National Security Still Doesn’t Trump Personal Privacy

How far does the legitimate scope of governmental power reach, in a time of technology and enhanced concerns of personal privacy?

Following the attacks on Canadian Parliament on October 22, 2014, the proper balance between national security concerns and personal privacy and liberties is of foremost concern for many citizens. The Federal government has responded, in part, by the introduction of Bill C-51, which has itself spurned considerable controversy.

National security and law enforcement concerns are not exclusive to our jurisdiction. At the Fourth Annual UCLA Cyber Crimes Moot this weekend, competitors from across the country considered the constitutional implications of governmental powers. The problem was based on United States v. Dreyer, 767 F.3d 826 (9th Cir. 2014), which deals with the collection of evidence and its exclusion under the Posse Comitatus Act (PCA), and United States v. Davis, 754 F.3d 1205 (11th Cir. 2014), addressing the third-party doctrine for cell phone location data. Davis is currently pending en blanc review, and parties have submitted briefs on January 30, 2015 arguing for en banc rehearing in Dreyer.

The moot competition was also preceded by a symposium on the un-hackable smartphone, and whether privacy safety was the price of personal privacy. Participants in the Oxford-style debate included: Kevin Brock, former FBI Assistant Director for the Office of Intelligence; Jeramie Scott of the Electronic Privacy Information Centre; Bruce Fein, former counsel for Edward Snowden’s family; and, a current FBI field agent.

The court in Dreyer struggled with the discovery of child pornography by a naval officer on a file-sharing network, who confirmed that this person was not a member of the navy and then conveyed the information to local law enforcement. The problem is the PCA prohibits the direction participation of armed forces in civilian law enforcement activity unless otherwise authorized by law. The accused brought a motion to suppress the evidence as a result, a mechanism similar to our s. 24(2) of the Charter.

The Court of Appeal reversed the District Court’s decision, and granted the accused’s request. The court adopted the reasoning in U.S. v. Chon, 210 F.3d 990 (U.S. Court of Appeals for the 9th Circuit 2000), which rejected the notion that the PCA would not apply on the basis that the officer was a member of the Naval Criminal Investigation Service (NCIS), which is a largely civilian operation headed by civilian command. Because the NCIS is accountable to the Navy, the PCA would apply to the NCIS unless there was an independent military purpose for an investigation.

One remedy provided under the PCA is the exclusion of evidence, but according to United States v. Wolffs, 594 F.2d 77, 85 (5th Cir. 1979), this requires violations of the act to be “widespread and repeated.” Even when military actions violate the Fourth Amendment it many not necessitate the exclusionary rule, such as in Hudson v. Michigan, 547 U.S. 586 (2006). Exclusion is considered a “massive” remedy, and armed forces typically have their own internal disciplinary mechanisms available to deal with violations.

In Davis, the challenge is the use of the Stored Communications Act 18 U.S.C. § 2703 (SCA), a part of the Electronic Communications Privacy Act of 1986, to obtain geographic information data of a criminally accused from their cell phone provider. The SCA authorizes disclosure of information held by third-party service providers of wire and electronic communications by court order, and without warrant, where a person voluntarily turns over this information to a third-party. When cell phone users make a phone call, this must be transmitted through cell towers. The tower through which these calls are relayed is recorded in an ancillary fashion by all cell phone providers.

Circuit courts have applied the third-party doctrine in a contradictory manner. In re United States for an Order Directing Provider of Elec. Commun. Serv. to Disclose Records to the Gov’t, 620 F.3d 304 (3d Cir. 2010), the 3rd Circuit held that the voluntary behaviour of a cell phone user is only the dialling of the phone number, not the location data of where they are located when they make the phone call. Most cell phone users are completely oblivious that their location information is passed on to the provider when they make a call, and do not intend for calls to create a diminished expectation of privacy about their location.

However, the Fifth Circuit in re Application of the United States for Historical Cell Site Data, 724 F.3d 600 (5th Cir. 2013), came to the exact opposite conclusion, allowing the disclosure of this information without a warrant. The court found that cell site information clearly fell within the scope of business records, and the government did not compel cell phone providers to collect this information. The court agreed with the proposition by the government that users know that they convey their location when they make these calls, and that if they cannot pick up a signal they are likely out of range from a tower. Even if they do not explicitly know this process, it is detailed in the contractual terms of service and privacy policies that all customers agree to.

What distinguishes Davis from other cell phone cases prior to it, such as Riley, is that the data is not stored on the phone itself. The new iOS 8 upgrades, which encrypt much of the data on these smartphones, has alarmed national security and law enforcement agencies.

The active FBI agent at the symposium this week confirmed that there are smartphones that are turned away every day by law enforcement due to an inability to access the information on them. But encrypted phone data is hardly a priority for the FBI right now, because they are more concerned about retention of phone logs instead. Scott confirmed this, noting that only 9 cases in 2013 were thwarted by encryption. The false sense of security provided to the public by cell phone manufacturers by encryption may in fact be misleading about the type of information which can still be collected.

Brock noted that this was not about a challenge to privacy for the sake of security, but a balancing in very narrow circumstances. There are very few people who are targeted by lawn encroachment for this type of surveillance. Scott challenged this notion, noting that many innocent people have been subjected to unnecessary surveillance in the recent past. In particular, he made reference to the Occupy Movement and Muslim-Americans.

Fein contended that the lack of oversight makes any such powers a chill to societal freedom. Since May 2006, he contented that over 320 million Americans were put under surveillance, and the NSA lied about it under oath. Not a single person in the government since 9/11 has been disciplined or rebuked for contravening surveillance laws. Counterbalances and checks simply do not work. More importantly, you may choose to share your information with Google and other private entities, but none of these corporations have the power to destroy an individual thoroughly in the way that the government potentially can.

Although Canadians have a legitimate concern in ensuring our national security, this does not mean abandoning all of our privacy interests to government without proper justification. Bill C-51, which would empower CSIS agents and allow them to behave in a manner similar to law enforcement, lacks even the constraints that the PCA has in the U.S. The Supreme Court of Canada’s decision in Fearon also suggests that our Court is currently unwilling (or unable) to properly constrain governmental powers.

The opposition to Bill C-51 from the legal community has been almost completely absolute. Craig Forcese of the University of Ottawa and Kent Roach of the University of Toronto have launched a website which details the many problematic aspects of the Bill. On Friday, the Canadian Bar Association came out against Bill C-51 as well, stating that it potentially places,

 the entire Charter into jeopardy, undermines the rule of law, and goes against the fundamental role of judges as the protectors of Canada’s constitutional rights.

The advantage that we have in Canada is that we can already learn from the failures of the American measures enacted after 9/11. Examples of abuse of the PATRIOT Act include its use by the FBI to charge Adam McGaughey for copyright infringement after obtaining financial records from his ISP, tens of thousands of “National Security Letters” and a million financial records for certain Las Vegas businesses, and investigation of potential drug traffickers for alleged future crimes. The PATRIOT Act has even been used to attempt to force journalists to hand over their notes from interviews.

Under the guise of security, liberty and democracy have been turned on its head. It’s the wrong direction for Canada, and the focus should be on the areas the government is already obtaining our information without our knowledge, not in providing them further ambiguity and cover to obtain even more.