OTTAWA, Ontario Transport Canada is committed to enhancing the safety and security of Canadians while fostering innovation as it continues to explore the use of unmanned aircraft systems, commonly known as drones, to fulfill its mandate. The Honourable Marc Garneau, Minister of Transport, granted the UAS Centre of Excellence approval to begin operations at their test range in Alma, Quebec. Transport Canada will be one of the first to operate at the new test range on June 26. This test range facilitates research and development and provides the industry with dedicated, restricted airspace where they can test drones beyond visual line-of-sight.
In partnership with the Iqaluit-based company Arctic UAV Inc and the University of Alaska Fairbanks, Transport Canada will be one of the first to operate at the new test range this week as the department begins trials with a Sea-Hunter drone. Two, week-long test activities per year have been planned with the option to add two more if needed. The trials will provide hands-on experience operating sophisticated drones and will help develop procedures, training, and risk assessment tools for surveillance operations in Northern Canada. Transport Canada intends to acquire a system that would use drones to survey ice and oil spills in the Canadian Arctic. In anticipation of these activities, the department awarded a contract to Arctic UAV to conduct several research and development flight trials over the next three years
On March 28, 2016, the Government of Canada successfully completed its first drone trial off the coast of Newfoundland and Labrador in order to assess the potential of drones to support Canadian Coast Guard icebreaking operations.
OTTAWA Prime Minister Justin Trudeau sought to assuage public fears and political complaints Tuesday that the Liberal government s decision to allow the Chinese takeover of a Canadian satellite technology company would compromise national security at home and abroad. Hytera Communications Co. Ltd. is set to take over Norsat International Inc., which manufactures radio transceivers and radio systems used by the American military and Canada s NATO partners. The private Chinese firm first made a bid for the Vancouver-based technology company in 2016, triggering a review under federal law to ensure Canadian interests weren t harmed in the foreign takeover.
It was only earlier this month that the results of the review were made public when the company said it had been informed that a formal security review wouldn t be required. Trudeau said an initial government review of the takeover, required under the Investment Canada Act, unearthed no significant national security concerns and didn t require any further reviews. The national security agencies involved in the review recommended the deal to be allowed to proceed, he said.
The review they did was adequate to give them confidence that there was no risk to national security. Therefore, their recommendation to the minister was to allow it to proceed. So we did.
Trudeau insisted that his government would never approve any foreign takeover if there is even a hint of concern that it would harm national security.
We would not move forward with approving investments under the Investment Canada Act if we were not assured and comfortable that there is no risk to national security, period, he told a news conference.
It doesn t matter what country it s from, it doesn t matter what deal it is, if there s a risk to national security, we won t move forward. The deal has been the focus of a debate over national security risks and the federal government s willingness to approve a Chinese takeover of a Canadian technology company. It also comes as the Liberals and China pursue exploratory free trade talks; Canadian government is aiming at opening up the Chinese market to domestic producers in the face of Donald Trump s America First policy on trade.
The ongoing dialogue included an agreement last week where the two countries agreed not to engage in state-sponsored hacking of each other s trade secrets and business information. Opposition MPs have repeatedly raised concerns about the Norsat takeover, there is unease among congressional representatives in the United States about allowing the Chinese firm to have access to sensitive defence technology. The Globe and Mail reported Monday that the U.S. Department of Defence is reviewing all its business dealings with Norsat as a result of the deal.
Norsat makes satellite communications systems used for national security and defence purposes. It has a number of government customers in both Canada and internationally, including the Canadian Coast Guard and the Pentagon. Trudeau said Canadian security agencies consulted American officials as part of their preliminary security screen. Last week, Norsat security holders voted overwhelmingly in favour of the takeover bid. The deal is still subject to approval by the B.C. Supreme Court as well as other regulatory approvals and certain other closing conditions. Norsat was scheduled to apply Tuesday for a final court order to approve the deal.
As voice recognition and facial scan technology has improved, organizations are increasingly employing the use of biometric identifiers in the authentication processes for devices and online applications and accounts. Surprisingly, there is no comprehensive federal statute or regulation governing the collection, protection, use or disposal of biometric data. The U.S. Federal Trade Commission has only issued recommended best practices for use of facial recognition, and not promulgated any rules. These best practices, however, are nonbinding and serve only as guidance. In addition, until recently, there have been only two states which have adopted laws regulating the use of biometric data Illinois and Texas. In May 2017, Washington become the third state to enact a law governing the collection, use and retention f biometric data.
In 2008, Illinois passed the Biometric Information Privacy Act, which set forth a comprehensive set of rules for the collection and use of biometric data. Organizations must provide written notice prior to the collection of any biometric identifier. The notice must include the purpose of the collection and the duration that the organization will use or retain the data. Only after obtaining the written consent can organizations begin their collection activities. Once they have collected biometric data, the BIPA requires organizations to protect that data in the same manner it would protect other sensitive and confidential information using the reasonable standard of care in its industry. In addition, the BIPA requires organizations to have a publicly available written policy stating how long the organization will retain the data and rules governing the destruction of that data. The BIPA prohibits organizations from selling or otherwise profiting from the biometric data they collect. It further prohibits organizations from disclosing biometric data unless (1) they obtain consent; (2) the disclosure completes a financial transaction requested by the individual; (3) the disclosure is required by federal, state or municipal law; or (5) the disclosure is required by a valid warrant or subpoena. The BIPA provides a private right of action for violations of the statute and entitles a prevailing party to statutory damages for each violation equal to the greater of $1,000 or actual damages for negligent violations, and the greater of $5,000 or actual damages for intentional or reckless violations. The existence of the private right of action has led to the considerable litigation with Facebook, Google, Shutterfly and Snapchat over their use of facial scanning and/or recognition technology.
Texas enacted its own biometric data law shortly after the passage of the BIPA. Similar to the BIPA in many regards, the Texas law required informed consent by individuals before organizations could begin collecting biometric identifiers. However, the consent did not need to be written. The Texas biometric law also imposed limitations on the sale of biometric information and set forth security and retention requirements. Only the Texas Attorney General can enforce the state s biometric law as the law does not provide for a private cause of action.
On May 16, 2017, Washington became the latest state to pass a law regulating biometric data effective as of July 23, 2017. The Washington statute defines biometric identifiers as data generated by automatic measurements of an individual s biological characteristics, such as a fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that is used to identify a specific individual. Significantly, perhaps in response to the litigation generated by the BIPA, Washington s definition of biometric identifiers expressly excludes physical or digital photograph, video or audio recording or data generated therefrom. It also excludes information collected, used, or stored for health care treatment, payment or operations subject to HIPAA. The statute also possesses a security exception, exempting those parties that collect, enroll or store biometric identifiers in furtherance of a security purpose. Washington s biometric data law applies only to biometric identifiers that are enrolled in a commercial database, which is defined as captur[ing] a biometric identifier of an individual, convert[ing] it into a reference template that cannot be reconstructed into the original output image and stor[ing] it in a database that matches the biometric identifier to a specific individual. Organizations may not enroll a biometric identifier unless they provide notice and obtain consent. The statute does not require a specific type of notice. Instead, it states that notice is context-dependent and only needs to be given through a procedure reasonably designed to be readily available to affected individuals. The statue, however, specifically notes that [n]otice is not affirmative consent. Absent consent, an organization may not sell, lease or disclose biometric data to a third party for commercial purposes, except where a statutory exception applies. These exceptions include where necessary to provide a product or service requested by the individual and where disclosure is made to a third party who contractually promises that the biometric identifier will not be further disclosed and will not be enrolled in a database for a commercial purpose that is inconsistent with the law. Even with consent, organizations may not use the biometric data they collect for any purpose that is materially inconsistent with the original purpose of the collection.
The Washington biometric statute imposes security and retention requirements. Organizations must exercise reasonable care to guard against unauthorized access to and acquisition of biometric identifiers. They must also retain biometric identifiers for no longer than necessary to comply with the law, protect against fraud, criminal activity or other security threats, or provide the service for which the biometric identifier was collected.
Like the Texas biometric data law, the Washington biometric data law does not provide a private right of action. Only the Washington Attorney General can bring an action to enforce the statute under the Washington Consumer Protection Act.
In the absence of federal legislation, state laws regulating the collection, use and retention of biometric data appear to be imminent. Pending bills governing biometric data are currently pending in the Alaska, Connecticut, Montana and New Hampshire legislatures. Given the proliferation of biometric information as a means of identification and authentication, it is only a matter of time before more states adopt similar laws.