When it comes to information sharing for national security, everything is a balancing act – the government needs to protect its citizens from outside threats without depriving them of their civil liberties in the process. Both of these important concerns are fundamental to our freedom.
Parts of the Security of Canada Information Sharing Act, according to the CBA, may tip the scales a little too far toward national security.
David Elder, of the CBA National Privacy and Access Law Section, appeared in January before the Standing Committee on Access to Information, Privacy and Ethics, which is studying the Act, in support of a CBA submission calling for SCISA to achieve the appropriate balance.
“Information sharing is necessary to ensure the efficient and effective operation of government institutions as they work together to safeguard Canadians,” the submission says. “However, sharing too much information – or information that is not reliable, as illustrated by the case of Maher Arar – or not sharing enough information to protect national security can lead to harmful consequences.”
The CBA has a number of concerns about SCISA, which “significantly expanded intra-governmental information sharing.” Its seven recommendations include providing effective mechanisms for independent oversight and accountability, as well as basic privacy protections and clear limitations on the purpose for sharing.
Section 5(1), which allows personal information to be disclosed if it is “relevant to the recipient institution’s jurisdiction or responsibilities” is of particular concern.
“Mere relevance is a very low standard for what should be an exceptional sharing of information between (government) departments,” the submission says. Among other things, the CBA points out, this puts a burden on a disclosing institution to be sufficiently aware of a recipient institution’s mandate to know what particular pieces of information would be relevant to its work.
“As the Privacy Commissioner has pointed out, the standard under the Canadian Security Intelligence Service Act to permit CSIS to collect information is where collection is ‘strictly necessary.’ This may also be an appropriate and symmetrical standard under SCISA.”
Even then, that’s a lot of work for the disclosing institution. The CBA suggests a new body might be established as a “single, centralized expert authority for distribution – where relevant and strictly necessary.”
Once the information has been shared, the CBA is worried that SCISA does not adequately restrict re-sharing with other institutions or third parties, including foreign governments.
“In the CBA’s view, the information sharing between government institutions contemplated by SCISA should be seen as an extraordinary measure, designed to fulfil an explicit, narrow purpose. It is incumbent on the federal government to explicitly restrict subsequent use and disclosure of that information. It is not enough to leave further disclosures to be governed by existing, sector-specific statutes that may govern the activities of designated potential recipient institutions.”