2011 Legislative Session: Fourth Session, 39th Parliament
________________________________________

This is a DRAFT TRANSCRIPT ONLY of debate in one sitting of the Legislative Assembly of British Columbia. This transcript is subject to corrections, and will be replaced by the final, official Hansard report. Use of this transcript, other than in the legislative precinct, is not protected by parliamentary privilege, and public attribution of any of the debate as transcribed here could entail legal liability.
________________________________________

DEBATES OF THE LEGISLATIVE ASSEMBLY
(HANSARD)
________________________________________
HOUSE BLUES

MONDAY, OCTOBER 17, 2011

Afternoon Sitting
Second Reading of Bills

BILL 3 — FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY
AMENDMENT ACT, 2011
(continued)

G. Gentner: I stand up to talk about my objectives to Bill 3, the amendments to the Freedom of Information and Protection of Privacy Act, following the Chair of the select standing committee, FOIPPA, the hon. member for Parksville-Qualicum. It was quite an intense time we spent

HSE - 20111017 PM 051/AMM/1740

Information and Protection of Privacy Act, following the chair of the select standing committee, FOIPPA, the hon. member for Parksville-Qualicum. It was quite an intense time we spent together as a group, hearing different delegations.

The member talks about a new era, and I think with this bill we could be seeing a quite frightful era. As Paul Fraser stated in his submission to the, I suppose, non-partisan select committee reviewing the Freedom of Information and Protection of Privacy Act: "Our view is that there is no need to add or amend any of the privacy rules in FIPPA and that they are already sufficiently broad and flexible enough to accommodate integrated service delivery." So why are we having an amendment act? The technology is changing, but the basic principles of privacy remain. Anyway, as I've been reading this, I think, you know, it should be called, maybe, potentially, the privacy act — or the piracy act before that of the privacy act.

Now, I sat on the FOIPPA review committee, and I am shocked, shocked, that the government members over there are sitting on their collective hands. They say they are standing up for freedoms and their liberties and the rights of the individual, but you know what? The examples we're seeing amongst ourselves on both sides of the House are quite dubious, in my estimation. Let me explain. Maybe this might stir some things up, and maybe, maybe, somebody should take note.

What if I knocked on a constituent's door, who was, according to the membership list I had in my hand — showed that she was a member of the B.C. Liberal Party and also a member of the B.C. NDP? Let's say — let me say — hypothetically. What if she persistently denied it, swore up and down that she never joined any political party, Liberal or NDP, and was befuddled that she was on any membership list — not that this would ever happen — never signed any application form — none, nada — and by the tone of her voice and of her reaction, it was very clear that she was quite genuine, that she had not signed a membership in any political party.

Could you imagine? That's identity theft. Could it be — and I say this rhetorically, of course — that if I knocked on someone's door with — I, the member for Delta North, could knock on the door with a B.C. Liberal membership list in my hand…? Could that possibly happen? Talk about getting it into the wrong hands. After all, we know what happens. We know it happened in the leadership contest. We had cats voting for a B.C. Liberal candidate, and maybe…. I wish there could have been more cats that could vote. Maybe we'd have a different result.

But the point I'm trying to make is that it was taken sort of as a joke. Well, I don't think it is a joke, how we mess around with party memberships, how we run around with our affairs. You know why? Because that is a testament of how political parties may judge themselves, in the zealousness to create and sign members up. Not protecting the rights of individuals. I don't think it's a laughing matter to run around and say you are signing up a cat. It's identity theft.

You know, how we conduct our party…. I know there are lots of jokes on the other side, but how we look at ourselves and conduct ourselves as a political party reflects on how we'll govern ourselves as a government. Now, this is all hypothetical, of course, because in our political process it's such that we shouldn't be trading memberships as though they're some kind of baseball card. How can we instill that sense of privacy in government?

You know, we talked about some of this stuff, and we're not here to change the Elections Act. Now, I knocked on a constituent's door, and he asked me how it could have been that he received a political newspaper from a political party that identified him as a member of that political party. This actually happened. Well, he claims he never joined that party. He never signed.

[1745]

His rights were violated. He believes his identity has been seen as something that it really isn't. He feels he's on a list, and he knew not what to do about it.

I mean, politics…. Success is built on lists, and you know what? With e-government and the way we're going,

HSE - 20111017 PM 052/IAW/1745

He feels he's on a list, and he knew not what to do about it. I mean, in politics, success is built on lists. and you know what? With e-government and the way we're going, who knows how those lists will be traded?

Now, we talk about misidentification, misrepresentation, through the social media. we just had a case this weekend. I'm sure you are well aware. Last week Mr. Garnet Ford on Facebook — he's identified — claiming that he was the one involved in stabbing someone by the name of Jamie Kehoe. His picture went viral, and his name went viral, and his privacy and identity were misappropriated. Consequently, he lost his job — his job.

The power of social media and now the weakening of privacy through a bill that I believe encourages unchecked data-sharing and data-linking amongst all public bodies.

Now, I went back this weekend, and I decided to do something I really haven't done for a long time. I went to my library and picked up the old…. I reread George Orwell's 1984. I know you're going to be cynical on that, but it really…. You know, it was quite an interesting read, to go back to what I hadn't read — oh, I guess, 30 or 35 years ago — and the truism that was coming out back then that's applicable here today.

I want to read something here from Orwell:

"It was terribly dangerous to let our thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself, anything that carried with it the suggestion of abnormality or having something to hide. In any case, to war an improper expression on your face…was itself a punishable offence. There was even a word for it in newspeak: face crime."(Face crime. Facebook. Book 1, chapter 5, George Orwell, 1984.) Thank god Mr. Ford got his job back.

Recently I had a constituent complaining to me about a false entry into a criminal records check that prevented him from employment. He was never charged with any offence, but the subjective entry on the form suggested he had been involved in an incident. A clean record, but a little tick in the wrong box, and his life is destroyed. Is this the future? Hour upon hour, and in my office it's day after day. We're trying to correct it, but he's been tagged.

Let's talk about…. We can talk later about the health sector. The member from Nanaimo had mentioned about e-health, and we're going: "I think we better look out. We better look out where we're going with that one."

Elizabeth Denham, the commissioner of the Freedom of Information and Privacy Act, said:

"I'm concerned that new data-linking rules do not apply to the health sector. We recognize the unique needs within the sector, but rules for linking personal health information are needed, perhaps in standalone health information legislation. During further consultation with government, I will push for the highest standards of health privacy and will report publicly on the progress."
That's all well and good, but we're putting the cart ahead of the horse. I think that maybe there's a little bit too much of blind trust to the Ministry of Citizen's Services and Open Government — or, as Orwell would call it, big brother, the party and the ministry of truth.

This what the Premier said about the use of private data: "Government's data is the people's data, and making that data available, using open standards, unlocks enormous potential for private sector innovation." Vancouver Sun, January 2011.

Wow. Wow. Look out. The ministry of truth, pervasive government through surveillance, incessant public mind control — these are words you can take lightly. You can laugh about it. Secret surveillance and manipulation of the past in service to a totalitarian political agenda. You can say: "It's not going to happen here."

Public mind control. We know the Premier's portal already failed, and we know the propaganda machine is well and alive in the bureau.

[1750]

Interesting how it is that when you get to the Legislative Assembly's website and you move to the government's link, the "Back to the legislative home page" is somehow disabled. You're stuck there. You can't get back.

Manipulation. Manipulation of the past and service to totalitarian

HSE - 20111017 PM 053/JBP/1750

website and you move to the government's link that the quote back to the legislative home page is somehow disabled. You're stuck there. You can't get back. Manipulation, manipulation of the past, in service to a totalitarian political agenda.

Now, we have the revisionists, who are active these days in the bureau, talking about B.C. Rail — didn't happen; the HST. We see the rewards for it — the Ken Dobells and the Gordon Campbells of the world who are recipients of the Order of B.C. That's all revisionist. It's all changing the history.

Now, this bill is in sorts about Big Brother. It's about identity management that you will lose control over. The government will control your entity. But worse, it will allow the politicization of private information through its own public relations and communication management systems and consultants. That is the potential.

E-government is also about the invasion of privacy. So convenient, isn't it? The technology is changing. It's taking us somewhere else. But the basic rights of privacy have got to remain. In British Columbia we recognize privacy in this party, this side of the House, is both a right and a value. Privacy is the ability of any individual group to seclude themselves or information about themselves, and thereby reveal themselves selectively. That's their right.

Now, I agree there is need for aggregate research, but only insofar as it does not invade the privacy of the individual. Increased contact between government and citizens goes both ways, though. Once e-government begins to develop and becomes more sophisticated, citizens will be forced to interact electronically with the government on a larger scale. This could potentially lead to a lack of privacy for citizens as their government obtains more and more information on them. In a worst-case scenario, with so much information being passed electronically between government and citizens, a repressive-like system will develop. It's the nature of the beast.

Like my friend Mr. Ford or my constituent who has been improperly filed as a criminal or the communication snow job of, shall we say, the cyberbullying that's going on now by the B.C. Liberal Party website, I don't think authoritarian governments are confined in a certain political geography. When the government has easy access to countless information on citizens, personal privacy is lost.

Privacy differs according to cultural norms. The degree to which private information is exposed therefore depends on how the government will receive this information, which differs between places and over time. Our privacy culture depends on the never-ending change in technology. Who would ever have thought 20 years ago what was meant by saying, "Let's google it" or "Let's go phishing or hacking" or a third-party picture on Facebook that can suddenly destroy you?

Privacy partially intersects security, including, for instance, the concept of appropriate use as well as protection of information — appropriate use. That's subjective. That is scary. There's a nub of it, I think — appropriate use.

AT&T was sued for its role in aiding U.S. government surveillance a couple years ago. Border crossings. We are now dealing with the Homeland Security Act, on state side, and the hypersecurity. What information will be in your driver's licence or your health card, and what's next? When you are tagged, what's next?

Now, Paul Fraser, commissioner of the Freedom of Information and Protection of Privacy Act, when he was such, spoke to the special parliamentary committee regarding the importance of privacy, and his words should be taken seriously. "Personal privacy is part of every citizen in British Columbia's DNA. It's as important as free speech, as the presumption of innocence, as the right of equality, as the right to a fair trial. All that has become trite because of the usage over the years, but it's something that we should not lose sight of in terms of coming to defend and recommend the changes to the legislation which enshrines those principles."

[1755]

He mentioned appropriate use of personal information, "but that must be trumped on what is reasonable and the right for a citizen to control his or her personal information over the collection of and disclosure of his or her personal information. The question is: will the government or its entrusted contractor manage your information in a way that safeguards your privacy and lessen the chances of falling into the wrong hands?"

My god, can you imagine, if an NDP MLA knocked on a

HSE - 20111017 PM 054/EBP/1755

entrusted contractor manage your information in a way that safeguards your privacy and lessens the chances of falling into the wrong hands?

My God, could you imagine, hon. Speaker, if an NDP MLA knocked on the door with a B.C. Liberal Party list? It could happen. B.C.'s new high-tech CareCards and combined CareCard–drivers' licences — this is a problem. This is the heart of the matter. Government will be able to control or be able to use electronic health records, age verification, proof of residency, driver's licence details, electronic co-coding and even, perhaps, school registration for kids. I mean, where are we heading here?

"Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often" — this is Mr. Fraser here — "do not know how their personal information was obtained." Identity theft is detectable by the individual victims, according to a report done by the Federal Trade Commission. It should be detectible. This is in the U.S.

Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. The U.S. Government Accountability Office study determined: "Most breaches have not resulted in detected incidents or identity theft." The report also warned: "The full extent is still unknown."

Now, we seem to have this arrogance here, this culture here, like we saw with the government opposite with the HST — you know, not really listening to the middle class. We're seeing a reaction today in the streets of Vancouver, throughout the world to the arrogance of the elite that seems to know better, and we seem to see that same culture here today when privacy is jeopardized. We're jeopardizing privacy while, I believe, freedom of public information has been hidden. We can go back to 2005, the B.C. Systems Corporation dismantled. It was in control of the data. We had a chance, but we destroyed it because of ideology across the way that corporate greed is better.

Then: "The people's data opens enormous opportunity for the private sector." That's what the Premier says. TELUS is now in control and we're going to see more concentration. Information is now put into silos, presented to this private sector. Regarding data, we aren't handing over just the car but the whole highway, and where that information goes, nobody knows.

Either the government information…. It should be shared, but in consideration we also know that the government will delete, delete, delete its information, while not necessarily protecting your privacy. Privacy, I think, by government, by any government, can very quickly become a commodity. Shared services, and the government cannot control where it goes. Accumulations of all kinds of data, we don't know where it's going to go.

Now, I have not worked with the company since the first milestone was successfully achieved, but I do know that there are members who have seen B.C. Systems when it was dismantled. The start-up company continued as PureEdge, until IBM purchased it in 2005. The company was then known as IBM Workplace Forms. Then we know what happened, of course: the litigation delay of the IBM contracts, the dispute around IBM's contract with the B.C. government pertaining to "the nuts and bolts of the unprecedented contracting out of core services to a large corporation" which occurred during the B.C. Liberals' first term.

Now, I'm not going to get into the mechanics of it, but, FIPA applied to view the more-than-600-page contract signed by IBM, well worth a billion dollars. IBM complained about the potential release, and the government then refused to release records. We're talking about data and how it's being controlled, and we do not have access. It's scary. And now what's the agenda? In 2020 — and this is worldwide — IBM, through government interactions, will require "perpetual collaboration" across all transnational agencies, societies, governments and consultations. Shared information will be shared, borderless. IBM's agenda is to meet that objective by 2020.

[1800]

Expedience has conveniently trumped privacy. Information that's not properly managed — how does that portend to the future?

HSE - 20111017 PM 055/BMG/1800

agenda is to meet that objective by 2020. Expedience has conveniently trumped privacy. Information that's not properly managed. How does that portend to the future?

My colleague from Nanaimo mentioned that, basically, if it ain't broke, don't fix it. But now I think it's going to get a lot worse.

Does this bill limit public servants or the private sector collecting information which is necessary for a given program or activity? No. Deliberation of our personal data will go unchecked. The current faux pas is generally, I think, too generous. But more harm is on the way.

I want to continue to quote Mr. Paul Fraser, who was acting commissioner at the time:

"In the past three years we have investigated, for example, 248 breach reports in both the public and private sector combined. Our most recent investigation report related to the theft of personal information of 1,400" — 1,400 — "of B.C.'s most vulnerable citizens. Our findings in that case were consistent with many other breaches that we have investigated in the last three years."

"First, government ministries never noticed that the database reports containing the personal information of these 1,400 citizens were even missing. The RCMP had to advise government that they had found the reports in an employee's possession."

Now we are in a process to weaken personal privacy protection, our freedoms, our rights, and we have a Premier that says the opportunities are for the private sector.

Twenty-six government employees were aware of the breach, although the majority failed to recognize the situation as a privacy breach, and it took 7 months — 7 months — for the government to notify individuals affected by the breach. When notification occurred, the letters were sent to the wrong addresses, resulting in further inappropriate disclosure of personal information.

I quote Mr. Fraser again. "We concluded that the results of the investigation illustrated that the government had not yet established what we call a culture of privacy."

Culture of privacy. Do you really think that this government or any government will beef up training and security for privacy while it is constantly cutting programs today? A stroke of a pen? A financial so-called expert, trying to find the bottom line? Do you really think this government gives a real hoot about the majority of people?

As Mr. Fraser said, culture of privacy is not "just a buzz word. It's a real expression of concern. We recommended this become a goal of government. In order to achieve that goal, the government must demonstrate that privacy is distinct from, and as important as, other security concerns."

I think this bill flies in the face of securing that culture of privacy. Such an opportunity occurred in 2004 to get it right. It was chaired by the Liberal member from the South Peace, now a cabinet minister who actually once sat over here. Against the arrogance of the culture with…HST, he removed himself from his caucus. But like the rest of the other side, today he's also sitting on his hands.

We know in 2004 what happened. It was flagged. There were real problems, but the government then didn't listen. In the area of e-health, the investigation occurred into the lack of protection with the e-health system that was derived by the Vancouver Coastal Health. Then the issue of the privacy that the commissioner's office determined was eroded because of the large number and serious nature of the deficiencies in the security.

He says: "We are actually unable to publicly report in any detail of the nature of those deficiencies." There was no attempt to investigate it. There was no real culture of privacy then. There is not today, and there will not be after this bill has passed.

We must hold our standards the highest in the land if we truly respect our citizens. I don't agree with any government — a government this side, a government that side, any government — that says trust me with your data.

[1805]

Fraser went on to say: "The examples of the e-health and the example with respect to 1,400 patients illustrate that in our experience public bodies in British Columbia have not learned

HSE - 20111017 PM 056/DAG/1805

went on to say "The examples of the e-health and the example with respect to 1,400 patients illustrate that in our experience public bodies in British Columbia have not learned how to build privacy into their projects." Understandably, they have service delivery goals that they wish to meet. Unfortunately, expedience has consistently trumped privacy, and it puts the privacy of British Columbians at some, I'm bound to say, significant risk."

Mr. Fraser started his legal career primarily for that, relative to the protection of the individual. He spent a career building that reputation. Are we just suddenly disregarding his concerns? "Until we enshrine a culture of privacy in British Columbia, expedience — I repeat this — will always trump the primary privacy concerns that are at the centre of all that we do in terms of protecting the privacy of citizens in this province."

Expediency means so many things. It also means outsourcing. It means outsourcing the protection of your liberties, your rights and your privacy. We saw what happened with the Accenture. Remember when it first came here? We were discussing something called Maximus, a Virginia-based company that handles the MSP and PharmaCare services. We had a public policy collective agreement basically torn up.

We also know there's EDS collections, also known as provincial or B.C. revenue services to the Ministry of Finance; TSSI, a TELUS subsidiary that does the payroll; ISM workstation group of Victoria that does management services, desktop standardization technology, Ministry of Labour, Citizens' Services. We know the disaster, duties recovery through Solicitor General.

All of these things, in every element of government, the data is no longer at our disposal. Now, the government can cut staff significantly for turning MSP systems and operations to Maximus, so that today when people compare how bad delivery was before or how it was as bad as compared to today, the services that were cut first in order to accommodate the private company, we will never be able to fully do that comparison. Yes, the data has been leaving, but our ability to do the proper freedom-of-information checks on these privatized companies in control of our data are lost.

We're looking at alternative services: land title B.C., B.C. consumer practices, Oil and Gas Commission, B.C. Ambulance, the BCLCB back then. With private contracts with information gathering and data storage, how can we access: what is a breach of performance?

The freedom of information cannot be given out, because of protection of business interests. We have seen that through the P3 projects. We don't have a handle on with a what the performance is. It's none of our business anymore, because we are protecting the interests of the contract.

Now, the government fined Maximus for breach of performance, which may have been data, but was reluctant to release how much. After all, it has also become now just part of doing business. With sophisticated electronic systems to collect, share, store and analyze, our information should be available. Our digital cells — it's a good word, isn't it? — will be available.

Bill 3 opens us up to violation after violation after violation. Digital profile is a new world order, an order whereby personal information stored on data, however false, can be stored in the so-called name of national security enforcement in the States or here in Canada. We have no control over that.

As my time begins to wind down, hon. Speaker, let me put it to you this way. I quote Mr. Fraser:

"The concept is known by many as data-sharing. By data-sharing, I mean the programmic or planned disclosure of personal information by one government agency to another, by one government to another government or by a government to a private sector organization. These disclosures might be one way, two way or multifaceted. They may be one-off disclosures or regular planned exchanges of data. Data-sharing is likely to occur between or among network or connecting databases."

How will citizens even know where their information is or what has been done to it? Answers to those questions must be found. Those answers have got to be found before we pass this bill.