

"We are talking about a potential infringement on an individual’s constitutional right to travel within Canada and also the right to leave Canada. It’s right there in the charter that you have those rights. And many of those rights, in a country as large as Canada, can only be exercised by air travel."

Imam Jamal Badawi, professor emeritus of religious studies at Saint Mary’s University, said Muslims, including himself, often have problems flying in the United States, where a similar list is already in place.

"I’ve heard of many horror stories where a child, for example, five years old, they say, ‘No, his name matches the potential terrorist to look for,’ and still they have to go through the clearance (process)," Mr. Badawi said.

The Canadian Council on American-Islamic Relations has called on Ottawa to scrap the no-fly list until it fixes fundamental flaws in the program.

"Some people suspect that the lists made here in Canada may not totally be homegrown," Mr. Badawi said. "It’s quite possible also that, because of the co-operation between the intelligence agencies in both countries, that some of the names on the watch list in the U.S. might end up here on our lists in Canada."

That could make some Canadian Muslims reluctant to fly, he said.

"It’s part of the very unfortunate trend in the post 9-11 era that, in the name of security, there is a great deal of encroachment on privacy, a great deal of encroachment on civil liberties," Mr. Badawi said.

He doubts the list will make flying safer.

"Anybody intent on wrongdoing, they probably will find some other way of carrying out their plans," Mr. Badawi said. "But even if there is some slight improvement in security, what is the price? The worst scenario, really, is that democratic countries would move toward totalitarian regimes in the name of security."

Labels: air travel, airlines, media-mention, national security, no-fly list, privacy, vanity

Critics raise alarms over Canada's no-fly list CBC Mon, 18 Jun 2007 4:19 AM PDT Canada's no-fly list comes into effect Monday as privacy advocates warn checking airline passengers' names against those of potential security threats could lead to abuses.

Critics raise alarms over Canada's no-fly list CBC via Yahoo! Canada News Mon, 18 Jun 2007 1:01 AM PDT Canada's no-fly list comes into effect Monday as transportation experts and privacy advocates warn that checking domestic airline passengers' names against a list of people deemed to be potential threats could lead to abuses.

'No-fly' list could blacklist innocents: critics
CTV.ca Sun, 17 Jun 2007 6:53 PM PDT
Canada's no-fly list takes effect on Monday, and the anti-terror move has at least one human rights group warning it could create another Maher Arar-like case.

Biometric data could be linked to names on list
Vancouver Province Mon, 18 Jun 2007 0:27 AM PDT
OTTAWA -- The federal government has not ruled out eventually linking Canada's new no-fly list with technology that identifies travellers by biological features such as eye patterns or even DNA, says Transport Minister Lawrence Cannon.

Labels: national security, no-fly list, privacy

This is a bit odd. Jennifer Stoddart has been ordered to appear before the Air India Inquiry. Apparently she had informed the Commission of Inquiry that she had nothing further to say but subsequently gave a media interview that was critical of the Government's no-fly list.

It all sounds a little snarky:

Privacy chief called on carpet over no-fly list

Air India inquiry head John Major has ordered Canada's privacy commissioner to appear before him after she publicly criticized a no-fly list being implemented next week.

Mr. Major said yesterday that his Ottawa inquiry was earlier informed by the office of Jennifer Stoddart that she had nothing more to say related to the mandate of his commission into the June 23, 1985, Air India bombing and subsequent investigation.

But Mr. Major said Ms. Stoddart then gave a "free-wheeling" media interview in which she commented on testimony at the inquiry last week about the introduction on June 18 of a Canadian no-fly list.

Mr. Major said Ms. Stoddart should have made her comments in evidence at the Air India inquiry and not to a reporter. He issued a subpoena for her to appear today.

A lawyer for Ms. Stoddart responded by telling inquiry counsel later yesterday that the privacy commissioner would be happy to appear "willingly" but is on her way to Beijing.

An appearance date is expected to be determined this afternoon.

Ms. Stoddart's views on the controversial no-fly list appeared on June 8.

She said the list could become "quite a nightmare" for ordinary Canadians.

"Every time we go to the airport, do we expect to be challenged? That may be the new world," she said.

Ms. Stoddart also said she was surprised when an Transport Canada official testified before Mr. Major that the list could end up in the hands of foreign governments if their state-owned airlines pass it on to them.

"The commission could have benefited in preparing recommendations on air security from hearing from informed points of view with respect to that," she said.

Mr. Major said of Ms. Stoddart's comments: "She apparently had no hesitation in giving information to the public and the press that should have properly been given to this commission when the opportunity presented itself."

Mr. Major has expressed impatience several times during the inquiry when agencies or companies have expressed reluctance or declined entirely to testify.

He said yesterday that some people do not understand what a royal commission is and that he has the power to compel their testimony.

As for the subpoena for Ms. Stoddart, Mr. Major said: "This should not cause her much inconvenience as she appeared to have no difficulty last Friday in expressing publicly those thoughts to the press."

Labels: air travel, airlines, national security, no-fly list, privacy

I find this article to be very interesting. An audit of the FBI's has revealed "widespread abuse" in connection with FBI collection of information in the course of investigations. Many would not be surprised. But read a litte further and you happen upon this nugget:

The vast majority of newly discovered violations were instances in which telephone companies and Internet providers gave agents phone and e-mail records the agents did not request and were not authorized to collect, the Post said.

While the FBI is seen as the bad guy in most of these articles, it's interesting that the ISPs and phone companies have been handing over loads of data about customers that law enforcement didn't even ask for nor were they authorized to ask for it. Shame on the FBI for keeping it, but worse for the ISPs and telcos.

See: FBI audit finds widespread abuse in data collection - Yahoo! News .

Labels: law enforcement, national security, privacy, surveillance

Fact sheet on the Terrorist Identities Datamart Environment

The Terrorist Identities Datamart Environment (TIDE) is the US Government’s (USG) central repository of information on international terrorist identities. TIDE supports the USG’s various terrorist screening systems or “watchlists” and the US Intelligence Community’s overall counterterrorism mission. The Terrorist Identities Group (TIG), located in NCTC’s Information Sharing & Knowledge Development Directorate (ISKD), is responsible for building and maintaining TIDE.

The TIDE database includes, to the extent permitted by law, all information the U.S. government possesses related to the identities of individuals known or appropriately suspected to be or have been involved in activities constituting, in preparation for, in aid of, or related to terrorism, with the exception of purely domestic terrorism information.

Labels: law enforcement, national security, privacy

Canada's new no-fly list is ready to take off:

CNW Group

Air security strengthened - Passenger Protect ready to take flight

OTTAWA, May 11 /CNW Telbec/ - The Honourable Lawrence Cannon, Minister of Transport, Infrastructure and Communities, together with the Honourable Stockwell Day, Minister of Public Safety, today announced new regulations that will strengthen air passenger security screening. Once implemented, new measures under a program known as Passenger Protect will prevent persons who pose an immediate threat to aviation security from boarding a commercial aircraft.

This made-in-Canada program was developed to provide an additional layer of security for the aviation system and to enhance public safety in a way that complies with the Canadian Charter of Rights and Freedoms and federal privacy legislation.

"Canadians want to fly secure, and Passenger Protect is a significant step forward. We must remember that Canada is not immune to the threat of terrorism and we must remain vigilant," said Minister Cannon. "Passenger Protect will not only make Canada's aviation system more secure, it will also help keep the world's skies safe by reaching beyond Canadian borders to screen everyone getting on a flight to Canada."

Under the new program, the Government of Canada is maintaining a list of specified persons who may pose an immediate threat to aviation security should they attempt to board a flight. Air carriers will be able to screen passengers against the specified persons list through a secure online system. If the air carrier identifies a person as a possible match with an entry on the list, the air carrier will contact Transport Canada to confirm the passenger's identity, and obtain a decision whether or not to allow him or her to board the flight. "Canada has one of the best aviation systems in the world and is always looking for ways to increase the safety and security of the travelling public,"said Minister Day.

The Government of Canada has held discussions with airlines, airports, and labour representatives, as well as civil liberties and ethno-cultural groups in developing Passenger Protect, to create a program that enhances security, respects the needs and realities of the aviation industry and protects the rights of Canadians. As part of the consultations, Transport Canada has established a reconsideration process to provide a non-judicial, efficient way for any members of the public who have been denied boarding to have their cases reviewed by persons independent of those who made the original recommendation.

Transport Canada has worked closely with the Office of the Privacy Commissioner in order to further strengthen the privacy provisions of the program. Implementation for flights within Canada and international flights to and from Canada will begin on June 18, 2007.

As of this date, new Identity Screening Regulations will require air passengers within Canada who appear to be 12 years of age or older to present one piece of government-issued photo identification (ID) that shows name, date of birth and gender or two pieces of government-issued ID - one of which shows name, date of birth and gender - before boarding an aircraft. The boarding pass provided by the air carrier must match the name on the ID.

Canadians will not need a passport for travel within Canada but rather can present a range of government-issued ID to the air carriers including a health card, a birth certificate, a driver's licence and a social insurance card. Current requirements for international travel will remain in place. This practice is consistent with procedures currently in use by most major airlines, and will allow the air carrier and Transport Canada to confirm the identity of a passenger who is a possible match with an entry on the specified persons list.

These proposed regulations were first published in the Canada Gazette, Part I on October 28, 2006, after which a 75-day period followed to enable interested parties and the public to provide comments.

The final regulations will be published in the Canada Gazette, Part II on May 16, 2007.

A backgrounder with more information on the Passenger Protect program and the new Identity Screening Regulations is attached.

<< -------------------------------------------------------------------------

BACKGROUNDER

-------------------------------------------------------------------------

PASSENGER PROTECT PROGRAM

-------------------------

The Government of Canada began consulting with industry on passenger assessment in May 2004, and expanded consultations on a program proposal for Passenger Protect in the summer of 2005. Consultations with air carriers, airports, labour representatives, civil liberties and ethno-cultural groups as well as the Office of the Privacy Commissioner were essential to the successful design and implementation of a program that enhances security, respects the needs and realities of the aviation industry, and ensures that the privacy and human rights of Canadians are protected.

The Passenger Protect program adds another layer of security to Canada's aviation system to help address potential threats. Terrorist groups continue to target civil aviation, and seek means to defeat existing safeguards and measures.

Under the program, the Government of Canada is maintaining a list with the name, date of birth and gender of each specified person that will be provided to airlines in secure form. The airlines will compare the names of individuals intending to board flights with the names on the specified persons list, and will verify with the individual's government-issued identification when there is a name match. Identification will be verified in person at the airport check-in counter. When the airline verifies that an individual matches in name, date of birth and gender with someone on the list, the airline will be required to inform Transport Canada.

A Transport Canada officer will be on duty 24 hours a day, every day, to receive calls from airlines when they have a potential match with a specified person on the list. Transport Canada will verify information with the airline, confirm whether the individual poses an immediate threat to aviation security and inform the airline, if required, that the individual is not permitted to board the flight. The Royal Canadian Mounted Police (RCMP) would be notified immediately in the event of a match, and police of jurisdiction at the airport would be informed and take action as required.

The Passenger Protect program will be implemented for Canadian domestic flights and international flights to and from Canada on June 18, 2007. Creating the Specified Persons List

The Minister of Transport, Infrastructure and Communities has the authority under the Aeronautics Act, to specify an individual who is a threat to aviation security and to require airlines to provide information about the specified person.

A Transport Canada-led Advisory Group will assess individuals on a case-by-case basis using information provided by the Canadian Security Intelligence Service and the RCMP, and will make recommendations to the Minister of Transport, Infrastructure and Communities concerning their designation as specified persons or the removal of that designation. The Advisory Group includes a senior officer from the Canadian Security Intelligence Service and a senior officer from the RCMP (as advised by the Department of Justice), with input from representatives from other Canadian government departments and agencies.

Individuals are added to the specified persons list based on their actions, which lead to a determination that they may pose an immediate threat to aviation security, should they attempt to board an aircraft. Guidelines in making that determination are focused on aviation security, and may include:

• an individual who is or has been involved in a terrorist group, and who, it can reasonably be suspected, will endanger the security of any aircraft or aerodrome or the safety of the public, passengers or crew members;
• an individual who has been convicted of one or more serious and life-threatening crimes against aviation security; and
• an individual who has been convicted of one or more serious and life-threatening offences and who may attack or harm an air carrier, passengers or crew members.

Identity Screening Regulations

As of June 18th 2007, new Identity Screening Regulations will require airlines to screen each person's name against the specified persons list before issuing a boarding pass, for any person who appears to be 12 years of age or older. The regulations take into account the various ways in which the boarding pass may be obtained: at a kiosk, through the Internet, or at an airport check-in counter.

Where there is check-in via Internet or kiosks, airlines will not allow printing of the boarding pass when there is a name match with the specified persons list. Passengers refused a boarding pass at a kiosk or through the Internet will be directed to the airline agent for in-person verification of government-issued identification (ID). ID verification will determine whether the name, date of birth and gender match those of a listed person.

The regulations also require air carriers to screen individuals at the boarding gate by comparing the name on government-issued ID with the name on the boarding pass. If the name on the ID is not the same as the name on the boarding pass, the air carrier will be required to check the name on the ID against the list.

Transport Canada will work with air carriers to provide training for agents and staff who will be involved in implementing the ID verification requirement, and establish procedures that respect the rights of passengers.

The ID requirement under the Passenger Protect program is for one piece of valid government-issued photo ID that shows name, date of birth and gender, such as a driver's licence or a passport, or two pieces of valid government-issued ID, at least one of which shows name, date of birth and gender, such as a birth certificate. The verification of passengers' ID is already a practice followed by most major air carriers in Canada.

The regulations will be published in the Canada Gazette, Part II on May 16, 2007.

Reconsideration and Appeals

The Passenger Protect program also includes a reconsideration process for individuals who wish to contest the denial of boarding. An individual who has been denied boarding under the Passenger Protect program will be able to apply to Transport Canada's Office of Reconsideration (OOR), which may arrange for an independent assessment of the case and make a recommendation. The goal is to provide a non-judicial, efficient mechanism for any member of the public to have their case reviewed by persons independent of those who made the original recommendation to the Minister. Individuals have the further option of making application to Federal Court for judicial review. Privacy and Human Rights

The protection of privacy and human rights is a core element of the Passenger Protect program. In developing the program, Transport Canada worked with stakeholders and consulted with civil liberties and ethno-cultural groups, and the Office of the Privacy Commissioner on privacy aspects.

A summary of the Privacy Impact Assessment conducted on the Passenger Protect program is available on the Transport Canada website at www.tc.gc.ca/vigilance/sep/passenger_protect/executive_summary/menu.htm. In addition, the Office of the Privacy Commissioner of Canada posed a series of questions to Transport Canada about the Passenger Protect program in August 2005. The questions and the answers shed light on the privacy protection features of the program and are available on the Web at www.tc.gc.ca/vigilance/sep/passenger_protect/Q&A/menu.htm.

More details on the Passenger Protect program and the new Identity Screening Regulations are available on Transport Canada's website at www.tc.gc.ca/vigilance/sep/passenger_protect/menu.htm.

May 2007

Labels: air travel, airlines, cardsystems, health information, international travel, national security, no-fly list, privacy

IT Business is running an article entitled SWIFT scandal exposes PIPEDA holes, in which the Privacy Commissioner of Canada and Phillipa Lawson of the Canadian Internet Policy and Public Interest Clinic lament that PIPEDA allows the disclosure of personal information without consent in response to a foreign subpoena.

(For some background, see my previous posts on SWIFT.)

Is this a loophole or something that should be remedied? Certainly the European Union thinks that disclosing European info in this way is not OK.

I'm not sure there is really anything that can be done about this, other than to keep data out of jurisdictions with laws that you consider offensive. Certainly, we have seen that the EU and some Canadian provinces think that the USA Patriot Act is overbroad and a threat to privacy. Unlike some public sector laws in Canada, PIPEDA is completely silent with respect to the export of personal information. But if data is in a jurisdiction with a lawful power to compel the production of that information, the practical impact of a foreign law is virtually nil. Particularly if the foreign law is as toothless as PIPEDA.

Practically speaking, the solution is really to keep those data warehouses out of those jurisdictions. While SWIFT is a European outfit, they had a data centre in the US that was within the lawful jurisdiction of the US authorities armed with subpoenas. As an international clearing system, it would obviously have to transmit some data back and forth between HQ and the US. But there doesn't seem to be any compelling argument to suggest that all that data should have been kept there.

Canada, with it's European-accepted privacy laws, would have been an ideal place to locate the SWIFT data centre. Miliseconds from New York and Brussels, but a world away from the US as far as privacy laws go. Any international company doing business with personal information in the United States really should think about this. What SWIFT did may have been completely lawful in the US, but it certainly has caused more than its fair share of headaches and has opened it up to potential liability in the EU.

Labels: europe, law enforcement, national security, patriot act, privacy, surveillance, swift

Ryan Singel, at Wired News, has two interesting articles on the US "no fly" lists:

• A Watch List Is Born -
• How to Get Off a Government Watch List -

Particularly interesting as Canada mulls its own no fly list.

Labels: national security, no-fly list, privacy

Canada's Privacy Commissioner has wrapped up her investigation of the SWIFT information sharing fuss and has concluded that SWIFT is subject to PIPEDA but did not violate the law when it handed over Canadian information in response to US subpoenas.

From the Commissioner:

News Release: Privacy Commissioner concludes investigation of SWIFT (April 2, 2007)

Privacy Commissioner concludes investigation of SWIFT

Ottawa, April 2, 2007 —The Privacy Commissioner of Canada, Jennifer Stoddart, today announced the conclusion of her Office’s investigation of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a European-based financial cooperative, that supplies messaging services and interface software to a large number of financial institutions in more than 200 countries, including Canada.

In her Report of Findings, made public today, the Commissioner confirmed that SWIFT is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law, and that the organization did not contravene the Act when it complied with lawful subpoenas served outside the country and disclosed personal information about Canadians to foreign authorities. However, she emphasized that making use of existing information-sharing regimes, with built-in privacy protections, would allow for greater transparency for citizens.

Since her appointment, Ms. Stoddart has raised concerns about the personal information of Canadians flowing across borders. In her Report, the Commissioner stressed that organizations operating and connected in a substantial way to Canada are subject to PIPEDA and they must abide by the Act. “Simply because companies might operate in two or more jurisdictions does not relieve them of their obligations to comply with Canadian law,” said Ms. Stoddart.

It was alleged that SWIFT inappropriately disclosed to the US Department of Treasury (UST) personal information originating from or transferred to Canadian financial institutions. Ms. Stoddart launched a commissioner-initiated investigation into the matter to determine if there was a breach of PIPEDA, the federal law which covers the collection, use and disclosure of personal information in the course of commercial activities.

Following September 2001, the UST began issuing subpoenas to SWIFT for certain data held in SWIFT’s US-based operating centre. SWIFT obtained a series of privacy protections for the data it transferred to the UST.

In her Report, the Commissioner explained that PIPEDA allows an organization such as SWIFT to abide by the laws of other countries in which it operates. An organization that is subject to PIPEDA and that has moved personal information outside the country for business reasons may be required at times to disclose it to the legitimate authorities of that country. It is clear that in response to a valid subpoena issued by a court, person or body with jurisdiction to compel the production of information, an organization must disclose personal information and PIPEDA makes it permissible to comply with this obligation. The Commissioner stressed that multi-national organizations must comply with the laws of those jurisdictions in which they operate.

The Commissioner noted, however, that if US authorities need to obtain information about financial transactions that have a Canadian component, they should be encouraged to use existing information mechanisms that have some degree of transparency and built-in privacy protections. Accordingly, she signaled her intent to ask Canadian officials to work with their US counterparts to persuade them to use Canadian anti-money laundering and anti-terrorism financing mechanisms instead of the subpoena route.

“These alternate avenues would allow far greater Canadian involvement in the scrutiny of personal information and would better respect the value we give privacy protection,” said Ms. Stoddart. “Democratic societies must ensure that the fundamental rights and freedoms of the individual are respected to the extent possible, including the right to the protection of personal information.”

In addition to its investigation of SWIFT, the Privacy Commissioner’s Office also received complaints against six Canadian financial institutions and conducted an investigation into their involvement in the matter.

The Office reviewed the contractual documentation that exists between SWIFT and the banks, and concluded that the banks are meeting their obligations under the PIPEDA, noting that when an organization that contracts with a firm that operates both within and outside of Canada, it must respond to lawfully issued subpoenas in other jurisdictions as well as in Canada, and PIPEDA permits this.

Moreover, she found that each of the banks has very clear language in their privacy policies. These policies inform customers that the banks may send their personal information out of the country for certain purposes and that while such information is out of the country, it is subject to the laws of the country in which it is held.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of the privacy and protection of personal information rights of Canadians.

View the Executive Summary.

View the Commissioner’s full Report of Findings.

View the PIPEDA case summary relating to the investigations of the banksView the Commissioner’s June 2006 news release and August 2006 news release on this issue.

Labels: europe, law enforcement, national security, pipeda findings, privacy, swift, warrants

Seven Days, the Vermont alternative web weekly is running a preview of a presentation to be given by Peter Chase and George Christian later this month. Both are librarians who were on the receiving end of national security letters under the USA Patriot Act and fought them with the assistance of the ACLU.

Seven Days: Librarians, No Longer Gagged, Detail Patriot Act Abuses

WINDSOR, CT — In September 2003, then-U.S. Attorney General John Ashcroft ridiculed the American Library Association for its “breathless reports and baseless hysteria” about a USA PATRIOT Act provision that allows FBI agents to search library records without a warrant. Until he left office in early 2005, Ashcroft repeatedly denied that the feds were snooping into Americans’ reading habits and computer activities.

In July 2005, Peter Chase and George Christian discovered firsthand that Ashcroft was lying. They couldn’t tell anyone, though — not friends, co-workers or family members — even as Congress debated the Patriot Act’s reauthorization.

Christian is executive director of the Library Connection, a nonprofit consortium in Windsor, Connecticut. Chase is president of the group’s executive committee and director of one of its 27 member libraries. An eight-month gag order prevented them from disclosing that they’d received a “national security letter” from the FBI seeking confidential library computer records.

“We were shocked,” Chase recalls. “None of us had ever heard of a national security letter before.”

....

Chase and Christian, along with fellow committee members Barbara Bailey and Janet Nocek, decided to fight the warrantless search. Though the librarians were never told why the FBI wanted their files, a federal prosecutor later disclosed that it was a matter of “domestic surveillance.”

The Connecticut librarians have since been released from their gag order. On March 20, they’ll speak at the University of Vermont about how they fought the Patriot Act — and won. Civil libertarians say their case is a chilling example of the threats to privacy rights in the post-9/11 era.

“My initial twinge in opposing [the FBI] was that I was aiding and abetting a catastrophe,” recalls Christian. “But right away, I could glean that they weren’t worried that someone was going to cause a catastrophic event tomorrow.” The letter, he notes, was dated two months earlier, and the records the FBI wanted were six months old. In Connecticut, as in 47 other states, library records are protected by law.

Vermont’s own protections for library records aren’t as strong as those in other states, notes Trina Magi, who chairs Vermont’s Intellectual Freedom Committee. Though library records are exempt from the open-records law, she says, nothing explicitly prevents librarians from disclosing them. Moreover, last year’s Patriot Act reauthorization did nothing to alleviate librarians’ concerns.

“What people read at libraries is confidential,” Chase argues. “People should feel free to come to the library and look up whatever information they need, without thinking that Big Brother is looking over their shoulder.”

In August 2005, the Connecticut librarians sued the federal government, with help from the ACLU. Initially, they were collectively known as “John Doe.” However, because of sloppy redacting of court records by government attorneys, Christian’s and Chase’s identities were made public, and reporters soon came calling.

...

Even after the librarians’ names were known, the gag order still barred them from discussing their case. Those restrictions reached absurd proportions. When the government asserted that the librarians’ presence in federal court in Bridgeport raised a “national security issue,” they had to watch the proceedings on closed-circuit TV from a locked courtroom in Hartford. When an appeal was heard in federal court in Manhattan, the librarians were allowed to attend but were prohibited from entering the courtroom together, sitting together, speaking to each other, or making eye contact with their attorneys.

Tellingly, the librarians were released from the document request and gag order shortly after the Patriot Act was reauthorized in March 2006. Once the government dropped its appeal, the librarians lost their legal standing to challenge the statute’s constitutionality.

Today, Christian is troubled by how many Americans have apparently complied with NSL requests. “I’m trying to figure out in my mind how 30,000 NSLs can be issued each year,” he says, “and in five years only two people have said, ‘I don’t think so.’”

Peter Chase and George Christian give a lecture titled "Gagged by the Government: Two Librarians Tell How They Resisted the USA PATRIOT Act." Tuesday, March 20, 3:30-5 p.m. Bailey Howe Library, University of Vermont. Free. Info, 656-5723.

Labels: law enforcement, libraries, national security, patriot act, privacy, surveillance

This probably isn't a big surprise to a lot of people, but I'm surprised to see it publicly disclosed:

Mueller Admits Fault in FBI Intrusions

Mar 9, 8:33 PM EST

By LARA JAKES JORDAN

Associated Press Writer

WASHINGTON (AP) -- The nation's top two law enforcement officials acknowledged Friday the FBI broke the law to secretly pry out personal information about Americans. They apologized and vowed to prevent further illegal intrusions.

Attorney General Alberto Gonzales left open the possibility of pursuing criminal charges against FBI agents or lawyers who improperly used the USA Patriot Act in pursuit of suspected terrorists and spies.

The FBI's transgressions were spelled out in a damning 126-page audit by Justice Department Inspector General Glenn A. Fine. He found that agents sometimes demanded personal data on people without official authorization, and in other cases improperly obtained telephone records in non-emergency circumstances.

The audit also concluded that the FBI for three years underreported to Congress how often it used national security letters to ask businesses to turn over customer data. The letters are administrative subpoenas that do not require a judge's approval.

"People have to believe in what we say," Gonzales said. "And so I think this was very upsetting to me. And it's frustrating."

"We have some work to do to reassure members of Congress and the American people that we are serious about being responsible in the exercise of these authorities," he said.

Under the Patriot Act, the national security letters give the FBI authority to demand that telephone companies, Internet service providers, banks, credit bureaus and other businesses produce personal records about their customers or subscribers. About three-fourths of the letters issued between 2003 and 2005 involved counterterror cases, with the rest for espionage investigations, the audit reported.

...

FBI Director Robert S. Mueller said many of the problems were being fixed, including by building a better internal data collection system and training employees on the limits of their authority. The FBI has also scrapped the use of "exigent letters," which were used to gather information without the signed permission of an authorized official.

...

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information.

...

Both Gonzales and Mueller called the national security letters vital tools in pursuing terrorists and spies in the United States. "They are the bread and butter of our investigations," Mueller said.

...

In 2000, for example, the FBI issued an estimated 8,500 requests. That number peaked in 2004 with 56,000. Overall, the FBI reported issuing 143,074 requests in national security letters between 2003 and 2005.

But that did not include an additional 8,850 requests that were never recorded in the FBI's database, the audit found. A sample review of 77 case files at four FBI field offices showed that agents had underreported the number of national security letter requests by about 22 percent.

Additionally, the audit found, the FBI identified 26 possible violations in its use of the letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.

The FBI also used exigent letters to quickly get information - sometimes in non-emergency situations - without going through proper channels. In at least 700 cases, these letters were sent to three telephone companies to get billing records and subscriber information, the audit found.

---

On the Net:

The report is at: http://www.usdoj.gov/oig/reports/FBI/index.htm

Justice Department: http://www.usdoj.gov

FBI: http://www.fbi.gov

Labels: law enforcement, national security, patriot act, privacy, warrants

The Parliamentary Committee on Access to Information, Privacy and Ethics continues its five year review of PIPEDA, most recently hearing from the Royal Canadian Mounted Police on Tuesday and the Privacy Commissioner on Wednesday.

The RCMP is calling for lowering the bar in PIPEDA to allow greater access to personal information in the course of investigations. The Act, as it is currently in force, allows organizations to provide personal information without consent to law enforcement in certain circumstances. Section 7(3)(c.1)(iii) of PIPEDA allows this, but only where the law enforcement agency has "lawful authority to obtain the information":

Disclosure without knowledge or consent

(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is ...

(c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that

(i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs,

(ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or

(iii) the disclosure is requested for the purpose of administering any law of Canada or a province;

Representatives of the RCMP told the committee this requirement is the force's largest single impediment in child exploitation investigations. The force would like the ability to get pesonal information even in circumstances where they don't have enough to justify a warrant.

The Privacy Commissioner is not at all impressed.

For media coveage, see: Federal watchdog and RCMP battle privacy protection.

And for some earlier discussions on this and related topics, see label:warrants.

Labels: law enforcement, lawful authority, national security, privacy, warrants

The Federal Communications Commission is trying to develop rules to counter pretexting, but is encountering resistance from the FBI and Secret Service. A requirement to destroy calling records after they have served legitimate business purposes would not make the records available to be reviewed by law enforcement. A second requirement to notify consumers if their records have been disclosed by a pretexter would tip the consumers off if they are the subject of an investigation. See: Gov't balks at phone privacy provision - Yahoo! News.

Labels: law enforcement, national security, pretexting, privacy

In the wake of the SWIFT privacy scandal, the European parliament will be debating the scandal, European data protection laws and broader issues of access to personal data. Should be interesting to watch:

theparliament.com - EU parliament debates personal data rules

EU parliament debates personal data rules

MEPs are this week expected to intensify pressure on the European commission to act over the controversial Swift case.

In November, an independent panel found that the Belgian-based money transfer company Swift had breached EU privacy laws by secretly giving personal financial data to the US authorities.

Swift denied breaking the law, saying it was subpoenaed to give limited data for use in the fight against terrorism.

On 31 January, in the first Brussels parliamentary plenary of the year, deputies will debate the issue of current personal data legislation and table a series of questions to the commission on the Swift case.

Included in the list of questions is a demand to know whether the commission is aware of any other requests to private companies to make their data available to the US.

MEPs also want to know what action the commission intends to take given that access to data handled by Swift makes it possible to get information on the economic activities of individuals and businesses.

The ongoing row involving Swift, which handles 11 million transactions a day, could further exacerbate tensions between the EU and the US over the use of personal flight data in the fight against terrorism.

The EU and US recently resolved a long-running dispute over the issue and is confident of reaching an agreement on passenger name records (PNR).

US negotiator Michael Chertoff and his EU counterpart Wolfgang Schauble said at the weekend that despite continued differences of opinion on the use of the personal data they were confident of reaching a deal by July.

Some MEPs, however, are currently raising concerns which they would like the commission to take on board when the executive alone negotiates a new agreement with the US.

The plenary, though, will be urged by British Conservative MEP Timothy Kirkhope to back the deal brokered by the EU and US.

"Some of these concerns are warranted but the most important thing to adopt are appropriate air safety and anti-terrorism measures and provide certainty for the airlines, while also ensuring that data protection norms are respected,” Kirkhope said.

Labels: air travel, europe, law enforcement, national security, patriot act, privacy, swift

I just checked my calendar to see if I accidentally slept in and woke up on April 1. According to Yahoo News, the British government is considering taking all encompassing surveillance to the next level by installing cameras in public places that can see through clothes. According to a memo obtained by the Sun, the measure will make the detection of weapons and explosives easier.

X-ray cameras 'see through clothes' - Yahoo! News UK:

However, officials acknowledged that it would be highly controversial as the cameras can "see" through clothing.

"The social acceptability of routine intrusive detection measures and the operational response required in the event of an alarm are likely to be limiting factors," the memo warned.

"Privacy is an issue because the machines see through clothing."

The Sun reported that the memo, dated January 17, was drawn up by the Home Office for the Prime Minister's working group on security crime and justice.

It noted that some technologies used for airport security had already been used in police operations searching for drugs and weapons in nightclubs.

"These and other could be developed for a much more widespread use in public places," it said.

"Street furniture could routinely house detection systems that would indicate the likely presence of a gun for example."

A Home Office spokeswoman said: "We don't comment on leaked documents".

Labels: air travel, airlines, europe, law enforcement, national security, privacy, surveillance, video surveillance

The American Civil Liberties Union, along with a coalition of civil liberties groups, has put up an interesting web site with stories of state surveillance in America, from pre-WWI to post 9/11. Check it out: Tracked in America.

Labels: national security, patriot act, privacy, surveillance, video surveillance

CanWest News Service is running a very interesting feature-length report on the upcoming Canadian "no fly" list. Read the entire article ...

Canadian airline passengers will be kept under close scrutiny

Canadian airline passengers will be kept under close scrutiny

Don Butler

CanWest News Service

Tuesday, January 23, 2007

OTTAWA - The RCMP and the Canadian Security Information Service will be able to examine up to 34 pieces of information about everyone who flies in Canada under a comprehensive passenger screening program being developed by Public Safety and Emergency Preparedness Canada.

Among other things, the program will require airlines to gather and share the full legal name, date of birth, citizenship or nationality and gender of all passengers - information they don't currently collect for domestic flights.

The new program will affect about 90 million passenger trips a year, two-thirds of which are purely domestic.

The program is authorized under Section 4.82 of the Aeronautics Act, which gives CSIS and the RCMP the right to receive and analyse Advance Passenger Information (API) and Passenger Name Record (PNR) data from air carriers and operators of aviation reservation systems without a warrant.

API data is collected at check-in and include name, date of birth, gender, citizenship or nationality and travel document information. PNR data is collected at the time of booking and includes information relating to a traveller's reservation and itinerary.

Section 4.82, added to the Aeronautics Act in 2004 when the Public Safety Act was passed but not yet in force, also authorizes CSIS and the RCMP to match passenger information against any other data under their control.

The Section 4.82 program ''is envisioned as the next step'' in a two-pronged strategy to use airline passenger information to combat terrorist threats, said Philip McLinton, a spokesman for Public Safety and Emergency Preparedness Canada.

The first step - Canada's new no-fly list - will be introduced in March for domestic flights and in June for international flights.

McLinton said it's ''impossible to speculate how 4.82 would impact the no-fly list. It's just too early to say.''

Since 2002, airlines flying to Canada from abroad have had to provide API and PNR data to the Canadian Border Services Agency, which analyses and risk-scores it to identify passengers who require further review on arrival in Canada. The agency doesn't get the information until flights have departed for Canada.

Under the Section 4.82 program, the collection and analysis of passenger information will dramatically expand. Airlines and operators of reservation systems will have to send passenger information to the RCMP and CSIS for all domestic and international flights. And they'll have to do so before flights depart.

The no-fly program, known as Passenger Protect, obliges airlines to vet the names of passengers against the no-fly list and notify Transport Canada is there is a match. That responsibility will shift to the RCMP and CSIS under the Section 4.82 program.

...

Section 4.82 also authorizes CSIS and the RCMP to disclose passenger information to other organizations or individuals to promote public safety. They include the minister of Transport, the Canadian Air Transport Security Authority, air carriers, airport operators and police officers. ...

It is unclear how, or even whether, the passenger information gathered under the Section 4.82 program would be shared with the U.S. and other allies. The feasibility study cites two issues with the PNR data that would be collected and shared under the section 4.82 program.

...

Another issue is passenger information that is currently not collected during the reservation process, but is essential for the new Section 4.82 program to operate effectively.

Most important is full name, date of birth and gender, which the study says is ''widely viewed as the core set of information required'' to match existing law enforcement records. That information is not currently collected for domestic passengers, so regulations may be needed to make provision of that information mandatory.

''For domestic flights, if the government regulates a requirement for passengers to provide full name, date of birth and gender, the air carriers' view is that passengers would comply, and that air carriers would provide this data,'' the feasibility study says.

To avoid causing delays to the travelling public, the study also says swift and timely information flow is required that can take account of last-minute changes such as no-shows.

...

Ottawa Citizen

Here's the list of 34 pieces of information to be collected by airlines on everyone who travels on domestic or international flights flying in or out of Canada:

1. Surname, first name and initial or initials.

2. Date of birth.

3. Citizenship or nationality or, if not known, the country that issued the travel documents for the person's flight.

4. Gender.

5. Passport number and, if applicable, visa number or residency document number.

6. The date on which passenger name was first recorded with airline.

7. If applicable, a notation the person arrived at the departure gate with a ticket but without a reservation for the flight.

8. If applicable, the names of the travel agency and travel agent who made the person's travel arrangements.

9. Date airline ticket was issued.

10. If applicable, a notation the person exchanged their ticket for another flight.

11. The date, if any, by which a ticket for a flight had to be paid to avoid cancellation of the reservation; or the date, if any, on which the request for a reservation was activated by the air carrier or travel agency.

12. Airline ticket number.

13. Whether the flight is a one way.

14. If applicable, a notation the person's ticket for the flight is valid for one year and is issued for travel between specified points with no dates.

15. The city or country where the flight begins.

16. All points where a passenger will embark or disembark.

17. The name of airline.

18. The names of all airlines to be used on trip.

19. The aircraft operator's code and flight ID number.

20. The person's destination.

21. The travel date for the person's flight.

22. Any seat assignment on the person's flight selected for the person before departure.

23. Number of pieces of baggage checked by the person.

24. The baggage tag numbers

25. Class of service (first class, business class, economy).

26. Any specific seat request.

27. The passenger name record number.

28. Phone numbers of the person and, if applicable, of the travel agency that made the arrangements.

29. Passenger's address and, if applicable, that of the travel agency.

30. How the passenger paid for the ticket.

31. If applicable, a notation the ticket was paid for by another person

32. If applicable, a notation there are gaps in the passenger's itinerary that necessitate travel by an undetermined method.

33. Departure and arrival points, codes of the aircraft operators, stops and surface segments.

34. If applicable, a notation the ticket is in electronic form and stored in an aviation reservation system.

Labels: air travel, airlines, international travel, law enforcement, national security, no-fly list, privacy, surveillance