It’s the end of online privacy in America, but what does that mean for Canadians?
Critics of an Executive Order signed by the U.S. President anticipate the worst, saying the Order stops much-needed new privacy controls from coming into effect. Those controls would have provided at least some protection for a user’s personal data, and they could have limited the ability of U.S. broadband and Internet service providers to collect and sell aggregated data about their customers’ Internet activity and Web browsing history without permission.
The Order to repeal incoming broadband privacy controls is a sad day for consumers and businesses in the United States, critics — including the ‘Father of the Internet’, Sir Tim Berners-Lee – observed, noting that while the rest of the world is increasingly recognizing privacy as a basic human right, the U.S. has failed to do so for its own citizens.
U.S. Privacy Laws Directly Impact Canadians
And then, just last month, with the stroke of a pen on another Executive Order, U.S. privacy protection for foreigners was “removed” and that has our Privacy Commissioner worried.
The Order, listed as #13,768 and titled Enhancing Public Safety in the Interior of the United States, states in part that:
“…privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
Privacy advocates are worried that such information can include work history and financial status, health and medical records, sexual or religious orientation, political beliefs and more.
Without even travelling to the U.S., and therefore putting aside issues related to physical search and possible seizure of personal items like mobile devices and portable computers, Canadians’ data is at risk south of the border.
(UPDATE May 30: Hard to put them aside, I know. In fact, the country’s Privacy Commissioner has added another concern to his list: that fact that U.S. border agents are or may be asking for a traveller’s smartphone or digital device password at border crossings. In a letter to the House of Commons public safety committee, Therrien warns the recent pronouncements from the Trump administration could mean intrusive searches — even at preclearance facilities in Canada.)
The risk even when not you are physically travelling to the U.S. still exists for your data trnsmissions. That is due in part to the topographic nature of the Internet itself (it’s well-known that data communications and transmissions even between two Canadians in Canada can and do cross the border), and also the known treaties and agreements that allow sharing of data between and among government agencies.
So Canadian Privacy Commissioner Daniel Therrien says there is “a significant gap in protection of Canadians’ personal information south of the border”, and he has written to Canadian government officials expressing his concern and asking for them to take action.
Privacy Knowns, Privacy Unknowns
In fact, he needs to know more about what he needs to be concerned about!
“[T]here are, I am sure, numerous other information-sharing agreements between the two countries governing agency-to-agency sharing, the full scope of which I do not know,” our Privacy Commissioner wrote, somewhat disconcertingly (italics added). “[I] ask that you provide my Office with copies of at least the most significant information-sharing agreements that the Government of Canada has in place with the Government of the United States that would touch on these issues … and [I] ask that you remain vigilant in monitoring any changes to how information-sharing activities with the U.S. are being operationalized.”
Even the American Civil Liberties Union is worried about the impact on Canadians (well, all foreigners), noting the policy could let the new U.S. administration release private information collected from refugees, college students, tourists, people in the U.S. on work visas, and others. The new policy could also make it easier for Immigration and Customs Enforcement to obtain information that can be used to detain or deport people. Immigrant workers who report violations of workplace laws to the Department of Labor could have their information more easily disclosed to hostile employers or immigration enforcement officials, the ACLU added.
“This policy change is flawed, unwise, and will needlessly strip away the rights of millions of people,” said Neema Singh Guliani, ACLU legislative counsel.
Yes, Internet connectivity can connect and empower people around the world, but individual jurisdictions can impact those connections in ways we are just beginning to realize, uhh, depending on if we realize how they are “operationalized”.
In related news if not a direct response, two major Internet groups have come together in an attempt to enhance security, privacy and trust online. The Online Trust Alliance (OTA) and the Internet Society (ISOC) just announced that the two global non-profit organizations will combine their resources, bringing together a range of international industry players, including Canadians and members of the Canadian ISOC branch.