Public infrastructure surveillance: Who Watches the Watchmen?

September 18th, 2023

The issues surrounding the collection and use of data via a surveillance system are becoming increasingly complex from a managerial, operational and legal perspective, particularly:

  • when the data collected includes personal information about employees or the public;
  • when advanced technology is used without sufficient understanding and oversight.

In today’s global context (terrorism, cyberterrorism, war, espionage, militarization of diplomacy, intelligence programs increasingly extending to local bodies), these systems are primarily designed to protect people and property (integrity, operationality).

Their effects remain: public and private authorities exercise a surveillance power which, in the absence of adequate control, is likely to lead to undesired and undesirable consequences, such as:

  • unwarranted invasion of the privacy of the users and employees concerned;
  • potential administrative, civil, penal or criminal liability of the entity, its directors and principals (directly or through vicarious liability), depending on the circumstances of each case.

The legal domains involved are complex: constitutional law, criminal and penal law, civil law, labour law, administrative law, privacy law, transportation law, cross-border law, prison law, etc.

By way of illustration, several countries, including Canada, grant constitutional protection to the right to privacy, and the interception of private communications by means of electromagnetic, acoustic, mechanical or other devices is punishable by fines or imprisonment. 

Contrary to some beliefs:

  • a communication made in a public place does not necessarily lose its private character;
  • the defence of the honest person who engages in illegal eavesdropping for noble reasons is generally inadmissible.

It would therefore behoove the managers of infrastructures accessible to users or employees to better understand the scope of their obligations and responsibilities, not only from a strictly legal point of view, but also from a managerial and operational perspective. Their governance will also benefit from an understanding of the underlying technology so that they can manage its use by their employees or contractors, who will need to do the same, in particular by defining their role vis-à-vis the competent authorities in crime prevention or security intelligence gathering.

There are many parameters to consider when implementing, updating and auditing such a system, including:

  • the applicable regulatory framework, which is particularly complex;
  • the mission of the entity in relation to the separate mission of the country in terms of protection (emergency services, police services, intelligence services, etc.), particularly with regard to cooperation agreements between public authorities and the private sector (public agencies have significantly increased their capabilities, having learned from their inadequate coordination before the September 11 attacks, not to mention the advent of privatization of certain infrastructures and surveillance technologies);
  • the technological development of devices: satellites (more than 5,000 are said to be in orbit, some with advanced photographic and data interception capabilities), geolocation, cameras, cameras on security guards, facial recognition, drones, apps, targeted advertising, automated data collection (licence plates, user data, electronic surveillance, sophisticated alarms (detection of suspicious behaviour, detection of firearms), etc.;
  • updating these technologies so that beacons are not unintentionally moved;
  • awareness of the conscious and unconscious biases of individuals and the parameters of the technology used to avoid targeting or harassing innocent people;
  • the existence of data about the incidents we seek to prevent, including the cause-and-effect relationship of the means used or planned;
  • the identification and location of devices and their capabilities.

In short, we can legitimately use technology to achieve a variety of legitimate objectives, including protecting people and property, but it is essential that we do so in a way that is both thoughtful and mindful of the importance of privacy in our society.

This exercise requires, to quote Bryan Mills, Liam Neeson’s character in Taken, “a very particular set of skills.”


About the author:

Jean Patrick Dallaire is a partner in charge of Langlois Lawyers’ Construction & Infrastructure practice group, where he assists various stakeholders in their activities in and around real estate projects.