That’s the title of my Slaw post for today.  It reads as follows.

Ann Cavoukian – the Ontario Privacy Commissioner – has written an excellent op-ed in the Financial Post entitled Beware of ‘Surveillance by Design’.

It starts off with:

I feel the need to raise a growing concern regarding the lack of understanding of a key privacy issue – the ease of data linkages in an ever-increasing online world.

In this day and age of 24/7 online expanded connectivity and immediate access to digitized information, new analytic tools and algorithms now make it possible, not only to link a number with a name, but also to combine information from multiple sources, ultimately creating an accurate profile of a personally identifiable individual.

The Commissioner weighs in on the controversial Alberta Leon’s case that decided license plates are not personal information – which differs from other provinces.

She also expresses her concerns about the pending federal “lawful access” laws, saying that:

In my view, this represents a looming system of “surveillance by design,” that should concern us all in a free and democratic society.

That’s the title of my Slaw post for today.  It reads as follows.

The trend to more invasive surveillance and control by North American governments (indeed, by many countries that we consider civilized democracies), or their granting of too much control to others is disturbing. Too many things are making creeping (and sometimes creepy) inroads into privacy rights, along with the usual specious “if you’ve got nothing to hide… ” argument. Too many things are tending towards shoot first, ask questions later. And governments are too eager to look to ISP’s and others who run the internet pipes to control what flows through.

Some examples:

The proposed US SOPA (Stop Online Piracy Act) that is being loudly opposed. It has been characterised as net censorship, an attempt to regulate the internet, and breaking the internet as we know it. It could result in entire web sites being taken down based merely on an allegation that one post or comment infringes copyright.

The proposed Canadian Lawful Access legislation that would allow much more invasive internet information to be given to authorities without warrants. This resulted in a lengthy letter by the Privacy Commissioner to the Ministers responsible.

The increasing use of license plate cameras by police, such as in the Washington DC area. In its simplest, most privacy friendly form, car mounted or fixed cameras read car license plates and flag any that are contained in a database of stolen or suspect vehicles. No record is kept of any plates other than those of interest. But it has come to light that some of the systems store the details of every single plate that they capture, and retain that for long periods of time.

The Canadian government is expected to propose a bill shortly that would allow law enforcement unfettered access without judicial oversight (ie without a warrant) to certain information about you from your ISP, phone company, or other online service provider. 

David Fraser has posted a good piece explaining what it is about that I encourage you to read.  As David puts it, the concept is “inconsistent with your rights to privacy and is dangerous to the free and open internet. ”

For more information, look at what I have written about it before.  Also look at openmedia.ca which is campaigning against the proposed law.

I’m not a fan of laws that require entities such as ISP’s to retain data about its customers so law enforcement can get to it.  To me, that flies in the face of privacy principles that say one should only retain personal information (both quantity and duration) to the extent it is required to fulfil the purpose of the services being offered.

I’m not convinced that the benefit to law enforcement outweighs the negative aspects of this – which range from costs to the entity retaining, the risk of abuse, and the risk of exposing it.   It is hard enough to protect the information that entities need, let alone information they don’t need.  And the more information you have, the more you are a target for malfeasers trying to get at it.

Mike Masnick of Techdirt has a post worth reading on the subject.  He refers to a researcher and author who says that a current US bill, the “Protecting Children from Internet Pornographers Act”  should be called the  ”Forcing Your Internet Provider to Spy On You Just In Case You’re a Criminal Act of 2011″.

Unfortunately, we are heading down the same path here in Canada with the proposed lawful access statute.

Michael Geist has written a good article in the Ottawa Citizen disucssing why the proposed “lawful access” internet surveillance law should not be passed.

From teh article:

Lawful access raises genuine privacy and free speech concerns, particularly given the fact the government has never provided adequate evidence on the need for it, it has never been subject to committee review, and it would cost millions to implement yet there has been no disclosure on who would actually pay for it. Given this, it is not surprising that every privacy commissioner in Canada has signed a joint letter expressing their concerns.

Like David Fraser and Michael, I have ranted on this before.   I have a real problem with legislation that erodes privacy and requires ISP’s or others to retain information for the sole purpose of government access to it. And when that access is not tempered by the need for a warrant.

Issues include erosion of privacy, the potential for misuse of the information (intentionally, accidentally, or creeping uses) the costs of ISP’s to comply, and whether the measures will actually have any meaningful impact on crime.

That’s the title of my Slaw post for today.  It reads as follows.

For the record, I don’t support the NDP, and their fiscal policies are plain scary. But that doesn’t mean that their viewpoints on everything ought to be ignored. The NDP tech policies on issues such as net neutrality, usage based billing, and copyright are in many ways more compelling than the Conservative policies. Now that the Conservatives have a majority and don’t have to fight for their existence every day – lets hope they take a step back, take a deep breath, and take a fresh approach to tech issues.

The prosperous future of Canada is to a great extent dependant on the use of technology, the internet and wireless access, and all things digital. That is true for consumers, for business, and for innovators. It is important to have policies that foster that. That point will no doubt be made repeatedly at the Canada 3.0 Conference taking place today and tomorrow.

On the proposed lawful access bill for example. Either drop it all together, or take another serious look at it. Mr. Harper has said that the rights of ordinary citizens should be more valued than the rights of criminals. So recognize that individuals have privacy rights that ought to trump the ability for law enforcement to go on random warrant-less fishing expeditions into our digital lives. If that isn’t a good enough reason, recent data breaches should teach us that the easiest way to prevent a data breach is not to have the data in the first place. Don’t tempt fate by requiring service providers to retain information on customers that is not needed to provide their services. As well, requirements to retain data are in effect an additional tax on the tech sector.

Copyright reform has been a hot topic for years, with many controversial bills being drafted but never passed. One of the issues that concern many of us are provisions that support digital locks. Those provisions do more harm than good, and in essence turn copyright policymaking over to rights holders. There is also the appearance – reinforced by recent wikileaks documents – that too much consideration is being given to the pressures of foreign entertainment lobbies and governments. The NDP policy on copyright merits consideration when drafting the next bill, as it seems to take a more balanced made in Canada consumer friendly approach.

That’s the title of my Slaw post for today.  It reads as follows.

This is not about the election – it is about the need to consider this issue carefully before passing any new laws.

Michael Geist and David Fraser (here and here) have written detailed articles on this issue that I concur with and recommend. I want to weigh in as well as this is an important issue. I have a problem with legislation that erodes privacy and requires ISP’s or others to retain information for the sole purpose of government access to it. And when that access is not tempered by the need for a warrant.

Issues include erosion of privacy, the potential for misuse of the information (intentionally, accidentally, or creeping uses) the costs of ISP’s to comply, and whether the measures will actually have any meaningful impact on crime.

We are critical when countries like France pass data retention laws that trash privacy. Or when other countries use personal information to control and persecute and go way beyond criminal investigations. All justified, of course, by the claim that it is somehow criminal. We should be no less critical when our own governments try to pass similar laws.

(I’m convinced, by the way, that if Julian Assange was in China revealing Chinese documents the way he has revealed US documents, he would be hailed by the US as a hero, not vilified as a traitor. But I digress.)

For the London Free Press – December 13, 2010

Read this on Canoe

Proposed legislation could have major implications for businesses, consumers

Development and innovation of technology inevitably breeds new laws to regulate that technology. For lawyers practising Information Technology law, there is a considerable amount of potential new law to digest.

For example, Bill C-28, the Fighting Internet and Wireless Spam Act, brings in several anti-spam measures. While this is welcome by most people, the language may take in things we may not consider to be spam and affect how typical businesses communicate. Since the penalties are significant, we need to take a close look at this act before it takes effect to understand what it will mean for a typical business or organization.

Bill C-29 would make several changes to the Personal Information Protection and Electronic Documents Act. Most of these were expected – and welcome – because they address issues arising from the current law.

But there are new parts that could use clarification. Language that tries to clarify what constitutes “lawful authority” to release information to law enforcement when requested doesn’t make clear what proof or threshold of proof is required. It also contains language requiring that the privacy commissioner and affected individuals be notified of breaches in some circumstances. The language has threshold tests, which on the surface are not as clear as they might be. If this language stays, it may take a decision by the privacy commissioner and/or a court to clarify the threshold.

Bill C-32, the Copyright Modernization Act, is the latest of several attempts to amend the Copyright Act. Controversial elements include digital lock provisions that would let publishers trump user rights. Much has been written about this, including a book entitled From Radical Extremism to Balanced Copyright: Canadian Copyright and the Digital Agenda, written by several copyright experts.

Bill C-51, which would amend the Criminal Code, Competition Act and Mutual Legal Assistance in Criminal Matters Act a.k.a. Investigative Powers for the 21st Century Act, is the latest effort to give law enforcement more access to electronic communications.

But what proponents call “lawful access” bills, critics deride as “awful access” bills. They question whether making things easier for law enforcement is worth the significant erosion in privacy and extra costs to Internet service providers.

These bills may have far-reaching practical implications, not only for many businesses and organizations, but also for consumers.

That’s the title of my Slaw post for today.  It reads as follows.

Those who practice in the IT area have a lot of potential new law to digest.  The Federal government has several bills in various stages that will affect many businesses and organizations, and all of us as consumers.  These bills have been mentioned on Slaw, but I thought it was worthwhile listing them all in one place. 

Bill C-28    Fighting Internet and Wireless Spam Act.  

This bill brings in several anti-spam measures.  While this is welcome by most people, the language has the possibility to affect how typical businesses communicate.  Things that we may not consider to be spam might get caught by the act.  Since the penalties are significant, we will have to take a close look at this before it is in force to understand what it means for a typical business or organization. 

Bill C-29     An Act to amend the Personal Information Protection and Electronic Documents Act

This would make several amendments to PIPEDA.  Most of the amendments were expected, and are welcome as they address issues that have arisen from the current legislation.  There are a couple of new parts that could use some clarity, though.  Language that attempts to clarify what “lawful authority” is that allows one to release information to law enforcement doesn’t really seem to clarify what the threshold of proof is, or what to ask for.  It also contains language that requires notification of breaches in certain circumstances to both the privacy commissioner and the affected individuals.  The language has threshold tests – which on the surface are not as clear as they might be.   If this language stays, it may take a privacy commissioner decision and/or court decision to clarify the threshold.  The best source for more information is David Fraser’s blog

Bill C-32     Copyright Modernization Act.

This is the latest of several attempts over the years to amend the Copyright Act.  Controversial elements include digital lock provisions that will allow publishers to trump user rights.  There has been a lot written about this, including a book entitled From “Radical Extremism” to “Balanced Copyright”: Canadian Copyright and the Digital Agenda written by several copyright experts. The best source for more information about the bill is Michael Geist’s blog.

Bill C-51     An Act to amend the Criminal Code, the Competition Act and the Mutual Legal Assistance in Criminal Matters Act aka Investigative Powers for the 21st Century Act. 

There also appears to be at least one companion bill, C-52.  This is the latest incarnation of what has been dubbed a “lawful access” bill.   The bill essentially tries to give law enforcement more access to electronic communications.    Critics refer to the bills as “awful access”, and point to the erosion of privacy and the costs ISP’s will need to spend.  They also question the practical effectiveness of the measures.   This bill is hot off the press, and I have not had time to look at it – but in general I fall into the ”awful access” camp.  Expect more commentary on this from both Michael and David.

We get upset when governments outside of North America insist on being able to monitor internet based communications.   But we shouldn’t get too smug about it, as the same thing happens in North America.  See these posts that talk about a new attempt to legislate backdoor internet access in the US, why its a problem, and links to other commentary.  CircleID       Techdirt

The three strikes concept just won’t go away either.  Basically it allows or requires sites or internet access to be shut down based on unproven allegations they are used for infringement.  A new proposed US bill would do that.  See the CircleID link above for their take on that.

Mike Masnick of Techdirt puts that bill in perspective by saying that the same logic used by the proponents of the bill would have in the past banned Hollywood itself, the recording industry, radio, the DVR, and other ubiquitous things.

UPDATE: Also see the EFF take on the backdoor bill.