Samsung has since clarified this language to explain that some voice commands may be transmitted to third parties to convert the command to text and make the command work. Also to point out that you can choose to just turn that feature off. That is similar to how Siri, Google Now, Cortana, and other voice command platforms work. Some voice commands are processed locally, and some may require processing in the cloud. How much is done locally, and how much in the cloud varies depending on the platform and the nature of the command.
While one should never reach conclusions based on press reports, the probability is that this issue was way overblown. But it does show how challenging privacy issues can get when it comes to technology and the internet of things (IOT).
Issues to ponder include:
- The importance of designing privacy into tech – often called “Privacy by Design” – rather than trying to bolt it on later.
- How complex privacy is in the context of modern and future technology where massive amounts of data are being collected on us from almost everything that includes things like fitness trackers, web browsers, smartphones, cars, thermostats, and appliances. Not to mention government surveillance such as the NSA and the Canadian CSE.
- The mothership issue – meaning where does all that information about us go, how much is anonymised, what happens to it when it gets there, and who gets to see or use it?
- How difficult it is to draft privacy language so it gives the business protection from doing something allegedly outside its policy – while at the same time not suggesting that it does unwanted things with information – while at the same time being clear and concise.
- How difficult it is for the average person to understand what is really happening with their information, and how much comfort comes – or doesn’t come – from a trust factor rather than a technical explanation.
- How easy it is for a business that may not be doing anything technically wrong or may be doing the same as everyone else is to become vilified for perceived privacy issues.
- Have we lost the privacy war? Are we headed to a big brother world where governments and business amass huge amounts of information about us with creeping (and creepy) uses for it?
- Are we in a world of tech haves and have nots where those making the most use of tech will be the ones willing to cross the “freaky line” where the good from the use outweighs the bad from a privacy perspective?
- Are we headed to more situations where we don’t have control over our personal freaky line?
- Where is your personal freaky line?
Cross posted to Slaw
The US FTC just released a report entitled internet of things - Privacy & Security in a Connected World. Its a worthwhile read for anyone interested in the topic. It should be a mandatory read for anyone developing IoT devices or software. A summary of it is on JDSupra.
The conclusion of the FTC reports reads in part:
The IoT presents numerous benefits to consumers, and has the potential to change the ways that consumers interact with technology in fundamental ways. In the future, the Internet of Things is likely to meld the virtual and physical worlds together in ways that are currently difficult to comprehend. From a security and privacy perspective, the predicted pervasive introduction of sensors and devices into currently intimate spaces – such as the home, the car, and with wearables and ingestibles, even the body – poses particular challenges.
In essence, the FTC states that security and privacy must be designed into the devices, data collected must be minimized (at least in respect to consumer data), and people need to be given notice and choice about the collection of data.
These are laudable goals, but will take work to attain.
Cross-posted to Slaw
From the Privacy Commissioner of Canada: “On January 28, Canada, along with many countries around the world, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.”
Privacy becomes increasingly challenging with new tech such as big data, the internet of things, wearable computers, drones, and government agencies recording massive amounts of data in the name of security. Sober thought needs to go into balancing the advantages of such things with privacy rights, creating them in a privacy sensitive way, and giving people informed choices.
Cross-posted to Slaw
January 19-23 is the CFIB’s (Canadian Federation of Independent Business) 6th annual Red Tape Awareness Week.
During the week the CFIB will make several announcements, starting off by announcing the winner of its annual Paperweight Award, citing the most egregious example of government red tape on small businesses. My guess is that CASL will win that.
My personal view is that government does a better job of talking about reducing red tape than actually accomplishing it.
(Cross posted to Slaw.)
The Annual Consumer Electronics Show (CES) is under way in Las Vegas. Its a mecca for those into the latest and greatest and biggest and fastest and most innovative consumer tech.
For example, the latest in TV’s are 4K (4 times the resolution of HD) that are impossibly thin with tiny bezels. While the high end models are unaffordable, the improvements eventually become mainstream.
Trends include wearables (fitness still dominates) and the smart home (aka internet of things). Everything seems to be connected somehow – even teakettles. (Some might say that an internet connected teakettle belongs to the internet of stupid things :))
So what might be useful in the office? Getting around might be easier with the Rollkers “personal transit accessory” – essentially electric roller skates that attach to your shoes – or with the IO Hawk - which is a cross between a Segway and a skateboard. Or perhaps a food printer for the lunch room.
The tech press has extensive coverage of the CES – check out coverage by Shelly Palmer, CNET, Wired
Cross posted to Slaw
I recently traded in my iPad for a Nexus 9. It has made me look at the phone/tablet thing a bit differently.
When I had an Android phone and an iPad, they felt like very different devices, each with a different role. But now that my tablet and phone work the same, and seamlessly share information, they don’t seem so different anymore. For example, if I make a note on google keep, it instantly shows up on the other device.
The only real difference is the size of the screen, and that the tablet can’t make phone calls or send texts. (Actually that’s not really true as you can make free calls over WiFi using google hangouts.)
That’s why phablets are growing in popularity. For those who can put up with carrying around a larger device, they are the best of both worlds. I want a phone I can put in my pocket though, and phablets are too big for my taste.
So what we really need is a modest sized phone with a screen that appears to be several times the size of the phone. Or better still, are we that far off from a full-fledged computer the size of a smartphone with a holographic display the size of a monitor, and a virtual keyboard? Would that be a complet? – a comphone?
Cross posted to Slaw
CASL, the Canadian anti-spam act, contains provisions that take effect on January 15, 2015 that are intended to prevent malware from being installed on computers (including any device that uses software such as smartphones, cars, TV’s, routers, thermostats…). The sections require the software provider to obtain express consent from the computer user for certain installations. There are 2 different levels of consent. Both require the disclosure of specified information, and the second level requires the consent to be obtained outside of the license.
Unfortunately the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry. The IT bar has been collectively scratching its heads trying to understand how to interpret the sections. The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers. While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being. When advising clients we will have to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.
Because January 15 is close at hand, software providers with customers in Canada should consider whether they need to do anything to comply. Violating the act has the same huge potential consequences as violating the anti-spam provisions.
The chart below is an attempt to give an overview of the analysis that a software provider should do to determine what, if anything, they need to do. There are 2 caveats to this chart. First, the sections are technical and have their own caveats and exceptions, so you can’t rely on the chart alone. Second, it relies on the CRTC position as it stands at this moment based on statutory language that really doesn’t make a lot of sense.
download pdf CASL software chart
I’ve had some time to reflect on the CASL software provisions as interpreted by the CRTC . As I’ve said before, the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry. The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers. While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being. (Lawyers advising clients would be well served to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.)
Software providers should review CASL with their legal counsel to determine how they fit within this labyrinth, but here is my take from a simplified high level on how it applies to the installation of software on a device I own.
I acquire the “Sliced Bread” software by Softco. It doesn’t matter how I get it – could be an app store, download, CD, etc. I install Sliced Bread on my computer – or my phone, tablet, car, drone, thermostat, fridge, server, router, etc.
Since I’m installing it myself on my own device, CASL doesn’t apply.
BUT IF Sliced Bread does one of the things CASL deems undesirable – things like collecting personal information, changing or interfering with data / operations / control, or sending information to someone;
AND IF those things are something I’m not reasonably expecting Sliced Bread to do (this expectation issue is a huge grey area and will vary depending on what Sliced Bread does);
THEN Softco is deemed to be installing it on my device, and Softco has to obtain my express consent outside of the EULA as detailed in the act.
Cross posted to Slaw.
Some businesses seem to be ignoring the CASL anti-spam law. Their attitude is that it’s been months since it’s been in force, nobody’s been fined, and there have been no public enforcement actions (other than one spam bot server situation). They are feeling safe that it’s not being enforced against typical businesses, and that the CRTC can’t possibly go after every small business.
In a recent webinar, the CRTC said they have issued a number of compliance orders under CASL. They are not making compliance orders public, though, and they did not say how many. They will at some time release stats on numbers of orders issued – perhaps at the end of the year.
They also said they would not always start with a gentle request to comply. In other words, don’t think you can sit back and not comply, then react only when they knock on your door.
The gentle approach is more likely if a business has tried but not quite got it right – less likely for one that has just ignored it. I suspect the CRTC will be eager to make some examples.
November 16, 2014 marks the 10th anniversary of this blog – over 1500 posts since November 16, 2004.
To put that in perspective, twitter was launched in March 2006, Facebook didn’t open to non-college students until September 2006, Linkedin was launched in May 2003, and Pinterest was launched in March 2010.
In 2004, you could count the number of lawyers who were blogging in Canada on one hand. The frequency of posting has slowed over the years given the rise of other social media, but for anything of substance or of enduring value, a blog post reigns supreme.
We have changed the look of the blog a couple of times. An image of what it looked like in 2006 (courtesy of the Wayback Machine) is below. That was a typical design at the time – before the trend to simpler, cleaner designs.