WASHINGTON — Amid rapidly shifting geopolitical sands, Canada and the United States unveiled plans Wednesday to work more closely in the nebulous world of cybersecurity, including on a long-awaited deal to make it easier to navigate each other's data privacy laws in criminal investigations.
A detailed suite of common cross-border common interests, including cybercrime, human smuggling and the trafficking of illegal guns, emerged overnight from the newly resurrected Cross-Border Crime Forum, a bilateral gathering inaugurated in 1997 but dormant since 2012.
Public Safety Minister Marco Mendicino and Justice Minister David Lametti were in the U.S. capital for the meetings, the centrepiece of which was the start of formal talks to bring Canada under the umbrella of the Clarifying Lawful Overseas Use of Data Act, or CLOUD.
Reaching a deal "would pave the way for more efficient cross-border disclosures of data between the United States and Canada so that our governments can more effectively fight serious crime, including terrorism," U.S. Attorney General Merrick Garland said in a statement.
The overriding objective, Garland said, would be to enhance public safety and security in both countries while protecting the privacy and civil liberties of both Americans and Canadians.
"By increasing the effectiveness of investigations and prosecutions of serious crime ... we seek to enhance the safety and security of citizens on both sides of the U.S.-Canada border."
The CLOUD Act, passed in 2018, created a "new paradigm," according to the U.S. Department of Justice: "an efficient, privacy and civil liberties-protective approach to ensure effective access to electronic information through executive agreements between the United States and trusted foreign partners."
Such agreements are designed to eliminate legal "barriers" that prevent internet service providers subject to U.S. laws from releasing electronic evidence under court order. The U.S. has already reached CLOUD agreements with Australia and the U.K. Other jurisdictions with stringent privacy rules, such as the European Union, are at odds with the DOJ approach.
The U.S. has reportedly complained to Ottawa that Canadian privacy laws can prevent authorities there from notifying their American counterparts when convicted sex offenders travel south, even though similar information is routinely shared in the other direction.
Law enforcement leaders in Canada, too, have been pressing the federal government for years to pursue data-sharing treaties with the U.S. that would make it easier for investigators in both countries to pursue arrests and convictions in a variety of criminal offences.
The Cross-Border Crime Forum, reinvigorated under the terms of the bilateral "road map" for co-operation agreed to in February 2021 by Prime Minister Justin Trudeau and President Joe Biden, appears to have finally opened the door.
And not a moment too soon, said Karen Eltis, a University of Ottawa law professor who specializes in privacy law, e-commerce and cybercrime, as well as the myriad issues that surround the geopolitically boundless nature of the internet.
The sheer volume of communication and commerce taking place online these days demands a different approach to fighting criminal activity that leaves its digital bread crumbs — critical evidence for investigators — all over the world, particularly in the U.S., Eltis said.
"In the past, it was all about territorial borders," she said. "We have to understand that the type of laws that we were used to, that were confined to a particular territory, are no longer relevant to the digital age."
Concerns about defending privacy are legitimate, and form an important element of the discussion, she added. But it's high time that the debate confronted the reality of how the internet works — especially given the threat of international cyberattacks, which is growing exponentially in light of Russia's ongoing invasion of Ukraine.
A summary of the meeting released Wednesday said Mendicino, Lametti, Garland and Homeland Security Secretary Alejandro Mayorkas also discussed working together to defend against ransomware attacks and to "freeze and seize" Russian assets as part of North America's economic countermeasures against Russia and president Vladimir Putin.
Foreign policy experts have been warning for weeks that U.S. efforts to sanction Russia would likely lead to a ramp-up in foreign cyberattacks on American infrastructure, a possibility Biden himself flagged publicly on Monday.
"My administration has issued renewed warnings that, based on evolving intelligence, Russia may be planning a cyberattack against us," Biden told business leaders. "The magnitude of Russia's cyber capacity is fairly consequential, and it's coming."
That threat adds another wrinkle: in autocratic countries, privacy laws are less of a constraint against cybermeasures than they are in the West, Eltis added, citing the words of one her mentors, the former Israeli Supreme Court president Ahamon Barak.
"He said, 'Democracy fights with one hand tied behind its back, but it has the upper hand nonetheless,'" Eltis said.
"A democracy has values that it safeguards, even though it will need to manoeuvre within constraints. This is not just about privacy — not because privacy isn't important, but there are many other human rights that can be at stake, that democracies have to manoeuvre around and strike a correct balance."
The four leaders also talked about efforts to push back against human trafficking and smuggling across the Canada-U.S. border, as well as plans to target the flow of illegal guns between the two countries.
This report by The Canadian Press was first published March 23, 2022.
James McCarten, The Canadian Press