Bill C-51 surveillance should compel firms to encrypt all communications

The passage in the House of Commons yesterday of Bill C-51, known as the Anti-Terrorism Act, will light a fire under law firms that have not already migrated their electronic communications to encrypted channels.

‘I think law firms need to take this question seriously and up their game,’ says David FraserThe law would give the Canadian Security Intelligence Service powers to go beyond its original mandate of information gathering, and allow for mass transfer of confidential data between government departments and law enforcement agencies.

Information-sharing provisions, combined with secret hearings that would enable judges to authorize Charter violations, have inspired nightmare scenarios where client confidentiality is violated under the umbrella of national security.

“There’s all kinds of mischief that can take place under the provisions,” says David Fraser, a technology and privacy lawyer at McInnes Cooper in Halifax.

“Could a judge theoretically override solicitor-client privilege in one of these scenarios? Yes. Would it take place in secret? Absolutely. Would the party be represented, and would it ever come to their attention? No, it wouldn’t. Is there any transparency or accountability? Absolutely not.”

Fraser maintains that, in practice, the integrity of the judges designated to hear these applications — all regular sitting justices at the Federal Court of Appeal — would stand as a bulwark against abuse, but a lack of transparency means the public could never be sure.

Indeed, there’s growing consensus that the bill is, on the face of it, unconstitutional and will have to be challenged.

“The unanimous consensus of everybody I have communicated with on this issue who knows anything about Canadian constitutional law,” says Fraser, “is that it is not constitutional — that that particular provision that would purport to authorize a judge to authorize activities that would violate somebody’s Charter rights are unconstitutional.

“No judge can authorize a violation of a Charter right, and I think even the concept is a complete non-starter. … C-51 is subordinate to the Charter.”

Despite such obvious flaws in the legislation, challenging Bill C-51 may not be easy, given that any perceived violations will be carried out in secret — leaving the court without a complainant.

“I think it’s going to have to be challenged, but I’m wondering how exactly that’s going to happen. The way that all of these things are going to happen, when anybody is going to try to obtain one of these orders, it will be in secret ex parte.

“Unless a judge says, ‘Yeah, hold on a minute, folks,’ and appoints an amicus, or if just on his own initiative he says, ‘Yeah, I have reason to believe that this is unconstitutional, and I want to hear your arguments on why this is constitutional’ — but it would be pretty hard to get a full debate without two parties.”

Fraser says there are precedents for judges relying on a public-interest mandate to hear constitutionality arguments that have been rendered moot, but until that happens, law firms would be well-advised to protect client communications with strong encryption technology.

“We are able to take advantage of the growing expertise and the growing number of organizations and consultants out there who do IT and information security work — and the legal area is one that is growing,” says Fraser.

“There have been for some time law firm technology consultants who sell and implement specialized software. I think we’re increasingly seeing that security is at the forefront of that discussion, and these service providers are stepping up in order to provide these sorts of solutions to law firms.”

At McInnes Cooper, for example, the firm has encrypted all laptops and mobile devices. E-mail servers, meanwhile, have switched to STARTTLS protocol, so they can only transfer information to e-mail servers that agree to encrypted traffic.

Firms using cloud-based systems, meanwhile, should look for service providers that can guarantee “zero-knowledge security” — meaning the service provider itself is incapable of decrypting the data it holds in its servers, regardless of warrants that may be issued.

“I think law firms need to take this question seriously and up their game.”

Recent articles & video

First Nation's land entitlement claim statute-barred, but SCC finds treaty breach by Crown

Five firms dominating M&A activity in Canada in recent years

Ontario Superior Court upholds jurisdiction in class action suit against crypto platform Coinbase

BC Supreme Court dismisses shopping mall slip and fall case due to inexcusable delay

Saskatchewan Court of Appeal halts arbitration in pension plan dispute

Ontario Superior Court asserts jurisdiction in child custody dispute

Most Read Articles

ESG-related legal risk is on the rise, says KPMG's Conor Chell

Roundup of law firm hires, promotions, departures: April 8 2024 update

Why this documentarian profiled elder rights advocate Melissa Miller in Hot Docs film Stolen Time

US law firm Weil, Gotshal & Manges to end mainland China operation