Smartwatches still in the running

I’ve written about smartwatches before. So far they have not been selling as fast as some expected.  The marketplace still hasn’t sorted out the right combinations of features and price.

Apple’s iWatch is arriving in April.  It will no doubt sell well – if for no other reason than it’s an Apple product.

The first real smartwatch was the Pebble, which broke Kickstarter records in 2012.  They announced a new version of it yesterday, called the “Pebble Time”.  They launched a new Kickstarter project yesterday morning – but this time just to take pre-orders at a discount for May delivery, rather than for funding development.

If nothing else, it proved that there is tremendous interest in smartwatches.  They achieved their $500,000 sales goal in about an hour, and the last I checked they were over $9,100,000, which translates to around 50,000 watches.

Cross-posted to Slaw

Privacy Commissioner issues guidance on police body cameras

The federal Privacy Commissioner has just released a report giving guidance on the privacy implications of police wearing body-worn cameras, and what police need to do to comply with privacy laws.

It points out that the issues around body-worn cameras are more complex than on fixed cameras.

As is usually the case with privacy issues, it is about balance – in this case balancing the advantages of the cameras with privacy concerns.

The report has this to say about balance:

There are various reasons why a LEA might contemplate adopting BWCs. LEAs could view the use of BWCs as bringing about certain benefits to policing or other enforcement activities.  For example, in addition to being used to collect evidence, BWCs have been associated with a decrease in the number of public complaints against police officers as well as a decrease in the use of force by police officers.  At the same time, BWCs have significant privacy implications that need to be weighed against the anticipated benefits.  As the Supreme Court of Canada has noted, an individual does not automatically forfeit his or her privacy interests when in public, especially given technological developments that make it possible for personal information “to be recorded with ease, distributed to an almost infinite audience, and stored indefinitely”. And as the Supreme Court added more recently, the right to informational privacy includes anonymity which “permits individuals to act in public places but to preserve freedom from identification and surveillance.”

It goes on to talk about the tests to determine if the intrusion is justified, and what uses and safeguards are appropriate.

Its worth a read even if just for its general discussion around cameras and privacy.

Cross-posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Big Brother in your TV? 10 “freaky line” things to think about

There has been a big kerfuffle in the last few days over the thought that Samsung smart TV’s are listening to and recording TV watcher’s conversations via their voice command feature.  That arose from a clause in their privacy policy that said in part “…if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

Samsung has since clarified this language to explain that some voice commands may be transmitted to third parties to convert the command to text and make the command work.  Also to point out that you can choose to just turn that feature off.  That is similar to how Siri, Google Now, Cortana, and other voice command platforms work.  Some voice commands are processed locally, and some may require processing in the cloud.  How much is done locally, and how much in the cloud varies depending on the platform and the nature of the command.

While one should never reach conclusions based on press reports, the probability is that this issue was way overblown.  But it does show how challenging privacy issues can get when it comes to technology and the internet of things (IOT).

Issues to ponder include:

  1. The importance of designing privacy into tech – often called “Privacy by Design” – rather than trying to bolt it on later.
  2. How complex privacy is in the context of modern and future technology where massive amounts of data are being collected on us from almost everything that includes things like fitness trackers, web browsers, smartphones, cars, thermostats, and appliances.  Not to mention government surveillance such as the NSA and the Canadian CSE.
  3. The mothership issue – meaning where does all that information about us go, how much is anonymised, what happens to it when it gets there, and who gets to see or use it?
  4. How difficult it is to draft privacy language so it gives the business protection from doing something allegedly outside its policy – while at the same time not suggesting that it does unwanted things with information – while at the same time being clear and concise.
  5. How difficult it is for the average person to understand what is really happening with their information, and how much comfort comes – or doesn’t come – from a trust factor rather than a technical explanation.
  6. How easy it is for a business that may not be doing anything technically wrong or may be doing the same as everyone else is to become vilified for perceived privacy issues.
  7. Have we lost the privacy war? Are we headed to a big brother world where governments and business amass huge amounts of information about us with creeping (and creepy) uses for it?
  8. Are we in a world of tech haves and have nots where those making the most use of tech will be the ones willing to cross the “freaky line” where the good from the use outweighs the bad from a privacy perspective?
  9. Are we headed to more situations where we don’t have control over our personal freaky line?
  10. Where is your personal freaky line?

Cross posted to Slaw

FTC report – Internet of Things – Privacy & Security

The US FTC just released a report entitled internet of things - Privacy & Security in a Connected WorldIts a worthwhile read for anyone interested in the topic.  It should be a mandatory read for anyone developing IoT devices or software.  A summary of it is on JDSupra.

The conclusion of the FTC reports reads in part:

The IoT presents numerous benefits to consumers, and has the potential to change the ways that consumers interact with technology in fundamental ways. In the future, the Internet of Things is likely to meld the virtual and physical worlds together in ways that are currently difficult to comprehend. From a security and privacy perspective, the predicted pervasive introduction of sensors and devices into currently intimate spaces – such as the home, the car, and with wearables and ingestibles, even the body – poses particular challenges.

In essence, the FTC states that security and privacy must be designed into the devices, data collected must be minimized (at least in respect to consumer data), and people need to be given notice and choice about the collection of data.

These are laudable goals, but will take work to attain.

Cross-posted to Slaw

Happy Data Privacy Day

From the Privacy Commissioner of Canada: “On January 28, Canada, along with many countries around the world, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.”

Privacy becomes increasingly challenging with new tech such as big data, the internet of things, wearable computers, drones, and government agencies recording massive amounts of data in the name of security.  Sober thought needs to go into balancing the advantages of such things with privacy rights, creating them in a privacy sensitive way, and giving people informed choices.

dpd_englishprivacy sample

Cross-posted to Slaw 

harrisonpensa.com/lawyers/david-canton

 

Red Tape Awareness Week

January 19-23 is the CFIB’s (Canadian Federation of Independent Business) 6th annual Red Tape Awareness Week.

During the week the CFIB will make several announcements, starting off by announcing the winner of its annual Paperweight Award, citing the most egregious example of government red tape on small businesses.  My guess is that CASL will win that.

My personal view is that government does a better job of talking about reducing red tape than actually accomplishing it.

(Cross posted to Slaw.)

CES 2015

The Annual Consumer Electronics Show (CES) is under way in Las Vegas.  Its a mecca for those into the latest and greatest and biggest and fastest and most innovative consumer tech.

For example, the latest in TV’s are 4K (4 times the resolution of HD) that are impossibly thin with tiny bezels.  While the high end models are unaffordable, the improvements eventually become mainstream.

Trends include wearables (fitness still dominates) and the smart home (aka internet of things).  Everything seems to be connected somehow – even teakettles. (Some might say that an internet connected teakettle belongs to the internet of stupid things :))

So what might be useful in the office?  Getting around might be easier with the Rollkers “personal transit accessory” – essentially electric roller skates that attach to your shoes – or with the IO Hawk - which is a cross between a Segway and a skateboard.  Or perhaps a food printer for the lunch room.

The tech press has extensive coverage of the CES – check out coverage by Shelly Palmer,  CNETWired

IO Hawkrollkers

Cross posted to Slaw

Smartphone vs tablet vs phablet vs ???

I recently traded in my iPad for a Nexus 9. It has made me look at the phone/tablet thing a bit differently.

When I had an Android phone and an iPad, they felt like very different devices, each with a different role. But now that my tablet and phone work the same, and seamlessly share information, they don’t seem so different anymore. For example, if I make a note on google keep, it instantly shows up on the other device.

The only real difference is the size of the screen, and that the tablet can’t make phone calls or send texts. (Actually that’s not really true as you can make free calls over WiFi using google hangouts.)

That’s why phablets are growing in popularity. For those who can put up with carrying around a larger device, they are the best of both worlds. I want a phone I can put in my pocket though, and phablets are too big for my taste.

So what we really need is a modest sized phone with a screen that appears to be several times the size of the phone. Or better still, are we that far off from a full-fledged computer the size of a smartphone with a holographic display the size of a monitor, and a virtual keyboard? Would that be a complet? – a comphone?

Cross posted to Slaw

CASL software consent chart

CASL, the Canadian anti-spam act, contains provisions that take effect on January 15, 2015 that are intended to prevent malware from being installed on computers (including any device that uses software such as smartphones, cars, TV’s, routers, thermostats…).  The sections require the software provider to obtain express consent from the computer user for certain installations.  There are 2 different levels of consent. Both require the disclosure of specified information, and the second level requires the consent to be obtained outside of the license.

Unfortunately the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry. The IT bar has been collectively scratching its heads trying to understand how to interpret the sections. The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers.  While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being.  When advising clients we will have to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.

Because January 15 is close at hand, software providers with customers in Canada should consider whether they need to do anything to comply.  Violating the act has the same huge potential consequences as violating the anti-spam provisions.

The chart below is an attempt to give an overview of the analysis that a software provider should do to determine what, if anything, they need to do.  There are 2 caveats to this chart.  First, the sections are technical and have their own caveats and exceptions, so you can’t rely on the chart alone.  Second, it relies on the CRTC position as it stands at this moment based on statutory language that really doesn’t make a lot of sense.

download pdf CASL software chart

CASL software chart

 

 

CASL Software provisions explained – Sort of…

I’ve had some time to reflect on the CASL software provisions as interpreted by the CRTC .  As I’ve said before, the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry.  The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers.  While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being. (Lawyers advising clients would be well served to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.)

Software providers should review CASL with their legal counsel to determine how they fit within this labyrinth, but here is my take from a simplified high level on how it applies to the installation of software on a device I own.

I acquire the “Sliced Bread” software by Softco.  It doesn’t matter how I get it – could be an app store, download, CD, etc. I install Sliced Bread on my computer – or my phone, tablet, car, drone, thermostat, fridge, server, router, etc.

Since I’m installing it myself on my own device, CASL doesn’t apply.

BUT IF Sliced Bread does one of the things CASL deems undesirable – things like collecting personal information, changing or interfering with data / operations / control, or sending information to someone;

AND IF those things are something I’m not reasonably expecting Sliced Bread to do (this expectation issue is a huge grey area and will vary depending on what Sliced Bread does);

THEN Softco is deemed to be installing it on my device, and Softco has to obtain my express consent outside of the EULA as detailed in the act.

Cross posted to Slaw.