The Liberals know where you are. So do the Conservatives and the NDP. Most people do not realize the amount of information that political parties have about the public. They know where you have lived, where you went to school, when you graduated, and who you have dated. Anything and everything you have put on Facebook or any other social media platform is floating around in party databases somewhere, being used by party operatives to micro-target and guide their interactions with you. In Canada, political parties can pretty much collect as much data as they want about you, and you do not have the right to know what it is, where they collected it from, how they are using it, and what they are doing to protect it.
Background: Politicians decide if the laws apply to them
The idea of data security and surveillance has been at the heart of political debate in Canada and the House of Commons for the past number of years. In 2019 for example, the Liberal government introduced the “Digital Charter” which was meant to guide principles of digital life in Canada. Amongst the guiding principles of the Charter was the idea that Canadians would have to provide consent for the collection and use of their data. However, self-interest appears to have shaped the application of this charter, as political parties are not mentioned and are thus exempt from these principles.
The parties have argued that the collection of data is necessary for the success of democracy and allows them to have more meaningful connections with the public. Using this data, they are able to better understand citizens and their concerns. However, the depth of the information they collect is often hidden from the public, and even from oversight bodies. For example, in a Federal Committee hearing on the issue, the political parties mentioned the collection of names, addresses, and phone number as being at the core of their data collection. But when the parties are pressed, more concerning information comes out. In the Committee hearing, the Speaker for the conservative party admitted to also collecting dates of birth and credit card information. Likewise, hidden on the Liberal webpage under Privacy, the Liberals admit to logging and tracking IP addresses. This allows the Liberals to see all other webpages that visitors go to and is a sizeable data contribution to their databanks.
Why should we care?
All of the political parties have attempted to address some concerns about possible data access by making their apps multilevel. This allows them to limit the information certain users, such as volunteers can access. This in theory means that staff, volunteers and officials only have access to relevant information for their specific role within the party. However, this is all based on the idea that training their users and their personal policies surrounding data collection and usage are upheld by party officials. If a volunteer or constituency worker chose to go into the database and misuse the information, there is little to prevent them from doing so. This was supported by the Privacy Commissioner who held that all the major parties failed to appropriately explain how they protected their databases from misuse.
There are more threats than just misuse though. All of the major political parties have been incredibly vague about how the data is stored and protected from possible hacks, security breaches and espionage. The Liberals have disclosed that they do use a cloud-based server for their emails, but have not disclosed with which provider or if any special security measures such as double encryption have been employed. The NDP also use a cloud-based server, trying to depart from holding hard copy and electrical data themselves. However, they continue to remain quite vague when discussing further security protocols. Beyond the storage of data and the use of IT teams to test security and limit access, very little detail has been disclosed about concrete efforts to secure Canadians’ sensitive data. It should also be noted that as the existing legislation does not apply to political parties, they do not need to disclose data breaches and their magnitude. This means that your credit, personal, and political information might have been stolen and you would not even know about it.
The governments’ Digital Charter specifically indicates that Canadians should know what organizations know about them, and that they should have control over the data. However, when examining the political parties’ privacy policies, it is evident that this is not the case. For example, the Conservative, the Liberals and the NDP privacy policies ignore the idea of limiting or erasing the data the parties have collected on you, only allowing Canadians to update their information. Moreover, the parties refuse to tell the public how long they plan to keep the collected data, likely because they have no plan to destroy it.
What should be done?
Currently, pressure has been building for the government to expand existing legislation around cyber security. The current Privacy Commissioner has strongly recommended the application of existing laws to political parties, and that explicit laws be created to regulate the usage of data by political parties. He has also criticized the government for failing to apply these recommendations. The Centre for Digital Rights (CDR) has also filed five complaints in different jurisdictions questioning the legality of these actions. However, in order for any real change to finally take place, Canadians need to understand what is happening and tell politicians they do not have the right to special rules or exemptions. These policies are putting Canadians at risk – it is up to Canadians to let them know that this is unacceptable.
Photo: Big Data Analytics Service Provider, Fragma Data via flickr
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.