The above image from our HP firm card is subject to copyright – not to be reproduced

For the London Free Press – Dec 17, 2007

Read this on Canoe

The early publication of sales flyer pricing deals by websites has resulted in legal controversy.

Some retailers don’t like it when their deals for days such as Black Friday in the United States or Boxing Day in Canada, get leaked by third party websites before their own flyers are released.

Wal-Mart in the U.S., for example, has threatened legal action against websites that publish their prices early. But can they actually prevent that?

There is no copyright in facts. So while it would probably be a copyright violation to reproduce a retailer’s flyer on a website, there is no copyright violation in publishing the fact that a certain store will sell specific items at specific prices.

Retailers have threatened, based on the information being confidential. So long as the website publishing the information has not used inappropriate means to obtain the data, that argument doesn’t carry much weight.

From a non-legal perspective, having such information posted early perhaps tips off competition to the store’s prices — but also potentially brings its sales information to more potential customers. It is free advertising for the retailer. Some retailers tolerate the sites, but simply encourage customers to look at their official flyers or sites, since there’s no guarantee the third party sites have the right information.

Many consumers like to look at these sites to compare prices from several retailers and to see prices in advance of the retailer flyers. Several sites in the U.S. post Black Friday and other sales prices early. When faced with legal threats, some ignore them, others comply out of fear of legal action.

So what about Boxing Day deals in Canada?

A Google search in late November yielded only a couple of sites that intended to post early information about retailer ads. Unlike the U.S. sites that tend to find and post information without retailers’ consent or knowledge, the Canadian sites tend to work with the retailers.

When asked, www.redflagdeals.com advised they will publish Boxing Day deals in advance of when they’ll be published by stores. They said they “work with the retailers to establish a date when we can push the content live (before it’s out in the public) and will publish the earlier of that date or as soon as it’s public.”

Another Canadian site, www.shoppingfinder.ca, said they “provide free listings for all retailers. We will invite all member stores to add the Boxing Day Sale on the ShoppingFinder.ca before Dec. 15, 2007.”

So check out the web ahead to see what and where the deals are — but if you’re not looking at a retailer’s official flyer, you might want to check the store’s official information before lining up in case that deal doesn’t exist.

Maybe I’ll see you in line Boxing Day morning.

I have been remiss in not posting on the delay in the Copyright bill. (My blog has been moved to a new server, which has resulted in some temporary internal access issues.)

For those of you who have not been following this, the copyright reform bill that was to have been introduced earlier this week was delayed as a result of a firestorm of protest. That’s a good thing, as the bill was expected to include things like the US based DMCA approach that would make it illegal to bypass DRM. It would have been a step backward.

For more detail about what’s wrong with the expected bill, and what we can do about it, take a look at Michael Geists’s blog, and the resouces listed on the Facebook Fair Copyright for Canada Group.

This is an issue that is relevant to everyone, not just the entertainment industry. What the government should do is take a fresh, high level look at the issues surrounding copyright as a whole in the context of modern and future technology, consumer desires, and the protection that creators reasonably require.

The issue has been delayed, but it is not over.

The rise of the movement against the bill over the last few weeks has been interesting in itself. Prior to that, there were a number of people who had spoken out against the expected bill, dating back at least to the bill that the former government proposed. Michael has been the most prolific opponent. Others, including myself, have offered their 2 cents worth as well. (See my posts under “copyright” on my tag cloud.)

Over the past couple of weeks the movement against the bill has spread through the blogosphere, been captured by the mainstream press, and the Facebook group started by Michael has grown to over 24,000 members as of this morning.

Read Michael’s blog

Join the Facebook Group

Maybe I just need a break (I’m glad the Christmas holidays are coming), but a few things have been bugging me lately. So here goes my miscellaneous rant.

There would be no Canadian DMCA, ie no legal protection for DRM, and more balanced copyright laws that reflect modern reality. (Thanks to Michael and the groundswell against the proposed act, this may actually be a possibility.)

Governments would not pass laws based on motherhood causes without taking a cold hard look at whether that law or policy will actually right the perceived wrong, and whether it might cause collateral damage.

Kibosh anything that chills innovation and creativity.

Build a performing arts centre here in London. Lets get on with it, do it right, and find some creative ways to finance it.

Simplify legal documents. We can distill the practical effect of many documents, whether they are business to business or business to consumer, to a much smaller size than they typically exist.

Get Canada back out on the front edge of the communications curve. Cable TV was pioneered here in London – but we now lag on many fronts for many reasons. Now we can only envy other parts of the world for things like much lower cell/data rates, cutting edge phones, and fiber to the home.

Invent cold fusion and solve the energy/pollution crisis.

Always let science get in the way of a cause.

Declare chocolate a food group.

For the London Free Press – December 10, 2007

Read this on Canoe

Many serious leaks of personal information result not from the lack of policies and procedures to prevent it, but from the carelessness or lack of thought or understanding by a single employee.

As individuals we must take more care whenever we encounter information about others.

There seems to be a real challenge in getting the privacy protection message to the average employee in a way that they truly understand and think about it during their daily routines.

This is an education and mindset issue. Training and education on these issues competes with the information overload we all face during the workday – but it is a crucial issue we must overcome.

People often recognize when their own privacy is being violated, but will for some reason not recognize when they violate the privacy of others.

The recent loss by a British government agency, revenue and customs, of information on over 25 million individuals who receive child benefits, is a case in point.

Diskettes containing sensitive records were apparently sent by in-house courier across London and were never received.

That action was in violation of several protocols in place to prevent this type of action.

To put the enormity of this in perspective, in a posting on the Canadian Privacy Commissioner’s blog, entitled A complete and utter failure, she stated:

The sheer scale of the data lost is staggering. The fact that a junior official apparently had the access to this information is disturbing — but that official’s apparent disregard for the security of such a vulnerable population is shattering.

The message for governments everywhere is clear: even in an organization clearly aware of the sensitivity of its data holdings, even with management dedicated to organizational efficiency and responsibility, the security of vital personal data cannot be taken for granted.

What frustrates me is that many breaches would never have happened if the employee took a minute to consider their actions.

First, to understand they are touching information that requires protection and is subject to corporate policies.

Second, that what they are about to do could betray the trust and stewardship they hold in that information, and cause serous consequences and exposure to countless individuals

If that happened, they wouldn’t put that data on a disk and mail it, or wouldn’t throw that paper in the dumpster.

No matter what security systems, policies and controls business or organizations put in place, the human factor is always present. Employees must be trained to understand privacy and security issues both in the abstract, and in the context of their daily routines.

Most privacy aware employers have training and education programs in place for their employees, and most employees are responsible when it comes to these issues.

But it only takes one slip by one unthinking employee to cause a privacy leak disaster.

There is no easy fix for this. Employers, governments, privacy advocates, and the media must continue to use every available opportunity to promote the message.

Michael points out that it looks like the things we shouldn’t have in copyright reform will be intoduced in the upcoming bill, but the things we should have are being deferred for years for further study.

Lets hope the continued pressure against the expected bill kills it.

For more detail about what’s wrong with it, and suggestions on what you can do to voice concerns with the government, follow Michael’s blog, and join the Facebook Fair Copyright For Canada group.

Read Michaels recent post

David Fraser points to an article saying that credit-card processor CardSystems Solutions Inc. has filed for bankruptcy protection. Seems that its demise can be traced back to a hacker’s theft of personal information from its systems.

Privacy advocates often talk about the financial and business risks/costs of a data breach as one reason to maintain proper security and loss prevention. I suspect many organizations stick their heads in the sand on this point. This is evidence of how severe the consequences can be.

Read David’s post

Techdirt posts about how one UK ISP is very open about how and why it traffic shapes. One issue in the net neutrality debate (the fear that ISP’s will prioritize/degrade certain traffic based on their desire to promote certain services at the expense of others for their own gain) is that most ISP’s don’t disclose what they are doing. Of course that just fuels the debate, as it leads to suspicion they are hiding the fact they are doing things some would find offensive.

The post points out that Plusnet’s customer satisfaction ratings have been increasing.

So why are other ISP’s not doing the same?

And that goes for disclosing the actual download speeds once can get at home as well. We all know that the speed of hi-speed Internet can be substantially less than advertised depending on location and equipment – but as a recent Marketplace segment showed, the ISP’s are not eager to admit that a particular customer can’t get the speed they have paid for.

Read the Techdirt post

Look at the Maketplace report

For the London Free Press – December 3, 2007

Read this on Canoe

The federal government just introduced proposed amendments to the Criminal Code to provide more tools to fight identity theft. This bill is a welcome addition to fight this growing problem.

Privacy advocates support this effort, but say it is not the only solution. They point out the need to do a better job of stemming the flow of personal information into the wrong hands in the first place. This includes not keeping personal information one doesn’t need, better security, attention to privacy and security issues at the board level, and better training and awareness in the trenches.

The bill’s preamble states: “This enactment amends the Criminal Code to create a new offence of identity theft, of trafficking in identity information and of unlawful possession or trafficking in certain government-issued identity documents, to clarify and expand certain offences related to identity theft and identity fraud, to exempt certain persons from liability for certain forgery offences, and to allow for an order that the offender make restitution to a victim of identity theft or identity fraud for the expenses associated with rehabilitating their identity.”

The bill adds to current forgery offences by making illegal the preparatory steps to forgery of collecting, possessing and trafficking in identity information.

Three new offences, as summarized in a federal news release, would be:

- Obtaining or possessing identity information with intent to use it to commit certain crimes.

- Trafficking in identity information with knowledge of or recklessness as to its intended use in the commission of certain crime.

- Unlawfully possessing and trafficking in government-issued identity documents.

Criminal Code amendments would create new offences of fraudulently redirecting or causing redirection of a person’s mail, possessing a counterfeit Canada Post mail key and possessing instruments for copying credit card information.

Identity information is broadly defined to include any information — biological or physiological — that is commonly used to identify or purport to identify an individual, such as a fingerprint, voice print, retina image, iris image, DNA profile, name, address, date of birth, written signature, electronic signature, digital signature, user name, credit card number, debit card number, financial institution account number, passport number, social insurance number, health insurance number, driver’s licence number or password.

The restitution that a court could order might include the cost of replacement cards and documents and costs in relation to correcting a credit history.

While this bill will certainly help, individuals and organizations alike must continue to be vigilant in the protection of personal information — whether their own or the information of others to which they have been entrusted.