Happy Data Privacy Day

From the Privacy Commissioner of Canada: “On January 28, Canada, along with many countries around the world, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.”

Privacy becomes increasingly challenging with new tech such as big data, the internet of things, wearable computers, drones, and government agencies recording massive amounts of data in the name of security.  Sober thought needs to go into balancing the advantages of such things with privacy rights, creating them in a privacy sensitive way, and giving people informed choices.

dpd_englishprivacy sample

Cross-posted to Slaw 

harrisonpensa.com/lawyers/david-canton

 

Red Tape Awareness Week

January 19-23 is the CFIB’s (Canadian Federation of Independent Business) 6th annual Red Tape Awareness Week.

During the week the CFIB will make several announcements, starting off by announcing the winner of its annual Paperweight Award, citing the most egregious example of government red tape on small businesses.  My guess is that CASL will win that.

My personal view is that government does a better job of talking about reducing red tape than actually accomplishing it.

(Cross posted to Slaw.)

CES 2015

The Annual Consumer Electronics Show (CES) is under way in Las Vegas.  Its a mecca for those into the latest and greatest and biggest and fastest and most innovative consumer tech.

For example, the latest in TV’s are 4K (4 times the resolution of HD) that are impossibly thin with tiny bezels.  While the high end models are unaffordable, the improvements eventually become mainstream.

Trends include wearables (fitness still dominates) and the smart home (aka internet of things).  Everything seems to be connected somehow – even teakettles. (Some might say that an internet connected teakettle belongs to the internet of stupid things :))

So what might be useful in the office?  Getting around might be easier with the Rollkers “personal transit accessory” – essentially electric roller skates that attach to your shoes – or with the IO Hawk - which is a cross between a Segway and a skateboard.  Or perhaps a food printer for the lunch room.

The tech press has extensive coverage of the CES – check out coverage by Shelly Palmer,  CNETWired

IO Hawkrollkers

Cross posted to Slaw

Smartphone vs tablet vs phablet vs ???

I recently traded in my iPad for a Nexus 9. It has made me look at the phone/tablet thing a bit differently.

When I had an Android phone and an iPad, they felt like very different devices, each with a different role. But now that my tablet and phone work the same, and seamlessly share information, they don’t seem so different anymore. For example, if I make a note on google keep, it instantly shows up on the other device.

The only real difference is the size of the screen, and that the tablet can’t make phone calls or send texts. (Actually that’s not really true as you can make free calls over WiFi using google hangouts.)

That’s why phablets are growing in popularity. For those who can put up with carrying around a larger device, they are the best of both worlds. I want a phone I can put in my pocket though, and phablets are too big for my taste.

So what we really need is a modest sized phone with a screen that appears to be several times the size of the phone. Or better still, are we that far off from a full-fledged computer the size of a smartphone with a holographic display the size of a monitor, and a virtual keyboard? Would that be a complet? – a comphone?

Cross posted to Slaw

CASL software consent chart

CASL, the Canadian anti-spam act, contains provisions that take effect on January 15, 2015 that are intended to prevent malware from being installed on computers (including any device that uses software such as smartphones, cars, TV’s, routers, thermostats…).  The sections require the software provider to obtain express consent from the computer user for certain installations.  There are 2 different levels of consent. Both require the disclosure of specified information, and the second level requires the consent to be obtained outside of the license.

Unfortunately the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry. The IT bar has been collectively scratching its heads trying to understand how to interpret the sections. The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers.  While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being.  When advising clients we will have to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.

Because January 15 is close at hand, software providers with customers in Canada should consider whether they need to do anything to comply.  Violating the act has the same huge potential consequences as violating the anti-spam provisions.

The chart below is an attempt to give an overview of the analysis that a software provider should do to determine what, if anything, they need to do.  There are 2 caveats to this chart.  First, the sections are technical and have their own caveats and exceptions, so you can’t rely on the chart alone.  Second, it relies on the CRTC position as it stands at this moment based on statutory language that really doesn’t make a lot of sense.

download pdf CASL software chart

CASL software chart

 

 

CASL Software provisions explained – Sort of…

I’ve had some time to reflect on the CASL software provisions as interpreted by the CRTC .  As I’ve said before, the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry.  The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers.  While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being. (Lawyers advising clients would be well served to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.)

Software providers should review CASL with their legal counsel to determine how they fit within this labyrinth, but here is my take from a simplified high level on how it applies to the installation of software on a device I own.

I acquire the “Sliced Bread” software by Softco.  It doesn’t matter how I get it – could be an app store, download, CD, etc. I install Sliced Bread on my computer – or my phone, tablet, car, drone, thermostat, fridge, server, router, etc.

Since I’m installing it myself on my own device, CASL doesn’t apply.

BUT IF Sliced Bread does one of the things CASL deems undesirable – things like collecting personal information, changing or interfering with data / operations / control, or sending information to someone;

AND IF those things are something I’m not reasonably expecting Sliced Bread to do (this expectation issue is a huge grey area and will vary depending on what Sliced Bread does);

THEN Softco is deemed to be installing it on my device, and Softco has to obtain my express consent outside of the EULA as detailed in the act.

Cross posted to Slaw.

CRTC on CASL enforcement

Some businesses seem to be ignoring the CASL anti-spam law.  Their attitude is that it’s been months since it’s been in force, nobody’s been fined, and there have been no public enforcement actions (other than one spam bot server situation).  They are feeling safe that it’s not being enforced against typical businesses, and that the CRTC can’t possibly go after every small business.

In a recent webinar, the CRTC said they have issued a number of compliance orders under CASL.  They are not making compliance orders public, though, and they did not say how many.  They will at some time release stats on numbers of orders issued – perhaps at the end of the year.

They also said they would not always start with a gentle request to comply.  In other words, don’t think you can sit back and not comply, then react only when they knock on your door.

The gentle approach is more likely if a business has tried but not quite got it right – less likely for one that has just ignored it.  I suspect the CRTC will be eager to make some examples.

elegal blog marks 10th anniversary

November 16, 2014 marks the 10th anniversary of this blog – over 1500 posts since November 16, 2004.

To put that in perspective, twitter was launched in March 2006,  Facebook didn’t open to non-college students until September 2006, Linkedin was launched in May 2003, and Pinterest was launched in March 2010.

In 2004, you could count the number of lawyers who were blogging in Canada on one hand.  The frequency of posting has slowed over the years given the rise of other social media, but for anything of substance or of enduring value, a blog post reigns supreme.

We have changed the look of the blog a couple of times. An image of what it looked like in 2006 (courtesy of the Wayback Machine) is below.  That was a typical design at the time – before the trend to simpler, cleaner designs.

2006 image

CRTC provides guidance on CASL software provisions

The CRTC has just published their thoughts on the interpretation of section 8 of CASL that requires consents for certain types of software installations.

They also discussed them in an IT.Can webinar.  Their interpretation is helpful, and addresses some of the uncertainty around the provisions.  But some aspects are still unclear, and some of their interpretations may not be entirely supported by the wording of the act.  That may be fine so long as the CRTC is enforcing it, but a court does not have to defer to CRTC interpretation.  I suspect there will be further clarification coming at some point given some of the questions that were being asked in the webinar.

They are interpreting it with the philosophy that the provisions are to prevent the installation of software that does perhaps undesirable things if they were unexpected by the user.  More detail to come after we digest their thoughts and how they might work in practice.  Anyone in the software business should consult their counsel to find out how section 8 might apply to them.

Cross posted to Slaw.

http://harrisonpensa.com/lawyers/david-canton

Jargon

Wired magazine has a regular column called “Jargon Watch” that defines terms relevant to existing and future tech and other issues.  They are sometimes amusing, sometimes food for thought, sometimes telling of our culture.  The November issue has some definitions I thought readers might relate to, including:

Rogeting: Using a thesaurus to disguise plagiarized writing.  Such word substitution can thwart anti-plagiarism software, but the tactic becomes comically obvious when overdone, especially with contextually inappropriate synonyms.  for instance: Rogeting “legacy networks” into “bequest mazes.”

Nearable:  A smart, connected object that can share data about itself with a smartphone or computer.  Retailers will soon be creating them using sensor-laden stickers that attach to products and report on how customers react with merchandise.

If you are curious about the definitions of “card clash” and “swarmies”, check out this November Wired page.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton