For the London Free Press – March 15, 2010

Read this on Canoe

Canada’s privacy commissioner calls for modernized laws to address evolution of cyberspace

Last month, Canada’s privacy commissioner, Jennifer Stoddart, gave an address titled “The Future of Privacy Regulation” at the 11th annual Privacy and Security Conference in Victoria.

Describing herself as the “village elder” in the privacy community, her speech detailed many of the changes that have occurred in cyberspace over the last decade.

The advent of Facebook, Twitter, Flickr, YouTube, Google Street View, and iPods all occurred during the last seven years of her tenure.

She also identified “real-time globalization” and “instantaneous worldwide flow of data” as changing the terrain of privacy regulation.

These developments have resulted in significant challenges for administering th e regulations that protect the privacy of Canadians’ personal information.

“In light of these colossal changes over the past decade alone, it would be foolish to try to predict what the next decade will hold,” she said.

“But what we can say for certain is that the regulatory framework we have in place now for the protection of privacy and personal information is being sorely tested.

“We have bent and stretched it in many different ways,” she added. “And if we don’t want it to snap, we need to figure out how to fortify it for the decade ahead.”

Stoddart recognized that the Privacy Act, which governs the federal public sector, and the Personal Information and Electronic Documents Act, which governs the private sector, need to be modernized so we are properly equipped to meet future changes.

Stoddart noted the technology we now use has created a previously unheard-of market for businesses following consumer behaviour. This creates difficulties for regulators in terms of what information the average consumer knowingly consents to share.

The challenge of new technology is compounded by the increasingly global scope of data flows across borderless virtual communities. When our personal information ends up in countries lacking strong privacy regulation, Canadians may not have the privacy rights they enjoy in Canada.

Despite the challenges, Stoddart said Canada’s business community works closely with privacy regulators to ensure they comply with the rules.

Canada is also seeking to work more closely with other countries to create common rules and standards and to ensure uniform enforcement.

Efforts underway include the Spanish Initiative, a draft international privacy standard put forward by an international working group and endorsed in Madrid, which Stoddart calls a “valuable first step towards a harmonized approach to data protection.”

The Asia-Pacific Economic Co-operation (APEC) group as been working to protect information flowing into Asian countries. APEC is developing cross-border privacy rules to govern international information flow and facilitate co-operation between national authorities.

While acknowledging that “a single, enforceable global standard for privacy won’t materialize overnight — if ever,” Stoddart stressed that Canada must continue to actively pursue standardized regulations to protect Canadians’ privacy rights.

For the London Free Press – March 1, 2010

Read this on Canoe

Companies have been sent a clear message — deal with complaints because dispute resolution is too impractical to pursue.

A recent Ontario Court of Appeal ruling confirms an evolving trend to protecting consumers from enforcement of mandatory arbitration clauses in consumer agreements.

The plaintiff in Griffin v. Dell Canada alleged Dell had sold computers with latent defects that made them prone to overheating, power failure, inability to “boot up” and unexpected shutdowns.

Griffin sought certification of the case as a class action. In reply, Dell moved to stay the proceeding in favour of private individual arbitration under the mandatory arbitration clause in each consumer contract. The arbitration clause directed that complaints must be taken to the (now defunct) National Arbitration Forum in Minnesota.

Dell relied on sec. 7(1) of the Ontario Arbitration Act, which requires the court to stay a proceeding where there is a valid mandatory arbitration clause.

A lower court had dismissed Dell’s motion and conditionally certified the case as a class action. The appeal court dismissed Dell’s appeals and refused to stay the class proceeding.

The appeal court relied on provisions of the Consumer Protection Act that invalidate mandatory arbitration clauses in consumer contracts. These provisions took effect in 2005, after the consumer contracts with Dell were entered into. But the court chose to rely on them because damages did not arise until after the provisions took effect.

Interestingly, the court also ensured the rights of non-consumers within the class were protected. The Consumer Protection Act restricts the definition of a “consumer” to an individual who “acts for personal, family or household purposes and does not include a person who is acting for business purposes”. But the court found it unreasonable to separate the claims of consumers and non-consumers.

In applying the consumer protection law, the appeal court made a point of noting that Dell’s mandatory arbitration clauses were simply unfair to Canadian consumers.

Writing for the court, Justice Robert Sharpe said: “In my view, it is clear beyond any serious doubt on this record that staying any claims advanced in the action will not result in any of the stayed claims being arbitrated. I agree with the motion judge that there is a lack of reality to Dell’s argument that the claim should proceed by way of arbitration. There will be no arbitration. The choice is not between arbitration and class proceeding; the real choice is between clothing Dell with immunity from liability for defective goods sold to non-consumers and giving those purchasers the same day in court afforded to consumers by way of the class proceeding.”

The appeal court has sent a clear message that consumer rights must be taken seriously. Large corporations will now have more difficulty avoiding responsibility for addressing consumer complaints by making dispute resolution too impractical to pursue.

That’s the title of my Slaw post for today.  It reads as follows:

The annual Ted conference always has thought provoking presentations.   One of the presentations this year was entitled “Four ways to fix a broken legal system“.   Its worth taking the 19 minutes to watch.

The basic proposition of the presenter, Philip K. Howard, is that the legal system has become so complex that it instills fear to act.  People become so self-conscious of  their judgments that it skews behaviour towards failure. 

We should not just dismiss this as being unique to the American legal system.  The Canadian system may not be as extreme in this regard – but many of his issues are still relevant.

Technology advances have often challenged existing laws – which can get in the way of progress, or be inadequate to address new issues.

A book has just been published (which I have not read) entitled The Laws of Disruption that   ”explores, ten years into the Internet revolution, what has happened to social, political, and legal systems that now lag dangerously far behind.”

Laws have always lagged behind technology advances – that’s just a natural result.  But technology advances are happened much faster than ever before.   See, for example, the stats in this popular Socialnomics video.

Consider issues that arise from such things as pervasive public surveillance, Google street, access to huge amounts of information on anything and anyone, communication tools like twitter, skype, and Google voice, cloud computing, cheap terabyte drives, mobile computing, crowdsourcing, music and video sharing.   These advances, and others, challenge not only laws (such as privacy, ownership, copyright) – but business models (such as how to make money selling music when it is no longer a scarce commodity), how we govern ourselves, how we interact with each other (consider what being a “friend” now means), how we learn, and who we trust.

The challenge is to keep the current rules (legal and other) in mind when dealing with anything new – but at the same time not being blindly tied to those rules so tightly that we fail to understand the implications and issues in the context of what is different.   As I’ve commented before, precedent is context, not an operating manual.

This is a short article that Tim Hogan, a colleague of mine, wrote to explain the new Ontario ban on the use of cell phones while driving.  It explains the details, the exceptions, and points out that there is the potential for employer liability if its employees don’t comply.

That’s my Slaw post for today.   It reads as follows:

I was reading my usual RSS feeds this morning, partly to see if I could find some inspiration for my Slaw post for today, and found the following post on Techdirt. I couldn’t agree more – and since this is one of those “like he said” posts that I can’t really improve on – I’ve simply reproduced it below. I know the author, Mike Masnick, won’t mind so long as I don’t take credit for writing it.

The Rule Of Law Over The Rule Of Reason

from the stop-the-insanity dept

While not directly a tech/business related story, Jonny sent in this rather disturbing story of a grandmother arrested in Indiana for buying two whole boxes of cold medicine in less than a week. As you’re probably aware, most states have greatly limited the ability to buy cold medicine that contains pseudoephedrine, the ingredient that makes most cold medicines effective — but also a key ingredient used in making meth. So, rather than deal with the growing meth problem head on, many politicians sought to annoy pretty much anyone with a serious cold by making it quite difficult to get any drug that actually contains useful medicine.

Apparently, the Indiana law forbids buying more than 3.0 grams of the stuff in a single week, and the two boxes of cold medicine exceeded that amount. The end result? Police show up at the woman’s house and arrest her — and then keep defending the arrest, citing meth abuse, even as everyone admits that this woman was not making meth:

         “I feel for her, but if she could go to one of the area hospitals and see a baby born to a meth-addicted mother …”

It’s difficult to see what that has to do with anything considering that everyone knows this woman had no intention of making meth. The whole thing is ridiculous, but is symptomatic of a problem that we’re seeing all too often, where the focus is on enforcing poorly thought out laws, to ridiculous consequences, with no attempt to ever look at the negative consequences and seeing if the original law made any sense in the first place.

We’ve discussed this in the past with regards to other laws as well. In business, if you plan a new initiative, you have metrics and you check to see if you accomplish them, and you monitor negative effects of what you do as well. So why don’t politicians ever do this? When they pass a law to ban spam, increase copyright duration or take away privacy for some reason or another, why are politicians never asked to put in place benchmarks to see if the laws actually do what they promise? Why aren’t there any plans for a change or a removal of the law if it turns out to do more harm than good? Certainly, by this point in time, there’s a better process to creating regulations than simply saying what they’re intended to do without ever bothering to check to see if those goals are achieved?

I’ve written before about how the notion that “there ought to be a law against that” can lead to ineffective laws with unintended consequences.  The same can happen in the courts when it is perceived that someone has done something wrong – but it doesn’t fit neatly into the charges.

That appears to be what happened in the Lori Drew conviction.  That’s the tragic case where a teenage girl committed suicide after an online ”friend” turned on her.  But the “friend” was really an adult perpetrating a hoax.

Drew was convicted of criminal charges for her actions, but it has been pointed out that she was essentially convicted because her actions were inconsistent with the terms of use of her mySpace account, ie she did not use here real name.

While I understand the desire to do something here – the conviction makes a bad precedent.  Its not unusual for people to use aliases online.  And making it a criminal offense to violate terms of service is scary.

Techdirt has some good postings on the topic - follow through the Techdirt links for more detail.  The latest post points to a post pointing out that the law as interpreted by the conviction would allow any site owner to make anyone they wanted be a criminal merely by the way the terms of use are drafted – such as saying you can’t use the site if your middle name is Ralph.

For the London Free Press – July 28, 2008

Read this on Canoe

A recent Supreme Court of Canada decision concerning a libel suit against a radio host referred to the changing attitudes surrounding public comment and defamation in today’s modern and technologically savvy society.

In WIC Radio Ltd. v. Simpson, the court recognized that in an era where everyone can be a publisher, people may react to comments and interpret people’s comments differently than before.

The case considered whether comments made by a well-known radio talk-show host about a social activist were actionable as defamation. The Supreme Court clarified the tests to determine the parameters of the “fair comment” defence.

In his portion of the decision, Justice Louis LeBel stated:

“There is no doubt that a comment may be defamatory. It must simply be borne in mind that just because someone expresses an opinion does not mean that it will be believed and therefore affect its subject’s reputation.

“This is all the more true in an age when the public is exposed to an astounding quantity and variety of commentaries on issues of public interest, ranging from political debate in the House of Commons, to newspaper editorials, to comedians’ satire, to a high school student’s blog. It would quite simply be wrong to assume that the public always takes statements of opinion at face value. Rather, members of the public must be presumed to evaluate comments in accordance with their own knowledge and opinions about the speaker and the subject of the comments.”

The law will never evolve as fast as technology’s effects. Sometimes that’s good, as it allows things to sort themselves out without changes in the law not in our long-term interest. It’s encouraging, however, to see comments like this, as it shows the Supreme Court considers how the law should evolve in modern reality.

It is quite true that the Internet and other methods of communication cause us to rethink many things.

Justice LeBel’s point is that because we are more used to hearing opinions and points of view from diverse and numerous sources, we are less likely to jump to negative conclusions about the individual being commented on. In other words, a negative comment or two from one or two sources is less likely to make the public think less of the individual, which is the basis of defamation.

And a higher threshold for making the public think less of you can make the traditional cease-and-desist letter in response to that comment a risky move. In what has been dubbed the “Streisand effect,” that kind of response can backfire by bringing even more attention to the comment. As well, a perceived over-sensitive reaction to a comment can actually legitimize the comment.

When faced with the publication of a negative comment, don’t just assume it will be believed. A strong reaction in response demanding the comment be deleted, or some other action be taken, might bring more attention to the initial comment, legitimize it and subject you to ridicule.

Michael Geist says the Ottawa rumour mill indicates that we might see a copyright reform bill soon. His article is worth a read to find out why “the decision to forge ahead with the controversial reform package is a curious one”, and a suggested course of action for getting the copyright reform bill we really do need.

Read Michael’s article

For the London Free Press – April 21, 2008

Read this on Canoe

A recent court of appeal ruling found that Craigslist — a popular venue which provides an electronic forum for those who want to buy, sell or rent housing or other goods and services — should be treated like an Internet service provider and should not be liable for material posted by third parties.

That decision is sensible, and should be the norm for sites that provide for content added by others. That is similar to the concept that phone companies and Internet service providers should not be liable for their customers’ messages and conversations.

Craigslist came under scrutiny when the Chicago Lawyer’s Committee for Civil Rights sued Craigslist, arguing the Internet classified ads company violated the Fair Housing Act by publishing discriminatory housing posting.

Under American law, section 360(4)(a) of the Fair Housing Act forbids discrimination on account of race, religion, sex, or family status when selling or renting housing. This prohibition is accompanied by a ban on ads that state a preference with respect to any of the protected classes, essentially making it illegal to print or publish any type of notice or ad for the sale or rental of a dwelling that indicates a preference for race, colour, religion, sex, handicap, familial status or national origin.

The Chicago Lawyer’s Committee noted offensive comments in notices for the sale or rental of homes on Craigslist, including comments like “no minorities” or “no children.”

The matter was recently appealed to the U.S. Seventh Circuit Court of Appeal. The key issue in the appeal was whether the site could be liable for allowing customers to post discriminatory housing ads. The lower court decision was upheld. The court found Craigslist should be treated like an Internet service provider and should not be liable for materials posted by third parties.

The judge considered whether Craigslist should hire staff to vet postings, but concluded this would be expensive and futile. Vetting would result in posting delays that defeat the purpose of Craigslist.

Each month, more than 30 million notices are posted to the system. Fewer than 30 people, all based in California, operate the system that offers classifieds in 450 cities. It would be necessary to add staff, indirectly increasing consumer costs, to handle the sort of editorial review the committee demanded.

In addition, whether something is inappropriate or offensive is a judgment call.

One of the ads cited contained the phrase, “Catholic church and beautiful Buddhist temple within one block,” which the committee viewed as a signal of religious preference.

Craigslist viewed it as an objective description of a neighborhood that would help people zero in on properties attractive to them. Craigslist noted it is no more exclusionary than assuming an ad reading “elementary school within five minutes” would indicate a landlord would refuse to rent to childless couples. It is not reasonable to expect such companies to exercise something akin to judicial oversight.