Ontario Privacy Commissioner Ann Cavoukian doesn’t pull her punches on PRISM, the no-longer-so-secret U.S. surveillance program that apparently gained direct access to servers of mammoth communications companies. But she doesn’t think we should eulogize online privacy just yet.
Cavoukian spoke with Global News by phone Friday on what this means and what happens now.
So, what do you think of reports on this PRISM program so far?
It is just breathtaking. It’s – I was going to say ‘unbelievable;’ it probably isn’t unbelievable. But it is staggering in terms of the breadth of the surveillance that apparently has been taking place. It truly is a massive surveillance program.
And I think what concerns most people … is that they’re astounded that it’s the United States of America that is engaging in this type of surveillance. … It’s the notion that there could be a back door to all of these massive communications companies’ organizations; that there could be some kind of back door that compels them … to provide the NSA with virtually unfettered access to subscriber data.
Do you think it’s weird we’ve had vehement denials from these companies?
I accept they probably don’t even know the term ‘PRISM.’ I believe them. I’m sure the NSA doesn’t tell them in detail all the code names for their programs. In general, they of course know they must comply with warrants, so they’re aware of that. … The question mark lies in what lies in the middle, in the grey area?
And I would love an answer to that. I don’t want to even hazard a guess, ’cause I haven’t a clue. But it just seems to be such a stretch that the NSA could be accessing all of this information on the sly without these companies knowing anything about it.
Would you or [Canadian Privacy] Commissioner [Jennifer] Stoddart have any jurisdiction here?
Commissioner Stoddart may: She has private-sector jurisdiction; I do not, unless it relates to health information. … I just know that if it was anything in my jurisdiction relating to extensive, in-depth surveillance of live communications, I would be all over it.
Does this set a precedent, do you think? Could police later say, ‘Well, we don’t need a warrant: Your customers’ information is probably being sucked up anyway?’
I’m guessing no. And the reason I’m saying that is this story with the NSA and PRISM has exploded – I’m sure they’re just beside themselves, because they, I’m sure, didn’t believe it was going ot expand this much. … My guess is this practice is not going to to expand. and it’s not going to make police think they have all the power they need.
It may do the reverse. I don’t know if it’s going to shrink the NSA program, but it will certainly make them make sure they’ve got all the proper authorization and warrants in place. And I think before, where companies may have incidentally given information to the police if they came without a warrant, I think now companies are going to say, ‘No way. Give us a warrant.’
I think it’s going to strengthen the resolve of companies to say ‘No’ unless they’re truly compelled to with the proper strength of a warrant.
And what about in Canada? I mean, let’s say eventually the Tory government brings back…
You don’t think so?
No. In Canada,I think, at this point in time, we’re golden. And the reason is we fought such a hard fight to kill Bill C-30. So that was the beauty: That would have allowed back-door access to the telcos, and nobody would have known about it. And we said ‘No.’ We fought such a strong campaign … thousands and thousands of people wrote to their MPs and said, ‘Not in my backyard, stop this thing.’ And so we actually succeeded in getting the bill withdrawn. It died. That never happens. … And I think it died because there’s such strong opposition to it.
And we’re certainly continuing the pressure. We don’t want to see another bill comparable to it. So you keep the pressure up and they’re also going to see, here in Canada, the reaction. This is going to explode much higher. This is only the beginning. … I think this story has legs and will make people gun shy to go in this direction.
So there’s no one, you think, in Ottawa looking at this and going, ‘We’d like to have that information’?
Well I’m sure Vic Toews is saying he’d love to have that information and he wishes he could do what the NSA did. And he can’t, because we’ve called him on it. And I think he would be a fool, and Harper is not a fool, to go in that direction.
Any idea whether Canada could be, or might be, sharing this kind of information with the NSA?
I don’t want to speculate. I know that, you know, there are some very sensitive law-enforcement matters here. You have to exchange information. I get that. I’m not trying to be naive about this. And with the VIA rail bombings that were averted … they had a lot of communication, and rightly so. So when you have detailed information about an incident that might be erupting, and you have exigent circumstances, of course you’re going to have to share data for legitimate law-enforcement purposes. That’s not what we’re opposed to.
This is accessing the email information, the subscriber data of everybody in the United States. I mean, really, it’s not one or the other. You don’t just go from one extreme to the other. You can have both privacy and public safety.
And you think, in years going forward, that’s a realistic expectation – for people to think, ‘What I’m doing online is my business’?
You know, I’m going to put a question mark on that. But I’m optimistic precisely because this story has erupted. When you hear stories like this and the outrage on the part of the public … when you see that kind of reaction on the part of the public, and senior officials, I think this is just starting.
And it will make companies reticent to give this information out unless they have the strongest warrant possible and all the Is are dotted and the Ts are crossed. I think you’re going to see more vigilance now.
This interview has been edited and condensed for clarity