journalism that swims
against the current.
Rights + Justice

Latest Privacy Revelations Show It's Up to Canadians to Protect Themselves

The most important self-help step? Get into encryption.

Michael Geist 26 May

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at or online at

Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents. Last week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.

In the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users' identity, communication activities, and location data -- all accessible to telecom companies, network providers, and surveillance agencies.

Yet coming on the heels of global revelations of surveillance of network exchange points and internet giants along with Canadian disclosures of daily mass surveillance of millions of internet downloads and airport wireless networks, nothing surprises anymore. Instead, there is a resigned belief that privacy on the network has been lost to surveillance agencies who use every measure at their disposal to monitor or gather virtually all communications.

While the surveillance stories become blurred over time, there is an important distinction with the latest reports. The public has long been told that sacrificing some privacy may be part of a necessary trade-off to provide effective security. However, by failing to safeguard the security of more than 500 million mobile users, the Five Eyes surveillance agencies -- Canada, the U.S., U.K., Australia, and New Zealand -- have sent the message that the public must perversely sacrifice their personal security as well.

Agencies charged with identifying potential security threats believe protecting individual security is not part of their mandate. According to Christian Leuprecht, a Royal Military College professor, "the fact that certain channels and devices are vulnerable is not ultimately the problem of signals intelligence."

In other words, you're on your own.

Some self-help steps

With internet providers such as Bell refusing to issue transparency reports about when they disclose subscriber information, and major telecom equipment companies such as Samsung the target of surveillance agencies (the revelations also disclosed that the agencies explored hacking into Samsung and Google app stores), the corporate community is at best powerless and at worst complicit in the surveillance activities.

Meanwhile, government agencies have abdicated responsibility for safeguarding user security and the government itself has steadfastly opposed any improved oversight of Canadian surveillance agencies, leaving Canada with one of the weakest oversight regimes in the developed world.

What to do in the face of a wide array of surveillance initiatives in which almost anything is viewed as fair game?

The most important self-help step for Canadians is to make encryption a standard part of their communications practices. Encryption is not perfect, but it creates a significant barrier against mass surveillance. The result provides privacy and security for users, while forcing agencies to consider whether to deploy additional tools to crack the communications. In other words, mundane messages are protected, while those associated with a reasonable suspicion of a threat may still be targeted.

Individual encryption is a good start, but more is needed. Many websites and web-based email services still do not offer encryption and therefore leave their users vulnerable to snooping agencies. Pressuring the internet giants to adopt encryption -- or at least offer the option of encryption -- is a necessity.

Furthermore, political and policy solutions cannot be abandoned. Bill C-51 generated significant public concern, though most of the focus was on new surveillance agency powers. Even without the changes, there remains a clear need for better oversight and rules based on the principle that Canadians cannot possibly feel secure if their own government views security vulnerabilities as creating an opportunity to exploit rather than an obligation to safeguard.  [Tyee]

Read more: Rights + Justice, Politics

  • Share:

Facts matter. Get The Tyee's in-depth journalism delivered to your inbox for free

Tyee Commenting Guidelines

Comments that violate guidelines risk being deleted, and violations may result in a temporary or permanent user ban. Maintain the spirit of good conversation to stay in the discussion.
*Please note The Tyee is not a forum for spreading misinformation about COVID-19, denying its existence or minimizing its risk to public health.


  • Be thoughtful about how your words may affect the communities you are addressing. Language matters
  • Challenge arguments, not commenters
  • Flag trolls and guideline violations
  • Treat all with respect and curiosity, learn from differences of opinion
  • Verify facts, debunk rumours, point out logical fallacies
  • Add context and background
  • Note typos and reporting blind spots
  • Stay on topic

Do not:

  • Use sexist, classist, racist, homophobic or transphobic language
  • Ridicule, misgender, bully, threaten, name call, troll or wish harm on others
  • Personally attack authors or contributors
  • Spread misinformation or perpetuate conspiracies
  • Libel, defame or publish falsehoods
  • Attempt to guess other commenters’ real-life identities
  • Post links without providing context


The Barometer

Do You Think Canada Should Cut Ties with the Monarchy?

Take this week's poll