Trump’s Executive Order on Foreigners Strips Privacy Protection for Canadians

Included in Trump’s reprehensible executive order “Enhancing Public Safety in the Interior of the United States” was this:

Sec. 14. Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.

The Privacy Act covers personal information held by US Federal agencies. This would apply, for example, to information collected about Canadians entering the United States.

This should be attracting the wrath of the Canadian privacy commissioner and the Canadian government.

More detail is in this post by Michael Geist and this post on Open Media.

Given this attitude, we should be redoubling efforts to make sure our communications are encrypted.

Conventional wisdom has been that our data is just as safe in the US as Canada given that both countries have limits to protect privacy when it comes to law enforcement and government ability to dip into our information. But this cavalier attitude puts that into question, and it may be prudent for Canadian entities to keep their data in Canada to the extent possible. Where that isn’t practical, attempts should be taken (and assurances obtained from vendors) to encrypt that the data in a way that the provider doesn’t have access to it.

Comments

  1. David Collier-Brown

    In addition, we should make sure that our data is not stored in the “cloud” of a company without their data centres in Canada.

    I use Google Docs, for example, and access to personally identfying information in it is no longer protected by US law.

    In my Copious Spare Time, I’m now looking to see if I have anything identifying in my files there. I suspect I have, for example, some contact lists…

  2. Other than the shock event and its far ranging impact, God knows what ultimate mischief is intended here.
    It does seem time, however, to put away hopeful wishes and get serious as a profession regarding encryption. I’d mentioned in some comments here on Slaw years ago that law societies in Canada might consider supporting client confidentiality by being the encrypted cloud service provider for members only. Zero knowledge encryption with keys in ink and paper inside tamperproof envelopes stored onsite with the law society itself. The lawyer would have the key too obviously, but the redundancy would make the data bus proof and recoverable inside a strict process.

  3. A colleague wondered if I meant bust-proof. I mean “bus proof”, as in access to the data will not be crippled if any one individual were hit by a bus or disappeared unexpectedly for any reason.

  4. David J. Bilinsky

    Greetings

    First I agree that what is happening south of the border should be of concern to all lawyers in particular and anyone who seeks to use the cloud in particular.

    Second, I would advise Canadian lawyers to think carefully regarding their cloud providers. For example the two major legal cloud providers, Amicus Cloud and CLIO, have their servers in the USA. This should give pause to any lawyer using these services. This similar analysis should spread to any cloud service that they use, whether it is Dropbox, Google Drive, OneDrive, Amazon, iCloud or other.

    Third, if lawyers have not already done so, I would advise lawyers to work through the Cloud Computing Checklist on the Law Society of BC’s web site. http://www.lawsociety.bc.ca/docs/practice/resources/checklist-cloud.pdf

    Fourth, I would advise lawyers to consider moving to Canadian hosted and Canadian owned cloud providers. Sync.com is but one example here. Zero-knowledge, data privacy compliant (100% Canadian) etc. These and similar services are aiming at meeting the needs of Canadian lawyers and businesses in terms of a cloud product.

    Fifth, I would not look to the Law Societies across Canada to build a cloud service. Law Societies are in the business of regulating lawyers. They are not in the business of building cloud services or other such entities. Following the maxim ‘Stick to the knitting’, it is clear that the Law Societies should not be venturing into an area that is clearly not within their expertise. This need is best filled by business organizations who have their expertise in providing secure and private cloud services.

    I agree with Nate that these cloud services have to be both ‘bust-proof’ and ‘bus proof’.

    Regards,

    Dave Bilinsky

Leave a Reply

(Your email address will not be published or distributed)