Bill C-51 surveillance should compel firms to encrypt all communications

The passage in the House of Commons yesterday of Bill C-51, known as the Anti-Terrorism Act, will light a fire under law firms that have not already migrated their electronic communications to encrypted channels.

‘I think law firms need to take this question seriously and up their game,’ says David FraserThe law would give the Canadian Security Intelligence Service powers to go beyond its original mandate of information gathering, and allow for mass transfer of confidential data between government departments and law enforcement agencies.

Information-sharing provisions, combined with secret hearings that would enable judges to authorize Charter violations, have inspired nightmare scenarios where client confidentiality is violated under the umbrella of national security.

“There’s all kinds of mischief that can take place under the provisions,” says David Fraser, a technology and privacy lawyer at McInnes Cooper in Halifax.

“Could a judge theoretically override solicitor-client privilege in one of these scenarios? Yes. Would it take place in secret? Absolutely. Would the party be represented, and would it ever come to their attention? No, it wouldn’t. Is there any transparency or accountability? Absolutely not.”

Fraser maintains that, in practice, the integrity of the judges designated to hear these applications — all regular sitting justices at the Federal Court of Appeal — would stand as a bulwark against abuse, but a lack of transparency means the public could never be sure.

Indeed, there’s growing consensus that the bill is, on the face of it, unconstitutional and will have to be challenged.

“The unanimous consensus of everybody I have communicated with on this issue who knows anything about Canadian constitutional law,” says Fraser, “is that it is not constitutional — that that particular provision that would purport to authorize a judge to authorize activities that would violate somebody’s Charter rights are unconstitutional.

“No judge can authorize a violation of a Charter right, and I think even the concept is a complete non-starter. … C-51 is subordinate to the Charter.”

Despite such obvious flaws in the legislation, challenging Bill C-51 may not be easy, given that any perceived violations will be carried out in secret — leaving the court without a complainant.

“I think it’s going to have to be challenged, but I’m wondering how exactly that’s going to happen. The way that all of these things are going to happen, when anybody is going to try to obtain one of these orders, it will be in secret ex parte.

“Unless a judge says, ‘Yeah, hold on a minute, folks,’ and appoints an amicus, or if just on his own initiative he says, ‘Yeah, I have reason to believe that this is unconstitutional, and I want to hear your arguments on why this is constitutional’ — but it would be pretty hard to get a full debate without two parties.”

Fraser says there are precedents for judges relying on a public-interest mandate to hear constitutionality arguments that have been rendered moot, but until that happens, law firms would be well-advised to protect client communications with strong encryption technology.

“We are able to take advantage of the growing expertise and the growing number of organizations and consultants out there who do IT and information security work — and the legal area is one that is growing,” says Fraser.

“There have been for some time law firm technology consultants who sell and implement specialized software. I think we’re increasingly seeing that security is at the forefront of that discussion, and these service providers are stepping up in order to provide these sorts of solutions to law firms.”

At McInnes Cooper, for example, the firm has encrypted all laptops and mobile devices. E-mail servers, meanwhile, have switched to STARTTLS protocol, so they can only transfer information to e-mail servers that agree to encrypted traffic.

Firms using cloud-based systems, meanwhile, should look for service providers that can guarantee “zero-knowledge security” — meaning the service provider itself is incapable of decrypting the data it holds in its servers, regardless of warrants that may be issued.

“I think law firms need to take this question seriously and up their game.”

Free newsletter

The Canadian Legal Newswire is a FREE weekly newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered every two weeks, providing targeted news and information of interest to in-house counsel.

Please complete the form below to receive the weekly Canadian Legal Newswire and/or the Canadian Inhouse Legal Newswire.

Recent articles & video

PwC powers-up legal services with AI platform

Law careers may start on Instagram…

Top Intellectual Property and Labour and Employment Boutiques survey closes on Friday

Differentiating common law from marriage in family law

Insights on Quebec’s plan to restrict the sale of cannabis edibles

Make legal aid an election issue

Most Read Articles

Millennial lawyers look for the value proposition

True North and Rebel News seek judicial review on press accreditation denial for debates

EY Law overtakes PwC in global alternative legal services rankings

Differentiating common law from marriage in family law