That’s the title of my Slaw post for today.  It reads as follows.

We have mentioned before that the Anti-Spam act (bill c-28) will not come into force until the fall. (It may potentially be delayed because the election has delayed the creation of the regulations that must be in place before it is in force.) Several sections of the act that amend PIPEDA (Personal Information Protection and Electronic Documents Act) were however proclaimed in force effective April 1

The PIPEDA amendments from the Anti-Spam act are in force to the extent that they are administrative in nature. Those that interact with the anti-spam provisions are not yet in force, and presumably will come into force at the same time as the Anti-Spam act.

These are some of the noteworthy changes.

A new section 12 gives the Commissioner the ability to refuse to investigate a complaint in certain circumstances. Essentially if there is a better forum for the complaint, or if a compliant is not filed within a reasonable time.

Section 12.2 gives the Commissioner the ability to discontinue a complaint in certain circumstances, such as where there is insufficient evidence, the complaint is frivolous, the organization has given a fair and reasonable response, or where it has been addressed in another procedure.

A new section 23 expands the scope of permitted sharing of information by the Commissioner with provincial and international counterparts. The idea is to foster co-operation in investigations.

And of course the bill that proposed specific changes that arose from the 5 year PIPEDA review died with the election. It contained many housekeeping changes that were essentially shortcomings to the legislation raised by experience. It also contained new things like notice requirements for privacy breaches. We will have to wait for a while to see what happens to that draft bill.

Tuesday April 26 is World Intellectual Property Day.  WIPO (the World Intellectual Property Organization) says:  ”WIPO’s member states initiated World IP Day in 2000 to raise public awareness about the role of IP in daily life, and to celebrate the contribution made by innovators and creators to the development of societies across the globe. World IP Day is celebrated annually on April 26, the date on which the Convention establishing WIPO entered into force in 1970.”

“This year’s World Intellectual Property Day on April 26 celebrates the role of design in the market-place, in society and in shaping the innovations of the future.”

For the London Free Press -  April 25, 2011

Read this on Canoe

There is a common-law rule that illegally obtained evidence is admissible in court no matter how it was obtained. But there are exceptions.

Given the digitally interconnected world we live in, it is not surprising there are cases where evidence has been obtained by way of an unauthorized computer access, or hacking.

Hacking is an indictable offence under the Canadian Criminal Code with a maximum 10 years imprisonment. The code defines hacking as any unauthorized use of a computer to:

• obtain a computer service (which includes retrieval of data), 
• intercept any function of a computer system,
•  destroy, alter or render data meaningless, and
•  obstruct, interrupt or interfere with the lawful use of data.

Based on the common-law rule, one would think information illegally obtained via unauthorized computer access should be admissible in civil proceedings. However, when it comes to hacked information, application of the common-law rule is not always so clear-cut.

In Autosurvey Inc. v. Prevost, a company concerned that part of its system had been compromised by a former employee hacked into the former employee’s own private server and copied everything on it to preserve potential evidence.

The information copied contained, among other things, privileged solicitor-client communications, litigation strategy notes and confidential client information (credit card numbers and passwords) from the employee’s other legitimate business interests.

The company’s lawsuit against the employee was ultimately stayed by the court. The court called the company’s “brute force entry” into the former employee’s server egregious. In justifying his stiff decision, the judge said the company’s “failure to fully disclose these serious procedural violations to the defendants and the court on any sort of timely basis, and the unquestionable prejudice that will result to the defendants as a consequence, demand public denunciation and the levy of a severe sanction by the court.”

In Osiris Inc. v. 1444707 Ontario Ltd., an employee of the defendants hacked into his employer’s server and took more than 2,000 documents in an effort to protect himself after refusing to participate in unethical conduct with his employer. The employee in turn provided one of the plaintiffs with 31 of the documents relevant to the litigation and damaging to the defendants.

Unlike in Autosurvey, the documents in question were not privileged and would have been producible under ordinary circumstances.

Ultimately, the 31 documents were allowed to be relied on pending a ruling on their authenticity.

These cases highlight that, despite the common-law rule regarding illegally obtained evidence, information obtained by unauthorized computer access will not always be admissible.

At the very least, the acquired information must be evidence and cannot be something that would not be allowed traditionally such as confidential communications unrelated to the matter at issue. Parties cannot conduct fishing expeditions into opponent’s electronic servers, and the courts will punish individuals for such egregious invasions of privacy. And legal counsel cannot have anything to do with the hacking, or advise their clients to do so.

That’s the title of my Slaw post for today.  It reads as follows.

Several of us on Slaw are convinced that tablet computers are game changers.

Apple clearly has the lead with the iPad – with sales of the first version of around 15 million in the first year. While the iPad is the device that is setting the bar, and that all others are compared to, it is not perfect. Critics point, for example, to its lack of flash support and lack of usb connectivity. Others are scrambling trying to get into the market. As an indication of just how competitive the field is, consider the following recent developments.

The Blackberry Playbook is now available – but has not wowed buyers so far. Early reviews suggest that it is fundamentally well designed, but is still a work in progress.

Another competitor is anything running Google’s Android 3.0 Honeycomb operating system. The first was the Motorola Xoom. It has been described as better than the iPad in some ways, but still a work in progress. Some expect that upcoming Honeycomb models such as the Samsung Galaxy versions arriving June 8 will be a serous contender.

Adobe has just announced a development that may bring flash to Apple products.

And Apple just launched a lawsuit against Samsung claiming that its Android tablets violate various patent, design patent, trade-dress, and other IP rights of Apple. It is noteworthy that Samsung is a major component supplier to Apple. It will be interesting to see how this plays out.

The bottom line is that we are in the early days of tablets, and it will take some time before the winners and losers are sorted out.

That’s the title of my Slaw post for today.  It reads as follows.

This is not about the election – it is about the need to consider this issue carefully before passing any new laws.

Michael Geist and David Fraser (here and here) have written detailed articles on this issue that I concur with and recommend. I want to weigh in as well as this is an important issue. I have a problem with legislation that erodes privacy and requires ISP’s or others to retain information for the sole purpose of government access to it. And when that access is not tempered by the need for a warrant.

Issues include erosion of privacy, the potential for misuse of the information (intentionally, accidentally, or creeping uses) the costs of ISP’s to comply, and whether the measures will actually have any meaningful impact on crime.

We are critical when countries like France pass data retention laws that trash privacy. Or when other countries use personal information to control and persecute and go way beyond criminal investigations. All justified, of course, by the claim that it is somehow criminal. We should be no less critical when our own governments try to pass similar laws.

(I’m convinced, by the way, that if Julian Assange was in China revealing Chinese documents the way he has revealed US documents, he would be hailed by the US as a hero, not vilified as a traitor. But I digress.)

This is just so wrong.  France passed a decree requiring online service providers to retain information on virtually everything one does online to be made available to law enforcement – even passwords!

A number of organizations are challenging it.

For more detail see posts by David Fraser, Mike Masnick, Slashdot, and BBC News.

For anyone interested in an overview of copyright as it applies to music and music videos, there is a good, easy to read article on the law law land blog. It is based on US copyright law, and while some of the details are a bit different in Canada, the gist is the same. 

The article uses the Rebecca Black Friday video to put the law in context. 

And for the record, I’m posting this because it is a good article on what can be a confusing subject – not because it has anything to do with that mind-numbing trainwreck of a video.

That is the title of my Slaw post for today.  It reads as follows:

Various Canadian Privacy Commissioners have taken the position that car license plate numbers are personal information, and thus subject to privacy legislation. That comes up, for example, in the context of Google street views, where Google has been told they must blur license plate numbers.

Various Privacy Commissioner decisions have also limited the use of driver’s license information. For example, a store may ask to see a driver’s license as identification for someone returning a purchase as a fraud prevention measure, but the store is only supposed to look at it, not record the information on it.

Those principles are now in question as a result of an Alberta Court of Appeal Decision. (Or at least as far as Alberta privacy legislation is concerned.)

In Leon’s Furniture v Alberta the Court of Appeal said that license plate numbers are not personal information. And that a business can record driver’s license numbers so long as there is a reasonable need, and appropriate safeguards are in place.

Given the impact of this decision it would not be surprising if it was appealed. The decision contains a dissent that Privacy Commissioners will no doubt find encouraging.

For more commentary and analysis about the case see All About Information and the Canadian Privacy Law Blog. The decision is here.

For the London Free Press – April 4, 2011

Read this on Canoe

Employers who want applicants’ social media log-ins to check them out are going too far

It not unusual for employers to conduct Google searches on prospective employees or check their public social media feeds. But prospective employer’s requests for job applicants’ social media log-in IDs and passwords crosses the line.

Unfortunately, some people have felt no choice but to comply given the unequal bargaining power between the parties and their need to obtain or keep a job.

The British Columbia New Democratic Party has required candidates to reveal their social media IDs and passwords so the party can search for potentially embarrassing material. So far, all the candidates have apparently complied, except for one.

In Maryland, the department business law of public safety and correctional services requested applicants’ social media information as a standard part of its hiring and recertification process. The American Civil Liberties Union of Maryland has requested that the department change its policy.

In Bozeman, Mont., the city instituted a policy requiring job applicants to provide their social media log-in information. This prompted widespread criticism that resulted in the city promptly abandoning the policy.

There is a fine line between being well-informed about employees and potential employees and invading an individual’s privacy. Asking for social media log-ins clearly crosses that line.

For many social media users, Facebook messaging is replacing their telephone calls, e-mails and meetings. An employer asking for access to these messages is the practical equivalent of asking if it can tap phones, monitor e-mails or listen in on conversations.

These are violations of reasonable expectations of privacy. Communications via social media should not be treated differently. With many social media sites, giving out your log-in ID and password is a violation of their terms of use.

Having someone’s IDs and passwords means you can do anything on that site the individual can do. One has to wonder what else those entities demanding passwords do with personal information.

An employer may learn about such things as applicants’ religious views or disabilities on which they’re not permitted to base hiring decisions. If the candidate is not hired, this could lead to a discrimination claim.