Bill C-51 surveillance should compel firms to encrypt all communications

The passage in the House of Commons yesterday of Bill C-51, known as the Anti-Terrorism Act, will light a fire under law firms that have not already migrated their electronic communications to encrypted channels.

‘I think law firms need to take this question seriously and up their game,’ says David FraserThe law would give the Canadian Security Intelligence Service powers to go beyond its original mandate of information gathering, and allow for mass transfer of confidential data between government departments and law enforcement agencies.

Information-sharing provisions, combined with secret hearings that would enable judges to authorize Charter violations, have inspired nightmare scenarios where client confidentiality is violated under the umbrella of national security.

“There’s all kinds of mischief that can take place under the provisions,” says David Fraser, a technology and privacy lawyer at McInnes Cooper in Halifax.

“Could a judge theoretically override solicitor-client privilege in one of these scenarios? Yes. Would it take place in secret? Absolutely. Would the party be represented, and would it ever come to their attention? No, it wouldn’t. Is there any transparency or accountability? Absolutely not.”

Fraser maintains that, in practice, the integrity of the judges designated to hear these applications — all regular sitting justices at the Federal Court of Appeal — would stand as a bulwark against abuse, but a lack of transparency means the public could never be sure.

Indeed, there’s growing consensus that the bill is, on the face of it, unconstitutional and will have to be challenged.

“The unanimous consensus of everybody I have communicated with on this issue who knows anything about Canadian constitutional law,” says Fraser, “is that it is not constitutional — that that particular provision that would purport to authorize a judge to authorize activities that would violate somebody’s Charter rights are unconstitutional.

“No judge can authorize a violation of a Charter right, and I think even the concept is a complete non-starter. … C-51 is subordinate to the Charter.”

Despite such obvious flaws in the legislation, challenging Bill C-51 may not be easy, given that any perceived violations will be carried out in secret — leaving the court without a complainant.

“I think it’s going to have to be challenged, but I’m wondering how exactly that’s going to happen. The way that all of these things are going to happen, when anybody is going to try to obtain one of these orders, it will be in secret ex parte.

“Unless a judge says, ‘Yeah, hold on a minute, folks,’ and appoints an amicus, or if just on his own initiative he says, ‘Yeah, I have reason to believe that this is unconstitutional, and I want to hear your arguments on why this is constitutional’ — but it would be pretty hard to get a full debate without two parties.”

Fraser says there are precedents for judges relying on a public-interest mandate to hear constitutionality arguments that have been rendered moot, but until that happens, law firms would be well-advised to protect client communications with strong encryption technology.

“We are able to take advantage of the growing expertise and the growing number of organizations and consultants out there who do IT and information security work — and the legal area is one that is growing,” says Fraser.

“There have been for some time law firm technology consultants who sell and implement specialized software. I think we’re increasingly seeing that security is at the forefront of that discussion, and these service providers are stepping up in order to provide these sorts of solutions to law firms.”

At McInnes Cooper, for example, the firm has encrypted all laptops and mobile devices. E-mail servers, meanwhile, have switched to STARTTLS protocol, so they can only transfer information to e-mail servers that agree to encrypted traffic.

Firms using cloud-based systems, meanwhile, should look for service providers that can guarantee “zero-knowledge security” — meaning the service provider itself is incapable of decrypting the data it holds in its servers, regardless of warrants that may be issued.

“I think law firms need to take this question seriously and up their game.”

Recent articles & video

Howie Sacks & Henry committed to continued expansion as it sets its sights on the future

State can be liable for damages for passing unconstitutional laws that infringe Charter rights: SCC

Manitoba court dismisses medical malpractice claim due to 'inordinate and inexcusable delay'

Last chance to take part in the 2024 Readers' Choice

BC Supreme Court awards damages for car crash but dismisses loss of earning capacity claims

BC Supreme Court grants limited spousal support due to economic hardship in 21-year marriage

Most Read Articles

Support orders not automatically spent if ‘child of marriage’ hits age of majority: BC appeal court

US federal judge upholds law suspending 97-year-old appeals judge

BC Supreme Court partially varies will to ensure fair estate distribution

Ontario Superior Court approves settlement in mortgage renewal class action