Engadget reports that Transport Canada is testing technology that uses GPS to tell where your car is, combine that with the speed limit, and control the speed of your car.

If that is true, its an absurd example of excessive government intrusion.

Technology should be used to empower, to make life better, and to entertain – not to control. That goes for both government and business alike (eg music industry DRM attempts). Last time I checked, we are not Borg (“resistance is futile”).

We have seen reports about this happening in the UK, but I thought we were above this sort of thing here.

Read the engadget post

Read an earlier post of mine re the UK

Bill C-37 was just passed. It was fast tracked before the election call. No word yet on when it will become effective, or when the registry might be set up.

It sets the framework for a “do not call” registry, much like in the US. Individuals will be able to put their numbers on a list. Telemarketers will then be prevented from calling them.

There is a long list of exceptions for types of calls that the legislation does not apply to. Indeed, those that promoted the concept of “do not call” legislation have stated there are so many exceptions that the legislation will be ineffective.

Individuals should stay tuned to find out when the registry will become active, and indeed to decide whether it is even worth registering.

Businesses that do outbound calling should take a look to see how the legislation might affect them.

Read the legislation

DAVID CANTON – for the London Free Press – Saturday November 26, 2005

Read this on Canoe

The ability of the United States government to gain access to Canadians’ personal information that is in the hands of U.S. service providers has been an issue for some time.

The Canadian privacy commissioner addressed this issue in a recent ruling.

The commissioner received complaints after the Canadian Imperial Bank of Commerce sent notice to its Visa customers in the fall of 2004, amending its cardholder agreement.

The notice referred to the use of a service provider located in the U.S. and the possibility that U.S. agencies might be able to obtain access to Canadian cardholders’ personal information under U.S. law.

(more…)

The current edition of the Ivey Business Journal has an article entitled Adding value: The case for adding IT-savvy directors to the board.

It offers some interesting insights into how boards view IT, and what IT expertise the boards themselves have.

The article is critical of boards that do not have IT expertise, or at least pay attention to it.

After all, it is not only “tech” companies that survive and thrive on IT. Wal-Mart and UPS are 2 examples of companies that sell products and services in no way related to IT – but attribute a large part of their success to innovative uses of IT.

The article says:

To our surprise, only two of the boards in our study had ever discussed the competitive advantage conferred by their technology or systems, even where their entire product line was entirely information-based.

I recomend the article to any business of any type or size, even if you only read the conclusion, which says in part:

Our study led us to conclude that boards in general today are poorly positioned to embrace a “valueadding” role for IT….In fact, most boards lack even a superficial understanding of technology….boards need to consider changes in several areas. As a start, IT experience should become an important criterion for a board appointment instead of the present practice in which IT experience is seldom a concern.

Read the Ivey article

The DMCA in the US has a provision that says one can send a notice to Online Service Providers advising that their site improperly contains one’s copyighted material. If the OSP then removes the material, it will not be liable.

Many, including myself, think this approach is flawed and open to abuse. Canada is proposing a notice and notice system where the OSP does not have to remove it – but does have to notify whomever posted it.

A recent study shows that, among other problems, roughly 1/3 of DMCA notices were for instances that might not be copyright violations. Certainly supports the idea that the process is flawed.

1/3 were also directed outside of the US. I have had clients who have received such notices. It’s both amusing and annoying when that happens.

Read the report

Read Michael Geist’s comments on the report

Food for thought – how is Google print, aka Google book search, any different from Amazon’s search inside the book?

Google is being sued by authors and publishers for its project – but Amazon has been offering search within the book for several years.

Read a Techdirt post that points this out

David Fraser’s Canadian Privacy Law blog reports that the CRTC has sent a letter to 3 Canadian Telcos demanding that they launch internal investigations and giving them 10 days to report back with specified information.

This is in response to the McLean’s article where they obtained the phone records of the Canadian Privacy Commissioner.

This is worth watching as it goes to the core of how businesses deal with and identify us as their customers.

Read David Fraser’s post about the CRTC letter

Read an earlier post of mine

Yahoo! News ran an article last Friday that talks about the Sony rootkit. (This must be one of the most written about tech stories in a long time.)

The article quotes an analyst as saying:

The biggest mistake the labels are making is, they’re letting their lawyers make technical decisions. Lawyers don’t have any better understanding of technology than a cow does algebra

I’d like to think a few of us understand technology better than that. Of course it must be the lawyer’s fault – can’t have anything to do with propping up old business models, or ignoring customer wishes or market forces.

Read the Yahoo! News article

The SCC released its decision yesterday in the Lego trade-mark case. The company that produces Lego was trying to stop the company that makes Mega Bloks from making Mega Bloks on the grounds that the post design was a trade-mark.

Lego did have a patent, but it expired.

The SCC did not agree that the design was subject to trade-mark protection. In essence, trade-marks are used to identify the source of a product, not to define or limit a product.

In other words, trade-marks relate to brand awareness, not function.

I will write a more detailed summary of the case later, but for now, the decision is available on-line.

And stay tuned for more trade-mark law from the SCC – a case re Barbie dolls vs Barbie restaurant was heard a few weeks ago.

Read the SCC decision

I read the article yesterday where McLean’s acquired the phone records of the Canadian Privacy Commissioner. This will get interesting over the next while as the Privacy Commissioner’s investigation unfolds.

It is unclear from the article exactly how the records were obtained. There are several theories, but there is not much point speculating on that until we know for sure.

The article states that: The most likely explanation is that they simply call up and ask for it. Phone companies, it seems, are rather easily duped. If a caller posing as a customer furnishes them with the right name, number and address — sometimes they will also ask for a postal code or date of birth — they will take that person at their word.

While we do not know whether that is the case or not, it does illustrate a practical difficulty that many have struggled with.

On the one hand, it is important that businesses only discuss an individual’s account with that individual. So businesses often ask for a significant amount of information when one calls in an attempt to ensure it is indeed the person. But that can only be taken so far – or it becomes impractical, and upsets legitimate customers.

And if they get into verification information that is not necessary to know to provide the service it becomes dangerous. That violates the privacy principle that a business should not collect info unnecessary to provide the service. It also increases the risk of harm if that information should be compromised.

If someone that has stolen the individual’s identity or has improperly obtained significant amounts of personal information calls a business, how can a business avoid being duped?

I don’t know what the answer is to this conundrum – short of some technological method of identification/verification that works both over the Net and on the phone.

Nothing may be foolproof, but at least it might raise the bar for the amount of sophistication, time, and expense needed to pull off the impersonation.

Read the McLean’s article

Read my first post about this