For the London Free Press – March 31, 2008

Read this on Canoe

Though used for years, microscopic yellow tracking dots created by some colour laser printers have recently raised privacy concerns with the European Commission.

The European Commission is concerned printers that leave such a trail are breaking European laws. Franco Frattini, the EU Commissioner for Justice, Freedom and Security, said that “to the extent that individuals may be identified through material printed or copied using certain equipment; such processing may give rise to the violation of fundamental human rights, namely the right to privacy and private life. It might also be violating the right to protection of personal data.”

Personal data is protected by the Data Protection Directive, but debate continues in Europe about how to define personal data. At times, it is uncertain what qualifies for protection.

Even if the information is not technically personal data, the tracking technology may still break the law. Article 7 of the Charter of Fundamental Rights of the European Union provides for the protection of private and family life, home and communication. Article 8 specifically protects personal data.

Printer makers are able to encode the serial number, manufacturing code and the date of printing through a series of small yellow dots interspersed on the printed paper. These dots are invisible to the naked eye.

This technology was developed nearly 20 years ago because laser-printing technology enabled counterfeiting. It was developed by printing companies in response to countries reluctance to sell laser printers without some means of tracing or tracking counterfeiters.

Recently, the Dutch railway police have been able to track counterfeits via printer serial numbers by tracking down the printer which was used to print fake tickets. A distributor in the Netherlands was visited by two police officers who knew the exact model of the printer used and hoped to learn the identity of the purchaser. As the company’s records only revealed what batch the printer had arrived in, the police left with specific sales information about the entire batch: about 100 printers in all.

The Electronic Frontier Foundation — online at www.eff.org — has much information about the issue of secret printer dots.

They note, for example, that Xerox has admitted it provided tracking dots to government. At present, only select enforcement agencies have the capacity to read the codes. Though the agencies insist they only use the information gleaned for criminal counterfeit investigations, there are no laws to stop government from abusing the information.

It is also estimated that researchers are able to identify the model of printer used to create documents in 11 out of 12 models tested. However, to prove that a specific printer was used by counterfeiters, authorities would need the printer in question to confirm suspicions.

Printer owners can easily test whether their laser printers are printing yellow tracking dots on their documents by flashing a blue LED light on white parts of their document. If numerous black dots appear (yellow becomes black under a blue LED light) with a semblance of structure, it is likely the document contains tracking dots.

The issue of network neutrality has been simmering for a while in Canada, but as Michael Geist points out, recent events may bring more attention to this issue.

In particular, Bell’s traffic shaping policies. This issue has the potential to affect how we all use the Internet. Michael’s post is worth a read, along with a couple of his immediately previous posts. More info can also be found in some of my previous posts that can be found by clicking on “network neutrality” in my tag cloud.

Read Michael’s post

Kevin O’Keefe’s Real Lawyers Have Blogs has a post about whether organizations should have blogging policies. It as attracted a few comments, including one from me.

My position is that it is a good idea for organizations to have a blogging policy, but it should be made part of a wider technology use policy that covers the appropriate use of technology in general. While one can argue that existing rules and common sense should be sufficient to cover employee use of blogs and social media (eg Facebook) , it doesn’t always work that way in practice.

Read Kevin’s post and comments

The globe and Mail had an article yesterday entitled Patriot Act haunts Google service that talked about a risk of using cloud based web tools. Google, and others, offer tools ranging from storage space to blogging tools to wikis to on-line word processing. The issue is that your data is then housed by that entity, and is thus subject to the local government’s rules. Specifically, the US Patriot Act, and other laws that allow government surveillance of the data.

That poses real issues when the entity using the service is subject to privacy obligations regarding the data – either at law, or because of promises they have made their customers.

So the Canadian business opportunity is to process and store that data here, by a Canadian operation, so it is under Canadian jurisdiction and subject to our privacy laws.

Read the Globe article

For the London Free Press – March 24, 2008

Read this on Canoe

TechAlliance’s second annual IT Week, IT Lives in London, starts March 31. The week has several events that will be of interest to those in the tech sector, and non-tech industries alike.

Last year’s events were a great success — enough so that the Tuesday town hall forum had to be moved to a larger venue this year.

TechAlliance says IT Week was created to raise awareness of the world-class IT companies and resources that call London home. It’s a community celebration of the city’s IT sector and its contribution to London’s economy and quality of life. During this week, events and activities take place throughout London and showcase the depth and breadth of the city’s IT sector.

Events include a town hall forum on winning the IT talent war, a seminar on search engine optimization and marketing, and a community mixer. The cost to attend these events is minimal; some are free to TechAlliance members.

At the town hall forum, leaders of some of London’s most successful IT firms discuss the future of London’s IT industry and the potential impact of the looming IT talent shortage, which is a North America-wide issue. A soapbox forum will follow, designed to give participants the chance to share their thoughts and best practices on how we as a community can win the war for IT talent.

In addition to the public events, there is an invitation-only IT Roadshow designed to heighten the awareness of the London IT industry among the media and government officials. The roadshow gives participants a first-hand look at London’s thriving IT community and includes highlights of some of the city’s innovative tech companies.

Invited guests will begin their trip at city hall, then travel through the technology core with a stop at EK3 Technologies, one of London’s most recognized new digital media companies. The IT Roadshow ends at Fanshawe College with a reception and tour of their technology and multimedia facilities.

The roadshow will tell the story of the successes and challenges of London’s IT community, and emphasize the important role our post-secondary institutions play in positioning our city as a global competitor in the IT world.

To reach out to students, TechAlliance is launching an awareness campaign targeting area high schools. The Industry Roster program offers teachers the opportunity to invite seasoned industry experts into their classrooms during IT Week. These speakers will share their experiences with students, providing information that will stimulate interest and encourage students to pursue studies and careers in IT.

A website design competition, the Get Plugged In! Web Development Challenge, is also open to senior elementary and high school students. Winners will be announced March 31.

For more detail about IT Lives in London, or to sign up for events, go to the TechAlliance website at www.techalliance.ca.

In the interest of transparency, I should disclose I am a member of TechAlliance’s IT advisory council and my firm, Harrison Pensa LLP, is an industry sponsor of IT Week.

The awards were announced last night at an event with an audience of over 1200 people.

The winners are:

Business of the Year (Small)
Big Blue Bubble

Business of the Year (Large)
Trojan Technologies

Global Traders Market Expansion
StarTech.com

Excellence in Human Resources
Citi Cards Canada – Citi Group

London Quality Award
University of Western Ontario Alumni Award

Global Traders Innovation
Quantum 5X Systems Inc

Corporate Icon Award
Trudell Medical (announced in advance of the event)

(Disclosure – I am on the Chamber’s board of directors)

Read the details on the Chamber’s web site

Many sources are reporting on a data breach in the US Hannaford retail chain where customer credit and debit card numbers were exposed by some sort of intrusion into their computer systems. Unfortunately, this kind of report is all too common.

What I find interesting is the message to their customers by their CEO. He states in part:

Hannaford has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.

We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry. The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization.

So how are credit and debit card numbers not “personal information”?

Read a report on StorefronBacktalk

Read the Hannaford statement

For the London Free Press – March 17, 2008

Read this on Canoe

In the United Kingdom, the National Consumer Council recently filed a complaint with the Office of Fair Trading stating that consumer software licences contain an imbalance of rights in favour of the manufacturer at the expense of the purchaser.

The complaint is about End User Licence Agreements, or EULAs. Anyone who has installed software onto their personal computer has likely entered into a EULA. This is an agreement between the software manufacturer and the purchaser who will use the software on their computer.

Usually the purchaser is bound to a EULA by way of a “click-wrap agreement,” where one must click an “I agree” icon to confirm they agree to the terms of the EULA that is presented. Click wraps are more prevalent than “shrink-wrap agreements” that are worded to bind when one opens the package.

The complaint states that EULAs can often be unfair because “consumers can’t have a clue what they’re signing up to when some terms and conditions run to 10 or more pages.”

It is also about the customer not seeing the EULA until after the software is purchased which “. . . means that consumers are unable to make informed decisions before they buy a product, yet are being forced to take on an unknown level of legal responsibility.”

The complaint names a total of 17 companies, including Microsoft, Adobe and Symantec.

It seems odd that this complaint would be raised now, since EULAs have been used for many years. And one-sided “contracts of adhesion” have been around far longer.

For example, when you buy a ticket to an event or to park in a private parking lot, you have entered into a similar agreement. The terms of these agreements are also only available after you have made your purchase, as they are usually printed on the ticket.

While is it true that the purchaser is unable to review click-wrap and shrink-wrap agreements until after they have purchased the software, it is unlikely that even when given the chance, purchasers would bother to read the agreement. Purchasers usually accept the terms without reading them and continue with the software installation.

Even if consumers did take the time to read the agreement, it would be rare for someone to decide they did not want to buy the product on those terms.

In any form of agreement where there is an inequality of bargaining power, especially when consumers are involved, there is indeed room for abuse within the agreements.

That’s why in most jurisdictions consumer protection laws will limit what terms these agreements can include. For example, in Ontario the law states that any term that requires arbitration instead of a class action will not be enforced.

And courts are not inclined to enforce provisions that they consider unreasonable or unexpected in that type of agreement.

While EULAs are often not as simple, short, and elegant as they should be, that’s more of a drafting issue than a content issue. The probable outcome of the complaint is that vendors will continue to bind consumers to EULAs, provided the agreements don’t cross the line into unusual provisions.

I almost forgot – today is Pi day, because it is March 14, or 3.14.

If you want to be more precise, Pi second comes this afternoon at 1:59.26 (3.1415926).

I suppose we could honour that 24 times today – for each time zone.

Read the Wikipedia entry on Pi day

That’s the title of an article in this month’s Wired magazine. Its an article that those interested in the copyright debate should take a look at.

The article basically makes the argument that the music industry blew it by trying to stop file sharing and implementing DRM – and that the video industry should learn from that.

About the music industry it states: Today, their industry in shambles, music execs are trying to turn back the clock, remove DRM, and finally give us what we should have had in 1999

Other comments: The lessons from the music fiasco are clear: Trying to limit the inherent advantages of digital files is a losing strategy. The way to stop piracy is to make everything available — easily, legally, and at a fair price.

Entertainment executives tend to find what they expect to find. If they fear theft, they’ll see piracy; if they’re looking for opportunity, they’ll discover ways to profit. The music labels ignored the opportunity for so long that it has all but evaporated. The television and film industries still have a shot, but they need to move fast.

So it leads me to a question. Is the proposal to add a fee to everyone’s internet access to allow downloading not mired in the same old thinking?

Read the Wired article