For the London Free Press – July 13, 2009

Read this on Canoe

A labour arbitrator recently considered whether Lakehead University’s switch to Google mail violated the faculty collective agreement.

The university stated that the main reason for the switch to Google was because of the growing cost and effort of having an internal e-mail system. It was first university in Canada to outsource its e-mail service to a private company such as Google or Microsoft.

This dispute between the university and its faculty association arose from the discrepancy between the university’s policy and the Google terms of service regarding privacy and access.

The association approved the university policy that stated that their electronic mail privacy would be compromised only on consent or in limited circumstances. The Google policy was more liberal than the university policy. The discrepancy led the association to seek protection under the collective agreement.

The association took the position that by switching to Google, the university violated the rights to privacy and academic freedom of its members.

A critical issue with Google mail was that Google is a corporate entity based in the United States and uses servers in the U.S. Under the Patriot Act, Protect America Act, and Foreign Intelligence Surveillance Act, Washington has the power to monitor and intercept e-mails within its jurisdiction no matter the person’s nationality.

The arbitrator dismissed the faculty association grievance. The arbitrator stated that while the collective agreement provided that “members have a right to privacy in their personal and professional communications and files, whether on paper or in electronic form,” it did not define the scope of the right to privacy.

The arbitrator also pointed out that the faculty members did not have to use the Google e-mail service. There were faculty members using other systems for their school e-mail accounts.

The arbitrator pointed out that during a discussion of e-mail privacy at the university’s Senate before the Google system was introduced, Michael Pawlowski, a representative of the university’s board of directors, said, “One should consider e-mail communications to be as private as words on a postcard.”

The decision in this case was based on particular wording in the faculty agreement, so it does not have great precedent value. But it illustrates the controversy over foreign governments’ ability to get access to private e-mail and other electronic information.

It is not always practical to keep all of our information within our borders. It is more practical, for example, for the hosting of a customer database, than it is for e-mail providers or web commerce.

The basic question is: Just how serious is this risk? Are the odds of it happening so slim that in practice it doesn’t really matter, or are we giving up something fundamental?

The network management hearings continue.  And Michael’s coverage continues.  One of the interesting fundamental issues that has emerged is whether network management is about congestion or competition.  It seems that proponents talk about the need to deal with congestion, while opponents talk about the unfairness of using network management to provide a competitive advantage. 

Distinctions are also being made about management at the wholesale vs retail levels.   And whether the issue is that it happens at all, or whether its OK if it happens so long as the practices are disclosed.  Which leads to the arguement that disclosing means nothing if all the suppliers do the same thing.

It sounds like the quality of the submissions is high – so hopefully that will lead to a well thought out decision in the end.

That’s the title of my Slaw post for today.  It reads as follows:

Frustrated consumers and lawyers alike often threaten to take complaints to the press in an attempt to get satisfaction for an alleged wrong. After all, the “headline risk” of being perceived in a bad light by the public can sometimes be a sobering reality check on whether the entity is not treating a consumer fairly, or whether the complianant is just off base.

Earlier this week, this video was placed on Youtube – was viewed over 150,000 times in its first 2 days – and resulted in United coming to the table to resolve it.

According to the story/song, the Halifax based band “Sons of Maxwell” was travelling from Halifax to Nebraska. At a stopover in Chicago, they witnessed baggage handlers throwing their guitar – which resulted in severe damage to an expensive instrument. The airline didn’t deny what happened, but after being denied any compensation after many months of trying – they told the airline they would make a video of it.

It seems to have worked, and no doubt has been great publicity for the band. (The video is actually quite amusing.)

So is this the next tool in the legal arsenal? Or a new business model – music video advocacy? Hopefully we won’t see lawyer music videos on Youtube as an extension of the courthouse step press conference.

Read more detail and commentary about this on Boing Boing and the Los Angeles Times. It even made CNN.

The CRTC’s network managemement hearings began yesterday.  A CBC article summarizes the scope of the hearing as:

“The CRTC is trying to develop guidelines for internet service providers on acceptable ways of managing internet traffic and congestion, taking into account both the freedom individuals to use the internet as they wish and the interests of ISPs to manage their networks.

The commission is focusing mainly on the questions:

• What internet traffic management practices are acceptable and should any be considered as completely unacceptable?
• Should ISPs disclose their practices and, if so, in what form?
• Does the use of internet technologies for the purpose of internet traffic management raise privacy concerns?
• Is the application of certain internet traffic management practices to wholesale services appropriate?
• Is there a need for the commission to specify what practices are acceptable in relation to wireless service providers?
• What analytical framework should the CRTC adopt in relation to internet traffic management practices and section 36 of the Telecommunications Act?

It will avoid dealing with its November decision to allow Bell to continue to continue throttling the customers of smaller ISPs that buy network access from it, as the decision is under appeal.”

For ongoing analysis, follow Michael Geist, who summarizes the first day’s hearing here.   If you want to follow this as it unfolds, Michael’s article has links to a liveblog and twitter feed.

For earlier information on this subject, search “crtc” and “network neutrality” on my blog.

For the London Free Press – July 6, 2009

Read this on Canoe

Despite recent trends toward corporate transparency, it is still necessary to guard certain information.

A recent case involving Research In Motion dealt with the interpretation of a non-disclosure agreement, or NDA, meant to limit what RIM could do with the other party’s information.

An NDA is a legal contract between parties that outlines confidential information that the parties wish to share for certain purposes.

There are a number of reasons why a business might need to share sensitive information with another, such as one party manufacturing something for the other, or to explore a potential business arrangement.

An NDA usually contains two basic elements:

- That the recipient won’t share the information with anyone else, and perhaps even restrict who can see it within the recipient company.

- Limits on what use the recipient can make of the information.

NDAs are very useful in the technology sector. Frequently, one company might have the necessary expertise to create one part of a product, but will require outside help on another part.

In essence, computers, cellphones, televisions and many other everyday conveniences would not be possible without the collaboration that NDAs allow.

Apple, for example, has done a good job keeping details of its new products under wraps until they are made public with great fanfare.

However, NDAs can be open to interpretation. This was the situation in the recent case of Certicom Corp. versus Research in Motion Ltd.

The facts were complex. Essentially, Research in Motion — the Waterloo-based maker of BlackBerry — entered into an NDA with Certicom Corp., a Mississauga-based information security specialist.

Certicom is best known for their Elliptic Curve Cryptography, which is used by the US Military, IBM, Motorola, and others to protect sensitive information.

The NDA between the two parties included a provision that stated the confidential information could be used “only to the extent reasonably required to fulfill the purpose” of the NDA. Once they got a look at the sensitive information, Research in Motion decided to begin a hostile takeover bid to acquire Certicom.

In response, Certicom brought an action to the Ontario Supreme Court of Justice to block RIM from making any bids on their company unless they consented. The court agreed that the NDA precluded using the information for that purpose and granted their request.

The case shows the value of having an NDA when exchanging information, and of tailoring the NDA to the specific needs. It is usually not enough to simply sign a document stating that both sides will remain quiet.

An NDA must include provisions that also limit what can be done with that information.

While most NDA’s are similar in form and content, they do required careful review before signing, and careful thought into what information is being divulged, what uses of that information should be allowed, what one might not want the information used for and who actually needs to see it.