Text: Small Text  Normal Text  Large Text  Larger Text
  • Blog

Blog Archive

SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031
Michael Geist's Blog

The Expansion of Warrantless Disclosure Under S-4: Government's Response Fails to Reassure

My post and column on the expansion of warrantless disclosure under Bill S-4, the misleadingly named Digital Privacy Act, has attracted some attention and a response from Industry Canada.  The department told iPolitics:

"Companies who share personal information are required to comply with the rules to ensure that information is only disclosed for the purpose of conducting an investigation into a contravention of a law or breach of an agreement. For example, self-regulating professional associations, such as a provincial law society, may wish to investigate allegations of malpractice made by a client. When organizations are sharing private information, the Privacy Commissioner can investigate violations and may take legal action against companies who do not follow the rules. This is consistent with privacy laws in British Columbia and Alberta and was recommended by the Standing Committee Access to Information, Privacy and Ethics."

The response may sound reassuring, but it shouldn't be.


Tags:
, , ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

Why the Digital Privacy Act Undermines Our Privacy: Bill S-4 Risks Widespread Warrantless Disclosure

Earlier this week, the government introduced the Digital Privacy Act (Bill S-4), the latest attempt to update Canada's private sector privacy law. The bill is the third try at privacy reform stemming from the 2006 PIPEDA review, with the prior two bills languishing for months before dying due to elections or prorogation. 

The initial focus has unsurprisingly centered on the new security breach disclosure requirements that would require organizations to disclose breaches that puts Canadians at risk for identity theft. Security breach disclosure rules are well-established in other countries and long overdue for Canada. The bill fixes an obvious shortcoming from the earlier bills by adding some teeth to the disclosure requirements with the addition of penalties for violations of the law. Moreover, Bill S-4 stops short of granting the Privacy Commissioner full order making power as is found at the provincial level, but the creation of compliance orders has some promise of holding organizations to account where violations occur.

Despite those positive proposed changes to Canadian privacy law, the bill also includes a provision that could massively expand warrantless disclosure of personal information.



Tags:
, , , ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

Digital Canada 150: Why the Canadian Strategy Misses Key Issues and Lags Behind Peer Countries

In my first post on Digital Canada 150, Canada's digital strategy, I argued that it provided a summation of past accomplishments and some guidance on future policies, but that it was curiously lacking in actual strategies and goals. Yesterday I reviewed how Canada's universal broadband access target lags behind much of the OECD (Peter Nowak characterizes the target as the Jar Jar Binks of the strategy). The problems with Digital Canada 150 extend far beyond connectivity, however.  In comparing the Canadian strategy with countries such as Australia and the United Kingdom, it becomes immediately apparent that other countries offer far more sophisticated and detailed visions for their digital futures. While there is no requirement that Canada match other countries on specific goals, it is disappointing that years of policy development - other countries were 5 to 10 years ahead of Canada - ultimately resulted in a document short on strategy, specifics, and analysis.

For example, compare the clarity of goals between Canada and the Australia strategy:


Tags:
, ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

Digital Canada 150: Why Canada's Universal Broadband Goal is Among the Least Ambitious in the OECD

The release of Digital Canada 150, the federal government's long-awaited digital strategy, included a clear connectivity goal: 98 percent access to 5 Mbps download speeds by 2019. While the government promises to spend $305 million on rural broadband over the next five years and touts the goal as "a rate that enables e-commerce, high-resolution video, employment opportunities and distance education", the reality is that Canada now has one of the least ambitious connectivity goals in the developed world. 

Just how badly does the government's connectivity ambitions compare to other OECD countries? Consider just some of the target speeds from other countries as compiled three years ago by the OECD:


Tags:
,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

Digital Canada 150: The Digital Strategy Without a Strategy

Four years after the Canadian government first announced plans to develop a digital economy strategy, Industry Minister James Moore traveled to Waterloo, Ontario, Friday for the release of Digital Canada 150. The long-awaited strategy document identifies five key areas for policy development: connecting Canadians, protecting the online environment, developing commercial opportunities, digital government, and Canadian content.

My weekly technology law column (Toronto Star version, homepage version) argues the release of Digital Canada 150 succeeds on at least three levels. First, it puts to rest the longstanding criticism that the government is uninterested in digital issues. Moore quickly emerged as the government’s digital leader after taking the reins at Industry Canada, promptly focusing on wireless competition, spam regulation, and now a digital strategy. After years of complaints that the digital strategy issue was Ottawa's equivalent of the "Penske File" - all talk and no action - Moore has acted.


Tags:
,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

U.S. Calls Out Canadian Data Protection as a Trade Barrier

The U.S. Trade Representative issued its annual Foreign Trade Barrier Report on Monday. In addition to identifying the geographical indications provisions in the Canada - EU Trade Agreement, telecom foreign ownership rules, and Canadian content regulations as barriers, the USTR discussed regulations on cross-border data flows. I wrote about the issue recently, noting that the Canadian government restricted access to its single email initiative to Canadian-based hosting.

The USTR picks up on the same issue in its report:

The strong growth of cross-border data flows resulting from widespread adoption of broadband-based services in Canada and the United States has refocused attention on the restrictive effects of privacy rules in two Canadian provinces, British Columbia, and Nova Scotia. These provinces mandate that personal information in the custody of a public body must be stored and accessed only in Canada unless one of a few limited exceptions applies. These laws prevent public bodies such as primary and secondary schools, universities, hospitals, government-owned utilities, and public agencies from using U.S. services when personal information could be accessed from or stored in the United States.
 
The Canadian federal government is consolidating information technology services across 63 email systems under a single platform. The request for proposals for this project includes a national security exemption which prohibits the contracted company from allowing data to go outside of Canada. This policy precludes some new technologies such as "cloud" computing providers from participating in the procurement process. The public sector represents approximately one-third of the Canadian economy, and is a major consumer of U.S. services. In today’s information-based economy, particularly where a broad range of services are moving to "cloud" based delivery where U.S. firms are market leaders; this law hinders U.S. exports of a wide array of products and services.

This issue bears watching given the growing momentum for localized data hosting conflicting with provisions in the Trans Pacific Partnership that would seek to restrict such provisions.
Tags:
, ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
 

How Telcos and ISPs Hand Over Subscriber Data Thousands of Times Each Year Without a Warrant

The lawful access fight of 2012, which featured then-Public Safety Minister Vic Toews infamously claiming that the public could side with the government or with child pornographers, largely boiled down to public discomfort with warrantless access to Internet subscriber information. The government claimed that subscriber data such as name, address, and IP address was harmless information akin to data found in the phone book, but few were convinced and the bill was ultimately shelved in the face of widespread opposition.

My weekly technology law column (Toronto Star version, homepage version) notes the government resurrected the lawful access legislation last year as a cyber-bullying bill, but it has been careful to reassure concerned Canadians that the new powers are subject to court oversight.  While it is true that Bill C-13 contains several new warrants that require court approval (albeit with a lower evidentiary standard), what the government fails to acknowledge is that telecom companies and Internet providers already hand over subscriber data hundreds of times every day without court oversight.  In fact, newly released data suggests that the companies have established special databases that grant law enforcement quick access to subscriber information without a warrant for a small fee.


Tags:
, ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

Who Needs Lawful Access?: Cdn Telcos Hand Over Data on Thousands of Subscribers Without a Warrant

The debate over Bill C-13, the government's latest lawful access bill, is set to resume shortly.  The government has argued that the bill should not raise concerns since new police powers involve court oversight and the mandatory warrantless disclosure provisions that raised widespread concern in the last bill have been removed.  While that is the government's talking points, I've posted on how this bill now includes incentives for telecom companies and other intermediaries to disclose subscriber information without court oversight since it grants them full civil and criminal immunity for doing so. Moreover, newly released data suggests that the telecom companies don't seem to need much of an incentive as they are already disclosing subscriber data on thousands of Canadians every year without court oversight.

This week, the government responded to NDP MP Charmaine Borg's request for information on government agencies requests to telecom providers for customer information. The data reveals that the telecom companies have established law enforcement databases that provides ready access to subscriber information. For example, the Competition Bureau reports that it "accessed the Bell Canada Law Enforcement Database" 20 times in 2012-13.  The wording may be important, since the Bureau indicates that it accessed the information, rather than Bell provided it. It is not clear what oversight or review is used before a government agency may access the Bell database.


Tags:
, , ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

Why the U.S. Government Isn't Really Relinquishing its Power over Internet Governance

Earlier this month, the U.S. government surprised the Internet community by announcing that it plans to back away from its longstanding oversight of the Internet domain name system. The move comes more than 15 years after it first announced plans to transfer management of the so-called IANA function, which includes the power to add new domain name extensions (such as dot-xxx) and to alter administrative control over an existing domain name extension (for example, approving the transfer of the dot-ca domain in 2000 from the University of British Columbia to the Canadian Internet Registration Authority).

My weekly technology law column (Toronto Star version, homepage version) notes the change is rightly viewed as a major development in the ongoing battle over Internet governance. Yet a closer look at the why the U.S. is embarking on the change and what the system might look like once the transition is complete, suggests that it is not relinquishing much power anytime soon. Rather, the U.S. has ensured that it will dictate the terms of any transfer and retain a "super-jurisdiction" for the foreseeable future.



Tags:
, ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 

The Web We Want: Could Canada Lead on a Digital Bill of Rights?

Last week marked the 25th anniversary of the drafting of Tim Berners-Lee's proposal to combine hypertext with the Internet that would later become the World Wide Web. Berners-Lee used the occasion to call for the creation of a global online "Magna Carta" to protect the rights of Internet users around the world.

The desire for enforceable global digital rights stands in sharp contrast to the early days of the Web when advocates were more inclined to tell governments to stay away from the burgeoning medium. For example, John Perry Barlow's widely circulated 1996 Declaration of the Independence of Cyberspace, asked governments to "leave us alone", claiming that conventional legal concepts did not apply online.

While the notion of a separate "cyberspace" would today strike many as inconsistent with how the Internet has developed into an integral part of everyday life, the prospect of a law-free online environment without government is even more at-odds with current realities. Rather than opposing government, there is a growing recognition of the need for governments to ensure that fundamental digital rights are respected.

My weekly technology law column (Toronto Star version, homepage version) notes that building on Berners-Lee's vision of global online protections, the World Wide Web Foundation, supported by leading non-governmental organizations from around the world, has launched a "Web We Want" campaign that aims to foster increased awareness of online digital rights. The campaign focuses on five principles: affordable access, the protection of personal user information, freedom of expression, open infrastructure, and neutral networks that do not discriminate against content or users.


Tags:
,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterTagsShare
View
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Results 1 - 10 of 2866