OTTAWA–It took months, but Montreal author Jaspreet Singh finally cleared his name and was cleared to fly.
Based in Calgary last year, Singh was suddenly hit with lengthy interrogations when he tried to board planes. An Air Canada staffer suggested he change his name.
Instead, fearful of further harassment, he grounded himself, skipped Toronto’s Book Expo Canada and Luminato festivals, and mounted a letter-writing campaign seeking to be removed from whatever "no-fly list" he was on, says his Montreal publisher, Simon Dardick.
Singh, a Canadian citizen born in India, is in Delhi right now on a trip. He was never a security risk, says Dardick. "It was another J. Singh."
But it was "a scary thing," Dardick said. "This is a big country. It’s hard not to fly."
For Singh, and others like him, there is little comfort in a new report by Canada’s federal privacy commissioner Jennifer Stoddart.
Stoddart slammed the officials who enforce and oversee Canada’s secretive "Passenger Protect" program and its blacklist of air travellers deemed a threat to aviation security.
The top Transport Canada bureaucrat who is in charge of placing people on the list did little more than rubber-stamp recommendations from a three-person advisory committee, Stoddart said.
She found that, overall, Transport Canada handled personal information carefully and disclosed personal data "selectively to officials who actually need it."
But she also found that the technology to share "no-fly" orders with air carriers has not been certified as secure; the smaller air carriers, some of which use paper lists, are not required to report breaches of privacy; and there is no review of those carriers’ compliance by Transport Canada.
Canada’s "no-fly" list took effect in June 2007, and almost everything about it – the number of names, the deletions, how it works – is classified. It is believed to contain 500 to 3,000 names.
Because there is no independent oversight of the program, it is up to the top Transport Canada bureaucrat to act as watchdog.
But Stoddart’s auditors concluded the deputy minister, who until his retirement in July was Louis Ranger, did little more than act as a rubber-stamp of decisions to add or remove names.
He did not have "complete information" or the full files before him, said Stoddart, just "a simple recommendation to sign."
Only the three-person advisory committee, which consists of one official from each of the RCMP, CSIS and Transport Canada, reviewed the complete file on suspicious air travellers and made a recommendation to the deputy minister.
"He was signing in a completely blind fashion," said Roch Tassé, national coordinator of the International Civil Liberties Monitoring Group. "It’s quite shocking."
Stoddart said the department agreed with her concerns and changed its practices in February.
But Tassé’s group, which has researched watchlist horror stories, questions the legal mandate and the regulations governing the operation of the "no-fly" program.
Tassé argues that when police want to restrict someone’s movements, an officer has to get judicial approval. But when it comes to flying, the officials who can restrict a person’s "mobility rights" under the Charter don’t have to seek any judicial approval.
His group plans to release a report into the operation of the list within three weeks.
Singh, who moved to Canada in 1990, was a research scientist and teacher before becoming an author. He has won critical acclaim for his short stories, including his award-winning collection 17 Tomatoes: Tales from Kashmir, and was the 2006-07 writer-in-residence at the University of Calgary. His novel Chef was released last year.
At a news conference Tuesday, Stoddart made clear more scrutiny is needed and she doesn’t have the legal power to do it. "I’m not the national security czar," she said.
More than two years into the operation of the program, Stoddart said she had hoped Canadians would have had more transparency, parliamentary review and "a little more insight into how this program functions."
"It remains opaque. Its impact on the lives of Canadians remains opaque, and that is a concern."
Stoddart also flagged problems with the data stored by Canada’s financial watchdog agency, known as FinTRAC, the agency responsible for tracking financial transactions among Canada’s banks, trust companies, law firms and other money-handling institutions.
Stoddart said Ottawa, in its drive to combat terrorism and money-laundering with the aid of modern technology, has developed a "seemingly insatiable appetite for personal information about individuals."
She highlighted the case of a woman who cashed a government-issued cheque for less than $300 at a trust company, and was flagged as suspicious, "simply because of her ethnic origin and the fact she had visited a particular country."
FinTRAC has no legal mandate to receive and hold such data, and yet the woman’s information was automatically stored along with millions of other suspicious transactions.
Stoddart’s conclusions echo previous warnings that in its post-9/11 efforts to be on the watch for terrorists, the federal government has often gone overboard.
"The unprecedented scope of government data collection that we are witnessing today heightens the risk of misuses and unauthorized disclosure. The consequences for individuals can be grave," Stoddart says.
Stoddart found other privacy breaches, including:
In 2008-09, several federal departments and agencies reported the theft of laptop computers and flash drives containing the personal information of Canadians.
Computers were stolen from the residences of government employees. Some contained no personal information, but others held data on refugee and employment insurance claimants.
A hacker using off-the-shelf software was able to penetrate a computer at Agriculture and Agri-Food Canada, exposing about 60,000 personal data records of farmers using a federal loan guarantee program.
More than 1,200 employees at the Department of Foreign Affairs and International Trade had access to a database containing confidential personal information about a citizen jailed abroad.
Stoddart also concluded that shortcomings in the way Elections Canada handles the personal information of Canada’s 23 million registered voters could expose people to "serious consequences such as identity theft."
The audit found that some voter lists "simply vanished during elections and by-elections," the agency collects "too much personal information on voters, including on teenagers too young to vote," and that Canadians are not fully informed about how their personal information will be used.
Voter lists are drawn up from the National Register of Electors and include not only names and addresses, but also birthdates. "There is evidence that these lists go missing. As well, lists distributed to political parties and candidates can be endlessly photocopied and circulated," Stoddart reported.
Overall, said Stoddart, in the 26 years since the enactment of privacy legislation, "for most part, Canadians should be satisfied with the way the federal government handles their personal information."