Anti-spam law – update on timing

Posted on June 19, 2013 by David Canton

On Monday I chaired a joint LSUC /IT-Can afternoon on IT privacy law. One of the panels was on the anti-spam act, including representatives from the CRTC and Industry Canada. While there is no clear implementation date yet, Industry Canada expects the final Industry Canada regulations will be out in late summer or early fall. When those come out, an implementation date will be announced. Industry Canada is recommending that there be an implementation delay of several months to allow business to comply, but that decision is ultimately in the government’s hands.

The legislation is very complex, with exceptions layered on exceptions. The CRTC, which is the prime enforcer of the law, has published some guidelines, will publish more, and will also publish FAQ’s. So essentially, to understand the legislation, one has to look at the act, the regs, CRTC and perhaps Industry Canada guidelines and explanatory material.

That’s fine when dealing with the CRTC’s enforcement, but makes me nervous as one might rely on that, then be faced with an individual lawsuit or class action where a judge disagrees with the CRTC’s interpretation.

Release your inner skeptic

Posted on June 17, 2013 by David Canton

for the London Free Press – June 17, 2013 – Read this at lfpress.com

It always pays to be skeptical about unsolicited sales pitches. If someone tries to sell you something by knocking on your door, phoning or sticking a flyer in your door, think twice before you buy.

Some offers may be legitimate services for a fair price by a legitimate business. But others are for services you don’t need or from fly-by-night businesses. They also could be overpriced, of shoddy quality or outright scams.

Consumer protection legislation generally gives customers rights to cancel contracts made at the door or over the phone within a short period of time.

If you’re contacted this way, first think about whether you need the service. Ask the salesperson to leave you information or a quote if you’re being told the service is necessary, you aren’t sure you want it, you aren’t sure about the price or have even the mildest hesitation.

That gives you time to think about it, talk to someone else about it or get a second opinion or quote. A refusal to provide information, or an insistence that it must be agreed to on the spot is a sure sign that you should say no.

Common offers to be skeptical of are home repairs such as roof repairs and driveway sealing. A phone call saying that your computer is in need of repair is a common scam.

Energy savings plans also are common. Promises of significant savings are often made for things like the sale of natural gas or electricity — but they may be based on unrealistic assumptions, be misleading or lock you in in surprising ways.

A colleague recently brought to my attention a situation where an energy-savings thermostat was imprudently purchased over the phone. For a fixed monthly fee payable over several years, a new intelligent thermostat was installed, along with a promise of energy savings.

The buyer was required to sign a lengthy contract. It included significant costs for early termination, or if the house was sold and the buyer didn’t want to assume the contract. Removal of the thermostat required the homeowner to pay for a technician.

An attempt to contact customer service when a problem occurred with the thermostat did not go well.

Some quick math showed that within about three months you would have paid enough to buy a programmable thermostat. And within 18 months you would have paid enough to buy a new Nest learning thermostat, perhaps one of the most advanced, high-tech thermostats available.

The moral of the story is to be skeptical, and take time to think before you agree to buy anything that you didn’t set out to buy in the first place.

http://harrisonpensa.com/lawyers/david-canton

NSA spying – musings about the surveillance state

Posted on June 12, 2013 by David Canton

Today’s Slaw post:

Much has been written about the NSA / Prism communications monitoring scandal over the last few days, including Simon’s recent post. Many things are unclear, and there are more questions than answers, but these things are clear to me.

Some people defend or trivialize it by saying that actual phone conversations and emails are not being monitored – just metadata. Metadata simply means data about data – it doesn’t mean that it is innocuous or public. The phone “just metadata” being tracked is equivalent to looking at one’s phone bill – numbers called, duration, etc. That definitely contains personal information which raises serious privacy issues. Reminds me of the “it’s just allergies” allergy medication ads.

Another comment that is supposed to make it better is that US citizens are not being targeted by the NSA. Who is targeted doesn’t change the fact that personal information on citizens is being collected and retained. And why is it somehow acceptable to spy on and violate the privacy of people in other countries?

Some ask why it is okay for Google to use knowledge it gains from searching your e-mails to sell advertising, but not okay for Google to pass it on to the government. There is a huge difference. Google serves up those ads without knowing or retaining the identity of the recipient. Privacy principles apply to contextual or behavioural advertising and contextual information (such as Google Now), and we can opt out of receiving it. Privacy obligations limit how long personal information is retained, who it can be disclosed to, and how it can be used. None of those concepts apply to NSA monitoring, and opting out is not an option. The devil is in the details when it comes to privacy, security and surveillance.

Edward Snowden, the person who leaked the information that started this, is apparently hiding in Hong Kong, and US authorities are eager to get him back to the US and charge him criminally. If he had done the same thing in certain countries in the Middle East or Asia, people in the US would be praise him as a hero and chastise the government for its retaliation against him. If those countries were doing the same surveillance as the NSA is, those in the US would demonize the state for its unacceptable assault on civil liberties and privacy.

I do not welcome the surveillance state.

http://harrisonpensa.com/lawyers/david-canton

Responsive marks – great concept – challenges trade-mark thinking

Posted on June 5, 2013 by David Canton

Todays Slaw post

The Whitney Museum of American Art in New York recently unveiled a simple, clever logo using a responsive “W”. A Wired article says “… the spindly zigzag design has been both praised for its modernity and criticized for its simplicity.”

Responsive design websites automatically adapt their configuration to the screen size you see it on. In the responsive W logo, the Museum changes the shape of the W to fit their use. To appreciate the cleverness and utility of this, look at the above video, the slideshow on the Wired article, and the designer’s explanation of the design.

As brilliant and useful as it is, it is an example of cutting edge thinking challenging current legal doctrine. Trade-marks lose protection when they stray very far off the version that is registered. That’s why, for example, if there is a vertical and a horizontal version of a trade-mark, both versions are usually registered. To protect a responsive mark like this, one would obviously register the main form. But it would also cause some reflection as to how far that protection extends to an infinite number of responsive versions, and how best to try to protect those.

The Failure of Personal Data Retention

Posted on May 29, 2013 by David Canton

Today’s Slaw post:

Two basic privacy principles are that no more personal info should be collected than necessary, and it should not be kept any longer than necessary. That flies in the face of repeated attempts by governments and law enforcement to collect and retain data, or to require others to retain it.

One example is attempts to pass laws to require ISPs and telecommunications companies to retain data on customers for a fixed period of time just in case it might be helpful to police. Denmark has had such a data retention law in place for many years. The Danish Ministry of Justice has just concluded, however, that five years of extensive Internet surveillance have proven to be of almost no use to the police. (I’m relying on a news story - the actual report is in Danish.)

“Session logging has caused serious practical problems,” the ministry’s staffers write in the report. “The implementation of session logging proved to be unusable to the police; this became clear the first time they tried to use [the data] as part of a criminal investigation.”

So the downside of retaining personal info is the cost to the service provider to do it (which is ultimately paid by consumers), the increased risk of it being misused or leaked, and the general privacy invasiveness. And the upside is …?

You must get permission to use photos for commercial purposes

Posted on May 27, 2013 by David Canton

For the London Free Press – May 27, 2013 – Read this at lfpress.com

It’s easy to copy video clips, music and photos from the Internet and use them on your own Website or ads. But we don’t have the legal right to copy and use published content for commercial purposes without the owner’s permission.

The use of video, music and images can be a powerful tool. But we can’t forget that someone created them, and we can’t use them for commercial purposes without the copyright holder’s consent.

Using such material without permission can result in an expensive copyright fight, and merely stopping to use it after a demand won’t end a damage claim. Copyright is one of the rare instances where the owner doesn’t have to prove actual damages. Using one photograph found on the net for a commercial purpose can result in a damage award of thousands of dollars.

So how can this risk be avoided?

If you hire someone to create an image or video, get either a copyright assignment or permission in writing.

If you found the image somewhere, make sure you have permission to use it.

There are many sources on the Internet that offer photos and other material for our use based on an express license. Depending on the source, prices range from free to expensive.

Licence rights vary widely, though, and must be read carefully. There may be restrictions on how the image can be used, what it can be used for, how many times it can be used or the size or resolution. For example, it’s possible to have rights to use a photo in print, but not on the Web. Sometimes images can be used for personal or editorial use, but not for commercial use.

Consider not only what you want to use the image for now, but what you might want to do with it in the future. It’s not unusual for people to get into trouble when they acquire the rights to use an image for their Website and later decide to use it in a brochure. But they forget that when they bought the rights in the first place, they paid only for the Web rights.

iStockphoto is an example of a popular image source. iStockphoto’s licences that apply to most of their images are detailed on their website at www.istockphoto.com/help/licenses .

iStockphoto’s standard licence includes rights such as print ads, the Web, video, book covers and stationery. That would include use on things such as letterhead, business cards and general promotional material. Standard rights do not, however, include the right to re-sell the image or to use the image as part of a logo or trademark.

Ultimately, think before you click. Before you copy an image found on the Internet, obtain whatever permission you may need to use it for your own purposes. This additional step — though more time-consuming than a simple point and click — may save you a tremendous amount of grief, embarrassment, cost and time. Your future self will thank you.

http://harrisonpensa.com/lawyers/david-canton

There is secure, then there is secure

Posted on May 22, 2013 by David Canton

Today’s Slaw post

This ars technica article points out that Microsoft scans Skype message contents for signs of fraud, which means that Microsoft can read them. While Skype messages may be encrypted to prevent third parties from reading them, that apparently does not apply to Microsoft.

This is not just a Microsoft issue. Other providers of communication and data storage may also be able to do that for certain services (Facebook, Google). A close read of various service provider terms of use and privacy policies show they have the option to review data. It is usually intended as a way to control things like spam and fraud or violations of acceptable use policies.

Users will have to decide if they require true end to end encryption where the service provider can’t access data at all, or whether they can accept service provider access and rely on contractual promises on what the service provider will do with that. The answer may vary depending on the sensitivity of the information being stored or communicated by the service, or legal or contractual obligations one has regarding the information.

3D printer revolution

Posted on May 15, 2013 by David Canton

Today’s Slaw post:

3D printing has become a popular topic lately. While 3D printers that print objects similar to how ink jet printers print words have been around for many years, the cost has come down dramatically, and will continue to come down.

3-D printers are a disruptive technology, and as with any disruptive technology, the law will have to react to issues that come with it. Possible issues include intellectual property, product liability, and use for criminal purposes.

There has been a lot of negative press lately about using 3D printing to create plastic guns. To me that says more about the US gun culture than 3D printing. Like most technologies, 3D printers can be used for good and evil. And like most new technologies, it will take a while for the real uses to emerge.

Home 3D printers are now available, but we are a long way from having one in every house. They are becoming accessible though – the office supply chain Staples recently announced it will provide 3-D printing services at its stores in Belgium and the Netherlands. Here are some examples of what a basic 3D printer can do.

3D printers have been a boon to engineers and architects, who have used rapid prototyping techniques for many years. This article talks about how Ford uses 3D printing to create prototype metal parts such as transmission parts and brake rotors.

3D printing is being used to manufacture parts with complex shapes. This new more fuel efficient jet engine uses 3D printed metal nozzles that are lighter in weight due to an advanced design producible only on 3D printers.

3D printing also has intriguing medical possibilities. 3D printed body parts – using live tissue – is a real possibility. And it has been used to create relatively inexpensive replacement hands. This video about the Robohand is well worth the 10 minute investment.

http://harrisonpensa.com/lawyers/david-canton

Wearable computing – Legal Issues?

Posted on May 8, 2013 by David Canton

Today’s Slaw post

What do readers think about wearable computing? Is it cool or creepy? Where is the technology headed? What legal or other issues might arise from it?

I’m thinking about this because I find the intersection of technology and law interesting, and I’ve been asked to speak about it this fall. Google Glass privacy concerns is a popular topic today, especially around the issue of the ability to record and save images and video, and what might happen with all that. In addition to Google Glass we are seeing the debut of the smartwatch. The Pebble was a very successful kickstarter project, and there are rumours about an upcoming Apple smartwatch. There are also fitness products such as the Fitbit and the Nike Fuelband.

Wearable computing has been around for a long time – perhaps dating back to an abacus worn around someone’s neck. One of the first consumer electronic wearable computers was the calculator watch that first appeared in the 1970′s.

Wearable computers are however becoming more than a standalone device. These devices are laden with sensors, connected to significant computing power, and connected to the internet. Which raises all sorts of possibilities for the collection, storage and sharing of many kinds of data. And not just from 1 person – but from everyone. Combine that with the internet of things, and we also have the ability to be in constant contact with and have remote control over our stuff – such as our cars, homes, and appliances.

And how long will it be before devices get implanted to correct things like vision problems which are connected? Or we have the medical equivalent of a “black box” that records and transmits our vital signs?

http://harrisonpensa.com/lawyers/david-canton

Holistic strategy is better for privacy laws

Posted on May 6, 2013 by David Canton

For the London Free Press – May 6, 2013 – Read this at lfpress.com

There has been controversy in the United States in the last few weeks about their patchwork of privacy laws in contrast to the holistic approach favoured by Canada and the European Union. This matters as commerce and cloud services become more borderless.

The U.S. approach to privacy has been to enact laws that apply to narrow areas as problems are perceived, rather than to look at privacy as a broader subject to regulate.

For example, in 1988 the United States Congress passed the Video Privacy and Protection Act to prevent wrongful disclosure of videotape rental or sale records. Though such laws may be effective in the short term, they have a narrow focus, fail to address future technology and leave gaps. And the process to change existing laws is typically glacier slow.

Some privacy regulation is the U.S, isn’t based on privacy laws at all, but on regulatory action and class-action lawsuits based on notions such as the breach of a company’s privacy policy. In other words, the wrong was a breach of a privacy promise, not a breach of a legal privacy requirement.

In contrast, the Canadian and European model deals with privacy on a holistic basis. The holistic approach allows for existing privacy laws to adapt to new technologies rather than having to create new privacy laws in response to new technologies.

In any given Canadian province there are likely no more than two privacy statutes that apply to the private sector.

One applies to personal information generally, and there’s often a separate one that applies to medical records. This is a far more stable, all-encompassing and technology-neutral approach to privacy issues than the U.S. model.

Peter Fleischer, global privacy counsel at Google, recently commented on this issue and his desire to see the United States enact better privacy laws. He notes not a single country has followed the U.S. model.

Fleischer praises European privacy laws for their simplicity and warns if changes aren’t made to the U.S. approach “privacy will prove a serious roadblock to any such future trade back (with the European Union), as long as some people in Europe can argue that the U.S. has not-effective privacy laws.”

Fleischer provides the example of Uruguay that has looked to Spain. as opposed to the U.S., when drafting its recent privacy laws.

In the long run, the holistic approach is a far better and more effective model to protect privacy interests. The holistic approach makes it easier for businesses to understand their obligations and comply, easier for individuals to know where they stand, has less risk of leaving privacy gaps, and makes it easier to deal internationally when other countries require privacy protection as a condition of personal information crossing borders.

As the world continues to emerge from the global economic crisis and the trend toward global integration continues, Canada’s holistic privacy framework will help us take advantage of global opportunities while a less-effective framework could damage U.S. efforts.

http://harrisonpensa.com/lawyers/david-canton