Conservative Senator Leo Housakos this week raised the possibility of a
hearing into Bell's privacy practices in light of recent disclosures
involving collection and use of data for targeted advertising purposes.
Housakos gave notice of a motion
for a hearing by the Standing Senate Committee on Transport and
Communications involving Bell and the Privacy Commissioner of Canada.
Housakos raised concerns about Bell's practices in the Senate last month, noting:
Therefore, the fundamental question is: What should we permit as a
society? Where do we draw the line between what is private information
and what can reasonably be shared with the general public as well as
advertisers? We, as a society, must address these questions before media
companies render it a moot point.TagsShareFriday December 06, 2013
Liberal MP Judy Sgro continued her efforts yesterday to add
lobbyist-inspired provisions to Bill C-8, the anti-counterfeiting
legislation. Having already proposed
removing the personal exception for travelers (leading to increased
border searches) and a "simplified procedure" for the seizure of
goodsthat would remove court oversight in the destruction of
goods in a greater number of cases, Sgro proposed an amendment to add
statutory damages with a mandatory minimum of $1,000 and a maximum of
$100,000 in liability. The provision would limit the discretion of
judges to order damages based on the evidence.
The statutory damages provision was another ask for intellectual property lobby groups. As I noted in my appearance before the committee:
Read More ...
With respect to trademarks, statutory damages are
unnecessary. Rights holders frequently cite the specific
value of their goods and the harm associated with counterfeiting.
If these claims are accurate, demonstrating that value for the
purposes of damage awards should not be difficult. Moreover, other
countries have experienced problems with statutory damages for
trademarks. For example, Taiwan reformed its trademark
statutory damages provisions when courts began awarding
disproportionate awards. In the U.S., statutory damages for
trademark has led to trademark trolls engaging in litigation
designed primarily to obtain costly settlements against small
businesses that can ill-afford to fight in court.
The Liberal amendment was defeated and the bill has been voted out
of committee with only minor changes. However, it is shocking to see
the Liberals proposing draconian intellectual property reforms that
went beyond what even the Anti-Counterfeiting Trade Agreement (ACTA)
TagsShareThursday December 05, 2013
On December 15, 2010, the Canadian government (then described as the Harper Government) celebrated the granting of royal assent for the Fighting Internet and Wireless Spam Act,
Canada's long overdue anti-spam legislation. The last step for the bill
to take effect was to finalize the associated regulations. Passing
those regulations ultimately proved more difficult than passing the law
itself, as an onslaught of lobby groups used the regulatory process to
try to delay, dilute, and ultimately kill the anti-spam law.
Nearly three years after the legislation received royal assent, Industry Minister James Moore today announced that the regulations
are now final and the law will begin to take
effect next year (the spam provisions take effect on July 1, 2014; the
software provisions start on January 15, 2015). The finalized
regulations involve further concessions
to the lobby groups opposed to the legislation as they create a new exception for third party referrals
(permitting a single referral without consent) and largely exempt
charities from many of the new rules. The private right of action that would facilitate lawsuits to combat spam will be delayed until July 1, 2017. These issues were all extensively
discussed and debated during the legislative process and there was no
need for further changes.
While those changes are a disappointment, the far bigger story is that
Canada finally has an anti-spam law grounded in an "opt-in" approach
that requires marketers to obtain customer consent before sending
commercial electronic messages.Read More ...
TagsShareWednesday December 04, 2013
The move will provide Canadians with greater control over their
in-boxes, while also resulting in more effective electronic
marketing campaigns for businesses. The shift to opt-in should be
felt across all marketing as consumers increasingly expect prior
permission before marketers and organizations use their personal
information (think of Bell's massive use of customer data for
targeted ads or the do-not-call list, which are both premised on
opting out, but may move to opt-in).
The finalized regulations include several new or expanded
- details on a business-to-business exception including emails
sent "to an employee, representative, consultant or franchisee
of another organization if the organizations have a relationship
and the message concerns the activities of the organization to
which the message is sent"
- registered charities engaged in fundraising
- political parties and political candidates seeking financial
- messages to sent to recipients in countries with approved
anti-spam laws (there is a list of those countries in the
regulations which highlight just how far behind Canada is on
- messages on limited-access, secure and confidential accounts
that can only be provided by the recipient
- messages in messaging services that make information on opting
out readily available
- third party referrals for the first commercial message (ie.
one opportunity to send a third party referral message)
- messages responding to complaints or customer inquiries
- messages related to legal obligations or enforcing legal
The finalized regulations are also significant in that they
represent a rejection of an extensive lobby campaign based on
generating fear, uncertainty and doubt about a law that actually
allows for virtually any marketing with consent and includes a
myriad of exceptions for organizations across the country. The
Canadian Chamber of Commerce led the charge, arguing that opt-in
should be dropped for business-to-business email altogether and that
the government should have held another round of consultations to
further delay the rest of the legislation (it hoped to change the
definitions within the law, something the government rejected). The
Chamber was joined by organizations such as CRIA/Music Canada, which
claimed the law would pose an "immense threat to independent labels
and young bands."
Moreover, despite the numerous carve outs, the business groups
claimed that the law would result in significant new expenditures,
including the need to maintain a database of opt-in consents and a
website to allow for easy access to contact information and
unsubscribe mechanisms. Yet those businesses are already required to
maintain databases with opt-out information and electronic marketing
without a website seems somewhat pointless.
The reality is that the new law will require many businesses to
adjust (I address some of key issues in posts here
However, opt-in systems, form requirements, and unsubscribe
mechanisms are found in countries around the world and their
businesses have not ground to a halt. For thousands of Canadian
organizations with mailing lists and active marketing activities,
once they ask for and obtain consent, there will be no need to focus
on exceptions or loopholes in the law. Simply asking customers for
consent - the slow pace of implementation means that all
organizations have years to do it - and they will have met the major
requirement to continue electronic marketing to them in compliance
with Canada's new law.
The law won't stop all spam, but it should enable authorities to
target the worst offenders backed by tough penalties. It should also
foster a change in attitude toward the use of personal information
for marketing purposes as consumers demand opt-in consents for
electronic marketing and greater disclosure during the installation
of computer software. With the government emphasizing a
"pro-consumer" approach, finalizing the anti-spam regulations
represents a long-overdue win for consumers as Canada becomes the
last major developed economy to implement anti-spam legislation.
The Standing Committee on Industry, Science and Technology held its
clause-by-clause review of Bill C-8, the anti-counterfeiting bill yesterday. I appeared
before the committee last month to express concerns about some lobbyist
demands for reforms, including removing the exception for personal
goods of travelers, the inclusion of statutory damages for trademark
infringement, and targeting in-transit shipments.
While the committee did not complete the review of the bill - it will
resume on Wednesday - the surprise of the day involved Liberal MP Judy
Sgro proposing that the government remove the exception for personal
travelers. Given that personal use exceptions are even included in the
Anti-Counterfeiting Trade Agreement, it is shocking to see any party
proposing their removal, which would result in longer delays at the
border and increased searches of individual travelers. The proposal
failed since it was rejected by both the Conservatives and NDP, with the
NDP noting that "this was one of the important provisions that brought
some balance to the bill."
Read More ...
The Liberals also proposed a "simplified procedure" for the seizure
of goods, another demand of lobby groups that would remove court
oversight in the destruction of goods in a greater number of cases.
Both the Conservatives and Liberals noted that this would alter the
balance in the bill and rejected the proposal.
The committee did pass several amendments proposed by the
Conservatives that include allowing for information to be shared by
border officials and rights holders for the purposes of settlements
and expanding those goods encompassed by the law that are not yet
trademark protected (the example given was the use of a trademark on
a related item). The NDP proposed a misuse provision by rights
holders be added to the bill, but that was defeated. The review of
the bill continues on Wednesday, but the big story of the first day
of review was the Liberal's support of lobby groups seeking to crack
down on consumers.
TagsShareTuesday December 03, 2013
Ten years ago, Canada held the distinction of being the top ranked
country in the world for the breadth and sophistication of its
electronic government services. Citing the Canadian government's
integrated, strategic approach, annual assessments by Accenture found
that more important services were offered online in Canada than anywhere
Fast forward a decade and Canada's e-government rankings have steadily
declined, a victim of astonishing neglect by the current Conservative
government. Last week, the auditor general issued a scathing report on
the state of e-government in Canada, noting the lost opportunities for
reduced expenses and greater efficiencies as well as the complete
absence of strategic vision.
My weekly technology law column (Toronto Star version, homepage version) notes the successful implementation of e-government initiatives should be a
win-win scenario. For Canadian businesses and citizens, it offers
convenience and round-the-clock access. For government, the shift
online offers the promise of significant cost savings. Indeed, rather
than simply eliminating programs, the government could focus on cutting
costs by emphasizing lower cost electronic delivery of its services.
Read More ...
According to the auditor general, a 2011 study by Treasury Board and
Employment and Social Development Canada found that the cost of an
in-person transaction was $28.80 compared to only 13 cents for the
online equivalent. A 2011 United Kingdom study arrived at similar
conclusions, with online transactions 50 times cheaper than
Given its potential, Canada invested heavily in the early part of
the century in online government services. By 2005, the federal
government had encouraged a growing number of users to shift their
transactions to the Internet by providing access to 130 of the most
important government services electronically.
Yet over the past eight years, e-government in Canada has remained
at a virtual standstill. The auditor general reports:
"We examined whether there is a Government of Canada strategy for
delivering online services and found that there is no
government-wide service delivery strategy and that there has been
no overall assessment of client needs and satisfaction since 2005.
Therefore, the government has little information about what
Canadians want and how they wish to be served across the
departments. Although the government has identified in both Budget
2012 and Budget 2013 the importance of improving services to
Canadians at a lower cost, no strategy has been implemented to
establish priorities or guidance for doing so online."
In fact, the e-government strategic failure cuts across government
departments. For example, the auditor general looked at Industry
Canada and found that Minister James Moore's department "does not
have an overall service delivery strategy" and "there is no overall
strategy that focuses on service delivery or online services."
The failures are not solely a matter of a missing strategy. Earlier
this month, Public Works and Government Services Canada changed its
approach to granting crown copyright licences for users of
government works with no consultation or advance warning.
While the government's earlier approach exempted non-commercial uses
from the need to obtain a licence, the non-commercial licence has
mysteriously disappeared and the department now says it no longer
handles licensing. For Canadian publishers and educators, the
change creates significant uncertainty, requiring them to track down
the relevant department and hope that permission is forthcoming to
use works that have been paid for by taxpayers.
The government has accepted the auditor general's recommendations
and promised to take action. However, it is remarkable that an
issue like e-government has been neglected for eight years,
resulting in lost opportunities for cost savings and more efficient
delivery of government services.
TagsShareTuesday December 03, 2013
of the government's introduction of Bill C-13, the lawful
access/cyberbullying bill, quickly focused on the inclusion of
provisions that seemingly had little to do with cyberbullying, including
terrorism and theft of cable. While the government has tried to justify
the omnibus approach on the grounds that it is modernizing
investigative powers in the Criminal Code, it is striking that some MPs
have claimed that there is an even more direct link.
Bob Dechert, the Parliamentary Secretary to the Minister of Justice, said the following during debate on Bill C-13 in the House of Commons:
Read More ...
With respect to the cable, I would like the member to consider if
his cable were being tapped into by someone who was transmitting
child pornography over the Internet, or if his home Wi-Fi was
being tapped into by someone who was using it to cyberbully
another child, he would want to know about that and he would want
that to stop. The modernization of those provisions is simply to
bring them up to date.
The amendments proposed on those long-standing offences of
stealing cable are already in the Criminal Code in section 327.
They simply update the telecommunication language to expand the
conduct, to make it consistent with other offences, such as
importation and makes available to the prohibited conduct, which
is also set out in section 327. These are really in the manner of
housekeeping amendments, which need to be done to make those
particular provisions more effective.
However, I would like him to think about the
potential for someone who is doing cyberbullying, transmitting
child sexual images, or perhaps planning a terrorist act, doing
it by tapping into some law-abiding citizen's cable or Wi-Fi
In other words, Dechert is suggesting that accessing a neighbour's
cable or wireless Internet access might somehow be linked to
planning a terrorist attack, sending child pornography, or engaging
in cyberbullying. I would happy to think about the potential
for cable theft to play a role in terrorist plots. In fact, I think
most would agree that there is no likelihood whatsoever and that the
government should stop trying link provisions in their
"cyberbullying bill" that have nothing to do with cyberbullying.
TagsShareMonday December 02, 2013
Justice Minister Peter MacKay appeared last week before the Standing
Committee on Justice and Human Rights and was asked once again about the
inclusion in Bill C-13 of an immunity provision for intermediaries for
the voluntary disclosure of personal information. MacKay again suggested
that warrants would be required for disclosure, yet this is simply
inaccurate. The exchange:
Read More ...
Hon. Peter MacKay: I would disagree with your characterization as
giving Internet service providers immunity. What it is asking is
that we respect the existing law, that we work closely with them,
as they are in fact to use the analogy, they are the highway, they
are the infrastructure in which the information travels, so by
necessity we have to work with them. On the subject that you
raised yesterday and are alluding to here again, Mr. Casey, the
ability to provide voluntary access to that information still
requires respecting the law. It still requires adherence to what
is called PIPEDA, it's another federal statute in which what this
legislation will do is freeze in time the material which is sought
out and require individuals to hold that information until such
time as a warrant can be obtained. So it is a preservation
provision of this statute that allows police to then go about
securing the necessary judicial authorization, in essence the
TagsShareMonday December 02, 2013
Mr. Sean Casey: It also protects them from civil action and
criminal sanction by producing this information voluntarily.
Hon. Peter MacKay: Only if they comply with the law. They're
not immune from prosecution or civil action if they go outside the
boundaries of the law, that is if they do not comply with
warrants, if they do not comply with the preservation orders
within the prescribed periods.
While MacKay is correct that Internet providers must comply with the
law, he is wrong to suggest the voluntary cooperation only extends
to preserving information until a warrant can be obtained (and he is
wrong that compliance with the law is linked to compliance with
warrants or preservation orders; the compliance with the law speaks
to compliance with laws such as PIPEDA).
As I posted
, this is not complicated. PIPEDA allows for
voluntary disclosure of personal information without court
oversight. Bill C-13 would provide complete civil and criminal
immunity for ISPs that disclose subscriber information voluntarily.
Such voluntary disclosure could occur without a warrant or any court
oversight. Minister MacKay's repeated assurances that there is
a warrant involved with the disclosure is simply wrong.
The debate on Bill C-13 opened yesterday in the House of Commons with
opposition MPs calling on the government to split the bill into two
(cyberbullying and lawful access) and raising concerns about the voluntary disclosure provision
that would give Internet providers complete criminal and civil immunity
for voluntary retention and disclosure of subscriber information. When
asked about the issue, Justice Minister Peter MacKay said the following:
The provision would clarify that the police officer can lawfully ask -
and he points out - that individuals and groups voluntarily preserve
data or provide documentation, but only when no prohibition exists
against doing so. That is to suggest that organizations would still be
bound by the Personal Information Protection and Electronic Documents
Act, something known as PIPEDA, which makes it clear that an
organization is entitled to voluntarily disclose personal information to
the police, without the consent of the person to have the information
However police have to have lawful authority to do so. They
still have to obtain a warrant. They can ask that the information be
preserved and temporarily put on hold so that it cannot be deleted, but
in order for police to access that information that is frozen, they must
still obtain a warrant. There is no warrantless access.
Unfortunately, MacKay is wrong.
Read More ...
TagsShareThursday November 28, 2013
PIPEDA, the private sector privacy law, does contain an exception
for voluntary warrantless disclosure as part of a law enforcement
investigation. Section 7(3)(c.1)(ii) states
For the purpose of clause 4.3 of Schedule 1, and despite the note
that accompanies that clause, an organization may disclose
personal information without the knowledge or consent of the
individual only if the disclosure is
(c.1) made to a government institution or part of a
government institution that has made a request for the
information, identified its lawful authority to obtain the
information and indicated that
(ii) the disclosure is requested for the purpose of
enforcing any law of Canada, a province or a foreign jurisdiction,
carrying out an investigation relating to the enforcement of any
such law or gathering intelligence for the purpose of enforcing
any such law
As MacKay notes, this provision allows for voluntary disclosure of
personal information without court oversight. Indeed, we know that
Internet providers disclose subscriber information tens of thousands
of times every year without such oversight (and without transparency
on their practices).
Yet MacKay is wrong when he says that police must obtain a warrant
to access the information. With the voluntary disclosure, law
enforcement has access and there is no warrant. MacKay seems to
think "lawful authority" is a reference to a warrant. In fact, the
opposite is true as Bill C-12 (the PIPEDA reform bill) sought to clarify
of "lawful authority" by defining it as an
authority other than a warrant or court order.
The changes in Bill C-13 would likely increase voluntary disclosures
without a warrant since ISPs and telecom providers would know that
any warrantless disclosure would be free from legal liability. There
have been some efforts to suggest that the PIPEDA exception is
limited to less sensitive data, but the government has never
confirmed this to be the case. In fact, in its 2007 response to
PIPEDA reform recommendations, it stated
The government wishes to confirm that the purpose of
s. 7(3)(c.1) is to allow organizations to collaborate with
law enforcement and national security agencies without a subpoena,
warrant or court order.
With the change in C-13, ISPs and telecom companies may be far more
willing to disclose information about their subscribers without fear
of liability. Indeed, law enforcement will be able to point to
PIPEDA and the changes to argue that complete cooperation without a
warrant is perfectly permissible and carries no legal risk of
liability. That represents a serious privacy risk and Justice
Minister MacKay is wrong to downplay the concern and inaccurately
tell the House of Commons that there is no warrantless access.
In February 2012, then-Public Safety Minister Vic Toews introduced
Internet surveillance legislation that sparked widespread criticism from
across the political spectrum. The overwhelming negative publicity
pressured the government to quickly backtrack by placing Bill C-30 on
hold. Earlier this year, then-Justice Minister Rob Nicholson announced
that the bill was dead, confirming "we will not be proceeding with Bill
C-30 and any attempts that we will continue to have to modernize the
Criminal Code will not contain the measures contained in C-30."
My weekly technology law column (Toronto Star version, homepage version) notes that Nicholson's commitment lasted less than a year. Last week, Peter MacKay,
the new federal justice minister, unveiled Bill C-13, which is being
marketed as an effort to crack down on cyber-bullying. Yet the vast
majority of the bill simply brings back many (though not all) lawful
access provisions found in Bill C-30.
Read More ...
There were hints that this might be the government's plan. In
October 2012, the Canadian Association of Chiefs of Police renewed
its call for lawful access (the bill was still on hiatus at the
time), shifting its focus away from child predators to
cyber-bullying. In fact, the lawful access issue has long been
the source of changing justifications, moving from terrorism to spam
to child predators and now to cyber-bullying.
The latest bill leads with cyber-bullying, creating a new offence
for anyone who knowingly publishes, distributes, transmits, sells,
makes available or advertises an intimate image of a person without
consent. The offence carries up to a five-year jail term and judges
are empowered to prohibit someone convicted under the law from using
the Internet or other digital networks.
Most of the 70-page bill is devoted to bringing back the lawful
access provisions, however (though two of the most controversial
rules on mandatory warrantless access to subscriber information and
Internet provider surveillance capabilities have both been removed).
For example, the bill encourages telecom companies and Internet
providers to reveal information about their customers to law
enforcement without a court order by granting them immunity from
criminal or civil liability for such disclosures. This provision
opens the door to co-operation on the widespread surveillance
activities revealed in recent months.
The bill also creates several new warrants with big privacy
implications. One new warrant targets metadata, the information
generated by email and phone communications such as location, time,
device, and the person being contacted. Ironically, the warrant
would establish a lower standard for metadata just as the Supreme
Court of Canada recently warned that "it is difficult to imagine a
more intrusive invasion of privacy than the search of a personal or
home computer", pointing to metadata as one of the reasons why.
Another new warrant covers location information, including the
ability to install tracking devices on individuals. The bill grants
a judge the power to prohibit the disclosure of the existence or
content of these warrants, meaning that subscribers may be kept in
the dark when being tracked or having their information disclosed.
In addition to the new warrants, the bill criminalizes software that
can be used to access services such cable television, Internet
access, and telephone services without payment. The law previously
targeted devices that could be used to obtain access, but the bill
would expand the provision to cover software programmers that create
code with these capabilities as well as users that download such
Law enforcement officials have been asking for some of these
provisions for many years and there could be a good debate on the
merits of many of the proposed reforms. Yet the government is
signalling that it would prefer to avoid such debates, wrapping up
the provisions in the cyber-bullying flag and backtracking on its
commitment to not bring forward Criminal Code amendments that were
contained in the controversial Internet surveillance bill.
TagsShareWednesday November 27, 2013
Since the first Snowden revelations earlier this year, there has been
much speculation about the use foreign intelligence agencies (such as
the NSA) to conduct surveillance on Canadians. While the government is
always careful to say that CSEC does not spy on Canadians, many suspect
that each of the "five eyes" agencies (the US, UK, Canada, Australia,
and New Zealand) do it on their behalf. Yesterday, a federal court
the practice as part of a decision that found CSIS "breached its duty
of candour to the Court by not disclosing information that was relevant
to the exercise of jurisdiction by the Court and to the determination by
the Court that the criteria of investigative necessity and the
impracticality of other procedures set out in subsection 21 (2) of the
CSIS Act had been satisfied."
The lack of candour appears to arise from the failure to disclose that
the CSIS warrants would involve seeking CSEC assistance in requesting
foreign interception of Canadian communications:
the Court has determined that the execution of the type of warrants
at issue in Canada has been accompanied by requests made by CSEC, on
behalf of CSIS, to foreign agencies (members of the “Five Eyes”
alliance), for the interception of the telecommunications of Canadian
Read More ...
TagsShareTuesday November 26, 2013
The release from the court leaves little doubt about its view of the
the Court considers it necessary to state that the use of "the
assets of the Five Eyes community" is not authorized under any
warrant issued to CSIS pursuant to the CSIS Act. The question of
whether CSIS may, with the assistance of CSEC, engage the
surveillance capabilities of foreign agencies was not raised in
the application that resulted in the issuance of the first such
warrant or in any subsequent warrants of this type.
The Globe reports
it has received records indicating that CSEC receives dozens of
these kinds of requests each year from CSIS, the RCMP, CBSA, and