From (A)toms to (B)its: the Disintegrating Rule of Law and Right to Privacy in a Digital Knowledge Economy

Einstein once said that whereas logic will take you from point A to point B, imagination will take you anywhere. The explosion and creativity and innovation that our society has experienced with the advent of the Internet and social media is leading to things not otherwise imaginable even a decade ago. For the rule of law and the right to privacy, ideas which were not conceived with modern technologies in mind, the consequences of this new cyber world of creativity and imagination are disruptive. Arguably, the lack of certainty regarding what is right and what is wrong is allowing governments to push the boundaries of what is legally permissible.

For those interested in issues relating to data privacy and cybersecurity matters, Craig Forcese, a leading authority in issues of national/international security, has published three important blog posts. For convenience purposes only, the main conclusions and comments from the blog posts are summarized immediately below. The complete blog posts should not be overlooked.

In his first article, Forcese addresses 10 important questions which Canadians ought to know about Internet spying in Canada. A second article assesses, from an objective standpoint, the possibility of Canadian Security Establishment Canada (“CSEC”) using the permissive and relaxed rules applicable to foreign intelligence gathering in order to intercept Internet communications of Canadians. His conclusion: “I have seen no documents and no actual reporting suggesting that is what is happening in practice.” He then poses a few questions, one of which is, what constitutes metadata and, more importantly to the privacy rights of Canadians, do Canadians have a reasonable expectation of privacy with respect to metadata?

When discussing the meaning and privacy implications of metadata, a bright distinguishing line should be drawn between various technologies and telecommunication systems. Metadata associated with Internet browsing activities, for instance, is wholly different from metadata found on wireless mobile transmissions, or even from an electricity meter. In this last instance, the Supreme Court of Canada held in its decision R. v. Gomboc that Canadians have no reasonable expectation of privacy in relation to metadata gleaned from an electricity meter outside one’s house. Of course, with the complexity, invisibility, speed and sophistication of modern technologies, all of the above metadata has the real potential of being mixed and mashed into one complete digital behavioral profile.

Regardless of how one defines metadata, and how it fits within our current legal framework, the fact of the matter is that our world has shifted from a world of concrete (A)toms to a world of (B)its. Traditional legal principals premised on (A) are not suited for a world now premised on (B). While this may prove to be a long and painful process, the solution in resolving some of the current legal issues may ultimately reside in rethinking our world in a fundamentally different way.

As an interesting follow-up to the question of what constitutes metadata, Forcese assesses, in his third article, a statement published in the Globe & Mail by Colin Freeze. The Statement is the following: “CSEC’s metadata collection rests on a foundational legal assumption by the minister and CSEC. They believe that metadata telecommunications are legally different from private communications, such as the content of e-mails and phone calls, which can’t be intercepted without a warrant.” By saying metadata telecommunications are legally different from private communications, Freeze is essentially saying that metadata is not considered private communication and therefore, does not benefit from special rules that seek to protect the privacy of Canadians.

If the Government turned out to be wrong in its legal assumption, the government would be exposed to culpability under Part VI of the Criminal Code which address interception of private communications. As Forcese states: “the government had better be right about this: if they are wrong, and the data does include private communication being collected without ministerial authorization, they are not protected by the National Defence Act s.273.69 carve-out from culpability under the Criminal Code, Part VI. Personally, I think the government would be insane not to have covered its bases by failing to issue a ministerial authorization on a “just in case” basis.”

With respect to privacy as it relates to metadata, Forcese opines that surely, Canadians have a reasonable expectation of privacy in metadata telecommunications: “Who calls whom, from what number, when, and from where, is information in relation to which a person surely has a reasonable expectation of privacy, triggering application of section 8 of the Charter. This is information closely tied to a biographical core — much more so than house heat signatures or power bills. In those circumstances, a warrant is required.”

Related articles