By Meghan McDermott, Staff Counsel (Policy), BC Civil Liberties Association
Today, the BCCLA is re-launching an online guide about privacy rights related to electronic devices – such as laptops, cellphones, and tablets – at the border. It’s aimed at people crossing the border into Canada or departing for the U.S. through preclearance areas in Canada. The guide comes in both a short and a long version and outlines the current law and policy related to device searches, best practices for travellers to protect their privacy, and what to do if you’ve had your device searched at the border.
The Charter of Rights and Freedoms applies at the border, but the courts have found that the government’s interest in keeping dangerous goods and undesirable people out of the country gives the Canadian Border Services Agency (CBSA) more power to search people and their possessions than police have in other settings.
The CBSA’s broad powers to search people and goods extends to the content on digital devices, such as your files, photos, and videos. These files are “goods” under the Customs Act, and border officers can search goods coming into Canada without a warrant – even if they have no reason to suspect that the goods are or contain contraband. Non-citizens seeking to enter Canada, including asylum seekers, may be subject to searches to verify identity and/or admissibility.
CBSA officers conduct initial searches of the contents of a device by browsing images, videos, and files. This is meant to be a cursory look to determine that they do not contain contraband – such as child pornography or hate literature – or evidence of a crime. Initial searches can be random or targeted. Information found during an initial search may be used to justify a more detailed examination, which may include copying the contents of the device.
CBSA officers can only look at content that is already on your device. They should put the device in airplane mode and only look at local content (this includes emails and text messages that are marked “read”). If the CBSA wants to search information only accessible with internet access (such as data in the cloud), they need a warrant from a judge.
If you are asked and you choose not to disclose your password, you risk increasing the CBSA’s suspicion about the contents of your device, denial of entry if you are not a Canadian citizen or permanent resident, detention or seizure of the device for more detailed inspection by forensic specialists (which could take months), or arrest.
Here are some tips on how to protect your privacy at the Canadian border and in US preclearance zones:
Leave your devices at home
Make a backup of your data before you cross the border and leave it home. This will be important if your device is detained or seized, but it also gives you the option of deleting unnecessary data from your device before you cross.
Securely delete data you do not need to travel with.
Require a password to log on or access your device.
Create a strong password, for example by using several random words if possible.
Turn off your computer before crossing the border, because security experts have ways of accessing your computer’s memory if it is on. This also ensures your device is locked if it is turned on for a search.
Use two-factor authentication, in the event that the border officer seizes one device but not the other.
Use Full-Disk Encryption and require a strong passphrase to access it.
If you do not opt to use Full-Disk Encryption, you can encrypt specific critical documents or files.
Today is Safer Internet Day (SID). We wanted to showcase an online tool that can provide practical advice for safer internet use — for everyone.
Security Planner provides recommendations on implementing basic online practices, such as: enabling two-factor authentication on important accounts, making sure software stays updated with the latest bug fixes, and using encrypted chats to protect private communications.
This is a project of the Citizen Lab, an interdisciplinary group based at the Munk School of Global Affairs at the University of Toronto. Security Planner recommendations are made by a committee of experts in digital security and have gone through a rigorous peer review evaluation of experts from universities, nonprofits, and the private sector.
The people at Citizen Lab realize that “we now count on digital tools to keep our information safe and a growing slice of our private life…private. There are big questions about whether the devices and services we use respect our privacy and if they adequately safeguard our information. Has a good balance been struck? Many of us are not sure. It is easy to feel overwhelmed by the challenge of how to be safer online.”
We went inside the Security Planner tool in order to show you what to expect. Take a look:
The main page gives you a clear call to action to start.
This month, we feature BC Freedom of Information and Privacy Association (FIPA), a Clicklaw contributor.
FIPA is a non-partisan, non-profit society established to promote and defend freedom of information (FOI) and privacy rights in Canada. They strive to empower citizens by increasing their access to information and their control over their own personal information. FIPA was the major force in getting BC’s Freedom of Information and Protection of Privacy Act passed.
Tuesday, July 11 @ 12:30pm: FOI 101 Online Webinar with Courthouse Libraries BC. Open to anyone interested in learning the basics of filing FOI requests and learning to navigate some common challenges that can arise as requests are processed. Stay tuned for more information! You can also subscribe here to stay updated on all Courthouse Libraries BC webinars.
Hi Vince, thanks for answering our questions. Can you explain what FIPA does?
A lot of what we do is helping people navigate a system that is completely alien to them, usually to get them information or documents they need to take care of other problems they may be having. We also do some education, but keeping in mind most people we help are focused on other issues–FOI is a means to an end.
Who does FIPA help?
We work to serve all of BC and even more so this year by providing our FOI 101 workshop through an online webinar with Courthouse Libraries BC, so that we can better reach the entire province. This interactive webinar will provide newcomers to FOI with practical skills to prepare and submit information requests that get results, and to navigate some common challenges that can arise as requests are processed. We are also actively engaged in national issues as well.
What are you working on now?
We’re always working on exciting privacy and FOI reforms at both the provincial and federal levels, but with a new provincial government apparently ready to take office, we’re gearing up to really push for these reforms that have been largely ignored.
This year, we’ve also been doing work based on our 2015 The Connected Car: Who is in the Driver’s Seat? Report for the federal Privacy Commissioner. We have just appeared at a Senate Transportation committee hearing into autonomous and connected vehicles, and we hope to do an update on the report later this year. This exciting research will examine the current state of privacy protections in the Canadian car industry.
What’s something you’d like to clear up about FIPA?
A lot of people think we hold personal records in our office, or that we are a government body to whom they send their requests–but we don’t, and we aren’t!
What are you most excited about for FIPA?
We have the opportunity to deal with a very fast-changing field, especially working to ensure that new technological advances are also protective of our information and privacy rights.
Conversely, is there anything you are worried about?
I’m worried that we are being sold a bill of goods, trading our rights to information and privacy for convenience and/or claimed protection from danger.
Last question: if you could wave a magic wand and make one wish come true, what would it be, and why?
I’d wish that even a small percentage of the money and time being spent on developing new technologies and products was spent on ensuring that those technologies and products protect our information and privacy rights. It’s not impossible to protect privacy in the new information age, but there is a reluctance to devote the resources to make it happen.
// FIPA expertise brought to Common Questions
Thanks to FIPA, we also have a slew of new Common Questions on FOI, records, and privacy. Check them out by scrolling down on the Clicklaw home page:
by Laura Track Community Development Lawyer This guest post has been cross-posted from the BCCLA news feed.
Like many of you, I’ve been thinking a lot lately about my rights at the border. In light of reports that numerousCanadians have been refused entry to the United States for unclear or troubling reasons recently, not to mention the possibility that US officials could start demanding social media passwords from would-be travellers, I’m worried about delays, refusal, and protecting my privacy. And as a white woman born in Canada with an Anglophone last name, I probably have a lot less to worry about than many others.
Your rights at the border have been extensivelycanvassed in a widerange of mediaarticles recently. We hope it’s useful to have this information available all in one place, but remember that the law can change and things are happening quickly, so don’t rely on this information for advice about your own specific situation.
There are also some tips for protecting your privacy at the bottom of the post.
The first thing to remember if you’re a Canadian travelling to the United States is that you do not have a free-standing right to enter the US. Many Canadians have been crossing the Canada-US border regularly and without incident for years, but it’s important to remember that US officials have no obligation to let you into the country and can deny you entry for all sorts of reasons that may seem arbitrary and unfair. And while it seems like we’re hearing about many more examples of troubling actions by US border officials right now, there have been many instances of unfairness over the years. Canadians have been refused entry to the US because of a history of depression and mental illness. The US didn’t lift its ban on ban on entry into the US by people with HIV until 2009.
The US Immigration and Nationality Act states that except in cases specified by Congress,
…no person shall receive any preference or priority or be discriminated against in the issuance of an immigrant visa because of the person’s race, sex, nationality, place of birth, or place of residence.
A spokesperson for US Customs and Border Protection (CBP) has stated that “CBP does not discriminate on the entry of foreign nationals to the United States based on religion, race, ethnicity or sexual orientation.” But despite these assurances, it may be difficult for some people to feel confident that their right to non-discriminatory treatment will be respected when we hear stories like that of the Muslim woman turned back after she was questioned about her religion, or the man denied entry after border guards read his profile on a gay hookup app.
The fact that information about both of these travellers was discovered on their cell phones raises another pressing question:
In a word: yes. And they can ask for your device’s password, too. You don’t have to give it, but it’s unlikely you’ll be allowed into the country if you don’t. The officer could even tell you that you’re banned from ever entering the United States, but there’s no legal basis for banning you for refusing to give a password, and lawyers say that such a ban could be challenged in court.
Of course, going to court is an arduous, expensive and time-consuming undertaking, one made all the more difficult by the fact that you’d have to sue in the US. You can seek the intervention of a supervisor while you’re being questioned and lodge a complaint with US Customs and Border Protection when you get home, but it may not make much difference. You can also report your experience to a local affiliate of the ACLU.
What about Canadian border guards? Do I have more rights as a Canadian when I’m coming back into Canada?
The right of every citizen of Canada to enter, remain in and leave Canada is protected by section 6 of the Canadian Charter of Rights and Freedoms. But your other Charter rights are significantly curtailed at the border, including your right to be free from unreasonable search and seizure and your usual protections against arbitrary detention and compelled self-incrimination.
Section 99 of the Customs Act gives Canada Border Service Agency (CBSA) officers the power to “examine any goods that have been imported and open or cause to be opened any package or container of imported goods” – basically, to search your stuff. “Goods” are defined to include “any document in any form.” Section 11 requires entrants to Canada to “answer truthfully any questions asked by the officer in the performance of his or her duties”, and section 153 forbids making “false or deceptive” statements to customs officers or acting to “hinder or prevent” officers in performing their duties.
These laws were created at a time when people crossed the border with a suitcase and maybe a briefcase, not with digital devices containing deeply personal information including photos, text messages, emails and search histories. However, despite the Supreme Court of Canada’s clear acknowledgment in a recent digital privacy rights case that “it is unrealistic to equate a cell phone with a briefcase or document found in someone’s possession”, the CBSA interprets its power to search “goods” as including a power to search cell phones and laptops, and warrantless, suspicionless searches of digital devices are a matter of routine.
Unlike the US, which has published a detailed Privacy Impact Assessment on border searches of electronic devices, Canadian policies are much more difficult to find, making it harder for Canadians to understand and assert their rights. Interim guidelines obtained through an Access to Information Request and provided to the BCCLA offer a glimpse into CBSA’s policy. Officers can request passwords, though not for information stored “remotely or online.” If a traveller refuses, the device could be seized and held for a forensic examination. Nothing in the law or guidelines prevents CBSA from then copying the entire contents of the device.
The guidelines also state that until further instructions are issued, CBSA officers shall not arrest a traveller solely for refusing to provide a password. In response to questions from media, Scott Bardsley, press secretary for the minister of public safety, recently confirmed that the guidelines are still in place. The BCCLA has not independently confirmed that the guidelines are still operative and, in any event, they are only guidelines and should not be relied on as a definitive statement of the law.
As we detailed in a previous blog post, in 2015 (prior to the enactment of the guidelines) a Montreal man was charged with hindering or preventing an officer from performing their duties under the Customs Act after refusing to give up the password to his Blackberry when a CBSA officer demanded it. Mr. Philippon ultimately abandoned a constitutional challenge to his arrest and pled guilty to the charge. Until another case comes along, we simply do not know whether the CBSA’s powers include compelling people to provide passwords (though we certainly know that CBSA acts as if they have this power), or whether it is constitutional to arrest someone for refusing (though we know that people have been arrested in these circumstances).
The safest thing you can do is to leave your device at home when you cross the border. That may not feel very realistic or practical, but if your whole life is on your device, that’s all the more reason to leave it behind. If it’s seized, you could be without it for a very long time.
If you must travel with your digital device, here are some things to consider:
Make a full backup. A recent backup will ensure you have access to your data if your device is detained.
Turn off your device when you’re crossing the border, disable fingerprint unlocking and require a strong password to log on. This will prevent a CBSA officer, or anyone else who wants access to your data, from simply turning on your device and browsing through its contents.
Wipe your device of any files you want to ensure remain private. If you’ve stored your backup online (see point 1), you can even download your data back onto your device once you reach your destination.
Encrypt important documents and files, or consider full disc encryption. Encryption essentially scrambles the contents of your electronic device. The data is unlocked by a passphrase. More and more laptops and handheld devices are coming with disc encryption software built in.
Separate privileged or confidential documents from other files. Privileged information is given the most protection, and in theory should not be viewed by border officers at all other than to verify that it is what you claim it to be. This certainly includes lawyers’ files, and can sometimes include doctors’ and psychologists’ records. Journalists have a limited privilege over their sources. If you have privileged information on a device that a border guard wants to search, be sure to alert them to its presence. This is much easier to do if the privileged materials aren’t mixed in with unprivileged materials.
Some people may worry that crossing the border with a wiped phone or encrypted files may look “fishy” and could expose them to heightened suspicion and scrutiny. We can certainly understand these concerns and encourage everyone to use their best judgment given their own circumstances, vulnerabilities and needs.
The more that we assert our privacy rights and take active steps to preserve and defend them, the more we help normalize these privacy-protective measures and the less “fishy-seeming” they will become.
The report outlines how data culled from vehicle telematics and infotainment systems can be used for safety, monitoring, customer relationship management etc. Yet some data harvested from cars can also be used to track and profile customers for marketing and other purposes.
This 2016 edition is an introductory guide to help you with planning, implementing, and developing a small business. It provides essential information you need to know as well as links to additional resources to help ensure that your new business is successful.
Have you received a decision from the BC government or a tribunal (decision maker) that you think is seriously flawed or unfair? After you have gone through all your appeal options within the system, you may be able to ask a judge to review the decision.
CLAS has a guide for people who are representing themselves in a judicial review. We have now updated and modified this guide into a web-based form where users can navigate through the judicial review process for their selected tribunal. This website gives an overview of options that people have, step-by-step information about filing court documents, and templates that people can use when self-representing in Court. The website also allows people to get in touch with CLAS lawyers to ask for information and advice about their situation.
Emily’s Choice uses storytelling and images to describe child protection. Co-produced with the Healthy Aboriginal Network, the video and graphic novel tell the story of Emily, who struggles with addiction and an unhealthy relationship. She loves her son, Greg, but can’t always take care of him. When he goes into foster care, she gets legal help and family support to get him back.
The webpage provides links to the video, trailer, online version of the graphic novel, ordering information, who can help, and promotional material.
The Factum is a Legal Services Society blog about the law in British Columbia and how people can navigate the legal system. While it talks a bit about all aspects of the law, it focuses mainly on how the legal system affects people who can’t afford a lawyer.
This webinar focused on the recent changes to the strata dispute process brought about in the Civil Resolution Tribunal Amendment Act and served as an introduction to the CRT’s resolution services (including guides, videos and sample document templates) and their Solution Explorer software tool.