C-42 An Act to Amend the Aeronautics Act

 
 
 

Mr. Bill Siksay (Burnaby—Douglas, NDP):

 

    Mr. Speaker, I am very pleased to have the opportunity to speak in the debate on Bill C-42, An Act to amend the Aeronautics Act or, the short title as suggested by the government, the strengthening aviation security act.

    We know the government has been very creative in selecting short titles or nicknames for some of its legislation. This is one of the least creative it has come up with. There are probably some other possibilities that should have been considered, certainly from a New Democratic perspective. We might have called this the compromising Canadians' privacy act, or the caving in to U.S. security interests act or the dumping Canadians' personal information into an American black hole act. There are a number of other possibilities. Given those suggestions, it is very clear that New Democrats have very serious concerns about the legislation and that we do oppose the bill.

    The bill would amend the Aeronautics Act to exempt airlines from the obligations set out in the Personal Information Protection and Electronic Documents Act, or PIPEDA, to allow information in the airlines' control about passengers to be shared with a foreign state.

    Currently this information is only shared when a Canadian plane is scheduled to land in a foreign country. However, the bill would expand that to cover any Canadian plane that is due to fly over a foreign country. We are primarily talking about Canadian flights to the United States and over the United States, and certainly over the United States, and it is the United States that is driving these changes.

    It is also done in the context where we know that the United States has not always appropriately or justly used the information it has received. I think for all of us the case of Maher Arar comes immediately to mind in that circumstance.

    We know there have very serious problems. The situation that Mr. Arar found himself in was a horrible situation and it arose from this kind of transfer of passenger information to a foreign authority.

    The bill does not currently cover flights of Canadian aircraft between Canadian destinations that fly over another country. When I fly back and forth from Vancouver to Ottawa, often the flight will go over the United States. Right now, information about the passengers on those flights is not shared with the Americans. However, one wonders when that will happen. I suspect that is the next ask from the Americans when it comes to sharing passenger information. I expect it is not far down the list of demands that the Americans will make of us in this regard. I think that will be a huge concern to Canadians, not that the current proposal is not a real concern to them, because it is.

    By proposing to exempt Canadian airlines from the obligations they must currently meet under PIPEDA, the government is throwing out the key operative principles of PIPEDA, which were established to protect the privacy of Canadians, principles such as accountability, identifying purposes, consent, limiting collection, limiting use disclosure and retention, accuracy, safeguards, openness, individual access and challenging compliance. There are 10 principles and they are outlined in great detail in schedule 1 of PIPEDA.

    For instance, the first principle is “Accountability” and is described as:

 

    An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

    It goes on to outline four subsidiary principles from that one on accountability, relating to how an organization handles the information under its control.

    The second principle in schedule 1 of PIPEDA is “Identifying Purposes”, which is explained as

 

    The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

    Therefore, there is a requirement around clarity of what is around the sharing of that information.

    The third principle in schedule 1 attached to PIPEDA is “Consent”. It says:

 

    The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

    The fourth principle is “Limiting Collection” of information. It says:

 

    The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

    This one goes on to be elucidated with further sub-principles.

    The fifth principle, “Limiting Use, Disclosure, and Retention”, is described as:

 

    Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.

    There are some pretty particular requirements in PIPEDA around that principle.

    “Accuracy” is the sixth principle. It says:

 

    Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

    Again, it is further elucidated in the schedule.

    “Safeguards” is the seventh principle in PIPEDA. It says:

 

    Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

     Therefore, organizations are required to safeguard and make appropriate arrangements for the protection of that information.

    The eighth principle is “Openness”. It says:

 

    An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

    The ninth principle is “Individual Access”. It says:

 

    Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

    The tenth principle is “Challenging Compliance”. It says:

 

    An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.

    PIPEDA has a very detailed outline of the kinds of principles that should be part of any process of sharing the personal information of Canadians by organizations in the private sector, which airlines are required to comply with currently. What this law seeks to do is grant an exemption to that schedule for airlines with regard to passenger information.

    Instead of developing an agreement with the United States that addresses these principles and complies with PIPEDA and showing where security requirements might require some change or safety might require a compromise, what we are presented with in the legislation is a blanket override of PIPEDA. There is no subtlety to this. It gives the government the ability to negotiate something with the United States or another country that completely ignores the requirements of PIPEDA around the sharing of the personal information of Canadians, and I do not think that is appropriate.

    PIPEDA outlines some important principles that should be considered and struggled with. It may well be that there is an appropriate compromise to be had in a case of national security, but we will not that out of the process that is elucidated in Bill C-42.

    When we look at the current Aeronautics Act, there are a lot of places in the act where the minister has discretion in the name of national security. In that circumstance, where there is a combination of an override of the principles established in our law about the personal information and privacy of Canadians and it is combined with an override by the minister, which is hugely discretionary, there is a huge potential for problems and one that goes much too far, especially when we look at the record of the current government.

    The government has shown on many occasions that it is always ready to compromise the rights of Canadians in the name of the fight against terrorism. It seems like we just have to say the “T” word and all kinds of other things are expected to fall away, things that we hold dear. Rather than a careful reasoned approach to coming up with policy around national security and safety sometimes, the government goes to an extreme. We have to look at the situation of the security certificate cases. A provision in the Canadian Immigration Act, which was intended to allow for expedited deportation of non-citizens and non-permanent residents, has been used in some cases for indefinite detention, not the purpose for which it was intended.

 

    When we look at some of the specific cases that have been argued and taken to court, we can see that, even when the government extended and re-issued security certificates in the name of national security and the concerns it had about individuals' attachment or participation in terrorist organizations or terrorist activity, the government did not follow the process very appropriately. It did not review all of the information at hand. It did not make available all of the information that was available. In one particular case it did not update its files on the individual involved.

    The concern for security allowed all kinds of other sloppiness to happen in that process. I think it was pretty damning of the former minister of public safety and his actions in regard to the re-issuance of security certificates in the court judgment to which I am referring.

    There are problems with how the government has approached the use of information in the situations where it has determined it believes there is a question of national security. We have to make sure that all information is taken into consideration in those cases.

    Another example might be the use of full-body scanning at Canadian airports, and more intrusive forms of full-body scanning are on the way. We know that backscatter technology, which has been developed and which is being implemented in some American airports, gives a sharper, more defined image than the very basic image the current technology that is in use here in Canada. It is already available and being deployed in some places in the United States.

    Canada jumped on that band wagon, probably at the urging of our American neighbours. We have invested heavily in full-body scanning equipment; I think it is millions of dollars. Probably if they had their choice, Canadians would have preferred the kind of scanners that go into hospitals rather than these airport full-body scanners. That is a question about how we use the technology and how we make decisions around security.

    It is interesting to look at the example of Israel. An Israeli airline security expert appeared before a parliamentary committee to say that he had great doubts about the value of this kind of technology and did not see Israel moving to adopt that technology. He said Israel thought there were more effective means of ensuring passenger safety and airline safety that did not go down that road.

    Again, it seems as if we jumped on a band wagon to appease our American neighbours and their concerns about safety and security. Why would we do this? That is a good question, why we continue to adopt the American agenda, why we do not take our own particular course and why we do not try to negotiate something different with the Americans.

    I think there is a concern with regard to the transfer of data to Americans, that the Americans might prevent Canadian airlines from flying over the United States on the way to another destination and that this would increase the cost and be very inconvenient for the airlines and for Canadian airline passengers. There has been some suggestion that they are holding that out as a possibility if we do not comply with this demand for passenger info for Canadian airline flights that are not planning on stopping in the United States, that are not destined there.

    I hope that is not the case. Certainly that idea has been floated. The reality is, as my colleague has pointed out, that there are far more U.S. flights flying over Canada to other destinations without stopping in Canada than Canadian flights flying over the United States to other destinations. In fact it is something like 2,000 U.S. flights flying over Canada when only 100 Canadian flights fly over the United States. That is the proportion.

    So it is a bigger issue, in some sense, for Americans. What is the reciprocity? Are we demanding similar information from the Americans, or do we see any need to do that? Why would we ask for that personal information about American airline passengers? I think that is the real question. If it is something we do not see the need for, why are we kowtowing to the Americans' demand for it?

    The European Commission is also looking at this issue, and last month it released proposals for negotiating an agreement with the Americans and other countries regarding the limits on the transfer of passenger name record data, which is the basic information that we are talking about here. It is the information that airlines collect about us when we fly.

 

    We have to wonder why it would be necessary for airlines to share, for instance, what kind of meal we ordered on the plane, and if we are ordering a special meal of some kind, how this is appropriate or is any kind of information that is necessary to national security or a national security arrangement.

    Canada also has an agreement with Europe on the passenger name record issue, but apparently it has to be renegotiated due to the expiration of certain legal commitments. That is something that is either being engaged in or will be engaged in soon.

    As I mentioned, last month the European Commission outlined some principles that any PNR, passenger name record, agreement should observe.

    I want to go over them so we can see what the Europeans are demanding in their agreement with the United States and other countries. The first principle they are looking to enshrine in any agreement is the protection of personal data, aiming to protect the rights of passengers. They are saying that this data should be used exclusively to fight terrorism; that categories of this information that are exchanged should be limited to what is necessary for that purpose and be clearly listed in the agreement; and that passengers should be given clear information about the exchange of their PNR data and have the right to see their PNR data and the right to effective administrative and judicial redress. This is to help ensure full respect for privacy, that any violation of privacy will be remedied.

    They are pointing out that decisions having adverse effects on passengers must never be based on an automated processing of passenger name record data. A human being must be involved before a passenger is denied boarding. This is their attempt to avoid racial and religious profiling of passengers.

    I think that is a very crucial one, that this just cannot be some computer generated process but that actual real people must be involved when there is a negative decision involved.

    The Europeans are also seeking to have in the agreement that third countries must ensure a high level of data security and an effective independent oversight of the authorities that use PNR data. They are also saying that PNR data cannot be stored longer than necessary to fight terrorism and third countries should limit who has access to the data gradually during the period of retention.

    They are also saying that PNR data may be shared by the third country with other countries, in a process called onward transfer, only if those countries respect the standards laid down in the PNR agreement between the European Union and the third country and only on a case-by-case basis.

    I think this is a really crucial aspect of this. What happens with the information about Canadians that is provided to, say, the United States? Is that information then available to be transferred to another country, which may not meet the standards that Canadians want to ensure and may not even meet the standards that Americans have agreed to for the treatment of the personal data of Canadians? I think that is a very crucial consideration that we should be insisting on as well.

    The second principle that the Europeans are using in terms of negotiating these agreements is the modalities of transfer of the PNR data, which aim to provide legal certainty to air carriers and keep costs at an acceptable level. We have to worry about what costs are involved for airlines.

    They are also talking about standards on monitoring the correct implementation of the PNR agreement. And reciprocity is another principle, which I have already mentioned.

    We can see that the Europeans are making some very clear demands. Yet here in Canada we are debating legislation and we have no idea what demands our own government is making. The government is asking for a blank cheque to make these changes, to negotiate this agreement, and we have no idea where it is going with it.

    I think there are very serious problems. Canada's privacy commissioners in the past have called for written agreements that can be examined, and that was a very serious question when they were looking at the passenger protect program in 2007. We need to make sure we have the detailed and specific agreements and the detailed and specific legislative authority for the provisions of those agreements.

    I think we compromise the principles of PIPEDA at our peril. That is what this legislation seeks to do.

 

Mr. Jack Harris (St. John's East, NDP):

    Mr. Speaker, I listened very carefully to my colleague from Burnaby—Douglas on this issue, and it amazes me to discover, from his speech and from what else we have learned about the bill, that the government intends to enter into an agreement on the use and transfer of data without Canadians having any idea where this information is going to go.

    If we happen to go on a holiday to Mexico and are flying over the United States, with no intention of even being in the United States, information about us is going to be made available to the American authorities and there apparently are no guarantees from anyone as to where this information will ultimately go, how long it will be kept or to whom it will be given.

    This runs counter to the principles contained in not only our own privacy legislation but, as other countries have determined, the same thing goes for the United Kingdom. The House of Lords' European Union Select Committee had a similar problem with the issues in the agreement between the U.S. and the EU in terms of informing passengers about what happens to their data and specifics about what can be collected, what happens to it and who the data should be going to.

    This seems to be required by elementary requirements of privacy. Whether the entire PIPEDA applies is another question, but to just exclude it and say that there is nothing in its place seems to me to be ignoring the privacy rights of Canadians in a very reckless way.

    I wonder whether the member has gotten any assurances from the government that that is not going to be the case.

 

Mr. Bill Siksay:

    Mr. Speaker, I do think it is a really serious issue that there is too broad an exemption in this bill from the provisions and principles of PIPEDA, and when we combine that with the fact that in the Aeronautics Act there is broad discretion for the minister of transport, it is a very problematic combination that will lead to a situation where Canadians really do not know what is happening with our information.

    We remember the situations that cropped up when the no-fly list was implemented and the number of people who were delayed at airports or subject to questioning, who missed their flights, who were detained for hours when they were trying to travel and the problems they had clarifying the information, correcting information, and whether they ever really knew if that was done, why that was done or who to approach about it. There were all kinds of problems that arose with the implementation of the passenger protect program.

    We should learn something from the implementation of the no-fly list or the specified persons list. There were real problems that came up there, and there will be real problems that come from this proposal to share more personal information of Canadians with countries such as the United States, just because a Canadian is flying to a holiday in Mexico or the Caribbean and the flight happens to go over the United States.

 

Mr. Jim Maloway (Elmwood—Transcona, NDP):    Mr. Speaker, I would really like to hear from somebody as to how this bill is actually going to increase passenger safety with these measures. The fact of the matter is that the bad guys should not be on the plane in the first place, based on the no-fly list and all the security we have in place at the airport.

    I am much more concerned about the trusted shippers program, the 1,000 or so companies that are part of the trusted shippers program, because in fact mail, parcels and other packages are routinely put on planes every day. Right below where we are sitting on that plane are all kinds of mail, none of which has been scanned. If we want to look for a real security problem, that is a big area that has to be looked at both in Canada and the United States.

    Here we are running around, trying to appease the Americans with information on people on 100 flights to the United States, for what reason? We do not even know that giving them the information is going to be of any value in increasing safety. In fact the Americans have 2,000 flights a day going over Canada. Has anybody over here in the government figured out yet that we should be asking the Americans for reciprocity, that if we are going to give them the information on passengers on 100 flights a day over the United States, we want information in its 2,000 over Canada, because we have sovereign airspace as well, and if it wants its planes to be flying around Canada, avoiding our airspace, then it will have to put up with all the complaints it is going to get, thousands and thousands, to its elected people in Congress and to the airlines, because it is going to be inconveniencing the passengers?

    We have no problem doing things that make sense and that make people safer, but where is the proof that this is going to happen in this case?

 

Mr. Bill Siksay:

    Mr. Speaker, I do not know where the proof is. I certainly have not heard it in the debate so far on this legislation and I certainly have not heard it from the government.

    The member is quite right to point out that we would probably have already intercepted the bad guys before we shared the information with the United States about a flight flying over its airspace with no intention of stopping in the United States.

    He is right to raise the shipping concerns, because that may very well be the weak spot in our security system.

    The member talked about reciprocity, whether we should be getting the information about the thousands of U.S. flights that go over Canada. I am not sure that is really the issue. We need to ask ourselves, do we need that information? Is it just to collect that information? Why would we want to have that kind of information about American citizens, American airline passengers? What would Canada do with all of that information? Why should we be collecting that information? Do we really have any interest in that information, or are we just collecting it because the U.S. is collecting it?

     That might be the way to draw attention to this issue. That might be the way to get American citizens who are concerned about their privacy and the integrity of their own personal information interested in this issue. However, I am not sure that it is the kind of principle on which we would want to base this kind of legislation.