Federal agencies fumble privacy safeguards on asylum system revamp, risking refugee data

2025/09/09 Leave a comment

Sigh….:

Three government agencies that partnered on a $68-million project to revamp Canada’s asylum system failed to complete mandatory privacy safeguard tests for years while the project was being implemented, CBC News has learned. 

The lack of privacy protections raises “red flags,” lawyers say, and may have put refugee claimants’ data and applications at risk.

Immigration, Refugees and Citizenship Canada (IRCC), the Canada Border Services Agency (CBSA) and the Immigration and Refugee Board (IRB) worked together on the “asylum interoperability project,” which would transform the asylum system into a more efficient digital one and address the ever-growing backlog of pending asylum applications, which currently sits at more than 290,000.

Earlier this year, CBC reported that the project, which launched in 2019, had been prematurely shut down in 2024 in what CBSA called an “unexpected” move.

Now, documents obtained through access-to-information legislation show there were “outstanding” privacy impact assessments (PIA) for the project, which was quietly scrapped when it was only 64 per cent complete.

According to a government digital privacy playbook, a PIA is a “policy process to identify, assess, and mitigate potential privacy risks before they happen.”

“All these steps need to be completed before the launch of the initiative,” that guide says.

Even though the interoperability project has now been scrapped, it implemented changes to how data is collected digitally and used — meaning that the completion of PIAs remains an essential part of that risk identification process, said  Andrew Koltun, an immigration and refugee lawyer who also practices privacy law.

The departments told CBC over email, however, that the privacy assessments are still incomplete. IRCC said it’s currently drafting its portion of the PIA and expects it to be done by the end of 2025.

The fact they still aren’t finished, Koltun said,  raises “a lot of red flags.”

Source: Federal agencies fumble privacy safeguards on asylum system revamp, risking refugee data

Filed under Immigration Tagged with , , , ,

Ottawa’s strong borders bill could infringe on Charter and privacy rights, parliamentary study warns

2025/08/28 Leave a comment

Reinforces court challenges:

….The library received requests from MPs for an analysis of Bill C-2 and has made available a preliminary version of its research to help them and others understand the bill. 

Its findings follow similar warnings from lawyers and civil-liberties experts. They have predicted that, if passed, the bill could face legal challenges. Refugee advocates and migrant groups have criticized Bill C-2’s proposed changes to immigration and asylum law

The Library of Parliament’s in-depth look at the bill raises particular concerns about so-called lawful access provisions to give police, Canada’s spy agency and other public officers warrantless powers to demand information.

The bill would allow law-enforcement officers without warrants to demand information on whether people have used various services, such as internet providers, medical services, hotels, mailboxes or banks….

An assessment earlier this year by the federal Justice Department found that various provisions in Bill C-2 clash with the Charter of Rights and Freedoms, including clauses protecting Canadians against unreasonable searches and seizures. 

The Library of Parliament found that, as well as potentially clashing with the Charter, the bill may be framed to “circumvent” decisions by the Supreme Court of Canada that confirm the right to privacy online. 

It warns that the bill’s “expanded surveillance and data-sharing powers from law enforcement and other government agencies could potentially lead to discriminatory profiling or targeting, particularly in the context of immigration enforcement.” 

“Enhanced authority for law enforcement to access internet subscriber data without a warrant, as well as data-sharing between Canadian and foreign authorities allowed under Bill C-2, could disproportionately affect racialized and immigrant communities,” it says. 

It also raises concerns about measures to help the police and intelligence services get access to data. The CCLA warns the measures could force online services to redesign how they operate. …

Source: Ottawa’s strong borders bill could infringe on Charter and privacy rights, parliamentary study warns

Filed under Immigration, Multiculturalism Tagged with , ,

The Trump administration is building a national citizenship data system

2025/06/30 Leave a comment

Big brother without public debate and consultations. Legitimate worries:

The Trump administration has, for the first time ever, built a searchable national citizenship data system.

The tool, which is being rolled out in phases, is designed to be used by state and local election officials to give them an easier way to ensure only citizens are voting. But it was developed rapidly without a public process, and some of those officials are already worrying about what else it could be used for.

NPR is the first news organization to report the details of the new system.

For decades, voting officials have noted that there was no national citizenship list to compare their state lists to, so to verify citizenship for their voters, they either needed to ask people to provide a birth certificate or a passport — something that could disenfranchise millions — or use a complex patchwork of disparate data sources.

Now, the Department of Homeland Security is offering another way.

DHS, in partnership with the White House’s Department of Governmental Efficiency (DOGE) team, has recently rolled out a series of upgrades to a network of federal databases to allow state and county election officials to quickly check the citizenship status of their entire voter lists — both U.S.-born and naturalized citizens — using data from the Social Security Administration as well as immigration databases.

Such integration has never existed before, and experts call it a sea change that inches the U.S. closer to having a roster of citizens — something the country has never embraced. A centralized national database of Americans’ personal information has long been considered a third rail — especially to privacy advocates as well as political conservatives, who have traditionally opposed mass data consolidation by the federal government.

Legal experts told NPR they were alarmed that a development of this magnitude was already underway without a transparent and public process.

“That is a debate that needs to play out in a public setting,” said John Davisson, the director of litigation at the nonprofit Electronic Privacy Information Center. “It’s one that deserves public scrutiny and sunlight, that deserves the participation of elected representatives, that deserves opportunities for the public to weigh in through public comment and testimony.”…

Source: The Trump administration is building a national citizenship data system

Filed under Citizenship Tagged with , , , , ,

Big Brother, Big Data and Statistics Canada

2020/01/16 Leave a comment

The ongoing challenge of better and more timely data that can be best achieved through linking data, and the privacy and consent concerns, where government is held to a much higher standard:

On December 9, 2019, the Office of the Privacy Commissioner of Canada published the results of an investigation into complaints that Statistics Canada had requested from a credit institution and Canadian banks the personal information on financial transactions of banking customers without notifying those customers. This clearly raises the issue of big-data mining by public authorities – the marriage of Big Brother and Big Data – with regard to the protection of privacy.

Let us recall the facts: Seeking to measure household debt more precisely, Statistics Canada reached an agreement with TransUnion, which agreed to forward files covering close to 24 million Canadians. The files included personal credit ratings along with identifying elements (name, address, date of birth, social insurance number, etc.). Statistics Canada was then able to link this data (600 pieces of information) with data from its own surveys, such as the census. In addition, Statistics Canada asked Canadian banks to provide it with information on all transactions carried out by a sample of 500,000 households.

The Canadian Bankers Association (CBA), which Statistics Canada first approached, said that it was reluctant to respond to such a request because of the burden it placed on banks, but mostly because complying meant that they would violate their privacy standards. A Global News report on October 26, 2018, blew the whistle. The chief statistician was called up before the Standing Committee on Industry, Science and Technology, and an investigation was launched by the Office of the Privacy Commissioner. The Financial Transactions project, for which no data had yet been transferred, was immediately suspended. TransUnion also stopped forwarding information.

According to the results of the investigation, those whose information had been shared had not been notified. In the first case, TransUnion put a note in people’s files, but nobody told them it was there. (Only if they asked to see their file for some other reason could they discover it.) In the case of the project with the banks, Statistics Canada had not planned to notify the selected households. In both projects, Statistics Canada claims to have complied with the Privacy Act. The organization also claims to have relied on section 13 of the Statistics Act, which requires any person responsible for documents or archives, public or private, to transmit them to Statistics Canada if such a request is made. The Commissioner concluded from his investigation that the Credit Information Project did comply with existing law and that the complaint on this subject was thus “not well founded.” In the case of the Financial Transactions Project, he concluded – against the opinion of Statistics Canada – that what was asked for went beyond the transmission of pre-existing documents or archives and involved the creation of new files. However, since no data had yet been transmitted, the Commissioner did not see fit to accept the complaint. That said, he expressed several concerns and made six recommendations, two of which call on Statistics Canada to refrain from going ahead with both projects as designed.

These two projects offer an example of linkage between big data as a by-product of transactions and interactions carried out for private purposes and information obtained through surveys to which citizens are obliged to answer. The scale of Statistics Canada’s projects is impressive and suggests that the revolution associated with Big Data is now affecting national statistical offices, hitherto hesitant to join it due to methodological scruples and ethical constraints. Section 13 of the Statistics Act, conceived of at a time when statistical treatment of documents and archives was limited by their physical nature, presents unforeseen potential. It is also clear from the results of the investigation that Statistics Canada’s requests rested upon a particularly broad interpretation of this section of the law. The Privacy Commissioner therefore considers that the legal framework applying to the collection of “big-data administrative data” from the private sector is outdated and suggests that the legislator review the Statistics Act respecting this matter.

On the other hand, the problems that the Statistics Act could pose would no doubt be lesser, according to the Commissioner, “if the Privacy Act were not so out of date.” In 2016, he proposed that it be amended “to explicitly require compliance with the criteria of necessity and proportionality in the context of any collection of personal information.” In fact, even if Statistics Canada agreed to demonstrate the “necessity” of the information sought in these and other projects and the “proportionality” of the means used to obtain these data, the agency is not legally required to do so.

Finally, beyond legal amendments, the Commissioner’s report presents recommendations that are inspired by European practices aimed at ensuring the consent of individuals or even at circumventing this problem. They include “civic data sharing,” which is based on prior consent, “algorithm-to-the-data,” which means only anonymized results are transferred by the private enterprise to public authorities, and “privacy-preserving computation,” which also amounts to anonymizing information at the source. The first method resembles in all respects the position of the Harper government with regard to the long-form census. The other two would interfere with the type of data linkage that Statistics Canada envisioned.

Much has been made in recent years of the necessary independence of Statistics Canada from government. If the Office of the Commissioner’s report presents a less-than-sympathetic and somewhat authoritarian image of the agency, it is at least reassuring that Statistics Canada is accountable to a parliamentary committee, that it had to collaborate with the Office of the Commissioner to improve its practices and that a report was made public. The whole affair illustrates how big-data mining poses new challenges for official statistics when it comes to the trade-off between privacy rights and evidence-based policy-making.

Source: Big Brother, Big Data and Statistics Canada

Filed under Government Tagged with , , ,

Aeroplan member offended by survey asking provocative questions on immigration, male dominance | CBC News

2018/04/03 Leave a comment

What is more surprising in this story is that CROP, the pollster in questions, had such a blind spot with respect to these questions in a customer survey.

In a values or politics survey, these or more subtle variants are normal and uncontroversial but for a loyalty program that aims to attract as many possible members?:

Aeroplan is deleting all data collected from a recent online survey and offering an apology to anyone who found it offensive, after it sparked a complaint from one of its members.

The survey included controversial questions that asserted immigration was harmful, suggested males were superior and that traditional marriage was the only way to form a family.

Aeroplan’s owner, Aimia, hired a market research company to create the survey intended to help the company improve its loyalty program. However, Aimia says it failed to properly review the questionnaire before distributing it to members this month.

Some of the more than 80 questions probed members’ thoughts on shopping and brands. But others asked their level of agreement or disagreement on provocative statements such as:

  • Overall, there is too much immigration. It threatens the purity of the country.
  • Getting married and having children is the only real way of having a family.
  • The father of the family must be master in his own house.
  • Whatever people say, men have a certain natural superiority over women, and nothing can change this.

The contentious questions offended Lacey Willmott, who complained to Aeroplan after taking the survey last week.

“I was alarmed and extremely concerned,” said the PhD geography student at the University of Waterloo in Waterloo, Ont.

In an email, Aeroplan offered her 100 bonus miles to take a “shopping and life habits” survey. It said the results would only be used to help enhance the program.

So she was shocked when she encountered questions on hot-button topics such as gay marriage, government’s role in society and family values.

“I thought, ‘Wow, this is really problematic,'” said Willmott, who wondered what the questions had to do with Aeroplan’s rewards program.

She could opt to “totally disagree” to any statement she didn’t like. But that didn’t appease Willmott, who felt some of the questions had sexist or racist undertones, such as the one on whether immigration threatens the “purity” of Canada.

“I was horrified when I saw that,” she said. “That implants the idea in my mind that immigration could somehow affect the purity of the country.”

Where’s my data going?

She also worried about how the data collected for these sensitive topics would be used.

Her concerns were heightened due to the recent scandal involving Cambridge Analytica. The consulting firm was reported to have harvested Facebook data of 50 million Americans to develop ways to influence potential Trump supporters in the last U.S. election.

“Is this actually for Aeroplan, or is Aeroplan collecting this data for someone else?” said Willmott.

Turns out, all the data was collected solely for Aeroplan by Montreal-based market research firm, CROP.  The company says it was gauging the attitudes and values of Aeroplan members, so that the rewards program could better serve them.

Aeroplan members collect rewards they can redeem for travel and other products. (Aeroplan)
CROP’s president Alain Giguere says he asked some bold questions simply to help Aeroplan better understand its members’ points of view.

“Are we dealing with modern people or are we dealing with very traditional people?” he said. “The goal of it is really to understand all the sensitivities of your audience.”

Giguere says, like it or not, many Canadians have conservative views on some issues.

According to his own research, in August 2017, when Canada was experiencing an influx of asylum seekers, 45 per cent of the 6,000 Canadians CROP surveyed agreed with the statement: “Overall, there is too much immigration. It threatens the purity of the country.”

Giguere says he’s been asking these contentious questions in market research surveys for decades, and that people are free to oppose any statements they find offensive.

“You just have to disagree and we will know that you are a modern person,” he said. “This is a very scientific process.”

Wiping the data

Aeroplan’s owner, however, has a different viewpoint. Aimia pledged to delete the data collected and offered an apology after being contacted by CBC News about Willmott’s complaint.

The Toronto-based company said it should have taken a closer look at the questionnaire before distributing it.

“I was surprised by the questions myself,” said spokesperson Cheryl Kim in an email. “After looking into it, there are aspects of the survey that don’t meet the standards we hold ourselves to in terms of the kind of information we gather.”

The news was welcomed by Willmott, who contemplated cutting ties with Aeroplan if it didn’t take action.

“Hopefully, they are more careful with that in the future,” she said.

CROP isn’t happy with the outcome. Giguere says he still doesn’t understand what all the ruckus is about.

“I think it’s a big drama for nothing.”

via Aeroplan member offended by survey asking provocative questions on immigration, male dominance | CBC News

Filed under Multiculturalism Tagged with , , ,

C-24 – Ottawa gives itself new powers to share personal information

2014/07/15 Leave a comment

Funny, I don’t recall this being mentioned in any of the government communications material:

The powers are included in Bill C-24, an overhaul of citizenship law passed last month, though have drawn little attention. The changes amend the Citizenship Act to allow Stephen Harper’s cabinet to draft regulations “providing for the disclosure of information for the purposes of national security, the defence of Canada or the conduct of international affairs,” including under international deals struck by Citizenship and Immigration Minister Chris Alexander.

Cabinet will also now be permitted to allow the “disclosure of information to verify the citizenship status or identity of any person” to enforce any Canadian law “or law of another country.”

Ottawa contends the final regulations are still being developed and will comply with Canadian law. However, critics warn the changes could lead to Canada sharing citizenship and immigration details with foreign countries, whether verified or not, without oversight.

“This language gives them another legal basis for sharing information,” said immigration lawyer Lorne Waldman, who represented Maher Arar at a federal commission of inquiry a decade ago.

Mr. Waldman said the perils of unfettered information sharing are illustrated by that case. Mr. Arar, a Canadian of Syrian heritage, was jailed and tortured in his homeland, after RCMP wrongly flagged him as a terrorism suspect.

“Go back to Maher Arar,” said Mr. Waldman. “Sharing information is fine, but when you share information, make sure that the information sharing is accurate.”

But consistent with the Government’s approach to C-13 (cyber-bullying and surveillance).

Ottawa gives itself new powers to share personal information – The Globe and Mail.

Filed under C-24, Citizenship, Citizenship Act Tagged with , ,