Painted Into a Corner: Libraries and Bill C-51

On January 30, on the heels of two domestic attacks as well as those in France, the government of Canada announced Bill C-51, the Anti-Terrorism Act 2015. Among the changes this legislation intends to bring about, there is one that should cause concern for libraries across the country: the bill would criminalize promoting or advocating terrorism, even if there is no evidence of intent to commit a violent act.

Fundamentally, libraries of all types might have trouble with this sort of intrusion on intellectual freedom.

We typically speak up when society at large, or governments, attempt to limit free speech beyond what is necessary, and especially if this is being done in a way so as to impede libraries’ image as a trusted neutral space in which to explore controversial, offensive, even dangerous ideas.

Bill C-51 may be one of those cases. To see why, let’s look at how computer use and user privacy policies in a library might react to the suspicion that a user is crossing the new legal line.

Internet usage policies in libraries typically default to a broad freedom to consume or create content using the library’s connection or equipment. Even still, many libraries, including many public and most school libraries, employ filtering technology to limit access, especially for their youngest users. But filtering or not, it is typical that policy prohibits users from “illegal” activity online.

What might “illegal” entail? It might refer to specific, intentional, credible threats of violent acts, or conspiracies to commit an illegal act. It might refer to the consumption or distribution of child pornography or to the “obscenity” mentioned in the Criminal Code. The latter might on occasion be problematic for libraries, but at least we have decades of case law that have qualified the “obscenity” provision to the point where legitimate information needs or artistic merit are enough to get a pass, not just in libraries but with the law in general. (It is also true the criminalization of child pornography viewing also has its conscientious objectors, such as Tom Flanagan).

But under C-51, “illegal” might also include, for example, a 15-year-old who comments on Facebook that perhaps Canada deserves to be attacked for spreading mayhem in Afghanistan. Under many libraries’ policies, his ill-advised musings would technically be enough for the user to be banned from Internet use and/or from the premises.

Of course, most of the time, libraries don’t have the technical means nor the policy force to actually monitor what users say online or where they visit. Although possible, it is not that likely that another user will complain, or have enough credibility to lead to censure of the user. But what if the police were involved? What if, in the interest of national security, they asked a library to enforce their own policy?

That leads us to the second policy dimension: user privacy.

Most libraries will not share their users’ information with any third party except in very specific circumstances. These include child protection. The obligation on a public employee who witnesses what they believe to be child abuse or neglect to report it to a child protection agency explicitly outweighs the user’s right to privacy. Library employees occasionally make CAS calls using information from a patron database to identify the name and address of the child and/or the caregiver involved.

The other circumstance is when the information is needed for law enforcement. For Ontario public libraries, this exception is explicitly set out in MFIPPA, the Municipal Freedom of Information and Protection of Privacy Act. On occasion, libraries will authorize the release of patron information and surveillance video when police request it, making sure to record what information was given to whom and for what reason. There is even a rumoured case where a public library, under warrant, released computer hard drives to police investigating a complex terror plot in southern Ontario.

But under C-51, we could be asked for the identity of that 15-year-old. And here, our reluctance, for policy and resource reasons, to install sophisticated monitoring software could make things worse. If police can only identify that the communication originated from our IP address, and we can’t tell from which machine, we might feel compelled to hand over data on all users logged in at that time.

We could be asked for surveillance video, too, and to hand over hard drives.

Many libraries, for privacy reasons, do install software that erases all traces of a user’s activity once they log out. It is possible, however, that investigators have the means to crack this. And what if police show up while the user is still logged in? Would we be obstructing law enforcement if we were to end the user’s session remotely in order to protect his privacy? Bill C-51 raises many questions, and what our policies and our consciences do as a result are but two of them.

Todd Kyle is CEO of the Newmarket (ON) Public Library and former Chair of the CLA Information Policy Advisory Committee. He blogs at nplceo.wordpress.com.