The February edition of Canadian Lawyer In-house magazine has a good article on cybersmearing, and how business should react to it. I’m quoted in the article.

I was also quoted in an article on virtual worlds in the February 11/18 edition of the Law Times.

Read the cybersmearing article (page 42)

Read the virtual worlds article (page 9)

Thanks to Canadian Lawyer magazine for including me in their list of top 10 law related blogs in their March edition.

Read the Luminaries of the Canadian blawgosphere article See page 24

Go to the Canadian Lawyer web site

Edward Greenspan wrote a piece that appeared in several Sun newspapers yesterday about the plan to instal cameras on the TTC and the privacy comissioner’s approval and conditions.

Its worth a read as he takes the position that: Video cameras do not keep you safe, and more video surveillance will do little, if anything, to deter crime.

Indeed, in the privacy commissioner’s decision on the TTC cameras, she spent some time reviewing various literature and studies about the effectiveness of video surveillance. She found that at best, the evidence is inconclusive. In other words, there is no clear evidence that surveillance makes us safer or is a deterent to crime.

So we get security theatre at the expense of privacy.

Read Greenspan’s article

For the London Free Press – March 10, 2008

Read this on Canoe

There is a troubling worldwide trend to increased government surveillance and collection of personal information on individuals. Does it enhance public safety and law enforcement or is it just “security theatre” that tends to make people conform to social norms because they think they are being watched?

The Ontario Privacy Commissioner recently released a report on the Toronto Transit Commission’s plan to place thousands of security cameras on buses and subway cars. The Commissioner reviewed current studies and decided the evidence is inconclusive.

With any increased surveillance and data collection should come a high responsibility (consider it personal information stewardship) to ensure it’s secure, accurate, not abused and its use limited to serving its intended purpose. The commissioner set forth a detailed list of recommendations for the TTC to reflect that stewardship and minimize the privacy impact.

Recent reports suggest the upholding of that stewardship is by no means assured.

The Canadian Privacy Commissioner just released an unfavorable report following an audit of the RCMP’s exempt databanks. Over half of the files examined in the audit should not have been in an exempt bank.

National security investigation records and criminal operations intelligence files are sheltered in exempt data banks. That means individuals cannot gain access to information contained in those data banks through a Freedom of Information request.

To make matters worse, the Privacy commissioner found the same problem in an audit in the late 1980s. The RCMP agreed at the time to adhere to guidelines for managing exempt bank holdings.

You may want to reconsider bringing your laptop, camera or cellphone across the border. Some travellers have been required to allow U.S. Customs officials to log into either their personal or company-owned computers for the purpose of inspecting electronic data.

The search of electronics has been an increasing source of frustration for travellers who must surrender the electronics to cross a border or board a plane. Individuals have been asked to give their passwords to Customs officials to allow them to review the contents of the laptop. In some instances, laptops have been temporarily seized and the owners told that the item will be returned in a few days after it has been copied.

The question of whether border agents have a right to search electronic devises without suspicion of a crime is under review in the US courts.

The U.S. and Japan already require foreigners to be photographed and fingerprinted prior to entry into the country. Currently, the EU is proposing to fingerprint all foreign travelers entering and leaving Europe, including U.S. citizens. The affect is that identifying information, including biometric data, on tens of millions of citizens will be added to information databases and shared by governments worldwide.

Stories about inaccuracies in no-fly watch lists, the difficulty in correcting the lists, and the apparent blind trust in the data makes one question the effectiveness of those measures and stewardship of all that information.

One has to question whether the stewardship responsibility that goes along with the information is generally being upheld.

David Fraser points out that the Federal, British Columbia, and Alberta privacy commissioners have just released new guidelines for private sector video surveillance. This is hot on the heels of the Ontario Privacy Commissioner’s thoughts on public sector surveillance in the TTC complaint.

The guidelines detail the circumstances when one can use video surveillance, how it can be used, and the policies, procedues and documentation that must go along with it.

One aspect that strikes me as interesting is the notion that people should be notified of cameras before they enter the premises. Some (including myself) have taken the position before that if cameras are highly visible within a premises, the obvious presence of the cameras amounts to notice.

Read David’s post

Read the press release

Read the guidelines

That’s the title of a seminar I spoke at today for the London Small Business Centre.

Jayme Cousins of In House Logic talked about how to develop a web presence.

David Ciccerelli of Voices.com talked about search engine optimization and search engine marketing.

I spoke about legal considerations around having a web site.

Take a look at my powerpoint (in pdf)

For the London Free Press – March 3, 2008

Read this on Canoe

File-sharing programs are being installed on personal computers both in the home and at the office.

A recent incident in Newfoundland involving the file-sharing program Limewire on a government consultant’s computer shows how this type of software can lead to security and privacy breaches.

Limewire is but one example of file-sharing, or peer-to-peer (P2P) software that makes it easy to find and download things stored on other people’s computers. Most people think of the software just in the context of music or video, but they can be used to transfer any kind of file.

P2P software can be used for downloading copyrighted materials that one perhaps should not. But it also can be used to download material that the owner or creator is legitimately offering to share.

Many forget, however, that P2P software usually is configured to allow others to upload files from their own computer. Since that includes any type of file, it includes things such as spreadsheets containing personal finances, Microsoft Word documents containing personal information — and in the Newfoundland case, a database containing names, addresses, dates of birth and medical and work histories of dozens of people.

Discussions about file-sharing software usually focus on the downloading side, and the debate over the legalities of downloading music, video and software. Uploading issues are often overlooked.

The upside of these programs is that they allow computer users to share files with ease and without cost. The downside is that they often allow other computer users to access information on your personal computer with the same ease that you download new files.

This creates a significant security risk, but the answer is not necessarily to un-install any file-sharing programs you currently use.

One of the greatest risks for individuals using file-sharing programs is that their personal information could be accessed by potential identity thieves. Few people would like to have the contents of their hard drives available to the world to see.

The consequences for businesses could be wider ranging.

In the Newfoundland incident, the personal information of more than 150 people was exposed when an outside consultant installed Limewire on his computer. The information remained accessible for three weeks before a security company brought it to the Government’s attention.

For individuals, the answer is to make sure that file-uploading parameters in your P2P software are set so only specified file folders can be used to upload files from. Those file folders should contain only material that you would like to share with others.

Businesses should make its employees and consultants aware of the issue, especially where they may use home computers to work on company business occasionally. P2P software should not be installed on business computers unless it’s necessary, and upload folders should be controlled.