David Canton is a business lawyer and trade-mark agent with a practice focusing on technology issues and technology companies.
Outlaw.com points out that today is the 9th annual Computer Security Day. Of course, every day should be computer security day.
The Computer Security Day web site has a list of things you can do to increase and promote security.
Check out the Computer Security Day Site
See a Computer Security Day poster
Michael Geist has a post that is a good, short summary of what is expected in the pending Canadian copyright reform bill, and why the anticipated approach is wrong.
Only time will tell what the actual bill will look like.
Does anyone else see the irony in the idea that copyright legislation is supposed to encourage creative works and creativity, yet the anticipated bill itself apparently lacks creativity?
itWorldCanada has an article today about the part of the proposed identity theft law that would make it a crime to be “reckless” about making personal information available to one who intends to use it for fraud. I am quoted in the article.
The exact wording of the section is:
Everyone commits an offence who transmits, makes available, distributes, sells or offers for sale another personâs identity information, or has it in their possession for any of those purposes, knowing or believing that or being reckless as to whether the information will be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence
Food for thought: Is this a backdoor way to put some criminal teeth in the security requirements of PIPEDA? If an organization was to leave personal data where it is easily found and unprotected, would that “make it available”, and be reckless?
Copyright reform was a popular topic yesterday. In addition to my my Free Press article from yesterday (see my previous post), Howard Knopf published an article in the Hill Times entitled Canadaâs copyright law is stronger and better than U.S.âs .
He concludes by saying:
The bill, which is expected in time for Christmas, could mark a sad day for Canadian sovereignty and public policy, and a controversial political mistake by Canadaâs government. Hopefully, the rumours about the gift that will keep on giving at such great cost are wrong.
For the London Free Press – November 26, 2007
In a move that will comfort many online users, the RCMP have announced they will not target people who download copyrighted material for their personal use.
This follows release of an Industry Canada study showing peer-to-peer music downloading may boost CD buying. This contradicts the standard position held by record labels for the better part of a decade that online music sharing has had a devastating impact on the industry.
The RCMP will focus on organized crime and copyright theft affecting consumer health and safety. One motivation behind the RCMP decision was the difficulty in stopping personal copyright infractions due to the ease of copying and the prevalence of the activity.
The study found that in Canada, for every 12 songs downloaded using peer-to-peer sharing, CD purchases increased by 0.44 CDs.
If you’ve heard warnings from the Canadian Recording Industry Association alleging the dire situation of the industry, the survey results will surprise you. It seems that, far from suffering in recent years, the industry has been thriving with profits up from 0.1 per cent in 2003 to seven per cent at present. Moreover, music sales by Canadian artists have grown and there has been an rise in the number of releases by Canadian artists.
A Canadian copyright reform bill is expected soon.
The RCMP position and the study results are examples of why copyright reform needs to be looked at from a practical perspective that balances creator and user rights and needs.
This is consistent with the balanced approach to copyright the Supreme Court of Canada promoted in its CCH vs Law Society decision.
One must only look to the U.S. to see the effect of one-sided copyright law. In 2003, the Recording Industry Association of America began suing music downloaders and within three years, filed about 20,000 suits.
In most cases, defendants settle with the RIAA. In October, a jury convicted a Minnesota woman of copyright infringement and awarded $220,000 in damages, $9,250 for each of 24 songs.
Downloading continues despite this effort.
Many in the entertainment business have broken away from the traditional industry organizations, and believe more liberal user rights are good for them.
Despite all this, the expectation is that the copyright reform bill will track the requests of those in the entertainment industry calling for stricter measures — which is the exact opposite of what we need.
Let’s hope that these recent developments, and the continued support of creators for more balanced rights, will give legislators pause to reflect on their approach.
The Federal government just introduced proposed amendments to the criminal code to provide more tools to fight identity theft.
The summary of the bill says:
This enactment amends the Criminal Code to create a new offence of identity theft, of trafficking in identity information and of unlawful possession or trafficking in certain government-issued identity documents, to clarify and expand certain offences related to identity theft and identity fraud, to exempt certain persons from liability for certain forgery offences, and to allow for an order that the offender make restitution to a victim of identity theft or identity fraud for the expenses associated with rehabilitating their identity.
As David Fraser points out in his CTV interview, I pointed out in my last Free Press article, and the Canadian Privacy Commissioner pointed out in a recent blog post, the other problem is the alarming frequency of data leaks – despite privacy laws and the need for data security.
For more details on the proposed legislation, and a link to the draft bill, go to David Fraser’s site here and here. Take a look at the CTV interview video – David does a great job summarizing the issues.
Read my latest article on the subject.
Access Copyright – a copyright collective representing authors and publishers – has launched an action against Staples/The Business Depot for $10 million in damages for unauthorized copying on store photocopiers.
This move is a bit mystifying, as the action would seem on the surface to be doomed to failure in light of a Supreme Court of Canada decision from 2004 (CCH Canadian Ltd. v. Law Society of Upper Canada) that dealt with copiers in the Law Society library. That decision went through a detailed analysis of copyright law, discussed the fair dealing issues, talked about balancing creator and user rights, and in the end found the law society had not breached copyright by providing copiers.
For a more detailed analysis of the Staples action, take a look at:
For the London Free Press – November 19, 2007
A survey conducted by Ledger Marketing for Fusepoint Managed Services shows that most are concerned about data security, but fewer are confident they are doing it well. Only 37 per cent have confidence that their data is protected against attacks.
The survey questioned individuals and executives in Canadian companies about their confidence in their security systems, their knowledge of how the data is being protected, and whether there had been any security breaches.
The survey showed the adoption of security services increases as the company size increases, which is not surprising. What is surprising is one in five executives at Canadian companies report their company does not use anti-virus software and one quarter operate without a firewall.
The need for organizations to keep their data and networks secure is more than just an IT issue. As George Kerns, president and chief executive of Fusepoint Managed Services, points out, “Security is not just a technology issue; it’s a corporate governance issue.”
It is surprising that more attention is not being placed on security and privacy at the boardroom or executive level, especially in light of highly-publicized incidents such as the TJX Cos. security breach, which resulted in a joint Privacy Commission inquiry.
It is also surprising given that 62 per cent of executives felt that a security breach would impact their brand.
So the survey suggests that most executives feel that data security is an important issue, and one that can have negative consequences. But at the same time, they are either not confident in their efforts to deal with it, or are indeed not dealing with it at all.
We have to keep in mind that this survey was commissioned by a company trying to sell its services to address security issues, so the situation may not be as bad as the survey suggests.
Even so, it shows that many organizations:
- Don’t understand the need to address security issues;
- Don’t understand how to deal with security issues;
- Don’t address security issues as a board level governance issue;
- Ignore the issue hoping nothing will go wrong for them.
All organizations need to deal with data security in a way that makes sense for their operations, the nature of their systems and the type of data they hold.
If they do not, it violates privacy laws, and possibly agreements with their customers or suppliers. The risk of harm if there is a security breach is real. No organization wants to face the wrath of customers or the negative headlines that follow a breach.
The message in all this is that every organization should take a serious look at data security starting at the executive and board level. As with any other policy, consider the needs, the risks, and drive to a solution that works for that organization.
That solution may change over time as technology changes and risks change, so its not a matter than can be looked at once and forgotten.
Doing nothing, or ignoring the issue, is not an option.
That’s the subtitle of an excellent article in the Washington post entitled The Picture Of Conformity. It talks about how people change their behaviour when they know they are being watched, which unfortunately is more often all the time.
Some of the greatest cultural and scientific advancements have been made by those who do not conform to the norms of society or current thought. I’m concened that the pressure to conform brought by a surveillance society will supress those people and ideas – which is not a good thing.
It starts off with
Don’t look now. Somebody’s watching.
But you knew that, didn’t you? How could you not? It’s been apparent for years that we’re being watched and monitored as we traverse airports and train stations, as we drive, train, fly, surf the Web, e-mail, talk on the phone, get the morning coffee, visit the doctor, go to the bank, go to work, shop for groceries, shop for shoes, buy a TV, walk down the street. Cameras, electronic card readers and transponders are ubiquitous. And in that parallel virtual universe, data miners are busily and constantly culling our cyber selves.
A few excerpts:
All this surveillance, monitoring and eavesdropping is changing our culture, affecting people’s behavior, altering their sense of freedom, of autonomy. That’s what the experts say: that surveillance robs people of their public anonymity. And they go even further, saying that pressure for conformity is endemic in a surveillance culture; that creativity and uniqueness become its casualties.
“You need a sphere of immunity from surveillance to be yourself and do things that people in a free society take for granted,” says Rosen. Things like going to the park or to the market. The loss of such autonomy is one of the “amorphous costs of having a world where there’s no immunity from surveillance.
If we know we’re being watched and know there is an expected mode of behavior, how does that change our actions?
Call it “anticipatory conformity.” Shoshana Zuboff, a Harvard social psychologist who has studied information technology for decades, coined the phrase in 1988.
Applying that concept to the post-9/11 era, Zuboff says she sees anticipatory conformity all around and expects it to grow even more intense.
“I think the first level of that is we anticipate surveillance and we conform, and we do that with awareness,” she says. “We know, for example, when we’re going through the security line at the airport not to make jokes about terrorists or we’ll get nailed, and nobody wants to get nailed for cracking a joke. It’s within our awareness to self-censor. And that self-censorship represents a diminution of our freedom.”
We self-censor, she says, not only to follow the rules, but also to avoid the shame of being publicly singled out.
Once anticipatory conformity becomes second nature, it becomes progressively easier for people to adapt to new impositions on their privacy, their freedoms. The habit has been set. People have “internalized the surveillance architecture” within their own subconscious.
I’ve touched on some of these issues before (look under “privacy” on my tag cloud) – this article states the issues very well.
That’s the title of an article in the latest Info-Tech Advisor, a regular newsletter of the Info-Tech Research Group. The article has some good discussion on what such a policy should contain.
The article starts off with this explanation:
E-mail acceptable use policies are not new. Most enterprises use them to communicate expectations to end users and set service limits (such as storage limits for user mailboxes). Take this opportunity to revisit the policy to be sure it includes retention periods, states possible e-discovery uses, and accurately defines acceptable use.
I would take this one step farther though. Instead of doing just an email policy, do a broader based technology use policy that encompasses other things like Internet use, use of any kind of corporate technology (even copiers and phones) , and perhaps even blogging. A broader based and broader worded policy will cover a lot more ground, and can be drafted a bit more generically so it does not get out of date quickly.
The Info-Tech report is only available by paid subscription, but the article is reproduced here with their permission.
Unless otherwise stated, all original material created by David Canton included in this blog is licensed under a Creative Commons License.
