Publications

This submission analyzes Bill C-22, the Lawful Access Act, which would enact broad surveillance obligations and reforms in Canada. Issues include: the bill’s sweeping scope, significant constitutional and human rights risks, transparency and accountability deficits, and dangers to encryption and Canada’s cybersecurity. We recommend entirely withdrawing several elements of the bill and suggest amendments to mitigate harms. 

Our preliminary analysis of Bill C-2 situates the legislation within the context of existing research by the Citizen Lab about two potential data-sharing treaties that are most relevant to the new proposed powers being introduced in Bill C-2: the Second Additional Protocol to the Budapest Convention (2AP) and the CLOUD Act. Both of which carry significant constitutional and human rights risks.

In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon’s mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.

Legal researchers Cynthia Khoo and Kate Robertson warn that a Canada-U.S. CLOUD agreement would extend the reach of U.S. law enforcement into Canada’s digital terrain to an unprecedented extent, and that if signed, this agreement would effectively allow U.S. police to demand personal data directly from any provider of an “electronic communication service” or “remote computing service” in Canada, so long as it had some ties to the U.S.

In an article for Lawfare, The Citizen Lab’s senior research associate Kate Robertson analyzes how, in its current form,  the draft treaty is poised “to become a vehicle for complicity in the global mercenary spy trade.”